ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 02:39:56 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

First commit with modified files [no ci]

Browse Source
This commit is contained in:
Cyrus 2023-06-13 09:29:29 -04:00
parent ae93a8bced
commit 3a72583836
46 changed files with 1657 additions and 650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/PCRQuoteValidator.java
View File

@ -1,6 +1,6 @@
package hirs.attestationca.persist;
import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings;
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
@ -46,7 +46,7 @@ public class PCRQuoteValidator {
private String[] baselinePCRS = new String[MAX_PCR_ID + 1];
@Getter
@Setter
private SupplyChainSettings settings;
private PolicySettings settings;
/**
* Constructor to parse PCR values.
@ -54,7 +54,7 @@ public class PCRQuoteValidator {
* @param settings settings for the supply chain portal settings for provisioning
*/
public PCRQuoteValidator(final String[] pcrValues,
final SupplyChainSettings settings) {
final PolicySettings settings) {
if (pcrValues != null) {
baselinePCRS = new String[MAX_PCR_ID + 1];
for (int i = 0; i <= MAX_PCR_ID; i++) {

29
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java
View File

@ -1,11 +1,38 @@
package hirs.attestationca.persist.entity.manager;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
import java.math.BigInteger;
import java.util.List;
import java.util.UUID;
@Repository
public interface CertificateRepository extends JpaRepository<Certificate, UUID> {
public interface CertificateRepository<T extends Certificate> extends JpaRepository<Certificate, UUID> {
@Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true)
Certificate getCertificate(UUID uuid);
@Query(value = "SELECT * FROM Certificate where issuer = ?1 AND DTYPE = ?2", nativeQuery = true)
List<Certificate> findBySubject(String issuer, String dType);
@Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true)
List<Certificate> findBySubjectSorted(String issuedSort, String dType);
@Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true)
List<T> findByAll(String dType);
@Query(value = "SELECT * FROM Certificate where device.id = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
PlatformCredential findByDeviceId(UUID deviceId);
@Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true)
Certificate findBySerialNumber(BigInteger serialNumber, String dType);
@Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
List<PlatformCredential> byBoardSerialNumber(String boardSerialNumber);
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
PlatformCredential byHolderSerialNumber(BigInteger holderSerialNumber);
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = dType", nativeQuery = true)
T byHolderSerialNumber(BigInteger holderSerialNumber, String dType);
@Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true)
T findByCertificateHash(int certificateHash, String dType);
@Query(value = "SELECT * FROM Certificate where subjectKeyIdentifier = ?1", nativeQuery = true)
Certificate findBySubjectKeyIdentifier(byte[] skiCA);
}

3
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/DeviceRepository.java
View File

@ -4,10 +4,9 @@ import hirs.attestationca.persist.entity.userdefined.Device;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.UUID;
@Repository
public interface DeviceRepository extends JpaRepository<Device, UUID> {
List<Device> findByName(String deviceName);
Device findByName(String deviceName);
}

13
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java
View File

@ -2,10 +2,23 @@ package hirs.attestationca.persist.entity.manager;
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.UUID;
@Repository
public interface ReferenceDigestValueRepository extends JpaRepository<ReferenceDigestValue, UUID> {
@Query(value = "SELECT * FROM ReferenceDigestValue", nativeQuery = true)
List<ReferenceDigestValue> listAll();
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE model = ?1", nativeQuery = true)
List<ReferenceDigestValue> listByModel(String model);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE manufacturer = ?1", nativeQuery = true)
List<ReferenceDigestValue> listByManufacturer(String manufacturer);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE baseRimId = '?1' OR supportRimId = '?1'", nativeQuery = true)
List<ReferenceDigestValue> getValuesByRimId(UUID associatedRimId);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE supportRimId = '?1'", nativeQuery = true)
List<ReferenceDigestValue> getValuesBySupportRimId(UUID supportRimId);
}

28
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java
View File

@ -1,11 +1,39 @@
package hirs.attestationca.persist.entity.manager;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.UUID;
@Repository
public interface ReferenceManifestRepository extends JpaRepository<ReferenceManifest, UUID> {
@Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1", nativeQuery = true)
ReferenceManifest findByHash(String rimHash);
@Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1 AND rimType = ?2", nativeQuery = true)
ReferenceManifest findByHash(String rimHash, String rimType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true)
List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true)
ReferenceManifest getByManufacturer(String manufacturer, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true)
ReferenceManifest getByModel(String model, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true)
List<BaseReferenceManifest> findAllBaseRims();
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
List<SupportReferenceManifest> findAllSupportRims();
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'", nativeQuery = true)
BaseReferenceManifest getBaseRimEntityById(UUID uuid);
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
SupportReferenceManifest getSupportRimEntityById(UUID uuid);
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
EventLogMeasurements getEventLogRimEntityById(UUID uuid);
@Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
List<SupportReferenceManifest> byDeviceName(String deviceName);
}

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java
View File

@ -2,8 +2,10 @@ package hirs.attestationca.persist.entity.manager;
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
@Repository
public interface SupplyChainValidationRepository extends JpaRepository<SupplyChainValidation, UUID> {
}

8
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java
View File

@ -7,6 +7,8 @@ import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVari
import hirs.utils.HexUtils;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.Inheritance;
import jakarta.persistence.InheritanceType;
import jakarta.persistence.Transient;
import lombok.Getter;
import lombok.extern.log4j.Log4j2;
@ -75,6 +77,7 @@ import java.util.Objects;
* It stores certain attributes separately from the serialized certificate to enable querying on
* those attributes.
*/
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
@Log4j2
@Entity
public abstract class Certificate extends ArchivableEntity {
@ -128,6 +131,7 @@ public abstract class Certificate extends ArchivableEntity {
* Holds the name of the 'issuer' field.
*/
public static final String ISSUER_FIELD = "issuer";
@Getter
@Column(nullable = false)
private final String issuer;
/**
@ -171,6 +175,7 @@ public abstract class Certificate extends ArchivableEntity {
@Column(length = CertificateVariables.MAX_PUB_KEY_MODULUS_HEX_LENGTH, nullable = true)
private final String publicKeyModulusHexValue;
@Getter
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = false)
private final byte[] signature;
@ -180,7 +185,7 @@ public abstract class Certificate extends ArchivableEntity {
@Column(nullable = false)
private final Date endValidity;
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = false)
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES*CertificateVariables.KEY_USAGE_BIT4, nullable = false)
@JsonIgnore
private byte[] certificateBytes;
@ -250,7 +255,6 @@ public abstract class Certificate extends ArchivableEntity {
this.subject = null;
this.issuerSorted = null;
this.subjectSorted = null;
this.encodedPublicKey = null;
this.publicKeyModulusHexValue = null;
this.signature = null;

3
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java
View File

@ -7,6 +7,8 @@ import jakarta.persistence.Access;
import jakarta.persistence.AccessType;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.Inheritance;
import jakarta.persistence.InheritanceType;
import jakarta.persistence.Table;
import lombok.EqualsAndHashCode;
import lombok.Getter;
@ -29,6 +31,7 @@ import java.util.UUID;
@EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false)
@Log4j2
@Entity
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
@Table(name = "ReferenceManifest")
@Access(AccessType.FIELD)
public class ReferenceManifest extends ArchivableEntity {

19
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java
View File

@ -16,6 +16,7 @@ import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Predicate;
import jakarta.persistence.criteria.Root;
import lombok.Getter;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.util.Strings;
@ -39,6 +40,7 @@ import java.util.UUID;
@Entity
public class SupplyChainValidationSummary extends ArchivableEntity {
@Getter
@ManyToOne
@JoinColumn(name = "device_id")
private final Device device;
@ -49,6 +51,7 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
@Enumerated(EnumType.STRING)
private final AppraisalStatus.Status overallValidationResult;
@Getter
@Column(length = RESULT_MESSAGE_LENGTH)
private final String message;
@ -201,15 +204,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
this.message = status.getMessage();
}
/**
* This retrieves the device associated with the supply chain validation summaries.
*
* @return the validated device
*/
public Device getDevice() {
return device;
}
/**
* @return the overall appraisal result
*/
@ -217,13 +211,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
return overallValidationResult;
}
/**
* @return the fail message if there is a failure.
*/
public String getMessage() {
return message;
}
/**
* @return the validations that this summary contains
*/

12
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java
View File

@ -1,7 +1,7 @@
package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.service.CertificateService;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import hirs.attestationca.persist.service.selector.CertificateSelector;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
@ -51,13 +51,13 @@ public class CertificateAuthorityCredential extends Certificate {
*/
public static class Selector extends CertificateSelector<CertificateAuthorityCredential> {
/**
* Construct a new CertificateSelector that will use the given {@link CertificateService} to
* Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to
* retrieve one or many CertificateAuthorityCredentials.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
*/
public Selector(final CertificateService certificateManager) {
super(certificateManager, CertificateAuthorityCredential.class);
public Selector(final CertificateServiceImpl certificateService) {
super(certificateService, CertificateAuthorityCredential.class);
}
/**
@ -79,7 +79,7 @@ public class CertificateAuthorityCredential extends Certificate {
* @param certMan the CertificateService to be used to retrieve persisted certificates
* @return a CertificateAuthorityCredential.Selector instance to use for retrieving certificates
*/
public static Selector select(final CertificateService certMan) {
public static Selector select(final CertificateServiceImpl certMan) {
return new Selector(certMan);
}

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
View File

@ -2,8 +2,10 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.AbstractEntity;
import jakarta.persistence.Entity;
import lombok.AccessLevel;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import java.util.Objects;
import java.util.UUID;
@ -11,6 +13,7 @@ import java.util.UUID;
@EqualsAndHashCode(callSuper=false)
@Getter
@Entity
@NoArgsConstructor(access = AccessLevel.PROTECTED)
public class ComponentResult extends AbstractEntity {
private UUID certificateId;
@ -19,12 +22,6 @@ public class ComponentResult extends AbstractEntity {
private String actual;
private boolean mismatched;
/**
* Hibernate default constructor
*/
protected ComponentResult() {
}
public ComponentResult(final UUID certificateId, final int componentHash,
final String expected, final String actual) {
this.certificateId = certificateId;

25
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java
View File

@ -10,10 +10,9 @@ import lombok.AccessLevel;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1ApplicationSpecific;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Boolean;
@ -63,6 +62,7 @@ import java.util.Set;
*
* trustedcomputinggroup.org/wp-content/uploads/Credential_Profiles_V1.2_Level2_Revision8.pdf
*/
@Log4j2
@EqualsAndHashCode(callSuper = false)
@NoArgsConstructor(access= AccessLevel.PROTECTED)
@Entity
@ -105,8 +105,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
// number of extra bytes potentially present in a cert header.
private static final int EK_CERT_HEADER_BYTE_COUNT = 7;
private static final Logger LOG = LogManager.getLogger(EndorsementCredential.class);
/**
* This class enables the retrieval of EndorsementCredential by their attributes.
*/
@ -227,8 +225,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
@Transient
private Map<String, Object> parsedFields;
private static final Logger LOGGER = LogManager.getLogger(EndorsementCredential.class);
/**
* Construct a new EndorsementCredential given its binary contents. The given
* certificate should represent either an X509 certificate or X509 attribute certificate.
@ -260,7 +256,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
* @return the EC if a valid credential, null otherwise
*/
public static EndorsementCredential parseWithPossibleHeader(final byte[] certificateBytes) {
try {
// first, attempt parsing as is
return new EndorsementCredential(certificateBytes);
@ -272,7 +267,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
}
}
LOG.debug("Attempting parse after removing extra header bytes");
log.debug("Attempting parse after removing extra header bytes");
try {
byte[] truncatedBytes = ArrayUtils.subarray(
certificateBytes, EK_CERT_HEADER_BYTE_COUNT,
@ -341,13 +336,13 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
value = entry.getValue();
if (oid.equals(TPM_MODEL)) {
model = value.toString();
LOGGER.debug("Found TPM Model: " + model);
log.debug("Found TPM Model: " + model);
} else if (oid.equals(TPM_VERSION)) {
version = value.toString();
LOGGER.debug("Found TPM Version: " + version);
log.debug("Found TPM Version: " + version);
} else if (oid.equals(TPM_MANUFACTURER)) {
manufacturer = value.toString();
LOGGER.debug("Found TPM Manufacturer: " + manufacturer);
log.debug("Found TPM Manufacturer: " + manufacturer);
}
}
}
@ -392,7 +387,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
ASN1Integer revision = (ASN1Integer) seq.getObjectAt(ASN1_REV_INDEX);
tpmSpecification = new TPMSpecification(family.getString(), level.getValue(),
revision.getValue());
LOGGER.debug("Found TPM Spec:" + tpmSpecification.toString());
log.debug("Found TPM Spec:" + tpmSpecification.toString());
} else if (addToMapping && key.equals(TPM_SECURITY_ASSERTIONS)) {
// Parse TPM Security Assertions
int seqPosition = 0;
@ -420,7 +415,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
tpmSecurityAssertions = new TPMSecurityAssertions(ver.getValue(),
fieldUpgradeable.isTrue());
LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
log.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
// Iterate through remaining fields to set optional attributes
int tag;
DERTaggedObject obj;
@ -536,7 +531,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
while (setContents.hasMoreElements()) {
subComp = (ASN1Encodable) setContents.nextElement();
if (subComp instanceof ASN1ObjectIdentifier) {
LOGGER.warn("OID in top level of ASN1Set");
log.warn("OID in top level of ASN1Set");
}
parseSingle((ASN1Primitive) subComp, addToMapping, key);
}
@ -646,7 +641,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
} else {
// there are some deprecated types that we don't parse
LOGGER.error("Unparsed type: " + component.getClass());
log.error("Unparsed type: " + component.getClass());
}
}
}

16
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
View File

@ -7,7 +7,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Plat
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
import hirs.attestationca.persist.service.CertificateService;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import hirs.attestationca.persist.service.selector.CertificateSelector;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
@ -133,13 +133,13 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
*/
public static class Selector extends CertificateSelector<PlatformCredential> {
/**
* Construct a new CertificateSelector that will use the given {@link CertificateService} to
* Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to
* retrieve one or many PlatformCredentials.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
*/
public Selector(final CertificateService certificateManager) {
super(certificateManager, PlatformCredential.class);
public Selector(final CertificateServiceImpl certificateService) {
super(certificateService, PlatformCredential.class);
}
/**
@ -275,11 +275,11 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
/**
* Get a Selector for use in retrieving PlatformCredentials.
*
* @param certMan the CertificateManager to be used to retrieve persisted certificates
* @param certificateService the CertificateManager to be used to retrieve persisted certificates
* @return a PlatformCredential.Selector instance to use for retrieving certificates
*/
public static Selector select(final CertificateService certMan) {
return new Selector(certMan);
public static Selector select(final CertificateServiceImpl certificateService) {
return new Selector(certificateService);
}
/**

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java
View File

@ -211,7 +211,7 @@ public class ComponentClass {
for (Member member : components) {
typeID = verifyComponentValue(member.getName());
if (component.equals(typeID)) {
if (component.equalsIgnoreCase(typeID)) {
componentStr = member.getValue().asString();
}
}

54
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java
View File

@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.userdefined.rim;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.SwidResource;
@ -26,8 +25,7 @@ import lombok.AccessLevel;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import lombok.extern.log4j.Log4j2;
import javax.xml.namespace.QName;
import javax.xml.validation.Schema;
@ -44,13 +42,12 @@ import java.util.Map;
/**
*
*/
@Log4j2
@Getter
@Setter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Entity
public class BaseReferenceManifest extends ReferenceManifest {
private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class);
/**
* Holds the name of the 'base64Hash' field.
*/
@ -107,7 +104,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestService referenceManifestManager) {
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, BaseReferenceManifest.class);
}
@ -227,7 +224,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
this.base64Hash = Base64.getEncoder().encodeToString(
digest.digest(rimBytes));
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
log.error(noSaEx);
}
// begin parsing valid swid tag
@ -350,7 +347,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/
public static Selector select(final ReferenceManifestService rimMan) {
public static Selector select(final ReferenceManifestServiceImpl rimMan) {
return new Selector(rimMan);
}
@ -367,7 +364,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
JAXBElement jaxbe = unmarshallSwidTag(fileStream);
SoftwareIdentity swidTag = (SoftwareIdentity) jaxbe.getValue();
LOGGER.info(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s",
log.debug(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s",
swidTag.getName(), swidTag.getTagId(), SCHEMA_STATEMENT));
return swidTag;
}
@ -397,7 +394,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
}
} catch (IOException ioEx) {
LOGGER.error("Failed to parse Swid Tag bytes.", ioEx);
log.error("Failed to parse Swid Tag bytes.", ioEx);
}
}
@ -425,16 +422,16 @@ public class BaseReferenceManifest extends ReferenceManifest {
unmarshaller.setSchema(schema);
jaxbe = (JAXBElement) unmarshaller.unmarshal(stream);
} catch (UnmarshalException umEx) {
LOGGER.error(String.format("Error validating swidtag file!%n%s%n%s",
log.error(String.format("Error validating swidtag file!%n%s%n%s",
umEx.getMessage(), umEx.toString()));
for (StackTraceElement ste : umEx.getStackTrace()) {
LOGGER.error(ste.toString());
log.error(ste.toString());
}
} catch (IllegalArgumentException iaEx) {
LOGGER.error("Input file empty.");
log.error("Input file empty.");
} catch (JAXBException jaxEx) {
for (StackTraceElement ste : jaxEx.getStackTrace()) {
LOGGER.error(ste.toString());
log.error(ste.toString());
}
}
@ -463,27 +460,30 @@ public class BaseReferenceManifest extends ReferenceManifest {
public final List<SwidResource> parseResource(final ResourceCollection rc) {
List<SwidResource> resources = new ArrayList<>();
log.error("Parsing stuff");
try {
if (rc != null) {
for (Meta meta : rc.getDirectoryOrFileOrProcess()) {
if (meta != null) {
if (meta instanceof Directory) {
Directory directory = (Directory) meta;
for (FilesystemItem fsi : directory.getDirectoryOrFile()) {
if (fsi != null) {
resources.add(new SwidResource(
(File) fsi, null));
}
if (meta instanceof Directory) {
Directory directory = (Directory) meta;
for (FilesystemItem fsi : directory.getDirectoryOrFile()) {
if (fsi != null) {
resources.add(new SwidResource(
(File) fsi, null));
} else {
log.error("fsi is negative");
}
} else if (meta instanceof File) {
resources.add(new SwidResource((File) meta, null));
}
} else if (meta instanceof File) {
resources.add(new SwidResource((File) meta, null));
}
}
} else {
log.error("ResourceCollection is negative");
}
} catch (ClassCastException ccEx) {
LOGGER.error(ccEx);
LOGGER.error("At this time, the code does not support the "
log.error(ccEx);
log.error("At this time, the code does not support the "
+ "particular formatting of this SwidTag's Payload.");
}
@ -495,7 +495,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
return String.format("ReferenceManifest{swidName=%s,"
+ "platformManufacturer=%s,"
+ " platformModel=%s,"
+ "tagId=%s, rimHash=%s}",
+ "tagId=%s, base64Hash=%s}",
swidName, this.getPlatformManufacturer(),
this.getPlatformModel(), getTagId(), this.getBase64Hash());
}

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java
View File

@ -3,7 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.rim;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
@ -53,7 +53,7 @@ public class EventLogMeasurements extends ReferenceManifest {
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestService referenceManifestManager) {
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, EventLogMeasurements.class, false);
}
@ -142,7 +142,7 @@ public class EventLogMeasurements extends ReferenceManifest {
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/
public static Selector select(final ReferenceManifestService rimMan) {
public static Selector select(final ReferenceManifestServiceImpl rimMan) {
return new Selector(rimMan);
}

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java
View File

@ -2,7 +2,7 @@ package hirs.attestationca.persist.entity.userdefined.rim;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
@ -48,7 +48,7 @@ public class SupportReferenceManifest extends ReferenceManifest {
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestService referenceManifestManager) {
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, SupportReferenceManifest.class);
}
@ -150,7 +150,7 @@ public class SupportReferenceManifest extends ReferenceManifest {
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/
public static Selector select(final ReferenceManifestService rimMan) {
public static Selector select(final ReferenceManifestServiceImpl rimMan) {
return new Selector(rimMan);
}

68
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateServiceImpl.java
View File

@ -1,45 +1,35 @@
package hirs.attestationca.persist.service;
import hirs.attestationca.persist.DBManagerException;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.service.selector.CertificateSelector;
import jakarta.persistence.EntityManager;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Sort;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Set;
import java.util.UUID;
@Log4j2
@NoArgsConstructor
@Service
public class CertificateServiceImpl<T extends Certificate> extends DefaultDbService<Certificate> implements CertificateService<Certificate> {
public class CertificateServiceImpl<T extends Certificate> extends DefaultDbService<T> {
@Autowired(required = false)
private EntityManager entityManager;
// @PersistenceContext // I'll need this if I want to make custom native calls
// private EntityManager entityManager;
@Autowired
private CertificateRepository repository;
private CertificateRepository certificateRepository;
@Override
public Certificate saveCertificate(Certificate certificate) {
return repository.save(certificate);
}
@Override
@SuppressWarnings("unchecked")
public <T extends Certificate> List<T> fetchCertificates(Class<T> classType) {
return (List<T>) repository.findAll(Sort.sort(classType));
}
@Override
public Certificate updateCertificate(Certificate certificate, UUID certificateId) {
return saveCertificate(certificate);
}
@Override
public Certificate updateCertificate(Certificate certificate) {
return saveCertificate(certificate);
/**
* Default Constructor.
*/
public CertificateServiceImpl(final Class<T> clazz) {
super(clazz);
this.defineRepository(certificateRepository);
}
/**
@ -73,13 +63,29 @@ public class CertificateServiceImpl<T extends Certificate> extends DefaultDbServ
return null;
}
/**
* Remove a certificate from the database.
* Archives the named object and updates it in the database.
*
* @param certificate the certificate to delete
* @return true if deletion was successful, false otherwise
* @param id UUID of the object to archive
* @return true if the object was successfully found and archived, false if the object was not
* found
* @throws hirs.attestationca.persist.DBManagerException if the object is not an instance of <code>ArchivableEntity</code>
*/
public void deleteCertificate(final Certificate certificate) {
repository.delete(certificate);
public final boolean archive(final UUID id) throws DBManagerException {
log.debug("archiving object: {}", id);
if (id == null) {
log.debug("null id argument");
return false;
}
T target = get(id);
if (target == null) {
return false;
}
((ArchivableEntity) target).archive();
this.certificateRepository.save(target);
return true;
}
}

54
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DefaultDbService.java
View File

@ -1,7 +1,7 @@
package hirs.attestationca.persist.service;
import hirs.attestationca.persist.DBManagerException;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.AbstractEntity;
import jakarta.persistence.EntityManager;
import jakarta.persistence.PersistenceContext;
import lombok.NoArgsConstructor;
@ -24,7 +24,7 @@ import java.util.Map;
@Log4j2
@Service
@NoArgsConstructor
public class DefaultDbService<T extends ArchivableEntity> extends HibernateDbService<T> {
public class DefaultDbService<T extends AbstractEntity> {
/**
* The default maximum number of retries to attempt a database transaction.
*/
@ -49,10 +49,29 @@ public class DefaultDbService<T extends ArchivableEntity> extends HibernateDbSer
* unfortunately class type of T cannot be determined using only T
*/
public DefaultDbService(final Class<T> clazz) {
super(clazz, null);
setRetryTemplate();
}
public void defineRepository(final JpaRepository repository) {
this.repository = repository;
}
public List<T> listAll() {
return this.repository.findAll();
}
public void save(final T entity) {
this.repository.save(entity);
}
public void delete(final T entity) {
this.repository.delete(entity);
}
public void delete(final UUID id) {
this.repository.deleteById(id);
}
/**
* Set the parameters used to retry database transactions. The retry template will
* retry transactions that throw a LockAcquisitionException or StaleObjectStateException.
@ -167,33 +186,4 @@ public class DefaultDbService<T extends ArchivableEntity> extends HibernateDbSer
return clazz.cast(entity);
}
/**
* Archives the named object and updates it in the database.
*
* @param name name of the object to archive
* @return true if the object was successfully found and archived, false if the object was not
* found
* @throws DBManagerException if the object is not an instance of <code>ArchivableEntity</code>
*/
// @Override
// public final boolean archive(final String name) throws DBManagerException {
// log.debug("archiving object: {}", name);
// if (name == null) {
// log.debug("null name argument");
// return false;
// }
//
// T target = get(name);
// if (target == null) {
// return false;
// }
// if (!(target instanceof ArchivableEntity)) {
// throw new DBManagerException("unable to archive non-archivable object");
// }
//
// ((ArchivableEntity) target).archive();
// repository.save(target);
// return true;
// }
}

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DeviceServiceImpl.java
View File

@ -12,9 +12,9 @@ import java.util.List;
* https://github.com/darrachequesne/spring-data-jpa-datatables
*/
@Service
public class DeviceServiceImpl {
public class DeviceServiceImpl extends DefaultDbService<Device> {
@Autowired(required = false)
@Autowired
private EntityManager entityManager;
@Autowired
private DeviceRepository deviceRepository;

49
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceDigestValueServiceImpl.java
View File

@ -1,11 +1,8 @@
package hirs.attestationca.persist.service;
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.datatables.mapping.DataTablesInput;
import org.springframework.data.jpa.datatables.mapping.DataTablesOutput;
import org.springframework.stereotype.Service;
import java.util.LinkedList;
@ -13,52 +10,12 @@ import java.util.List;
import java.util.UUID;
@Service
public class ReferenceDigestValueServiceImpl extends DefaultDbService<ReferenceDigestValue> implements ReferenceDigestValueService {
public class ReferenceDigestValueServiceImpl extends DefaultDbService<ReferenceDigestValue> {
@Autowired
private ReferenceDigestValueRepository repository;
@Override
public ReferenceDigestValue saveReferenceDigestValue(ReferenceDigestValue referenceDigestValue) {
return repository.save(referenceDigestValue);
}
public List<ReferenceDigestValue> findAll() {
return repository.findAll();
}
@Override
public List<ReferenceDigestValue> fetchDigestValues() {
return repository.findAll();
}
@Override
public ReferenceDigestValue updateRefDigestValue(ReferenceDigestValue referenceDigestValue, UUID rdvId) {
return saveReferenceDigestValue(referenceDigestValue);
}
public ReferenceDigestValue updateRefDigestValue(ReferenceDigestValue referenceDigestValue) {
if (referenceDigestValue.getId() != null) {
return updateRefDigestValue(referenceDigestValue, referenceDigestValue.getId());
}
return null;
}
public List<ReferenceDigestValue> getValuesByRimId(ReferenceManifest baseRim) {
List<ReferenceDigestValue> results = new LinkedList<>();
if (baseRim != null) {
for (ReferenceDigestValue rdv : repository.findAll()) {
if (rdv.getBaseRimId() == baseRim.getId()) {
results.add(rdv);
}
}
}
return results;
}
@Override
public void deleteRefDigestValueById(UUID rdvId) {
repository.getReferenceById(rdvId).archive();
public List<ReferenceDigestValue> getValuesByRimId(final UUID baseId) {
return new LinkedList<>();
}
}

42
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceManifestServiceImpl.java
View File

@ -3,13 +3,13 @@ package hirs.attestationca.persist.service;
import hirs.attestationca.persist.CriteriaModifier;
import hirs.attestationca.persist.DBManagerException;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.OrderedListQuerier;
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import jakarta.persistence.EntityManager;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Sort;
import org.springframework.stereotype.Service;
import org.xml.sax.SAXException;
@ -20,12 +20,10 @@ import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
@Log4j2
@Service
public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends DefaultDbService<ReferenceManifest> implements ReferenceManifestService<ReferenceManifest> {
public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends DefaultDbService<ReferenceManifest> implements OrderedListQuerier<ReferenceManifest> {
/**
* The variable that establishes a schema factory for xml processing.
@ -33,7 +31,7 @@ public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends D
public static final SchemaFactory SCHEMA_FACTORY
= SchemaFactory.newInstance(ReferenceManifest.SCHEMA_LANGUAGE);
@Autowired(required = false)
@Autowired
private EntityManager entityManager;
@Autowired
@ -77,29 +75,18 @@ public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends D
return schema;
}
@Override
public ReferenceManifest saveReferenceManifest(ReferenceManifest referenceManifest) {
return repository.save(referenceManifest);
}
@Override
public List<ReferenceManifest> fetchReferenceManifests() {
return repository.findAll();
}
/**
* This method does not need to be used directly as it is used by
* {@link ReferenceManifestSelector}'s get* methods. Regardless, it may be
* used to retrieve ReferenceManifest by other code in this package, given a
* configured ReferenceManifestSelector.
*
* @param referenceManifestSelector a configured
* {@link ReferenceManifestSelector} to use for querying
* @return the resulting set of ReferenceManifest, possibly empty
*/
@SuppressWarnings("unchecked")
public <T extends ReferenceManifest> List<T> get(
Class<T> classType) {
final ReferenceManifestSelector referenceManifestSelector) {
log.info("Getting the full set of Reference Manifest files.");
// return new HashSet<>(
// (List<T>) getWithCriteria(
@ -107,22 +94,7 @@ public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends D
// Collections.singleton(referenceManifestSelector.getCriterion())
// )
// );
return (List<T>) repository.findAll(Sort.sort(classType));
}
@Override
public ReferenceManifest updateReferenceManifest(ReferenceManifest referenceManifest, UUID rimId) {
return null;
}
@Override
public void deleteReferenceManifestById(UUID rimId) {
repository.deleteById(rimId);
}
@Override
public <T extends ReferenceManifest> Set<T> get(ReferenceManifestSelector referenceManifestSelector) {
return null;
return (List<T>) repository.findAll();
}
@Override
@ -130,7 +102,7 @@ public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends D
String columnToOrder, boolean ascending, int firstResult,
int maxResults, String search,
Map<String, Boolean> searchableColumns) throws DBManagerException {
return null;
return new FilteredRecordsList();
}
@Override
@ -139,6 +111,6 @@ public class ReferenceManifestServiceImpl<T extends ReferenceManifest> extends D
int firstResult, int maxResults, String search,
Map<String, Boolean> searchableColumns,
CriteriaModifier<ReferenceManifest> criteriaModifier) throws DBManagerException {
return null;
return new FilteredRecordsList<>();
}
}

60
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java
View File

@ -1,5 +1,6 @@
package hirs.attestationca.persist.service;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.SupplyChainValidationRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
@ -9,7 +10,6 @@ import hirs.utils.BouncyCastleUtils;
import lombok.extern.log4j.Log4j2;
import org.bouncycastle.util.encoders.Hex;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.security.KeyStore;
@ -18,43 +18,22 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
@Log4j2
@Service
public class SupplyChainValidationServiceImpl extends DefaultDbService<SupplyChainValidation> implements SupplyChainValidationService {
//@Service
public class SupplyChainValidationServiceImpl extends DefaultDbService<SupplyChainValidation> {
@Autowired
SupplyChainValidationRepository repository;
@Autowired
private CertificateService certificateService;
private CertificateRepository certificateRepository;
public SupplyChainValidationServiceImpl(final CertificateService certificateService) {
public SupplyChainValidationServiceImpl(final CertificateRepository certificateRepository) {
super();
this.certificateService = certificateService;
}
@Override
public SupplyChainValidation saveSupplyChainValidation(SupplyChainValidation supplyChainValidation) {
return repository.save(supplyChainValidation);
}
@Override
public List<SupplyChainValidation> fetchSupplyChainValidations() {
return repository.findAll();
}
@Override
public SupplyChainValidation updateSupplyChainValidation(SupplyChainValidation supplyChainValidation, UUID scvId) {
return null;
}
@Override
public void deleteSupplyChainValidation(UUID scvId) {
repository.deleteById(scvId);
this.certificateRepository = certificateRepository;
}
/**
@ -111,28 +90,23 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService<SupplyCha
final Certificate credential,
final Set<String> previouslyQueriedSubjects) {
CertificateAuthorityCredential skiCA = null;
Set<CertificateAuthorityCredential> certAuthsWithMatchingIssuer = new HashSet<>();
List<CertificateAuthorityCredential> certAuthsWithMatchingIssuer = new LinkedList<>();
if (credential.getAuthorityKeyIdentifier() != null
&& !credential.getAuthorityKeyIdentifier().isEmpty()) {
byte[] bytes = Hex.decode(credential.getAuthorityKeyIdentifier());
skiCA = CertificateAuthorityCredential
.select(certificateService)
.bySubjectKeyIdentifier(bytes).getCertificate();
skiCA = (CertificateAuthorityCredential) certificateRepository.findBySubjectKeyIdentifier(bytes);
}
if (skiCA == null) {
if (credential.getIssuerSorted() == null
|| credential.getIssuerSorted().isEmpty()) {
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateService)
.bySubject(credential.getHolderIssuer())
.getCertificates();
certAuthsWithMatchingIssuer = certificateRepository.findBySubject(credential.getHolderIssuer(),
"CertificateAuthorityCredential");
} else {
//Get certificates by subject organization
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateService)
.bySubjectSorted(credential.getIssuerSorted())
.getCertificates();
certAuthsWithMatchingIssuer = certificateRepository.findBySubjectSorted(credential.getIssuerSorted(),
"CertificateAuthorityCredential");
}
} else {
certAuthsWithMatchingIssuer.add(skiCA);
@ -171,10 +145,8 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService<SupplyCha
PlatformCredential baseCredential = null;
if (platformSerialNumber != null) {
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateService)
.byBoardSerialNumber(platformSerialNumber)
.getCertificates().stream().collect(Collectors.toList());
List<PlatformCredential> chainCertificates = certificateRepository
.byBoardSerialNumber(platformSerialNumber);
for (PlatformCredential pc : chainCertificates) {
if (baseCredential != null && pc.isPlatformBase()) {

21
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java
View File

@ -2,7 +2,6 @@ package hirs.attestationca.persist.service.selector;
import com.google.common.base.Preconditions;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.service.CertificateService;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
@ -77,7 +76,7 @@ import java.util.UUID;
*/
public abstract class CertificateSelector<T extends Certificate> {
private final CertificateService certificateManager;
private final CertificateServiceImpl certificateService;
private final Class<T> certificateClass;
private final Map<String, Object> fieldValueSelections;
@ -87,28 +86,28 @@ public abstract class CertificateSelector<T extends Certificate> {
* Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to
* retrieve certificates of the given type.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
* @param certificateClass the class of certificate to be retrieved
*/
public CertificateSelector(
final CertificateService certificateManager,
final CertificateServiceImpl certificateService,
final Class<T> certificateClass) {
this(certificateManager, certificateClass, true);
this(certificateService, certificateClass, true);
}
/**
* Construct a new CertificateSelector that will use the given {@link CertificateService} to
* Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl } to
* retrieve certificates of the given type.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
* @param certificateClass the class of certificate to be retrieved
* @param excludeArchivedCertificates true if excluding archived certificates
*/
public CertificateSelector(
final CertificateService certificateManager,
final CertificateServiceImpl certificateService,
final Class<T> certificateClass, final boolean excludeArchivedCertificates) {
Preconditions.checkArgument(
certificateManager != null,
certificateService != null,
"certificate manager cannot be null"
);
@ -117,7 +116,7 @@ public abstract class CertificateSelector<T extends Certificate> {
"type cannot be null"
);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.certificateClass = certificateClass;
this.fieldValueSelections = new HashMap<>();
this.excludeArchivedCertificates = excludeArchivedCertificates;
@ -459,7 +458,7 @@ public abstract class CertificateSelector<T extends Certificate> {
// construct and execute query
private Set<T> execute() {
return certificateManager.get(this);
return certificateService.get(this);
}
/**

19
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java
View File

@ -3,7 +3,7 @@ package hirs.attestationca.persist.service.selector;
import com.google.common.base.Preconditions;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Predicate;
@ -12,16 +12,15 @@ import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
/**
* This class is used to select one or many RIMs in conjunction
* with a {@link ReferenceManifestService}. To make use of this object,
* with a {@link ReferenceManifestServiceImpl}. To make use of this object,
* use (some ReferenceManifest).select(ReferenceManifestManager).
*
* @param <T> the type of Reference Integrity Manifest that will be retrieved.
@ -45,7 +44,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
public static final String RIM_FILENAME_FIELD = "fileName";
private static final String RIM_TYPE_FIELD = "rimType";
private final ReferenceManifestService referenceManifestManager;
private final ReferenceManifestServiceImpl referenceManifestManager;
private final Class<T> referenceTypeClass;
private final Map<String, Object> fieldValueSelections;
@ -57,7 +56,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* @param referenceManifestManager the RIM manager to be used to retrieve RIMs
* @param referenceTypeClass the type of Reference Manifest to process.
*/
public ReferenceManifestSelector(final ReferenceManifestService referenceManifestManager,
public ReferenceManifestSelector(final ReferenceManifestServiceImpl referenceManifestManager,
final Class<T> referenceTypeClass) {
this(referenceManifestManager, referenceTypeClass, true);
}
@ -69,7 +68,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* @param referenceTypeClass the type of Reference Manifest to process.
* @param excludeArchivedRims true if excluding archived RIMs
*/
public ReferenceManifestSelector(final ReferenceManifestService referenceManifestManager,
public ReferenceManifestSelector(final ReferenceManifestServiceImpl referenceManifestManager,
final Class<T> referenceTypeClass,
final boolean excludeArchivedRims) {
Preconditions.checkArgument(
@ -164,7 +163,7 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
* @return a matching RIM or null if none is found
*/
public T getRIM() {
Set<T> rims = execute();
List<T> rims = execute();
if (rims.isEmpty()) {
return null;
}
@ -216,8 +215,8 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
}
// construct and execute query
private Set<T> execute() {
Set<T> results = this.referenceManifestManager.get(this);
private List<T> execute() {
List<T> results = this.referenceManifestManager.get(this);
return results;
}

7
HIRS_AttestationCAPortal/build.gradle
View File

@ -34,6 +34,7 @@ dependencies {
implementation project(':HIRS_AttestationCA')
implementation libs.pci
implementation libs.gson
implementation libs.bouncycastle
implementation libs.guava
implementation libs.jakarta.servlet
@ -41,8 +42,10 @@ dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-validation'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1'
implementation 'org.projectlombok:lombok'
implementation 'commons-fileupload:commons-fileupload:1.5'
implementation 'org.junit.jupiter:junit-jupiter:5.4.2'
implementation 'org.junit.jupiter:junit-jupiter:5.4.2'
compileOnly 'org.projectlombok:lombok'
runtimeOnly 'org.mariadb.jdbc:mariadb-java-client'
@ -50,6 +53,8 @@ dependencies {
providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation libs.testng
testImplementation libs.mockito
}
war {

19
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java
View File

@ -1,19 +1,22 @@
package hirs.attestationca.portal;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRegistration;
import lombok.extern.log4j.Log4j2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;
import java.util.Collections;
@SpringBootApplication
@EnableAutoConfiguration
@Log4j2
@ComponentScan({"hirs.attestationca.portal", "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity", "hirs.attestationca.persist.service"})
public class HIRSApplication extends SpringBootServletInitializer {
@Override
@ -21,16 +24,24 @@ public class HIRSApplication extends SpringBootServletInitializer {
return application.sources(HIRSApplication.class);
}
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
ServletRegistration.Dynamic appServlet = servletContext.addServlet("mvc", new DispatcherServlet(
new GenericWebApplicationContext()));
appServlet.setLoadOnStartup(1);
}
public static void main(String[] args) {
SpringApplication springApplication = new SpringApplication(HIRSApplication.class);
springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path", "/portal"));
springApplication.run(args);
log.debug("Debug log message");
// log.debug("Debug log message");
log.info("Info log message");
log.error("Error log message");
log.warn("Warn log message");
log.fatal("Fatal log message");
log.trace("Trace log message");
// log.trace("Trace log message");
}
}

53
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java
View File

@ -1,16 +1,55 @@
package hirs.attestationca.portal;
import hirs.attestationca.persist.service.SettingsServiceImpl;
import hirs.attestationca.persist.PersistenceConfiguration;
import jakarta.servlet.ServletContextEvent;
import jakarta.servlet.ServletContextListener;
import jakarta.servlet.annotation.WebListener;
import org.springframework.beans.factory.annotation.Autowired;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
@Log4j2
@WebListener
public class HIRSDbInitializer implements ServletContextListener {
public class HIRSDbInitializer extends AbstractAnnotationConfigDispatcherServletInitializer implements ServletContextListener {
@Override
public void contextInitialized(final ServletContextEvent servletContextEvent) {
AnnotationConfigApplicationContext applicationContext = new AnnotationConfigApplicationContext();
applicationContext.getEnvironment().addActiveProfile("Server");
// applicationContext.register(PersistenceConfiguration.class);
try {
applicationContext.refresh();
} catch (NoSuchBeanDefinitionException nsbdEx) {
if (log.isDebugEnabled()) {
log.debug("Unable to locate MultipartResolver with name 'multipartResolver': no multipart request handling provided");
}
} catch (Exception ex) {
log.error("DAVY********************************************************************************");
log.error(ex.getMessage());
}
}
@Override
protected Class <?>[] getRootConfigClasses() {
return new Class[] {
PersistenceJPAConfig.class, PageConfiguration.class, PersistenceConfiguration.class
};
}
@Override
protected Class <?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {
"/"
};
}
@Autowired
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
@Autowired
static SettingsServiceImpl settingsService = new SettingsServiceImpl();
}

44
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java
View File

@ -1,6 +1,5 @@
package hirs.attestationca.portal;
import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@ -18,6 +17,10 @@ import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.multipart.support.StandardServletMultipartResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.sql.DataSource;
import java.security.cert.X509Certificate;
@ -25,11 +28,12 @@ import java.util.Properties;
@Log4j2
@Configuration
@EnableWebMvc
@EnableTransactionManagement
@PropertySource({ "classpath:hibernate.properties", "classpath:portal.properties" })
@ComponentScan({ "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity" })
@ComponentScan({"hirs.attestationca.portal", "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity"})//, "hirs.attestationca.persist.service"})
@EnableJpaRepositories(basePackages = "hirs.attestationca.persist.entity.manager")
public class PersistenceJPAConfig {
public class PersistenceJPAConfig implements WebMvcConfigurer {
@Value("${aca.directories.certificates}")
private String certificatesLocation;
@ -50,7 +54,7 @@ public class PersistenceJPAConfig {
public LocalContainerEntityManagerFactoryBean entityManagerFactory() {
final LocalContainerEntityManagerFactoryBean entityManagerBean = new LocalContainerEntityManagerFactoryBean();
entityManagerBean.setDataSource(dataSource());
entityManagerBean.setPackagesToScan(new String[] {"hirs.attestationca.persist"});
entityManagerBean.setPackagesToScan("hirs.attestationca.persist.entity");
JpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
entityManagerBean.setJpaVendorAdapter(vendorAdapter);
@ -62,7 +66,8 @@ public class PersistenceJPAConfig {
@Bean
public DataSource dataSource() {
final DriverManagerDataSource dataSource = new DriverManagerDataSource();
dataSource.setDriverClassName(environment.getProperty("hibernate.connection.driver_class"));
dataSource.setDriverClassName(environment.getProperty("hibernate.connection.driver_class",
"org.mariadb.jdbc.Driver"));
dataSource.setUrl(environment.getProperty("hibernate.connection.url"));
dataSource.setUsername(environment.getProperty("hibernate.connection.username"));
dataSource.setPassword(environment.getProperty("hibernate.connection.password"));
@ -185,10 +190,29 @@ public class PersistenceJPAConfig {
return hibernateProperties;
}
@Bean(name="default-settings")
public SupplyChainSettings supplyChainSettings() {
SupplyChainSettings scSettings = new SupplyChainSettings("Default", "Settings are configured for no validation flags set.");
return scSettings;
/**
* Creates a Spring Resolver for Multi-part form uploads. This is required
* for spring controllers to be able to process Spring MultiPartFiles
*
* @return bean to handle multipart form requests
*/
@Bean(name = "multipartResolver")
public StandardServletMultipartResolver multipartResolver() {
StandardServletMultipartResolver resolver = new StandardServletMultipartResolver();
return resolver;
}
// @Bean(name="default-settings")
// public PolicySettings supplyChainSettings() {
// PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no validation flags set.");
//
// return scSettings;
// }
@Override
public void configureDefaultServletHandling(final DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}

24
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java
View File

@ -2,12 +2,13 @@ package hirs.attestationca.portal.datatables;
import hirs.attestationca.persist.CriteriaModifier;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.OrderedListQuerier;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.util.CollectionUtils;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
/**
* A class to adapt the Javascript DataTable java class abstractions to the DBManager's getting
@ -30,7 +31,7 @@ public final class OrderedListQueryDataTableAdapter<T> {
* @return the filtered record list
*/
public static <T> FilteredRecordsList<T> getOrderedList(final Class<? extends T> clazz,
final OrderedListQuerier<T> dbManager,
final JpaRepository<T, UUID> dbManager,
final DataTableInput dataTableInput,
final String orderColumnName) {
return getOrderedList(clazz, dbManager, dataTableInput, orderColumnName, null);
@ -47,7 +48,7 @@ public final class OrderedListQueryDataTableAdapter<T> {
* @return the filtered record list
*/
public static <T> FilteredRecordsList<T> getOrderedList(final Class<? extends T> clazz,
final OrderedListQuerier<T> dbManager,
final JpaRepository<T, UUID> dbManager,
final DataTableInput dataTableInput,
final String orderColumnName,
final CriteriaModifier criteriaModifier) {
@ -63,10 +64,19 @@ public final class OrderedListQueryDataTableAdapter<T> {
isAscending = orders.get(0).isAscending();
}
return dbManager.getOrderedList(clazz, orderColumnName, isAscending,
dataTableInput.getStart(), dataTableInput.getLength(),
dataTableInput.getSearch().getValue(),
searchableColumnMap, criteriaModifier);
//Object that will store query values
FilteredRecordsList<T> filteredRecordsList = new FilteredRecordsList<>();
filteredRecordsList.setRecordsTotal(dbManager.count());
filteredRecordsList.addAll(dbManager.findAll());
filteredRecordsList.setRecordsFiltered(10);
return filteredRecordsList;
// return dbManager.getOrderedList(clazz, orderColumnName, isAscending,
// dataTableInput.getStart(), dataTableInput.getLength(),
// dataTableInput.getSearch().getValue(),
// searchableColumnMap, criteriaModifier);
}
}

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java
View File

@ -32,6 +32,10 @@ public enum Page {
*/
ISSUED_CERTIFICATES("Issued Certificates", "ic_library_books",
null, "certificate-request/"),
/**
* Page to display certificate validation reports.
*/
VALIDATION_REPORTS("Validation Reports", "ic_assignment", "first"),
/**
* Non-menu page to display certificate. Reachable from all certificate pages.
*/

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java
View File

@ -146,7 +146,7 @@ public abstract class PageController<P extends PageParams> {
if (params != null) {
for (Map.Entry<String, ?> e : params.asMap().entrySet()) {
Object v = Optional.ofNullable(e.getValue()).orElse("");
Object v = Optional.ofNullable(e.getValue()).orElse(null);
uri.addParameter(e.getKey(), v.toString());
}
}

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java
View File

@ -1,6 +1,6 @@
package hirs.attestationca.portal.page;
import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings;
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
@ -55,7 +55,7 @@ public class PolicyPageModel {
*
* @param policy The supply chain policy
*/
public PolicyPageModel(final SupplyChainSettings policy) {
public PolicyPageModel(final PolicySettings policy) {
this.enableEcValidation = policy.isEcValidationEnabled();
this.enablePcCertificateValidation = policy.isPcValidationEnabled();
this.enablePcCertificateAttributeValidation = policy.isPcAttributeValidationEnabled();

23
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java
View File

@ -1,7 +1,8 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.CertificateDetailsPageParams;
@ -29,16 +30,20 @@ public class CertificateDetailsPageController extends PageController<Certificate
* Model attribute name used by initPage for the initial data passed to the page.
*/
static final String INITIAL_DATA = "initialData";
private final CertificateServiceImpl certificateServiceImpl;
private final CertificateRepository certificateRepository;
private final ComponentResultRepository componentResultRepository;
/**
* Constructor providing the Page's display and routing specification.
* @param certificateServiceImpl the certificate manager
* @param certificateRepository the certificate repository
* @param componentResultRepository the component result repository
*/
@Autowired
public CertificateDetailsPageController(final CertificateServiceImpl certificateServiceImpl) {
public CertificateDetailsPageController(final CertificateRepository certificateRepository,
final ComponentResultRepository componentResultRepository) {
super(Page.CERTIFICATE_DETAILS);
this.certificateServiceImpl = certificateServiceImpl;
this.certificateRepository = certificateRepository;
this.componentResultRepository = componentResultRepository;
}
/**
@ -76,19 +81,19 @@ public class CertificateDetailsPageController extends PageController<Certificate
switch (type) {
case "certificateauthority":
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
uuid, certificateServiceImpl));
uuid, certificateRepository));
break;
case "endorsement":
data.putAll(CertificateStringMapBuilder.getEndorsementInformation(uuid,
certificateServiceImpl));
certificateRepository));
break;
case "platform":
data.putAll(CertificateStringMapBuilder.getPlatformInformation(uuid,
certificateServiceImpl));
certificateRepository, componentResultRepository));
break;
case "issued":
data.putAll(CertificateStringMapBuilder.getIssuedInformation(uuid,
certificateServiceImpl));
certificateRepository));
break;
default:
String typeError = "Invalid certificate type: " + params.getType();

221
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
View File

@ -1,22 +1,32 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.CriteriaModifier;
import hirs.attestationca.persist.DBServiceException;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.service.CertificateService;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.attestationca.portal.page.utils.CertificateStringMapBuilder;
import jakarta.persistence.EntityManager;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Root;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.log4j.Log4j2;
import org.bouncycastle.util.encoders.DecoderException;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StreamUtils;
@ -31,25 +41,31 @@ import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
import java.io.IOException;
import java.lang.ref.Reference;
import java.net.URISyntaxException;
//import java.security.cert.CertificateEncodingException;
//import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
//import java.security.cert.CertificateEncodingException;
//import java.security.cert.X509Certificate;
// note uploading base64 certs, old or new having decode issues check ACA channel
/**
* Controller for the Certificates list all pages.
*/
@Log4j2
@Controller
@RequestMapping("/certificate-request")
public class CertificatePageController extends PageController<NoPageParams> {
@Autowired(required = false)
private EntityManager entityManager;
private final CertificateServiceImpl certificateServiceImpl;
private CertificateAuthorityCredential certificateAuthorityCredential;
private final CertificateRepository certificateRepository;
private static final String TRUSTCHAIN = "trust-chain";
private static final String PLATFORMCREDENTIAL = "platform-credentials";
@ -64,22 +80,18 @@ public class CertificatePageController extends PageController<NoPageParams> {
/**
* Constructor providing the Page's display and routing specification.
*
* @param certificateServiceImpl the certificate manager
// * @param crudManager the CRUD manager for certificates
// * @param acaCertificate the ACA's X509 certificate
* @param certificateRepository the certificate manager
// * @param acaCertificate the ACA's X509 certificate
*/
@Autowired
public CertificatePageController(
final CertificateServiceImpl certificateServiceImpl//,
// final CrudManager<Certificate> crudManager,
public CertificatePageController(final CertificateRepository certificateRepository
// final X509Certificate acaCertificate
) {
super(Page.TRUST_CHAIN);
this.certificateServiceImpl = certificateServiceImpl;
// this.dataTableQuerier = crudManager;
this.certificateRepository = certificateRepository;
// try {
// certificateAuthorityCredential
certificateAuthorityCredential = null;
// = new CertificateAuthorityCredential(acaCertificate.getEncoded());
// } catch (IOException ioEx) {
// log.error("Failed to read ACA certificate", ioEx);
@ -132,7 +144,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
mav = getBaseModelAndView(Page.TRUST_CHAIN);
// Map with the ACA certificate information
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
certificateAuthorityCredential, this.certificateServiceImpl));
certificateAuthorityCredential, this.certificateRepository));
mav.addObject(ACA_CERT_DATA, data);
break;
default:
@ -143,6 +155,81 @@ public class CertificatePageController extends PageController<NoPageParams> {
return mav;
}
/**
* Queries for the list of Certificates and returns a data table response
* with the records.
*
* @param certificateType String containing the certificate type
* @param input the DataTables search/query parameters
* @return the data table
*/
@ResponseBody
@RequestMapping(value = "/{certificateType}/list",
produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
public DataTableResponse<? extends Certificate> getTableData(
@PathVariable("certificateType") final String certificateType,
final DataTableInput input) {
log.debug("Handling list request: " + input);
// attempt to get the column property based on the order index.
String orderColumnName = input.getOrderColumnName();
log.debug("Ordering on column: " + orderColumnName);
// check that the alert is not archived and that it is in the specified report
CriteriaModifier criteriaModifier = new CriteriaModifier() {
@Override
public void modify(final CriteriaQuery criteriaQuery) {
Session session = entityManager.unwrap(Session.class);
CriteriaBuilder cb = session.getCriteriaBuilder();
Root<Certificate> rimRoot = criteriaQuery.from(Reference.class);
criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD)));
// add a device alias if this query includes the device table
// for getting the device (e.g. device name).
// use left join, since device may be null. Query will return all
// Certs of this type, whether it has a Device or not (device field may be null)
if (hasDeviceTableToJoin(certificateType)) {
// criteria.createAlias("device", "device", JoinType.LEFT_OUTER_JOIN);
}
}
};
FilteredRecordsList<Certificate> records
= OrderedListQueryDataTableAdapter.getOrderedList(
getCertificateClass(certificateType), this.certificateRepository,
input, orderColumnName, criteriaModifier);
// special parsing for platform credential
// Add the EndorsementCredential for each PlatformCredential based on the
// serial number. (pc.HolderSerialNumber = ec.SerialNumber)
if (certificateType.equals(PLATFORMCREDENTIAL)) {
EndorsementCredential associatedEC;
if (!records.isEmpty()) {
// loop all the platform certificates
for (int i = 0; i < records.size(); i++) {
PlatformCredential pc = (PlatformCredential) records.get(i);
// find the EC using the PC's "holder serial number"
associatedEC = (EndorsementCredential) certificateRepository
.byHolderSerialNumber(pc.getHolderSerialNumber(),
"EndorsementCredential");
if (associatedEC != null) {
log.debug("EC ID for holder s/n " + pc
.getHolderSerialNumber() + " = " + associatedEC.getId());
}
pc.setEndorsementCredential(associatedEC);
}
}
}
log.debug("Returning list of size: " + records.size());
return new DataTableResponse<>(records, input);
}
/**
* Upload and processes a credential.
*
@ -170,8 +257,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
storeCertificate(
certificateType,
file.getOriginalFilename(),
messages, certificate,
certificateServiceImpl);
messages, certificate);
}
}
@ -224,7 +310,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(CertificateAuthorityCredential.class), singleFileName);
bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName);
// write cert to output stream
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: ";
@ -256,7 +342,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(PlatformCredential.class), singleFileName);
bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName);
// write cert to output stream
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: ";
@ -288,7 +374,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(IssuedAttestationCertificate.class), singleFileName);
bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName);
// write cert to output stream
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: ";
@ -319,7 +405,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(EndorsementCredential.class), singleFileName);
bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName);
// write cert to output stream
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: ";
@ -350,6 +436,24 @@ public class CertificatePageController extends PageController<NoPageParams> {
return zipOut;
}
/**
* Get flag indicating if a device-name join/alias is required for
* displaying the table data. This will be true if displaying a cert that is
* associated with a device.
*
* @param certificateType String containing the certificate type
* @return true if the list criteria modifier requires aliasing the device
* table, false otherwise.
*/
private boolean hasDeviceTableToJoin(final String certificateType) {
boolean hasDevice = true;
// Trust_Chain Credential do not contain the device table to join.
if (certificateType.equals(TRUSTCHAIN)) {
hasDevice = false;
}
return hasDevice;
}
/**
* Get the page based on the certificate type.
*
@ -366,39 +470,53 @@ public class CertificatePageController extends PageController<NoPageParams> {
};
}
/**
* Gets the concrete certificate class type to query for.
*
* @param certificateType String containing the certificate type
* @return the certificate class type
*/
private static Class<? extends Certificate> getCertificateClass(final String certificateType) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential.class;
case ENDORSEMENTCREDENTIAL:
return EndorsementCredential.class;
case ISSUEDCERTIFICATES:
return IssuedAttestationCertificate.class;
case TRUSTCHAIN:
return CertificateAuthorityCredential.class;
default:
throw new IllegalArgumentException(
String.format("Unknown certificate type: %s", certificateType));
}
}
/**
* Gets the certificate by the hash code of its bytes. Looks for both
* archived and unarchived certificates.
*
* @param certificateType String containing the certificate type
* @param certificateHash the hash of the certificate's bytes
* @param certificateManager the certificate manager to query
* @return the certificate or null if none is found
*/
private Certificate getCertificateByHash(
final String certificateType,
final int certificateHash,
final CertificateService certificateManager) {
final int certificateHash) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
return this.certificateRepository
.findByCertificateHash(certificateHash,
"PlatformCredential");
case ENDORSEMENTCREDENTIAL:
// return EndorsementCredential
// .select(certificateManager)
// .includeArchived()
// .byHashCode(certificateHash)
// .getCertificate();
return this.certificateRepository
.findByCertificateHash(certificateHash,
"EndorsementCredential");
case TRUSTCHAIN:
return CertificateAuthorityCredential
.select(certificateManager)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
return this.certificateRepository
.findByCertificateHash(certificateHash,
"CertificateAuthorityCredential");
default:
return null;
}
@ -409,13 +527,11 @@ public class CertificatePageController extends PageController<NoPageParams> {
*
* @param certificateType String containing the certificate type
* @param serialNumber the platform serial number
* @param certificateManager the certificate manager to query
* @return the certificate or null if none is found
*/
private List<PlatformCredential> getCertificateByBoardSN(
final String certificateType,
final String serialNumber,
final CertificateService certificateManager) {
final String serialNumber) {
if (serialNumber == null) {
return null;
@ -423,10 +539,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.byBoardSerialNumber(serialNumber)
.getCertificates().stream().collect(Collectors.toList());
return this.certificateRepository.byBoardSerialNumber(serialNumber);
default:
return null;
}
@ -504,15 +617,13 @@ public class CertificatePageController extends PageController<NoPageParams> {
* be stored
* @param messages contains any messages that will be display on the page
* @param certificate the certificate to store
* @param certificateManager the DB manager to use
* @return the messages for the page
*/
private void storeCertificate(
final String certificateType,
final String fileName,
final PageMessages messages,
final Certificate certificate,
final CertificateService certificateManager) {
final Certificate certificate) {
Certificate existingCertificate;
@ -520,8 +631,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try {
existingCertificate = getCertificateByHash(
certificateType,
certificate.getCertificateHash(),
certificateManager);
certificate.getCertificateHash());
} catch (DBServiceException e) {
final String failMessage = "Querying for existing certificate failed ("
+ fileName + "): ";
@ -538,8 +648,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
if (platformCertificate.isPlatformBase()) {
List<PlatformCredential> sharedCertificates = getCertificateByBoardSN(
certificateType,
platformCertificate.getPlatformSerial(),
certificateManager);
platformCertificate.getPlatformSerial());
if (sharedCertificates != null) {
for (PlatformCredential pc : sharedCertificates) {
@ -575,7 +684,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
}**/
}
certificateManager.saveCertificate(certificate);
this.certificateRepository.save(certificate);
final String successMsg
= String.format("New certificate successfully uploaded (%s): ", fileName);
@ -597,7 +706,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
if (existingCertificate.isArchived()) {
existingCertificate.restore();
existingCertificate.resetCreateTime();
certificateManager.updateCertificate(existingCertificate);
this.certificateRepository.save(existingCertificate);
final String successMsg = String.format("Pre-existing certificate "
+ "found and unarchived (%s): ", fileName);

139
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java
View File

@ -1,37 +1,47 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.DeviceRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.Device;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.persist.service.DeviceServiceImpl;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.params.NoPageParams;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.UUID;
/**
* Controller for the Device page.
*/
@Log4j2
@Controller
@RequestMapping("/devices")
public class DevicePageController extends PageController<NoPageParams> {
/**
* https://odrotbohm.de/2013/11/why-field-injection-is-evil/
*
* Autowiring property vs constructor
*/
private final DeviceServiceImpl deviceServiceImpl;
private final DeviceRepository deviceRepository;
private final CertificateRepository certificateRepository;
@Autowired
public DevicePageController(DeviceServiceImpl deviceServiceImpl,
DeviceRepository deviceRepository) {
public DevicePageController(final DeviceRepository deviceRepository,
final CertificateRepository certificateRepository) {
super(Page.DEVICES);
this.deviceServiceImpl = deviceServiceImpl;
this.deviceRepository = deviceRepository;
this.certificateRepository = certificateRepository;
}
@Override
@ -40,21 +50,100 @@ public class DevicePageController extends PageController<NoPageParams> {
return getBaseModelAndView();
}
// @RequestMapping(value = "list", produces = MediaType.APPLICATION_JSON_VALUE,
// method = RequestMethod.GET)
// public DataTableResponse<HashMap<String, Object>> getTableData(
// final DataTableInput input) {
// String orderColumnName = input.getOrderColumnName();
// FilteredRecordsList<HashMap<String, Object>> record
// = retrieveDevicesAndAssociatedCertificates(deviceList);
// modelMap.put("devices", deviceServiceImpl.retrieveDevices());
// return new DataTableResponse<>(record, input);
// }
@RequestMapping(value = "/list", produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
public DataTableResponse<HashMap<String, Object>> getTableData(
final DataTableInput input) {
log.debug("Handling request for device list");
String orderColumnName = input.getOrderColumnName();
log.info("Ordering on column: " + orderColumnName);
// get all the devices
FilteredRecordsList<Device> deviceList =
OrderedListQueryDataTableAdapter.getOrderedList(Device.class,
deviceRepository, input, orderColumnName);
@GetMapping(path="/all")
public @ResponseBody Iterable<Device> getAllDevices() {
return deviceRepository.findAll();
FilteredRecordsList<HashMap<String, Object>> record
= retrieveDevicesAndAssociatedCertificates(deviceList);
return new DataTableResponse<>(record, input);
}
/**
* Returns the list of devices combined with the certificates.
* @param deviceList list containing the devices
* @return a record list after the device and certificate was mapped together.
*/
private FilteredRecordsList<HashMap<String, Object>> retrieveDevicesAndAssociatedCertificates(
final FilteredRecordsList<Device> deviceList) {
FilteredRecordsList<HashMap<String, Object>> records = new FilteredRecordsList<>();
// hashmap containing the device-certificate relationship
HashMap<String, Object> deviceCertMap = new HashMap<>();
Device device;
Certificate certificate;
//
// // parse if there is a Device
// if (!deviceList.isEmpty()) {
// // get a list of Certificates that contains the device IDs from the list
// List<Certificate> certificateList = certificateDBManager.getList(
// Certificate.class,
// RowMutationOperations.Restrictions.in("device.id", getDevicesIds(deviceList).toArray()));
//
// // loop all the devices
// for (int i = 0; i < deviceList.size(); i++) {
// // hashmap containing the list of certificates based on the certificate type
// HashMap<String, List<Object>> certificatePropertyMap = new HashMap<>();
//
// device = deviceList.get(i);
// deviceCertMap.put("device", device);
//
// // loop all the certificates and combined the ones that match the ID
// for (int j = 0; j < certificateList.size(); j++) {
// certificate = certificateList.get(j);
//
// // set the certificate if it's the same ID
// if (device.getId().equals(
// ((DeviceAssociatedCertificate) certificate).getDevice().getId())) {
// String certificateId = certificate.getClass().getSimpleName();
// // create a new list for the certificate type if does not exist
// // else add it to the current certificate type list
// List<Object> certificateListFromMap
// = certificatePropertyMap.get(certificateId);
// if (certificateListFromMap != null) {
// certificateListFromMap.add(certificate);
// } else {
// certificatePropertyMap.put(certificateId,
// new ArrayList<>(Collections.singletonList(certificate)));
// }
// }
// }
//
// // add the device-certificate map to the record
// deviceCertMap.putAll(certificatePropertyMap);
// records.add(new HashMap<>(deviceCertMap));
// deviceCertMap.clear();
// }
// }
// set pagination values
// records.setRecordsTotal(deviceList.getRecordsTotal());
// records.setRecordsFiltered(deviceList.getRecordsFiltered());
return records;
}
/**
* Returns the list of devices IDs.
* @param deviceList list containing the devices
* @return a list of the devices IDs
*/
private List<UUID> getDevicesIds(final FilteredRecordsList<Device> deviceList) {
List<UUID> deviceIds = new ArrayList<UUID>();
// loop all the devices
for (int i = 0; i < deviceList.size(); i++) {
deviceIds.add(deviceList.get(i).getId());
}
return deviceIds;
}
}

8
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java
View File

@ -9,6 +9,9 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
/**
* Controller for the Index page.
*/
@Controller
@Log4j2
@RequestMapping("/index")
@ -34,9 +37,4 @@ public class IndexPageController extends PageController<NoPageParams> {
return getBaseModelAndView();
}
// @RequestMapping(value = "/", method = RequestMethod.GET)
// public String showIndexPage(ModelMap model) {
// model.put("name", "welcome");
// return "welcome";
// }
}

68
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
View File

@ -1,7 +1,7 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings;
import hirs.attestationca.persist.service.SettingsServiceImpl;
import hirs.attestationca.persist.entity.manager.PolicyRepository;
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
@ -39,7 +39,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
private static final String ENABLED_EXPIRES_PARAMETER_VALUE = "expires";
private SettingsServiceImpl settingsService;
private final PolicyRepository policyRepository;
/**
* Model attribute name used by initPage for the initial data passed to the
@ -56,15 +56,15 @@ public class PolicyPageController extends PageController<NoPageParams> {
/**
* Constructor.
*
* @param policyService the policy service
* @param policyRepository the policy service
*/
@Autowired
public PolicyPageController(final SettingsServiceImpl policyService) {
public PolicyPageController(final PolicyRepository policyRepository) {
super(Page.POLICY);
this.settingsService = policyService;
this.policyRepository = policyRepository;
if (this.settingsService.getByName("Default") == null) {
this.settingsService.saveSettings(new SupplyChainSettings("Default", "Settings are configured for no validation flags set."));
if (this.policyRepository.findByName("Default") == null) {
this.policyRepository.saveAndFlush(new PolicySettings("Default", "Settings are configured for no validation flags set."));
}
}
@ -82,7 +82,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
// get the basic information to render the page
ModelAndView mav = getBaseModelAndView();
SupplyChainSettings policy = getDefaultPolicy();
PolicySettings policy = getDefaultPolicy();
log.debug(policy);
PolicyPageModel pageModel = new PolicyPageModel(policy);
mav.addObject(INITIAL_DATA, pageModel);
@ -113,7 +113,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
= ppModel.getPcValidate().equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
// If PC policy setting change results in invalid policy, inform user
if (!isPolicyValid(policy.isEcValidationEnabled(), pcValidationOptionEnabled,
@ -164,7 +164,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
// If PC Attribute Validation is enabled without PC Validation, disallow change
if (!isPolicyValid(policy.isEcValidationEnabled(),
@ -216,7 +216,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
if (issuedAttestationOptionEnabled) {
successMessage = "Attestation Certificate generation enabled.";
@ -260,7 +260,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
if (issuedDevIdOptionEnabled) {
successMessage = "DevID Certificate generation enabled.";
@ -312,7 +312,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
boolean issuedAttestationOptionEnabled
= policy.isIssueAttestationCertificate();
@ -326,7 +326,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
if (generateCertificateEnabled) {
numOfDays = ppModel.getExpirationValue();
if (numOfDays == null) {
numOfDays = SupplyChainSettings.TEN_YEARS;
numOfDays = PolicySettings.TEN_YEARS;
}
} else {
numOfDays = policy.getValidityDays();
@ -382,7 +382,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
boolean issuedDevIdOptionEnabled
= policy.isIssueDevIdCertificate();
@ -396,7 +396,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
if (generateDevIdCertificateEnabled) {
numOfDays = ppModel.getDevIdExpirationValue();
if (numOfDays == null) {
numOfDays = SupplyChainSettings.TEN_YEARS;
numOfDays = PolicySettings.TEN_YEARS;
}
} else {
numOfDays = policy.getDevIdValidityDays();
@ -452,7 +452,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
boolean issuedAttestationOptionEnabled
= policy.isIssueAttestationCertificate();
@ -470,7 +470,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
if (threshold == null || threshold.isEmpty()) {
threshold = SupplyChainSettings.YEAR;
threshold = PolicySettings.YEAR;
}
policy.setReissueThreshold(threshold);
@ -522,7 +522,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
boolean issuedDevIdOptionEnabled
= policy.isIssueDevIdCertificate();
@ -540,7 +540,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
}
if (threshold == null || threshold.isEmpty()) {
threshold = SupplyChainSettings.YEAR;
threshold = PolicySettings.YEAR;
}
policy.setDevIdReissueThreshold(threshold);
@ -584,7 +584,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
= ppModel.getEcValidate().equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If PC Validation is enabled without EC Validation, disallow change
if (!isPolicyValid(ecValidationOptionEnabled, policy.isPcValidationEnabled(),
@ -636,7 +636,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If firmware is enabled without PC attributes, disallow change
if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) {
@ -692,7 +692,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If Ignore IMA is enabled without firmware, disallow change
if (ignoreImaOptionEnabled && !policy.isFirmwareValidationEnabled()) {
@ -743,7 +743,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If Ignore TBoot is enabled without firmware, disallow change
if (ignoreTbootOptionEnabled && !policy.isFirmwareValidationEnabled()) {
@ -794,7 +794,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If Ignore TBoot is enabled without firmware, disallow change
if (ignoreGptOptionEnabled && !policy.isFirmwareValidationEnabled()) {
@ -847,7 +847,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If Ignore TBoot is enabled without firmware, disallow change
if (ignoreOsEvtOptionEnabled && !policy.isFirmwareValidationEnabled()) {
@ -918,11 +918,11 @@ public class PolicyPageController extends PageController<NoPageParams> {
*
* @return The default Supply Chain Policy
*/
private SupplyChainSettings getDefaultPolicy() {
SupplyChainSettings defaultSettings = this.settingsService.getByName("Default");
private PolicySettings getDefaultPolicy() {
PolicySettings defaultSettings = this.policyRepository.findByName("Default");
if (defaultSettings == null) {
defaultSettings = new SupplyChainSettings("Default", "Settings are configured for no validation flags set.");
defaultSettings = new PolicySettings("Default", "Settings are configured for no validation flags set.");
}
return defaultSettings;
}
@ -935,10 +935,10 @@ public class PolicyPageController extends PageController<NoPageParams> {
* @param model the map of string messages to be displayed on the view
* @return The default Supply Chain Policy
*/
private SupplyChainSettings getDefaultPolicyAndSetInModel(
private PolicySettings getDefaultPolicyAndSetInModel(
final PolicyPageModel ppModel, final Map<String, Object> model) {
// load the current default policy from the DB
SupplyChainSettings policy = getDefaultPolicy();
PolicySettings policy = getDefaultPolicy();
// set the data received to be populated back into the form
model.put(RESULT_DATA, ppModel);
@ -948,9 +948,9 @@ public class PolicyPageController extends PageController<NoPageParams> {
private void savePolicyAndApplySuccessMessage(
final PolicyPageModel ppModel, final Map<String, Object> model,
final PageMessages messages, final String successMessage,
final SupplyChainSettings settings) {
final PolicySettings settings) {
// save the policy to the DB
settingsService.updateSettings(settings);
policyRepository.saveAndFlush(settings);
// Log and set the success message
messages.addSuccess(successMessage);

138
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -1,17 +1,15 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.DBServiceException;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
import hirs.attestationca.persist.service.CertificateService;
import hirs.attestationca.persist.service.ReferenceDigestValueService;
import hirs.attestationca.persist.service.ReferenceDigestValueServiceImpl;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.SupplyChainValidationServiceImpl;
import hirs.attestationca.persist.validation.ReferenceManifestValidator;
import hirs.attestationca.persist.validation.SupplyChainValidatorException;
@ -41,7 +39,6 @@ import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
/**
@ -52,28 +49,27 @@ import java.util.UUID;
@RequestMapping("/rim-details")
public class ReferenceManifestDetailsPageController extends PageController<ReferenceManifestDetailsPageParams> {
private final ReferenceManifestService referenceManifestManager;
private final ReferenceDigestValueService referenceEventManager;
private final CertificateService certificateService;
private final ReferenceManifestRepository referenceManifestRepository;
private final ReferenceDigestValueRepository referenceDigestValueRepository;
private final CertificateRepository certificateRepository;
private static final ReferenceManifestValidator RIM_VALIDATOR
= new ReferenceManifestValidator();
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the reference manifest manager.
* @param referenceEventManager the reference event manager.
* @param certificateService the certificate manager.
* @param referenceManifestRepository the repository for RIM.
* @param referenceDigestValueRepository the reference event manager.
* @param certificateRepository the certificate manager.
*/
@Autowired
public ReferenceManifestDetailsPageController(
final ReferenceManifestServiceImpl referenceManifestManager,
final ReferenceDigestValueServiceImpl referenceEventManager,
final CertificateService certificateService) {
public ReferenceManifestDetailsPageController(final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository) {
super(Page.RIM_DETAILS);
this.referenceManifestManager = referenceManifestManager;
this.referenceEventManager = referenceEventManager;
this.certificateService = certificateService;
this.referenceManifestRepository = referenceManifestRepository;
this.referenceDigestValueRepository = referenceDigestValueRepository;
this.certificateRepository = certificateRepository;
}
/**
@ -103,8 +99,10 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
} else {
try {
UUID uuid = UUID.fromString(params.getId());
data.putAll(getRimDetailInfo(uuid, referenceManifestManager,
referenceEventManager, certificateService));
data.putAll(getRimDetailInfo(uuid, referenceManifestRepository,
referenceDigestValueRepository, certificateRepository));
data.putAll(getRimDetailInfo(uuid, referenceManifestRepository,
referenceDigestValueRepository, certificateRepository));
} catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
@ -131,42 +129,39 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
* Gathers all information and returns it for displays.
*
* @param uuid database reference for the requested RIM.
* @param referenceManifestManager the reference manifest manager.
* @param referenceEventManager the reference event manager.
* @param certificateManager the certificate manager.
* @param referenceManifestRepository the reference manifest manager.
* @param referenceDigestValueRepository the reference event manager.
* @param certificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestService referenceManifestManager,
final ReferenceDigestValueService referenceEventManager,
final CertificateService certificateManager)
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
BaseReferenceManifest bRim = BaseReferenceManifest.select(referenceManifestManager)
.byEntityId(uuid).getRIM();
BaseReferenceManifest bRim = referenceManifestRepository.getBaseRimEntityById(uuid);
if (bRim != null) {
data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateManager));
data.putAll(getBaseRimInfo(bRim, referenceManifestRepository, certificateRepository));
}
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager)
.byEntityId(uuid).getRIM();
SupportReferenceManifest sRim = referenceManifestRepository.getSupportRimEntityById(uuid);
if (sRim != null) {
data.putAll(getSupportRimInfo(sRim, referenceManifestManager));
data.putAll(getSupportRimInfo(sRim, referenceManifestRepository));
}
EventLogMeasurements bios = EventLogMeasurements.select(referenceManifestManager)
.byEntityId(uuid).getRIM();
EventLogMeasurements bios = referenceManifestRepository.getEventLogRimEntityById(uuid);
if (bios != null) {
data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager,
referenceEventManager));
data.putAll(getMeasurementsRimInfo(bios, referenceManifestRepository,
referenceDigestValueRepository));
}
return data;
@ -177,8 +172,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
* Gathers all information and returns it for displays.
*
* @param baseRim established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param certificateManager the certificate manager.
* @param referenceManifestRepository the reference manifest manager.
* @param certificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -186,8 +181,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestService referenceManifestManager,
final CertificateService certificateManager)
final ReferenceManifestRepository referenceManifestRepository,
final CertificateRepository certificateRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -219,8 +214,7 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
// Link
data.put("linkHref", baseRim.getLinkHref());
data.put("linkHrefLink", "");
for (BaseReferenceManifest bRim : BaseReferenceManifest
.select(referenceManifestManager).getRIMs()) {
for (BaseReferenceManifest bRim : referenceManifestRepository.findAllBaseRims()) {
if (baseRim.getLinkHref().contains(bRim.getTagId())) {
data.put("linkHrefLink", bRim.getId());
}
@ -241,8 +235,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("pcUriLocal", baseRim.getPcURILocal());
data.put("rimLinkHash", baseRim.getRimLinkHash());
if (baseRim.getRimLinkHash() != null) {
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
.byHexDecHash(baseRim.getRimLinkHash()).getRIM();
ReferenceManifest rim = referenceManifestRepository.findByHash(baseRim.getRimLinkHash(),
"BaseReferenceManifest");
if (rim != null) {
data.put("rimLinkId", rim.getId());
data.put("linkHashValid", true);
@ -257,15 +251,15 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
SupportReferenceManifest support = null;
if (baseRim.getAssociatedRim() == null) {
support = SupportReferenceManifest.select(referenceManifestManager)
.byManufacturer(baseRim.getPlatformManufacturer())
.getRIM();
support = (SupportReferenceManifest) referenceManifestRepository
.getByManufacturer(baseRim.getPlatformManufacturer(),
"SupportReferenceManifest");
if (support != null) {
baseRim.setAssociatedRim(support.getId());
}
} else {
support = SupportReferenceManifest.select(referenceManifestManager)
.byEntityId(baseRim.getAssociatedRim()).getRIM();
support = (SupportReferenceManifest) referenceManifestRepository
.getReferenceById(baseRim.getAssociatedRim());
}
// going to have to pull the filename and grab that from the DB
// to get the id to make the link
@ -291,14 +285,13 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("pcrList", support.getExpectedPCRList());
}
Set<CertificateAuthorityCredential> certificates =
CertificateAuthorityCredential.select(certificateManager)
.getCertificates();
List<CertificateAuthorityCredential> certificates = certificateRepository
.findByAll("CertificateAuthorityCredential");
//Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid
data.put("signatureValid", false);
for (CertificateAuthorityCredential cert : certificates) {
SupplyChainValidationServiceImpl scvsImpl =
new SupplyChainValidationServiceImpl(certificateManager);
new SupplyChainValidationServiceImpl(certificateRepository);
KeyStore keystore = scvsImpl.getCaChain(cert);
if (RIM_VALIDATOR.validateXmlSignature(cert)) {
try {
@ -331,7 +324,7 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
* Gathers all information and returns it for displays.
*
* @param support established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param referenceManifestRepository the reference manifest manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -339,21 +332,20 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
*/
private static HashMap<String, Object> getSupportRimInfo(
final SupportReferenceManifest support,
final ReferenceManifestService referenceManifestManager)
final ReferenceManifestRepository referenceManifestRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
EventLogMeasurements measurements = null;
if (support.getAssociatedRim() == null) {
Set<BaseReferenceManifest> baseRims = BaseReferenceManifest
.select(referenceManifestManager)
.byRimType(ReferenceManifest.BASE_RIM).getRIMs();
List<BaseReferenceManifest> baseRims = referenceManifestRepository.findAllBaseRims();
for (BaseReferenceManifest baseRim : baseRims) {
if (baseRim != null && baseRim.getAssociatedRim() != null
&& baseRim.getAssociatedRim().equals(support.getId())) {
support.setAssociatedRim(baseRim.getId());
try {
referenceManifestManager.updateReferenceManifest(support, support.getId());
referenceManifestRepository.save(support);
} catch (DBServiceException ex) {
log.error("Failed to update Support RIM", ex);
}
@ -365,8 +357,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
// testing this independent of the above if statement because the above
// starts off checking if associated rim is null; that is irrelevant for
// this statement.
measurements = EventLogMeasurements.select(referenceManifestManager)
.byHexDecHash(support.getHexDecHash()).getRIM();
measurements = (EventLogMeasurements) referenceManifestRepository.findByHash(support.getHexDecHash(),
"EventLogMeasurements");
if (support.isSwidPatch()) {
data.put("swidPatch", "True");
@ -491,8 +483,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
* Gathers all information and returns it for displays.
*
* @param measurements established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param referenceEventManager the reference event manager.
* @param referenceManifestRepository the reference manifest manager.
* @param referenceDigestValueRepository the reference event manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -500,8 +492,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
*/
private static HashMap<String, Object> getMeasurementsRimInfo(
final EventLogMeasurements measurements,
final ReferenceManifestService referenceManifestManager,
final ReferenceDigestValueService referenceEventManager)
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
@ -519,10 +511,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
List<ReferenceDigestValue> eventValues = new ArrayList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(SupportReferenceManifest
.select(referenceManifestManager)
.byDeviceName(measurements
.getDeviceName()).getRIMs());
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
for (SupportReferenceManifest support : supports) {
if (support.isBaseSupport()) {
baseSupport = support;
@ -532,18 +522,14 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
if (baseSupport != null) {
data.put("supportFilename", baseSupport.getFileName());
data.put("supportId", baseSupport.getId());
base = BaseReferenceManifest
.select(referenceManifestManager)
.byEntityId(baseSupport.getAssociatedRim())
.getRIM();
data.put("tagId", baseSupport.getTagId());
base = referenceManifestRepository.getBaseRimEntityById(baseSupport.getAssociatedRim());
if (base != null) {
data.put("associatedRim", base.getId());
}
eventValues.addAll(referenceEventManager.getValuesByRimId(base));
eventValues.addAll(referenceDigestValueRepository.getValuesByRimId(base.getId()));
}
}

447
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -1,23 +1,30 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.CriteriaModifier;
import hirs.attestationca.persist.DBManagerException;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceDigestValueService;
import hirs.attestationca.persist.service.ReferenceDigestValueServiceImpl;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
import hirs.attestationca.persist.service.FilesStorageService;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.persistence.EntityManager;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Root;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.validation.Valid;
import lombok.extern.log4j.Log4j2;
import org.hibernate.Session;
@ -25,12 +32,32 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StreamUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
import java.io.IOException;
import java.lang.ref.Reference;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
/**
* Controller for the Reference Manifest page.
@ -40,25 +67,30 @@ import java.lang.ref.Reference;
@RequestMapping("/reference-manifests")
public class ReferenceManifestPageController extends PageController<NoPageParams> {
private static final String LOG_FILE_PATTERN = "([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)";
@Autowired(required = false)
private EntityManager entityManager;
private final ReferenceManifestService referenceManifestManager;
private final ReferenceDigestValueService referenceEventManager;
private final FilesStorageService filesStorageService;
private final ReferenceManifestRepository referenceManifestRepository;
private final ReferenceDigestValueRepository referenceDigestValueRepository;
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the reference manifest manager
* @param referenceEventManager this is the reference event manager
* @param filesStorageService storage services
* @param referenceManifestRepository the reference manifest manager
* @param referenceDigestValueRepository this is the reference event manager
*/
@Autowired
public ReferenceManifestPageController(
final ReferenceManifestServiceImpl referenceManifestManager,
final ReferenceDigestValueServiceImpl referenceEventManager) {
public ReferenceManifestPageController(final FilesStorageService filesStorageService,
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository) {
super(Page.REFERENCE_MANIFESTS);
this.referenceManifestManager = referenceManifestManager;
this.referenceEventManager = referenceEventManager;
this.filesStorageService = filesStorageService;
this.referenceManifestRepository = referenceManifestRepository;
this.referenceDigestValueRepository = referenceDigestValueRepository;
}
/**
@ -89,12 +121,10 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
method = RequestMethod.GET)
public DataTableResponse<ReferenceManifest> getTableData(
@Valid final DataTableInput input) {
log.info("Handling request for summary list: " + input);
// return this.referenceManifestManager.fetchReferenceManifests(input);
log.debug("Handling request for summary list: " + input);
String orderColumnName = input.getOrderColumnName();
log.debug("Ordering on column: " + orderColumnName);
log.info("Ordering on column: " + orderColumnName);
// check that the alert is not archived and that it is in the specified report
CriteriaModifier criteriaModifier = new CriteriaModifier() {
@ -105,16 +135,395 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
Root<ReferenceManifest> rimRoot = criteriaQuery.from(Reference.class);
criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD)));
// criteria.add(Restrictions.isNull(Certificate.ARCHIVE_FIELD));
}
};
FilteredRecordsList<ReferenceManifest> records
= OrderedListQueryDataTableAdapter.getOrderedList(
ReferenceManifest.class,
referenceManifestManager,
this.referenceManifestRepository,
input, orderColumnName, criteriaModifier);
log.debug("Returning list of size: " + records.size());
return new DataTableResponse<>(records, input);
}
/**
* Upload and processes a reference manifest(s).
*
* @param files the files to process
* @param attr the redirection attributes
* @return the redirection view
* @throws URISyntaxException if malformed URI
* @throws Exception if malformed URI
*/
@RequestMapping(value = "/upload", method = RequestMethod.POST)
protected RedirectView upload(
@RequestParam("file") final MultipartFile[] files,
final RedirectAttributes attr) throws URISyntaxException, Exception {
Map<String, Object> model = new HashMap<>();
PageMessages messages = new PageMessages();
String fileName;
Pattern logPattern = Pattern.compile(LOG_FILE_PATTERN);
Matcher matcher;
boolean supportRIM = false;
List<BaseReferenceManifest> baseRims = new ArrayList<>();
List<SupportReferenceManifest> supportRims = new ArrayList<>();
log.info(String.format("Processing %s uploaded files", files.length));
// loop through the files
for (MultipartFile file : files) {
fileName = file.getOriginalFilename();
matcher = logPattern.matcher(fileName);
supportRIM = matcher.matches();
//Parse reference manifests
parseRIM(file, supportRIM, messages, baseRims, supportRims);
}
baseRims.stream().forEach((rim) -> {
log.info(String.format("Storing swidtag %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
supportRims.stream().forEach((rim) -> {
log.info(String.format("Storing event log %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
// Prep a map to associated the swidtag payload hash to the swidtag.
// pass it in to update support rims that either were uploaded
// or already exist
// create a map of the supports rims in case an uploaded swidtag
// isn't one to one with the uploaded support rims.
Map<String, SupportReferenceManifest> updatedSupportRims
= updateSupportRimInfo(referenceManifestRepository.findAllSupportRims());
// pass in the updated support rims
// and either update or add the events
processTpmEvents(new ArrayList<SupportReferenceManifest>(updatedSupportRims.values()));
//Add messages to the model
model.put(MESSAGES_ATTRIBUTE, messages);
return redirectTo(Page.REFERENCE_MANIFESTS,
new NoPageParams(), model, attr);
}
/**
* Archives (soft delete) the Reference Integrity Manifest entry.
*
* @param id the UUID of the rim to delete
* @param attr RedirectAttributes used to forward data back to the original
* page.
* @return redirect to this page
* @throws URISyntaxException if malformed URI
*/
@RequestMapping(value = "/delete", method = RequestMethod.POST)
public RedirectView delete(@RequestParam final String id,
final RedirectAttributes attr) throws URISyntaxException {
log.info("Handling request to delete " + id);
Map<String, Object> model = new HashMap<>();
PageMessages messages = new PageMessages();
try {
ReferenceManifest referenceManifest = getRimFromDb(id);
if (referenceManifest == null) {
String notFoundMessage = "Unable to locate RIM with ID: " + id;
messages.addError(notFoundMessage);
log.warn(notFoundMessage);
} else {
referenceManifestRepository.delete(referenceManifest);
String deleteCompletedMessage = "RIM successfully deleted";
messages.addInfo(deleteCompletedMessage);
log.info(deleteCompletedMessage);
// if support rim, update associated events
if (referenceManifest instanceof SupportReferenceManifest) {
List<ReferenceDigestValue> values = referenceDigestValueRepository
.getValuesByRimId(referenceManifest.getId());
for (ReferenceDigestValue value : values) {
referenceDigestValueRepository.delete(value);
}
}
}
} catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + id;
messages.addError(uuidError);
log.error(uuidError, iaEx);
} catch (DBManagerException dbmEx) {
String dbError = "Failed to archive cert: " + id;
messages.addError(dbError);
log.error(dbError, dbmEx);
}
model.put(MESSAGES_ATTRIBUTE, messages);
return redirectTo(Page.REFERENCE_MANIFESTS, new NoPageParams(), model, attr);
}
/**
* Handles request to download the rim by writing it to the response stream
* for download.
*
* @param id the UUID of the rim to download
* @param response the response object (needed to update the header with the
* file name)
* @throws java.io.IOException when writing to response output stream
*/
@RequestMapping(value = "/download", method = RequestMethod.GET)
public void download(@RequestParam final String id,
final HttpServletResponse response)
throws IOException {
log.info("Handling RIM request to download " + id);
try {
ReferenceManifest referenceManifest = getRimFromDb(id);
if (referenceManifest == null) {
String notFoundMessage = "Unable to locate RIM with ID: " + id;
log.warn(notFoundMessage);
// send a 404 error when invalid Reference Manifest
response.sendError(HttpServletResponse.SC_NOT_FOUND);
} else {
StringBuilder fileName = new StringBuilder("filename=\"");
fileName.append(referenceManifest.getFileName());
// Set filename for download.
response.setHeader("Content-Disposition", "attachment;" + fileName);
response.setContentType("application/octet-stream");
// write cert to output stream
response.getOutputStream().write(referenceManifest.getRimBytes());
}
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: " + id;
log.error(uuidError, ex);
// send a 404 error when invalid certificate
response.sendError(HttpServletResponse.SC_NOT_FOUND);
}
}
/**
* Handles request to download bulk of RIMs by writing it to the response stream
* for download in bulk.
*
* @param response the response object (needed to update the header with the
* file name)
* @throws java.io.IOException when writing to response output stream
*/
@RequestMapping(value = "/bulk", method = RequestMethod.GET)
public void bulk(final HttpServletResponse response)
throws IOException {
log.info("Handling request to download all Reference Integrity Manifests");
String fileName = "rims.zip";
String zipFileName;
// Set filename for download.
response.setHeader("Content-Disposition", "attachment; filename=" + fileName);
response.setContentType("application/zip");
List<ReferenceManifest> referenceManifestList = new LinkedList<>();
for (ReferenceManifest rim : referenceManifestRepository.findAll()) {
if ((rim instanceof BaseReferenceManifest)
|| (rim instanceof SupportReferenceManifest)) {
referenceManifestList.add(rim);
}
}
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (ReferenceManifest rim : referenceManifestList) {
if (rim.getFileName().isEmpty()) {
zipFileName = "";
} else {
// configure the zip entry, the properties of the 'file'
zipFileName = rim.getFileName();
}
ZipEntry zipEntry = new ZipEntry(zipFileName);
zipEntry.setSize((long) rim.getRimBytes().length * Byte.SIZE);
zipEntry.setTime(System.currentTimeMillis());
zipOut.putNextEntry(zipEntry);
// the content of the resource
StreamUtils.copy(rim.getRimBytes(), zipOut);
zipOut.closeEntry();
}
zipOut.finish();
// write cert to output stream
} catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: ";
log.error(uuidError, ex);
// send a 404 error when invalid certificate
response.sendError(HttpServletResponse.SC_NOT_FOUND);
}
}
/**
* This method takes the parameter and looks for this information in the
* Database.
*
* @param id of the RIM
* @return the associated RIM from the DB
* @throws IllegalArgumentException
*/
private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException {
UUID uuid = UUID.fromString(id);
// ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
// .byEntityId(uuid).getRIM();
//
// if (rim == null) {
// rim = SupportReferenceManifest.select(referenceManifestManager)
// .byEntityId(uuid).getRIM();
// }
//
// if (rim == null) {
// rim = EventLogMeasurements.select(referenceManifestManager)
// .byEntityId(uuid).getRIM();
// }
return this.referenceManifestRepository.getReferenceById(uuid);
}
/**
* Takes the rim files provided and returns a {@link ReferenceManifest}
* object.
*
* @param file the provide user file via browser.
* @param supportRIM matcher result
* @param messages the object that handles displaying information to the
* user.
* @param baseRims object to store multiple files
* @param supportRims object to store multiple files
* @return a single or collection of reference manifest files.
*/
private void parseRIM(
final MultipartFile file, final boolean supportRIM,
final PageMessages messages, final List<BaseReferenceManifest> baseRims,
final List<SupportReferenceManifest> supportRims) {
byte[] fileBytes = new byte[0];
String fileName = file.getOriginalFilename();
// build the manifest from the uploaded bytes
try {
fileBytes = file.getBytes();
} catch (IOException e) {
final String failMessage
= String.format("Failed to read uploaded file (%s): ", fileName);
log.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
}
try {
if (supportRIM) {
supportRims.add(new SupportReferenceManifest(fileName, fileBytes));
} else {
baseRims.add(new BaseReferenceManifest(fileName, fileBytes));
}
} catch (IOException ioEx) {
final String failMessage
= String.format("Failed to parse uploaded file (%s): ", fileName);
log.error(failMessage, ioEx);
messages.addError(failMessage + ioEx.getMessage());
}
}
private Map<String, SupportReferenceManifest> updateSupportRimInfo(
final List<SupportReferenceManifest> dbSupportRims) {
SupportReferenceManifest supportRim;
String fileString;
Map<String, SupportReferenceManifest> updatedSupportRims = new HashMap<>();
Map<String, SupportReferenceManifest> hashValues = new HashMap<>();
for (SupportReferenceManifest support : dbSupportRims) {
hashValues.put(support.getHexDecHash(), support);
}
for (BaseReferenceManifest dbBaseRim : referenceManifestRepository.findAllBaseRims()) {
for (String supportHash : hashValues.keySet()) {
fileString = new String(dbBaseRim.getRimBytes(), StandardCharsets.UTF_8);
if (fileString.contains(supportHash)) {
supportRim = hashValues.get(supportHash);
// I have to assume the baseRim is from the database
// Updating the id values, manufacturer, model
if (supportRim != null && !supportRim.isUpdated()) {
supportRim.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
supportRim.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer());
supportRim.setPlatformModel(dbBaseRim.getPlatformModel());
supportRim.setTagId(dbBaseRim.getTagId());
supportRim.setAssociatedRim(dbBaseRim.getId());
supportRim.setUpdated(true);
referenceManifestRepository.save(supportRim);
updatedSupportRims.put(supportHash, supportRim);
}
}
}
}
return updatedSupportRims;
}
/**
* If the support rim is a supplemental or base, this method looks for the
* original oem base rim to associate with each event.
* @param supportRim assumed db object
* @return reference to the base rim
*/
private ReferenceManifest findBaseRim(final SupportReferenceManifest supportRim) {
if (supportRim != null && (supportRim.getId() != null
&& !supportRim.getId().toString().equals(""))) {
List<BaseReferenceManifest> baseRims = this.referenceManifestRepository
.getBaseByManufacturerModel(supportRim.getPlatformManufacturer(),
supportRim.getPlatformModel());
for (BaseReferenceManifest base : baseRims) {
if (base.isBase()) {
// there should be only one
return base;
}
}
}
return null;
}
private void processTpmEvents(final List<SupportReferenceManifest> dbSupportRims) {
List<ReferenceDigestValue> tpmEvents;
TCGEventLog logProcessor = null;
ReferenceManifest baseRim;
ReferenceDigestValue newRdv;
for (SupportReferenceManifest dbSupport : dbSupportRims) {
// So first we'll have to pull values based on support rim
// get by support rim id NEXT
if (dbSupport.getPlatformManufacturer() != null) {
tpmEvents = referenceDigestValueRepository.getValuesBySupportRimId(dbSupport.getAssociatedRim());
baseRim = findBaseRim(dbSupport);
if (tpmEvents.isEmpty()) {
try {
logProcessor = new TCGEventLog(dbSupport.getRimBytes());
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
newRdv = new ReferenceDigestValue(baseRim.getId(),
dbSupport.getId(), dbSupport.getPlatformManufacturer(),
dbSupport.getPlatformModel(), tpe.getPcrIndex(),
tpe.getEventDigestStr(), tpe.getEventTypeStr(),
false, false, true, tpe.getEventContent());
this.referenceDigestValueRepository.save(newRdv);
}
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
} else {
for (ReferenceDigestValue rdv : tpmEvents) {
if (!rdv.isUpdated()) {
rdv.updateInfo(dbSupport, baseRim.getId());
this.referenceDigestValueRepository.save(rdv);
}
}
}
}
}
}
}

122
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java
View File

@ -1,17 +1,27 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.persist.CriteriaModifier;
import hirs.attestationca.persist.DBManagerException;
import hirs.attestationca.persist.FilteredRecordsList;
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
import hirs.attestationca.persist.service.ReferenceDigestValueService;
import hirs.attestationca.persist.service.ReferenceDigestValueServiceImpl;
import hirs.attestationca.persist.service.ReferenceManifestService;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.params.NoPageParams;
import jakarta.persistence.EntityManager;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Root;
import jakarta.validation.Valid;
import lombok.extern.log4j.Log4j2;
import org.hibernate.Session;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.datatables.mapping.DataTablesInput;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
@ -20,7 +30,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import java.util.List;
import java.lang.ref.Reference;
/**
* Controller for the TPM Events page.
@ -30,21 +40,24 @@ import java.util.List;
@RequestMapping("/rim-database")
public class RimDatabasePageController extends PageController<NoPageParams> {
private final ReferenceManifestService referenceManifestManager;
private final ReferenceDigestValueService referenceEventManager;
@Autowired(required = false)
private EntityManager entityManager;
private final ReferenceDigestValueRepository referenceDigestValueRepository;
private final ReferenceManifestRepository referenceManifestRepository;
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the ReferenceManifestManager object
* @param referenceEventManager the referenceEventManager object
* @param referenceDigestValueRepository the referenceDigestValueRepository object
* @param referenceManifestRepository the reference manifest manager object
*/
@Autowired
public RimDatabasePageController(final ReferenceManifestServiceImpl referenceManifestManager,
final ReferenceDigestValueServiceImpl referenceEventManager) {
public RimDatabasePageController(final ReferenceDigestValueRepository referenceDigestValueRepository,
final ReferenceManifestRepository referenceManifestRepository) {
super(Page.RIM_DATABASE);
this.referenceManifestManager = referenceManifestManager;
this.referenceEventManager = referenceEventManager;
this.referenceDigestValueRepository = referenceDigestValueRepository;
this.referenceManifestRepository = referenceManifestRepository;
}
/**
@ -73,50 +86,49 @@ public class RimDatabasePageController extends PageController<NoPageParams> {
@RequestMapping(value = "/list",
produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
public List<ReferenceDigestValue> getTableData(
@Valid final DataTablesInput input) {
public DataTableResponse<ReferenceDigestValue> getTableData(
@Valid final DataTableInput input) {
log.info("Handling request for summary list: " + input);
return this.referenceEventManager.fetchDigestValues();
String orderColumnName = input.getOrderColumnName();
log.info("Ordering on column: " + orderColumnName);
// check that the alert is not archived and that it is in the specified report
CriteriaModifier criteriaModifier = new CriteriaModifier() {
@Override
public void modify(final CriteriaQuery criteriaQuery) {
Session session = entityManager.unwrap(Session.class);
CriteriaBuilder cb = session.getCriteriaBuilder();
Root<ReferenceDigestValue> rimRoot = criteriaQuery.from(Reference.class);
criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD)));
}
};
// String orderColumnName = input.getOrderColumnName();
// log.info("Ordering on column: " + orderColumnName);
//
// // check that the alert is not archived and that it is in the specified report
// CriteriaModifier criteriaModifier = new CriteriaModifier() {
// @Override
// public void modify(final Criteria criteria) {
// criteria.add(Restrictions.isNull(Certificate.ARCHIVE_FIELD));
// }
// };
//
// log.info("Querying with the following datatableinput: " + input.toString());
//
// FilteredRecordsList<ReferenceDigestValue> referenceDigestValues =
// OrderedListQueryDataTableAdapter.getOrderedList(
// ReferenceDigestValue.class,
// referenceEventManager,
// input, orderColumnName, criteriaModifier);
//
// SupportReferenceManifest support;
// for (ReferenceDigestValue rdv : referenceDigestValues) {
// // We are updating the base rim ID field if necessary and
// if (rdv.getBaseRimId() == null) {
// support = SupportReferenceManifest.select(referenceManifestManager)
// .byEntityId(rdv.getSupportRimId()).getRIM();
// if (support != null) {
// rdv.setBaseRimId(support.getAssociatedRim());
// try {
// referenceEventManager.updateRefDigestValue(rdv);
// } catch (DBManagerException e) {
// log.error("Failed to update TPM Event with Base RIM ID");
// log.error(rdv);
// }
// }
// }
// }
//
// return new DataTableResponse<>(referenceDigestValues, input);
log.info("Querying with the following datatableinput: " + input.toString());
FilteredRecordsList<ReferenceDigestValue> referenceDigestValues =
OrderedListQueryDataTableAdapter.getOrderedList(
ReferenceDigestValue.class,
referenceDigestValueRepository,
input, orderColumnName, criteriaModifier);
SupportReferenceManifest support;
for (ReferenceDigestValue rdv : referenceDigestValues) {
// We are updating the base rim ID field if necessary and
if (rdv.getBaseRimId() == null) {
support = (SupportReferenceManifest) referenceManifestRepository.getReferenceById(rdv.getSupportRimId());
if (support != null) {
rdv.setBaseRimId(support.getAssociatedRim());
try {
referenceDigestValueRepository.save(rdv);
} catch (DBManagerException e) {
log.error("Failed to update TPM Event with Base RIM ID");
log.error(rdv);
}
}
}
}
return new DataTableResponse<>(referenceDigestValues, input);
}
}

403
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
View File

@ -1,16 +1,29 @@
package hirs.attestationca.portal.page.utils;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.service.CertificateServiceImpl;
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.utils.BouncyCastleUtils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.bouncycastle.util.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
/**
@ -25,13 +38,96 @@ public final class CertificateStringMapBuilder {
* Returns the general information.
*
* @param certificate certificate to get the general information.
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate repository for retrieving certs.
* @return a hash map with the general certificate information.
*/
public static HashMap<String, String> getGeneralCertificateInfo(
final Certificate certificate, final CertificateServiceImpl certificateServiceImpl) {
final Certificate certificate, final CertificateRepository certificateRepository) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
data.put("issuer", certificate.getHolderIssuer());
//Serial number in hex value
data.put("serialNumber", Hex.toHexString(certificate.getSerialNumber().toByteArray()));
if (!certificate.getAuthoritySerialNumber().equals(BigInteger.ZERO)) {
data.put("authSerialNumber", Hex.toHexString(certificate
.getAuthoritySerialNumber().toByteArray()));
}
if (certificate.getId() != null) {
data.put("certificateId", certificate.getId().toString());
}
data.put("authInfoAccess", certificate.getAuthorityInfoAccess());
data.put("beginValidity", certificate.getBeginValidity().toString());
data.put("endValidity", certificate.getEndValidity().toString());
data.put("signature", Arrays.toString(certificate.getSignature()));
data.put("signatureSize", Integer.toString(certificate.getSignature().length
* Certificate.MIN_ATTR_CERT_LENGTH));
if (certificate.getSubject() != null) {
data.put("subject", certificate.getSubject());
data.put("isSelfSigned",
String.valueOf(certificate.getHolderIssuer().equals(certificate.getSubject())));
} else {
data.put("isSelfSigned", "false");
}
data.put("authKeyId", certificate.getAuthorityKeyIdentifier());
data.put("crlPoints", certificate.getCrlPoints());
data.put("signatureAlgorithm", certificate.getSignatureAlgorithm());
if (certificate.getEncodedPublicKey() != null) {
data.put("encodedPublicKey",
Arrays.toString(certificate.getEncodedPublicKey()));
data.put("publicKeyAlgorithm", certificate.getPublicKeyAlgorithm());
}
if (certificate.getPublicKeyModulusHexValue() != null) {
data.put("publicKeyValue", certificate.getPublicKeyModulusHexValue());
data.put("publicKeySize", String.valueOf(certificate.getPublicKeySize()));
}
if (certificate.getKeyUsage() != null) {
data.put("keyUsage", certificate.getKeyUsage());
}
if (certificate.getExtendedKeyUsage() != null
&& !certificate.getExtendedKeyUsage().isEmpty()) {
data.put("extendedKeyUsage", certificate.getExtendedKeyUsage());
}
//Get issuer ID if not self signed
if (data.get("isSelfSigned").equals("false")) {
//Get the missing certificate chain for not self sign
Certificate missingCert = containsAllChain(certificate, certificateRepository);
String issuerResult;
if (missingCert != null) {
data.put("missingChainIssuer", String.format("Missing %s from the chain.",
missingCert.getHolderIssuer()));
}
List<Certificate> certificates = certificateRepository.findBySubjectSorted(
certificate.getIssuerSorted(), "CertificateAuthorityCredential");
//Find all certificates that could be the issuer certificate based on subject name
for (Certificate issuerCert : certificates) {
try {
//Find the certificate that actually signed this cert
issuerResult = certificate.isIssuer(issuerCert);
if (issuerResult.isEmpty()) {
data.put("issuerID", issuerCert.getId().toString());
break;
} else {
data.put("issuerID", issuerCert.getId().toString());
issuerResult = String.format("%s: %s", issuerResult,
issuerCert.getSubject());
data.put("missingChainIssuer", issuerResult);
break;
}
} catch (IOException e) {
log.error(e);
}
}
}
}
return data;
}
@ -44,55 +140,104 @@ public final class CertificateStringMapBuilder {
*/
public static Certificate containsAllChain(
final Certificate certificate,
final CertificateServiceImpl certificateServiceImpl) {
Set<CertificateAuthorityCredential> issuerCertificates = new HashSet<>();
final CertificateRepository certificateRepository) {
List<CertificateAuthorityCredential> issuerCertificates = new LinkedList<>();
CertificateAuthorityCredential skiCA = null;
String issuerResult;
return null;
//Check if there is a subject organization
if (certificate.getAuthorityKeyIdentifier() != null
&& !certificate.getAuthorityKeyIdentifier().isEmpty()) {
byte[] bytes = Hex.decode(certificate.getAuthorityKeyIdentifier());
skiCA = (CertificateAuthorityCredential) certificateRepository.findBySubjectKeyIdentifier(bytes);
} else {
log.error(String.format("Certificate (%s) for %s has no authority key identifier.",
certificate.getClass().toString(), certificate.getSubject()));
}
if (skiCA == null) {
if (certificate.getIssuerSorted() == null
|| certificate.getIssuerSorted().isEmpty()) {
//Get certificates by subject
issuerCertificates = certificateRepository.findBySubject(certificate.getIssuer(),
"CertificateAuthorityCredential");
} else {
//Get certificates by subject organization
issuerCertificates = certificateRepository.findBySubjectSorted(certificate.getIssuerSorted(),
"CertificateAuthorityCredential");
}
} else {
issuerCertificates.add(skiCA);
}
for (Certificate issuerCert : issuerCertificates) {
try {
// Find the certificate that actually signed this cert
issuerResult = certificate.isIssuer(issuerCert);
if (issuerResult.isEmpty()) {
//Check if it's root certificate
if (BouncyCastleUtils.x500NameCompare(issuerCert.getIssuerSorted(),
issuerCert.getSubject())) {
return null;
}
return containsAllChain(issuerCert, certificateRepository);
}
} catch (IOException e) {
log.error(e);
return certificate;
}
}
return certificate;
}
/**
* Returns the Certificate Authority information.
*
* @param uuid ID for the certificate.
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate manager for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(final UUID uuid,
final CertificateServiceImpl certificateServiceImpl) {
// CertificateAuthorityCredential certificate =
// CertificateAuthorityCredential
// .select(certificateManager)
// .byEntityId(uuid)
// .getCertificate();
final CertificateRepository certificateRepository) {
CertificateAuthorityCredential certificate = (CertificateAuthorityCredential) certificateRepository.getCertificate(uuid);
String notFoundMessage = "Unable to find Certificate Authority "
+ "Credential with ID: " + uuid;
// return getCertificateAuthorityInfoHelper(certificateServiceImpl, certificate, notFoundMessage);
return null;
return getCertificateAuthorityInfoHelper(certificateRepository, certificate, notFoundMessage);
}
/**
* Returns the Trust Chain credential information.
*
* @param certificate the certificate
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate repository for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(
final CertificateAuthorityCredential certificate,
final CertificateServiceImpl certificateServiceImpl) {
// return getCertificateAuthorityInfoHelper(certificateManager, certificate,
// "No cert provided for mapping");
return null;
final CertificateRepository certificateRepository) {
return getCertificateAuthorityInfoHelper(certificateRepository, certificate,
"No cert provided for mapping");
}
private static HashMap<String, String> getCertificateAuthorityInfoHelper(
final CertificateServiceImpl certificateServiceImpl,
final CertificateRepository certificateRepository,
final CertificateAuthorityCredential certificate, final String notFoundMessage) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateRepository));
data.put("subjectKeyIdentifier",
Arrays.toString(certificate.getSubjectKeyIdentifier()));
//x509 credential version
data.put("x509Version", Integer.toString(certificate
.getX509CredentialVersion()));
data.put("credentialType", certificate.getCredentialType());
} else {
log.error(notFoundMessage);
}
return data;
}
@ -100,13 +245,40 @@ public final class CertificateStringMapBuilder {
* Returns the endorsement credential information.
*
* @param uuid ID for the certificate.
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate repository for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getEndorsementInformation(final UUID uuid,
final CertificateServiceImpl certificateServiceImpl) {
final CertificateRepository certificateRepository) {
HashMap<String, String> data = new HashMap<>();
EndorsementCredential certificate = (EndorsementCredential) certificateRepository.findById(uuid).get();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateRepository));
// Set extra fields
data.put("manufacturer", certificate.getManufacturer());
data.put("model", certificate.getModel());
data.put("version", certificate.getVersion());
data.put("policyReference", certificate.getPolicyReference());
data.put("crlPoints", certificate.getCrlPoints());
data.put("credentialType", certificate.getCredentialType());
//x509 credential version
data.put("x509Version", Integer.toString(certificate
.getX509CredentialVersion()));
// Add hashmap with TPM information if available
if (certificate.getTpmSpecification() != null) {
data.putAll(
convertStringToHash(certificate.getTpmSpecification().toString()));
}
if (certificate.getTpmSecurityAssertions() != null) {
data.putAll(
convertStringToHash(certificate.getTpmSecurityAssertions().toString()));
}
} else {
String notFoundMessage = "Unable to find Endorsement Credential "
+ "with ID: " + uuid;
log.error(notFoundMessage);
}
return data;
}
@ -114,16 +286,136 @@ public final class CertificateStringMapBuilder {
* Returns the Platform credential information.
*
* @param uuid ID for the certificate.
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate manager for retrieving certs.
* @return a hash map with the endorsement certificate information.
* @throws IOException when parsing the certificate
* @throws IllegalArgumentException invalid argument on parsing the certificate
*/
public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
final CertificateServiceImpl certificateServiceImpl)
final CertificateRepository certificateRepository,
final ComponentResultRepository componentResultRepository)
throws IllegalArgumentException, IOException {
HashMap<String, Object> data = new HashMap<>();
PlatformCredential certificate = (PlatformCredential) certificateRepository.findById(uuid).get();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateRepository));
data.put("credentialType", certificate.getCredentialType());
data.put("platformType", certificate.getPlatformChainType());
data.put("manufacturer", certificate.getManufacturer());
data.put("model", certificate.getModel());
data.put("version", certificate.getVersion());
data.put("platformSerial", certificate.getPlatformSerial());
data.put("chassisSerialNumber", certificate.getChassisSerialNumber());
data.put("platformClass", certificate.getPlatformClass());
data.put("majorVersion",
Integer.toString(certificate.getMajorVersion()));
data.put("minorVersion",
Integer.toString(certificate.getMinorVersion()));
data.put("revisionLevel",
Integer.toString(certificate.getRevisionLevel()));
data.put("holderSerialNumber", certificate.getHolderSerialNumber()
.toString(Certificate.HEX_BASE)
.replaceAll("(?<=..)(..)", ":$1"));
data.put("holderIssuer", certificate.getHolderIssuer());
if (certificate.isPlatformBase()) {
EndorsementCredential ekCertificate = (EndorsementCredential) certificateRepository
.findBySerialNumber(certificate.getHolderSerialNumber(),
"EndorsementCredential");
if (ekCertificate != null) {
data.put("holderId", ekCertificate.getId().toString());
}
} else {
if (certificate.getPlatformChainType()!= null
&& certificate.getPlatformChainType().equals("Delta")) {
PlatformCredential holderCertificate = (PlatformCredential) certificateRepository
.findBySerialNumber(certificate.getHolderSerialNumber(),
"PlatformCredential");
if (holderCertificate != null) {
data.put("holderId", holderCertificate.getId().toString());
}
}
}
PlatformCredential prevCertificate = certificateRepository
.byHolderSerialNumber(certificate.getSerialNumber());
if (prevCertificate != null) {
data.put("prevCertId", prevCertificate.getId().toString());
}
//x509 credential version
data.put("x509Version", certificate.getX509CredentialVersion());
//CPSuri
data.put("CPSuri", certificate.getCPSuri());
if (!certificate.getComponentFailures().isEmpty()) {
data.put("failures", certificate.getComponentFailures());
HashMap<Integer, String> results = new HashMap<>();
for (ComponentResult componentResult : componentResultRepository.findAll()) {
if (componentResult.getCertificateId()
.equals(certificate.getId())) {
results.put(componentResult.getComponentHash(),
componentResult.getExpected());
}
}
data.put("componentResults", results);
data.put("failureMessages", certificate.getComponentFailures());
}
//Get platform Configuration values and set map with it
PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration();
if (platformConfiguration != null) {
//Component Identifier - attempt to translate hardware IDs
List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier();
if (PciIds.DB.isReady()) {
comps = PciIds.translate(comps);
}
data.put("componentsIdentifier", comps);
//Component Identifier URI
data.put("componentsIdentifierURI", platformConfiguration
.getComponentIdentifierUri());
//Platform Properties
data.put("platformProperties", platformConfiguration.getPlatformProperties());
//Platform Properties URI
data.put("platformPropertiesURI", platformConfiguration.getPlatformPropertiesUri());
}
//TBB Security Assertion
data.put("tbbSecurityAssertion", certificate.getTBBSecurityAssertion());
if (certificate.getPlatformSerial() != null) {
// link certificate chain
List<PlatformCredential> chainCertificates = certificateRepository.byBoardSerialNumber(certificate.getPlatformSerial());
data.put("numInChain", chainCertificates.size());
Collections.sort(chainCertificates, new Comparator<PlatformCredential>() {
@Override
public int compare(final PlatformCredential obj1,
final PlatformCredential obj2) {
return obj1.getBeginValidity().compareTo(obj2.getBeginValidity());
}
});
data.put("chainCertificates", chainCertificates);
if (!certificate.isPlatformBase()) {
for (PlatformCredential pc : chainCertificates) {
if (pc.isPlatformBase()) {
if (!pc.getComponentFailures().isEmpty()) {
data.put("failures", pc.getComponentFailures());
}
break;
}
}
}
}
} else {
String notFoundMessage = "Unable to find Platform Certificate "
+ "with ID: " + uuid;
log.error(notFoundMessage);
}
return data;
}
@ -158,13 +450,66 @@ public final class CertificateStringMapBuilder {
* Returns the Issued Attestation Certificate information.
*
* @param uuid ID for the certificate.
* @param certificateServiceImpl the certificate manager for retrieving certs.
* @param certificateRepository the certificate manager for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getIssuedInformation(final UUID uuid,
final CertificateServiceImpl certificateServiceImpl) {
final CertificateRepository certificateRepository) {
HashMap<String, String> data = new HashMap<>();
IssuedAttestationCertificate certificate = (IssuedAttestationCertificate) certificateRepository.getCertificate(uuid);
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateRepository));
// add endorsement credential ID if not null
if (certificate.getEndorsementCredential() != null) {
EndorsementCredential ek = certificate.getEndorsementCredential();
data.put("endorsementID", ek.getId().toString());
// Add hashmap with TPM information if available
if (ek.getTpmSpecification() != null) {
data.putAll(
convertStringToHash(ek.getTpmSpecification().toString()));
}
if (ek.getTpmSecurityAssertions() != null) {
data.putAll(
convertStringToHash(ek.getTpmSecurityAssertions().toString()));
}
data.put("policyReference", ek.getPolicyReference());
data.put("crlPoints", ek.getCrlPoints());
data.put("credentialType", IssuedAttestationCertificate.AIC_TYPE_LABEL);
}
// add platform credential IDs if not empty
if (!certificate.getPlatformCredentials().isEmpty()) {
StringBuilder buf = new StringBuilder();
for (PlatformCredential pc : certificate.getPlatformCredentials()) {
buf.append(pc.getId().toString());
buf.append(',');
data.put("manufacturer", pc.getManufacturer());
data.put("model", pc.getModel());
data.put("version", pc.getVersion());
data.put("majorVersion",
Integer.toString(pc.getMajorVersion()));
data.put("minorVersion",
Integer.toString(pc.getMinorVersion()));
data.put("revisionLevel",
Integer.toString(pc.getRevisionLevel()));
data.put("tcgMajorVersion",
Integer.toString(pc.getTcgCredentialMajorVersion()));
data.put("tcgMinorVersion",
Integer.toString(pc.getTcgCredentialMinorVersion()));
data.put("tcgRevisionLevel",
Integer.toString(pc.getTcgCredentialRevisionLevel()));
}
// remove last comma character
buf.deleteCharAt(buf.lastIndexOf(","));
data.put("platformID", buf.toString());
}
} else {
String notFoundMessage = "Unable to find Issued Attestation Certificate "
+ "with ID: " + uuid;
log.error(notFoundMessage);
}
return data;
}
}

4
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/tags/page.tag
View File

@ -40,8 +40,8 @@
<link type="text/css" rel="stylesheet" href="${common}/common.css"/>
<link type="text/css" rel="stylesheet" href="${common}/sidebar.css"/>
<link type="text/css" rel="stylesheet" href="${lib}/bootstrap-3.3.7/css/bootstrap.min.css"/>
<link type="text/css" rel="stylesheet" href="${lib}/jquery.dataTables-1.10.13/media/css/jquery.dataTables.min.css"></link>
<link type="text/css" rel="stylesheet" href="${lib}/bootstrap-3.3.7/css/bootstrap.min.css" />
<link type="text/css" rel="stylesheet" href="${lib}/jquery.dataTables-1.10.13/media/css/jquery.dataTables.min.css" />
<%-- page-specific style --%>
<jsp:invoke fragment="style"/>

13
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/web.xml
View File

@ -25,13 +25,24 @@
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<multipart-config>
<location>/tmp</location>
<max-file-size>28393832</max-file-size>
<max-request-size>482818342</max-request-size>
<file-size-threshold>1031234</file-size-threshold>
</multipart-config>
</servlet>
<servlet-mapping>
<servlet-name>pages</servlet-name>
<url-pattern>/portal/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>hirs.attestationca.portal.HIRSDbInitializer</listener-class>
</listener>
<error-page>
<location>/errors</location>
</error-page>
</web-app>
</web-app>

2
HIRS_Utils/src/main/java/hirs/utils/SwidResource.java
View File

@ -4,6 +4,7 @@ import com.google.common.base.Preconditions;
import hirs.utils.digest.DigestAlgorithm;
import hirs.utils.xjc.File;
import lombok.Getter;
import lombok.ToString;
import javax.xml.namespace.QName;
import java.math.BigInteger;
@ -13,6 +14,7 @@ import java.util.Map;
* This object is used to represent the content of a Swid Tags Directory
* section.
*/
@ToString
public class SwidResource {
@Getter

4
HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java
View File

@ -256,9 +256,7 @@ public final class TCGEventLog {
}
return pcrs;
}
/**
* Returns a list of event found in the Event Log.
* @return an arraylist of event.