issue_896: first cut at changing the logic on the validator

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java

@@ -6,6 +6,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Plat
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
+import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
@@ -64,25 +65,30 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
      * TCPA Trusted Platform Endorsement.
      */
     public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement";
+
     /**
      * TCG Trusted Platform Endorsement.
      */
     public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement";
     private static final int TCG_SPECIFICATION_LENGTH = 3;
+
     // These are Object Identifiers (OIDs) for sections in the credentials
     private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1";
     private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2";
+
     // OID for TCG Attributes
     private static final String PLATFORM_MANUFACTURER = "2.23.133.2.4";
     private static final String PLATFORM_MODEL = "2.23.133.2.5";
     private static final String PLATFORM_VERSION = "2.23.133.2.6";
     private static final String PLATFORM_SERIAL = "2.23.133.2.23";
     private static final String PLATFORM_BASEBOARD_CHASSIS_COMBINED = "2.23.133.5.1.6";
+
     // OID for TCG Platform Class Common Attributes
     private static final String PLATFORM_MANUFACTURER_2_0 = "2.23.133.5.1.1";
     private static final String PLATFORM_MODEL_2_0 = "2.23.133.5.1.4";
     private static final String PLATFORM_VERSION_2_0 = "2.23.133.5.1.5";
     private static final String PLATFORM_SERIAL_2_0 = "2.23.133.5.1.6";
+
     // OID for Certificate Attributes
     private static final String TCG_PLATFORM_SPECIFICATION = "2.23.133.2.17";
     private static final String TPM_SECURITY_ASSERTION = "2.23.133.2.18";
@@ -582,8 +588,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
                     break;
                 default:
                     // No class defined for this attribute
-                    log.warn("No class defined for attribute with OID: "
+                    log.warn("No class defined for attribute with OID: {}", attr.getAttrType().getId());
-                            + attr.getAttrType().getId());
                     break;
             }
         }
@@ -621,6 +626,24 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
         return null;
     }
 
+    /**
+     * Get the Version 2 Platform Configuration Attribute from the Platform Certificate.
+     *
+     * @return a map with the Version 2 Platform Configuration information.
+     * @throws IllegalArgumentException when there is a parsing error
+     * @throws IOException              when reading the certificate.
+     */
+    public PlatformConfigurationV2 getPlatformConfigurationV2()
+            throws IllegalArgumentException, IOException {
+
+        if (getAttribute("platformConfiguration") != null
+                && getAttribute("platformConfiguration") instanceof PlatformConfigurationV2) {
+            return (PlatformConfigurationV2) getAttribute("platformConfiguration");
+        }
+
+        return null;
+    }
+
     /**
      * Get the Platform Configuration URI Attribute from the Platform Certificate.
      *
@@ -695,9 +718,27 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
                 return platformConfig.getComponentIdentifier();
             }
         } catch (IOException e) {
-            log.error("Unable to parse Platform Configuration from Credential or find"
+            log.error("Unable to parse Platform Configuration from Platform Credential or find"
                     + "component identifiers");
         }
         return Collections.emptyList();
     }
+
+    /**
+     * Get the list of version 2 component identifiers if there are any.
+     *
+     * @return the list of version 2 component identifiers if there are any
+     */
+    public List<ComponentIdentifierV2> getComponentIdentifiersV2() {
+        try {
+            PlatformConfigurationV2 platformConfigV2 = getPlatformConfigurationV2();
+            if (platformConfigV2 != null) {
+                return platformConfigV2.getComponentIdentifierV2();
+            }
+        } catch (IOException e) {
+            log.error("Unable to parse Platform Configuration Version 2 from Platform Credential or find"
+                    + "version 2 component identifiers");
+        }
+        return Collections.emptyList();
+    }
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java

@@ -33,6 +33,10 @@ ComponentClass {
 
     private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
 
+    private static final String PCIE_BASED_COMPONENT_REGISTRY = "2.23.133.18.3.4";
+
+    private static final String STORAGE_COMPONENT_REGISTRY = "2.23.133.18.3.5";
+
     private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath(
             "C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json");
 
@@ -122,6 +126,8 @@ ComponentClass {
         this.registryType = switch (registryOid) {
             case TCG_COMPONENT_REGISTRY -> "TCG";
             case SMBIOS_COMPONENT_REGISTRY -> "SMBIOS";
+            case PCIE_BASED_COMPONENT_REGISTRY -> "PCIE";
+            case STORAGE_COMPONENT_REGISTRY -> "STORAGE";
             default -> UNKNOWN_STRING;
         };
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java

@@ -14,11 +14,15 @@ import java.util.List;
  */
 @AllArgsConstructor
 public abstract class PlatformConfiguration {
-    private ArrayList<ComponentIdentifier> componentIdentifier = new ArrayList<>();
+
+    private List<ComponentIdentifier> componentIdentifier;
+
     @Getter
     @Setter
     private URIReference componentIdentifierUri;
-    private ArrayList<PlatformProperty> platformProperties = new ArrayList<>();
+
+    private List<PlatformProperty> platformProperties;
+
     @Getter
     @Setter
     private URIReference platformPropertiesUri;

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java

@@ -6,6 +6,8 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import java.util.stream.Collectors;
 
 /**
@@ -26,9 +28,10 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
     private static final int COMPONENT_IDENTIFIER_URI = 1;
     private static final int PLATFORM_PROPERTIES = 2;
     private static final int PLATFORM_PROPERTIES_URI = 3;
+    private List<ComponentIdentifierV2> componentIdentifierV2;
 
     /**
-     * Constructor given the SEQUENCE that contains Platform Configuration.
+     * Constructor given the SEQUENCE that contains version 2 Platform Configuration.
      *
      * @param sequence containing the the Platform Configuration.
      * @throws IllegalArgumentException if there was an error on the parsing
@@ -87,6 +90,21 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
         }
     }
 
+    /**
+     * @return a collection of version 2 component identifiers.
+     */
+    public List<ComponentIdentifierV2> getComponentIdentifierV2() {
+        return Collections.unmodifiableList(componentIdentifierV2);
+    }
+
+    /**
+     * @param componentIdentifierV2 list of version 2 component identifiers
+     */
+    public void setComponentIdentifierV2(
+            final List<ComponentIdentifierV2> componentIdentifierV2) {
+        this.componentIdentifierV2 = new ArrayList<>(componentIdentifierV2);
+    }
+
     /**
      * Creates a string representation of the Platform Configuration V2 object.
      *
@@ -96,9 +114,9 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
     public String toString() {
         StringBuilder sb = new StringBuilder();
         sb.append("PlatformConfiguration{");
-        sb.append("componentIdentifier=");
+        sb.append("componentIdentifierV2=");
-        if (getComponentIdentifier().size() > 0) {
+        if (!getComponentIdentifierV2().isEmpty()) {
-            sb.append(getComponentIdentifier()
+            sb.append(getComponentIdentifierV2()
                     .stream()
                     .map(Object::toString)
                     .collect(Collectors.joining(",")));
@@ -108,7 +126,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
             sb.append(getComponentIdentifierUri());
         }
         sb.append(", platformProperties=");
-        if (getPlatformProperties().size() > 0) {
+        if (!getPlatformProperties().isEmpty()) {
             sb.append(getPlatformProperties()
                     .stream()
                     .map(Object::toString)

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java

@@ -80,8 +80,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
             deviceBaseboardSerialNumber = null;
         } else {
             deviceInfoSerialNumbers.put("board serial number", deviceBaseboardSerialNumber);
-            log.info("Using device board serial number for validation: "
+            log.info("Using device board serial number for validation: {}", deviceBaseboardSerialNumber);
-                    + deviceBaseboardSerialNumber);
         }
 
         if (StringUtils.isEmpty(deviceChassisSerialNumber)
@@ -89,16 +88,15 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
             log.error("Failed to retrieve device chassis serial number");
         } else {
             deviceInfoSerialNumbers.put("chassis serial number", deviceChassisSerialNumber);
-            log.info("Using device chassis serial number for validation: "
+            log.info("Using device chassis serial number for validation: {}", deviceChassisSerialNumber);
-                    + deviceChassisSerialNumber);
         }
+
         if (StringUtils.isEmpty(deviceSystemSerialNumber)
                 || DeviceInfoEnums.NOT_SPECIFIED.equalsIgnoreCase(deviceSystemSerialNumber)) {
             log.error("Failed to retrieve device system serial number");
         } else {
             deviceInfoSerialNumbers.put("system serial number", deviceSystemSerialNumber);
-            log.info("Using device system serial number for validation: "
+            log.info("Using device system serial number for validation: {}", deviceSystemSerialNumber);
-                    + deviceSystemSerialNumber);
         }
 
         AppraisalStatus status;
@@ -233,12 +231,19 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
 
         passesValidation &= fieldValidation;
 
-        // Retrieve the list of all components from the Platform Credential
+        // Retrieve the list of all version 2 component identifiers from the Platform Credential
-        List<ComponentIdentifier> allPcComponents
+        List<ComponentIdentifierV2> allPcComponents
-                = new ArrayList<>(platformCredential.getComponentIdentifiers());
+                = new ArrayList<>(platformCredential.getComponentIdentifiersV2());
 
         // All components listed in the Platform Credential must have a manufacturer and model
-        for (ComponentIdentifier pcComponent : allPcComponents) {
+        for (ComponentIdentifierV2 pcComponent : allPcComponents) {
+
+            fieldValidation = pcComponent.getComponentClass() != null;
+
+            if (!fieldValidation) {
+                resultMessage.append("Component class is null\n");
+            }
+
             fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer",
                     pcComponent.getComponentManufacturer());
 
@@ -263,18 +268,24 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                 .findByCertificateSerialNumberAndBoardSerialNumber(
                         platformCredential.getSerialNumber().toString(),
                         platformCredential.getPlatformSerial());
+
         // first create hash map based on hashCode
         List<ComponentResult> remainingComponentResults = checkDeviceHashMap(
                 componentInfos, componentResults);
+
         //this is used to get a unique count
         List<UUID> componentIdList = new ArrayList<>();
+
         int numOfAttributes = 0;
+
         if (!remainingComponentResults.isEmpty()) {
             List<ComponentAttributeResult> attributeResults = checkComponentClassMap(
                     componentInfos, remainingComponentResults);
 
             numOfAttributes = attributeResults.size();
+
             boolean saveAttributeResult;
+
             for (ComponentAttributeResult componentAttributeResult : attributeResults) {
                 saveAttributeResult = true;
                 if (ignoreRevisionAttribute) {
@@ -293,6 +304,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
         }
 
         StringBuilder additionalInfo = new StringBuilder();
+
         if (numOfAttributes > 0) {
             resultMessage.append(String.format("There are %d component(s) not matched%n "
                             + "with %d total attributes mismatched.",
@@ -455,7 +467,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                 if (ci.isVersion2() && PciIds.DB.isReady()) {
                     ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
                 }
-                log.error("Unmatched component: " + ci);
+                log.error("Unmatched component: {}", ci);
                 fullDeltaChainComponents.add(ci);
                 invalidPcIds.append(String.format(
                         "Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
@@ -532,6 +544,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                     = allDeviceInfoComponents.stream().filter(componentInfo
                             -> componentInfo.getComponentManufacturer().equals(pcManufacturer))
                     .collect(Collectors.toList());
+
             // For each component listed in the platform credential from this manufacturer
             // find the ones that specify a serial number so we can match the most specific ones
             // first.
@@ -539,7 +552,8 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                     = pcComponentsFromManufacturer.stream().filter(compIdentifier
                             -> compIdentifier.getComponentSerial() != null
                             && StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString()))
-                    .collect(Collectors.toList());
+                    .toList();
+
             // Now match up the components from the device info that are from the same
             // manufacturer and have a serial number. As matches are found, remove them from
             // both lists.
@@ -567,7 +581,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                     = pcComponentsFromManufacturer.stream().filter(compIdentifier
                             -> compIdentifier.getComponentRevision() != null
                             && StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString()))
-                    .collect(Collectors.toList());
+                    .toList();
             // Now match up the components from the device info that are from the same
             // manufacturer and specify a value for the revision field. As matches are found,
             // remove them from both lists.
@@ -608,8 +622,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
         if (!pcUnmatchedComponents.isEmpty()) {
             untrimmedPcComponents.clear();
             StringBuilder sb = new StringBuilder();
-            log.error(String.format("Platform Credential contained %d unmatched components:",
+            log.error("Platform Credential contained {} unmatched components:", pcUnmatchedComponents.size());
-                    pcUnmatchedComponents.size()));
 
             int unmatchedComponentCounter = 1;
             for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
@@ -617,8 +630,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                     unmatchedComponent =
                             AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
                 }
-                log.error("Unmatched component " + unmatchedComponentCounter++ + ": "
+                log.error("Unmatched component {}: {}", unmatchedComponentCounter++, unmatchedComponent);
-                        + unmatchedComponent);
                 sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
                         unmatchedComponent.getComponentManufacturer(),
                         unmatchedComponent.getComponentModel(),
@@ -797,8 +809,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
     private static boolean hasEmptyValueForRequiredField(final String description,
                                                          final String fieldValue) {
         if (StringUtils.isEmpty(fieldValue)) {
-            log.error("Required field was empty or null in Platform Credential: "
+            log.error("Required field was empty or null in Platform Credential: {}", description);
-                    + description);
             return true;
         }
         return false;
@@ -829,15 +840,15 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
         String trimmedOtherValue = otherValue.trim();
 
         if (!trimmedFieldValue.equals(trimmedOtherValue)) {
-            log.debug(String.format("%s field in Platform Credential (%s) does not match "
+            log.debug("{} field in Platform Credential ({}) does not match "
-                            + "a related field in the DeviceInfoReport (%s)",
+                            + "a related field in the DeviceInfoReport ({})",
-                    platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue));
+                    platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue);
             return false;
         }
 
-        log.debug(String.format("%s field in Platform Credential matches "
+        log.debug("{} field in Platform Credential matches "
-                        + "a related field in the DeviceInfoReport (%s)",
+                        + "a related field in the DeviceInfoReport {}",
-                platformCredentialFieldName, trimmedFieldValue)
+                platformCredentialFieldName, trimmedFieldValue
         );
 
         return true;
@@ -853,8 +864,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
     private static boolean hasEmptyValueForRequiredField(final String description,
                                                          final ASN1UTF8String fieldValue) {
         if (fieldValue == null || StringUtils.isEmpty(fieldValue.getString().trim())) {
-            log.error("Required field was empty or null in Platform Credential: "
+            log.error("Required field was empty or null in Platform Credential: {}", description);
-                    + description);
             return true;
         }
         return false;
@@ -871,7 +881,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
             final List<ComponentInfo> componentInfos,
             final List<ComponentResult> compiledComponentList) {
         Map<Integer, List<ComponentInfo>> deviceHashMap = new HashMap<>();
-        componentInfos.stream().forEach((componentInfo) -> {
+        componentInfos.forEach((componentInfo) -> {
             List<ComponentInfo> innerList;
             Integer compInfoHash = componentInfo.hashCommonElements();
             if (deviceHashMap.containsKey(compInfoHash)) {
@@ -910,7 +920,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
         // continue down the options, move to a different method.
         // create component class mapping to component info
         Map<String, List<ComponentInfo>> componentDeviceMap = new HashMap<>();
-        componentInfos.stream().forEach((componentInfo) -> {
+        componentInfos.forEach((componentInfo) -> {
             List<ComponentInfo> innerList;
             String componentClass = componentInfo.getComponentClass();
             if (componentDeviceMap.containsKey(componentClass)) {
@@ -1000,11 +1010,13 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
     private static List<ComponentAttributeResult> findMismatchedValues(
             final List<ComponentInfo> componentClassInfo,
             final ComponentResult componentResult) {
+
         // this list only has those of the same class type
         Map<String, ComponentInfo> componentSerialMap = new HashMap<>();
-        componentClassInfo.stream().forEach((componentInfo) -> {
+        componentClassInfo.forEach((componentInfo) -> {
             componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo);
         });
+
         // see if the serial exists
         ComponentInfo componentInfo = componentSerialMap.get(componentResult.getSerialNumber());
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java

@@ -35,7 +35,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
      *
      * @param ec            the endorsement credential to verify.
      * @param trustStore    trust store holding trusted certificates.
-     * @param acceptExpired whether or not to accept expired and not yet valid certificates
+     * @param acceptExpired whether to accept expired and not yet valid certificates
      *                      as valid.
      * @return the result of the validation.
      */

HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java

@@ -417,12 +417,11 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws IOException        if error occurs while reading files
      * @throws URISyntaxException if error occurs while reading files
-     * @throws CertificateException if error occurs while processing X509 Certs
      * @throws KeyStoreException  if error occurs while processing Keystore
      */
     @Test
     public final void testValidateEndorsementCredential()
-            throws URISyntaxException, IOException, CertificateException, KeyStoreException {
+            throws URISyntaxException, IOException, KeyStoreException {
 
         EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
                 Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
@@ -457,12 +456,11 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws IOException        if error occurs while reading files
      * @throws KeyStoreException  if there's an issue string certs to the keystore
-     * @throws CertificateException if error occurs while ingesting a certificate
      * @throws URISyntaxException if a URI can't be processed
      */
     @Test
     public final void validateIntelPlatformCredentials()
-            throws URISyntaxException, IOException, CertificateException, KeyStoreException {
+            throws URISyntaxException, IOException, KeyStoreException {
 
         Certificate intermediatecacert =
                 new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
@@ -855,7 +853,7 @@ public class SupplyChainCredentialValidatorTest {
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -899,7 +897,7 @@ public class SupplyChainCredentialValidatorTest {
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -938,7 +936,7 @@ public class SupplyChainCredentialValidatorTest {
             throws SupplyChainValidatorException {
         KeyPair caKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate targetCert =
@@ -977,7 +975,7 @@ public class SupplyChainCredentialValidatorTest {
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -1017,7 +1015,7 @@ public class SupplyChainCredentialValidatorTest {
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -1051,7 +1049,7 @@ public class SupplyChainCredentialValidatorTest {
     public final void verifyX509CertificateAgainstCA() throws SupplyChainValidatorException {
         KeyPair caKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate targetCert =
@@ -1175,13 +1173,12 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
 
     @Test
     public final void testPlatformDnEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
@@ -1207,12 +1204,11 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
@@ -1237,12 +1233,11 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
@@ -1268,12 +1263,11 @@ public class SupplyChainCredentialValidatorTest {
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))