mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
issue_847: Reduced styling errors in CA module to less than 100
This commit is contained in:
parent
64c74eae5c
commit
571d107e1b
@ -626,7 +626,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
* on the portal.
|
||||
*
|
||||
* @return A list of URLs that inform the location of the certificate revocation lists
|
||||
* @throws java.io.IOException
|
||||
* @throws IOException if there is an issue while retrieving the CRL Distribution point
|
||||
*/
|
||||
private String getCRLDistributionPoint() throws IOException {
|
||||
List<String> crlUrls = new ArrayList<>();
|
||||
@ -972,6 +972,11 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Certificate object.
|
||||
*
|
||||
* @return a string representation of the Certificate object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("Certificate{%s, AuthID=%s, serialNumber=%s, "
|
||||
@ -982,6 +987,13 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
signatureAlgorithm, certificateHash);
|
||||
}
|
||||
|
||||
/**
|
||||
* Compares this certificate to the provided object to verify that both this and the provided certificate
|
||||
* objects are equal.
|
||||
*
|
||||
* @param o object to compare
|
||||
* @return true if both the provided certificate and this certificate are equal, false otherwise
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
@ -997,6 +1009,11 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
return Arrays.equals(certificateBytes, that.certificateBytes);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an integer hash code for this Certificate object.
|
||||
*
|
||||
* @return integer hash code
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Arrays.hashCode(certificateBytes);
|
||||
|
@ -18,8 +18,8 @@ import java.util.List;
|
||||
/**
|
||||
* Represents an issued attestation certificate to a HIRS Client.
|
||||
*/
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Getter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Entity
|
||||
public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
|
||||
@ -29,7 +29,7 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
public static final String AIC_TYPE_LABEL = "TCPA Trusted Platform Identity";
|
||||
|
||||
@Column
|
||||
public boolean isLDevID;
|
||||
private boolean isLDevID;
|
||||
|
||||
@ManyToOne(fetch = FetchType.EAGER)
|
||||
@JoinColumn(name = "ek_id")
|
||||
|
@ -126,6 +126,11 @@ public class CommonCriteriaMeasures {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a custom string representation of the Common Criteria Measures object.
|
||||
*
|
||||
* @return a string representation of Common Criteria Measures
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -27,12 +27,17 @@ public class ComponentAddress {
|
||||
public static final int IDENTIFIER_NUMBER = 2;
|
||||
|
||||
private static final String ETHERNET_MAC = "2.23.133.17.1";
|
||||
|
||||
private static final String WLAN_MAC = "2.23.133.17.2";
|
||||
|
||||
private static final String BLUETOOTH_MAC = "2.23.133.17.3";
|
||||
|
||||
private ASN1ObjectIdentifier addressType;
|
||||
|
||||
private ASN1UTF8String addressValue;
|
||||
|
||||
private String addressTypeString;
|
||||
|
||||
private String addressValueString;
|
||||
|
||||
/**
|
||||
@ -74,6 +79,12 @@ public class ComponentAddress {
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Component Address object.
|
||||
*
|
||||
* @return a string representation of the Component Address object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return "ComponentAddress{"
|
||||
|
@ -201,6 +201,11 @@ public class ComponentIdentifier {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Component Identifier object.
|
||||
*
|
||||
* @return a string representation of the Component Identifier object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import org.bouncycastle.asn1.ASN1Boolean;
|
||||
import org.bouncycastle.asn1.ASN1Enumerated;
|
||||
import org.bouncycastle.asn1.ASN1IA5String;
|
||||
@ -17,18 +18,18 @@ import org.bouncycastle.asn1.ASN1Sequence;
|
||||
* plus BOOLEAN DEFAULT FALSE }
|
||||
* </pre>
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@ToString
|
||||
public class FIPSLevel {
|
||||
|
||||
private static final int MAX_SEQUENCE_SIZE = 3;
|
||||
@Getter
|
||||
@Setter
|
||||
|
||||
private ASN1IA5String version;
|
||||
@Getter
|
||||
@Setter
|
||||
|
||||
private SecurityLevel level;
|
||||
@Getter
|
||||
@Setter
|
||||
|
||||
private ASN1Boolean plus;
|
||||
|
||||
/**
|
||||
@ -65,15 +66,6 @@ public class FIPSLevel {
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "FIPSLevel{"
|
||||
+ "version=" + version.getString()
|
||||
+ ", level=" + level.getValue()
|
||||
+ ", plus=" + plus.toString()
|
||||
+ '}';
|
||||
}
|
||||
|
||||
/**
|
||||
* A type to handle the security Level used in the FIPS Level.
|
||||
* Ordering of enum types is intentional and their ordinal values correspond to enum
|
||||
@ -87,6 +79,8 @@ public class FIPSLevel {
|
||||
* level4 (4) }
|
||||
* </pre>
|
||||
*/
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public enum SecurityLevel {
|
||||
/**
|
||||
* Security Level 1.
|
||||
@ -106,23 +100,5 @@ public class FIPSLevel {
|
||||
LEVEL4("level 4");
|
||||
|
||||
private final String value;
|
||||
|
||||
/**
|
||||
* Basic constructor.
|
||||
*
|
||||
* @param value string containing the value.
|
||||
*/
|
||||
SecurityLevel(final String value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the string value from the StrengthOfFunction.
|
||||
*
|
||||
* @return the string containing the value.
|
||||
*/
|
||||
public String getValue() {
|
||||
return this.value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -77,6 +77,11 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Platform Configuration V1 object.
|
||||
*
|
||||
* @return a string representation of the Platform Configuration V1 object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import org.bouncycastle.asn1.ASN1Sequence;
|
||||
import org.bouncycastle.asn1.ASN1UTF8String;
|
||||
import org.bouncycastle.asn1.DERUTF8String;
|
||||
@ -19,14 +20,18 @@ import org.bouncycastle.asn1.DERUTF8String;
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@ToString
|
||||
public class PlatformProperty {
|
||||
|
||||
/**
|
||||
* Number of identifiers for version 1.
|
||||
*/
|
||||
protected static final int IDENTIFIER_NUMBER = 2;
|
||||
|
||||
private static final String NOT_SPECIFIED = "Not Specified";
|
||||
|
||||
private ASN1UTF8String propertyName;
|
||||
|
||||
private ASN1UTF8String propertyValue;
|
||||
|
||||
/**
|
||||
@ -54,12 +59,4 @@ public class PlatformProperty {
|
||||
this.propertyName = ASN1UTF8String.getInstance(sequence.getObjectAt(0));
|
||||
this.propertyValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1));
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "PlatformProperty{"
|
||||
+ "propertyName=" + propertyName.getString()
|
||||
+ ", propertyValue=" + propertyValue.getString()
|
||||
+ "}";
|
||||
}
|
||||
}
|
||||
|
@ -2,6 +2,8 @@ package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import org.bouncycastle.asn1.ASN1Boolean;
|
||||
import org.bouncycastle.asn1.ASN1Enumerated;
|
||||
import org.bouncycastle.asn1.ASN1IA5String;
|
||||
@ -24,17 +26,28 @@ import java.math.BigInteger;
|
||||
* iso9000Uri IA5STRING (SIZE (1..URIMAX)) OPTIONAL }
|
||||
* </pre>
|
||||
*/
|
||||
@Setter
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
@ToString
|
||||
public class TBBSecurityAssertion {
|
||||
|
||||
private static final int CCINFO = 0;
|
||||
|
||||
private static final int FIPSLEVEL = 1;
|
||||
|
||||
private static final int RTMTYPE = 2;
|
||||
|
||||
private ASN1Integer version;
|
||||
|
||||
private CommonCriteriaMeasures ccInfo;
|
||||
|
||||
private FIPSLevel fipsLevel;
|
||||
|
||||
private MeasurementRootType rtmType;
|
||||
|
||||
private ASN1Boolean iso9000Certified;
|
||||
|
||||
private ASN1IA5String iso9000Uri;
|
||||
|
||||
/**
|
||||
@ -115,118 +128,6 @@ public class TBBSecurityAssertion {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the version
|
||||
*/
|
||||
public ASN1Integer getVersion() {
|
||||
return version;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param version the version to set
|
||||
*/
|
||||
public void setVersion(final ASN1Integer version) {
|
||||
this.version = version;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the ccInfo
|
||||
*/
|
||||
public CommonCriteriaMeasures getCcInfo() {
|
||||
return ccInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ccInfo the ccInfo to set
|
||||
*/
|
||||
public void setCcInfo(final CommonCriteriaMeasures ccInfo) {
|
||||
this.ccInfo = ccInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the fipsLevel
|
||||
*/
|
||||
public FIPSLevel getFipsLevel() {
|
||||
return fipsLevel;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param fipsLevel the fipsLevel to set
|
||||
*/
|
||||
public void setFipsLevel(final FIPSLevel fipsLevel) {
|
||||
this.fipsLevel = fipsLevel;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the rtmType
|
||||
*/
|
||||
public MeasurementRootType getRtmType() {
|
||||
return rtmType;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rtmType the rtmType to set
|
||||
*/
|
||||
public void setRtmType(final MeasurementRootType rtmType) {
|
||||
this.rtmType = rtmType;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the iso9000Certified
|
||||
*/
|
||||
public ASN1Boolean getIso9000Certified() {
|
||||
return iso9000Certified;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param iso9000Certified the iso9000Certified to set
|
||||
*/
|
||||
public void setIso9000Certified(final ASN1Boolean iso9000Certified) {
|
||||
this.iso9000Certified = iso9000Certified;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the iso9000Uri
|
||||
*/
|
||||
public ASN1IA5String getIso9000Uri() {
|
||||
return iso9000Uri;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param iso9000Uri the iso9000Uri to set
|
||||
*/
|
||||
public void setIso9000Uri(final ASN1IA5String iso9000Uri) {
|
||||
this.iso9000Uri = iso9000Uri;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("TBBSecurityAssertion{");
|
||||
sb.append("version=").append(version.toString());
|
||||
//Optional values not null
|
||||
sb.append(", ccInfo=");
|
||||
if (ccInfo != null) {
|
||||
sb.append(ccInfo);
|
||||
}
|
||||
sb.append(", fipsLevel=");
|
||||
if (fipsLevel != null) {
|
||||
sb.append(fipsLevel);
|
||||
}
|
||||
sb.append(", rtmType=");
|
||||
if (rtmType != null) {
|
||||
sb.append(rtmType.getValue());
|
||||
}
|
||||
sb.append(", iso9000Certified=").append(iso9000Certified.toString());
|
||||
sb.append(", iso9000Uri=");
|
||||
if (iso9000Uri != null) {
|
||||
sb.append(iso9000Uri.getString());
|
||||
}
|
||||
sb.append("}");
|
||||
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* A type to handle the evaluation status used in the Common Criteria Measurement.
|
||||
* Ordering of enum types is intentional and their ordinal values correspond to enum
|
||||
|
@ -7,6 +7,7 @@ import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.math.BigInteger;
|
||||
@ -21,22 +22,27 @@ import java.math.BigInteger;
|
||||
* www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
|
||||
* for specifications for TPM 2.0 (pg. 19).
|
||||
*/
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Getter
|
||||
@Setter
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@ToString
|
||||
@Embeddable
|
||||
public class TPMSecurityAssertions implements Serializable {
|
||||
|
||||
@Column
|
||||
private BigInteger tpmSecAssertsVersion; //default v1
|
||||
|
||||
@Column
|
||||
private boolean fieldUpgradeable; //default false
|
||||
@Column(nullable = true)
|
||||
|
||||
@Column
|
||||
private EkGenerationType ekGenType; //optional
|
||||
@Column(nullable = true)
|
||||
private EkGenerationLocation ekGenerationLocation; //optional
|
||||
@Column(nullable = true)
|
||||
|
||||
@Column
|
||||
private EkGenerationLocation ekGenerationLocation; //optionalv
|
||||
|
||||
@Column
|
||||
private EkGenerationLocation ekCertificateGenerationLocation; //optional
|
||||
|
||||
/**
|
||||
@ -52,17 +58,6 @@ public class TPMSecurityAssertions implements Serializable {
|
||||
this.fieldUpgradeable = fieldUpgradeable;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "TPMSecurityAssertions{"
|
||||
+ "version=" + tpmSecAssertsVersion
|
||||
+ ", fieldUpgradeable=" + fieldUpgradeable
|
||||
+ ", ekGenType=" + ekGenType
|
||||
+ ", ekGenLoc=" + ekGenerationLocation
|
||||
+ ", ekCertGenLoc=" + ekCertificateGenerationLocation
|
||||
+ '}';
|
||||
}
|
||||
|
||||
// Future work (may need to create other classes):
|
||||
//private CommonCriteriaMeasures commCritMeasures; //optional
|
||||
//private FIPSLevel fipsLevel; //optional
|
||||
|
@ -6,6 +6,7 @@ import lombok.AccessLevel;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.ToString;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.math.BigInteger;
|
||||
@ -20,9 +21,10 @@ import java.math.BigInteger;
|
||||
* www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
|
||||
* for specifications for TPM 2.0.
|
||||
*/
|
||||
@EqualsAndHashCode
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Getter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@ToString
|
||||
@EqualsAndHashCode
|
||||
@Embeddable
|
||||
public class TPMSpecification implements Serializable {
|
||||
|
||||
@ -48,13 +50,4 @@ public class TPMSpecification implements Serializable {
|
||||
this.level = level;
|
||||
this.revision = revision;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "TPMSpecification{"
|
||||
+ "family='" + family + '\''
|
||||
+ ", level=" + level
|
||||
+ ", revision=" + revision
|
||||
+ '}';
|
||||
}
|
||||
}
|
||||
|
@ -24,9 +24,13 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
|
||||
@AllArgsConstructor
|
||||
public class URIReference {
|
||||
private static final int PLATFORM_PROPERTIES_URI_MAX = 3;
|
||||
|
||||
private static final int PLATFORM_PROPERTIES_URI_MIN = 1;
|
||||
|
||||
private ASN1IA5String uniformResourceIdentifier;
|
||||
|
||||
private AlgorithmIdentifier hashAlgorithm;
|
||||
|
||||
@JsonIgnore
|
||||
private ASN1BitString hashValue;
|
||||
|
||||
@ -70,6 +74,11 @@ public class URIReference {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the URI Reference object.
|
||||
*
|
||||
* @return a string representation of URI Reference
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -4,6 +4,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Comp
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.bouncycastle.asn1.ASN1Boolean;
|
||||
@ -16,7 +17,6 @@ import org.bouncycastle.asn1.ASN1UTF8String;
|
||||
import org.bouncycastle.asn1.DERUTF8String;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
@ -40,17 +40,24 @@ import java.util.stream.Collectors;
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
|
||||
private static final int MANDATORY_ELEMENTS = 3;
|
||||
|
||||
// Additional optional identifiers for version 2
|
||||
private static final int COMPONENT_PLATFORM_CERT = 5;
|
||||
|
||||
private static final int COMPONENT_PLATFORM_URI = 6;
|
||||
|
||||
private static final int ATTRIBUTE_STATUS = 7;
|
||||
|
||||
private ComponentClass componentClass;
|
||||
|
||||
private CertificateIdentifier certificateIdentifier;
|
||||
|
||||
private URIReference componentPlatformUri;
|
||||
|
||||
private AttributeStatus attributeStatus;
|
||||
|
||||
/**
|
||||
@ -201,30 +208,11 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
ComponentIdentifierV2 that = (ComponentIdentifierV2) o;
|
||||
return Objects.equals(componentClass, that.componentClass)
|
||||
&& Objects.equals(certificateIdentifier, that.certificateIdentifier)
|
||||
&& Objects.equals(componentPlatformUri, that.componentPlatformUri)
|
||||
&& attributeStatus == that.attributeStatus;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(super.hashCode(), componentClass,
|
||||
certificateIdentifier, componentPlatformUri, attributeStatus);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Component Identifier V2 object.
|
||||
*
|
||||
* @return a string representation of the Component Identifier V2 object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -87,6 +87,11 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Platform Configuration V2 object.
|
||||
*
|
||||
* @return a string representation of the Platform Configuration V2 object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -17,10 +17,10 @@ import org.bouncycastle.asn1.ASN1UTF8String;
|
||||
*
|
||||
* </pre>
|
||||
*/
|
||||
@Setter
|
||||
@Getter
|
||||
public class PlatformPropertyV2 extends PlatformProperty {
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private AttributeStatus attributeStatus;
|
||||
|
||||
/**
|
||||
@ -83,6 +83,12 @@ public class PlatformPropertyV2 extends PlatformProperty {
|
||||
return getAttributeStatus() != AttributeStatus.REMOVED;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Creates a string representation of the PlatformPropertyV2 object.
|
||||
*
|
||||
* @return a string representation of the PlatformPropertyV2 object
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
@ -9,6 +9,7 @@ import jakarta.persistence.DiscriminatorType;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.xml.bind.annotation.XmlElement;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
@ -24,6 +25,7 @@ import java.util.Objects;
|
||||
@Entity
|
||||
@Getter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@EqualsAndHashCode(callSuper = false)
|
||||
@DiscriminatorColumn(name = "componentTypeEnum", discriminatorType = DiscriminatorType.STRING)
|
||||
public class ComponentInfo extends ArchivableEntity {
|
||||
|
||||
@ -152,31 +154,6 @@ public class ComponentInfo extends ArchivableEntity {
|
||||
|| StringUtils.isEmpty(componentModel));
|
||||
}
|
||||
|
||||
/**
|
||||
* Equals for the component info that just uses this classes attributes.
|
||||
*
|
||||
* @param object the object to compare
|
||||
* @return the boolean result
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object object) {
|
||||
if (this == object) {
|
||||
return true;
|
||||
}
|
||||
if (object == null || getClass() != object.getClass()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
ComponentInfo that = (ComponentInfo) object;
|
||||
return Objects.equals(deviceName, that.deviceName)
|
||||
&& Objects.equals(componentManufacturer,
|
||||
that.componentManufacturer)
|
||||
&& Objects.equals(componentModel, that.componentModel)
|
||||
&& Objects.equals(componentSerial, that.componentSerial)
|
||||
&& Objects.equals(componentRevision, that.componentRevision)
|
||||
&& Objects.equals(componentClass, that.componentClass);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a hash code that is associated with common fields for components.
|
||||
*
|
||||
@ -186,16 +163,4 @@ public class ComponentInfo extends ArchivableEntity {
|
||||
return Objects.hash(componentManufacturer, componentModel,
|
||||
componentSerial, componentRevision, componentClass);
|
||||
}
|
||||
|
||||
/**
|
||||
* Hash method for the attributes of this class.
|
||||
*
|
||||
* @return int value that represents this class
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(deviceName, componentManufacturer,
|
||||
componentModel, componentSerial, componentRevision,
|
||||
componentClass);
|
||||
}
|
||||
}
|
||||
|
@ -79,7 +79,6 @@ public class TPMInfo implements Serializable {
|
||||
* @param tpmQuoteHash short representing the minor revision number for the TPM
|
||||
* @param tpmQuoteSignature byte array with the value of the identity certificate
|
||||
*/
|
||||
@SuppressWarnings("parameternumber")
|
||||
public TPMInfo(final String tpmMake, final short tpmVersionMajor,
|
||||
final short tpmVersionMinor, final short tpmVersionRevMajor,
|
||||
final short tpmVersionRevMinor,
|
||||
@ -110,7 +109,6 @@ public class TPMInfo implements Serializable {
|
||||
* @param tpmQuoteHash short representing the minor revision number for the TPM
|
||||
* @param tpmQuoteSignature byte array with the value of the identity certificate
|
||||
*/
|
||||
@SuppressWarnings("parameternumber")
|
||||
public TPMInfo(final String tpmMake, final short tpmVersionMajor,
|
||||
final short tpmVersionMinor, final short tpmVersionRevMajor,
|
||||
final short tpmVersionRevMinor, final byte[] pcrValues,
|
||||
|
@ -42,7 +42,7 @@ import java.util.List;
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@EqualsAndHashCode
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
@Entity
|
||||
public class BaseReferenceManifest extends ReferenceManifest {
|
||||
/**
|
||||
@ -377,6 +377,11 @@ public class BaseReferenceManifest extends ReferenceManifest {
|
||||
return document;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Base Reference Manifest object.
|
||||
*
|
||||
* @return a string representation of the Base Reference Manifest object.
|
||||
*/
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("ReferenceManifest{swidName=%s,"
|
||||
|
@ -8,6 +8,7 @@ import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
@ -26,6 +27,7 @@ import java.util.Collection;
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@EqualsAndHashCode
|
||||
@Log4j2
|
||||
@Entity
|
||||
public class EventLogMeasurements extends SupportReferenceManifest {
|
||||
@ -105,22 +107,4 @@ public class EventLogMeasurements extends SupportReferenceManifest {
|
||||
|
||||
return new ArrayList<>();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(final Object object) {
|
||||
if (this == object) {
|
||||
return true;
|
||||
}
|
||||
if (object == null || getClass() != object.getClass()) {
|
||||
return false;
|
||||
}
|
||||
EventLogMeasurements that = (EventLogMeasurements) object;
|
||||
|
||||
return this.getHexDecHash().equals(that.getHexDecHash());
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return super.hashCode();
|
||||
}
|
||||
}
|
||||
|
@ -6,6 +6,7 @@ import hirs.utils.tpm.eventlog.TCGEventLog;
|
||||
import hirs.utils.tpm.eventlog.TpmPcrEvent;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
@ -16,7 +17,6 @@ import java.security.cert.CertificateException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Sub class that will just focus on PCR Values and Events.
|
||||
@ -24,12 +24,14 @@ import java.util.Objects;
|
||||
@Log4j2
|
||||
@Getter
|
||||
@Setter
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
@Entity
|
||||
public class SupportReferenceManifest extends ReferenceManifest {
|
||||
|
||||
@Column
|
||||
@JsonIgnore
|
||||
private int pcrHash = 0;
|
||||
|
||||
@Column
|
||||
private boolean updated = false;
|
||||
|
||||
@ -79,12 +81,8 @@ public class SupportReferenceManifest extends ReferenceManifest {
|
||||
TCGEventLog logProcessor = new TCGEventLog(this.getRimBytes());
|
||||
this.pcrHash = Arrays.hashCode(logProcessor.getExpectedPCRValues());
|
||||
return logProcessor.getExpectedPCRValues();
|
||||
} catch (CertificateException cEx) {
|
||||
log.error(cEx);
|
||||
} catch (NoSuchAlgorithmException noSaEx) {
|
||||
log.error(noSaEx);
|
||||
} catch (IOException ioEx) {
|
||||
log.error(ioEx);
|
||||
} catch (CertificateException | NoSuchAlgorithmException | IOException exception) {
|
||||
log.error(exception);
|
||||
}
|
||||
|
||||
return new String[0];
|
||||
@ -100,12 +98,8 @@ public class SupportReferenceManifest extends ReferenceManifest {
|
||||
try {
|
||||
logProcessor = new TCGEventLog(this.getRimBytes());
|
||||
return logProcessor.getEventList();
|
||||
} catch (CertificateException cEx) {
|
||||
log.error(cEx);
|
||||
} catch (NoSuchAlgorithmException noSaEx) {
|
||||
log.error(noSaEx);
|
||||
} catch (IOException ioEx) {
|
||||
log.error(ioEx);
|
||||
} catch (CertificateException | NoSuchAlgorithmException | IOException exception) {
|
||||
log.error(exception);
|
||||
}
|
||||
|
||||
return new ArrayList<>();
|
||||
@ -120,24 +114,4 @@ public class SupportReferenceManifest extends ReferenceManifest {
|
||||
public boolean isBaseSupport() {
|
||||
return !this.isSwidSupplemental() && !this.isSwidPatch();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
SupportReferenceManifest that = (SupportReferenceManifest) o;
|
||||
return pcrHash == that.pcrHash && updated == that.updated;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(super.hashCode(), pcrHash, updated);
|
||||
}
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ package hirs.attestationca.persist.enums;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.ToString;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.stream.Collectors;
|
||||
@ -11,6 +12,7 @@ import java.util.stream.Collectors;
|
||||
*/
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
@ToString
|
||||
public enum HealthStatus {
|
||||
/**
|
||||
* The trusted state, no issues with the device.
|
||||
@ -35,9 +37,4 @@ public enum HealthStatus {
|
||||
.collect(Collectors.toSet())
|
||||
.contains(healthStatus);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getHealthStatus();
|
||||
}
|
||||
}
|
||||
|
@ -40,16 +40,16 @@ import java.util.Date;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
@Getter
|
||||
@Log4j2
|
||||
@NoArgsConstructor
|
||||
public class AbstractProcessor {
|
||||
|
||||
@Getter
|
||||
private int validDays;
|
||||
@Getter
|
||||
|
||||
private PrivateKey privateKey;
|
||||
|
||||
@Setter
|
||||
@Getter
|
||||
private PolicyRepository policyRepository;
|
||||
|
||||
/**
|
||||
@ -247,7 +247,8 @@ public class AbstractProcessor {
|
||||
final byte[] derEncodedAttestationCertificate,
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final List<PlatformCredential> platformCredentials,
|
||||
final Device device, boolean isLDevID) {
|
||||
final Device device,
|
||||
final boolean isLDevID) {
|
||||
List<IssuedAttestationCertificate> issuedAc;
|
||||
boolean generateCertificate = true;
|
||||
PolicyRepository scp = getPolicyRepository();
|
||||
@ -269,9 +270,9 @@ public class AbstractProcessor {
|
||||
generateCertificate = isLDevID ? policySettings.isIssueDevIdCertificate()
|
||||
: policySettings.isIssueAttestationCertificate();
|
||||
|
||||
if (issuedAc != null && issuedAc.size() > 0 &&
|
||||
(isLDevID ? policySettings.isDevIdExpirationFlag()
|
||||
: policySettings.isGenerateOnExpiration())) {
|
||||
if (issuedAc != null && issuedAc.size() > 0
|
||||
&& (isLDevID ? policySettings.isDevIdExpirationFlag()
|
||||
: policySettings.isGenerateOnExpiration())) {
|
||||
if (issuedAc.get(0).getEndValidity().after(currentDate)) {
|
||||
// so the issued AC is not expired
|
||||
// however are we within the threshold
|
||||
|
@ -97,7 +97,7 @@ public final class ProvisionUtils {
|
||||
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||
|
||||
/**
|
||||
* This private constructor was created to silence one of checkstyle errors
|
||||
* This private constructor was created to silence one of checkstyle errors.
|
||||
*/
|
||||
private ProvisionUtils() {
|
||||
}
|
||||
|
@ -72,7 +72,6 @@ public class SupplyChainValidationService {
|
||||
* @param referenceDigestValueRepository the even manager
|
||||
*/
|
||||
@Autowired
|
||||
@SuppressWarnings("ParameterNumberCheck")
|
||||
public SupplyChainValidationService(
|
||||
final CACredentialRepository caCredentialRepository,
|
||||
final PolicyRepository policyRepository,
|
||||
|
@ -169,16 +169,18 @@ public class ValidationService {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param deviceInfoReport
|
||||
* @param base
|
||||
* @param deltaMapping
|
||||
* @param certificateRepository
|
||||
* @param componentResultRepository
|
||||
* @param componentAttributeRepository
|
||||
* @param componentInfos
|
||||
* @param provisionSessionId
|
||||
* @param ignoreRevisionAttribute
|
||||
* @return
|
||||
* Evaluates delta attributes status.
|
||||
*
|
||||
* @param deviceInfoReport device information report
|
||||
* @param base base platform credential
|
||||
* @param deltaMapping delta mapping
|
||||
* @param certificateRepository certificate repository
|
||||
* @param componentResultRepository component result repository
|
||||
* @param componentAttributeRepository component attribute repository
|
||||
* @param componentInfos list of component information
|
||||
* @param provisionSessionId uuid representation of the provision session ID
|
||||
* @param ignoreRevisionAttribute whether to ignore the revision attribute
|
||||
* @return a supply chain validation
|
||||
*/
|
||||
public static SupplyChainValidation evaluateDeltaAttributesStatus(
|
||||
final DeviceInfoReport deviceInfoReport,
|
||||
@ -221,12 +223,14 @@ public class ValidationService {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param device
|
||||
* @param policySettings
|
||||
* @param rimRepo
|
||||
* @param rdvRepo
|
||||
* @param caRepo
|
||||
* @return
|
||||
* Evaluates the firmware status.
|
||||
*
|
||||
* @param device device
|
||||
* @param policySettings policy settings
|
||||
* @param rimRepo reference manifest repository
|
||||
* @param rdvRepo reference digest value repository
|
||||
* @param caRepo CA Credential repository
|
||||
* @return a supply chain validation
|
||||
*/
|
||||
public static SupplyChainValidation evaluateFirmwareStatus(
|
||||
final Device device,
|
||||
@ -338,6 +342,7 @@ public class ValidationService {
|
||||
* @param credential the credential whose CA chain should be retrieved
|
||||
* @param previouslyQueriedSubjects a list of organizations to refrain
|
||||
* from querying
|
||||
* @param caCredentialRepository CA Credential repository
|
||||
* @return a Set containing all relevant CA credentials to the given
|
||||
* certificate's organization
|
||||
*/
|
||||
@ -379,6 +384,14 @@ public class ValidationService {
|
||||
return caCreds;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a key store using the provided set of certificate authority credentials.
|
||||
*
|
||||
* @param certs set of certificate authority credentials
|
||||
* @return a keystore
|
||||
* @throws KeyStoreException if there is an issue creating a key store
|
||||
* @throws IOException if there is an issue creating a key store
|
||||
*/
|
||||
public static KeyStore caCertSetToKeystore(final Set<CertificateAuthorityCredential> certs)
|
||||
throws KeyStoreException, IOException {
|
||||
KeyStore keyStore = KeyStore.getInstance("JKS");
|
||||
|
@ -130,8 +130,9 @@ public class AttestationCertificateAuthorityTest {
|
||||
public void setupTests() throws Exception {
|
||||
|
||||
//BeforeSuite
|
||||
final int keySize = 2048;
|
||||
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
|
||||
keyPairGenerator.initialize(2048);
|
||||
keyPairGenerator.initialize(keySize);
|
||||
keyPair = keyPairGenerator.generateKeyPair();
|
||||
|
||||
//BeforeTest
|
||||
@ -257,8 +258,11 @@ public class AttestationCertificateAuthorityTest {
|
||||
SymmetricKey symmetricKey = ProvisionUtils.generateSymmetricKey();
|
||||
|
||||
// assert the symmetric algorithm, scheme, and key size are all set appropriately
|
||||
assertTrue(symmetricKey.getAlgorithmId() == 6);
|
||||
assertTrue(symmetricKey.getEncryptionScheme() == 255);
|
||||
final int expectedAlgorithmId = 6;
|
||||
final int expectedEncryptionScheme = 255;
|
||||
|
||||
assertTrue(symmetricKey.getAlgorithmId() == expectedAlgorithmId);
|
||||
assertTrue(symmetricKey.getEncryptionScheme() == expectedEncryptionScheme);
|
||||
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
|
||||
}
|
||||
|
||||
@ -337,8 +341,9 @@ public class AttestationCertificateAuthorityTest {
|
||||
assertNotNull(attestation);
|
||||
|
||||
// validate the attestation algorithm
|
||||
final int expectedAlgorithmId = 6;
|
||||
assertNotNull(attestation.getAlgorithm());
|
||||
assertTrue(attestation.getAlgorithm().getAlgorithmId() == 6);
|
||||
assertTrue(attestation.getAlgorithm().getAlgorithmId() == expectedAlgorithmId);
|
||||
assertTrue(attestation.getAlgorithm().getEncryptionScheme() == 0x1);
|
||||
assertTrue(attestation.getAlgorithm().getSignatureScheme() == 0);
|
||||
assertTrue(attestation.getAlgorithm().getParamsSize() == 0);
|
||||
@ -465,7 +470,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
|
||||
// assert that the exponent and the modulus are the same. the exponents should be the well
|
||||
// known prime, 101
|
||||
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16)));
|
||||
final int radix = 16;
|
||||
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix)));
|
||||
assertTrue(publicKey.getModulus().equals(modulus));
|
||||
}
|
||||
|
||||
@ -486,7 +492,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
|
||||
// assert that the exponent and the modulus are the same. the exponents should be the well
|
||||
// known prime, 101.
|
||||
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", 16)));
|
||||
final int radix = 16;
|
||||
assertTrue(publicKey.getPublicExponent().equals(new BigInteger("010001", radix)));
|
||||
assertTrue(publicKey.getModulus().equals(modulus));
|
||||
}
|
||||
|
||||
@ -504,7 +511,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
byte[] ekFile = Files.readAllBytes(ekPath);
|
||||
|
||||
RSAPublicKey ek = ProvisionUtils.parsePublicKey(ekFile);
|
||||
assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", 16)));
|
||||
final int radix = 16;
|
||||
assertTrue(ek.getPublicExponent().equals(new BigInteger("010001", radix)));
|
||||
|
||||
byte[] mod = ek.getModulus().toByteArray();
|
||||
// big integer conversion is signed so it can add a 0 byte
|
||||
@ -532,7 +540,8 @@ public class AttestationCertificateAuthorityTest {
|
||||
byte[] akFile = Files.readAllBytes(akPath);
|
||||
|
||||
RSAPublicKey ak = ProvisionUtils.parsePublicKey(akFile);
|
||||
assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", 16)));
|
||||
final int radix = 16;
|
||||
assertTrue(ak.getPublicExponent().equals(new BigInteger("010001", radix)));
|
||||
|
||||
byte[] mod = ak.getModulus().toByteArray();
|
||||
// big integer conversion is signed so it can add a 0 byte
|
||||
@ -598,7 +607,7 @@ public class AttestationCertificateAuthorityTest {
|
||||
RSAPublicKey akPub = ProvisionUtils.parsePublicKey(akPubFile);
|
||||
|
||||
// prepare the nonce and wrap it with keys
|
||||
byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
|
||||
final byte[] nonce = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
|
||||
21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
|
||||
ByteString blob = ProvisionUtils.tpm20MakeCredential(ekPub, akPub, nonce);
|
||||
|
||||
@ -636,12 +645,12 @@ public class AttestationCertificateAuthorityTest {
|
||||
* Test helper method that encrypts a blob using a shared key and IV using the specified
|
||||
* transformation.
|
||||
*
|
||||
* @param blob to be encrypted
|
||||
* @param blob blob to be encrypted
|
||||
* @param key shared key
|
||||
* @param iv to encrypt with
|
||||
* @param transformation of the encryption cipher
|
||||
* @return encrypted blob
|
||||
* @throws Exception
|
||||
* @throws Exception if there are any issues while encrypting the blob
|
||||
*/
|
||||
private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||
final String transformation) throws Exception {
|
||||
@ -664,9 +673,9 @@ public class AttestationCertificateAuthorityTest {
|
||||
/**
|
||||
* Test helper method to decrypt blobs.
|
||||
*
|
||||
* @param blob to be decrypted
|
||||
* @param blob blob to be decrypted
|
||||
* @return decrypted blob
|
||||
* @throws Exception
|
||||
* @throws Exception if there are any issues while decrypting the blob
|
||||
*/
|
||||
private byte[] decryptBlob(final byte[] blob) throws Exception {
|
||||
// initialize a cipher using the specified transformation
|
||||
@ -686,12 +695,12 @@ public class AttestationCertificateAuthorityTest {
|
||||
* Test helper method that decrypts a blob using a shared key and IV using the specified.
|
||||
* transformation.
|
||||
*
|
||||
* @param blob to be decrypted
|
||||
* @param blob blob to be decrypted
|
||||
* @param key shared key
|
||||
* @param iv to decrypt with
|
||||
* @param transformation of the decryption cipher
|
||||
* @return decrypted blob
|
||||
* @throws Exception
|
||||
* @throws Exception if there are any issues while decrypting the blob
|
||||
*/
|
||||
private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
|
||||
final String transformation) throws Exception {
|
||||
|
@ -176,10 +176,16 @@ public class TPM2ProvisionerStateTest {
|
||||
DataInputStream dis = new DataInputStream(new ByteArrayInputStream(nonce));
|
||||
Long index = dis.readLong();
|
||||
dis.close();
|
||||
|
||||
TPM2ProvisionerState value = new TPM2ProvisionerState(nonce, identityClaim);
|
||||
|
||||
when(tpm2ProvisionerStateRepository.findByFirstPartOfNonce(index)).thenReturn(value);
|
||||
|
||||
final int nonce2Size = 7;
|
||||
TPM2ProvisionerState tpm2ProvisionerState =
|
||||
TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository, new byte[7]);
|
||||
TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateRepository,
|
||||
new byte[nonce2Size]);
|
||||
|
||||
assertNull(tpm2ProvisionerState);
|
||||
}
|
||||
}
|
||||
|
@ -40,18 +40,15 @@ public class AbstractUserdefinedEntityTest {
|
||||
* Location of a test (fake) SGI intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) Intel intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_INTEL_INT_CA_FILE =
|
||||
"/certificates/fakeIntelIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) root CA certificate.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
||||
|
||||
/**
|
||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||
*/
|
||||
@ -97,6 +94,12 @@ public class AbstractUserdefinedEntityTest {
|
||||
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
|
||||
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
|
||||
|
||||
/**
|
||||
* This protected constructor was created to silence one of checkstyle errors.
|
||||
*/
|
||||
protected AbstractUserdefinedEntityTest() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a test certificate from the given parameters.
|
||||
*
|
||||
@ -121,13 +124,14 @@ public class AbstractUserdefinedEntityTest {
|
||||
* @param endorsementCredential the endorsement credentials (can be null)
|
||||
* @param platformCredentials the platform credentials (can be null)
|
||||
* @return the newly-constructed Certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
* @throws IOException if there is a problem constructing the test certificate
|
||||
* @throws IllegalArgumentException if there is a problem retrieving the certificate class simple name
|
||||
*/
|
||||
public static <T extends ArchivableEntity> Certificate getTestCertificate(
|
||||
final Class<T> certificateClass, final String filename,
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final List<PlatformCredential> platformCredentials)
|
||||
throws IOException {
|
||||
throws IOException, IllegalArgumentException {
|
||||
|
||||
Path certPath;
|
||||
try {
|
||||
@ -139,23 +143,17 @@ public class AbstractUserdefinedEntityTest {
|
||||
throw new IOException("Could not resolve path URI", e);
|
||||
}
|
||||
|
||||
switch (certificateClass.getSimpleName()) {
|
||||
case "CertificateAuthorityCredential":
|
||||
return new CertificateAuthorityCredential(certPath);
|
||||
case "ConformanceCredential":
|
||||
return new ConformanceCredential(certPath);
|
||||
case "EndorsementCredential":
|
||||
return new EndorsementCredential(certPath);
|
||||
case "PlatformCredential":
|
||||
return new PlatformCredential(certPath);
|
||||
case "IssuedAttestationCertificate":
|
||||
return new IssuedAttestationCertificate(certPath,
|
||||
endorsementCredential, platformCredentials, false);
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
String.format("Unknown certificate class %s", certificateClass.getName())
|
||||
);
|
||||
}
|
||||
return switch (certificateClass.getSimpleName()) {
|
||||
case "CertificateAuthorityCredential" -> new CertificateAuthorityCredential(certPath);
|
||||
case "ConformanceCredential" -> new ConformanceCredential(certPath);
|
||||
case "EndorsementCredential" -> new EndorsementCredential(certPath);
|
||||
case "PlatformCredential" -> new PlatformCredential(certPath);
|
||||
case "IssuedAttestationCertificate" -> new IssuedAttestationCertificate(certPath,
|
||||
endorsementCredential, platformCredentials, false);
|
||||
default -> throw new IllegalArgumentException(
|
||||
String.format("Unknown certificate class %s", certificateClass.getName())
|
||||
);
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
@ -192,8 +190,9 @@ public class AbstractUserdefinedEntityTest {
|
||||
public static NetworkInfo createTestNetworkInfo() {
|
||||
try {
|
||||
final String hostname = "test.hostname";
|
||||
final byte[] byteAddress = new byte[] {127, 0, 0, 1};
|
||||
final InetAddress ipAddress =
|
||||
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
||||
InetAddress.getByAddress(byteAddress);
|
||||
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
|
||||
return new NetworkInfo(hostname, ipAddress, macAddress);
|
||||
|
||||
|
@ -14,7 +14,6 @@ import java.net.URISyntaxException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
@ -80,10 +79,12 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
private static final String RDN_COMMA_SEPARATED =
|
||||
"CN=STM TPM EK Intermediate CA 02, O=STMicroelectronics NV, C=CH";
|
||||
|
||||
private static final String RDN_MULTIVALUE =
|
||||
"CN=Nuvoton TPM Root CA 2010+O=Nuvoton Technology Corporation+C=TW";
|
||||
|
||||
private static final String RDN_COMMA_SEPARATED_ORGANIZATION = "STMicroelectronics NV";
|
||||
|
||||
private static final String RDN_MULTIVALUE_ORGANIZATION = "Nuvoton Technology Corporation";
|
||||
|
||||
private static final String EK_CERT_WITH_PADDED_BYTES =
|
||||
@ -135,6 +136,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
)
|
||||
);
|
||||
|
||||
assertEquals(
|
||||
"CN=Fake Root CA",
|
||||
certificate.getX509Certificate().getIssuerX500Principal().getName()
|
||||
@ -144,12 +146,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Ensure that a Certificate cannot be created from a null byte array.
|
||||
*
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws CertificateException if there is a problem de/serializing the certificate
|
||||
* @throws IllegalArgumentException if there is a problem de/serializing the certificate
|
||||
*/
|
||||
@Test
|
||||
public void testConstructCertFromNullByteArray()
|
||||
throws IOException, CertificateException {
|
||||
throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new CertificateAuthorityCredential((byte[]) null));
|
||||
}
|
||||
@ -157,12 +158,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Ensure that a Certificate cannot be created from an empty byte array.
|
||||
*
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws CertificateException if there is a problem de/serializing the certificate
|
||||
* @throws IllegalArgumentException if there is a problem de/serializing the certificate
|
||||
*/
|
||||
@Test
|
||||
public void testConstructCertFromEmptyByteArray()
|
||||
throws IOException, CertificateException {
|
||||
throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new CertificateAuthorityCredential(new byte[] {}));
|
||||
}
|
||||
@ -179,6 +179,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
Paths.get(Objects.requireNonNull(this.getClass().getResource(
|
||||
FAKE_ROOT_CA_FILE)).toURI())
|
||||
);
|
||||
|
||||
assertEquals(
|
||||
"CN=Fake Root CA",
|
||||
certificate.getX509Certificate().getIssuerX500Principal().getName()
|
||||
@ -188,11 +189,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that a certificate cannot be constructed from a null path.
|
||||
*
|
||||
* @throws IOException if there is a problem reading the cert file at the given path
|
||||
* @throws URISyntaxException if there is a problem constructing the URI
|
||||
* @throws IllegalArgumentException if there is a problem constructing the URI
|
||||
*/
|
||||
@Test
|
||||
public void testConstructCertFromNullPath() throws URISyntaxException, IOException {
|
||||
public void testConstructCertFromNullPath() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new CertificateAuthorityCredential((Path) null));
|
||||
}
|
||||
@ -208,6 +208,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
assertEquals(
|
||||
Certificate.CertificateType.X509_CERTIFICATE,
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType());
|
||||
|
||||
assertNotEquals(
|
||||
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE).getCertificateType());
|
||||
@ -222,7 +223,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
TEST_PLATFORM_CERT_3).getCertificateType());
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -256,7 +256,6 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
"GETY42100160",
|
||||
((PlatformCredential) platformCredential).getPlatformSerial()
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -289,6 +288,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
@Test
|
||||
public void testX509CertificateParsingExtended() throws IOException {
|
||||
Certificate rootCert = getTestCertificate(INTEL_INT_CA_FILE);
|
||||
|
||||
assertEquals(
|
||||
"https://trustedservices.intel.com/"
|
||||
+ "content/TSC/certs/TSC_SS_RootCA_Certificate.cer\n",
|
||||
@ -336,12 +336,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
* Tests that Certificate correctly parses out non-standard fields from an X509 attribute
|
||||
* certificate.
|
||||
*
|
||||
* @throws IOException if there is a problem reading the cert file at the given path
|
||||
* @throws URISyntaxException if there is a problem constructing the file's URI
|
||||
* @throws IOException if there is a problem reading the cert file at the given path
|
||||
*/
|
||||
@Test
|
||||
public void testX509AttributeCertificateParsingExtended()
|
||||
throws IOException, URISyntaxException {
|
||||
throws IOException {
|
||||
Certificate platformCert = getTestCertificate(
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_6);
|
||||
|
||||
@ -362,7 +361,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
public void testCertificateTrim() throws IOException, URISyntaxException {
|
||||
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
|
||||
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
|
||||
byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, 908);
|
||||
|
||||
final int finalPosition = 908;
|
||||
byte[] expectedCertBytes = Arrays.copyOfRange(rawFileBytes, 0, finalPosition);
|
||||
|
||||
Certificate ekCert = getTestCertificate(EndorsementCredential.class,
|
||||
EK_CERT_WITH_PADDED_BYTES);
|
||||
assertEquals(new BigInteger("16842032579184247954"), ekCert.getSerialNumber());
|
||||
@ -384,6 +386,7 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
URISyntaxException {
|
||||
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
|
||||
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
|
||||
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 2)),
|
||||
".* No certificate length field could be found\\.");
|
||||
@ -401,8 +404,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
URISyntaxException {
|
||||
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
|
||||
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
|
||||
|
||||
final int finalPosition = 4;
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 4)),
|
||||
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)),
|
||||
".* Certificate is nothing more than ASN.1 Sequence\\\\.");
|
||||
}
|
||||
|
||||
@ -418,8 +423,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
URISyntaxException {
|
||||
byte[] rawFileBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class
|
||||
.getResource(EK_CERT_WITH_PADDED_BYTES)).toURI()));
|
||||
|
||||
final int finalPosition = 42;
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, 42)),
|
||||
new EndorsementCredential(Arrays.copyOfRange(rawFileBytes, 0, finalPosition)),
|
||||
".* Value of certificate length field extends beyond"
|
||||
+ " length of provided certificate\\.");
|
||||
}
|
||||
@ -427,13 +434,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the equals method on {@link Certificate} works as expected.
|
||||
*
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
|
||||
* certificate
|
||||
* @throws URISyntaxException if there is a problem constructing the path to the certificate
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws URISyntaxException if there is a problem constructing the path to the certificate
|
||||
*/
|
||||
@Test
|
||||
public void testEquals() throws CertificateException, IOException, URISyntaxException {
|
||||
public void testEquals() throws IOException, URISyntaxException {
|
||||
assertEquals(
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE),
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE)
|
||||
@ -471,15 +476,10 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the isIssuer method on {@link Certificate} works as expected.
|
||||
*
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
|
||||
* certificate
|
||||
* @throws NoSuchProviderException if the Bouncy Castle security provider is unavailable
|
||||
* @throws URISyntaxException if there is a problem constructing the path to the certificate
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
*/
|
||||
@Test
|
||||
public void testIsIssuer() throws CertificateException, IOException, NoSuchProviderException,
|
||||
URISyntaxException {
|
||||
public void testIsIssuer() throws IOException {
|
||||
Certificate issuerCert = getTestCertificate(FAKE_ROOT_CA_FILE);
|
||||
Certificate cert = getTestCertificate(INT_CA_CERT02);
|
||||
|
||||
@ -490,13 +490,11 @@ public class CertificateTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the hashCode method on {@link Certificate} works as expected.
|
||||
*
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws CertificateException if there is a problem with the KeyStore or de/serializing the
|
||||
* certificate
|
||||
* @throws URISyntaxException if there is a problem constructing the path to the certificate
|
||||
* @throws IOException if the certificate could not be constructed properly
|
||||
* @throws URISyntaxException if there is a problem constructing the path to the certificate
|
||||
*/
|
||||
@Test
|
||||
public void testHashCode() throws CertificateException, IOException, URISyntaxException {
|
||||
public void testHashCode() throws IOException, URISyntaxException {
|
||||
assertEquals(
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE).hashCode(),
|
||||
getTestCertificate(FAKE_ROOT_CA_FILE).hashCode()
|
||||
|
@ -20,7 +20,7 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
|
||||
* multiple test certificates.
|
||||
*
|
||||
* @return the test SupplyChainValidation
|
||||
* @throws IOException if there si
|
||||
* @throws IOException if there is a problem deserializing certificates
|
||||
*/
|
||||
public static SupplyChainValidation getTestSupplyChainValidation() throws IOException {
|
||||
return getTestSupplyChainValidation(
|
||||
@ -52,10 +52,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Test that a SupplyChainValidation can't be instantiated with a null validation type.
|
||||
*
|
||||
* @throws IOException if there is a problem deserializing certificates
|
||||
* @throws IllegalArgumentException if there is a problem deserializing certificates
|
||||
*/
|
||||
@Test
|
||||
public void testNullValidationType() throws IOException {
|
||||
public void testNullValidationType() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new SupplyChainValidation(
|
||||
null,
|
||||
@ -68,10 +68,10 @@ class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Test that a SupplyChainValidation can't be instantiated with a null certificate list.
|
||||
*
|
||||
* @throws IOException if there is a problem deserializing certificates
|
||||
* @throws IllegalArgumentException if there is a problem deserializing certificates
|
||||
*/
|
||||
@Test
|
||||
public void testNullCertificates() throws IOException {
|
||||
public void testNullCertificates() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new SupplyChainValidation(
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
|
@ -153,7 +153,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
try {
|
||||
new PlatformCredential(certPath);
|
||||
//fail if it manage to parse the certificate
|
||||
//fail if it manages to parse the certificate
|
||||
fail("Invalid certificate was parsed.");
|
||||
} catch (IOException ex) {
|
||||
if (ex == null || ex.getMessage().isEmpty()) {
|
||||
@ -194,8 +194,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
|
||||
Assertions.assertEquals(sigStr.toUpperCase(), EXPECTED_CERT_SIGNATURE_FOR_CERT_2);
|
||||
|
||||
String issuer = Certificate.getAttributeCertificateIssuerNames(
|
||||
credential.getAttributeCertificate().getAcinfo().getIssuer()
|
||||
)[0].toString();
|
||||
credential.getAttributeCertificate().getAcinfo().getIssuer())[0].toString();
|
||||
|
||||
Assertions.assertEquals(credential.getManufacturer(), "Intel");
|
||||
Assertions.assertEquals(credential.getModel(), "DE3815TYKH");
|
||||
|
@ -19,14 +19,19 @@ public class TPMSecurityAssertionsTest {
|
||||
public void testEkGenTypeEnum() {
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[0],
|
||||
TPMSecurityAssertions.EkGenerationType.INTERNAL);
|
||||
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[1],
|
||||
TPMSecurityAssertions.EkGenerationType.INJECTED);
|
||||
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[2],
|
||||
TPMSecurityAssertions.EkGenerationType.INTERNAL_REVOCABLE);
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[3],
|
||||
|
||||
final int thirdPosition = 3;
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationType.values()[thirdPosition],
|
||||
TPMSecurityAssertions.EkGenerationType.INJECTED_REVOCABLE);
|
||||
try {
|
||||
assertNull(TPMSecurityAssertions.EkGenerationType.values()[4]);
|
||||
final int positionOutOfBounds = 4;
|
||||
assertNull(TPMSecurityAssertions.EkGenerationType.values()[positionOutOfBounds]);
|
||||
fail();
|
||||
} catch (ArrayIndexOutOfBoundsException e) {
|
||||
}
|
||||
@ -40,12 +45,15 @@ public class TPMSecurityAssertionsTest {
|
||||
public void testGenLocationEnum() {
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[0],
|
||||
TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER);
|
||||
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[1],
|
||||
TPMSecurityAssertions.EkGenerationLocation.PLATFORM_MANUFACTURER);
|
||||
|
||||
assertEquals(TPMSecurityAssertions.EkGenerationLocation.values()[2],
|
||||
TPMSecurityAssertions.EkGenerationLocation.EK_CERT_SIGNER);
|
||||
try {
|
||||
assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[3]);
|
||||
final int positionOutOfBounds = 3;
|
||||
assertNull(TPMSecurityAssertions.EkGenerationLocation.values()[positionOutOfBounds]);
|
||||
fail();
|
||||
} catch (ArrayIndexOutOfBoundsException e) {
|
||||
}
|
||||
|
@ -18,14 +18,19 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
private static final String TPM_MAKE = "test tpmMake";
|
||||
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
|
||||
|
||||
private static final int RIGHT_PADDING_SIZE = 65;
|
||||
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", RIGHT_PADDING_SIZE);
|
||||
|
||||
private static final short VERSION_MAJOR = 1;
|
||||
|
||||
private static final short VERSION_MINOR = 2;
|
||||
|
||||
private static final short VERSION_REV_MAJOR = 3;
|
||||
|
||||
private static final short VERSION_REV_MINOR = 4;
|
||||
private static final Logger LOGGER = LogManager
|
||||
.getLogger(TPMInfoTest.class);
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(TPMInfoTest.class);
|
||||
|
||||
/**
|
||||
* Tests instantiation and getters of a TPMInfo object.
|
||||
@ -59,9 +64,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Tests that the TPM make information cannot be null.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void tpmMakeNullTest() {
|
||||
public final void tpmMakeNullTest() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(null, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
|
||||
VERSION_REV_MINOR, getTestIdentityCertificate()));
|
||||
@ -69,9 +76,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
|
||||
/**
|
||||
* Tests that the TPM make information cannot be longer than 64 characters.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void tpmMakeLongTest() {
|
||||
public final void tpmMakeLongTest() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(LONG_TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
|
||||
VERSION_REV_MINOR, getTestIdentityCertificate()));
|
||||
@ -80,9 +89,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the version major number info cannot be set to negative
|
||||
* values.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void testTPMInfoInvalidVersionMajor() {
|
||||
public final void testTPMInfoInvalidVersionMajor() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(TPM_MAKE, (short) -1, VERSION_MINOR, VERSION_REV_MAJOR,
|
||||
VERSION_REV_MINOR, getTestIdentityCertificate()));
|
||||
@ -91,9 +102,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the version minor number info cannot be set to negative
|
||||
* values.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void testTPMInfoInvalidVersionMinor() {
|
||||
public final void testTPMInfoInvalidVersionMinor() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) -1, VERSION_REV_MAJOR,
|
||||
VERSION_REV_MINOR, getTestIdentityCertificate()));
|
||||
@ -102,9 +115,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the version revision major numbers cannot be set to negative
|
||||
* values.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void testTPMInfoInvalidVersionRevMajor() {
|
||||
public final void testTPMInfoInvalidVersionRevMajor() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) -1,
|
||||
VERSION_REV_MINOR, getTestIdentityCertificate()));
|
||||
@ -113,9 +128,11 @@ public class TPMInfoTest extends AbstractUserdefinedEntityTest {
|
||||
/**
|
||||
* Tests that the version revision minor numbers cannot be set to negative
|
||||
* values.
|
||||
*
|
||||
* @throws IllegalArgumentException if one of the provided parameters is an illegal/invalid value
|
||||
*/
|
||||
@Test
|
||||
public final void testTPMInfoInvalidVersionRevMinor() {
|
||||
public final void testTPMInfoInvalidVersionRevMinor() throws IllegalArgumentException {
|
||||
assertThrows(IllegalArgumentException.class, () ->
|
||||
new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR,
|
||||
(short) -1, getTestIdentityCertificate()));
|
||||
|
@ -99,70 +99,114 @@ public class SupplyChainCredentialValidatorTest {
|
||||
* SecureRandom instance.
|
||||
*/
|
||||
static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||
|
||||
private static final String JSON_FILE = "/config/component-class.json";
|
||||
|
||||
private static final String SAMPLE_PACCOR_OUTPUT_TXT = "/hirs/validation/sample_paccor_output.txt";
|
||||
|
||||
private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT
|
||||
= "/hirs/validation/sample_paccor_output_not_specified_values.txt";
|
||||
|
||||
private static final String SAMPLE_TEST_PACCOR_CERT
|
||||
= "/validation/platform_credentials_2/paccor_platform_cert.crt";
|
||||
|
||||
private static final String SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT
|
||||
= "/hirs/validation/sample_paccor_output_with_extra_component.txt";
|
||||
|
||||
private static final String TEST_SIGNING_KEY = "/validation/platform_credentials/ca.pub";
|
||||
|
||||
private static final String TEST_PLATFORM_CRED =
|
||||
"/validation/platform_credentials/plat_cert1.pem";
|
||||
|
||||
private static final String TEST_PLATFORM_CRED2 =
|
||||
"/validation/platform_credentials/pciids_plat_cert_2-0.pem";
|
||||
|
||||
private static final String TEST_PLATFORM_CRED_BASE_CHASIS_COMBO =
|
||||
"/validation/platform_credentials/Intel_pc5.pem";
|
||||
|
||||
private static final String TEST_BOARD_SERIAL_NUMBER = "GETY421001GV";
|
||||
|
||||
private static final String TEST_CHASSIS_SERIAL_NUMBER = "G6YK42300C87";
|
||||
|
||||
private static final String TEST_EK_CERT = "/certificates/nuc-2/tpmcert.pem";
|
||||
|
||||
private static final String TEST_EK_CERT_2 = "/certificates/nuc-1/tpmcert.pem";
|
||||
|
||||
private static final String TEST_COMPONENT_MANUFACTURER = "Intel";
|
||||
|
||||
private static final String TEST_COMPONENT_MODEL = "platform2018";
|
||||
|
||||
private static final String TEST_COMPONENT_REVISION = "1.0";
|
||||
|
||||
private static final String BAD_SERIAL = "BAD_SERIAL";
|
||||
|
||||
//-------Actual ST Micro Endorsement Credential Certificate Chain!--------------
|
||||
private static final String EK_CERT = "";
|
||||
|
||||
private static final String INT_CA_CERT02 = "/certificates/fakestmtpmekint02.pem";
|
||||
|
||||
//-------Generated Intel Credential Certificate Chain--------------
|
||||
private static final String INTEL_PLATFORM_CERT =
|
||||
"/validation/platform_credentials/plat_cert3.pem";
|
||||
|
||||
private static final String INTEL_PLATFORM_CERT_2 =
|
||||
"/validation/platform_credentials/Intel_pc2.pem";
|
||||
|
||||
private static final String INTEL_PLATFORM_CERT_3 =
|
||||
"/validation/platform_credentials/pciids_plat_cert_2-0.pem";
|
||||
|
||||
private static final String INTEL_INT_CA =
|
||||
"/validation/platform_credentials/intel_chain/root/intermediate1.crt";
|
||||
|
||||
private static final String FAKE_ROOT_CA =
|
||||
"/validation/platform_credentials/intel_chain/root/rootca.crt";
|
||||
|
||||
private static final String PLATFORM_MANUFACTURER = "Intel";
|
||||
|
||||
private static final String PLATFORM_MODEL = "S2600KP";
|
||||
|
||||
private static final String PLATFORM_VERSION = "H76962-350";
|
||||
|
||||
//-------Original Intel Credential Certificate Chain--------------
|
||||
private static final String INTEL_PLATFORM_CERT_ORIG =
|
||||
"/certificates/fakeIntel_S2600KP_F00F00F00F00.pem";
|
||||
|
||||
private static final String INTEL_ORIG_INT_CA_ORIG =
|
||||
"/certificates/fakeIntelIntermediateCA.pem";
|
||||
|
||||
private static final String FAKE_ROOT_CA_ORIG =
|
||||
"/certificates/fakeCA.pem";
|
||||
|
||||
//-------Fake SGI Credential Certificate Chain--------------
|
||||
private static final String SGI_PLATFORM_CERT = "/certificates/fakeSGI_J2_F00F00F0.pem";
|
||||
|
||||
private static final String SGI_INT_CA = "/certificates/fakeSGIIntermediateCA.pem";
|
||||
|
||||
private static final String SGI_CRED_SERIAL_NUMBER = "F00F00F0";
|
||||
|
||||
//-------Actual Intel NUC Platform --------------
|
||||
|
||||
private static final String NUC_PLATFORM_CERT =
|
||||
"/certificates/Intel_nuc_pc.pem";
|
||||
|
||||
private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER = "GETY421001DY";
|
||||
|
||||
private static final String NUC_PLATFORM_CERT2 =
|
||||
"/certificates/Intel_nuc_pc2.pem";
|
||||
|
||||
private static final String NUC_PLATFORM_CERT_SERIAL_NUMBER2 = "GETY4210001M";
|
||||
|
||||
private static final String INTEL_SIGNING_KEY = "/certificates/IntelSigningKey_20April2017.pem";
|
||||
|
||||
private static final String NEW_NUC1 =
|
||||
"/validation/platform_credentials/Intel_pc3.cer";
|
||||
|
||||
private static HardwareInfo hardwareInfo;
|
||||
|
||||
private static KeyStore keyStore;
|
||||
|
||||
private static KeyStore emptyKeyStore;
|
||||
|
||||
private final SupplyChainCredentialValidator supplyChainCredentialValidator =
|
||||
new SupplyChainCredentialValidator();
|
||||
private final CredentialValidator credentialValidator =
|
||||
@ -171,11 +215,14 @@ public class SupplyChainCredentialValidatorTest {
|
||||
/**
|
||||
* Sets up a KeyStore for testing.
|
||||
*
|
||||
* @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type.
|
||||
* @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
|
||||
* @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the
|
||||
* specified type.
|
||||
* @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore
|
||||
* cannot be found
|
||||
* @throws CertificateException if any of the certificates in the keystore could not be loaded
|
||||
* @throws IOException if there is an I/O or format problem with the keystore data, if a password is
|
||||
* required but not given, or if the given password was incorrect
|
||||
* @throws IOException if there is an I/O or format problem with the keystore data,
|
||||
* if a password is required but not given,
|
||||
* or if the given password was incorrect
|
||||
*/
|
||||
@BeforeAll
|
||||
public static void setUp() throws KeyStoreException, NoSuchAlgorithmException,
|
||||
@ -362,7 +409,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
|
||||
private static InetAddress getTestIpAddress() {
|
||||
try {
|
||||
return InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
|
||||
final byte[] byteAddress = new byte[] {127, 0, 0, 1};
|
||||
return InetAddress.getByAddress(byteAddress);
|
||||
} catch (UnknownHostException e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -68,7 +68,9 @@
|
||||
|
||||
<!-- Checks for Size Violations. -->
|
||||
<!-- See https://checkstyle.org/checks/sizes/index.html -->
|
||||
<module name="FileLength"/>
|
||||
<module name="FileLength">
|
||||
<property name="max" value="3000"/>
|
||||
</module>
|
||||
<module name="LineLength">
|
||||
<property name="fileExtensions" value="java"/>
|
||||
<property name="max" value="110"/>
|
||||
@ -134,7 +136,7 @@
|
||||
<!-- Checks for Size Violations. -->
|
||||
<!-- See https://checkstyle.org/checks/sizes/index.html -->
|
||||
<module name="MethodLength">
|
||||
<property name="max" value="300"/>
|
||||
<property name="max" value="350"/>
|
||||
</module>
|
||||
|
||||
<!-- Checks for whitespace -->
|
||||
|
Loading…
Reference in New Issue
Block a user