From 3a7258383641377aed2c72bb4f0ebc5838410a51 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 13 Jun 2023 09:29:29 -0400 Subject: [PATCH] First commit with modified files [no ci] --- .../persist/PCRQuoteValidator.java | 6 +- .../entity/manager/CertificateRepository.java | 29 +- .../entity/manager/DeviceRepository.java | 3 +- .../ReferenceDigestValueRepository.java | 13 + .../manager/ReferenceManifestRepository.java | 28 ++ .../SupplyChainValidationRepository.java | 2 + .../entity/userdefined/Certificate.java | 8 +- .../entity/userdefined/ReferenceManifest.java | 3 + .../SupplyChainValidationSummary.java | 19 +- .../CertificateAuthorityCredential.java | 12 +- .../certificate/ComponentResult.java | 9 +- .../certificate/EndorsementCredential.java | 25 +- .../certificate/PlatformCredential.java | 16 +- .../attributes/ComponentClass.java | 2 +- .../rim/BaseReferenceManifest.java | 54 +-- .../userdefined/rim/EventLogMeasurements.java | 6 +- .../rim/SupportReferenceManifest.java | 6 +- .../service/CertificateServiceImpl.java | 68 +-- .../persist/service/DefaultDbService.java | 54 +-- .../persist/service/DeviceServiceImpl.java | 4 +- .../ReferenceDigestValueServiceImpl.java | 49 +- .../service/ReferenceManifestServiceImpl.java | 42 +- .../SupplyChainValidationServiceImpl.java | 60 +-- .../service/selector/CertificateSelector.java | 21 +- .../selector/ReferenceManifestSelector.java | 19 +- HIRS_AttestationCAPortal/build.gradle | 7 +- .../attestationca/portal/HIRSApplication.java | 19 +- .../portal/HIRSDbInitializer.java | 53 ++- .../portal/PersistenceJPAConfig.java | 44 +- .../OrderedListQueryDataTableAdapter.java | 24 +- .../hirs/attestationca/portal/page/Page.java | 4 + .../portal/page/PageController.java | 2 +- .../portal/page/PolicyPageModel.java | 4 +- .../CertificateDetailsPageController.java | 23 +- .../CertificatePageController.java | 221 ++++++--- .../controllers/DevicePageController.java | 139 +++++- .../page/controllers/IndexPageController.java | 8 +- .../controllers/PolicyPageController.java | 68 +-- ...eferenceManifestDetailsPageController.java | 138 +++--- .../ReferenceManifestPageController.java | 447 +++++++++++++++++- .../RimDatabasePageController.java | 122 ++--- .../utils/CertificateStringMapBuilder.java | 403 ++++++++++++++-- .../src/main/webapp/WEB-INF/tags/page.tag | 4 +- .../src/main/webapp/WEB-INF/web.xml | 13 +- .../main/java/hirs/utils/SwidResource.java | 2 + .../hirs/utils/tpm/eventlog/TCGEventLog.java | 4 +- 46 files changed, 1657 insertions(+), 650 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/PCRQuoteValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/PCRQuoteValidator.java index 0aa2a4b4..431dacf6 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/PCRQuoteValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/PCRQuoteValidator.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist; -import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings; +import hirs.attestationca.persist.entity.userdefined.PolicySettings; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; @@ -46,7 +46,7 @@ public class PCRQuoteValidator { private String[] baselinePCRS = new String[MAX_PCR_ID + 1]; @Getter @Setter - private SupplyChainSettings settings; + private PolicySettings settings; /** * Constructor to parse PCR values. @@ -54,7 +54,7 @@ public class PCRQuoteValidator { * @param settings settings for the supply chain portal settings for provisioning */ public PCRQuoteValidator(final String[] pcrValues, - final SupplyChainSettings settings) { + final PolicySettings settings) { if (pcrValues != null) { baselinePCRS = new String[MAX_PCR_ID + 1]; for (int i = 0; i <= MAX_PCR_ID; i++) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java index 68c76323..58d250d0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java @@ -1,11 +1,38 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.Certificate; +import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; +import java.math.BigInteger; +import java.util.List; import java.util.UUID; @Repository -public interface CertificateRepository extends JpaRepository { +public interface CertificateRepository extends JpaRepository { + + @Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true) + Certificate getCertificate(UUID uuid); + @Query(value = "SELECT * FROM Certificate where issuer = ?1 AND DTYPE = ?2", nativeQuery = true) + List findBySubject(String issuer, String dType); + @Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true) + List findBySubjectSorted(String issuedSort, String dType); + @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true) + List findByAll(String dType); + @Query(value = "SELECT * FROM Certificate where device.id = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + PlatformCredential findByDeviceId(UUID deviceId); + @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true) + Certificate findBySerialNumber(BigInteger serialNumber, String dType); + @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + List byBoardSerialNumber(String boardSerialNumber); + @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + PlatformCredential byHolderSerialNumber(BigInteger holderSerialNumber); + @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = dType", nativeQuery = true) + T byHolderSerialNumber(BigInteger holderSerialNumber, String dType); + @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true) + T findByCertificateHash(int certificateHash, String dType); + @Query(value = "SELECT * FROM Certificate where subjectKeyIdentifier = ?1", nativeQuery = true) + Certificate findBySubjectKeyIdentifier(byte[] skiCA); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/DeviceRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/DeviceRepository.java index a22d74ee..fb3c331b 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/DeviceRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/DeviceRepository.java @@ -4,10 +4,9 @@ import hirs.attestationca.persist.entity.userdefined.Device; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.stereotype.Repository; -import java.util.List; import java.util.UUID; @Repository public interface DeviceRepository extends JpaRepository { - List findByName(String deviceName); + Device findByName(String deviceName); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java index 7117a66d..0cdda1b0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java @@ -2,10 +2,23 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; +import java.util.List; import java.util.UUID; @Repository public interface ReferenceDigestValueRepository extends JpaRepository { + + @Query(value = "SELECT * FROM ReferenceDigestValue", nativeQuery = true) + List listAll(); + @Query(value = "SELECT * FROM ReferenceDigestValue WHERE model = ?1", nativeQuery = true) + List listByModel(String model); + @Query(value = "SELECT * FROM ReferenceDigestValue WHERE manufacturer = ?1", nativeQuery = true) + List listByManufacturer(String manufacturer); + @Query(value = "SELECT * FROM ReferenceDigestValue WHERE baseRimId = '?1' OR supportRimId = '?1'", nativeQuery = true) + List getValuesByRimId(UUID associatedRimId); + @Query(value = "SELECT * FROM ReferenceDigestValue WHERE supportRimId = '?1'", nativeQuery = true) + List getValuesBySupportRimId(UUID supportRimId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index f6406cec..7994255d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -1,11 +1,39 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; +import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; +import java.util.List; import java.util.UUID; @Repository public interface ReferenceManifestRepository extends JpaRepository { + + @Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1", nativeQuery = true) + ReferenceManifest findByHash(String rimHash); + @Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1 AND rimType = ?2", nativeQuery = true) + ReferenceManifest findByHash(String rimHash, String rimType); + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true) + List getBaseByManufacturerModel(String manufacturer, String model); + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true) + ReferenceManifest getByManufacturer(String manufacturer, String dType); + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true) + ReferenceManifest getByModel(String model, String dType); + @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true) + List findAllBaseRims(); + @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + List findAllSupportRims(); + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'", nativeQuery = true) + BaseReferenceManifest getBaseRimEntityById(UUID uuid); + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + SupportReferenceManifest getSupportRimEntityById(UUID uuid); + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) + EventLogMeasurements getEventLogRimEntityById(UUID uuid); + @Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + List byDeviceName(String deviceName); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java index 7111c3a9..537a57de 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java @@ -2,8 +2,10 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; import java.util.UUID; +@Repository public interface SupplyChainValidationRepository extends JpaRepository { } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java index bddaa21f..a9cf8829 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java @@ -7,6 +7,8 @@ import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVari import hirs.utils.HexUtils; import jakarta.persistence.Column; import jakarta.persistence.Entity; +import jakarta.persistence.Inheritance; +import jakarta.persistence.InheritanceType; import jakarta.persistence.Transient; import lombok.Getter; import lombok.extern.log4j.Log4j2; @@ -75,6 +77,7 @@ import java.util.Objects; * It stores certain attributes separately from the serialized certificate to enable querying on * those attributes. */ +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) @Log4j2 @Entity public abstract class Certificate extends ArchivableEntity { @@ -128,6 +131,7 @@ public abstract class Certificate extends ArchivableEntity { * Holds the name of the 'issuer' field. */ public static final String ISSUER_FIELD = "issuer"; + @Getter @Column(nullable = false) private final String issuer; /** @@ -171,6 +175,7 @@ public abstract class Certificate extends ArchivableEntity { @Column(length = CertificateVariables.MAX_PUB_KEY_MODULUS_HEX_LENGTH, nullable = true) private final String publicKeyModulusHexValue; + @Getter @Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = false) private final byte[] signature; @@ -180,7 +185,7 @@ public abstract class Certificate extends ArchivableEntity { @Column(nullable = false) private final Date endValidity; - @Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = false) + @Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES*CertificateVariables.KEY_USAGE_BIT4, nullable = false) @JsonIgnore private byte[] certificateBytes; @@ -250,7 +255,6 @@ public abstract class Certificate extends ArchivableEntity { this.subject = null; this.issuerSorted = null; this.subjectSorted = null; - this.encodedPublicKey = null; this.publicKeyModulusHexValue = null; this.signature = null; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java index 4b363c59..3be14b56 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java @@ -7,6 +7,8 @@ import jakarta.persistence.Access; import jakarta.persistence.AccessType; import jakarta.persistence.Column; import jakarta.persistence.Entity; +import jakarta.persistence.Inheritance; +import jakarta.persistence.InheritanceType; import jakarta.persistence.Table; import lombok.EqualsAndHashCode; import lombok.Getter; @@ -29,6 +31,7 @@ import java.util.UUID; @EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false) @Log4j2 @Entity +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) @Table(name = "ReferenceManifest") @Access(AccessType.FIELD) public class ReferenceManifest extends ArchivableEntity { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java index 72b5dcd1..3ffeff34 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java @@ -16,6 +16,7 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Predicate; import jakarta.persistence.criteria.Root; +import lombok.Getter; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.util.Strings; @@ -39,6 +40,7 @@ import java.util.UUID; @Entity public class SupplyChainValidationSummary extends ArchivableEntity { + @Getter @ManyToOne @JoinColumn(name = "device_id") private final Device device; @@ -49,6 +51,7 @@ public class SupplyChainValidationSummary extends ArchivableEntity { @Enumerated(EnumType.STRING) private final AppraisalStatus.Status overallValidationResult; + @Getter @Column(length = RESULT_MESSAGE_LENGTH) private final String message; @@ -201,15 +204,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity { this.message = status.getMessage(); } - /** - * This retrieves the device associated with the supply chain validation summaries. - * - * @return the validated device - */ - public Device getDevice() { - return device; - } - /** * @return the overall appraisal result */ @@ -217,13 +211,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity { return overallValidationResult; } - /** - * @return the fail message if there is a failure. - */ - public String getMessage() { - return message; - } - /** * @return the validations that this summary contains */ diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java index 006d7a47..a0fbe115 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate; import hirs.attestationca.persist.entity.userdefined.Certificate; -import hirs.attestationca.persist.service.CertificateService; +import hirs.attestationca.persist.service.CertificateServiceImpl; import hirs.attestationca.persist.service.selector.CertificateSelector; import jakarta.persistence.Column; import jakarta.persistence.Entity; @@ -51,13 +51,13 @@ public class CertificateAuthorityCredential extends Certificate { */ public static class Selector extends CertificateSelector { /** - * Construct a new CertificateSelector that will use the given {@link CertificateService} to + * Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to * retrieve one or many CertificateAuthorityCredentials. * - * @param certificateManager the certificate manager to be used to retrieve certificates + * @param certificateService the certificate manager to be used to retrieve certificates */ - public Selector(final CertificateService certificateManager) { - super(certificateManager, CertificateAuthorityCredential.class); + public Selector(final CertificateServiceImpl certificateService) { + super(certificateService, CertificateAuthorityCredential.class); } /** @@ -79,7 +79,7 @@ public class CertificateAuthorityCredential extends Certificate { * @param certMan the CertificateService to be used to retrieve persisted certificates * @return a CertificateAuthorityCredential.Selector instance to use for retrieving certificates */ - public static Selector select(final CertificateService certMan) { + public static Selector select(final CertificateServiceImpl certMan) { return new Selector(certMan); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index d54bea4a..ddb6f13c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -2,8 +2,10 @@ package hirs.attestationca.persist.entity.userdefined.certificate; import hirs.attestationca.persist.entity.AbstractEntity; import jakarta.persistence.Entity; +import lombok.AccessLevel; import lombok.EqualsAndHashCode; import lombok.Getter; +import lombok.NoArgsConstructor; import java.util.Objects; import java.util.UUID; @@ -11,6 +13,7 @@ import java.util.UUID; @EqualsAndHashCode(callSuper=false) @Getter @Entity +@NoArgsConstructor(access = AccessLevel.PROTECTED) public class ComponentResult extends AbstractEntity { private UUID certificateId; @@ -19,12 +22,6 @@ public class ComponentResult extends AbstractEntity { private String actual; private boolean mismatched; - /** - * Hibernate default constructor - */ - protected ComponentResult() { - } - public ComponentResult(final UUID certificateId, final int componentHash, final String expected, final String actual) { this.certificateId = certificateId; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java index abacdbfc..82ee1c20 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java @@ -10,10 +10,9 @@ import lombok.AccessLevel; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.NoArgsConstructor; +import lombok.extern.log4j.Log4j2; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; import org.bouncycastle.asn1.ASN1ApplicationSpecific; import org.bouncycastle.asn1.ASN1BitString; import org.bouncycastle.asn1.ASN1Boolean; @@ -63,6 +62,7 @@ import java.util.Set; * * trustedcomputinggroup.org/wp-content/uploads/Credential_Profiles_V1.2_Level2_Revision8.pdf */ +@Log4j2 @EqualsAndHashCode(callSuper = false) @NoArgsConstructor(access= AccessLevel.PROTECTED) @Entity @@ -105,8 +105,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { // number of extra bytes potentially present in a cert header. private static final int EK_CERT_HEADER_BYTE_COUNT = 7; - private static final Logger LOG = LogManager.getLogger(EndorsementCredential.class); - /** * This class enables the retrieval of EndorsementCredential by their attributes. */ @@ -227,8 +225,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { @Transient private Map parsedFields; - private static final Logger LOGGER = LogManager.getLogger(EndorsementCredential.class); - /** * Construct a new EndorsementCredential given its binary contents. The given * certificate should represent either an X509 certificate or X509 attribute certificate. @@ -260,7 +256,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { * @return the EC if a valid credential, null otherwise */ public static EndorsementCredential parseWithPossibleHeader(final byte[] certificateBytes) { - try { // first, attempt parsing as is return new EndorsementCredential(certificateBytes); @@ -272,7 +267,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } } - LOG.debug("Attempting parse after removing extra header bytes"); + log.debug("Attempting parse after removing extra header bytes"); try { byte[] truncatedBytes = ArrayUtils.subarray( certificateBytes, EK_CERT_HEADER_BYTE_COUNT, @@ -341,13 +336,13 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { value = entry.getValue(); if (oid.equals(TPM_MODEL)) { model = value.toString(); - LOGGER.debug("Found TPM Model: " + model); + log.debug("Found TPM Model: " + model); } else if (oid.equals(TPM_VERSION)) { version = value.toString(); - LOGGER.debug("Found TPM Version: " + version); + log.debug("Found TPM Version: " + version); } else if (oid.equals(TPM_MANUFACTURER)) { manufacturer = value.toString(); - LOGGER.debug("Found TPM Manufacturer: " + manufacturer); + log.debug("Found TPM Manufacturer: " + manufacturer); } } } @@ -392,7 +387,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { ASN1Integer revision = (ASN1Integer) seq.getObjectAt(ASN1_REV_INDEX); tpmSpecification = new TPMSpecification(family.getString(), level.getValue(), revision.getValue()); - LOGGER.debug("Found TPM Spec:" + tpmSpecification.toString()); + log.debug("Found TPM Spec:" + tpmSpecification.toString()); } else if (addToMapping && key.equals(TPM_SECURITY_ASSERTIONS)) { // Parse TPM Security Assertions int seqPosition = 0; @@ -420,7 +415,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { tpmSecurityAssertions = new TPMSecurityAssertions(ver.getValue(), fieldUpgradeable.isTrue()); - LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); + log.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); // Iterate through remaining fields to set optional attributes int tag; DERTaggedObject obj; @@ -536,7 +531,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { while (setContents.hasMoreElements()) { subComp = (ASN1Encodable) setContents.nextElement(); if (subComp instanceof ASN1ObjectIdentifier) { - LOGGER.warn("OID in top level of ASN1Set"); + log.warn("OID in top level of ASN1Set"); } parseSingle((ASN1Primitive) subComp, addToMapping, key); } @@ -646,7 +641,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } else { // there are some deprecated types that we don't parse - LOGGER.error("Unparsed type: " + component.getClass()); + log.error("Unparsed type: " + component.getClass()); } } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java index 30babffc..3cc3edbc 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java @@ -7,7 +7,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Plat import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2; -import hirs.attestationca.persist.service.CertificateService; +import hirs.attestationca.persist.service.CertificateServiceImpl; import hirs.attestationca.persist.service.selector.CertificateSelector; import jakarta.persistence.Column; import jakarta.persistence.Entity; @@ -133,13 +133,13 @@ public class PlatformCredential extends DeviceAssociatedCertificate { */ public static class Selector extends CertificateSelector { /** - * Construct a new CertificateSelector that will use the given {@link CertificateService} to + * Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to * retrieve one or many PlatformCredentials. * - * @param certificateManager the certificate manager to be used to retrieve certificates + * @param certificateService the certificate manager to be used to retrieve certificates */ - public Selector(final CertificateService certificateManager) { - super(certificateManager, PlatformCredential.class); + public Selector(final CertificateServiceImpl certificateService) { + super(certificateService, PlatformCredential.class); } /** @@ -275,11 +275,11 @@ public class PlatformCredential extends DeviceAssociatedCertificate { /** * Get a Selector for use in retrieving PlatformCredentials. * - * @param certMan the CertificateManager to be used to retrieve persisted certificates + * @param certificateService the CertificateManager to be used to retrieve persisted certificates * @return a PlatformCredential.Selector instance to use for retrieving certificates */ - public static Selector select(final CertificateService certMan) { - return new Selector(certMan); + public static Selector select(final CertificateServiceImpl certificateService) { + return new Selector(certificateService); } /** diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java index a57b6007..56e0b122 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java @@ -211,7 +211,7 @@ public class ComponentClass { for (Member member : components) { typeID = verifyComponentValue(member.getName()); - if (component.equals(typeID)) { + if (component.equalsIgnoreCase(typeID)) { componentStr = member.getValue().asString(); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index 14f4714c..92436ed8 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; -import hirs.attestationca.persist.service.ReferenceManifestService; import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import hirs.attestationca.persist.service.selector.ReferenceManifestSelector; import hirs.utils.SwidResource; @@ -26,8 +25,7 @@ import lombok.AccessLevel; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; +import lombok.extern.log4j.Log4j2; import javax.xml.namespace.QName; import javax.xml.validation.Schema; @@ -44,13 +42,12 @@ import java.util.Map; /** * */ +@Log4j2 @Getter @Setter @NoArgsConstructor(access = AccessLevel.PROTECTED) @Entity public class BaseReferenceManifest extends ReferenceManifest { - - private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class); /** * Holds the name of the 'base64Hash' field. */ @@ -107,7 +104,7 @@ public class BaseReferenceManifest extends ReferenceManifest { * @param referenceManifestManager the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestService referenceManifestManager) { + public Selector(final ReferenceManifestServiceImpl referenceManifestManager) { super(referenceManifestManager, BaseReferenceManifest.class); } @@ -227,7 +224,7 @@ public class BaseReferenceManifest extends ReferenceManifest { this.base64Hash = Base64.getEncoder().encodeToString( digest.digest(rimBytes)); } catch (NoSuchAlgorithmException noSaEx) { - LOGGER.error(noSaEx); + log.error(noSaEx); } // begin parsing valid swid tag @@ -350,7 +347,7 @@ public class BaseReferenceManifest extends ReferenceManifest { * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestService rimMan) { + public static Selector select(final ReferenceManifestServiceImpl rimMan) { return new Selector(rimMan); } @@ -367,7 +364,7 @@ public class BaseReferenceManifest extends ReferenceManifest { JAXBElement jaxbe = unmarshallSwidTag(fileStream); SoftwareIdentity swidTag = (SoftwareIdentity) jaxbe.getValue(); - LOGGER.info(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s", + log.debug(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s", swidTag.getName(), swidTag.getTagId(), SCHEMA_STATEMENT)); return swidTag; } @@ -397,7 +394,7 @@ public class BaseReferenceManifest extends ReferenceManifest { } } catch (IOException ioEx) { - LOGGER.error("Failed to parse Swid Tag bytes.", ioEx); + log.error("Failed to parse Swid Tag bytes.", ioEx); } } @@ -425,16 +422,16 @@ public class BaseReferenceManifest extends ReferenceManifest { unmarshaller.setSchema(schema); jaxbe = (JAXBElement) unmarshaller.unmarshal(stream); } catch (UnmarshalException umEx) { - LOGGER.error(String.format("Error validating swidtag file!%n%s%n%s", + log.error(String.format("Error validating swidtag file!%n%s%n%s", umEx.getMessage(), umEx.toString())); for (StackTraceElement ste : umEx.getStackTrace()) { - LOGGER.error(ste.toString()); + log.error(ste.toString()); } } catch (IllegalArgumentException iaEx) { - LOGGER.error("Input file empty."); + log.error("Input file empty."); } catch (JAXBException jaxEx) { for (StackTraceElement ste : jaxEx.getStackTrace()) { - LOGGER.error(ste.toString()); + log.error(ste.toString()); } } @@ -463,27 +460,30 @@ public class BaseReferenceManifest extends ReferenceManifest { public final List parseResource(final ResourceCollection rc) { List resources = new ArrayList<>(); + log.error("Parsing stuff"); try { if (rc != null) { for (Meta meta : rc.getDirectoryOrFileOrProcess()) { - if (meta != null) { - if (meta instanceof Directory) { - Directory directory = (Directory) meta; - for (FilesystemItem fsi : directory.getDirectoryOrFile()) { - if (fsi != null) { - resources.add(new SwidResource( - (File) fsi, null)); - } + if (meta instanceof Directory) { + Directory directory = (Directory) meta; + for (FilesystemItem fsi : directory.getDirectoryOrFile()) { + if (fsi != null) { + resources.add(new SwidResource( + (File) fsi, null)); + } else { + log.error("fsi is negative"); } - } else if (meta instanceof File) { - resources.add(new SwidResource((File) meta, null)); } + } else if (meta instanceof File) { + resources.add(new SwidResource((File) meta, null)); } } + } else { + log.error("ResourceCollection is negative"); } } catch (ClassCastException ccEx) { - LOGGER.error(ccEx); - LOGGER.error("At this time, the code does not support the " + log.error(ccEx); + log.error("At this time, the code does not support the " + "particular formatting of this SwidTag's Payload."); } @@ -495,7 +495,7 @@ public class BaseReferenceManifest extends ReferenceManifest { return String.format("ReferenceManifest{swidName=%s," + "platformManufacturer=%s," + " platformModel=%s," - + "tagId=%s, rimHash=%s}", + + "tagId=%s, base64Hash=%s}", swidName, this.getPlatformManufacturer(), this.getPlatformModel(), getTagId(), this.getBase64Hash()); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java index d62a89e6..b3987b29 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java @@ -3,7 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.enums.AppraisalStatus; -import hirs.attestationca.persist.service.ReferenceManifestService; +import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import hirs.attestationca.persist.service.selector.ReferenceManifestSelector; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; @@ -53,7 +53,7 @@ public class EventLogMeasurements extends ReferenceManifest { * @param referenceManifestManager the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestService referenceManifestManager) { + public Selector(final ReferenceManifestServiceImpl referenceManifestManager) { super(referenceManifestManager, EventLogMeasurements.class, false); } @@ -142,7 +142,7 @@ public class EventLogMeasurements extends ReferenceManifest { * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestService rimMan) { + public static Selector select(final ReferenceManifestServiceImpl rimMan) { return new Selector(rimMan); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java index a5ada73f..07204929 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java @@ -2,7 +2,7 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; -import hirs.attestationca.persist.service.ReferenceManifestService; +import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import hirs.attestationca.persist.service.selector.ReferenceManifestSelector; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; @@ -48,7 +48,7 @@ public class SupportReferenceManifest extends ReferenceManifest { * @param referenceManifestManager the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestService referenceManifestManager) { + public Selector(final ReferenceManifestServiceImpl referenceManifestManager) { super(referenceManifestManager, SupportReferenceManifest.class); } @@ -150,7 +150,7 @@ public class SupportReferenceManifest extends ReferenceManifest { * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestService rimMan) { + public static Selector select(final ReferenceManifestServiceImpl rimMan) { return new Selector(rimMan); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateServiceImpl.java index 7320ab3e..1288dc78 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateServiceImpl.java @@ -1,45 +1,35 @@ package hirs.attestationca.persist.service; +import hirs.attestationca.persist.DBManagerException; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.service.selector.CertificateSelector; -import jakarta.persistence.EntityManager; +import lombok.NoArgsConstructor; +import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.domain.Sort; import org.springframework.stereotype.Service; -import java.util.List; import java.util.Set; import java.util.UUID; +@Log4j2 +@NoArgsConstructor @Service -public class CertificateServiceImpl extends DefaultDbService implements CertificateService { +public class CertificateServiceImpl extends DefaultDbService { - @Autowired(required = false) - private EntityManager entityManager; +// @PersistenceContext // I'll need this if I want to make custom native calls +// private EntityManager entityManager; @Autowired - private CertificateRepository repository; + private CertificateRepository certificateRepository; - @Override - public Certificate saveCertificate(Certificate certificate) { - return repository.save(certificate); - } - - @Override - @SuppressWarnings("unchecked") - public List fetchCertificates(Class classType) { - return (List) repository.findAll(Sort.sort(classType)); - } - - @Override - public Certificate updateCertificate(Certificate certificate, UUID certificateId) { - return saveCertificate(certificate); - } - - @Override - public Certificate updateCertificate(Certificate certificate) { - return saveCertificate(certificate); + /** + * Default Constructor. + */ + public CertificateServiceImpl(final Class clazz) { + super(clazz); + this.defineRepository(certificateRepository); } /** @@ -73,13 +63,29 @@ public class CertificateServiceImpl extends DefaultDbServ return null; } + /** - * Remove a certificate from the database. + * Archives the named object and updates it in the database. * - * @param certificate the certificate to delete - * @return true if deletion was successful, false otherwise + * @param id UUID of the object to archive + * @return true if the object was successfully found and archived, false if the object was not + * found + * @throws hirs.attestationca.persist.DBManagerException if the object is not an instance of ArchivableEntity */ - public void deleteCertificate(final Certificate certificate) { - repository.delete(certificate); + public final boolean archive(final UUID id) throws DBManagerException { + log.debug("archiving object: {}", id); + if (id == null) { + log.debug("null id argument"); + return false; + } + + T target = get(id); + if (target == null) { + return false; + } + + ((ArchivableEntity) target).archive(); + this.certificateRepository.save(target); + return true; } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DefaultDbService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DefaultDbService.java index 577928fc..f98f003c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DefaultDbService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DefaultDbService.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.service; import hirs.attestationca.persist.DBManagerException; -import hirs.attestationca.persist.entity.ArchivableEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import lombok.NoArgsConstructor; @@ -24,7 +24,7 @@ import java.util.Map; @Log4j2 @Service @NoArgsConstructor -public class DefaultDbService extends HibernateDbService { +public class DefaultDbService { /** * The default maximum number of retries to attempt a database transaction. */ @@ -49,10 +49,29 @@ public class DefaultDbService extends HibernateDbSer * unfortunately class type of T cannot be determined using only T */ public DefaultDbService(final Class clazz) { - super(clazz, null); setRetryTemplate(); } + public void defineRepository(final JpaRepository repository) { + this.repository = repository; + } + + public List listAll() { + return this.repository.findAll(); + } + + public void save(final T entity) { + this.repository.save(entity); + } + + public void delete(final T entity) { + this.repository.delete(entity); + } + + public void delete(final UUID id) { + this.repository.deleteById(id); + } + /** * Set the parameters used to retry database transactions. The retry template will * retry transactions that throw a LockAcquisitionException or StaleObjectStateException. @@ -167,33 +186,4 @@ public class DefaultDbService extends HibernateDbSer return clazz.cast(entity); } - - /** - * Archives the named object and updates it in the database. - * - * @param name name of the object to archive - * @return true if the object was successfully found and archived, false if the object was not - * found - * @throws DBManagerException if the object is not an instance of ArchivableEntity - */ -// @Override -// public final boolean archive(final String name) throws DBManagerException { -// log.debug("archiving object: {}", name); -// if (name == null) { -// log.debug("null name argument"); -// return false; -// } -// -// T target = get(name); -// if (target == null) { -// return false; -// } -// if (!(target instanceof ArchivableEntity)) { -// throw new DBManagerException("unable to archive non-archivable object"); -// } -// -// ((ArchivableEntity) target).archive(); -// repository.save(target); -// return true; -// } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DeviceServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DeviceServiceImpl.java index 705e934e..ecd2df77 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DeviceServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/DeviceServiceImpl.java @@ -12,9 +12,9 @@ import java.util.List; * https://github.com/darrachequesne/spring-data-jpa-datatables */ @Service -public class DeviceServiceImpl { +public class DeviceServiceImpl extends DefaultDbService { - @Autowired(required = false) + @Autowired private EntityManager entityManager; @Autowired private DeviceRepository deviceRepository; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceDigestValueServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceDigestValueServiceImpl.java index 52fa1502..cd44bd8e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceDigestValueServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceDigestValueServiceImpl.java @@ -1,11 +1,8 @@ package hirs.attestationca.persist.service; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; -import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.jpa.datatables.mapping.DataTablesInput; -import org.springframework.data.jpa.datatables.mapping.DataTablesOutput; import org.springframework.stereotype.Service; import java.util.LinkedList; @@ -13,52 +10,12 @@ import java.util.List; import java.util.UUID; @Service -public class ReferenceDigestValueServiceImpl extends DefaultDbService implements ReferenceDigestValueService { +public class ReferenceDigestValueServiceImpl extends DefaultDbService { @Autowired private ReferenceDigestValueRepository repository; - @Override - public ReferenceDigestValue saveReferenceDigestValue(ReferenceDigestValue referenceDigestValue) { - return repository.save(referenceDigestValue); - } - - public List findAll() { - return repository.findAll(); - } - - @Override - public List fetchDigestValues() { - return repository.findAll(); - } - - @Override - public ReferenceDigestValue updateRefDigestValue(ReferenceDigestValue referenceDigestValue, UUID rdvId) { - return saveReferenceDigestValue(referenceDigestValue); - } - - public ReferenceDigestValue updateRefDigestValue(ReferenceDigestValue referenceDigestValue) { - if (referenceDigestValue.getId() != null) { - return updateRefDigestValue(referenceDigestValue, referenceDigestValue.getId()); - } - return null; - } - - public List getValuesByRimId(ReferenceManifest baseRim) { - List results = new LinkedList<>(); - if (baseRim != null) { - for (ReferenceDigestValue rdv : repository.findAll()) { - if (rdv.getBaseRimId() == baseRim.getId()) { - results.add(rdv); - } - } - } - - return results; - } - - @Override - public void deleteRefDigestValueById(UUID rdvId) { - repository.getReferenceById(rdvId).archive(); + public List getValuesByRimId(final UUID baseId) { + return new LinkedList<>(); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceManifestServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceManifestServiceImpl.java index 6baf680e..11592bfe 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceManifestServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ReferenceManifestServiceImpl.java @@ -3,13 +3,13 @@ package hirs.attestationca.persist.service; import hirs.attestationca.persist.CriteriaModifier; import hirs.attestationca.persist.DBManagerException; import hirs.attestationca.persist.FilteredRecordsList; +import hirs.attestationca.persist.OrderedListQuerier; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.service.selector.ReferenceManifestSelector; import jakarta.persistence.EntityManager; import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.domain.Sort; import org.springframework.stereotype.Service; import org.xml.sax.SAXException; @@ -20,12 +20,10 @@ import java.io.IOException; import java.io.InputStream; import java.util.List; import java.util.Map; -import java.util.Set; -import java.util.UUID; @Log4j2 @Service -public class ReferenceManifestServiceImpl extends DefaultDbService implements ReferenceManifestService { +public class ReferenceManifestServiceImpl extends DefaultDbService implements OrderedListQuerier { /** * The variable that establishes a schema factory for xml processing. @@ -33,7 +31,7 @@ public class ReferenceManifestServiceImpl extends D public static final SchemaFactory SCHEMA_FACTORY = SchemaFactory.newInstance(ReferenceManifest.SCHEMA_LANGUAGE); - @Autowired(required = false) + @Autowired private EntityManager entityManager; @Autowired @@ -77,29 +75,18 @@ public class ReferenceManifestServiceImpl extends D return schema; } - @Override - public ReferenceManifest saveReferenceManifest(ReferenceManifest referenceManifest) { - return repository.save(referenceManifest); - } - - @Override - public List fetchReferenceManifests() { - return repository.findAll(); - } - /** * This method does not need to be used directly as it is used by * {@link ReferenceManifestSelector}'s get* methods. Regardless, it may be * used to retrieve ReferenceManifest by other code in this package, given a * configured ReferenceManifestSelector. * - * @param referenceManifestSelector a configured * {@link ReferenceManifestSelector} to use for querying * @return the resulting set of ReferenceManifest, possibly empty */ @SuppressWarnings("unchecked") public List get( - Class classType) { + final ReferenceManifestSelector referenceManifestSelector) { log.info("Getting the full set of Reference Manifest files."); // return new HashSet<>( // (List) getWithCriteria( @@ -107,22 +94,7 @@ public class ReferenceManifestServiceImpl extends D // Collections.singleton(referenceManifestSelector.getCriterion()) // ) // ); - return (List) repository.findAll(Sort.sort(classType)); - } - - @Override - public ReferenceManifest updateReferenceManifest(ReferenceManifest referenceManifest, UUID rimId) { - return null; - } - - @Override - public void deleteReferenceManifestById(UUID rimId) { - repository.deleteById(rimId); - } - - @Override - public Set get(ReferenceManifestSelector referenceManifestSelector) { - return null; + return (List) repository.findAll(); } @Override @@ -130,7 +102,7 @@ public class ReferenceManifestServiceImpl extends D String columnToOrder, boolean ascending, int firstResult, int maxResults, String search, Map searchableColumns) throws DBManagerException { - return null; + return new FilteredRecordsList(); } @Override @@ -139,6 +111,6 @@ public class ReferenceManifestServiceImpl extends D int firstResult, int maxResults, String search, Map searchableColumns, CriteriaModifier criteriaModifier) throws DBManagerException { - return null; + return new FilteredRecordsList<>(); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java index 0bb287e0..bd7b9668 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java @@ -1,5 +1,6 @@ package hirs.attestationca.persist.service; +import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.SupplyChainValidationRepository; import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; @@ -9,7 +10,6 @@ import hirs.utils.BouncyCastleUtils; import lombok.extern.log4j.Log4j2; import org.bouncycastle.util.encoders.Hex; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; import java.io.IOException; import java.security.KeyStore; @@ -18,43 +18,22 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.Collections; import java.util.HashSet; +import java.util.LinkedList; import java.util.List; import java.util.Set; -import java.util.UUID; -import java.util.stream.Collectors; @Log4j2 -@Service -public class SupplyChainValidationServiceImpl extends DefaultDbService implements SupplyChainValidationService { +//@Service +public class SupplyChainValidationServiceImpl extends DefaultDbService { @Autowired SupplyChainValidationRepository repository; @Autowired - private CertificateService certificateService; + private CertificateRepository certificateRepository; - public SupplyChainValidationServiceImpl(final CertificateService certificateService) { + public SupplyChainValidationServiceImpl(final CertificateRepository certificateRepository) { super(); - this.certificateService = certificateService; - } - - @Override - public SupplyChainValidation saveSupplyChainValidation(SupplyChainValidation supplyChainValidation) { - return repository.save(supplyChainValidation); - } - - @Override - public List fetchSupplyChainValidations() { - return repository.findAll(); - } - - @Override - public SupplyChainValidation updateSupplyChainValidation(SupplyChainValidation supplyChainValidation, UUID scvId) { - return null; - } - - @Override - public void deleteSupplyChainValidation(UUID scvId) { - repository.deleteById(scvId); + this.certificateRepository = certificateRepository; } /** @@ -111,28 +90,23 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService previouslyQueriedSubjects) { CertificateAuthorityCredential skiCA = null; - Set certAuthsWithMatchingIssuer = new HashSet<>(); + List certAuthsWithMatchingIssuer = new LinkedList<>(); if (credential.getAuthorityKeyIdentifier() != null && !credential.getAuthorityKeyIdentifier().isEmpty()) { byte[] bytes = Hex.decode(credential.getAuthorityKeyIdentifier()); - skiCA = CertificateAuthorityCredential - .select(certificateService) - .bySubjectKeyIdentifier(bytes).getCertificate(); + skiCA = (CertificateAuthorityCredential) certificateRepository.findBySubjectKeyIdentifier(bytes); } if (skiCA == null) { if (credential.getIssuerSorted() == null || credential.getIssuerSorted().isEmpty()) { - certAuthsWithMatchingIssuer = CertificateAuthorityCredential - .select(certificateService) - .bySubject(credential.getHolderIssuer()) - .getCertificates(); + certAuthsWithMatchingIssuer = certificateRepository.findBySubject(credential.getHolderIssuer(), + "CertificateAuthorityCredential"); } else { //Get certificates by subject organization - certAuthsWithMatchingIssuer = CertificateAuthorityCredential - .select(certificateService) - .bySubjectSorted(credential.getIssuerSorted()) - .getCertificates(); + certAuthsWithMatchingIssuer = certificateRepository.findBySubjectSorted(credential.getIssuerSorted(), + "CertificateAuthorityCredential"); + } } else { certAuthsWithMatchingIssuer.add(skiCA); @@ -171,10 +145,8 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService chainCertificates = PlatformCredential - .select(certificateService) - .byBoardSerialNumber(platformSerialNumber) - .getCertificates().stream().collect(Collectors.toList()); + List chainCertificates = certificateRepository + .byBoardSerialNumber(platformSerialNumber); for (PlatformCredential pc : chainCertificates) { if (baseCredential != null && pc.isPlatformBase()) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java index 2c5dac16..bc8f3c9a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java @@ -2,7 +2,6 @@ package hirs.attestationca.persist.service.selector; import com.google.common.base.Preconditions; import hirs.attestationca.persist.entity.userdefined.Certificate; -import hirs.attestationca.persist.service.CertificateService; import hirs.attestationca.persist.service.CertificateServiceImpl; import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; @@ -77,7 +76,7 @@ import java.util.UUID; */ public abstract class CertificateSelector { - private final CertificateService certificateManager; + private final CertificateServiceImpl certificateService; private final Class certificateClass; private final Map fieldValueSelections; @@ -87,28 +86,28 @@ public abstract class CertificateSelector { * Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl} to * retrieve certificates of the given type. * - * @param certificateManager the certificate manager to be used to retrieve certificates + * @param certificateService the certificate manager to be used to retrieve certificates * @param certificateClass the class of certificate to be retrieved */ public CertificateSelector( - final CertificateService certificateManager, + final CertificateServiceImpl certificateService, final Class certificateClass) { - this(certificateManager, certificateClass, true); + this(certificateService, certificateClass, true); } /** - * Construct a new CertificateSelector that will use the given {@link CertificateService} to + * Construct a new CertificateSelector that will use the given {@link CertificateServiceImpl } to * retrieve certificates of the given type. * - * @param certificateManager the certificate manager to be used to retrieve certificates + * @param certificateService the certificate manager to be used to retrieve certificates * @param certificateClass the class of certificate to be retrieved * @param excludeArchivedCertificates true if excluding archived certificates */ public CertificateSelector( - final CertificateService certificateManager, + final CertificateServiceImpl certificateService, final Class certificateClass, final boolean excludeArchivedCertificates) { Preconditions.checkArgument( - certificateManager != null, + certificateService != null, "certificate manager cannot be null" ); @@ -117,7 +116,7 @@ public abstract class CertificateSelector { "type cannot be null" ); - this.certificateManager = certificateManager; + this.certificateService = certificateService; this.certificateClass = certificateClass; this.fieldValueSelections = new HashMap<>(); this.excludeArchivedCertificates = excludeArchivedCertificates; @@ -459,7 +458,7 @@ public abstract class CertificateSelector { // construct and execute query private Set execute() { - return certificateManager.get(this); + return certificateService.get(this); } /** diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java index b110c923..6090fcd9 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java @@ -3,7 +3,7 @@ package hirs.attestationca.persist.service.selector; import com.google.common.base.Preconditions; import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; -import hirs.attestationca.persist.service.ReferenceManifestService; +import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Predicate; @@ -12,16 +12,15 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import java.util.Arrays; -import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; /** * This class is used to select one or many RIMs in conjunction - * with a {@link ReferenceManifestService}. To make use of this object, + * with a {@link ReferenceManifestServiceImpl}. To make use of this object, * use (some ReferenceManifest).select(ReferenceManifestManager). * * @param the type of Reference Integrity Manifest that will be retrieved. @@ -45,7 +44,7 @@ public abstract class ReferenceManifestSelector { public static final String RIM_FILENAME_FIELD = "fileName"; private static final String RIM_TYPE_FIELD = "rimType"; - private final ReferenceManifestService referenceManifestManager; + private final ReferenceManifestServiceImpl referenceManifestManager; private final Class referenceTypeClass; private final Map fieldValueSelections; @@ -57,7 +56,7 @@ public abstract class ReferenceManifestSelector { * @param referenceManifestManager the RIM manager to be used to retrieve RIMs * @param referenceTypeClass the type of Reference Manifest to process. */ - public ReferenceManifestSelector(final ReferenceManifestService referenceManifestManager, + public ReferenceManifestSelector(final ReferenceManifestServiceImpl referenceManifestManager, final Class referenceTypeClass) { this(referenceManifestManager, referenceTypeClass, true); } @@ -69,7 +68,7 @@ public abstract class ReferenceManifestSelector { * @param referenceTypeClass the type of Reference Manifest to process. * @param excludeArchivedRims true if excluding archived RIMs */ - public ReferenceManifestSelector(final ReferenceManifestService referenceManifestManager, + public ReferenceManifestSelector(final ReferenceManifestServiceImpl referenceManifestManager, final Class referenceTypeClass, final boolean excludeArchivedRims) { Preconditions.checkArgument( @@ -164,7 +163,7 @@ public abstract class ReferenceManifestSelector { * @return a matching RIM or null if none is found */ public T getRIM() { - Set rims = execute(); + List rims = execute(); if (rims.isEmpty()) { return null; } @@ -216,8 +215,8 @@ public abstract class ReferenceManifestSelector { } // construct and execute query - private Set execute() { - Set results = this.referenceManifestManager.get(this); + private List execute() { + List results = this.referenceManifestManager.get(this); return results; } diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 0d482ba5..cb8c85c2 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -34,6 +34,7 @@ dependencies { implementation project(':HIRS_AttestationCA') implementation libs.pci + implementation libs.gson implementation libs.bouncycastle implementation libs.guava implementation libs.jakarta.servlet @@ -41,8 +42,10 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-validation' implementation 'org.springframework.boot:spring-boot-starter-data-jpa' - implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1' implementation 'org.projectlombok:lombok' + implementation 'commons-fileupload:commons-fileupload:1.5' + implementation 'org.junit.jupiter:junit-jupiter:5.4.2' + implementation 'org.junit.jupiter:junit-jupiter:5.4.2' compileOnly 'org.projectlombok:lombok' runtimeOnly 'org.mariadb.jdbc:mariadb-java-client' @@ -50,6 +53,8 @@ dependencies { providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat' testImplementation 'org.springframework.boot:spring-boot-starter-test' + testImplementation libs.testng + testImplementation libs.mockito } war { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java index d00522e0..855aea4d 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java @@ -1,19 +1,22 @@ package hirs.attestationca.portal; +import jakarta.servlet.ServletContext; +import jakarta.servlet.ServletException; +import jakarta.servlet.ServletRegistration; import lombok.extern.log4j.Log4j2; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; -import org.springframework.context.annotation.ComponentScan; +import org.springframework.web.context.support.GenericWebApplicationContext; +import org.springframework.web.servlet.DispatcherServlet; import java.util.Collections; @SpringBootApplication @EnableAutoConfiguration @Log4j2 -@ComponentScan({"hirs.attestationca.portal", "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity", "hirs.attestationca.persist.service"}) public class HIRSApplication extends SpringBootServletInitializer { @Override @@ -21,16 +24,24 @@ public class HIRSApplication extends SpringBootServletInitializer { return application.sources(HIRSApplication.class); } + @Override + public void onStartup(ServletContext servletContext) throws ServletException { + ServletRegistration.Dynamic appServlet = servletContext.addServlet("mvc", new DispatcherServlet( + new GenericWebApplicationContext())); + + appServlet.setLoadOnStartup(1); + } + public static void main(String[] args) { SpringApplication springApplication = new SpringApplication(HIRSApplication.class); springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path", "/portal")); springApplication.run(args); - log.debug("Debug log message"); +// log.debug("Debug log message"); log.info("Info log message"); log.error("Error log message"); log.warn("Warn log message"); log.fatal("Fatal log message"); - log.trace("Trace log message"); +// log.trace("Trace log message"); } } \ No newline at end of file diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java index 01cdaf94..d05c1926 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java @@ -1,16 +1,55 @@ package hirs.attestationca.portal; -import hirs.attestationca.persist.service.SettingsServiceImpl; +import hirs.attestationca.persist.PersistenceConfiguration; +import jakarta.servlet.ServletContextEvent; import jakarta.servlet.ServletContextListener; import jakarta.servlet.annotation.WebListener; -import org.springframework.beans.factory.annotation.Autowired; +import lombok.extern.log4j.Log4j2; +import org.springframework.beans.factory.NoSuchBeanDefinitionException; import org.springframework.context.annotation.AnnotationConfigApplicationContext; +import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; +@Log4j2 @WebListener -public class HIRSDbInitializer implements ServletContextListener { +public class HIRSDbInitializer extends AbstractAnnotationConfigDispatcherServletInitializer implements ServletContextListener { + + @Override + public void contextInitialized(final ServletContextEvent servletContextEvent) { + AnnotationConfigApplicationContext applicationContext = new AnnotationConfigApplicationContext(); + applicationContext.getEnvironment().addActiveProfile("Server"); + + +// applicationContext.register(PersistenceConfiguration.class); + try { + applicationContext.refresh(); + + } catch (NoSuchBeanDefinitionException nsbdEx) { + if (log.isDebugEnabled()) { + log.debug("Unable to locate MultipartResolver with name 'multipartResolver': no multipart request handling provided"); + } + } catch (Exception ex) { + log.error("DAVY********************************************************************************"); + log.error(ex.getMessage()); + } + } + + @Override + protected Class [] getRootConfigClasses() { + return new Class[] { + PersistenceJPAConfig.class, PageConfiguration.class, PersistenceConfiguration.class + }; + } + + @Override + protected Class [] getServletConfigClasses() { + return null; + } + + @Override + protected String[] getServletMappings() { + return new String[] { + "/" + }; + } - @Autowired - AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(); - @Autowired - static SettingsServiceImpl settingsService = new SettingsServiceImpl(); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java index d03daf12..a12f2f34 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java @@ -1,6 +1,5 @@ package hirs.attestationca.portal; -import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings; import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; @@ -18,6 +17,10 @@ import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; import org.springframework.transaction.PlatformTransactionManager; import org.springframework.transaction.annotation.EnableTransactionManagement; +import org.springframework.web.multipart.support.StandardServletMultipartResolver; +import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import javax.sql.DataSource; import java.security.cert.X509Certificate; @@ -25,11 +28,12 @@ import java.util.Properties; @Log4j2 @Configuration +@EnableWebMvc @EnableTransactionManagement @PropertySource({ "classpath:hibernate.properties", "classpath:portal.properties" }) -@ComponentScan({ "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity" }) +@ComponentScan({"hirs.attestationca.portal", "hirs.attestationca.portal.page.controllers", "hirs.attestationca.persist.entity"})//, "hirs.attestationca.persist.service"}) @EnableJpaRepositories(basePackages = "hirs.attestationca.persist.entity.manager") -public class PersistenceJPAConfig { +public class PersistenceJPAConfig implements WebMvcConfigurer { @Value("${aca.directories.certificates}") private String certificatesLocation; @@ -50,7 +54,7 @@ public class PersistenceJPAConfig { public LocalContainerEntityManagerFactoryBean entityManagerFactory() { final LocalContainerEntityManagerFactoryBean entityManagerBean = new LocalContainerEntityManagerFactoryBean(); entityManagerBean.setDataSource(dataSource()); - entityManagerBean.setPackagesToScan(new String[] {"hirs.attestationca.persist"}); + entityManagerBean.setPackagesToScan("hirs.attestationca.persist.entity"); JpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter(); entityManagerBean.setJpaVendorAdapter(vendorAdapter); @@ -62,7 +66,8 @@ public class PersistenceJPAConfig { @Bean public DataSource dataSource() { final DriverManagerDataSource dataSource = new DriverManagerDataSource(); - dataSource.setDriverClassName(environment.getProperty("hibernate.connection.driver_class")); + dataSource.setDriverClassName(environment.getProperty("hibernate.connection.driver_class", + "org.mariadb.jdbc.Driver")); dataSource.setUrl(environment.getProperty("hibernate.connection.url")); dataSource.setUsername(environment.getProperty("hibernate.connection.username")); dataSource.setPassword(environment.getProperty("hibernate.connection.password")); @@ -185,10 +190,29 @@ public class PersistenceJPAConfig { return hibernateProperties; } - @Bean(name="default-settings") - public SupplyChainSettings supplyChainSettings() { - SupplyChainSettings scSettings = new SupplyChainSettings("Default", "Settings are configured for no validation flags set."); - - return scSettings; + /** + * Creates a Spring Resolver for Multi-part form uploads. This is required + * for spring controllers to be able to process Spring MultiPartFiles + * + * @return bean to handle multipart form requests + */ + @Bean(name = "multipartResolver") + public StandardServletMultipartResolver multipartResolver() { + StandardServletMultipartResolver resolver = new StandardServletMultipartResolver(); + return resolver; } + +// @Bean(name="default-settings") +// public PolicySettings supplyChainSettings() { +// PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no validation flags set."); +// +// return scSettings; +// } + + + @Override + public void configureDefaultServletHandling(final DefaultServletHandlerConfigurer configurer) { + configurer.enable(); + } + } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java index 29be00da..2e8e7f6b 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java @@ -2,12 +2,13 @@ package hirs.attestationca.portal.datatables; import hirs.attestationca.persist.CriteriaModifier; import hirs.attestationca.persist.FilteredRecordsList; -import hirs.attestationca.persist.OrderedListQuerier; +import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.util.CollectionUtils; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.UUID; /** * A class to adapt the Javascript DataTable java class abstractions to the DBManager's getting @@ -30,7 +31,7 @@ public final class OrderedListQueryDataTableAdapter { * @return the filtered record list */ public static FilteredRecordsList getOrderedList(final Class clazz, - final OrderedListQuerier dbManager, + final JpaRepository dbManager, final DataTableInput dataTableInput, final String orderColumnName) { return getOrderedList(clazz, dbManager, dataTableInput, orderColumnName, null); @@ -47,7 +48,7 @@ public final class OrderedListQueryDataTableAdapter { * @return the filtered record list */ public static FilteredRecordsList getOrderedList(final Class clazz, - final OrderedListQuerier dbManager, + final JpaRepository dbManager, final DataTableInput dataTableInput, final String orderColumnName, final CriteriaModifier criteriaModifier) { @@ -63,10 +64,19 @@ public final class OrderedListQueryDataTableAdapter { isAscending = orders.get(0).isAscending(); } - return dbManager.getOrderedList(clazz, orderColumnName, isAscending, - dataTableInput.getStart(), dataTableInput.getLength(), - dataTableInput.getSearch().getValue(), - searchableColumnMap, criteriaModifier); + //Object that will store query values + FilteredRecordsList filteredRecordsList = new FilteredRecordsList<>(); + + filteredRecordsList.setRecordsTotal(dbManager.count()); + filteredRecordsList.addAll(dbManager.findAll()); + filteredRecordsList.setRecordsFiltered(10); + + return filteredRecordsList; + +// return dbManager.getOrderedList(clazz, orderColumnName, isAscending, +// dataTableInput.getStart(), dataTableInput.getLength(), +// dataTableInput.getSearch().getValue(), +// searchableColumnMap, criteriaModifier); } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java index 219e4982..0c0a6a39 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java @@ -32,6 +32,10 @@ public enum Page { */ ISSUED_CERTIFICATES("Issued Certificates", "ic_library_books", null, "certificate-request/"), + /** + * Page to display certificate validation reports. + */ + VALIDATION_REPORTS("Validation Reports", "ic_assignment", "first"), /** * Non-menu page to display certificate. Reachable from all certificate pages. */ diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java index 4ab1306e..13cf7455 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java @@ -146,7 +146,7 @@ public abstract class PageController

{ if (params != null) { for (Map.Entry e : params.asMap().entrySet()) { - Object v = Optional.ofNullable(e.getValue()).orElse(""); + Object v = Optional.ofNullable(e.getValue()).orElse(null); uri.addParameter(e.getKey(), v.toString()); } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java index dbf8d37a..7fff5afe 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java @@ -1,6 +1,6 @@ package hirs.attestationca.portal.page; -import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings; +import hirs.attestationca.persist.entity.userdefined.PolicySettings; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; @@ -55,7 +55,7 @@ public class PolicyPageModel { * * @param policy The supply chain policy */ - public PolicyPageModel(final SupplyChainSettings policy) { + public PolicyPageModel(final PolicySettings policy) { this.enableEcValidation = policy.isEcValidationEnabled(); this.enablePcCertificateValidation = policy.isPcValidationEnabled(); this.enablePcCertificateAttributeValidation = policy.isPcAttributeValidationEnabled(); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java index 75bef9eb..efeba0bf 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java @@ -1,7 +1,8 @@ package hirs.attestationca.portal.page.controllers; +import hirs.attestationca.persist.entity.manager.CertificateRepository; +import hirs.attestationca.persist.entity.manager.ComponentResultRepository; import hirs.attestationca.portal.page.Page; -import hirs.attestationca.persist.service.CertificateServiceImpl; import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.CertificateDetailsPageParams; @@ -29,16 +30,20 @@ public class CertificateDetailsPageController extends PageController { + @Autowired(required = false) + private EntityManager entityManager; - private final CertificateServiceImpl certificateServiceImpl; private CertificateAuthorityCredential certificateAuthorityCredential; + private final CertificateRepository certificateRepository; private static final String TRUSTCHAIN = "trust-chain"; private static final String PLATFORMCREDENTIAL = "platform-credentials"; @@ -64,22 +80,18 @@ public class CertificatePageController extends PageController { /** * Constructor providing the Page's display and routing specification. * - * @param certificateServiceImpl the certificate manager - // * @param crudManager the CRUD manager for certificates - // * @param acaCertificate the ACA's X509 certificate + * @param certificateRepository the certificate manager +// * @param acaCertificate the ACA's X509 certificate */ @Autowired - public CertificatePageController( - final CertificateServiceImpl certificateServiceImpl//, -// final CrudManager crudManager, + public CertificatePageController(final CertificateRepository certificateRepository // final X509Certificate acaCertificate ) { super(Page.TRUST_CHAIN); - this.certificateServiceImpl = certificateServiceImpl; -// this.dataTableQuerier = crudManager; + this.certificateRepository = certificateRepository; // try { -// certificateAuthorityCredential + certificateAuthorityCredential = null; // = new CertificateAuthorityCredential(acaCertificate.getEncoded()); // } catch (IOException ioEx) { // log.error("Failed to read ACA certificate", ioEx); @@ -132,7 +144,7 @@ public class CertificatePageController extends PageController { mav = getBaseModelAndView(Page.TRUST_CHAIN); // Map with the ACA certificate information data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation( - certificateAuthorityCredential, this.certificateServiceImpl)); + certificateAuthorityCredential, this.certificateRepository)); mav.addObject(ACA_CERT_DATA, data); break; default: @@ -143,6 +155,81 @@ public class CertificatePageController extends PageController { return mav; } + + /** + * Queries for the list of Certificates and returns a data table response + * with the records. + * + * @param certificateType String containing the certificate type + * @param input the DataTables search/query parameters + * @return the data table + */ + @ResponseBody + @RequestMapping(value = "/{certificateType}/list", + produces = MediaType.APPLICATION_JSON_VALUE, + method = RequestMethod.GET) + public DataTableResponse getTableData( + @PathVariable("certificateType") final String certificateType, + final DataTableInput input) { + log.debug("Handling list request: " + input); + + // attempt to get the column property based on the order index. + String orderColumnName = input.getOrderColumnName(); + log.debug("Ordering on column: " + orderColumnName); + + // check that the alert is not archived and that it is in the specified report + CriteriaModifier criteriaModifier = new CriteriaModifier() { + @Override + public void modify(final CriteriaQuery criteriaQuery) { + Session session = entityManager.unwrap(Session.class); + CriteriaBuilder cb = session.getCriteriaBuilder(); + Root rimRoot = criteriaQuery.from(Reference.class); + criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD))); + + // add a device alias if this query includes the device table + // for getting the device (e.g. device name). + // use left join, since device may be null. Query will return all + // Certs of this type, whether it has a Device or not (device field may be null) + if (hasDeviceTableToJoin(certificateType)) { +// criteria.createAlias("device", "device", JoinType.LEFT_OUTER_JOIN); + } + } + }; + + FilteredRecordsList records + = OrderedListQueryDataTableAdapter.getOrderedList( + getCertificateClass(certificateType), this.certificateRepository, + input, orderColumnName, criteriaModifier); + + // special parsing for platform credential + // Add the EndorsementCredential for each PlatformCredential based on the + // serial number. (pc.HolderSerialNumber = ec.SerialNumber) + if (certificateType.equals(PLATFORMCREDENTIAL)) { + EndorsementCredential associatedEC; + + if (!records.isEmpty()) { + // loop all the platform certificates + for (int i = 0; i < records.size(); i++) { + PlatformCredential pc = (PlatformCredential) records.get(i); + // find the EC using the PC's "holder serial number" + associatedEC = (EndorsementCredential) certificateRepository + .byHolderSerialNumber(pc.getHolderSerialNumber(), + "EndorsementCredential"); + + if (associatedEC != null) { + log.debug("EC ID for holder s/n " + pc + .getHolderSerialNumber() + " = " + associatedEC.getId()); + } + + pc.setEndorsementCredential(associatedEC); + } + } + } + + log.debug("Returning list of size: " + records.size()); + return new DataTableResponse<>(records, input); + } + /** * Upload and processes a credential. * @@ -170,8 +257,7 @@ public class CertificatePageController extends PageController { storeCertificate( certificateType, file.getOriginalFilename(), - messages, certificate, - certificateServiceImpl); + messages, certificate); } } @@ -224,7 +310,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(CertificateAuthorityCredential.class), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -256,7 +342,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(PlatformCredential.class), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -288,7 +374,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(IssuedAttestationCertificate.class), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -319,7 +405,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateServiceImpl.fetchCertificates(EndorsementCredential.class), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -350,6 +436,24 @@ public class CertificatePageController extends PageController { return zipOut; } + /** + * Get flag indicating if a device-name join/alias is required for + * displaying the table data. This will be true if displaying a cert that is + * associated with a device. + * + * @param certificateType String containing the certificate type + * @return true if the list criteria modifier requires aliasing the device + * table, false otherwise. + */ + private boolean hasDeviceTableToJoin(final String certificateType) { + boolean hasDevice = true; + // Trust_Chain Credential do not contain the device table to join. + if (certificateType.equals(TRUSTCHAIN)) { + hasDevice = false; + } + return hasDevice; + } + /** * Get the page based on the certificate type. * @@ -366,39 +470,53 @@ public class CertificatePageController extends PageController { }; } + /** + * Gets the concrete certificate class type to query for. + * + * @param certificateType String containing the certificate type + * @return the certificate class type + */ + private static Class getCertificateClass(final String certificateType) { + switch (certificateType) { + case PLATFORMCREDENTIAL: + return PlatformCredential.class; + case ENDORSEMENTCREDENTIAL: + return EndorsementCredential.class; + case ISSUEDCERTIFICATES: + return IssuedAttestationCertificate.class; + case TRUSTCHAIN: + return CertificateAuthorityCredential.class; + default: + throw new IllegalArgumentException( + String.format("Unknown certificate type: %s", certificateType)); + } + } + /** * Gets the certificate by the hash code of its bytes. Looks for both * archived and unarchived certificates. * * @param certificateType String containing the certificate type * @param certificateHash the hash of the certificate's bytes - * @param certificateManager the certificate manager to query * @return the certificate or null if none is found */ private Certificate getCertificateByHash( final String certificateType, - final int certificateHash, - final CertificateService certificateManager) { + final int certificateHash) { switch (certificateType) { case PLATFORMCREDENTIAL: - return PlatformCredential - .select(certificateManager) - .includeArchived() - .byHashCode(certificateHash) - .getCertificate(); + return this.certificateRepository + .findByCertificateHash(certificateHash, + "PlatformCredential"); case ENDORSEMENTCREDENTIAL: -// return EndorsementCredential -// .select(certificateManager) -// .includeArchived() -// .byHashCode(certificateHash) -// .getCertificate(); + return this.certificateRepository + .findByCertificateHash(certificateHash, + "EndorsementCredential"); case TRUSTCHAIN: - return CertificateAuthorityCredential - .select(certificateManager) - .includeArchived() - .byHashCode(certificateHash) - .getCertificate(); + return this.certificateRepository + .findByCertificateHash(certificateHash, + "CertificateAuthorityCredential"); default: return null; } @@ -409,13 +527,11 @@ public class CertificatePageController extends PageController { * * @param certificateType String containing the certificate type * @param serialNumber the platform serial number - * @param certificateManager the certificate manager to query * @return the certificate or null if none is found */ private List getCertificateByBoardSN( final String certificateType, - final String serialNumber, - final CertificateService certificateManager) { + final String serialNumber) { if (serialNumber == null) { return null; @@ -423,10 +539,7 @@ public class CertificatePageController extends PageController { switch (certificateType) { case PLATFORMCREDENTIAL: - return PlatformCredential - .select(certificateManager) - .byBoardSerialNumber(serialNumber) - .getCertificates().stream().collect(Collectors.toList()); + return this.certificateRepository.byBoardSerialNumber(serialNumber); default: return null; } @@ -504,15 +617,13 @@ public class CertificatePageController extends PageController { * be stored * @param messages contains any messages that will be display on the page * @param certificate the certificate to store - * @param certificateManager the DB manager to use * @return the messages for the page */ private void storeCertificate( final String certificateType, final String fileName, final PageMessages messages, - final Certificate certificate, - final CertificateService certificateManager) { + final Certificate certificate) { Certificate existingCertificate; @@ -520,8 +631,7 @@ public class CertificatePageController extends PageController { try { existingCertificate = getCertificateByHash( certificateType, - certificate.getCertificateHash(), - certificateManager); + certificate.getCertificateHash()); } catch (DBServiceException e) { final String failMessage = "Querying for existing certificate failed (" + fileName + "): "; @@ -538,8 +648,7 @@ public class CertificatePageController extends PageController { if (platformCertificate.isPlatformBase()) { List sharedCertificates = getCertificateByBoardSN( certificateType, - platformCertificate.getPlatformSerial(), - certificateManager); + platformCertificate.getPlatformSerial()); if (sharedCertificates != null) { for (PlatformCredential pc : sharedCertificates) { @@ -575,7 +684,7 @@ public class CertificatePageController extends PageController { }**/ } - certificateManager.saveCertificate(certificate); + this.certificateRepository.save(certificate); final String successMsg = String.format("New certificate successfully uploaded (%s): ", fileName); @@ -597,7 +706,7 @@ public class CertificatePageController extends PageController { if (existingCertificate.isArchived()) { existingCertificate.restore(); existingCertificate.resetCreateTime(); - certificateManager.updateCertificate(existingCertificate); + this.certificateRepository.save(existingCertificate); final String successMsg = String.format("Pre-existing certificate " + "found and unarchived (%s): ", fileName); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java index c4dec9c0..5004a608 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java @@ -1,37 +1,47 @@ package hirs.attestationca.portal.page.controllers; +import hirs.attestationca.persist.FilteredRecordsList; +import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.DeviceRepository; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.Device; +import hirs.attestationca.portal.datatables.DataTableInput; +import hirs.attestationca.portal.datatables.DataTableResponse; +import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.Page; -import hirs.attestationca.persist.service.DeviceServiceImpl; import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.params.NoPageParams; +import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.UUID; + +/** + * Controller for the Device page. + */ +@Log4j2 @Controller @RequestMapping("/devices") public class DevicePageController extends PageController { - /** - * https://odrotbohm.de/2013/11/why-field-injection-is-evil/ - * - * Autowiring property vs constructor - */ - private final DeviceServiceImpl deviceServiceImpl; private final DeviceRepository deviceRepository; + private final CertificateRepository certificateRepository; @Autowired - public DevicePageController(DeviceServiceImpl deviceServiceImpl, - DeviceRepository deviceRepository) { + public DevicePageController(final DeviceRepository deviceRepository, + final CertificateRepository certificateRepository) { super(Page.DEVICES); - this.deviceServiceImpl = deviceServiceImpl; this.deviceRepository = deviceRepository; + this.certificateRepository = certificateRepository; } @Override @@ -40,21 +50,100 @@ public class DevicePageController extends PageController { return getBaseModelAndView(); } -// @RequestMapping(value = "list", produces = MediaType.APPLICATION_JSON_VALUE, -// method = RequestMethod.GET) -// public DataTableResponse> getTableData( -// final DataTableInput input) { -// String orderColumnName = input.getOrderColumnName(); -// FilteredRecordsList> record -// = retrieveDevicesAndAssociatedCertificates(deviceList); -// modelMap.put("devices", deviceServiceImpl.retrieveDevices()); -// return new DataTableResponse<>(record, input); -// } + @RequestMapping(value = "/list", produces = MediaType.APPLICATION_JSON_VALUE, + method = RequestMethod.GET) + public DataTableResponse> getTableData( + final DataTableInput input) { + log.debug("Handling request for device list"); + String orderColumnName = input.getOrderColumnName(); + log.info("Ordering on column: " + orderColumnName); + // get all the devices + FilteredRecordsList deviceList = + OrderedListQueryDataTableAdapter.getOrderedList(Device.class, + deviceRepository, input, orderColumnName); - @GetMapping(path="/all") - public @ResponseBody Iterable getAllDevices() { - return deviceRepository.findAll(); + FilteredRecordsList> record + = retrieveDevicesAndAssociatedCertificates(deviceList); + + return new DataTableResponse<>(record, input); + } + + /** + * Returns the list of devices combined with the certificates. + * @param deviceList list containing the devices + * @return a record list after the device and certificate was mapped together. + */ + private FilteredRecordsList> retrieveDevicesAndAssociatedCertificates( + final FilteredRecordsList deviceList) { + FilteredRecordsList> records = new FilteredRecordsList<>(); + // hashmap containing the device-certificate relationship + HashMap deviceCertMap = new HashMap<>(); + Device device; + Certificate certificate; +// +// // parse if there is a Device +// if (!deviceList.isEmpty()) { +// // get a list of Certificates that contains the device IDs from the list +// List certificateList = certificateDBManager.getList( +// Certificate.class, +// RowMutationOperations.Restrictions.in("device.id", getDevicesIds(deviceList).toArray())); +// +// // loop all the devices +// for (int i = 0; i < deviceList.size(); i++) { +// // hashmap containing the list of certificates based on the certificate type +// HashMap> certificatePropertyMap = new HashMap<>(); +// +// device = deviceList.get(i); +// deviceCertMap.put("device", device); +// +// // loop all the certificates and combined the ones that match the ID +// for (int j = 0; j < certificateList.size(); j++) { +// certificate = certificateList.get(j); +// +// // set the certificate if it's the same ID +// if (device.getId().equals( +// ((DeviceAssociatedCertificate) certificate).getDevice().getId())) { +// String certificateId = certificate.getClass().getSimpleName(); +// // create a new list for the certificate type if does not exist +// // else add it to the current certificate type list +// List certificateListFromMap +// = certificatePropertyMap.get(certificateId); +// if (certificateListFromMap != null) { +// certificateListFromMap.add(certificate); +// } else { +// certificatePropertyMap.put(certificateId, +// new ArrayList<>(Collections.singletonList(certificate))); +// } +// } +// } +// +// // add the device-certificate map to the record +// deviceCertMap.putAll(certificatePropertyMap); +// records.add(new HashMap<>(deviceCertMap)); +// deviceCertMap.clear(); +// } +// } + // set pagination values +// records.setRecordsTotal(deviceList.getRecordsTotal()); +// records.setRecordsFiltered(deviceList.getRecordsFiltered()); + return records; + } + + /** + * Returns the list of devices IDs. + * @param deviceList list containing the devices + * @return a list of the devices IDs + */ + private List getDevicesIds(final FilteredRecordsList deviceList) { + List deviceIds = new ArrayList(); + + // loop all the devices + for (int i = 0; i < deviceList.size(); i++) { + deviceIds.add(deviceList.get(i).getId()); + } + + return deviceIds; } } \ No newline at end of file diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java index 2c16fcf2..509a7231 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java @@ -9,6 +9,9 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; +/** + * Controller for the Index page. + */ @Controller @Log4j2 @RequestMapping("/index") @@ -34,9 +37,4 @@ public class IndexPageController extends PageController { return getBaseModelAndView(); } -// @RequestMapping(value = "/", method = RequestMethod.GET) -// public String showIndexPage(ModelMap model) { -// model.put("name", "welcome"); -// return "welcome"; -// } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java index 6e703abd..4e2f4a68 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java @@ -1,7 +1,7 @@ package hirs.attestationca.portal.page.controllers; -import hirs.attestationca.persist.entity.userdefined.SupplyChainSettings; -import hirs.attestationca.persist.service.SettingsServiceImpl; +import hirs.attestationca.persist.entity.manager.PolicyRepository; +import hirs.attestationca.persist.entity.userdefined.PolicySettings; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageMessages; @@ -39,7 +39,7 @@ public class PolicyPageController extends PageController { private static final String ENABLED_EXPIRES_PARAMETER_VALUE = "expires"; - private SettingsServiceImpl settingsService; + private final PolicyRepository policyRepository; /** * Model attribute name used by initPage for the initial data passed to the @@ -56,15 +56,15 @@ public class PolicyPageController extends PageController { /** * Constructor. * - * @param policyService the policy service + * @param policyRepository the policy service */ @Autowired - public PolicyPageController(final SettingsServiceImpl policyService) { + public PolicyPageController(final PolicyRepository policyRepository) { super(Page.POLICY); - this.settingsService = policyService; + this.policyRepository = policyRepository; - if (this.settingsService.getByName("Default") == null) { - this.settingsService.saveSettings(new SupplyChainSettings("Default", "Settings are configured for no validation flags set.")); + if (this.policyRepository.findByName("Default") == null) { + this.policyRepository.saveAndFlush(new PolicySettings("Default", "Settings are configured for no validation flags set.")); } } @@ -82,7 +82,7 @@ public class PolicyPageController extends PageController { // get the basic information to render the page ModelAndView mav = getBaseModelAndView(); - SupplyChainSettings policy = getDefaultPolicy(); + PolicySettings policy = getDefaultPolicy(); log.debug(policy); PolicyPageModel pageModel = new PolicyPageModel(policy); mav.addObject(INITIAL_DATA, pageModel); @@ -113,7 +113,7 @@ public class PolicyPageController extends PageController { = ppModel.getPcValidate().equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); // If PC policy setting change results in invalid policy, inform user if (!isPolicyValid(policy.isEcValidationEnabled(), pcValidationOptionEnabled, @@ -164,7 +164,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); // If PC Attribute Validation is enabled without PC Validation, disallow change if (!isPolicyValid(policy.isEcValidationEnabled(), @@ -216,7 +216,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); if (issuedAttestationOptionEnabled) { successMessage = "Attestation Certificate generation enabled."; @@ -260,7 +260,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); if (issuedDevIdOptionEnabled) { successMessage = "DevID Certificate generation enabled."; @@ -312,7 +312,7 @@ public class PolicyPageController extends PageController { } try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); boolean issuedAttestationOptionEnabled = policy.isIssueAttestationCertificate(); @@ -326,7 +326,7 @@ public class PolicyPageController extends PageController { if (generateCertificateEnabled) { numOfDays = ppModel.getExpirationValue(); if (numOfDays == null) { - numOfDays = SupplyChainSettings.TEN_YEARS; + numOfDays = PolicySettings.TEN_YEARS; } } else { numOfDays = policy.getValidityDays(); @@ -382,7 +382,7 @@ public class PolicyPageController extends PageController { } try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); boolean issuedDevIdOptionEnabled = policy.isIssueDevIdCertificate(); @@ -396,7 +396,7 @@ public class PolicyPageController extends PageController { if (generateDevIdCertificateEnabled) { numOfDays = ppModel.getDevIdExpirationValue(); if (numOfDays == null) { - numOfDays = SupplyChainSettings.TEN_YEARS; + numOfDays = PolicySettings.TEN_YEARS; } } else { numOfDays = policy.getDevIdValidityDays(); @@ -452,7 +452,7 @@ public class PolicyPageController extends PageController { } try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); boolean issuedAttestationOptionEnabled = policy.isIssueAttestationCertificate(); @@ -470,7 +470,7 @@ public class PolicyPageController extends PageController { } if (threshold == null || threshold.isEmpty()) { - threshold = SupplyChainSettings.YEAR; + threshold = PolicySettings.YEAR; } policy.setReissueThreshold(threshold); @@ -522,7 +522,7 @@ public class PolicyPageController extends PageController { } try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); boolean issuedDevIdOptionEnabled = policy.isIssueDevIdCertificate(); @@ -540,7 +540,7 @@ public class PolicyPageController extends PageController { } if (threshold == null || threshold.isEmpty()) { - threshold = SupplyChainSettings.YEAR; + threshold = PolicySettings.YEAR; } policy.setDevIdReissueThreshold(threshold); @@ -584,7 +584,7 @@ public class PolicyPageController extends PageController { = ppModel.getEcValidate().equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If PC Validation is enabled without EC Validation, disallow change if (!isPolicyValid(ecValidationOptionEnabled, policy.isPcValidationEnabled(), @@ -636,7 +636,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If firmware is enabled without PC attributes, disallow change if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) { @@ -692,7 +692,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If Ignore IMA is enabled without firmware, disallow change if (ignoreImaOptionEnabled && !policy.isFirmwareValidationEnabled()) { @@ -743,7 +743,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If Ignore TBoot is enabled without firmware, disallow change if (ignoreTbootOptionEnabled && !policy.isFirmwareValidationEnabled()) { @@ -794,7 +794,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If Ignore TBoot is enabled without firmware, disallow change if (ignoreGptOptionEnabled && !policy.isFirmwareValidationEnabled()) { @@ -847,7 +847,7 @@ public class PolicyPageController extends PageController { .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE); try { - SupplyChainSettings policy = getDefaultPolicyAndSetInModel(ppModel, model); + PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model); //If Ignore TBoot is enabled without firmware, disallow change if (ignoreOsEvtOptionEnabled && !policy.isFirmwareValidationEnabled()) { @@ -918,11 +918,11 @@ public class PolicyPageController extends PageController { * * @return The default Supply Chain Policy */ - private SupplyChainSettings getDefaultPolicy() { - SupplyChainSettings defaultSettings = this.settingsService.getByName("Default"); + private PolicySettings getDefaultPolicy() { + PolicySettings defaultSettings = this.policyRepository.findByName("Default"); if (defaultSettings == null) { - defaultSettings = new SupplyChainSettings("Default", "Settings are configured for no validation flags set."); + defaultSettings = new PolicySettings("Default", "Settings are configured for no validation flags set."); } return defaultSettings; } @@ -935,10 +935,10 @@ public class PolicyPageController extends PageController { * @param model the map of string messages to be displayed on the view * @return The default Supply Chain Policy */ - private SupplyChainSettings getDefaultPolicyAndSetInModel( + private PolicySettings getDefaultPolicyAndSetInModel( final PolicyPageModel ppModel, final Map model) { // load the current default policy from the DB - SupplyChainSettings policy = getDefaultPolicy(); + PolicySettings policy = getDefaultPolicy(); // set the data received to be populated back into the form model.put(RESULT_DATA, ppModel); @@ -948,9 +948,9 @@ public class PolicyPageController extends PageController { private void savePolicyAndApplySuccessMessage( final PolicyPageModel ppModel, final Map model, final PageMessages messages, final String successMessage, - final SupplyChainSettings settings) { + final PolicySettings settings) { // save the policy to the DB - settingsService.updateSettings(settings); + policyRepository.saveAndFlush(settings); // Log and set the success message messages.addSuccess(successMessage); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 98554883..62cdfb1e 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -1,17 +1,15 @@ package hirs.attestationca.portal.page.controllers; import hirs.attestationca.persist.DBServiceException; +import hirs.attestationca.persist.entity.manager.CertificateRepository; +import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; +import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; -import hirs.attestationca.persist.service.CertificateService; -import hirs.attestationca.persist.service.ReferenceDigestValueService; -import hirs.attestationca.persist.service.ReferenceDigestValueServiceImpl; -import hirs.attestationca.persist.service.ReferenceManifestService; -import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import hirs.attestationca.persist.service.SupplyChainValidationServiceImpl; import hirs.attestationca.persist.validation.ReferenceManifestValidator; import hirs.attestationca.persist.validation.SupplyChainValidatorException; @@ -41,7 +39,6 @@ import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.UUID; /** @@ -52,28 +49,27 @@ import java.util.UUID; @RequestMapping("/rim-details") public class ReferenceManifestDetailsPageController extends PageController { - private final ReferenceManifestService referenceManifestManager; - private final ReferenceDigestValueService referenceEventManager; - private final CertificateService certificateService; + private final ReferenceManifestRepository referenceManifestRepository; + private final ReferenceDigestValueRepository referenceDigestValueRepository; + private final CertificateRepository certificateRepository; private static final ReferenceManifestValidator RIM_VALIDATOR = new ReferenceManifestValidator(); /** * Constructor providing the Page's display and routing specification. * - * @param referenceManifestManager the reference manifest manager. - * @param referenceEventManager the reference event manager. - * @param certificateService the certificate manager. + * @param referenceManifestRepository the repository for RIM. + * @param referenceDigestValueRepository the reference event manager. + * @param certificateRepository the certificate manager. */ @Autowired - public ReferenceManifestDetailsPageController( - final ReferenceManifestServiceImpl referenceManifestManager, - final ReferenceDigestValueServiceImpl referenceEventManager, - final CertificateService certificateService) { + public ReferenceManifestDetailsPageController(final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository, + final CertificateRepository certificateRepository) { super(Page.RIM_DETAILS); - this.referenceManifestManager = referenceManifestManager; - this.referenceEventManager = referenceEventManager; - this.certificateService = certificateService; + this.referenceManifestRepository = referenceManifestRepository; + this.referenceDigestValueRepository = referenceDigestValueRepository; + this.certificateRepository = certificateRepository; } /** @@ -103,8 +99,10 @@ public class ReferenceManifestDetailsPageController extends PageController getRimDetailInfo(final UUID uuid, - final ReferenceManifestService referenceManifestManager, - final ReferenceDigestValueService referenceEventManager, - final CertificateService certificateManager) + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository, + final CertificateRepository certificateRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); - BaseReferenceManifest bRim = BaseReferenceManifest.select(referenceManifestManager) - .byEntityId(uuid).getRIM(); + BaseReferenceManifest bRim = referenceManifestRepository.getBaseRimEntityById(uuid); if (bRim != null) { - data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateManager)); + data.putAll(getBaseRimInfo(bRim, referenceManifestRepository, certificateRepository)); } - SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager) - .byEntityId(uuid).getRIM(); + SupportReferenceManifest sRim = referenceManifestRepository.getSupportRimEntityById(uuid); if (sRim != null) { - data.putAll(getSupportRimInfo(sRim, referenceManifestManager)); + data.putAll(getSupportRimInfo(sRim, referenceManifestRepository)); } - EventLogMeasurements bios = EventLogMeasurements.select(referenceManifestManager) - .byEntityId(uuid).getRIM(); + EventLogMeasurements bios = referenceManifestRepository.getEventLogRimEntityById(uuid); if (bios != null) { - data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager, - referenceEventManager)); + data.putAll(getMeasurementsRimInfo(bios, referenceManifestRepository, + referenceDigestValueRepository)); } return data; @@ -177,8 +172,8 @@ public class ReferenceManifestDetailsPageController extends PageController getBaseRimInfo( final BaseReferenceManifest baseRim, - final ReferenceManifestService referenceManifestManager, - final CertificateService certificateManager) + final ReferenceManifestRepository referenceManifestRepository, + final CertificateRepository certificateRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); @@ -219,8 +214,7 @@ public class ReferenceManifestDetailsPageController extends PageController certificates = - CertificateAuthorityCredential.select(certificateManager) - .getCertificates(); + List certificates = certificateRepository + .findByAll("CertificateAuthorityCredential"); //Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid data.put("signatureValid", false); for (CertificateAuthorityCredential cert : certificates) { SupplyChainValidationServiceImpl scvsImpl = - new SupplyChainValidationServiceImpl(certificateManager); + new SupplyChainValidationServiceImpl(certificateRepository); KeyStore keystore = scvsImpl.getCaChain(cert); if (RIM_VALIDATOR.validateXmlSignature(cert)) { try { @@ -331,7 +324,7 @@ public class ReferenceManifestDetailsPageController extends PageController getSupportRimInfo( final SupportReferenceManifest support, - final ReferenceManifestService referenceManifestManager) + final ReferenceManifestRepository referenceManifestRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); EventLogMeasurements measurements = null; if (support.getAssociatedRim() == null) { - Set baseRims = BaseReferenceManifest - .select(referenceManifestManager) - .byRimType(ReferenceManifest.BASE_RIM).getRIMs(); + List baseRims = referenceManifestRepository.findAllBaseRims(); + for (BaseReferenceManifest baseRim : baseRims) { if (baseRim != null && baseRim.getAssociatedRim() != null && baseRim.getAssociatedRim().equals(support.getId())) { support.setAssociatedRim(baseRim.getId()); try { - referenceManifestManager.updateReferenceManifest(support, support.getId()); + referenceManifestRepository.save(support); } catch (DBServiceException ex) { log.error("Failed to update Support RIM", ex); } @@ -365,8 +357,8 @@ public class ReferenceManifestDetailsPageController extends PageController getMeasurementsRimInfo( final EventLogMeasurements measurements, - final ReferenceManifestService referenceManifestManager, - final ReferenceDigestValueService referenceEventManager) + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); LinkedList livelogEvents = new LinkedList<>(); @@ -519,10 +511,8 @@ public class ReferenceManifestDetailsPageController extends PageController eventValues = new ArrayList<>(); if (measurements.getDeviceName() != null) { - supports.addAll(SupportReferenceManifest - .select(referenceManifestManager) - .byDeviceName(measurements - .getDeviceName()).getRIMs()); + supports.addAll(referenceManifestRepository.byDeviceName(measurements + .getDeviceName())); for (SupportReferenceManifest support : supports) { if (support.isBaseSupport()) { baseSupport = support; @@ -532,18 +522,14 @@ public class ReferenceManifestDetailsPageController extends PageController { + private static final String LOG_FILE_PATTERN = "([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"; + @Autowired(required = false) private EntityManager entityManager; - private final ReferenceManifestService referenceManifestManager; - private final ReferenceDigestValueService referenceEventManager; + private final FilesStorageService filesStorageService; + private final ReferenceManifestRepository referenceManifestRepository; + private final ReferenceDigestValueRepository referenceDigestValueRepository; /** * Constructor providing the Page's display and routing specification. * - * @param referenceManifestManager the reference manifest manager - * @param referenceEventManager this is the reference event manager + * @param filesStorageService storage services + * @param referenceManifestRepository the reference manifest manager + * @param referenceDigestValueRepository this is the reference event manager */ @Autowired - public ReferenceManifestPageController( - final ReferenceManifestServiceImpl referenceManifestManager, - final ReferenceDigestValueServiceImpl referenceEventManager) { + public ReferenceManifestPageController(final FilesStorageService filesStorageService, + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository) { super(Page.REFERENCE_MANIFESTS); - this.referenceManifestManager = referenceManifestManager; - this.referenceEventManager = referenceEventManager; + this.filesStorageService = filesStorageService; + this.referenceManifestRepository = referenceManifestRepository; + this.referenceDigestValueRepository = referenceDigestValueRepository; } /** @@ -89,12 +121,10 @@ public class ReferenceManifestPageController extends PageController getTableData( @Valid final DataTableInput input) { - log.info("Handling request for summary list: " + input); - -// return this.referenceManifestManager.fetchReferenceManifests(input); + log.debug("Handling request for summary list: " + input); String orderColumnName = input.getOrderColumnName(); - log.debug("Ordering on column: " + orderColumnName); + log.info("Ordering on column: " + orderColumnName); // check that the alert is not archived and that it is in the specified report CriteriaModifier criteriaModifier = new CriteriaModifier() { @@ -105,16 +135,395 @@ public class ReferenceManifestPageController extends PageController rimRoot = criteriaQuery.from(Reference.class); criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD))); -// criteria.add(Restrictions.isNull(Certificate.ARCHIVE_FIELD)); } }; FilteredRecordsList records = OrderedListQueryDataTableAdapter.getOrderedList( ReferenceManifest.class, - referenceManifestManager, + this.referenceManifestRepository, input, orderColumnName, criteriaModifier); log.debug("Returning list of size: " + records.size()); return new DataTableResponse<>(records, input); } + + /** + * Upload and processes a reference manifest(s). + * + * @param files the files to process + * @param attr the redirection attributes + * @return the redirection view + * @throws URISyntaxException if malformed URI + * @throws Exception if malformed URI + */ + @RequestMapping(value = "/upload", method = RequestMethod.POST) + protected RedirectView upload( + @RequestParam("file") final MultipartFile[] files, + final RedirectAttributes attr) throws URISyntaxException, Exception { + Map model = new HashMap<>(); + PageMessages messages = new PageMessages(); + String fileName; + Pattern logPattern = Pattern.compile(LOG_FILE_PATTERN); + Matcher matcher; + boolean supportRIM = false; + List baseRims = new ArrayList<>(); + List supportRims = new ArrayList<>(); + log.info(String.format("Processing %s uploaded files", files.length)); + + // loop through the files + for (MultipartFile file : files) { + fileName = file.getOriginalFilename(); + matcher = logPattern.matcher(fileName); + supportRIM = matcher.matches(); + + //Parse reference manifests + parseRIM(file, supportRIM, messages, baseRims, supportRims); + } + baseRims.stream().forEach((rim) -> { + log.info(String.format("Storing swidtag %s", rim.getFileName())); + this.referenceManifestRepository.save(rim); + }); + supportRims.stream().forEach((rim) -> { + log.info(String.format("Storing event log %s", rim.getFileName())); + this.referenceManifestRepository.save(rim); + }); + + // Prep a map to associated the swidtag payload hash to the swidtag. + // pass it in to update support rims that either were uploaded + // or already exist + // create a map of the supports rims in case an uploaded swidtag + // isn't one to one with the uploaded support rims. + Map updatedSupportRims + = updateSupportRimInfo(referenceManifestRepository.findAllSupportRims()); + + // pass in the updated support rims + // and either update or add the events + processTpmEvents(new ArrayList(updatedSupportRims.values())); + + //Add messages to the model + model.put(MESSAGES_ATTRIBUTE, messages); + + return redirectTo(Page.REFERENCE_MANIFESTS, + new NoPageParams(), model, attr); + } + + /** + * Archives (soft delete) the Reference Integrity Manifest entry. + * + * @param id the UUID of the rim to delete + * @param attr RedirectAttributes used to forward data back to the original + * page. + * @return redirect to this page + * @throws URISyntaxException if malformed URI + */ + @RequestMapping(value = "/delete", method = RequestMethod.POST) + public RedirectView delete(@RequestParam final String id, + final RedirectAttributes attr) throws URISyntaxException { + log.info("Handling request to delete " + id); + + Map model = new HashMap<>(); + PageMessages messages = new PageMessages(); + + try { + ReferenceManifest referenceManifest = getRimFromDb(id); + + if (referenceManifest == null) { + String notFoundMessage = "Unable to locate RIM with ID: " + id; + messages.addError(notFoundMessage); + log.warn(notFoundMessage); + } else { + referenceManifestRepository.delete(referenceManifest); + String deleteCompletedMessage = "RIM successfully deleted"; + messages.addInfo(deleteCompletedMessage); + log.info(deleteCompletedMessage); + + // if support rim, update associated events + if (referenceManifest instanceof SupportReferenceManifest) { + List values = referenceDigestValueRepository + .getValuesByRimId(referenceManifest.getId()); + + for (ReferenceDigestValue value : values) { + referenceDigestValueRepository.delete(value); + } + } + } + } catch (IllegalArgumentException iaEx) { + String uuidError = "Failed to parse ID from: " + id; + messages.addError(uuidError); + log.error(uuidError, iaEx); + } catch (DBManagerException dbmEx) { + String dbError = "Failed to archive cert: " + id; + messages.addError(dbError); + log.error(dbError, dbmEx); + } + + model.put(MESSAGES_ATTRIBUTE, messages); + return redirectTo(Page.REFERENCE_MANIFESTS, new NoPageParams(), model, attr); + } + + /** + * Handles request to download the rim by writing it to the response stream + * for download. + * + * @param id the UUID of the rim to download + * @param response the response object (needed to update the header with the + * file name) + * @throws java.io.IOException when writing to response output stream + */ + @RequestMapping(value = "/download", method = RequestMethod.GET) + public void download(@RequestParam final String id, + final HttpServletResponse response) + throws IOException { + log.info("Handling RIM request to download " + id); + + try { + ReferenceManifest referenceManifest = getRimFromDb(id); + + if (referenceManifest == null) { + String notFoundMessage = "Unable to locate RIM with ID: " + id; + log.warn(notFoundMessage); + // send a 404 error when invalid Reference Manifest + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } else { + StringBuilder fileName = new StringBuilder("filename=\""); + fileName.append(referenceManifest.getFileName()); + // Set filename for download. + response.setHeader("Content-Disposition", "attachment;" + fileName); + response.setContentType("application/octet-stream"); + + // write cert to output stream + response.getOutputStream().write(referenceManifest.getRimBytes()); + } + } catch (IllegalArgumentException ex) { + String uuidError = "Failed to parse ID from: " + id; + log.error(uuidError, ex); + // send a 404 error when invalid certificate + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } + + /** + * Handles request to download bulk of RIMs by writing it to the response stream + * for download in bulk. + * + * @param response the response object (needed to update the header with the + * file name) + * @throws java.io.IOException when writing to response output stream + */ + @RequestMapping(value = "/bulk", method = RequestMethod.GET) + public void bulk(final HttpServletResponse response) + throws IOException { + log.info("Handling request to download all Reference Integrity Manifests"); + String fileName = "rims.zip"; + String zipFileName; + + // Set filename for download. + response.setHeader("Content-Disposition", "attachment; filename=" + fileName); + response.setContentType("application/zip"); + + List referenceManifestList = new LinkedList<>(); + for (ReferenceManifest rim : referenceManifestRepository.findAll()) { + if ((rim instanceof BaseReferenceManifest) + || (rim instanceof SupportReferenceManifest)) { + referenceManifestList.add(rim); + } + } + + try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { + // get all files + for (ReferenceManifest rim : referenceManifestList) { + if (rim.getFileName().isEmpty()) { + zipFileName = ""; + } else { + // configure the zip entry, the properties of the 'file' + zipFileName = rim.getFileName(); + } + ZipEntry zipEntry = new ZipEntry(zipFileName); + zipEntry.setSize((long) rim.getRimBytes().length * Byte.SIZE); + zipEntry.setTime(System.currentTimeMillis()); + zipOut.putNextEntry(zipEntry); + // the content of the resource + StreamUtils.copy(rim.getRimBytes(), zipOut); + zipOut.closeEntry(); + } + zipOut.finish(); + // write cert to output stream + } catch (IllegalArgumentException ex) { + String uuidError = "Failed to parse ID from: "; + log.error(uuidError, ex); + // send a 404 error when invalid certificate + response.sendError(HttpServletResponse.SC_NOT_FOUND); + } + } + + /** + * This method takes the parameter and looks for this information in the + * Database. + * + * @param id of the RIM + * @return the associated RIM from the DB + * @throws IllegalArgumentException + */ + private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException { + UUID uuid = UUID.fromString(id); +// ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager) +// .byEntityId(uuid).getRIM(); +// +// if (rim == null) { +// rim = SupportReferenceManifest.select(referenceManifestManager) +// .byEntityId(uuid).getRIM(); +// } +// +// if (rim == null) { +// rim = EventLogMeasurements.select(referenceManifestManager) +// .byEntityId(uuid).getRIM(); +// } + + return this.referenceManifestRepository.getReferenceById(uuid); + } + + /** + * Takes the rim files provided and returns a {@link ReferenceManifest} + * object. + * + * @param file the provide user file via browser. + * @param supportRIM matcher result + * @param messages the object that handles displaying information to the + * user. + * @param baseRims object to store multiple files + * @param supportRims object to store multiple files + * @return a single or collection of reference manifest files. + */ + private void parseRIM( + final MultipartFile file, final boolean supportRIM, + final PageMessages messages, final List baseRims, + final List supportRims) { + + byte[] fileBytes = new byte[0]; + String fileName = file.getOriginalFilename(); + + // build the manifest from the uploaded bytes + try { + fileBytes = file.getBytes(); + } catch (IOException e) { + final String failMessage + = String.format("Failed to read uploaded file (%s): ", fileName); + log.error(failMessage, e); + messages.addError(failMessage + e.getMessage()); + } + + try { + if (supportRIM) { + supportRims.add(new SupportReferenceManifest(fileName, fileBytes)); + } else { + baseRims.add(new BaseReferenceManifest(fileName, fileBytes)); + } + } catch (IOException ioEx) { + final String failMessage + = String.format("Failed to parse uploaded file (%s): ", fileName); + log.error(failMessage, ioEx); + messages.addError(failMessage + ioEx.getMessage()); + } + } + + private Map updateSupportRimInfo( + final List dbSupportRims) { + SupportReferenceManifest supportRim; + String fileString; + Map updatedSupportRims = new HashMap<>(); + Map hashValues = new HashMap<>(); + for (SupportReferenceManifest support : dbSupportRims) { + hashValues.put(support.getHexDecHash(), support); + } + + for (BaseReferenceManifest dbBaseRim : referenceManifestRepository.findAllBaseRims()) { + for (String supportHash : hashValues.keySet()) { + fileString = new String(dbBaseRim.getRimBytes(), StandardCharsets.UTF_8); + + if (fileString.contains(supportHash)) { + supportRim = hashValues.get(supportHash); + // I have to assume the baseRim is from the database + // Updating the id values, manufacturer, model + if (supportRim != null && !supportRim.isUpdated()) { + supportRim.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); + supportRim.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer()); + supportRim.setPlatformModel(dbBaseRim.getPlatformModel()); + supportRim.setTagId(dbBaseRim.getTagId()); + supportRim.setAssociatedRim(dbBaseRim.getId()); + supportRim.setUpdated(true); + referenceManifestRepository.save(supportRim); + updatedSupportRims.put(supportHash, supportRim); + } + } + } + } + + return updatedSupportRims; + } + + /** + * If the support rim is a supplemental or base, this method looks for the + * original oem base rim to associate with each event. + * @param supportRim assumed db object + * @return reference to the base rim + */ + private ReferenceManifest findBaseRim(final SupportReferenceManifest supportRim) { + if (supportRim != null && (supportRim.getId() != null + && !supportRim.getId().toString().equals(""))) { + List baseRims = this.referenceManifestRepository + .getBaseByManufacturerModel(supportRim.getPlatformManufacturer(), + supportRim.getPlatformModel()); + + for (BaseReferenceManifest base : baseRims) { + if (base.isBase()) { + // there should be only one + return base; + } + } + } + return null; + } + + private void processTpmEvents(final List dbSupportRims) { + List tpmEvents; + TCGEventLog logProcessor = null; + ReferenceManifest baseRim; + ReferenceDigestValue newRdv; + + for (SupportReferenceManifest dbSupport : dbSupportRims) { + // So first we'll have to pull values based on support rim + // get by support rim id NEXT + if (dbSupport.getPlatformManufacturer() != null) { + tpmEvents = referenceDigestValueRepository.getValuesBySupportRimId(dbSupport.getAssociatedRim()); + baseRim = findBaseRim(dbSupport); + if (tpmEvents.isEmpty()) { + try { + logProcessor = new TCGEventLog(dbSupport.getRimBytes()); + for (TpmPcrEvent tpe : logProcessor.getEventList()) { + newRdv = new ReferenceDigestValue(baseRim.getId(), + dbSupport.getId(), dbSupport.getPlatformManufacturer(), + dbSupport.getPlatformModel(), tpe.getPcrIndex(), + tpe.getEventDigestStr(), tpe.getEventTypeStr(), + false, false, true, tpe.getEventContent()); + + this.referenceDigestValueRepository.save(newRdv); + } + } catch (CertificateException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } catch (IOException e) { + e.printStackTrace(); + } + } else { + for (ReferenceDigestValue rdv : tpmEvents) { + if (!rdv.isUpdated()) { + rdv.updateInfo(dbSupport, baseRim.getId()); + this.referenceDigestValueRepository.save(rdv); + } + } + } + } + } + } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java index a8f15e9f..4d3d907a 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java @@ -1,17 +1,27 @@ package hirs.attestationca.portal.page.controllers; +import hirs.attestationca.persist.CriteriaModifier; +import hirs.attestationca.persist.DBManagerException; +import hirs.attestationca.persist.FilteredRecordsList; +import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; +import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; -import hirs.attestationca.persist.service.ReferenceDigestValueService; -import hirs.attestationca.persist.service.ReferenceDigestValueServiceImpl; -import hirs.attestationca.persist.service.ReferenceManifestService; -import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; +import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; +import hirs.attestationca.portal.datatables.DataTableInput; +import hirs.attestationca.portal.datatables.DataTableResponse; +import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.params.NoPageParams; +import jakarta.persistence.EntityManager; +import jakarta.persistence.criteria.CriteriaBuilder; +import jakarta.persistence.criteria.CriteriaQuery; +import jakarta.persistence.criteria.Root; import jakarta.validation.Valid; import lombok.extern.log4j.Log4j2; +import org.hibernate.Session; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.jpa.datatables.mapping.DataTablesInput; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -20,7 +30,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; -import java.util.List; +import java.lang.ref.Reference; /** * Controller for the TPM Events page. @@ -30,21 +40,24 @@ import java.util.List; @RequestMapping("/rim-database") public class RimDatabasePageController extends PageController { - private final ReferenceManifestService referenceManifestManager; - private final ReferenceDigestValueService referenceEventManager; + @Autowired(required = false) + private EntityManager entityManager; + + private final ReferenceDigestValueRepository referenceDigestValueRepository; + private final ReferenceManifestRepository referenceManifestRepository; /** * Constructor providing the Page's display and routing specification. * - * @param referenceManifestManager the ReferenceManifestManager object - * @param referenceEventManager the referenceEventManager object + * @param referenceDigestValueRepository the referenceDigestValueRepository object + * @param referenceManifestRepository the reference manifest manager object */ @Autowired - public RimDatabasePageController(final ReferenceManifestServiceImpl referenceManifestManager, - final ReferenceDigestValueServiceImpl referenceEventManager) { + public RimDatabasePageController(final ReferenceDigestValueRepository referenceDigestValueRepository, + final ReferenceManifestRepository referenceManifestRepository) { super(Page.RIM_DATABASE); - this.referenceManifestManager = referenceManifestManager; - this.referenceEventManager = referenceEventManager; + this.referenceDigestValueRepository = referenceDigestValueRepository; + this.referenceManifestRepository = referenceManifestRepository; } /** @@ -73,50 +86,49 @@ public class RimDatabasePageController extends PageController { @RequestMapping(value = "/list", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET) - public List getTableData( - @Valid final DataTablesInput input) { + public DataTableResponse getTableData( + @Valid final DataTableInput input) { log.info("Handling request for summary list: " + input); - return this.referenceEventManager.fetchDigestValues(); + String orderColumnName = input.getOrderColumnName(); + log.info("Ordering on column: " + orderColumnName); + // check that the alert is not archived and that it is in the specified report + CriteriaModifier criteriaModifier = new CriteriaModifier() { + @Override + public void modify(final CriteriaQuery criteriaQuery) { + Session session = entityManager.unwrap(Session.class); + CriteriaBuilder cb = session.getCriteriaBuilder(); + Root rimRoot = criteriaQuery.from(Reference.class); + criteriaQuery.select(rimRoot).distinct(true).where(cb.isNull(rimRoot.get(Certificate.ARCHIVE_FIELD))); + } + }; -// String orderColumnName = input.getOrderColumnName(); -// log.info("Ordering on column: " + orderColumnName); -// -// // check that the alert is not archived and that it is in the specified report -// CriteriaModifier criteriaModifier = new CriteriaModifier() { -// @Override -// public void modify(final Criteria criteria) { -// criteria.add(Restrictions.isNull(Certificate.ARCHIVE_FIELD)); -// } -// }; -// -// log.info("Querying with the following datatableinput: " + input.toString()); -// -// FilteredRecordsList referenceDigestValues = -// OrderedListQueryDataTableAdapter.getOrderedList( -// ReferenceDigestValue.class, -// referenceEventManager, -// input, orderColumnName, criteriaModifier); -// -// SupportReferenceManifest support; -// for (ReferenceDigestValue rdv : referenceDigestValues) { -// // We are updating the base rim ID field if necessary and -// if (rdv.getBaseRimId() == null) { -// support = SupportReferenceManifest.select(referenceManifestManager) -// .byEntityId(rdv.getSupportRimId()).getRIM(); -// if (support != null) { -// rdv.setBaseRimId(support.getAssociatedRim()); -// try { -// referenceEventManager.updateRefDigestValue(rdv); -// } catch (DBManagerException e) { -// log.error("Failed to update TPM Event with Base RIM ID"); -// log.error(rdv); -// } -// } -// } -// } -// -// return new DataTableResponse<>(referenceDigestValues, input); + log.info("Querying with the following datatableinput: " + input.toString()); + + FilteredRecordsList referenceDigestValues = + OrderedListQueryDataTableAdapter.getOrderedList( + ReferenceDigestValue.class, + referenceDigestValueRepository, + input, orderColumnName, criteriaModifier); + + SupportReferenceManifest support; + for (ReferenceDigestValue rdv : referenceDigestValues) { + // We are updating the base rim ID field if necessary and + if (rdv.getBaseRimId() == null) { + support = (SupportReferenceManifest) referenceManifestRepository.getReferenceById(rdv.getSupportRimId()); + if (support != null) { + rdv.setBaseRimId(support.getAssociatedRim()); + try { + referenceDigestValueRepository.save(rdv); + } catch (DBManagerException e) { + log.error("Failed to update TPM Event with Base RIM ID"); + log.error(rdv); + } + } + } + } + + return new DataTableResponse<>(referenceDigestValues, input); } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java index b5b84130..b5bc8e25 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java @@ -1,16 +1,29 @@ package hirs.attestationca.portal.page.utils; +import hirs.attestationca.persist.entity.manager.CertificateRepository; +import hirs.attestationca.persist.entity.manager.ComponentResultRepository; import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; -import hirs.attestationca.persist.service.CertificateServiceImpl; +import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; +import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; +import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; +import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration; +import hirs.utils.BouncyCastleUtils; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; +import org.bouncycastle.util.encoders.Hex; import java.io.IOException; +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; import java.util.HashMap; -import java.util.HashSet; -import java.util.Set; +import java.util.LinkedList; +import java.util.List; import java.util.UUID; /** @@ -25,13 +38,96 @@ public final class CertificateStringMapBuilder { * Returns the general information. * * @param certificate certificate to get the general information. - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate repository for retrieving certs. * @return a hash map with the general certificate information. */ public static HashMap getGeneralCertificateInfo( - final Certificate certificate, final CertificateServiceImpl certificateServiceImpl) { + final Certificate certificate, final CertificateRepository certificateRepository) { HashMap data = new HashMap<>(); + if (certificate != null) { + data.put("issuer", certificate.getHolderIssuer()); + //Serial number in hex value + data.put("serialNumber", Hex.toHexString(certificate.getSerialNumber().toByteArray())); + if (!certificate.getAuthoritySerialNumber().equals(BigInteger.ZERO)) { + data.put("authSerialNumber", Hex.toHexString(certificate + .getAuthoritySerialNumber().toByteArray())); + } + if (certificate.getId() != null) { + data.put("certificateId", certificate.getId().toString()); + } + data.put("authInfoAccess", certificate.getAuthorityInfoAccess()); + data.put("beginValidity", certificate.getBeginValidity().toString()); + data.put("endValidity", certificate.getEndValidity().toString()); + data.put("signature", Arrays.toString(certificate.getSignature())); + data.put("signatureSize", Integer.toString(certificate.getSignature().length + * Certificate.MIN_ATTR_CERT_LENGTH)); + + if (certificate.getSubject() != null) { + data.put("subject", certificate.getSubject()); + data.put("isSelfSigned", + String.valueOf(certificate.getHolderIssuer().equals(certificate.getSubject()))); + } else { + data.put("isSelfSigned", "false"); + } + + data.put("authKeyId", certificate.getAuthorityKeyIdentifier()); + data.put("crlPoints", certificate.getCrlPoints()); + data.put("signatureAlgorithm", certificate.getSignatureAlgorithm()); + if (certificate.getEncodedPublicKey() != null) { + data.put("encodedPublicKey", + Arrays.toString(certificate.getEncodedPublicKey())); + data.put("publicKeyAlgorithm", certificate.getPublicKeyAlgorithm()); + } + + if (certificate.getPublicKeyModulusHexValue() != null) { + data.put("publicKeyValue", certificate.getPublicKeyModulusHexValue()); + data.put("publicKeySize", String.valueOf(certificate.getPublicKeySize())); + } + + if (certificate.getKeyUsage() != null) { + data.put("keyUsage", certificate.getKeyUsage()); + } + + if (certificate.getExtendedKeyUsage() != null + && !certificate.getExtendedKeyUsage().isEmpty()) { + data.put("extendedKeyUsage", certificate.getExtendedKeyUsage()); + } + + //Get issuer ID if not self signed + if (data.get("isSelfSigned").equals("false")) { + //Get the missing certificate chain for not self sign + Certificate missingCert = containsAllChain(certificate, certificateRepository); + String issuerResult; + + if (missingCert != null) { + data.put("missingChainIssuer", String.format("Missing %s from the chain.", + missingCert.getHolderIssuer())); + } + List certificates = certificateRepository.findBySubjectSorted( + certificate.getIssuerSorted(), "CertificateAuthorityCredential"); + //Find all certificates that could be the issuer certificate based on subject name + for (Certificate issuerCert : certificates) { + try { + //Find the certificate that actually signed this cert + issuerResult = certificate.isIssuer(issuerCert); + if (issuerResult.isEmpty()) { + data.put("issuerID", issuerCert.getId().toString()); + break; + } else { + data.put("issuerID", issuerCert.getId().toString()); + issuerResult = String.format("%s: %s", issuerResult, + issuerCert.getSubject()); + data.put("missingChainIssuer", issuerResult); + break; + } + } catch (IOException e) { + log.error(e); + } + } + } + } + return data; } @@ -44,55 +140,104 @@ public final class CertificateStringMapBuilder { */ public static Certificate containsAllChain( final Certificate certificate, - final CertificateServiceImpl certificateServiceImpl) { - Set issuerCertificates = new HashSet<>(); + final CertificateRepository certificateRepository) { + List issuerCertificates = new LinkedList<>(); CertificateAuthorityCredential skiCA = null; String issuerResult; - return null; + //Check if there is a subject organization + if (certificate.getAuthorityKeyIdentifier() != null + && !certificate.getAuthorityKeyIdentifier().isEmpty()) { + byte[] bytes = Hex.decode(certificate.getAuthorityKeyIdentifier()); + skiCA = (CertificateAuthorityCredential) certificateRepository.findBySubjectKeyIdentifier(bytes); + } else { + log.error(String.format("Certificate (%s) for %s has no authority key identifier.", + certificate.getClass().toString(), certificate.getSubject())); + } + + if (skiCA == null) { + if (certificate.getIssuerSorted() == null + || certificate.getIssuerSorted().isEmpty()) { + //Get certificates by subject + issuerCertificates = certificateRepository.findBySubject(certificate.getIssuer(), + "CertificateAuthorityCredential"); + } else { + //Get certificates by subject organization + issuerCertificates = certificateRepository.findBySubjectSorted(certificate.getIssuerSorted(), + "CertificateAuthorityCredential"); + } + } else { + issuerCertificates.add(skiCA); + } + + for (Certificate issuerCert : issuerCertificates) { + try { + // Find the certificate that actually signed this cert + issuerResult = certificate.isIssuer(issuerCert); + if (issuerResult.isEmpty()) { + //Check if it's root certificate + if (BouncyCastleUtils.x500NameCompare(issuerCert.getIssuerSorted(), + issuerCert.getSubject())) { + return null; + } + return containsAllChain(issuerCert, certificateRepository); + } + } catch (IOException e) { + log.error(e); + return certificate; + } + } + + return certificate; } /** * Returns the Certificate Authority information. * * @param uuid ID for the certificate. - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate manager for retrieving certs. * @return a hash map with the endorsement certificate information. */ public static HashMap getCertificateAuthorityInformation(final UUID uuid, - final CertificateServiceImpl certificateServiceImpl) { -// CertificateAuthorityCredential certificate = -// CertificateAuthorityCredential -// .select(certificateManager) -// .byEntityId(uuid) -// .getCertificate(); + final CertificateRepository certificateRepository) { + CertificateAuthorityCredential certificate = (CertificateAuthorityCredential) certificateRepository.getCertificate(uuid); + String notFoundMessage = "Unable to find Certificate Authority " + "Credential with ID: " + uuid; -// return getCertificateAuthorityInfoHelper(certificateServiceImpl, certificate, notFoundMessage); - return null; + return getCertificateAuthorityInfoHelper(certificateRepository, certificate, notFoundMessage); } /** * Returns the Trust Chain credential information. * * @param certificate the certificate - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate repository for retrieving certs. * @return a hash map with the endorsement certificate information. */ public static HashMap getCertificateAuthorityInformation( final CertificateAuthorityCredential certificate, - final CertificateServiceImpl certificateServiceImpl) { -// return getCertificateAuthorityInfoHelper(certificateManager, certificate, -// "No cert provided for mapping"); - return null; + final CertificateRepository certificateRepository) { + return getCertificateAuthorityInfoHelper(certificateRepository, certificate, + "No cert provided for mapping"); } private static HashMap getCertificateAuthorityInfoHelper( - final CertificateServiceImpl certificateServiceImpl, + final CertificateRepository certificateRepository, final CertificateAuthorityCredential certificate, final String notFoundMessage) { HashMap data = new HashMap<>(); + if (certificate != null) { + data.putAll(getGeneralCertificateInfo(certificate, certificateRepository)); + data.put("subjectKeyIdentifier", + Arrays.toString(certificate.getSubjectKeyIdentifier())); + //x509 credential version + data.put("x509Version", Integer.toString(certificate + .getX509CredentialVersion())); + data.put("credentialType", certificate.getCredentialType()); + } else { + log.error(notFoundMessage); + } return data; } @@ -100,13 +245,40 @@ public final class CertificateStringMapBuilder { * Returns the endorsement credential information. * * @param uuid ID for the certificate. - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate repository for retrieving certs. * @return a hash map with the endorsement certificate information. */ public static HashMap getEndorsementInformation(final UUID uuid, - final CertificateServiceImpl certificateServiceImpl) { + final CertificateRepository certificateRepository) { HashMap data = new HashMap<>(); + EndorsementCredential certificate = (EndorsementCredential) certificateRepository.findById(uuid).get(); + if (certificate != null) { + data.putAll(getGeneralCertificateInfo(certificate, certificateRepository)); + // Set extra fields + data.put("manufacturer", certificate.getManufacturer()); + data.put("model", certificate.getModel()); + data.put("version", certificate.getVersion()); + data.put("policyReference", certificate.getPolicyReference()); + data.put("crlPoints", certificate.getCrlPoints()); + data.put("credentialType", certificate.getCredentialType()); + //x509 credential version + data.put("x509Version", Integer.toString(certificate + .getX509CredentialVersion())); + // Add hashmap with TPM information if available + if (certificate.getTpmSpecification() != null) { + data.putAll( + convertStringToHash(certificate.getTpmSpecification().toString())); + } + if (certificate.getTpmSecurityAssertions() != null) { + data.putAll( + convertStringToHash(certificate.getTpmSecurityAssertions().toString())); + } + } else { + String notFoundMessage = "Unable to find Endorsement Credential " + + "with ID: " + uuid; + log.error(notFoundMessage); + } return data; } @@ -114,16 +286,136 @@ public final class CertificateStringMapBuilder { * Returns the Platform credential information. * * @param uuid ID for the certificate. - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate manager for retrieving certs. * @return a hash map with the endorsement certificate information. * @throws IOException when parsing the certificate * @throws IllegalArgumentException invalid argument on parsing the certificate */ public static HashMap getPlatformInformation(final UUID uuid, - final CertificateServiceImpl certificateServiceImpl) + final CertificateRepository certificateRepository, + final ComponentResultRepository componentResultRepository) throws IllegalArgumentException, IOException { HashMap data = new HashMap<>(); + PlatformCredential certificate = (PlatformCredential) certificateRepository.findById(uuid).get(); + if (certificate != null) { + data.putAll(getGeneralCertificateInfo(certificate, certificateRepository)); + data.put("credentialType", certificate.getCredentialType()); + data.put("platformType", certificate.getPlatformChainType()); + data.put("manufacturer", certificate.getManufacturer()); + data.put("model", certificate.getModel()); + data.put("version", certificate.getVersion()); + data.put("platformSerial", certificate.getPlatformSerial()); + data.put("chassisSerialNumber", certificate.getChassisSerialNumber()); + data.put("platformClass", certificate.getPlatformClass()); + data.put("majorVersion", + Integer.toString(certificate.getMajorVersion())); + data.put("minorVersion", + Integer.toString(certificate.getMinorVersion())); + data.put("revisionLevel", + Integer.toString(certificate.getRevisionLevel())); + data.put("holderSerialNumber", certificate.getHolderSerialNumber() + .toString(Certificate.HEX_BASE) + .replaceAll("(?<=..)(..)", ":$1")); + data.put("holderIssuer", certificate.getHolderIssuer()); + if (certificate.isPlatformBase()) { + EndorsementCredential ekCertificate = (EndorsementCredential) certificateRepository + .findBySerialNumber(certificate.getHolderSerialNumber(), + "EndorsementCredential"); + + if (ekCertificate != null) { + data.put("holderId", ekCertificate.getId().toString()); + } + } else { + if (certificate.getPlatformChainType()!= null + && certificate.getPlatformChainType().equals("Delta")) { + PlatformCredential holderCertificate = (PlatformCredential) certificateRepository + .findBySerialNumber(certificate.getHolderSerialNumber(), + "PlatformCredential"); + + if (holderCertificate != null) { + data.put("holderId", holderCertificate.getId().toString()); + } + } + } + + PlatformCredential prevCertificate = certificateRepository + .byHolderSerialNumber(certificate.getSerialNumber()); + + if (prevCertificate != null) { + data.put("prevCertId", prevCertificate.getId().toString()); + } + + //x509 credential version + data.put("x509Version", certificate.getX509CredentialVersion()); + //CPSuri + data.put("CPSuri", certificate.getCPSuri()); + + if (!certificate.getComponentFailures().isEmpty()) { + data.put("failures", certificate.getComponentFailures()); + HashMap results = new HashMap<>(); + for (ComponentResult componentResult : componentResultRepository.findAll()) { + if (componentResult.getCertificateId() + .equals(certificate.getId())) { + results.put(componentResult.getComponentHash(), + componentResult.getExpected()); + } + } + + data.put("componentResults", results); + data.put("failureMessages", certificate.getComponentFailures()); + } + + //Get platform Configuration values and set map with it + PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration(); + if (platformConfiguration != null) { + //Component Identifier - attempt to translate hardware IDs + List comps = platformConfiguration.getComponentIdentifier(); + if (PciIds.DB.isReady()) { + comps = PciIds.translate(comps); + } + data.put("componentsIdentifier", comps); + //Component Identifier URI + data.put("componentsIdentifierURI", platformConfiguration + .getComponentIdentifierUri()); + //Platform Properties + data.put("platformProperties", platformConfiguration.getPlatformProperties()); + //Platform Properties URI + data.put("platformPropertiesURI", platformConfiguration.getPlatformPropertiesUri()); + } + //TBB Security Assertion + data.put("tbbSecurityAssertion", certificate.getTBBSecurityAssertion()); + + if (certificate.getPlatformSerial() != null) { + // link certificate chain + List chainCertificates = certificateRepository.byBoardSerialNumber(certificate.getPlatformSerial()); + data.put("numInChain", chainCertificates.size()); + Collections.sort(chainCertificates, new Comparator() { + @Override + public int compare(final PlatformCredential obj1, + final PlatformCredential obj2) { + return obj1.getBeginValidity().compareTo(obj2.getBeginValidity()); + } + }); + + data.put("chainCertificates", chainCertificates); + + if (!certificate.isPlatformBase()) { + for (PlatformCredential pc : chainCertificates) { + if (pc.isPlatformBase()) { + if (!pc.getComponentFailures().isEmpty()) { + data.put("failures", pc.getComponentFailures()); + } + break; + } + } + } + } + } else { + String notFoundMessage = "Unable to find Platform Certificate " + + "with ID: " + uuid; + log.error(notFoundMessage); + } return data; } @@ -158,13 +450,66 @@ public final class CertificateStringMapBuilder { * Returns the Issued Attestation Certificate information. * * @param uuid ID for the certificate. - * @param certificateServiceImpl the certificate manager for retrieving certs. + * @param certificateRepository the certificate manager for retrieving certs. * @return a hash map with the endorsement certificate information. */ public static HashMap getIssuedInformation(final UUID uuid, - final CertificateServiceImpl certificateServiceImpl) { + final CertificateRepository certificateRepository) { HashMap data = new HashMap<>(); + IssuedAttestationCertificate certificate = (IssuedAttestationCertificate) certificateRepository.getCertificate(uuid); + if (certificate != null) { + data.putAll(getGeneralCertificateInfo(certificate, certificateRepository)); + + // add endorsement credential ID if not null + if (certificate.getEndorsementCredential() != null) { + EndorsementCredential ek = certificate.getEndorsementCredential(); + data.put("endorsementID", ek.getId().toString()); + // Add hashmap with TPM information if available + if (ek.getTpmSpecification() != null) { + data.putAll( + convertStringToHash(ek.getTpmSpecification().toString())); + } + if (ek.getTpmSecurityAssertions() != null) { + data.putAll( + convertStringToHash(ek.getTpmSecurityAssertions().toString())); + } + + data.put("policyReference", ek.getPolicyReference()); + data.put("crlPoints", ek.getCrlPoints()); + data.put("credentialType", IssuedAttestationCertificate.AIC_TYPE_LABEL); + } + // add platform credential IDs if not empty + if (!certificate.getPlatformCredentials().isEmpty()) { + StringBuilder buf = new StringBuilder(); + for (PlatformCredential pc : certificate.getPlatformCredentials()) { + buf.append(pc.getId().toString()); + buf.append(','); + data.put("manufacturer", pc.getManufacturer()); + data.put("model", pc.getModel()); + data.put("version", pc.getVersion()); + data.put("majorVersion", + Integer.toString(pc.getMajorVersion())); + data.put("minorVersion", + Integer.toString(pc.getMinorVersion())); + data.put("revisionLevel", + Integer.toString(pc.getRevisionLevel())); + data.put("tcgMajorVersion", + Integer.toString(pc.getTcgCredentialMajorVersion())); + data.put("tcgMinorVersion", + Integer.toString(pc.getTcgCredentialMinorVersion())); + data.put("tcgRevisionLevel", + Integer.toString(pc.getTcgCredentialRevisionLevel())); + } + // remove last comma character + buf.deleteCharAt(buf.lastIndexOf(",")); + data.put("platformID", buf.toString()); + } + } else { + String notFoundMessage = "Unable to find Issued Attestation Certificate " + + "with ID: " + uuid; + log.error(notFoundMessage); + } return data; } } diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/tags/page.tag b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/tags/page.tag index 2a614114..bacdde8e 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/tags/page.tag +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/tags/page.tag @@ -40,8 +40,8 @@ - - + + <%-- page-specific style --%> diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/web.xml b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/web.xml index 46d1ca44..f7bf98b6 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/web.xml +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/web.xml @@ -25,13 +25,24 @@ contextClass org.springframework.web.context.support.AnnotationConfigWebApplicationContext + + /tmp + 28393832 + 482818342 + 1031234 + pages /portal/* + + hirs.attestationca.portal.HIRSDbInitializer + /errors - \ No newline at end of file + + + diff --git a/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java b/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java index b103eca8..ee9f947e 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java +++ b/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java @@ -4,6 +4,7 @@ import com.google.common.base.Preconditions; import hirs.utils.digest.DigestAlgorithm; import hirs.utils.xjc.File; import lombok.Getter; +import lombok.ToString; import javax.xml.namespace.QName; import java.math.BigInteger; @@ -13,6 +14,7 @@ import java.util.Map; * This object is used to represent the content of a Swid Tags Directory * section. */ +@ToString public class SwidResource { @Getter diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index a59cac5f..ff5bdd2f 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -256,9 +256,7 @@ public final class TCGEventLog { } return pcrs; } - - - + /** * Returns a list of event found in the Event Log. * @return an arraylist of event.