ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-10 14:34:27 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Changing the bulk of entries on the Certificate page controllers from

Browse Source 
manager to service.  What is left is Unit Tests and Certificate Selector
which could be more of an issue.
This commit is contained in:
Cyrus 2022-08-02 20:33:22 -04:00
parent 74a3cf9e21
commit 56b77ab360
25 changed files with 232 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.SupportReferenceManifest;
import hirs.data.persist.SwidResource;
@ -27,12 +26,13 @@ import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.DeviceManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.TPM2ProvisionerState;
import hirs.persist.service.CertificateService;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
@ -174,7 +174,7 @@ public abstract class AbstractAttestationCertificateAuthority
*/
private Integer validDays = 1;
private final CertificateManager certificateManager;
private final CertificateService certificateService;
private final ReferenceManifestManager referenceManifestManager;
private final DeviceRegister deviceRegister;
private final DeviceManager deviceManager;
@ -188,7 +188,7 @@ public abstract class AbstractAttestationCertificateAuthority
* @param privateKey the ACA private key
* @param acaCertificate the ACA certificate
* @param structConverter the struct converter
* @param certificateManager the certificate manager
* @param certificateService the certificate service
* @param referenceManifestManager the Reference Manifest manager
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
@ -200,7 +200,7 @@ public abstract class AbstractAttestationCertificateAuthority
final SupplyChainValidationService supplyChainValidationService,
final PrivateKey privateKey, final X509Certificate acaCertificate,
final StructConverter structConverter,
final CertificateManager certificateManager,
final CertificateService certificateService,
final ReferenceManifestManager referenceManifestManager,
final DeviceRegister deviceRegister, final int validDays,
final DeviceManager deviceManager,
@ -209,7 +209,7 @@ public abstract class AbstractAttestationCertificateAuthority
this.privateKey = privateKey;
this.acaCertificate = acaCertificate;
this.structConverter = structConverter;
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.referenceManifestManager = referenceManifestManager;
this.deviceRegister = deviceRegister;
this.validDays = validDays;
@ -252,7 +252,7 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] ecBytesFromIdentityRequest = proof.getEndorsementCredential();
if (ArrayUtils.isNotEmpty(ecBytesFromIdentityRequest)) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
this.certificateManager, ecBytesFromIdentityRequest
this.certificateService, ecBytesFromIdentityRequest
);
try {
BigInteger publicKeyModulus = Certificate.getPublicKeyModulus(
@ -281,7 +281,7 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] pcBytesFromIdentityRequest = proof.getPlatformCredential();
if (ArrayUtils.isNotEmpty(pcBytesFromIdentityRequest)) {
platformCredentials.add(CredentialManagementHelper.storePlatformCredential(
this.certificateManager, pcBytesFromIdentityRequest
this.certificateService, pcBytesFromIdentityRequest
));
} else if (endorsementCredential != null) {
// if none in the identity request, look for uploaded platform credentials
@ -492,7 +492,7 @@ public abstract class AbstractAttestationCertificateAuthority
if (platformCredentials.size() == 1) {
for (PlatformCredential pc : platformCredentials) {
if (pc != null && pc.getPlatformSerial() != null) {
platformCredentials.addAll(PlatformCredential.select(this.certificateManager)
platformCredentials.addAll(PlatformCredential.select(this.certificateService)
.byBoardSerialNumber(pc.getPlatformSerial()).getCertificates());
}
}
@ -1129,7 +1129,7 @@ public abstract class AbstractAttestationCertificateAuthority
EndorsementCredential credential = null;
try {
credential = EndorsementCredential.select(this.certificateManager)
credential = EndorsementCredential.select(this.certificateService)
.byPublicKeyModulus(Certificate.getPublicKeyModulus(ekPublicKey))
.getCertificate();
} catch (IOException e) {
@ -1153,7 +1153,7 @@ public abstract class AbstractAttestationCertificateAuthority
} else {
LOG.debug("Searching for platform credential(s) based on holder serial number: "
+ ec.getSerialNumber());
credentials = PlatformCredential.select(this.certificateManager)
credentials = PlatformCredential.select(this.certificateService)
.byHolderSerialNumber(ec.getSerialNumber())
.getCertificates();
if (credentials == null || credentials.isEmpty()) {
@ -1824,7 +1824,7 @@ public abstract class AbstractAttestationCertificateAuthority
EndorsementCredential endorsementCredential = null;
if (identityClaim.hasEndorsementCredential()) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
this.certificateManager,
this.certificateService,
identityClaim.getEndorsementCredential().toByteArray());
} else if (ekPub != null) {
LOG.warn("Endorsement Cred was not in the identity claim from the client."
@ -1855,7 +1855,7 @@ public abstract class AbstractAttestationCertificateAuthority
for (ByteString platformCredential : identityClaim.getPlatformCredentialList()) {
if (!platformCredential.isEmpty()) {
platformCredentials.add(CredentialManagementHelper.storePlatformCredential(
this.certificateManager, platformCredential.toByteArray()));
this.certificateService, platformCredential.toByteArray()));
}
}
} else if (endorsementCredential != null) {
@ -1913,7 +1913,7 @@ public abstract class AbstractAttestationCertificateAuthority
derEncodedAttestationCertificate, endorsementCredential, platformCredentials);
if (scp != null) {
issuedAc = IssuedAttestationCertificate.select(certificateManager)
issuedAc = IssuedAttestationCertificate.select(certificateService)
.byDeviceId(device.getId()).getCertificate();
generateCertificate = scp.isIssueAttestationCertificate();
@ -1932,7 +1932,7 @@ public abstract class AbstractAttestationCertificateAuthority
}
if (generateCertificate) {
attCert.setDevice(device);
certificateManager.saveCertificate(attCert);
certificateService.saveCertificate(attCert);
}
} catch (Exception e) {
LOG.error("Error saving generated Attestation Certificate to database.", e);

34
HIRS_AttestationCA/src/main/java/hirs/attestationca/CredentialManagementHelper.java
View File

@ -1,11 +1,11 @@
package hirs.attestationca;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException;
import hirs.persist.service.CertificateService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.util.List;
import java.util.stream.Collectors;
@ -24,16 +24,16 @@ public final class CredentialManagementHelper {
/**
* Parses and stores the EK in the cert manager. If the cert is already present and archived,
* it is unarchived.
* @param certificateManager the certificate manager used for storage
* @param certificateService the certificate service used for storage
* @param endorsementBytes the raw EK bytes used for parsing
* @return the parsed, valid EK
* @throws IllegalArgumentException if the provided bytes are not a valid EK.
*/
public static EndorsementCredential storeEndorsementCredential(
final CertificateManager certificateManager,
final CertificateService certificateService,
final byte[] endorsementBytes) throws IllegalArgumentException {
if (certificateManager == null) {
if (certificateService == null) {
throw new IllegalArgumentException("null certificate manager");
}
@ -60,18 +60,19 @@ public final class CredentialManagementHelper {
}
int certificateHash = endorsementCredential.getCertificateHash();
EndorsementCredential existingCredential =
EndorsementCredential.select(certificateManager).includeArchived()
EndorsementCredential.select(certificateService).includeArchived()
.byHashCode(certificateHash).getCertificate();
if (existingCredential == null) {
LOG.info("No Endorsement Credential found with hash: " + certificateHash);
return (EndorsementCredential) certificateManager
return (EndorsementCredential) certificateService
.saveCertificate(endorsementCredential);
} else if (existingCredential.isArchived()) {
// if the EK is stored in the DB and it's archived, unarchive.
LOG.info("Unarchiving credential");
existingCredential.restore();
existingCredential.resetCreateTime();
certificateManager.updateCertificate(existingCredential);
certificateService.updateCertificate(existingCredential,
existingCredential.getId());
}
return existingCredential;
}
@ -79,15 +80,15 @@ public final class CredentialManagementHelper {
/**
* Parses and stores the PC in the cert manager. If the cert is already present and archived,
* it is unarchived.
* @param certificateManager the certificate manager used for storage
* @param certificateService the certificate service used for storage
* @param platformBytes the raw PC bytes used for parsing
* @return the parsed, valid PC, or null if the provided bytes are not a valid EK.
*/
public static PlatformCredential storePlatformCredential(
final CertificateManager certificateManager,
final CertificateService certificateService,
final byte[] platformBytes) {
if (certificateManager == null) {
if (certificateService == null) {
throw new IllegalArgumentException("null certificate manager");
}
@ -109,7 +110,7 @@ public final class CredentialManagementHelper {
return null;
}
PlatformCredential existingCredential =
PlatformCredential.select(certificateManager)
PlatformCredential.select(certificateService)
.includeArchived()
.byHashCode(platformCredential
.getCertificateHash())
@ -117,7 +118,7 @@ public final class CredentialManagementHelper {
if (existingCredential == null) {
if (platformCredential.getPlatformSerial() != null) {
List<PlatformCredential> certificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(platformCredential.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
if (!certificates.isEmpty()) {
@ -135,13 +136,14 @@ public final class CredentialManagementHelper {
}
}
}
return (PlatformCredential) certificateManager
return (PlatformCredential) certificateService
.saveCertificate(platformCredential);
} else if (existingCredential.isArchived()) {
// if the PC is stored in the DB and it's archived, unarchive.
LOG.info("Unarchiving credential");
existingCredential.restore();
certificateManager.updateCertificate(existingCredential);
certificateService.updateCertificate(existingCredential,
existingCredential.getId());
return existingCredential;
}

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java
View File

@ -7,9 +7,11 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.service.CertificateService;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedQuery;
import hirs.persist.service.DefaultService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DeviceServiceImpl.java
View File

@ -7,6 +7,8 @@ import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.DeviceManagerException;
import hirs.persist.OrderedQuery;
import hirs.persist.service.DefaultService;
import hirs.persist.service.DeviceService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java
View File

@ -6,6 +6,8 @@ import hirs.data.persist.policy.Policy;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedQuery;
import hirs.persist.service.DefaultService;
import hirs.persist.service.PolicyService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java
View File

@ -6,6 +6,8 @@ import hirs.data.persist.ReferenceDigestValue;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedQuery;
import hirs.persist.service.DefaultService;
import hirs.persist.service.ReferenceDigestValueService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceManifestServiceImpl.java
View File

@ -6,6 +6,8 @@ import hirs.data.persist.ReferenceManifest;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedQuery;
import hirs.persist.service.DefaultService;
import hirs.persist.service.ReferenceManifestService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationService.java
View File

@ -1,12 +1,12 @@
package hirs.attestationca.service;
import java.util.Set;
import hirs.data.persist.Device;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.policy.SupplyChainPolicy;
import java.util.Set;
/**

44
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -1,18 +1,16 @@
package hirs.attestationca.service;
import hirs.attestationca.configuration.PersistenceConfiguration;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.configuration.PersistenceConfiguration;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.policy.PCRPolicy;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidation;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.SupportReferenceManifest;
@ -22,14 +20,16 @@ import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.policy.PCRPolicy;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.AppraiserManager;
import hirs.persist.CertificateManager;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.CertificateService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.BouncyCastleUtils;
@ -81,7 +81,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
private ReferenceManifestManager referenceManifestManager;
private ReferenceDigestManager referenceDigestManager;
private ReferenceEventManager referenceEventManager;
private CertificateManager certificateManager;
private CertificateService certificateService;
private CredentialValidator supplyChainCredentialValidator;
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
@ -92,10 +92,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
* Constructor to set just the CertificateManager, so that cert chain validating
* methods can be called from outside classes.
*
* @param certificateManager the cert manager
* @param certificateService the cert service
*/
public SupplyChainValidationServiceImpl(final CertificateManager certificateManager) {
this.certificateManager = certificateManager;
public SupplyChainValidationServiceImpl(final CertificateService certificateService) {
this.certificateService = certificateService;
}
/**
@ -103,7 +103,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
*
* @param policyManager the policy manager
* @param appraiserManager the appraiser manager
* @param certificateManager the cert manager
* @param certificateService the cert service
* @param referenceManifestManager the RIM manager
* @param supplyChainValidatorSummaryManager the summary manager
* @param supplyChainCredentialValidator the credential validator
@ -114,7 +114,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
@SuppressWarnings("ParameterNumberCheck")
public SupplyChainValidationServiceImpl(
final PolicyManager policyManager, final AppraiserManager appraiserManager,
final CertificateManager certificateManager,
final CertificateService certificateService,
final ReferenceManifestManager referenceManifestManager,
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
final CredentialValidator supplyChainCredentialValidator,
@ -122,7 +122,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
final ReferenceEventManager referenceEventManager) {
this.policyManager = policyManager;
this.appraiserManager = appraiserManager;
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.referenceManifestManager = referenceManifestManager;
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
this.supplyChainCredentialValidator = supplyChainCredentialValidator;
@ -179,7 +179,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// store the device with the credential
if (ec != null) {
ec.setDevice(device);
this.certificateManager.updateCertificate(ec);
this.certificateService.updateCertificate(ec, ec.getId());
}
}
@ -208,7 +208,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
deltaMapping.put(pc, null);
}
pc.setDevice(device);
this.certificateManager.updateCertificate(pc);
this.certificateService.updateCertificate(pc, pc.getId());
}
@ -353,7 +353,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (pc.isBase()) {
// Grab all certs associated with this platform chain
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(pc.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
@ -433,7 +433,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
//Validate signing cert
Set<CertificateAuthorityCredential> allCerts =
CertificateAuthorityCredential.select(certificateManager).getCertificates();
CertificateAuthorityCredential.select(certificateService).getCertificates();
CertificateAuthorityCredential signingCert = null;
for (CertificateAuthorityCredential cert : allCerts) {
signingCert = cert;
@ -780,7 +780,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
case FAIL:
if (!result.getAdditionalInfo().isEmpty()) {
pc.setComponentFailures(result.getAdditionalInfo());
this.certificateManager.updateCertificate(pc);
this.certificateService.updateCertificate(pc, pc.getId());
}
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), pc, Level.WARN);
@ -816,10 +816,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
case FAIL:
if (!result.getAdditionalInfo().isEmpty()) {
base.setComponentFailures(result.getAdditionalInfo());
this.certificateManager.updateCertificate(base);
this.certificateService.updateCertificate(base, base.getId());
}
// we are adding things to componentFailures
this.certificateManager.updateCertificate(delta);
this.certificateService.updateCertificate(delta, delta.getId());
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), delta, Level.WARN);
case ERROR:
@ -913,7 +913,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
&& !credential.getAuthKeyId().isEmpty()) {
byte[] bytes = Hex.decode(credential.getAuthKeyId());
skiCA = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectKeyIdentifier(bytes).getCertificate();
}
@ -921,13 +921,13 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (credential.getIssuerSorted() == null
|| credential.getIssuerSorted().isEmpty()) {
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubject(credential.getIssuer())
.getCertificates();
} else {
//Get certificates by subject organization
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectSorted(credential.getIssuerSorted())
.getCertificates();
}
@ -969,7 +969,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (platformSerialNumber != null) {
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(platformSerialNumber)
.getCertificates().stream().collect(Collectors.toList());

18
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java
View File

@ -4,7 +4,7 @@ import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.CertificateDetailsPageParams;
import hirs.attestationca.portal.util.CertificateStringMapBuilder;
import hirs.persist.CertificateManager;
import hirs.persist.service.CertificateService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@ -32,17 +32,17 @@ public class CertificateDetailsPageController extends PageController<Certificate
static final String INITIAL_DATA = "initialData";
@Autowired
private final CertificateManager certificateManager;
private final CertificateService certificateService;
private static final Logger LOGGER =
LogManager.getLogger(CertificateDetailsPageController.class);
/**
* Constructor providing the Page's display and routing specification.
* @param certificateManager the certificate manager
* @param certificateService the certificate service
*/
@Autowired
public CertificateDetailsPageController(final CertificateManager certificateManager) {
public CertificateDetailsPageController(final CertificateService certificateService) {
super(CERTIFICATE_DETAILS);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
}
/**
@ -80,19 +80,19 @@ public class CertificateDetailsPageController extends PageController<Certificate
switch (type) {
case "certificateauthority":
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
uuid, certificateManager));
uuid, certificateService));
break;
case "endorsement":
data.putAll(CertificateStringMapBuilder.getEndorsementInformation(uuid,
certificateManager));
certificateService));
break;
case "platform":
data.putAll(CertificateStringMapBuilder.getPlatformInformation(uuid,
certificateManager));
certificateService));
break;
case "issued":
data.putAll(CertificateStringMapBuilder.getIssuedInformation(uuid,
certificateManager));
certificateService));
break;
default:
String typeError = "Invalid certificate type: " + params.getType();

74
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java
View File

@ -14,7 +14,7 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.service.CertificateService;
import hirs.persist.CriteriaModifier;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
@ -63,7 +63,7 @@ import static org.apache.logging.log4j.LogManager.getLogger;
public class CertificateRequestPageController extends PageController<NoPageParams> {
@Autowired
private final CertificateManager certificateManager;
private final CertificateService certificateService;
@Autowired
private final OrderedListQuerier<Certificate> dataTableQuerier;
@ -84,17 +84,17 @@ public class CertificateRequestPageController extends PageController<NoPageParam
/**
* Constructor providing the Page's display and routing specification.
*
* @param certificateManager the certificate manager
* @param certificateService the certificate service impl
* @param crudManager the CRUD manager for certificates
* @param acaCertificate the ACA's X509 certificate
*/
@Autowired
public CertificateRequestPageController(
final CertificateManager certificateManager,
final CertificateService certificateService,
final CrudManager<Certificate> crudManager,
final X509Certificate acaCertificate) {
super(Page.TRUST_CHAIN);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.dataTableQuerier = crudManager;
try {
@ -152,7 +152,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
mav = getBaseModelAndView(Page.TRUST_CHAIN);
// Map with the ACA certificate information
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
certificateAuthorityCredential, this.certificateManager));
certificateAuthorityCredential, this.certificateService));
mav.addObject(ACA_CERT_DATA, data);
break;
default:
@ -222,7 +222,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
PlatformCredential pc = (PlatformCredential) records.get(i);
// find the EC using the PC's "holder serial number"
associatedEC = EndorsementCredential
.select(certificateManager)
.select(certificateService)
.bySerialNumber(pc.getHolderSerialNumber())
.getCertificate();
@ -262,7 +262,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try {
UUID uuid = UUID.fromString(id);
Certificate certificate = getCertificateById(certificateType, uuid, certificateManager);
Certificate certificate = getCertificateById(certificateType, uuid, certificateService);
if (certificate == null) {
// Use the term "record" here to avoid user confusion b/t cert and cred
String notFoundMessage = "Unable to locate record with ID: " + uuid;
@ -276,13 +276,13 @@ public class CertificateRequestPageController extends PageController<NoPageParam
List<PlatformCredential> sharedCertificates = getCertificateByBoardSN(
certificateType,
platformCertificate.getPlatformSerial(),
certificateManager);
certificateService);
if (sharedCertificates != null) {
for (PlatformCredential pc : sharedCertificates) {
if (!pc.isBase()) {
pc.archive();
certificateManager.updateCertificate(pc);
certificateService.updateCertificate(pc, pc.getId());
}
}
}
@ -290,7 +290,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
}
certificate.archive();
certificateManager.updateCertificate(certificate);
certificateService.updateCertificate(certificate, uuid);
String deleteCompletedMessage = "Certificate successfully deleted";
messages.addInfo(deleteCompletedMessage);
@ -330,7 +330,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try {
UUID uuid = UUID.fromString(id);
Certificate certificate = getCertificateById(certificateType, uuid, certificateManager);
Certificate certificate = getCertificateById(certificateType, uuid, certificateService);
if (certificate == null) {
// Use the term "record" here to avoid user confusion b/t cert and cred
String notFoundMessage = "Unable to locate record with ID: " + uuid;
@ -404,7 +404,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (CertificateAuthorityCredential ca : CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("ca-certificates[%s].cer",
Integer.toHexString(ca.getCertificateHash()));
@ -448,7 +448,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (PlatformCredential pc : PlatformCredential.select(certificateManager)
for (PlatformCredential pc : PlatformCredential.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Platform_Certificates[%s].cer",
Integer.toHexString(pc.getCertificateHash()));
@ -493,7 +493,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (IssuedAttestationCertificate ic : IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Issued_Certificates[%s].cer",
Integer.toHexString(ic.getCertificateHash()));
@ -538,7 +538,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (EndorsementCredential ek : EndorsementCredential
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Endorsement_Certificates[%s].cer",
Integer.toHexString(ek.getCertificateHash()));
@ -589,7 +589,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
certificateType,
file.getOriginalFilename(),
messages, certificate,
certificateManager);
certificateService);
}
}
@ -666,33 +666,33 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param uuid the ID of the cert
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private Certificate getCertificateById(
final String certificateType,
final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case ENDORSEMENTCREDENTIAL:
return EndorsementCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case ISSUEDCERTIFICATES:
return IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case TRUSTCHAIN:
return CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
default:
@ -706,30 +706,30 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param certificateHash the hash of the certificate's bytes
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private Certificate getCertificateByHash(
final String certificateType,
final int certificateHash,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
case ENDORSEMENTCREDENTIAL:
return EndorsementCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
case TRUSTCHAIN:
return CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
@ -743,13 +743,13 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param serialNumber the platform serial number
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private List<PlatformCredential> getCertificateByBoardSN(
final String certificateType,
final String serialNumber,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
if (serialNumber == null) {
return null;
@ -758,7 +758,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(serialNumber)
.getCertificates().stream().collect(Collectors.toList());
default:
@ -839,7 +839,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
* be stored
* @param messages contains any messages that will be display on the page
* @param certificate the certificate to store
* @param certificateManager the DB manager to use
* @param certificateService the DB service to use
* @return the messages for the page
*/
private void storeCertificate(
@ -847,7 +847,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
final String fileName,
final PageMessages messages,
final Certificate certificate,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
Certificate existingCertificate;
@ -856,7 +856,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
existingCertificate = getCertificateByHash(
certificateType,
certificate.getCertificateHash(),
certificateManager);
certificateService);
} catch (DBManagerException e) {
final String failMessage = "Querying for existing certificate failed ("
+ fileName + "): ";
@ -874,7 +874,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
List<PlatformCredential> sharedCertificates = getCertificateByBoardSN(
certificateType,
platformCertificate.getPlatformSerial(),
certificateManager);
certificateService);
if (sharedCertificates != null) {
for (PlatformCredential pc : sharedCertificates) {
@ -911,7 +911,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
}**/
}
certificateManager.saveCertificate(certificate);
certificateService.saveCertificate(certificate);
final String successMsg
= String.format("New certificate successfully uploaded (%s): ", fileName);
@ -933,7 +933,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
if (existingCertificate.isArchived()) {
existingCertificate.restore();
existingCertificate.resetCreateTime();
certificateManager.updateCertificate(existingCertificate);
certificateService.updateCertificate(existingCertificate, certificate.getId());
final String successMsg = String.format("Pre-existing certificate "
+ "found and unarchived (%s): ", fileName);

26
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -12,11 +12,11 @@ import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupportReferenceManifest;
import hirs.data.persist.SwidResource;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.CertificateService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.ReferenceManifestValidator;
@ -59,7 +59,7 @@ public class ReferenceManifestDetailsPageController
@Autowired
private final ReferenceEventManager referenceEventManager;
@Autowired
private final CertificateManager certificateManager;
private final CertificateService certificateService;
private static final ReferenceManifestValidator RIM_VALIDATOR
= new ReferenceManifestValidator();
private static final Logger LOGGER
@ -71,19 +71,19 @@ public class ReferenceManifestDetailsPageController
* @param referenceManifestManager the reference manifest manager.
* @param referenceDigestManager the reference digest manager.
* @param referenceEventManager the reference event manager.
* @param certificateManager the certificate manager.
* @param certificateService the certificate service.
*/
@Autowired
public ReferenceManifestDetailsPageController(
final ReferenceManifestManager referenceManifestManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
super(Page.RIM_DETAILS);
this.referenceManifestManager = referenceManifestManager;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
this.certificateManager = certificateManager;
this.certificateService = certificateService;
}
/**
@ -114,7 +114,7 @@ public class ReferenceManifestDetailsPageController
try {
UUID uuid = UUID.fromString(params.getId());
data.putAll(getRimDetailInfo(uuid, referenceManifestManager,
referenceDigestManager, referenceEventManager, certificateManager));
referenceDigestManager, referenceEventManager, certificateService));
} catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
@ -144,7 +144,7 @@ public class ReferenceManifestDetailsPageController
* @param referenceManifestManager the reference manifest manager.
* @param referenceDigestManager the reference digest manager.
* @param referenceEventManager the reference event manager.
* @param certificateManager the certificate manager.
* @param certificateService the certificate service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -154,7 +154,7 @@ public class ReferenceManifestDetailsPageController
final ReferenceManifestManager referenceManifestManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager,
final CertificateManager certificateManager)
final CertificateService certificateService)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -163,7 +163,7 @@ public class ReferenceManifestDetailsPageController
.byEntityId(uuid).getRIM();
if (bRim != null) {
data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateManager));
data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateService));
}
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager)
@ -190,7 +190,7 @@ public class ReferenceManifestDetailsPageController
*
* @param baseRim established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param certificateManager the certificate manager.
* @param certificateService the certificate service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -199,7 +199,7 @@ public class ReferenceManifestDetailsPageController
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestManager referenceManifestManager,
final CertificateManager certificateManager)
final CertificateService certificateService)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -304,13 +304,13 @@ public class ReferenceManifestDetailsPageController
}
Set<CertificateAuthorityCredential> certificates =
CertificateAuthorityCredential.select(certificateManager)
CertificateAuthorityCredential.select(certificateService)
.getCertificates();
//Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid
data.put("signatureValid", false);
for (CertificateAuthorityCredential cert : certificates) {
SupplyChainValidationServiceImpl scvsImpl =
new SupplyChainValidationServiceImpl(certificateManager);
new SupplyChainValidationServiceImpl(certificateService);
KeyStore keystore = scvsImpl.getCaChain(cert);
if (RIM_VALIDATOR.validateXmlSignature(cert)) {
try {

91
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java
View File

@ -1,30 +1,29 @@
package hirs.attestationca.portal.util;
import hirs.persist.service.CertificateService;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.utils.BouncyCastleUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.List;
import java.util.Comparator;
import java.util.stream.Collectors;
import java.util.Set;
import java.util.UUID;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.persist.CertificateManager;
import hirs.utils.BouncyCastleUtils;
import org.bouncycastle.util.encoders.Hex;
import java.util.Collections;
import java.util.stream.Collectors;
/**
* Utility class for mapping certificate information in to string maps. These are used to display
@ -43,11 +42,11 @@ public final class CertificateStringMapBuilder {
* Returns the general information.
*
* @param certificate certificate to get the general information.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the general certificate information.
*/
public static HashMap<String, String> getGeneralCertificateInfo(
final Certificate certificate, final CertificateManager certificateManager) {
final Certificate certificate, final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
@ -102,7 +101,7 @@ public final class CertificateStringMapBuilder {
//Get issuer ID if not self signed
if (data.get("isSelfSigned").equals("false")) {
//Get the missing certificate chain for not self sign
Certificate missingCert = containsAllChain(certificate, certificateManager);
Certificate missingCert = containsAllChain(certificate, certificateService);
String issuerResult;
if (missingCert != null) {
@ -111,7 +110,7 @@ public final class CertificateStringMapBuilder {
}
//Find all certificates that could be the issuer certificate based on subject name
for (Certificate issuerCert : CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectSorted(certificate.getIssuerSorted())
.getCertificates()) {
@ -141,12 +140,12 @@ public final class CertificateStringMapBuilder {
* Recursive function that check if all the certificate chain is present.
*
* @param certificate certificate to get the issuer
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a boolean indicating if it has the full chain or not.
*/
public static Certificate containsAllChain(
final Certificate certificate,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
Set<CertificateAuthorityCredential> issuerCertificates = new HashSet<>();
CertificateAuthorityCredential skiCA = null;
String issuerResult;
@ -155,7 +154,7 @@ public final class CertificateStringMapBuilder {
&& !certificate.getAuthKeyId().isEmpty()) {
byte[] bytes = Hex.decode(certificate.getAuthKeyId());
skiCA = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectKeyIdentifier(bytes).getCertificate();
} else {
LOGGER.error(String.format("Certificate (%s) for %s has no authority key identifier.",
@ -166,12 +165,12 @@ public final class CertificateStringMapBuilder {
if (certificate.getIssuerSorted() == null
|| certificate.getIssuerSorted().isEmpty()) {
//Get certificates by subject
issuerCertificates = CertificateAuthorityCredential.select(certificateManager)
issuerCertificates = CertificateAuthorityCredential.select(certificateService)
.bySubject(certificate.getIssuer())
.getCertificates();
} else {
//Get certificates by subject organization
issuerCertificates = CertificateAuthorityCredential.select(certificateManager)
issuerCertificates = CertificateAuthorityCredential.select(certificateService)
.bySubjectSorted(certificate.getIssuerSorted())
.getCertificates();
}
@ -189,7 +188,7 @@ public final class CertificateStringMapBuilder {
issuerCert.getSubject())) {
return null;
}
return containsAllChain(issuerCert, certificateManager);
return containsAllChain(issuerCert, certificateService);
}
} catch (IOException e) {
LOGGER.error(e);
@ -204,21 +203,21 @@ public final class CertificateStringMapBuilder {
* Returns the Certificate Authority information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
CertificateAuthorityCredential certificate =
CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
String notFoundMessage = "Unable to find Certificate Authority "
+ "Credential with ID: " + uuid;
return getCertificateAuthorityInfoHelper(certificateManager, certificate, notFoundMessage);
return getCertificateAuthorityInfoHelper(certificateService, certificate, notFoundMessage);
}
@ -226,23 +225,23 @@ public final class CertificateStringMapBuilder {
* Returns the Trust Chain credential information.
*
* @param certificate the certificate
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(
final CertificateAuthorityCredential certificate,
final CertificateManager certificateManager) {
return getCertificateAuthorityInfoHelper(certificateManager, certificate,
final CertificateService certificateService) {
return getCertificateAuthorityInfoHelper(certificateService, certificate,
"No cert provided for mapping");
}
private static HashMap<String, String> getCertificateAuthorityInfoHelper(
final CertificateManager certificateManager,
final CertificateService certificateService,
final CertificateAuthorityCredential certificate, final String notFoundMessage) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
data.put("subjectKeyIdentifier",
Arrays.toString(certificate.getSubjectKeyIdentifier()));
//x509 credential version
@ -259,18 +258,18 @@ public final class CertificateStringMapBuilder {
* Returns the endorsement credential information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getEndorsementInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
EndorsementCredential certificate = EndorsementCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
// Set extra fields
data.put("manufacturer", certificate.getManufacturer());
data.put("model", certificate.getModel());
@ -302,22 +301,22 @@ public final class CertificateStringMapBuilder {
* Returns the Platform credential information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
* @throws IOException when parsing the certificate
* @throws IllegalArgumentException invalid argument on parsing the certificate
*/
public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
final CertificateManager certificateManager)
final CertificateService certificateService)
throws IllegalArgumentException, IOException {
HashMap<String, Object> data = new HashMap<>();
PlatformCredential certificate = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
data.put("credentialType", certificate.getCredentialType());
data.put("platformType", certificate.getPlatformType());
data.put("manufacturer", certificate.getManufacturer());
@ -463,18 +462,18 @@ public final class CertificateStringMapBuilder {
* Returns the Issued Attestation Certificate information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getIssuedInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
IssuedAttestationCertificate certificate = IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
// add endorsement credential ID if not null
if (certificate.getEndorsementCredential() != null) {

12
HIRS_Utils/src/main/java/hirs/data/persist/certificate/CertificateAuthorityCredential.java
View File

@ -1,7 +1,7 @@
package hirs.data.persist.certificate;
import hirs.persist.CertificateManager;
import hirs.persist.CertificateSelector;
import hirs.persist.service.CertificateService;
import org.apache.commons.codec.binary.Hex;
import javax.persistence.Column;
@ -46,13 +46,13 @@ public class CertificateAuthorityCredential extends Certificate {
*/
public static class Selector extends CertificateSelector<CertificateAuthorityCredential> {
/**
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* Construct a new CertificateSelector that will use the given {@link CertificateService} to
* retrieve one or many CertificateAuthorityCredentials.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
*/
public Selector(final CertificateManager certificateManager) {
super(certificateManager, CertificateAuthorityCredential.class);
public Selector(final CertificateService certificateService) {
super(certificateService, CertificateAuthorityCredential.class);
}
/**
@ -74,7 +74,7 @@ public class CertificateAuthorityCredential extends Certificate {
* @param certMan the CertificateManager to be used to retrieve persisted certificates
* @return a CertificateAuthorityCredential.Selector instance to use for retrieving certificates
*/
public static Selector select(final CertificateManager certMan) {
public static Selector select(final CertificateService certMan) {
return new Selector(certMan);
}

19
HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java
View File

@ -2,10 +2,10 @@ package hirs.data.persist.certificate;
import hirs.data.persist.certificate.attributes.TPMSecurityAssertions;
import hirs.data.persist.certificate.attributes.TPMSpecification;
import hirs.persist.CertificateManager;
import hirs.persist.CertificateSelector;
import org.apache.commons.lang3.StringUtils;
import hirs.persist.service.CertificateService;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1ApplicationSpecific;
@ -109,13 +109,13 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
*/
public static class Selector extends CertificateSelector<EndorsementCredential> {
/**
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* Construct a new CertificateSelector that will use the given {@link CertificateService} to
* retrieve one or many EndorsementCredentials.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate service to be used to retrieve certificates
*/
public Selector(final CertificateManager certificateManager) {
super(certificateManager, EndorsementCredential.class);
public Selector(final CertificateService certificateService) {
super(certificateService, EndorsementCredential.class);
}
/**
@ -164,11 +164,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
/**
* Get a Selector for use in retrieving EndorsementCredentials.
*
* @param certMan the CertificateManager to be used to retrieve persisted certificates
* @param certificateService the CertificateService to be used to retrieve
* persisted certificates
* @return a EndorsementCredential.Selector instance to use for retrieving certificates
*/
public static Selector select(final CertificateManager certMan) {
return new Selector(certMan);
public static Selector select(final CertificateService certificateService) {
return new Selector(certificateService);
}
/*

24
HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java
View File

@ -2,17 +2,18 @@ package hirs.data.persist.certificate;
import hirs.persist.CertificateManager;
import hirs.persist.CertificateSelector;
import hirs.persist.service.CertificateService;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collections;
import java.util.Set;
import java.util.UUID;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Collections;
import java.util.Set;
import java.util.UUID;
/**
* Represents an issued attestation certificate to a HIRS Client.
@ -41,10 +42,10 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* retrieve one or many IssuedAttestationCertificate.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate service to be used to retrieve certificates
*/
public Selector(final CertificateManager certificateManager) {
super(certificateManager, IssuedAttestationCertificate.class);
public Selector(final CertificateService certificateService) {
super(certificateService, IssuedAttestationCertificate.class);
}
/**
@ -63,11 +64,12 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
/**
* Get a Selector for use in retrieving IssuedAttestationCertificate.
*
* @param certMan the CertificateManager to be used to retrieve persisted certificates
* @param certificateService the CertificateService to be used to retrieve persisted certificates
* @return a IssuedAttestationCertificate.Selector instance to use for retrieving certificates
*/
public static IssuedAttestationCertificate.Selector select(final CertificateManager certMan) {
return new IssuedAttestationCertificate.Selector(certMan);
public static IssuedAttestationCertificate.Selector select(
final CertificateService certificateService) {
return new IssuedAttestationCertificate.Selector(certificateService);
}

14
HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
View File

@ -9,6 +9,7 @@ import hirs.data.persist.certificate.attributes.URIReference;
import hirs.data.persist.certificate.attributes.V2.PlatformConfigurationV2;
import hirs.persist.CertificateManager;
import hirs.persist.CertificateSelector;
import hirs.persist.service.CertificateService;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -127,10 +128,10 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* retrieve one or many PlatformCredentials.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate service to be used to retrieve certificates
*/
public Selector(final CertificateManager certificateManager) {
super(certificateManager, PlatformCredential.class);
public Selector(final CertificateService certificateService) {
super(certificateService, PlatformCredential.class);
}
/**
@ -266,11 +267,12 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
/**
* Get a Selector for use in retrieving PlatformCredentials.
*
* @param certMan the CertificateManager to be used to retrieve persisted certificates
* @param certificateService the CertificateService to be used to
* retrieve persisted certificates
* @return a PlatformCredential.Selector instance to use for retrieving certificates
*/
public static Selector select(final CertificateManager certMan) {
return new Selector(certMan);
public static Selector select(final CertificateService certificateService) {
return new Selector(certificateService);
}
/**

19
HIRS_Utils/src/main/java/hirs/persist/CertificateSelector.java
View File

@ -2,6 +2,7 @@ package hirs.persist;
import com.google.common.base.Preconditions;
import hirs.data.persist.certificate.Certificate;
import hirs.persist.service.CertificateService;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.criterion.Conjunction;
@ -73,7 +74,7 @@ import java.util.UUID;
* @param <T> the type of certificate that will be retrieved
*/
public abstract class CertificateSelector<T extends Certificate> {
private final CertificateManager certificateManager;
private final CertificateService certificateService;
private final Class<T> certificateClass;
private final Map<String, Object> fieldValueSelections;
@ -83,28 +84,28 @@ public abstract class CertificateSelector<T extends Certificate> {
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* retrieve certificates of the given type.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
* @param certificateClass the class of certificate to be retrieved
*/
public CertificateSelector(
final CertificateManager certificateManager,
final CertificateService certificateService,
final Class<T> certificateClass) {
this(certificateManager, certificateClass, true);
this(certificateService, certificateClass, true);
}
/**
* Construct a new CertificateSelector that will use the given {@link CertificateManager} to
* retrieve certificates of the given type.
*
* @param certificateManager the certificate manager to be used to retrieve certificates
* @param certificateService the certificate manager to be used to retrieve certificates
* @param certificateClass the class of certificate to be retrieved
* @param excludeArchivedCertificates true if excluding archived certificates
*/
public CertificateSelector(
final CertificateManager certificateManager,
final CertificateService certificateService,
final Class<T> certificateClass, final boolean excludeArchivedCertificates) {
Preconditions.checkArgument(
certificateManager != null,
certificateService != null,
"certificate manager cannot be null"
);
@ -113,7 +114,7 @@ public abstract class CertificateSelector<T extends Certificate> {
"type cannot be null"
);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.certificateClass = certificateClass;
this.fieldValueSelections = new HashMap<>();
this.excludeArchivedCertificates = excludeArchivedCertificates;
@ -451,7 +452,7 @@ public abstract class CertificateSelector<T extends Certificate> {
// construct and execute query
private Set<T> execute() {
return certificateManager.getCertificate(this);
return certificateService.getCertificate(this);
}
/**

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateService.java → HIRS_Utils/src/main/java/hirs/persist/service/CertificateService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import hirs.data.persist.certificate.Certificate;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DefaultService.java → HIRS_Utils/src/main/java/hirs/persist/service/DefaultService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import java.util.List;
import java.util.UUID;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DeviceService.java → HIRS_Utils/src/main/java/hirs/persist/service/DeviceService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import hirs.data.persist.Device;
import hirs.persist.DeviceManagerException;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyService.java → HIRS_Utils/src/main/java/hirs/persist/service/PolicyService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import hirs.data.persist.policy.Policy;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueService.java → HIRS_Utils/src/main/java/hirs/persist/service/ReferenceDigestValueService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import hirs.data.persist.ReferenceDigestValue;

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceManifestService.java → HIRS_Utils/src/main/java/hirs/persist/service/ReferenceManifestService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.service;
package hirs.persist.service;
import hirs.data.persist.ReferenceManifest;

7
HIRS_Utils/src/main/java/hirs/persist/service/package-info.java Normal file
View File

@ -0,0 +1,7 @@
/**
* Data access objects (DAOs) for storing and retrieving objects from the
* database.
*/
package hirs.persist.service;