ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

issue_847: Reduced styling errors in CA module to less than 100

Browse Source
This commit is contained in:
TheSilentCoder 2024-10-23 17:22:20 -04:00
parent 64c74eae5c
commit 571d107e1b
35 changed files with 369 additions and 434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java
View File

@ -626,7 +626,7 @@ public abstract class Certificate extends ArchivableEntity {
* on the portal.
*
* @return A list of URLs that inform the location of the certificate revocation lists
* @throws java.io.IOException
* @throws IOException if there is an issue while retrieving the CRL Distribution point
*/
private String getCRLDistributionPoint() throws IOException {
List<String> crlUrls = new ArrayList<>();
@ -972,6 +972,11 @@ public abstract class Certificate extends ArchivableEntity {
return null;
}
/**
* Creates a string representation of the Certificate object.
*
* @return a string representation of the Certificate object.
*/
@Override
public String toString() {
return String.format("Certificate{%s, AuthID=%s, serialNumber=%s, "
@ -982,6 +987,13 @@ public abstract class Certificate extends ArchivableEntity {
signatureAlgorithm, certificateHash);
}
/**
* Compares this certificate to the provided object to verify that both this and the provided certificate
* objects are equal.
*
* @param o object to compare
* @return true if both the provided certificate and this certificate are equal, false otherwise
*/
@Override
public boolean equals(final Object o) {
if (this == o) {
@ -997,6 +1009,11 @@ public abstract class Certificate extends ArchivableEntity {
return Arrays.equals(certificateBytes, that.certificateBytes);
}
/**
* Creates an integer hash code for this Certificate object.
*
* @return integer hash code
*/
@Override
public int hashCode() {
return Arrays.hashCode(certificateBytes);

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java
View File

@ -18,8 +18,8 @@ import java.util.List;
/**
* Represents an issued attestation certificate to a HIRS Client.
*/
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Getter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Entity
public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
@ -29,7 +29,7 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
public static final String AIC_TYPE_LABEL = "TCPA Trusted Platform Identity";
@Column
public boolean isLDevID;
private boolean isLDevID;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "ek_id")

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java
View File

@ -126,6 +126,11 @@ public class CommonCriteriaMeasures {
}
}
/**
* Creates a custom string representation of the Common Criteria Measures object.
*
* @return a string representation of Common Criteria Measures
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

11
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java
View File

@ -27,12 +27,17 @@ public class ComponentAddress {
public static final int IDENTIFIER_NUMBER = 2;
private static final String ETHERNET_MAC = "2.23.133.17.1";
private static final String WLAN_MAC = "2.23.133.17.2";
private static final String BLUETOOTH_MAC = "2.23.133.17.3";
private ASN1ObjectIdentifier addressType;
private ASN1UTF8String addressValue;
private String addressTypeString;
private String addressValueString;
/**
@ -74,6 +79,12 @@ public class ComponentAddress {
};
}
/**
* Creates a string representation of the Component Address object.
*
* @return a string representation of the Component Address object.
*/
@Override
public String toString() {
return "ComponentAddress{"

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java
View File

@ -201,6 +201,11 @@ public class ComponentIdentifier {
return false;
}
/**
* Creates a string representation of the Component Identifier object.
*
* @return a string representation of the Component Identifier object.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

42
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/FIPSLevel.java
View File

@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1IA5String;
@ -17,18 +18,18 @@ import org.bouncycastle.asn1.ASN1Sequence;
* plus BOOLEAN DEFAULT FALSE }
* </pre>
*/
@Getter
@Setter
@AllArgsConstructor
@ToString
public class FIPSLevel {
private static final int MAX_SEQUENCE_SIZE = 3;
@Getter
@Setter
private ASN1IA5String version;
@Getter
@Setter
private SecurityLevel level;
@Getter
@Setter
private ASN1Boolean plus;
/**
@ -65,15 +66,6 @@ public class FIPSLevel {
}
}
@Override
public String toString() {
return "FIPSLevel{"
+ "version=" + version.getString()
+ ", level=" + level.getValue()
+ ", plus=" + plus.toString()
+ '}';
}
/**
* A type to handle the security Level used in the FIPS Level.
* Ordering of enum types is intentional and their ordinal values correspond to enum
@ -87,6 +79,8 @@ public class FIPSLevel {
* level4 (4) }
* </pre>
*/
@Getter
@AllArgsConstructor
public enum SecurityLevel {
/**
* Security Level 1.
@ -106,23 +100,5 @@ public class FIPSLevel {
LEVEL4("level 4");
private final String value;
/**
* Basic constructor.
*
* @param value string containing the value.
*/
SecurityLevel(final String value) {
this.value = value;
}
/**
* Get the string value from the StrengthOfFunction.
*
* @return the string containing the value.
*/
public String getValue() {
return this.value;
}
}
}

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java
View File

@ -77,6 +77,11 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
}
}
/**
* Creates a string representation of the Platform Configuration V1 object.
*
* @return a string representation of the Platform Configuration V1 object.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

13
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformProperty.java
View File

@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String;
@ -19,14 +20,18 @@ import org.bouncycastle.asn1.DERUTF8String;
@Getter
@Setter
@AllArgsConstructor
@ToString
public class PlatformProperty {
/**
* Number of identifiers for version 1.
*/
protected static final int IDENTIFIER_NUMBER = 2;
private static final String NOT_SPECIFIED = "Not Specified";
private ASN1UTF8String propertyName;
private ASN1UTF8String propertyValue;
/**
@ -54,12 +59,4 @@ public class PlatformProperty {
this.propertyName = ASN1UTF8String.getInstance(sequence.getObjectAt(0));
this.propertyValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1));
}
@Override
public String toString() {
return "PlatformProperty{"
+ "propertyName=" + propertyName.getString()
+ ", propertyValue=" + propertyValue.getString()
+ "}";
}
}

125
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TBBSecurityAssertion.java
View File

@ -2,6 +2,8 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1IA5String;
@ -24,17 +26,28 @@ import java.math.BigInteger;
* iso9000Uri IA5STRING (SIZE (1..URIMAX)) OPTIONAL }
* </pre>
*/
@Setter
@Getter
@AllArgsConstructor
@ToString
public class TBBSecurityAssertion {
private static final int CCINFO = 0;
private static final int FIPSLEVEL = 1;
private static final int RTMTYPE = 2;
private ASN1Integer version;
private CommonCriteriaMeasures ccInfo;
private FIPSLevel fipsLevel;
private MeasurementRootType rtmType;
private ASN1Boolean iso9000Certified;
private ASN1IA5String iso9000Uri;
/**
@ -115,118 +128,6 @@ public class TBBSecurityAssertion {
}
}
/**
* @return the version
*/
public ASN1Integer getVersion() {
return version;
}
/**
* @param version the version to set
*/
public void setVersion(final ASN1Integer version) {
this.version = version;
}
/**
* @return the ccInfo
*/
public CommonCriteriaMeasures getCcInfo() {
return ccInfo;
}
/**
* @param ccInfo the ccInfo to set
*/
public void setCcInfo(final CommonCriteriaMeasures ccInfo) {
this.ccInfo = ccInfo;
}
/**
* @return the fipsLevel
*/
public FIPSLevel getFipsLevel() {
return fipsLevel;
}
/**
* @param fipsLevel the fipsLevel to set
*/
public void setFipsLevel(final FIPSLevel fipsLevel) {
this.fipsLevel = fipsLevel;
}
/**
* @return the rtmType
*/
public MeasurementRootType getRtmType() {
return rtmType;
}
/**
* @param rtmType the rtmType to set
*/
public void setRtmType(final MeasurementRootType rtmType) {
this.rtmType = rtmType;
}
/**
* @return the iso9000Certified
*/
public ASN1Boolean getIso9000Certified() {
return iso9000Certified;
}
/**
* @param iso9000Certified the iso9000Certified to set
*/
public void setIso9000Certified(final ASN1Boolean iso9000Certified) {
this.iso9000Certified = iso9000Certified;
}
/**
* @return the iso9000Uri
*/
public ASN1IA5String getIso9000Uri() {
return iso9000Uri;
}
/**
* @param iso9000Uri the iso9000Uri to set
*/
public void setIso9000Uri(final ASN1IA5String iso9000Uri) {
this.iso9000Uri = iso9000Uri;
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("TBBSecurityAssertion{");
sb.append("version=").append(version.toString());
//Optional values not null
sb.append(", ccInfo=");
if (ccInfo != null) {
sb.append(ccInfo);
}
sb.append(", fipsLevel=");
if (fipsLevel != null) {
sb.append(fipsLevel);
}
sb.append(", rtmType=");
if (rtmType != null) {
sb.append(rtmType.getValue());
}
sb.append(", iso9000Certified=").append(iso9000Certified.toString());
sb.append(", iso9000Uri=");
if (iso9000Uri != null) {
sb.append(iso9000Uri.getString());
}
sb.append("}");
return sb.toString();
}
/**
* A type to handle the evaluation status used in the Common Criteria Measurement.
* Ordering of enum types is intentional and their ordinal values correspond to enum

29
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertions.java
View File

@ -7,6 +7,7 @@ import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import java.io.Serializable;
import java.math.BigInteger;
@ -21,22 +22,27 @@ import java.math.BigInteger;
* www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
* for specifications for TPM 2.0 (pg. 19).
*/
@AllArgsConstructor
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Getter
@Setter
@AllArgsConstructor
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@ToString
@Embeddable
public class TPMSecurityAssertions implements Serializable {
@Column
private BigInteger tpmSecAssertsVersion; //default v1
@Column
private boolean fieldUpgradeable; //default false
@Column(nullable = true)
@Column
private EkGenerationType ekGenType; //optional
@Column(nullable = true)
private EkGenerationLocation ekGenerationLocation; //optional
@Column(nullable = true)
@Column
private EkGenerationLocation ekGenerationLocation; //optionalv
@Column
private EkGenerationLocation ekCertificateGenerationLocation; //optional
/**
@ -52,17 +58,6 @@ public class TPMSecurityAssertions implements Serializable {
this.fieldUpgradeable = fieldUpgradeable;
}
@Override
public String toString() {
return "TPMSecurityAssertions{"
+ "version=" + tpmSecAssertsVersion
+ ", fieldUpgradeable=" + fieldUpgradeable
+ ", ekGenType=" + ekGenType
+ ", ekGenLoc=" + ekGenerationLocation
+ ", ekCertGenLoc=" + ekCertificateGenerationLocation
+ '}';
}
// Future work (may need to create other classes):
//private CommonCriteriaMeasures commCritMeasures; //optional
//private FIPSLevel fipsLevel; //optional

15
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSpecification.java
View File

@ -6,6 +6,7 @@ import lombok.AccessLevel;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.ToString;
import java.io.Serializable;
import java.math.BigInteger;
@ -20,9 +21,10 @@ import java.math.BigInteger;
* www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
* for specifications for TPM 2.0.
*/
@EqualsAndHashCode
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Getter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@ToString
@EqualsAndHashCode
@Embeddable
public class TPMSpecification implements Serializable {
@ -48,13 +50,4 @@ public class TPMSpecification implements Serializable {
this.level = level;
this.revision = revision;
}
@Override
public String toString() {
return "TPMSpecification{"
+ "family='" + family + '\''
+ ", level=" + level
+ ", revision=" + revision
+ '}';
}
}

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/URIReference.java
View File

@ -24,9 +24,13 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@AllArgsConstructor
public class URIReference {
private static final int PLATFORM_PROPERTIES_URI_MAX = 3;
private static final int PLATFORM_PROPERTIES_URI_MIN = 1;
private ASN1IA5String uniformResourceIdentifier;
private AlgorithmIdentifier hashAlgorithm;
@JsonIgnore
private ASN1BitString hashValue;
@ -70,6 +74,11 @@ public class URIReference {
}
}
/**
* Creates a string representation of the URI Reference object.
*
* @return a string representation of URI Reference
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

38
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java
View File

@ -4,6 +4,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Comp
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import org.bouncycastle.asn1.ASN1Boolean;
@ -16,7 +17,6 @@ import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
/**
@ -40,17 +40,24 @@ import java.util.stream.Collectors;
*/
@Getter
@Setter
@EqualsAndHashCode(callSuper = true)
public class ComponentIdentifierV2 extends ComponentIdentifier {
private static final int MANDATORY_ELEMENTS = 3;
// Additional optional identifiers for version 2
private static final int COMPONENT_PLATFORM_CERT = 5;
private static final int COMPONENT_PLATFORM_URI = 6;
private static final int ATTRIBUTE_STATUS = 7;
private ComponentClass componentClass;
private CertificateIdentifier certificateIdentifier;
private URIReference componentPlatformUri;
private AttributeStatus attributeStatus;
/**
@ -201,30 +208,11 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
return true;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
if (!super.equals(o)) {
return false;
}
ComponentIdentifierV2 that = (ComponentIdentifierV2) o;
return Objects.equals(componentClass, that.componentClass)
&& Objects.equals(certificateIdentifier, that.certificateIdentifier)
&& Objects.equals(componentPlatformUri, that.componentPlatformUri)
&& attributeStatus == that.attributeStatus;
}
@Override
public int hashCode() {
return Objects.hash(super.hashCode(), componentClass,
certificateIdentifier, componentPlatformUri, attributeStatus);
}
/**
* Creates a string representation of the Component Identifier V2 object.
*
* @return a string representation of the Component Identifier V2 object.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java
View File

@ -87,6 +87,11 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
}
}
/**
* Creates a string representation of the Platform Configuration V2 object.
*
* @return a string representation of the Platform Configuration V2 object.
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

10
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformPropertyV2.java
View File

@ -17,10 +17,10 @@ import org.bouncycastle.asn1.ASN1UTF8String;
*
* </pre>
*/
@Setter
@Getter
public class PlatformPropertyV2 extends PlatformProperty {
@Getter
@Setter
private AttributeStatus attributeStatus;
/**
@ -83,6 +83,12 @@ public class PlatformPropertyV2 extends PlatformProperty {
return getAttributeStatus() != AttributeStatus.REMOVED;
}
/**
* Creates a string representation of the PlatformPropertyV2 object.
*
* @return a string representation of the PlatformPropertyV2 object
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();

39
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/ComponentInfo.java
View File

@ -9,6 +9,7 @@ import jakarta.persistence.DiscriminatorType;
import jakarta.persistence.Entity;
import jakarta.xml.bind.annotation.XmlElement;
import lombok.AccessLevel;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
@ -24,6 +25,7 @@ import java.util.Objects;
@Entity
@Getter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@EqualsAndHashCode(callSuper = false)
@DiscriminatorColumn(name = "componentTypeEnum", discriminatorType = DiscriminatorType.STRING)
public class ComponentInfo extends ArchivableEntity {
@ -152,31 +154,6 @@ public class ComponentInfo extends ArchivableEntity {
|| StringUtils.isEmpty(componentModel));
}
/**
* Equals for the component info that just uses this classes attributes.
*
* @param object the object to compare
* @return the boolean result
*/
@Override
public boolean equals(Object object) {
if (this == object) {
return true;
}
if (object == null || getClass() != object.getClass()) {
return false;
}
ComponentInfo that = (ComponentInfo) object;
return Objects.equals(deviceName, that.deviceName)
&& Objects.equals(componentManufacturer,
that.componentManufacturer)
&& Objects.equals(componentModel, that.componentModel)
&& Objects.equals(componentSerial, that.componentSerial)
&& Objects.equals(componentRevision, that.componentRevision)
&& Objects.equals(componentClass, that.componentClass);
}
/**
* Returns a hash code that is associated with common fields for components.
*
@ -186,16 +163,4 @@ public class ComponentInfo extends ArchivableEntity {
return Objects.hash(componentManufacturer, componentModel,
componentSerial, componentRevision, componentClass);
}
/**
* Hash method for the attributes of this class.
*
* @return int value that represents this class
*/
@Override
public int hashCode() {
return Objects.hash(deviceName, componentManufacturer,
componentModel, componentSerial, componentRevision,
componentClass);
}
}

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfo.java
View File

@ -79,7 +79,6 @@ public class TPMInfo implements Serializable {
* @param tpmQuoteHash short representing the minor revision number for the TPM
* @param tpmQuoteSignature byte array with the value of the identity certificate
*/
@SuppressWarnings("parameternumber")
public TPMInfo(final String tpmMake, final short tpmVersionMajor,
final short tpmVersionMinor, final short tpmVersionRevMajor,
final short tpmVersionRevMinor,
@ -110,7 +109,6 @@ public class TPMInfo implements Serializable {
* @param tpmQuoteHash short representing the minor revision number for the TPM
* @param tpmQuoteSignature byte array with the value of the identity certificate
*/
@SuppressWarnings("parameternumber")
public TPMInfo(final String tpmMake, final short tpmVersionMajor,
final short tpmVersionMinor, final short tpmVersionRevMajor,
final short tpmVersionRevMinor, final byte[] pcrValues,

7
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java
View File

@ -42,7 +42,7 @@ import java.util.List;
@Getter
@Setter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@EqualsAndHashCode
@EqualsAndHashCode(callSuper = true)
@Entity
public class BaseReferenceManifest extends ReferenceManifest {
/**
@ -377,6 +377,11 @@ public class BaseReferenceManifest extends ReferenceManifest {
return document;
}
/**
* Creates a string representation of the Base Reference Manifest object.
*
* @return a string representation of the Base Reference Manifest object.
*/
@Override
public String toString() {
return String.format("ReferenceManifest{swidName=%s,"

20
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java
View File

@ -8,6 +8,7 @@ import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.EnumType;
import jakarta.persistence.Enumerated;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.log4j.Log4j2;
@ -26,6 +27,7 @@ import java.util.Collection;
*/
@Getter
@Setter
@EqualsAndHashCode
@Log4j2
@Entity
public class EventLogMeasurements extends SupportReferenceManifest {
@ -105,22 +107,4 @@ public class EventLogMeasurements extends SupportReferenceManifest {
return new ArrayList<>();
}
@Override
public boolean equals(final Object object) {
if (this == object) {
return true;
}
if (object == null || getClass() != object.getClass()) {
return false;
}
EventLogMeasurements that = (EventLogMeasurements) object;
return this.getHexDecHash().equals(that.getHexDecHash());
}
@Override
public int hashCode() {
return super.hashCode();
}
}

40
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java
View File

@ -6,6 +6,7 @@ import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.log4j.Log4j2;
@ -16,7 +17,6 @@ import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Objects;
/**
* Sub class that will just focus on PCR Values and Events.
@ -24,12 +24,14 @@ import java.util.Objects;
@Log4j2
@Getter
@Setter
@EqualsAndHashCode(callSuper = true)
@Entity
public class SupportReferenceManifest extends ReferenceManifest {
@Column
@JsonIgnore
private int pcrHash = 0;
@Column
private boolean updated = false;
@ -79,12 +81,8 @@ public class SupportReferenceManifest extends ReferenceManifest {
TCGEventLog logProcessor = new TCGEventLog(this.getRimBytes());
this.pcrHash = Arrays.hashCode(logProcessor.getExpectedPCRValues());
return logProcessor.getExpectedPCRValues();
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (CertificateException | NoSuchAlgorithmException | IOException exception) {
log.error(exception);
}
return new String[0];
@ -100,12 +98,8 @@ public class SupportReferenceManifest extends ReferenceManifest {
try {
logProcessor = new TCGEventLog(this.getRimBytes());
return logProcessor.getEventList();
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (CertificateException | NoSuchAlgorithmException | IOException exception) {
log.error(exception);
}
return new ArrayList<>();
@ -120,24 +114,4 @@ public class SupportReferenceManifest extends ReferenceManifest {
public boolean isBaseSupport() {
return !this.isSwidSupplemental() && !this.isSwidPatch();
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
if (!super.equals(o)) {
return false;
}
SupportReferenceManifest that = (SupportReferenceManifest) o;
return pcrHash == that.pcrHash && updated == that.updated;
}
@Override
public int hashCode() {
return Objects.hash(super.hashCode(), pcrHash, updated);
}
}

7
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java
View File

@ -2,6 +2,7 @@ package hirs.attestationca.persist.enums;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.ToString;
import java.util.Arrays;
import java.util.stream.Collectors;
@ -11,6 +12,7 @@ import java.util.stream.Collectors;
*/
@Getter
@AllArgsConstructor
@ToString
public enum HealthStatus {
/**
* The trusted state, no issues with the device.
@ -35,9 +37,4 @@ public enum HealthStatus {
.collect(Collectors.toSet())
.contains(healthStatus);
}
@Override
public String toString() {
return getHealthStatus();
}
}

13
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java
View File

@ -40,16 +40,16 @@ import java.util.Date;
import java.util.LinkedList;
import java.util.List;
@Getter
@Log4j2
@NoArgsConstructor
public class AbstractProcessor {
@Getter
private int validDays;
@Getter
private PrivateKey privateKey;
@Setter
@Getter
private PolicyRepository policyRepository;
/**
@ -247,7 +247,8 @@ public class AbstractProcessor {
final byte[] derEncodedAttestationCertificate,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials,
final Device device, boolean isLDevID) {
final Device device,
final boolean isLDevID) {
List<IssuedAttestationCertificate> issuedAc;
boolean generateCertificate = true;
PolicyRepository scp = getPolicyRepository();
@ -269,8 +270,8 @@ public class AbstractProcessor {
generateCertificate = isLDevID ? policySettings.isIssueDevIdCertificate()
: policySettings.isIssueAttestationCertificate();
if (issuedAc != null && issuedAc.size() > 0 &&
(isLDevID ? policySettings.isDevIdExpirationFlag()
if (issuedAc != null && issuedAc.size() > 0
&& (isLDevID ? policySettings.isDevIdExpirationFlag()
: policySettings.isGenerateOnExpiration())) {
if (issuedAc.get(0).getEndValidity().after(currentDate)) {
// so the issued AC is not expired

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java
View File

@ -97,7 +97,7 @@ public final class ProvisionUtils {
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
/**
* This private constructor was created to silence one of checkstyle errors
* This private constructor was created to silence one of checkstyle errors.
*/
private ProvisionUtils() {
}

1
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
View File

@ -72,7 +72,6 @@ public class SupplyChainValidationService {
* @param referenceDigestValueRepository the even manager
*/
@Autowired
@SuppressWarnings("ParameterNumberCheck")
public SupplyChainValidationService(
final CACredentialRepository caCredentialRepository,
final PolicyRepository policyRepository,

45
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
View File

@ -169,16 +169,18 @@ public class ValidationService {
}
/**
* @param deviceInfoReport
* @param base
* @param deltaMapping
* @param certificateRepository
* @param componentResultRepository
* @param componentAttributeRepository
* @param componentInfos
* @param provisionSessionId
* @param ignoreRevisionAttribute
* @return
* Evaluates delta attributes status.
*
* @param deviceInfoReport device information report
* @param base base platform credential
* @param deltaMapping delta mapping
* @param certificateRepository certificate repository
* @param componentResultRepository component result repository
* @param componentAttributeRepository component attribute repository
* @param componentInfos list of component information
* @param provisionSessionId uuid representation of the provision session ID
* @param ignoreRevisionAttribute whether to ignore the revision attribute
* @return a supply chain validation
*/
public static SupplyChainValidation evaluateDeltaAttributesStatus(
final DeviceInfoReport deviceInfoReport,
@ -221,12 +223,14 @@ public class ValidationService {
}
/**
* @param device
* @param policySettings
* @param rimRepo
* @param rdvRepo
* @param caRepo
* @return
* Evaluates the firmware status.
*
* @param device device
* @param policySettings policy settings
* @param rimRepo reference manifest repository
* @param rdvRepo reference digest value repository
* @param caRepo CA Credential repository
* @return a supply chain validation
*/
public static SupplyChainValidation evaluateFirmwareStatus(
final Device device,
@ -338,6 +342,7 @@ public class ValidationService {
* @param credential the credential whose CA chain should be retrieved
* @param previouslyQueriedSubjects a list of organizations to refrain
* from querying
* @param caCredentialRepository CA Credential repository
* @return a Set containing all relevant CA credentials to the given
* certificate's organization
*/
@ -379,6 +384,14 @@ public class ValidationService {
return caCreds;
}
/**
* Creates a key store using the provided set of certificate authority credentials.
*
* @param certs set of certificate authority credentials
* @return a keystore
* @throws KeyStoreException if there is an issue creating a key store
* @throws IOException if there is an issue creating a key store
*/
public static KeyStore caCertSetToKeystore(final Set<CertificateAuthorityCredential> certs)
throws KeyStoreException, IOException {
KeyStore keyStore = KeyStore.getInstance("JKS");

39
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java
View File

@ -130,8 +130,9 @@ public class AttestationCertificateAuthorityTest {
public void setupTests() throws Exception {
//BeforeSuite
final int keySize = 2048;
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
keyPairGenerator.initialize(keySize);
keyPair = keyPairGenerator.generateKeyPair();
//BeforeTest
@ -257,8 +258,11 @@ public class AttestationCertificateAuthorityTest {
SymmetricKey symmetricKey = ProvisionUtils.generateSymmetricKey();
// assert the symmetric algorithm, scheme, and key size are all set appropriately
assertTrue(symmetricKey.getAlgorithmId() == 6);
assertTrue(symmetricKey.getEncryptionScheme() == 255);
final int expectedAlgorithmId = 6;
final int expectedEncryptionScheme = 255;
assertTrue(symmetricKey.getAlgorithmId() == expectedAlgorithmId);
assertTrue(symmetricKey.getEncryptionScheme() == expectedEncryptionScheme);
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
}
@ -337,8 +341,9 @@ public class AttestationCertificateAuthorityTest {
assertNotNull(attestation);
// validate the attestation algorithm
final int expectedAlgorithmId = 6;
assertNotNull(attestation.getAlgorithm());
assertTrue(attestation.getAlgorithm().getAlgorithmId() == 6);
assertTrue(attestation.getAlgorithm().getAlgorithmId() == expectedAlgorithmId);
assertTrue(attestation.getAlgorithm().getEncryptionScheme() == 0x1);
assertTrue(attestation.getAlgorithm().getSignatureScheme() == 0);
assertTrue(attestation.getAlgorithm().getParamsSize() == 0);
@ -465,7 +470,8 @@ public class AttestationCertificateAuthorityTest {
// assert that the exponent and the modulus are the same. the exponents should be the well
// known prime, 101
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16)));
final int radix = 16;
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix)));
assertTrue(publicKey.getModulus().equals(modulus));
}
@ -486,7 +492,8 @@ public class AttestationCertificateAuthorityTest {
// assert that the exponent and the modulus are the same. the exponents should be the well
// known prime, 101.
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16)));
final int radix = 16;
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix)));
assertTrue(publicKey.getModulus().equals(modulus));
}
@ -504,7 +511,8 @@ public class AttestationCertificateAuthorityTest {
byte[] ekFile = Files.readAllBytes(ekPath);
RSAPublicKey ek = ProvisionUtils.parsePublicKey(ekFile);
assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", 16)));
final int radix = 16;
assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", radix)));
byte[] mod = ek.getModulus().toByteArray();
// big integer conversion is signed so it can add a 0 byte
@ -532,7 +540,8 @@ public class AttestationCertificateAuthorityTest {
byte[] akFile = Files.readAllBytes(akPath);
RSAPublicKey ak = ProvisionUtils.parsePublicKey(akFile);
assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", 16)));
final int radix = 16;
assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", radix)));
byte[] mod = ak.getModulus().toByteArray();
// big integer conversion is signed so it can add a 0 byte
@ -598,7 +607,7 @@ public class AttestationCertificateAuthorityTest {
RSAPublicKey akPub = ProvisionUtils.parsePublicKey(akPubFile);
// prepare the nonce and wrap it with keys
byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
final byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
ByteString blob = ProvisionUtils.tpm20MakeCredential(ekPub, akPub, nonce);
@ -636,12 +645,12 @@ public class AttestationCertificateAuthorityTest {
* Test helper method that encrypts a blob using a shared key and IV using the specified
* transformation.
*
* @param blob to be encrypted
* @param blob blob to be encrypted
* @param key shared key
* @param iv to encrypt with
* @param transformation of the encryption cipher
* @return encrypted blob
* @throws Exception
* @throws Exception if there are any issues while encrypting the blob
*/
private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
final String transformation) throws Exception {
@ -664,9 +673,9 @@ public class AttestationCertificateAuthorityTest {
/**
* Test helper method to decrypt blobs.
*
* @param blob to be decrypted
* @param blob blob to be decrypted
* @return decrypted blob
* @throws Exception
* @throws Exception if there are any issues while decrypting the blob
*/
private byte[] decryptBlob(final byte[] blob) throws Exception {
// initialize a cipher using the specified transformation
@ -686,12 +695,12 @@ public class AttestationCertificateAuthorityTest {
* Test helper method that decrypts a blob using a shared key and IV using the specified.
* transformation.
*
* @param blob to be decrypted
* @param blob blob to be decrypted
* @param key shared key
* @param iv to decrypt with
* @param transformation of the decryption cipher
* @return decrypted blob
* @throws Exception
* @throws Exception if there are any issues while decrypting the blob
*/
private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
final String transformation) throws Exception {

8
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java
View File

@ -176,10 +176,16 @@ public class TPM2ProvisionerStateTest {
DataInputStream dis = new DataInputStream(new ByteArrayInputStream(nonce));
Long index = dis.readLong();
dis.close();
TPM2ProvisionerState value = new TPM2ProvisionerState(nonce, identityClaim);
when(tpm2ProvisionerStateRepository.findByFirstPartOfNonce(index)).thenReturn(value);
final int nonce2Size = 7;
TPM2ProvisionerState tpm2ProvisionerState =
TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository, new byte[7]);
TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository,
new byte[nonce2Size]);
assertNull(tpm2ProvisionerState);
}
}

37
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java
View File

@ -40,18 +40,15 @@ public class AbstractUserdefinedEntityTest {
* Location of a test (fake) SGI intermediate CA certificate.
*/
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
/**
* Location of a test (fake) Intel intermediate CA certificate.
*/
public static final String FAKE_INTEL_INT_CA_FILE =
"/certificates/fakeIntelIntermediateCA.cer";
/**
* Location of a test (fake) root CA certificate.
*/
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
/**
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
*/
@ -97,6 +94,12 @@ public class AbstractUserdefinedEntityTest {
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
/**
* This protected constructor was created to silence one of checkstyle errors.
*/
protected AbstractUserdefinedEntityTest() {
}
/**
* Construct a test certificate from the given parameters.
*
@ -122,12 +125,13 @@ public class AbstractUserdefinedEntityTest {
* @param platformCredentials the platform credentials (can be null)
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
* @throws IllegalArgumentException if there is a problem retrieving the certificate class simple name
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials)
throws IOException {
throws IOException, IllegalArgumentException {
Path certPath;
try {
@ -139,23 +143,17 @@ public class AbstractUserdefinedEntityTest {
throw new IOException("Could not resolve path URI", e);
}
switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential":
return new CertificateAuthorityCredential(certPath);
case "ConformanceCredential":
return new ConformanceCredential(certPath);
case "EndorsementCredential":
return new EndorsementCredential(certPath);
case "PlatformCredential":
return new PlatformCredential(certPath);
case "IssuedAttestationCertificate":
return new IssuedAttestationCertificate(certPath,
return switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential" -> new CertificateAuthorityCredential(certPath);
case "ConformanceCredential" -> new ConformanceCredential(certPath);
case "EndorsementCredential" -> new EndorsementCredential(certPath);
case "PlatformCredential" -> new PlatformCredential(certPath);
case "IssuedAttestationCertificate" -> new IssuedAttestationCertificate(certPath,
endorsementCredential, platformCredentials, false);
default:
throw new IllegalArgumentException(
default -> throw new IllegalArgumentException(
String.format("Unknown certificate class %s", certificateClass.getName())
);
}
};
}
/**
@ -192,8 +190,9 @@ public class AbstractUserdefinedEntityTest {
public static NetworkInfo createTestNetworkInfo() {
try {
final String hostname = "test.hostname";
final byte[] byteAddress = new byte[] {127, 0, 0, 1};
final InetAddress ipAddress =
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
InetAddress.getByAddress(byteAddress);
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
return new NetworkInfo(hostname, ipAddress, macAddress);

56
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java
View File

@ -14,7 +14,6 @@ import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@ -80,10 +79,12 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
private static final String RDN_COMMA_SEPARATED =
"CN=STM TPM EK Intermediate CA 02, O=STMicroelectronics NV, C=CH";
private static final String RDN_MULTIVALUE =
"CN=Nuvoton TPM Root CA 2010+O=Nuvoton Technology Corporation+C=TW";
private static final String RDN_COMMA_SEPARATED_ORGANIZATION = "STMicroelectronics NV";
private static final String RDN_MULTIVALUE_ORGANIZATION = "Nuvoton Technology Corporation";
private static final String EK_CERT_WITH_PADDED_BYTES =
@ -135,6 +136,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
FAKE_ROOT_CA_FILE)).toURI())
)
);
assertEquals(
"CN=Fake Root CA",
certificate.getX509Certificate().getIssuerX500Principal().getName()
@ -144,12 +146,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
/**
* Ensure that a Certificate cannot be created from a null byte array.
*
* @throws IOException if the certificate could not be constructed properly
* @throws CertificateException if there is a problem de/serializing the certificate
* @throws IllegalArgumentException if there is a problem de/serializing the certificate
*/
@Test
public void testConstructCertFromNullByteArray()
throws IOException, CertificateException {
throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new CertificateAuthorityCredential((byte[]) null));
}
@ -157,12 +158,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
/**
* Ensure that a Certificate cannot be created from an empty byte array.
*
* @throws IOException if the certificate could not be constructed properly
* @throws CertificateException if there is a problem de/serializing the certificate
* @throws IllegalArgumentException if there is a problem de/serializing the certificate
*/
@Test
public void testConstructCertFromEmptyByteArray()
throws IOException, CertificateException {
throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new CertificateAuthorityCredential(new byte[] {}));
}
@ -179,6 +179,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
);
assertEquals(
"CN=Fake Root CA",
certificate.getX509Certificate().getIssuerX500Principal().getName()
@ -188,11 +189,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
/**
* Tests that a certificate cannot be constructed from a null path.
*
* @throws IOException if there is a problem reading the cert file at the given path
* @throws URISyntaxException if there is a problem constructing the URI
* @throws IllegalArgumentException if there is a problem constructing the URI
*/
@Test
public void testConstructCertFromNullPath() throws URISyntaxException, IOException {
public void testConstructCertFromNullPath() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new CertificateAuthorityCredential((Path) null));
}
@ -208,6 +208,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
assertEquals(
Certificate.CertificateType.X509_CERTIFICATE,
getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType());
assertNotEquals(
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType());
@ -222,7 +223,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
getTestCertificate(
PlatformCredential.class,
TEST_PLATFORM_CERT_3).getCertificateType());
}
/**
@ -256,7 +256,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
"GETY42100160",
((PlatformCredential) platformCredential).getPlatformSerial()
);
}
/**
@ -289,6 +288,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
@Test
public void testX509CertificateParsingExtended() throws IOException {
Certificate rootCert = getTestCertificate(INTEL_INT_CA_FILE);
assertEquals(
"https://trustedservices.intel.com/"
+ "content/TSC/certs/TSC_SS_RootCA_Certificate.cer\n",
@ -337,11 +337,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
* certificate.
*
* @throws IOException if there is a problem reading the cert file at the given path
* @throws URISyntaxException if there is a problem constructing the file's URI
*/
@Test
public void testX509AttributeCertificateParsingExtended()
throws IOException, URISyntaxException {
throws IOException {
Certificate platformCert = getTestCertificate(
PlatformCredential.class, TEST_PLATFORM_CERT_6);
@ -362,7 +361,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
public void testCertificateTrim() throws IOException, URISyntaxException {
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, 908);
final int finalPosition = 908;
byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, finalPosition);
Certificate ekCert = getTestCertificate(EndorsementCredential.class,
EK_CERT_WITH_PADDED_BYTES);
assertEquals(new BigInteger("16842032579184247954"), ekCert.getSerialNumber());
@ -384,6 +386,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
URISyntaxException {
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
assertThrows(IllegalArgumentException.class, () ->
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 2)),
".* No certificate length field could be found\\.");
@ -401,8 +404,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
URISyntaxException {
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
final int finalPosition = 4;
assertThrows(IllegalArgumentException.class, () ->
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 4)),
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)),
".* Certificate is nothing more than ASN.1 Sequence\\\\.");
}
@ -418,8 +423,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
URISyntaxException {
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
final int finalPosition = 42;
assertThrows(IllegalArgumentException.class, () ->
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 42)),
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)),
".* Value of certificate length field extends beyond"
+ " length of provided certificate\\.");
}
@ -428,12 +435,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
* Tests that the equals method on {@link Certificate} works as expected.
*
* @throws IOException if the certificate could not be constructed properly
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
* certificate
* @throws URISyntaxException if there is a problem constructing the path to the certificate
*/
@Test
public void testEquals() throws CertificateException, IOException, URISyntaxException {
public void testEquals() throws IOException, URISyntaxException {
assertEquals(
getTestCertificate(FAKE_ROOT_CA_FILE),
getTestCertificate(FAKE_ROOT_CA_FILE)
@ -472,14 +477,9 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
* Tests that the isIssuer method on {@link Certificate} works as expected.
*
* @throws IOException if the certificate could not be constructed properly
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
* certificate
* @throws NoSuchProviderException if the Bouncy Castle security provider is unavailable
* @throws URISyntaxException if there is a problem constructing the path to the certificate
*/
@Test
public void testIsIssuer() throws CertificateException, IOException, NoSuchProviderException,
URISyntaxException {
public void testIsIssuer() throws IOException {
Certificate issuerCert = getTestCertificate(FAKE_ROOT_CA_FILE);
Certificate cert = getTestCertificate(INT_CA_CERT02);
@ -491,12 +491,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
* Tests that the hashCode method on {@link Certificate} works as expected.
*
* @throws IOException if the certificate could not be constructed properly
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
* certificate
* @throws URISyntaxException if there is a problem constructing the path to the certificate
*/
@Test
public void testHashCode() throws CertificateException, IOException, URISyntaxException {
public void testHashCode() throws IOException, URISyntaxException {
assertEquals(
getTestCertificate(FAKE_ROOT_CA_FILE).hashCode(),
getTestCertificate(FAKE_ROOT_CA_FILE).hashCode()

10
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java
View File

@ -20,7 +20,7 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
* multiple test certificates.
*
* @return the test SupplyChainValidation
* @throws IOException if there si
* @throws IOException if there is a problem deserializing certificates
*/
public static SupplyChainValidation getTestSupplyChainValidation() throws IOException {
return getTestSupplyChainValidation(
@ -52,10 +52,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
/**
* Test that a SupplyChainValidation can't be instantiated with a null validation type.
*
* @throws IOException if there is a problem deserializing certificates
* @throws IllegalArgumentException if there is a problem deserializing certificates
*/
@Test
public void testNullValidationType() throws IOException {
public void testNullValidationType() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidation(
null,
@ -68,10 +68,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
/**
* Test that a SupplyChainValidation can't be instantiated with a null certificate list.
*
* @throws IOException if there is a problem deserializing certificates
* @throws IllegalArgumentException if there is a problem deserializing certificates
*/
@Test
public void testNullCertificates() throws IOException {
public void testNullCertificates() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidation(
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,

5
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java
View File

@ -153,7 +153,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
try {
new PlatformCredential(certPath);
//fail if it manage to parse the certificate
//fail if it manages to parse the certificate
fail("Invalid certificate was parsed.");
} catch (IOException ex) {
if (ex == null || ex.getMessage().isEmpty()) {
@ -194,8 +194,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Assertions.assertEquals(sigStr.toUpperCase(), EXPECTED_CERT_SIGNATURE_FOR_CERT_2);
String issuer = Certificate.getAttributeCertificateIssuerNames(
credential.getAttributeCertificate().getAcinfo().getIssuer()
)[0].toString();
credential.getAttributeCertificate().getAcinfo().getIssuer())[0].toString();
Assertions.assertEquals(credential.getManufacturer(), "Intel");
Assertions.assertEquals(credential.getModel(), "DE3815TYKH");

14
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/TPMSecurityAssertionsTest.java
View File

@ -19,14 +19,19 @@ public class TPMSecurityAssertionsTest {
public void testEkGenTypeEnum() {
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[0],
TPMSecurityAssertions.EkGenerationType.INTERNAL);
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[1],
TPMSecurityAssertions.EkGenerationType.INJECTED);
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[2],
TPMSecurityAssertions.EkGenerationType.INTERNAL_REVOCABLE);
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[3],
final int thirdPosition = 3;
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[thirdPosition],
TPMSecurityAssertions.EkGenerationType.INJECTED_REVOCABLE);
try {
assertNull(TPMSecurityAssertions.EkGenerationType.values()[4]);
final int positionOutOfBounds = 4;
assertNull(TPMSecurityAssertions.EkGenerationType.values()[positionOutOfBounds]);
fail();
} catch (ArrayIndexOutOfBoundsException e) {
}
@ -40,12 +45,15 @@ public class TPMSecurityAssertionsTest {
public void testGenLocationEnum() {
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[0],
TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER);
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[1],
TPMSecurityAssertions.EkGenerationLocation.PLATFORM_MANUFACTURER);
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[2],
TPMSecurityAssertions.EkGenerationLocation.EK_CERT_SIGNER);
try {
assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[3]);
final int positionOutOfBounds = 3;
assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[positionOutOfBounds]);
fail();
} catch (ArrayIndexOutOfBoundsException e) {
}

35
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java
View File

@ -18,14 +18,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
public class TPMInfoTest extends AbstractUserdefinedEntityTest {
private static final String TPM_MAKE = "test tpmMake";
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
private static final int RIGHT_PADDING_SIZE = 65;
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", RIGHT_PADDING_SIZE);
private static final short VERSION_MAJOR = 1;
private static final short VERSION_MINOR = 2;
private static final short VERSION_REV_MAJOR = 3;
private static final short VERSION_REV_MINOR = 4;
private static final Logger LOGGER = LogManager
.getLogger(TPMInfoTest.class);
private static final Logger LOGGER = LogManager.getLogger(TPMInfoTest.class);
/**
* Tests instantiation and getters of a TPMInfo object.
@ -59,9 +64,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the TPM make information cannot be null.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void tpmMakeNullTest() {
public final void tpmMakeNullTest() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(null, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
VERSION_REV_MINOR, getTestIdentityCertificate()));
@ -69,9 +76,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the TPM make information cannot be longer than 64 characters.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void tpmMakeLongTest() {
public final void tpmMakeLongTest() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(LONG_TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
VERSION_REV_MINOR, getTestIdentityCertificate()));
@ -80,9 +89,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the version major number info cannot be set to negative
* values.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void testTPMInfoInvalidVersionMajor() {
public final void testTPMInfoInvalidVersionMajor() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(TPM_MAKE, (short) -1, VERSION_MINOR, VERSION_REV_MAJOR,
VERSION_REV_MINOR, getTestIdentityCertificate()));
@ -91,9 +102,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the version minor number info cannot be set to negative
* values.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void testTPMInfoInvalidVersionMinor() {
public final void testTPMInfoInvalidVersionMinor() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) -1, VERSION_REV_MAJOR,
VERSION_REV_MINOR, getTestIdentityCertificate()));
@ -102,9 +115,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the version revision major numbers cannot be set to negative
* values.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void testTPMInfoInvalidVersionRevMajor() {
public final void testTPMInfoInvalidVersionRevMajor() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) -1,
VERSION_REV_MINOR, getTestIdentityCertificate()));
@ -113,9 +128,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the version revision minor numbers cannot be set to negative
* values.
*
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
*/
@Test
public final void testTPMInfoInvalidVersionRevMinor() {
public final void testTPMInfoInvalidVersionRevMinor() throws IllegalArgumentException {
assertThrows(IllegalArgumentException.class, () ->
new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
(short) -1, getTestIdentityCertificate()));

58
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
View File

@ -99,70 +99,114 @@ public class SupplyChainCredentialValidatorTest {
* SecureRandom instance.
*/
static final SecureRandom SECURE_RANDOM = new SecureRandom();
private static final String JSON_FILE = "/config/component-class.json";
private static final String SAMPLE_PACCOR_OUTPUT_TXT = "/hirs/validation/sample_paccor_output.txt";
private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT
= "/hirs/validation/sample_paccor_output_not_specified_values.txt";
private static final String SAMPLE_TEST_PACCOR_CERT
= "/validation/platform_credentials_2/paccor_platform_cert.crt";
private static final String SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT
= "/hirs/validation/sample_paccor_output_with_extra_component.txt";
private static final String TEST_SIGNING_KEY = "/validation/platform_credentials/ca.pub";
private static final String TEST_PLATFORM_CRED =
"/validation/platform_credentials/plat_cert1.pem";
private static final String TEST_PLATFORM_CRED2 =
"/validation/platform_credentials/pciids_plat_cert_2-0.pem";
private static final String TEST_PLATFORM_CRED_BASE_CHASIS_COMBO =
"/validation/platform_credentials/Intel_pc5.pem";
private static final String TEST_BOARD_SERIAL_NUMBER = "GETY421001GV";
private static final String TEST_CHASSIS_SERIAL_NUMBER = "G6YK42300C87";
private static final String TEST_EK_CERT = "/certificates/nuc-2/tpmcert.pem";
private static final String TEST_EK_CERT_2 = "/certificates/nuc-1/tpmcert.pem";
private static final String TEST_COMPONENT_MANUFACTURER = "Intel";
private static final String TEST_COMPONENT_MODEL = "platform2018";
private static final String TEST_COMPONENT_REVISION = "1.0";
private static final String BAD_SERIAL = "BAD_SERIAL";
//-------Actual ST Micro Endorsement Credential Certificate Chain!--------------
private static final String EK_CERT = "";
private static final String INT_CA_CERT02 = "/certificates/fakestmtpmekint02.pem";
//-------Generated Intel Credential Certificate Chain--------------
private static final String INTEL_PLATFORM_CERT =
"/validation/platform_credentials/plat_cert3.pem";
private static final String INTEL_PLATFORM_CERT_2 =
"/validation/platform_credentials/Intel_pc2.pem";
private static final String INTEL_PLATFORM_CERT_3 =
"/validation/platform_credentials/pciids_plat_cert_2-0.pem";
private static final String INTEL_INT_CA =
"/validation/platform_credentials/intel_chain/root/intermediate1.crt";
private static final String FAKE_ROOT_CA =
"/validation/platform_credentials/intel_chain/root/rootca.crt";
private static final String PLATFORM_MANUFACTURER = "Intel";
private static final String PLATFORM_MODEL = "S2600KP";
private static final String PLATFORM_VERSION = "H76962-350";
//-------Original Intel Credential Certificate Chain--------------
private static final String INTEL_PLATFORM_CERT_ORIG =
"/certificates/fakeIntel_S2600KP_F00F00F00F00.pem";
private static final String INTEL_ORIG_INT_CA_ORIG =
"/certificates/fakeIntelIntermediateCA.pem";
private static final String FAKE_ROOT_CA_ORIG =
"/certificates/fakeCA.pem";
//-------Fake SGI Credential Certificate Chain--------------
private static final String SGI_PLATFORM_CERT = "/certificates/fakeSGI_J2_F00F00F0.pem";
private static final String SGI_INT_CA = "/certificates/fakeSGIIntermediateCA.pem";
private static final String SGI_CRED_SERIAL_NUMBER = "F00F00F0";
//-------Actual Intel NUC Platform --------------
private static final String NUC_PLATFORM_CERT =
"/certificates/Intel_nuc_pc.pem";
private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER = "GETY421001DY";
private static final String NUC_PLATFORM_CERT2 =
"/certificates/Intel_nuc_pc2.pem";
private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER2 = "GETY4210001M";
private static final String INTEL_SIGNING_KEY = "/certificates/IntelSigningKey_20April2017.pem";
private static final String NEW_NUC1 =
"/validation/platform_credentials/Intel_pc3.cer";
private static HardwareInfo hardwareInfo;
private static KeyStore keyStore;
private static KeyStore emptyKeyStore;
private final SupplyChainCredentialValidator supplyChainCredentialValidator =
new SupplyChainCredentialValidator();
private final CredentialValidator credentialValidator =
@ -171,11 +215,14 @@ public class SupplyChainCredentialValidatorTest {
/**
* Sets up a KeyStore for testing.
*
* @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
* @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
* @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the
* specified type.
* @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore
* cannot be found
* @throws CertificateException if any of the certificates in the keystore could not be loaded
* @throws IOException if there is an I/O or format problem with the keystore data, if a password is
* required but not given, or if the given password was incorrect
* @throws IOException if there is an I/O or format problem with the keystore data,
* if a password is required but not given,
* or if the given password was incorrect
*/
@BeforeAll
public static void setUp() throws KeyStoreException, NoSuchAlgorithmException,
@ -362,7 +409,8 @@ public class SupplyChainCredentialValidatorTest {
private static InetAddress getTestIpAddress() {
try {
return InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
final byte[] byteAddress = new byte[] {127, 0, 0, 1};
return InetAddress.getByAddress(byteAddress);
} catch (UnknownHostException e) {
return null;
}

6
config/checkstyle/checkstyle.xml
View File

@ -68,7 +68,9 @@
<!-- Checks for Size Violations. -->
<!-- See https://checkstyle.org/checks/sizes/index.html -->
<module name="FileLength"/>
<module name="FileLength">
<property name="max" value="3000"/>
</module>
<module name="LineLength">
<property name="fileExtensions" value="java"/>
<property name="max" value="110"/>
@ -134,7 +136,7 @@
<!-- Checks for Size Violations. -->
<!-- See https://checkstyle.org/checks/sizes/index.html -->
<module name="MethodLength">
<property name="max" value="300"/>
<property name="max" value="350"/>
</module>
<!-- Checks for whitespace -->