From 571d107e1b77a91306bb7627f1dbc0f3eb91a63d Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Wed, 23 Oct 2024 17:22:20 -0400 Subject: [PATCH] issue_847: Reduced styling errors in CA module to less than 100 --- .../entity/userdefined/Certificate.java | 19 ++- .../IssuedAttestationCertificate.java | 4 +- .../attributes/CommonCriteriaMeasures.java | 5 + .../attributes/ComponentAddress.java | 11 ++ .../attributes/ComponentIdentifier.java | 5 + .../certificate/attributes/FIPSLevel.java | 42 ++---- .../attributes/PlatformConfigurationV1.java | 5 + .../attributes/PlatformProperty.java | 13 +- .../attributes/TBBSecurityAssertion.java | 125 ++---------------- .../attributes/TPMSecurityAssertions.java | 29 ++-- .../attributes/TPMSpecification.java | 15 +-- .../certificate/attributes/URIReference.java | 9 ++ .../attributes/V2/ComponentIdentifierV2.java | 38 ++---- .../V2/PlatformConfigurationV2.java | 5 + .../attributes/V2/PlatformPropertyV2.java | 10 +- .../userdefined/info/ComponentInfo.java | 39 +----- .../entity/userdefined/info/TPMInfo.java | 2 - .../rim/BaseReferenceManifest.java | 7 +- .../userdefined/rim/EventLogMeasurements.java | 20 +-- .../rim/SupportReferenceManifest.java | 40 +----- .../persist/enums/HealthStatus.java | 7 +- .../persist/provision/AbstractProcessor.java | 15 ++- .../provision/helper/ProvisionUtils.java | 2 +- .../service/SupplyChainValidationService.java | 1 - .../persist/service/ValidationService.java | 45 ++++--- .../AttestationCertificateAuthorityTest.java | 39 +++--- .../entity/tpm/TPM2ProvisionerStateTest.java | 10 +- .../AbstractUserdefinedEntityTest.java | 45 +++---- .../entity/userdefined/CertificateTest.java | 68 +++++----- .../SupplyChainValidationTest.java | 10 +- .../certificate/PlatformCredentialTest.java | 5 +- .../attributes/TPMSecurityAssertionsTest.java | 14 +- .../entity/userdefined/info/TPMInfoTest.java | 35 +++-- .../SupplyChainCredentialValidatorTest.java | 58 +++++++- config/checkstyle/checkstyle.xml | 6 +- 35 files changed, 369 insertions(+), 434 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java index 38d4e551..07df1852 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java @@ -626,7 +626,7 @@ public abstract class Certificate extends ArchivableEntity { * on the portal. * * @return A list of URLs that inform the location of the certificate revocation lists - * @throws java.io.IOException + * @throws IOException if there is an issue while retrieving the CRL Distribution point */ private String getCRLDistributionPoint() throws IOException { List crlUrls = new ArrayList<>(); @@ -972,6 +972,11 @@ public abstract class Certificate extends ArchivableEntity { return null; } + /** + * Creates a string representation of the Certificate object. + * + * @return a string representation of the Certificate object. + */ @Override public String toString() { return String.format("Certificate{%s, AuthID=%s, serialNumber=%s, " @@ -982,6 +987,13 @@ public abstract class Certificate extends ArchivableEntity { signatureAlgorithm, certificateHash); } + /** + * Compares this certificate to the provided object to verify that both this and the provided certificate + * objects are equal. + * + * @param o object to compare + * @return true if both the provided certificate and this certificate are equal, false otherwise + */ @Override public boolean equals(final Object o) { if (this == o) { @@ -997,6 +1009,11 @@ public abstract class Certificate extends ArchivableEntity { return Arrays.equals(certificateBytes, that.certificateBytes); } + /** + * Creates an integer hash code for this Certificate object. + * + * @return integer hash code + */ @Override public int hashCode() { return Arrays.hashCode(certificateBytes); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java index 4202362f..891bf6b1 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java @@ -18,8 +18,8 @@ import java.util.List; /** * Represents an issued attestation certificate to a HIRS Client. */ -@NoArgsConstructor(access = AccessLevel.PROTECTED) @Getter +@NoArgsConstructor(access = AccessLevel.PROTECTED) @Entity public class IssuedAttestationCertificate extends DeviceAssociatedCertificate { @@ -29,7 +29,7 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate { public static final String AIC_TYPE_LABEL = "TCPA Trusted Platform Identity"; @Column - public boolean isLDevID; + private boolean isLDevID; @ManyToOne(fetch = FetchType.EAGER) @JoinColumn(name = "ek_id") diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java index a1432d48..a9c115a5 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java @@ -126,6 +126,11 @@ public class CommonCriteriaMeasures { } } + /** + * Creates a custom string representation of the Common Criteria Measures object. + * + * @return a string representation of Common Criteria Measures + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java index d8eb162c..2f9f82a9 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java @@ -27,12 +27,17 @@ public class ComponentAddress { public static final int IDENTIFIER_NUMBER = 2; private static final String ETHERNET_MAC = "2.23.133.17.1"; + private static final String WLAN_MAC = "2.23.133.17.2"; + private static final String BLUETOOTH_MAC = "2.23.133.17.3"; private ASN1ObjectIdentifier addressType; + private ASN1UTF8String addressValue; + private String addressTypeString; + private String addressValueString; /** @@ -74,6 +79,12 @@ public class ComponentAddress { }; } + + /** + * Creates a string representation of the Component Address object. + * + * @return a string representation of the Component Address object. + */ @Override public String toString() { return "ComponentAddress{" diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java index b0c37e7a..7b56a283 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java @@ -201,6 +201,11 @@ public class ComponentIdentifier { return false; } + /** + * Creates a string representation of the Component Identifier object. + * + * @return a string representation of the Component Identifier object. + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/FIPSLevel.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/FIPSLevel.java index 012fb957..b04ce00d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/FIPSLevel.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/FIPSLevel.java @@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; +import lombok.ToString; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.ASN1IA5String; @@ -17,18 +18,18 @@ import org.bouncycastle.asn1.ASN1Sequence; * plus BOOLEAN DEFAULT FALSE } * */ +@Getter +@Setter @AllArgsConstructor +@ToString public class FIPSLevel { private static final int MAX_SEQUENCE_SIZE = 3; - @Getter - @Setter + private ASN1IA5String version; - @Getter - @Setter + private SecurityLevel level; - @Getter - @Setter + private ASN1Boolean plus; /** @@ -65,15 +66,6 @@ public class FIPSLevel { } } - @Override - public String toString() { - return "FIPSLevel{" - + "version=" + version.getString() - + ", level=" + level.getValue() - + ", plus=" + plus.toString() - + '}'; - } - /** * A type to handle the security Level used in the FIPS Level. * Ordering of enum types is intentional and their ordinal values correspond to enum @@ -87,6 +79,8 @@ public class FIPSLevel { * level4 (4) } * */ + @Getter + @AllArgsConstructor public enum SecurityLevel { /** * Security Level 1. @@ -106,23 +100,5 @@ public class FIPSLevel { LEVEL4("level 4"); private final String value; - - /** - * Basic constructor. - * - * @param value string containing the value. - */ - SecurityLevel(final String value) { - this.value = value; - } - - /** - * Get the string value from the StrengthOfFunction. - * - * @return the string containing the value. - */ - public String getValue() { - return this.value; - } } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java index 9f8a253e..c0dd0df6 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java @@ -77,6 +77,11 @@ public class PlatformConfigurationV1 extends PlatformConfiguration { } } + /** + * Creates a string representation of the Platform Configuration V1 object. + * + * @return a string representation of the Platform Configuration V1 object. + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformProperty.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformProperty.java index 9d3d2d06..d36e5b8e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformProperty.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformProperty.java @@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes; import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; +import lombok.ToString; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.DERUTF8String; @@ -19,14 +20,18 @@ import org.bouncycastle.asn1.DERUTF8String; @Getter @Setter @AllArgsConstructor +@ToString public class PlatformProperty { /** * Number of identifiers for version 1. */ protected static final int IDENTIFIER_NUMBER = 2; + private static final String NOT_SPECIFIED = "Not Specified"; + private ASN1UTF8String propertyName; + private ASN1UTF8String propertyValue; /** @@ -54,12 +59,4 @@ public class PlatformProperty { this.propertyName = ASN1UTF8String.getInstance(sequence.getObjectAt(0)); this.propertyValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1)); } - - @Override - public String toString() { - return "PlatformProperty{" - + "propertyName=" + propertyName.getString() - + ", propertyValue=" + propertyValue.getString() - + "}"; - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TBBSecurityAssertion.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TBBSecurityAssertion.java index 48d4195e..74d14a55 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TBBSecurityAssertion.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TBBSecurityAssertion.java @@ -2,6 +2,8 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes; import lombok.AllArgsConstructor; import lombok.Getter; +import lombok.Setter; +import lombok.ToString; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.ASN1IA5String; @@ -24,17 +26,28 @@ import java.math.BigInteger; * iso9000Uri IA5STRING (SIZE (1..URIMAX)) OPTIONAL } * */ +@Setter +@Getter @AllArgsConstructor +@ToString public class TBBSecurityAssertion { private static final int CCINFO = 0; + private static final int FIPSLEVEL = 1; + private static final int RTMTYPE = 2; + private ASN1Integer version; + private CommonCriteriaMeasures ccInfo; + private FIPSLevel fipsLevel; + private MeasurementRootType rtmType; + private ASN1Boolean iso9000Certified; + private ASN1IA5String iso9000Uri; /** @@ -115,118 +128,6 @@ public class TBBSecurityAssertion { } } - /** - * @return the version - */ - public ASN1Integer getVersion() { - return version; - } - - /** - * @param version the version to set - */ - public void setVersion(final ASN1Integer version) { - this.version = version; - } - - /** - * @return the ccInfo - */ - public CommonCriteriaMeasures getCcInfo() { - return ccInfo; - } - - /** - * @param ccInfo the ccInfo to set - */ - public void setCcInfo(final CommonCriteriaMeasures ccInfo) { - this.ccInfo = ccInfo; - } - - /** - * @return the fipsLevel - */ - public FIPSLevel getFipsLevel() { - return fipsLevel; - } - - /** - * @param fipsLevel the fipsLevel to set - */ - public void setFipsLevel(final FIPSLevel fipsLevel) { - this.fipsLevel = fipsLevel; - } - - /** - * @return the rtmType - */ - public MeasurementRootType getRtmType() { - return rtmType; - } - - /** - * @param rtmType the rtmType to set - */ - public void setRtmType(final MeasurementRootType rtmType) { - this.rtmType = rtmType; - } - - /** - * @return the iso9000Certified - */ - public ASN1Boolean getIso9000Certified() { - return iso9000Certified; - } - - /** - * @param iso9000Certified the iso9000Certified to set - */ - public void setIso9000Certified(final ASN1Boolean iso9000Certified) { - this.iso9000Certified = iso9000Certified; - } - - /** - * @return the iso9000Uri - */ - public ASN1IA5String getIso9000Uri() { - return iso9000Uri; - } - - /** - * @param iso9000Uri the iso9000Uri to set - */ - public void setIso9000Uri(final ASN1IA5String iso9000Uri) { - this.iso9000Uri = iso9000Uri; - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("TBBSecurityAssertion{"); - sb.append("version=").append(version.toString()); - //Optional values not null - sb.append(", ccInfo="); - if (ccInfo != null) { - sb.append(ccInfo); - } - sb.append(", fipsLevel="); - if (fipsLevel != null) { - sb.append(fipsLevel); - } - sb.append(", rtmType="); - if (rtmType != null) { - sb.append(rtmType.getValue()); - } - sb.append(", iso9000Certified=").append(iso9000Certified.toString()); - sb.append(", iso9000Uri="); - if (iso9000Uri != null) { - sb.append(iso9000Uri.getString()); - } - sb.append("}"); - - return sb.toString(); - } - /** * A type to handle the evaluation status used in the Common Criteria Measurement. * Ordering of enum types is intentional and their ordinal values correspond to enum diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertions.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertions.java index 2f0e7d32..11553e8e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertions.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertions.java @@ -7,6 +7,7 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import lombok.ToString; import java.io.Serializable; import java.math.BigInteger; @@ -21,22 +22,27 @@ import java.math.BigInteger; * www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf * for specifications for TPM 2.0 (pg. 19). */ -@AllArgsConstructor -@NoArgsConstructor(access = AccessLevel.PROTECTED) @Getter @Setter +@AllArgsConstructor +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@ToString @Embeddable public class TPMSecurityAssertions implements Serializable { @Column private BigInteger tpmSecAssertsVersion; //default v1 + @Column private boolean fieldUpgradeable; //default false - @Column(nullable = true) + + @Column private EkGenerationType ekGenType; //optional - @Column(nullable = true) - private EkGenerationLocation ekGenerationLocation; //optional - @Column(nullable = true) + + @Column + private EkGenerationLocation ekGenerationLocation; //optionalv + + @Column private EkGenerationLocation ekCertificateGenerationLocation; //optional /** @@ -52,17 +58,6 @@ public class TPMSecurityAssertions implements Serializable { this.fieldUpgradeable = fieldUpgradeable; } - @Override - public String toString() { - return "TPMSecurityAssertions{" - + "version=" + tpmSecAssertsVersion - + ", fieldUpgradeable=" + fieldUpgradeable - + ", ekGenType=" + ekGenType - + ", ekGenLoc=" + ekGenerationLocation - + ", ekCertGenLoc=" + ekCertificateGenerationLocation - + '}'; - } - // Future work (may need to create other classes): //private CommonCriteriaMeasures commCritMeasures; //optional //private FIPSLevel fipsLevel; //optional diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSpecification.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSpecification.java index 91768a6a..fef71ed8 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSpecification.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSpecification.java @@ -6,6 +6,7 @@ import lombok.AccessLevel; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.NoArgsConstructor; +import lombok.ToString; import java.io.Serializable; import java.math.BigInteger; @@ -20,9 +21,10 @@ import java.math.BigInteger; * www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf * for specifications for TPM 2.0. */ -@EqualsAndHashCode -@NoArgsConstructor(access = AccessLevel.PROTECTED) @Getter +@NoArgsConstructor(access = AccessLevel.PROTECTED) +@ToString +@EqualsAndHashCode @Embeddable public class TPMSpecification implements Serializable { @@ -48,13 +50,4 @@ public class TPMSpecification implements Serializable { this.level = level; this.revision = revision; } - - @Override - public String toString() { - return "TPMSpecification{" - + "family='" + family + '\'' - + ", level=" + level - + ", revision=" + revision - + '}'; - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/URIReference.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/URIReference.java index 4b8915d2..2df498ce 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/URIReference.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/URIReference.java @@ -24,9 +24,13 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @AllArgsConstructor public class URIReference { private static final int PLATFORM_PROPERTIES_URI_MAX = 3; + private static final int PLATFORM_PROPERTIES_URI_MIN = 1; + private ASN1IA5String uniformResourceIdentifier; + private AlgorithmIdentifier hashAlgorithm; + @JsonIgnore private ASN1BitString hashValue; @@ -70,6 +74,11 @@ public class URIReference { } } + /** + * Creates a string representation of the URI Reference object. + * + * @return a string representation of URI Reference + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java index f3394857..e7b4aa5b 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java @@ -4,6 +4,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Comp import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference; +import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; import org.bouncycastle.asn1.ASN1Boolean; @@ -16,7 +17,6 @@ import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.DERUTF8String; import java.util.List; -import java.util.Objects; import java.util.stream.Collectors; /** @@ -40,17 +40,24 @@ import java.util.stream.Collectors; */ @Getter @Setter +@EqualsAndHashCode(callSuper = true) public class ComponentIdentifierV2 extends ComponentIdentifier { private static final int MANDATORY_ELEMENTS = 3; + // Additional optional identifiers for version 2 private static final int COMPONENT_PLATFORM_CERT = 5; + private static final int COMPONENT_PLATFORM_URI = 6; + private static final int ATTRIBUTE_STATUS = 7; private ComponentClass componentClass; + private CertificateIdentifier certificateIdentifier; + private URIReference componentPlatformUri; + private AttributeStatus attributeStatus; /** @@ -201,30 +208,11 @@ public class ComponentIdentifierV2 extends ComponentIdentifier { return true; } - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass()) { - return false; - } - if (!super.equals(o)) { - return false; - } - ComponentIdentifierV2 that = (ComponentIdentifierV2) o; - return Objects.equals(componentClass, that.componentClass) - && Objects.equals(certificateIdentifier, that.certificateIdentifier) - && Objects.equals(componentPlatformUri, that.componentPlatformUri) - && attributeStatus == that.attributeStatus; - } - - @Override - public int hashCode() { - return Objects.hash(super.hashCode(), componentClass, - certificateIdentifier, componentPlatformUri, attributeStatus); - } - + /** + * Creates a string representation of the Component Identifier V2 object. + * + * @return a string representation of the Component Identifier V2 object. + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java index 638542a0..58dd341d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java @@ -87,6 +87,11 @@ public class PlatformConfigurationV2 extends PlatformConfiguration { } } + /** + * Creates a string representation of the Platform Configuration V2 object. + * + * @return a string representation of the Platform Configuration V2 object. + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformPropertyV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformPropertyV2.java index cd6d3b7b..3a8146a4 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformPropertyV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformPropertyV2.java @@ -17,10 +17,10 @@ import org.bouncycastle.asn1.ASN1UTF8String; * * */ +@Setter +@Getter public class PlatformPropertyV2 extends PlatformProperty { - @Getter - @Setter private AttributeStatus attributeStatus; /** @@ -83,6 +83,12 @@ public class PlatformPropertyV2 extends PlatformProperty { return getAttributeStatus() != AttributeStatus.REMOVED; } + + /** + * Creates a string representation of the PlatformPropertyV2 object. + * + * @return a string representation of the PlatformPropertyV2 object + */ @Override public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java index 6e8901fb..aa98f282 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java @@ -9,6 +9,7 @@ import jakarta.persistence.DiscriminatorType; import jakarta.persistence.Entity; import jakarta.xml.bind.annotation.XmlElement; import lombok.AccessLevel; +import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; @@ -24,6 +25,7 @@ import java.util.Objects; @Entity @Getter @NoArgsConstructor(access = AccessLevel.PROTECTED) +@EqualsAndHashCode(callSuper = false) @DiscriminatorColumn(name = "componentTypeEnum", discriminatorType = DiscriminatorType.STRING) public class ComponentInfo extends ArchivableEntity { @@ -152,31 +154,6 @@ public class ComponentInfo extends ArchivableEntity { || StringUtils.isEmpty(componentModel)); } - /** - * Equals for the component info that just uses this classes attributes. - * - * @param object the object to compare - * @return the boolean result - */ - @Override - public boolean equals(Object object) { - if (this == object) { - return true; - } - if (object == null || getClass() != object.getClass()) { - return false; - } - - ComponentInfo that = (ComponentInfo) object; - return Objects.equals(deviceName, that.deviceName) - && Objects.equals(componentManufacturer, - that.componentManufacturer) - && Objects.equals(componentModel, that.componentModel) - && Objects.equals(componentSerial, that.componentSerial) - && Objects.equals(componentRevision, that.componentRevision) - && Objects.equals(componentClass, that.componentClass); - } - /** * Returns a hash code that is associated with common fields for components. * @@ -186,16 +163,4 @@ public class ComponentInfo extends ArchivableEntity { return Objects.hash(componentManufacturer, componentModel, componentSerial, componentRevision, componentClass); } - - /** - * Hash method for the attributes of this class. - * - * @return int value that represents this class - */ - @Override - public int hashCode() { - return Objects.hash(deviceName, componentManufacturer, - componentModel, componentSerial, componentRevision, - componentClass); - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfo.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfo.java index 42c07892..099eecff 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfo.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfo.java @@ -79,7 +79,6 @@ public class TPMInfo implements Serializable { * @param tpmQuoteHash short representing the minor revision number for the TPM * @param tpmQuoteSignature byte array with the value of the identity certificate */ - @SuppressWarnings("parameternumber") public TPMInfo(final String tpmMake, final short tpmVersionMajor, final short tpmVersionMinor, final short tpmVersionRevMajor, final short tpmVersionRevMinor, @@ -110,7 +109,6 @@ public class TPMInfo implements Serializable { * @param tpmQuoteHash short representing the minor revision number for the TPM * @param tpmQuoteSignature byte array with the value of the identity certificate */ - @SuppressWarnings("parameternumber") public TPMInfo(final String tpmMake, final short tpmVersionMajor, final short tpmVersionMinor, final short tpmVersionRevMajor, final short tpmVersionRevMinor, final byte[] pcrValues, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index 6c993795..4f7ba942 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -42,7 +42,7 @@ import java.util.List; @Getter @Setter @NoArgsConstructor(access = AccessLevel.PROTECTED) -@EqualsAndHashCode +@EqualsAndHashCode(callSuper = true) @Entity public class BaseReferenceManifest extends ReferenceManifest { /** @@ -377,6 +377,11 @@ public class BaseReferenceManifest extends ReferenceManifest { return document; } + /** + * Creates a string representation of the Base Reference Manifest object. + * + * @return a string representation of the Base Reference Manifest object. + */ @Override public String toString() { return String.format("ReferenceManifest{swidName=%s," diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java index 57607c72..3ed6f69e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java @@ -8,6 +8,7 @@ import jakarta.persistence.Column; import jakarta.persistence.Entity; import jakarta.persistence.EnumType; import jakarta.persistence.Enumerated; +import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; import lombok.extern.log4j.Log4j2; @@ -26,6 +27,7 @@ import java.util.Collection; */ @Getter @Setter +@EqualsAndHashCode @Log4j2 @Entity public class EventLogMeasurements extends SupportReferenceManifest { @@ -105,22 +107,4 @@ public class EventLogMeasurements extends SupportReferenceManifest { return new ArrayList<>(); } - - @Override - public boolean equals(final Object object) { - if (this == object) { - return true; - } - if (object == null || getClass() != object.getClass()) { - return false; - } - EventLogMeasurements that = (EventLogMeasurements) object; - - return this.getHexDecHash().equals(that.getHexDecHash()); - } - - @Override - public int hashCode() { - return super.hashCode(); - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java index 9aef0d7e..2cde6cb1 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java @@ -6,6 +6,7 @@ import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import jakarta.persistence.Column; import jakarta.persistence.Entity; +import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; import lombok.extern.log4j.Log4j2; @@ -16,7 +17,6 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Objects; /** * Sub class that will just focus on PCR Values and Events. @@ -24,12 +24,14 @@ import java.util.Objects; @Log4j2 @Getter @Setter +@EqualsAndHashCode(callSuper = true) @Entity public class SupportReferenceManifest extends ReferenceManifest { @Column @JsonIgnore private int pcrHash = 0; + @Column private boolean updated = false; @@ -79,12 +81,8 @@ public class SupportReferenceManifest extends ReferenceManifest { TCGEventLog logProcessor = new TCGEventLog(this.getRimBytes()); this.pcrHash = Arrays.hashCode(logProcessor.getExpectedPCRValues()); return logProcessor.getExpectedPCRValues(); - } catch (CertificateException cEx) { - log.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - log.error(noSaEx); - } catch (IOException ioEx) { - log.error(ioEx); + } catch (CertificateException | NoSuchAlgorithmException | IOException exception) { + log.error(exception); } return new String[0]; @@ -100,12 +98,8 @@ public class SupportReferenceManifest extends ReferenceManifest { try { logProcessor = new TCGEventLog(this.getRimBytes()); return logProcessor.getEventList(); - } catch (CertificateException cEx) { - log.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - log.error(noSaEx); - } catch (IOException ioEx) { - log.error(ioEx); + } catch (CertificateException | NoSuchAlgorithmException | IOException exception) { + log.error(exception); } return new ArrayList<>(); @@ -120,24 +114,4 @@ public class SupportReferenceManifest extends ReferenceManifest { public boolean isBaseSupport() { return !this.isSwidSupplemental() && !this.isSwidPatch(); } - - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass()) { - return false; - } - if (!super.equals(o)) { - return false; - } - SupportReferenceManifest that = (SupportReferenceManifest) o; - return pcrHash == that.pcrHash && updated == that.updated; - } - - @Override - public int hashCode() { - return Objects.hash(super.hashCode(), pcrHash, updated); - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java index c9bff06f..86a71142 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java @@ -2,6 +2,7 @@ package hirs.attestationca.persist.enums; import lombok.AllArgsConstructor; import lombok.Getter; +import lombok.ToString; import java.util.Arrays; import java.util.stream.Collectors; @@ -11,6 +12,7 @@ import java.util.stream.Collectors; */ @Getter @AllArgsConstructor +@ToString public enum HealthStatus { /** * The trusted state, no issues with the device. @@ -35,9 +37,4 @@ public enum HealthStatus { .collect(Collectors.toSet()) .contains(healthStatus); } - - @Override - public String toString() { - return getHealthStatus(); - } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java index e28c3379..46ced0d9 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java @@ -40,16 +40,16 @@ import java.util.Date; import java.util.LinkedList; import java.util.List; +@Getter @Log4j2 @NoArgsConstructor public class AbstractProcessor { - @Getter private int validDays; - @Getter + private PrivateKey privateKey; + @Setter - @Getter private PolicyRepository policyRepository; /** @@ -247,7 +247,8 @@ public class AbstractProcessor { final byte[] derEncodedAttestationCertificate, final EndorsementCredential endorsementCredential, final List platformCredentials, - final Device device, boolean isLDevID) { + final Device device, + final boolean isLDevID) { List issuedAc; boolean generateCertificate = true; PolicyRepository scp = getPolicyRepository(); @@ -269,9 +270,9 @@ public class AbstractProcessor { generateCertificate = isLDevID ? policySettings.isIssueDevIdCertificate() : policySettings.isIssueAttestationCertificate(); - if (issuedAc != null && issuedAc.size() > 0 && - (isLDevID ? policySettings.isDevIdExpirationFlag() - : policySettings.isGenerateOnExpiration())) { + if (issuedAc != null && issuedAc.size() > 0 + && (isLDevID ? policySettings.isDevIdExpirationFlag() + : policySettings.isGenerateOnExpiration())) { if (issuedAc.get(0).getEndValidity().after(currentDate)) { // so the issued AC is not expired // however are we within the threshold diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java index 549a9e6e..92de652e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java @@ -97,7 +97,7 @@ public final class ProvisionUtils { private static final SecureRandom SECURE_RANDOM = new SecureRandom(); /** - * This private constructor was created to silence one of checkstyle errors + * This private constructor was created to silence one of checkstyle errors. */ private ProvisionUtils() { } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java index 1b763368..a0a8f9d9 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java @@ -72,7 +72,6 @@ public class SupplyChainValidationService { * @param referenceDigestValueRepository the even manager */ @Autowired - @SuppressWarnings("ParameterNumberCheck") public SupplyChainValidationService( final CACredentialRepository caCredentialRepository, final PolicyRepository policyRepository, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java index bf0661cb..8967244f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java @@ -169,16 +169,18 @@ public class ValidationService { } /** - * @param deviceInfoReport - * @param base - * @param deltaMapping - * @param certificateRepository - * @param componentResultRepository - * @param componentAttributeRepository - * @param componentInfos - * @param provisionSessionId - * @param ignoreRevisionAttribute - * @return + * Evaluates delta attributes status. + * + * @param deviceInfoReport device information report + * @param base base platform credential + * @param deltaMapping delta mapping + * @param certificateRepository certificate repository + * @param componentResultRepository component result repository + * @param componentAttributeRepository component attribute repository + * @param componentInfos list of component information + * @param provisionSessionId uuid representation of the provision session ID + * @param ignoreRevisionAttribute whether to ignore the revision attribute + * @return a supply chain validation */ public static SupplyChainValidation evaluateDeltaAttributesStatus( final DeviceInfoReport deviceInfoReport, @@ -221,12 +223,14 @@ public class ValidationService { } /** - * @param device - * @param policySettings - * @param rimRepo - * @param rdvRepo - * @param caRepo - * @return + * Evaluates the firmware status. + * + * @param device device + * @param policySettings policy settings + * @param rimRepo reference manifest repository + * @param rdvRepo reference digest value repository + * @param caRepo CA Credential repository + * @return a supply chain validation */ public static SupplyChainValidation evaluateFirmwareStatus( final Device device, @@ -338,6 +342,7 @@ public class ValidationService { * @param credential the credential whose CA chain should be retrieved * @param previouslyQueriedSubjects a list of organizations to refrain * from querying + * @param caCredentialRepository CA Credential repository * @return a Set containing all relevant CA credentials to the given * certificate's organization */ @@ -379,6 +384,14 @@ public class ValidationService { return caCreds; } + /** + * Creates a key store using the provided set of certificate authority credentials. + * + * @param certs set of certificate authority credentials + * @return a keystore + * @throws KeyStoreException if there is an issue creating a key store + * @throws IOException if there is an issue creating a key store + */ public static KeyStore caCertSetToKeystore(final Set certs) throws KeyStoreException, IOException { KeyStore keyStore = KeyStore.getInstance("JKS"); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java index a5e1c56f..c0deaec3 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java @@ -130,8 +130,9 @@ public class AttestationCertificateAuthorityTest { public void setupTests() throws Exception { //BeforeSuite + final int keySize = 2048; KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(2048); + keyPairGenerator.initialize(keySize); keyPair = keyPairGenerator.generateKeyPair(); //BeforeTest @@ -257,8 +258,11 @@ public class AttestationCertificateAuthorityTest { SymmetricKey symmetricKey = ProvisionUtils.generateSymmetricKey(); // assert the symmetric algorithm, scheme, and key size are all set appropriately - assertTrue(symmetricKey.getAlgorithmId() == 6); - assertTrue(symmetricKey.getEncryptionScheme() == 255); + final int expectedAlgorithmId = 6; + final int expectedEncryptionScheme = 255; + + assertTrue(symmetricKey.getAlgorithmId() == expectedAlgorithmId); + assertTrue(symmetricKey.getEncryptionScheme() == expectedEncryptionScheme); assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length); } @@ -337,8 +341,9 @@ public class AttestationCertificateAuthorityTest { assertNotNull(attestation); // validate the attestation algorithm + final int expectedAlgorithmId = 6; assertNotNull(attestation.getAlgorithm()); - assertTrue(attestation.getAlgorithm().getAlgorithmId() == 6); + assertTrue(attestation.getAlgorithm().getAlgorithmId() == expectedAlgorithmId); assertTrue(attestation.getAlgorithm().getEncryptionScheme() == 0x1); assertTrue(attestation.getAlgorithm().getSignatureScheme() == 0); assertTrue(attestation.getAlgorithm().getParamsSize() == 0); @@ -465,7 +470,8 @@ public class AttestationCertificateAuthorityTest { // assert that the exponent and the modulus are the same. the exponents should be the well // known prime, 101 - assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16))); + final int radix = 16; + assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix))); assertTrue(publicKey.getModulus().equals(modulus)); } @@ -486,7 +492,8 @@ public class AttestationCertificateAuthorityTest { // assert that the exponent and the modulus are the same. the exponents should be the well // known prime, 101. - assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16))); + final int radix = 16; + assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix))); assertTrue(publicKey.getModulus().equals(modulus)); } @@ -504,7 +511,8 @@ public class AttestationCertificateAuthorityTest { byte[] ekFile = Files.readAllBytes(ekPath); RSAPublicKey ek = ProvisionUtils.parsePublicKey(ekFile); - assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", 16))); + final int radix = 16; + assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", radix))); byte[] mod = ek.getModulus().toByteArray(); // big integer conversion is signed so it can add a 0 byte @@ -532,7 +540,8 @@ public class AttestationCertificateAuthorityTest { byte[] akFile = Files.readAllBytes(akPath); RSAPublicKey ak = ProvisionUtils.parsePublicKey(akFile); - assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", 16))); + final int radix = 16; + assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", radix))); byte[] mod = ak.getModulus().toByteArray(); // big integer conversion is signed so it can add a 0 byte @@ -598,7 +607,7 @@ public class AttestationCertificateAuthorityTest { RSAPublicKey akPub = ProvisionUtils.parsePublicKey(akPubFile); // prepare the nonce and wrap it with keys - byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, + final byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31}; ByteString blob = ProvisionUtils.tpm20MakeCredential(ekPub, akPub, nonce); @@ -636,12 +645,12 @@ public class AttestationCertificateAuthorityTest { * Test helper method that encrypts a blob using a shared key and IV using the specified * transformation. * - * @param blob to be encrypted + * @param blob blob to be encrypted * @param key shared key * @param iv to encrypt with * @param transformation of the encryption cipher * @return encrypted blob - * @throws Exception + * @throws Exception if there are any issues while encrypting the blob */ private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv, final String transformation) throws Exception { @@ -664,9 +673,9 @@ public class AttestationCertificateAuthorityTest { /** * Test helper method to decrypt blobs. * - * @param blob to be decrypted + * @param blob blob to be decrypted * @return decrypted blob - * @throws Exception + * @throws Exception if there are any issues while decrypting the blob */ private byte[] decryptBlob(final byte[] blob) throws Exception { // initialize a cipher using the specified transformation @@ -686,12 +695,12 @@ public class AttestationCertificateAuthorityTest { * Test helper method that decrypts a blob using a shared key and IV using the specified. * transformation. * - * @param blob to be decrypted + * @param blob blob to be decrypted * @param key shared key * @param iv to decrypt with * @param transformation of the decryption cipher * @return decrypted blob - * @throws Exception + * @throws Exception if there are any issues while decrypting the blob */ private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv, final String transformation) throws Exception { diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java index 2c50cc70..6ce900c9 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java @@ -172,14 +172,20 @@ public class TPM2ProvisionerStateTest { RANDOM_GENERATOR.nextBytes(nonce); RANDOM_GENERATOR.nextBytes(identityClaim); - + DataInputStream dis = new DataInputStream(new ByteArrayInputStream(nonce)); Long index = dis.readLong(); dis.close(); + TPM2ProvisionerState value = new TPM2ProvisionerState(nonce, identityClaim); + when(tpm2ProvisionerStateRepository.findByFirstPartOfNonce(index)).thenReturn(value); + + final int nonce2Size = 7; TPM2ProvisionerState tpm2ProvisionerState = - TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository, new byte[7]); + TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository, + new byte[nonce2Size]); + assertNull(tpm2ProvisionerState); } } diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java index 086d8e6c..bd4786fc 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java @@ -40,18 +40,15 @@ public class AbstractUserdefinedEntityTest { * Location of a test (fake) SGI intermediate CA certificate. */ public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer"; - /** * Location of a test (fake) Intel intermediate CA certificate. */ public static final String FAKE_INTEL_INT_CA_FILE = "/certificates/fakeIntelIntermediateCA.cer"; - /** * Location of a test (fake) root CA certificate. */ public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer"; - /** * Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE. */ @@ -97,6 +94,12 @@ public class AbstractUserdefinedEntityTest { private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer"; private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class); + /** + * This protected constructor was created to silence one of checkstyle errors. + */ + protected AbstractUserdefinedEntityTest() { + } + /** * Construct a test certificate from the given parameters. * @@ -121,13 +124,14 @@ public class AbstractUserdefinedEntityTest { * @param endorsementCredential the endorsement credentials (can be null) * @param platformCredentials the platform credentials (can be null) * @return the newly-constructed Certificate - * @throws IOException if there is a problem constructing the test certificate + * @throws IOException if there is a problem constructing the test certificate + * @throws IllegalArgumentException if there is a problem retrieving the certificate class simple name */ public static Certificate getTestCertificate( final Class certificateClass, final String filename, final EndorsementCredential endorsementCredential, final List platformCredentials) - throws IOException { + throws IOException, IllegalArgumentException { Path certPath; try { @@ -139,23 +143,17 @@ public class AbstractUserdefinedEntityTest { throw new IOException("Could not resolve path URI", e); } - switch (certificateClass.getSimpleName()) { - case "CertificateAuthorityCredential": - return new CertificateAuthorityCredential(certPath); - case "ConformanceCredential": - return new ConformanceCredential(certPath); - case "EndorsementCredential": - return new EndorsementCredential(certPath); - case "PlatformCredential": - return new PlatformCredential(certPath); - case "IssuedAttestationCertificate": - return new IssuedAttestationCertificate(certPath, - endorsementCredential, platformCredentials, false); - default: - throw new IllegalArgumentException( - String.format("Unknown certificate class %s", certificateClass.getName()) - ); - } + return switch (certificateClass.getSimpleName()) { + case "CertificateAuthorityCredential" -> new CertificateAuthorityCredential(certPath); + case "ConformanceCredential" -> new ConformanceCredential(certPath); + case "EndorsementCredential" -> new EndorsementCredential(certPath); + case "PlatformCredential" -> new PlatformCredential(certPath); + case "IssuedAttestationCertificate" -> new IssuedAttestationCertificate(certPath, + endorsementCredential, platformCredentials, false); + default -> throw new IllegalArgumentException( + String.format("Unknown certificate class %s", certificateClass.getName()) + ); + }; } /** @@ -192,8 +190,9 @@ public class AbstractUserdefinedEntityTest { public static NetworkInfo createTestNetworkInfo() { try { final String hostname = "test.hostname"; + final byte[] byteAddress = new byte[] {127, 0, 0, 1}; final InetAddress ipAddress = - InetAddress.getByAddress(new byte[] {127, 0, 0, 1}); + InetAddress.getByAddress(byteAddress); final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66}; return new NetworkInfo(hostname, ipAddress, macAddress); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java index 38abacb1..49edfd87 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java @@ -14,7 +14,6 @@ import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.security.NoSuchProviderException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -80,10 +79,12 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { private static final String RDN_COMMA_SEPARATED = "CN=STM TPM EK Intermediate CA 02, O=STMicroelectronics NV, C=CH"; + private static final String RDN_MULTIVALUE = "CN=Nuvoton TPM Root CA 2010+O=Nuvoton Technology Corporation+C=TW"; private static final String RDN_COMMA_SEPARATED_ORGANIZATION = "STMicroelectronics NV"; + private static final String RDN_MULTIVALUE_ORGANIZATION = "Nuvoton Technology Corporation"; private static final String EK_CERT_WITH_PADDED_BYTES = @@ -135,6 +136,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { FAKE_ROOT_CA_FILE)).toURI()) ) ); + assertEquals( "CN=Fake Root CA", certificate.getX509Certificate().getIssuerX500Principal().getName() @@ -144,12 +146,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Ensure that a Certificate cannot be created from a null byte array. * - * @throws IOException if the certificate could not be constructed properly - * @throws CertificateException if there is a problem de/serializing the certificate + * @throws IllegalArgumentException if there is a problem de/serializing the certificate */ @Test public void testConstructCertFromNullByteArray() - throws IOException, CertificateException { + throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new CertificateAuthorityCredential((byte[]) null)); } @@ -157,12 +158,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Ensure that a Certificate cannot be created from an empty byte array. * - * @throws IOException if the certificate could not be constructed properly - * @throws CertificateException if there is a problem de/serializing the certificate + * @throws IllegalArgumentException if there is a problem de/serializing the certificate */ @Test public void testConstructCertFromEmptyByteArray() - throws IOException, CertificateException { + throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new CertificateAuthorityCredential(new byte[] {})); } @@ -179,6 +179,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { Paths.get(Objects.requireNonNull(this.getClass().getResource( FAKE_ROOT_CA_FILE)).toURI()) ); + assertEquals( "CN=Fake Root CA", certificate.getX509Certificate().getIssuerX500Principal().getName() @@ -188,11 +189,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Tests that a certificate cannot be constructed from a null path. * - * @throws IOException if there is a problem reading the cert file at the given path - * @throws URISyntaxException if there is a problem constructing the URI + * @throws IllegalArgumentException if there is a problem constructing the URI */ @Test - public void testConstructCertFromNullPath() throws URISyntaxException, IOException { + public void testConstructCertFromNullPath() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new CertificateAuthorityCredential((Path) null)); } @@ -208,6 +208,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { assertEquals( Certificate.CertificateType.X509_CERTIFICATE, getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType()); + assertNotEquals( Certificate.CertificateType.ATTRIBUTE_CERTIFICATE, getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType()); @@ -222,7 +223,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { getTestCertificate( PlatformCredential.class, TEST_PLATFORM_CERT_3).getCertificateType()); - } /** @@ -256,7 +256,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { "GETY42100160", ((PlatformCredential) platformCredential).getPlatformSerial() ); - } /** @@ -289,6 +288,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { @Test public void testX509CertificateParsingExtended() throws IOException { Certificate rootCert = getTestCertificate(INTEL_INT_CA_FILE); + assertEquals( "https://trustedservices.intel.com/" + "content/TSC/certs/TSC_SS_RootCA_Certificate.cer\n", @@ -336,12 +336,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { * Tests that Certificate correctly parses out non-standard fields from an X509 attribute * certificate. * - * @throws IOException if there is a problem reading the cert file at the given path - * @throws URISyntaxException if there is a problem constructing the file's URI + * @throws IOException if there is a problem reading the cert file at the given path */ @Test public void testX509AttributeCertificateParsingExtended() - throws IOException, URISyntaxException { + throws IOException { Certificate platformCert = getTestCertificate( PlatformCredential.class, TEST_PLATFORM_CERT_6); @@ -362,7 +361,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { public void testCertificateTrim() throws IOException, URISyntaxException { byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class .getResource(EK_CERT_WITH_PADDED_BYTES)).toURI())); - byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, 908); + + final int finalPosition = 908; + byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, finalPosition); + Certificate ekCert = getTestCertificate(EndorsementCredential.class, EK_CERT_WITH_PADDED_BYTES); assertEquals(new BigInteger("16842032579184247954"), ekCert.getSerialNumber()); @@ -384,6 +386,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { URISyntaxException { byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class .getResource(EK_CERT_WITH_PADDED_BYTES)).toURI())); + assertThrows(IllegalArgumentException.class, () -> new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 2)), ".* No certificate length field could be found\\."); @@ -401,8 +404,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { URISyntaxException { byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class .getResource(EK_CERT_WITH_PADDED_BYTES)).toURI())); + + final int finalPosition = 4; assertThrows(IllegalArgumentException.class, () -> - new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 4)), + new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)), ".* Certificate is nothing more than ASN.1 Sequence\\\\."); } @@ -418,8 +423,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { URISyntaxException { byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class .getResource(EK_CERT_WITH_PADDED_BYTES)).toURI())); + + final int finalPosition = 42; assertThrows(IllegalArgumentException.class, () -> - new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 42)), + new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)), ".* Value of certificate length field extends beyond" + " length of provided certificate\\."); } @@ -427,13 +434,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Tests that the equals method on {@link Certificate} works as expected. * - * @throws IOException if the certificate could not be constructed properly - * @throws CertificateException if there is a problem with the KeyStore or de/serializing the - * certificate - * @throws URISyntaxException if there is a problem constructing the path to the certificate + * @throws IOException if the certificate could not be constructed properly + * @throws URISyntaxException if there is a problem constructing the path to the certificate */ @Test - public void testEquals() throws CertificateException, IOException, URISyntaxException { + public void testEquals() throws IOException, URISyntaxException { assertEquals( getTestCertificate(FAKE_ROOT_CA_FILE), getTestCertificate(FAKE_ROOT_CA_FILE) @@ -471,15 +476,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Tests that the isIssuer method on {@link Certificate} works as expected. * - * @throws IOException if the certificate could not be constructed properly - * @throws CertificateException if there is a problem with the KeyStore or de/serializing the - * certificate - * @throws NoSuchProviderException if the Bouncy Castle security provider is unavailable - * @throws URISyntaxException if there is a problem constructing the path to the certificate + * @throws IOException if the certificate could not be constructed properly */ @Test - public void testIsIssuer() throws CertificateException, IOException, NoSuchProviderException, - URISyntaxException { + public void testIsIssuer() throws IOException { Certificate issuerCert = getTestCertificate(FAKE_ROOT_CA_FILE); Certificate cert = getTestCertificate(INT_CA_CERT02); @@ -490,13 +490,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest { /** * Tests that the hashCode method on {@link Certificate} works as expected. * - * @throws IOException if the certificate could not be constructed properly - * @throws CertificateException if there is a problem with the KeyStore or de/serializing the - * certificate - * @throws URISyntaxException if there is a problem constructing the path to the certificate + * @throws IOException if the certificate could not be constructed properly + * @throws URISyntaxException if there is a problem constructing the path to the certificate */ @Test - public void testHashCode() throws CertificateException, IOException, URISyntaxException { + public void testHashCode() throws IOException, URISyntaxException { assertEquals( getTestCertificate(FAKE_ROOT_CA_FILE).hashCode(), getTestCertificate(FAKE_ROOT_CA_FILE).hashCode() diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java index f9f78195..f8353591 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java @@ -20,7 +20,7 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest { * multiple test certificates. * * @return the test SupplyChainValidation - * @throws IOException if there si + * @throws IOException if there is a problem deserializing certificates */ public static SupplyChainValidation getTestSupplyChainValidation() throws IOException { return getTestSupplyChainValidation( @@ -52,10 +52,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest { /** * Test that a SupplyChainValidation can't be instantiated with a null validation type. * - * @throws IOException if there is a problem deserializing certificates + * @throws IllegalArgumentException if there is a problem deserializing certificates */ @Test - public void testNullValidationType() throws IOException { + public void testNullValidationType() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new SupplyChainValidation( null, @@ -68,10 +68,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest { /** * Test that a SupplyChainValidation can't be instantiated with a null certificate list. * - * @throws IOException if there is a problem deserializing certificates + * @throws IllegalArgumentException if there is a problem deserializing certificates */ @Test - public void testNullCertificates() throws IOException { + public void testNullCertificates() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new SupplyChainValidation( SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java index 045e716e..677a355c 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java @@ -153,7 +153,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest { try { new PlatformCredential(certPath); - //fail if it manage to parse the certificate + //fail if it manages to parse the certificate fail("Invalid certificate was parsed."); } catch (IOException ex) { if (ex == null || ex.getMessage().isEmpty()) { @@ -194,8 +194,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest { Assertions.assertEquals(sigStr.toUpperCase(), EXPECTED_CERT_SIGNATURE_FOR_CERT_2); String issuer = Certificate.getAttributeCertificateIssuerNames( - credential.getAttributeCertificate().getAcinfo().getIssuer() - )[0].toString(); + credential.getAttributeCertificate().getAcinfo().getIssuer())[0].toString(); Assertions.assertEquals(credential.getManufacturer(), "Intel"); Assertions.assertEquals(credential.getModel(), "DE3815TYKH"); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertionsTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertionsTest.java index 7bd3edf4..72b28673 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertionsTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertionsTest.java @@ -19,14 +19,19 @@ public class TPMSecurityAssertionsTest { public void testEkGenTypeEnum() { assertEquals(TPMSecurityAssertions.EkGenerationType.values()[0], TPMSecurityAssertions.EkGenerationType.INTERNAL); + assertEquals(TPMSecurityAssertions.EkGenerationType.values()[1], TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(TPMSecurityAssertions.EkGenerationType.values()[2], TPMSecurityAssertions.EkGenerationType.INTERNAL_REVOCABLE); - assertEquals(TPMSecurityAssertions.EkGenerationType.values()[3], + + final int thirdPosition = 3; + assertEquals(TPMSecurityAssertions.EkGenerationType.values()[thirdPosition], TPMSecurityAssertions.EkGenerationType.INJECTED_REVOCABLE); try { - assertNull(TPMSecurityAssertions.EkGenerationType.values()[4]); + final int positionOutOfBounds = 4; + assertNull(TPMSecurityAssertions.EkGenerationType.values()[positionOutOfBounds]); fail(); } catch (ArrayIndexOutOfBoundsException e) { } @@ -40,12 +45,15 @@ public class TPMSecurityAssertionsTest { public void testGenLocationEnum() { assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[0], TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[1], TPMSecurityAssertions.EkGenerationLocation.PLATFORM_MANUFACTURER); + assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[2], TPMSecurityAssertions.EkGenerationLocation.EK_CERT_SIGNER); try { - assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[3]); + final int positionOutOfBounds = 3; + assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[positionOutOfBounds]); fail(); } catch (ArrayIndexOutOfBoundsException e) { } diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java index 6c1ba152..41ba024a 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java @@ -18,14 +18,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows; public class TPMInfoTest extends AbstractUserdefinedEntityTest { private static final String TPM_MAKE = "test tpmMake"; - private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65); + + private static final int RIGHT_PADDING_SIZE = 65; + private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", RIGHT_PADDING_SIZE); private static final short VERSION_MAJOR = 1; + private static final short VERSION_MINOR = 2; + private static final short VERSION_REV_MAJOR = 3; + private static final short VERSION_REV_MINOR = 4; - private static final Logger LOGGER = LogManager - .getLogger(TPMInfoTest.class); + + private static final Logger LOGGER = LogManager.getLogger(TPMInfoTest.class); /** * Tests instantiation and getters of a TPMInfo object. @@ -59,9 +64,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the TPM make information cannot be null. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void tpmMakeNullTest() { + public final void tpmMakeNullTest() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(null, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, VERSION_REV_MINOR, getTestIdentityCertificate())); @@ -69,9 +76,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the TPM make information cannot be longer than 64 characters. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void tpmMakeLongTest() { + public final void tpmMakeLongTest() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(LONG_TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, VERSION_REV_MINOR, getTestIdentityCertificate())); @@ -80,9 +89,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the version major number info cannot be set to negative * values. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void testTPMInfoInvalidVersionMajor() { + public final void testTPMInfoInvalidVersionMajor() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(TPM_MAKE, (short) -1, VERSION_MINOR, VERSION_REV_MAJOR, VERSION_REV_MINOR, getTestIdentityCertificate())); @@ -91,9 +102,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the version minor number info cannot be set to negative * values. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void testTPMInfoInvalidVersionMinor() { + public final void testTPMInfoInvalidVersionMinor() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) -1, VERSION_REV_MAJOR, VERSION_REV_MINOR, getTestIdentityCertificate())); @@ -102,9 +115,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the version revision major numbers cannot be set to negative * values. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void testTPMInfoInvalidVersionRevMajor() { + public final void testTPMInfoInvalidVersionRevMajor() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) -1, VERSION_REV_MINOR, getTestIdentityCertificate())); @@ -113,9 +128,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest { /** * Tests that the version revision minor numbers cannot be set to negative * values. + * + * @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value */ @Test - public final void testTPMInfoInvalidVersionRevMinor() { + public final void testTPMInfoInvalidVersionRevMinor() throws IllegalArgumentException { assertThrows(IllegalArgumentException.class, () -> new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, (short) -1, getTestIdentityCertificate())); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java index 2a002af3..254014b2 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java @@ -99,70 +99,114 @@ public class SupplyChainCredentialValidatorTest { * SecureRandom instance. */ static final SecureRandom SECURE_RANDOM = new SecureRandom(); + private static final String JSON_FILE = "/config/component-class.json"; + private static final String SAMPLE_PACCOR_OUTPUT_TXT = "/hirs/validation/sample_paccor_output.txt"; + private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT = "/hirs/validation/sample_paccor_output_not_specified_values.txt"; + private static final String SAMPLE_TEST_PACCOR_CERT = "/validation/platform_credentials_2/paccor_platform_cert.crt"; + private static final String SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT = "/hirs/validation/sample_paccor_output_with_extra_component.txt"; + private static final String TEST_SIGNING_KEY = "/validation/platform_credentials/ca.pub"; + private static final String TEST_PLATFORM_CRED = "/validation/platform_credentials/plat_cert1.pem"; + private static final String TEST_PLATFORM_CRED2 = "/validation/platform_credentials/pciids_plat_cert_2-0.pem"; + private static final String TEST_PLATFORM_CRED_BASE_CHASIS_COMBO = "/validation/platform_credentials/Intel_pc5.pem"; + private static final String TEST_BOARD_SERIAL_NUMBER = "GETY421001GV"; + private static final String TEST_CHASSIS_SERIAL_NUMBER = "G6YK42300C87"; + private static final String TEST_EK_CERT = "/certificates/nuc-2/tpmcert.pem"; + private static final String TEST_EK_CERT_2 = "/certificates/nuc-1/tpmcert.pem"; + private static final String TEST_COMPONENT_MANUFACTURER = "Intel"; + private static final String TEST_COMPONENT_MODEL = "platform2018"; + private static final String TEST_COMPONENT_REVISION = "1.0"; + private static final String BAD_SERIAL = "BAD_SERIAL"; + //-------Actual ST Micro Endorsement Credential Certificate Chain!-------------- private static final String EK_CERT = ""; + private static final String INT_CA_CERT02 = "/certificates/fakestmtpmekint02.pem"; + //-------Generated Intel Credential Certificate Chain-------------- private static final String INTEL_PLATFORM_CERT = "/validation/platform_credentials/plat_cert3.pem"; + private static final String INTEL_PLATFORM_CERT_2 = "/validation/platform_credentials/Intel_pc2.pem"; + private static final String INTEL_PLATFORM_CERT_3 = "/validation/platform_credentials/pciids_plat_cert_2-0.pem"; + private static final String INTEL_INT_CA = "/validation/platform_credentials/intel_chain/root/intermediate1.crt"; + private static final String FAKE_ROOT_CA = "/validation/platform_credentials/intel_chain/root/rootca.crt"; + private static final String PLATFORM_MANUFACTURER = "Intel"; + private static final String PLATFORM_MODEL = "S2600KP"; + private static final String PLATFORM_VERSION = "H76962-350"; + //-------Original Intel Credential Certificate Chain-------------- private static final String INTEL_PLATFORM_CERT_ORIG = "/certificates/fakeIntel_S2600KP_F00F00F00F00.pem"; + private static final String INTEL_ORIG_INT_CA_ORIG = "/certificates/fakeIntelIntermediateCA.pem"; + private static final String FAKE_ROOT_CA_ORIG = "/certificates/fakeCA.pem"; + //-------Fake SGI Credential Certificate Chain-------------- private static final String SGI_PLATFORM_CERT = "/certificates/fakeSGI_J2_F00F00F0.pem"; + private static final String SGI_INT_CA = "/certificates/fakeSGIIntermediateCA.pem"; + private static final String SGI_CRED_SERIAL_NUMBER = "F00F00F0"; + //-------Actual Intel NUC Platform -------------- + private static final String NUC_PLATFORM_CERT = "/certificates/Intel_nuc_pc.pem"; + private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER = "GETY421001DY"; + private static final String NUC_PLATFORM_CERT2 = "/certificates/Intel_nuc_pc2.pem"; + private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER2 = "GETY4210001M"; + private static final String INTEL_SIGNING_KEY = "/certificates/IntelSigningKey_20April2017.pem"; + private static final String NEW_NUC1 = "/validation/platform_credentials/Intel_pc3.cer"; + private static HardwareInfo hardwareInfo; + private static KeyStore keyStore; + private static KeyStore emptyKeyStore; + private final SupplyChainCredentialValidator supplyChainCredentialValidator = new SupplyChainCredentialValidator(); private final CredentialValidator credentialValidator = @@ -171,11 +215,14 @@ public class SupplyChainCredentialValidatorTest { /** * Sets up a KeyStore for testing. * - * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type. - * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found + * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the + * specified type. + * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore + * cannot be found * @throws CertificateException if any of the certificates in the keystore could not be loaded - * @throws IOException if there is an I/O or format problem with the keystore data, if a password is - * required but not given, or if the given password was incorrect + * @throws IOException if there is an I/O or format problem with the keystore data, + * if a password is required but not given, + * or if the given password was incorrect */ @BeforeAll public static void setUp() throws KeyStoreException, NoSuchAlgorithmException, @@ -362,7 +409,8 @@ public class SupplyChainCredentialValidatorTest { private static InetAddress getTestIpAddress() { try { - return InetAddress.getByAddress(new byte[] {127, 0, 0, 1}); + final byte[] byteAddress = new byte[] {127, 0, 0, 1}; + return InetAddress.getByAddress(byteAddress); } catch (UnknownHostException e) { return null; } diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml index 5d872646..d209e4bf 100644 --- a/config/checkstyle/checkstyle.xml +++ b/config/checkstyle/checkstyle.xml @@ -68,7 +68,9 @@ - + + + @@ -134,7 +136,7 @@ - +