diff --git a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java index 6bac767b..ceeabbd0 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java +++ b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java @@ -179,9 +179,9 @@ public final class PciIds { String classCode = refClassCode; if (classCode != null && classCode.trim().matches("^[0-9A-Fa-f]{6}$")) { - String deviceClass = classCode.substring(0,2).toLowerCase(); - String deviceSubclass = classCode.substring(2,4).toLowerCase(); - String programInterface = classCode.substring(4,6).toLowerCase(); + String deviceClass = classCode.substring(0, 2).toLowerCase(); + String deviceSubclass = classCode.substring(2, 4).toLowerCase(); + String programInterface = classCode.substring(4, 6).toLowerCase(); translatedClassCode.add(deviceClass); translatedClassCode.add(deviceSubclass); translatedClassCode.add(programInterface); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java index 7c0142f4..3591b2b5 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/TCGEventLog.java @@ -169,9 +169,9 @@ public final class TCGEventLog { // the if statement is executed // [new event file status = eventList.get(eventNumber-1).getVendorTableFileStatus()] // (ie. if the new file status is not-accessible or from-code, then want to update) - if((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) && - (eventList.get(eventNumber-1).getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { - vendorTableFileStatus = eventList.get(eventNumber-1).getVendorTableFileStatus(); + if ((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) + && (eventList.get(eventNumber - 1).getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { + vendorTableFileStatus = eventList.get(eventNumber - 1).getVendorTableFileStatus(); } } calculatePcrValues(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java index ab88c364..400d9236 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEvent.java @@ -58,7 +58,7 @@ public abstract class DeviceSecurityEvent { * DEVICE_SECURITY_EVENT_DATA_DEVICE_CONTEXT. DEVICE can be either PCI or USB. */ @Getter - String deviceContextInfo = ""; + private String deviceContextInfo = ""; /** * DeviceSecurityEventData Default Constructor. @@ -76,21 +76,17 @@ public abstract class DeviceSecurityEvent { */ public void instantiateDeviceContext(final byte[] dsedDeviceContextBytes) { - if(dsedDeviceContextBytes.length == 0) { + if (dsedDeviceContextBytes.length == 0) { deviceContextInfo = "\n DeviceSecurityEventDataDeviceContext object is empty"; - } - else { + } else { if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_NONE) { deviceContextInfo = "\n No Device Context (indicated by device type value of 0)"; - } - else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) { + } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_PCI) { dsedDevContext = new DeviceSecurityEventDataPciContext(dsedDeviceContextBytes); deviceContextInfo = dsedDevContext.toString(); - } - else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) { + } else if (deviceType == DeviceSecurityEventDataDeviceContext.DEVICE_TYPE_USB) { deviceContextInfo = " Device Type: USB - To be implemented"; - } - else { + } else { deviceContextInfo = " Unknown device type; cannot process device context"; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java index ce7dc4c0..9a3e2429 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData.java @@ -25,7 +25,7 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent { * DEVICE_SECURITY_EVENT_DATA_HEADER. */ @Getter - String headerInfo = ""; + private String headerInfo = ""; /** * DeviceSecurityEventData Constructor. @@ -34,10 +34,9 @@ public class DeviceSecurityEventData extends DeviceSecurityEvent { */ public DeviceSecurityEventData(final byte[] dsedBytes) { - if(dsedBytes.length == 0) { + if (dsedBytes.length == 0) { headerInfo = " DeviceSecurityEventData object is empty"; - } - else { + } else { dsedHeader = new DeviceSecurityEventDataHeader(dsedBytes); headerInfo = dsedHeader.toString(); diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java index 6a363813..6416ad93 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventData2.java @@ -32,7 +32,7 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent { * DEVICE_SECURITY_EVENT_DATA_HEADER2. */ @Getter - String headerInfo = ""; + private String headerInfo = ""; /** * Human-readable description of the data within the @@ -41,7 +41,7 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent { * DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN */ @Getter - String subHeaderInfo = ""; + private String subHeaderInfo = ""; /** * DeviceSecurityEventData2 Constructor. @@ -50,10 +50,9 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent { */ public DeviceSecurityEventData2(final byte[] dsedBytes) { - if(dsedBytes.length == 0) { + if (dsedBytes.length == 0) { headerInfo = " DeviceSecurityEventData2 object is empty"; - } - else { + } else { dsedHeader2 = new DeviceSecurityEventDataHeader2(dsedBytes); headerInfo = dsedHeader2.toString(); @@ -71,12 +70,10 @@ public class DeviceSecurityEventData2 extends DeviceSecurityEvent { if (subHeaderType == DeviceSecurityEventDataSubHeader.SUBHEADERTYPE_MEAS_BLOCK) { dsedSubHeader = new DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock(dsedSubHeaderBytes); subHeaderInfo += dsedSubHeader.toString(); - } - else if (subHeaderType == DeviceSecurityEventDataSubHeader.SUBHEADERTYPE_CERT_CHAIN) { + } else if (subHeaderType == DeviceSecurityEventDataSubHeader.SUBHEADERTYPE_CERT_CHAIN) { dsedSubHeader = new DeviceSecurityEventDataSubHeaderCertChain(dsedSubHeaderBytes); subHeaderInfo += dsedSubHeader.toString(); - } - else { + } else { subHeaderInfo += " Sub header type unknown\n"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java index ddaef9cf..6c402afd 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java @@ -28,7 +28,7 @@ import lombok.Getter; public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { /** - * Event auth state + * Event auth state. */ @Getter private int authState = 0; @@ -38,7 +38,7 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { @Getter private int length = 0; /** - * Event sub headerType + * Event sub headerType. * SUBHEADERTYPE_MEAS_BLOCK = 0 * SUBHEADERTYPE_CERT_CHAIN = 1 */ @@ -56,12 +56,12 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { private String subHeaderUid = ""; /** - * Auth state - success + * Auth state - success. */ public static final int AUTH_SUCCESS = 0; /** * Auth state - digital signature of the data is valid, but the public key certificate chain is not - * validated with the entry in in the UEFI device signature variable + * validated with the entry in the UEFI device signature variable. */ public static final int AUTH_NO_AUTHORITY = 1; /** @@ -70,15 +70,15 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader { */ public static final int AUTH_NO_BINDING = 2; /** - * Auth state - data has no digital signature + * Auth state - data has no digital signature. */ public static final int AUTH_FAIL_NO_SIG = 3; /** - * Auth state - data is invalid + * Auth state - data is invalid. */ public static final int AUTH_FAIL_INVALID = 4; /** - * Auth state - device is not an SPDM-capable device + * Auth state - device is not an SPDM-capable device. */ public static final int AUTH_NO_SPDM = 0xFF; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java index ff90af3d..fda1397c 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java @@ -119,7 +119,7 @@ public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDe List classCodeList = translateDeviceClass(classCode); dSEDpciContextInfo += " Device Class: \n"; - if(classCodeList.size() == 3) { + if (classCodeList.size() == 3) { dSEDpciContextInfo += " Class = " + classCodeList.get(0) + "\n"; dSEDpciContextInfo += " Subclass = " + classCodeList.get(1) + "\n"; dSEDpciContextInfo += " Programming Interface = " + classCodeList.get(2) + "\n"; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java index 81ac2543..5bc149e7 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeader.java @@ -14,11 +14,11 @@ package hirs.utils.tpm.eventlog.events; public abstract class DeviceSecurityEventDataSubHeader { /** - * Sub header type - SPDM measurement block + * Sub header type - SPDM measurement block. */ public static final int SUBHEADERTYPE_MEAS_BLOCK = 0; /** - * Sub header type - SPDM cert chain + * Sub header type - SPDM cert chain. */ public static final int SUBHEADERTYPE_CERT_CHAIN = 1; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderCertChain.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderCertChain.java index 3bb60b50..727883ec 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderCertChain.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderCertChain.java @@ -21,7 +21,7 @@ import hirs.utils.tpm.eventlog.spdm.SpdmHa; * SpdmBaseHashAlgo: SPDM Base Hash Algorithm for the root certificate in the SPDM Certificate chain * SpdmCertChain: SPDM Certificate Chain */ -public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEventDataSubHeader{ +public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEventDataSubHeader { /** * SPDM version. @@ -42,7 +42,7 @@ public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEve /** * Human-readable description of any error associated with SPDM base hash alg. */ - String spdmCertChainError = ""; + private String spdmCertChainError = ""; /** * DeviceSecurityEventDataSubHeaderCertChain Constructor. @@ -75,15 +75,14 @@ public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEve int spdmBaseHashAlgoSize = SpdmHa.tcgAlgIdToByteSize(spdmBaseHashAlgo); - if(spdmCertChainSize <= 0) { - spdmCertChainError += "SPDM cert chain length is not >0, " + - "stopping cert chain processing"; + if (spdmCertChainSize <= 0) { + spdmCertChainError += "SPDM cert chain length is not >0, " + + "stopping cert chain processing"; + } else if (spdmBaseHashAlgoSize <= 0) { + spdmCertChainError += "SPDM base hash algorithm size is not >0 " + + "stopping cert chain processing"; } - else if(spdmBaseHashAlgoSize <= 0) { - spdmCertChainError += "SPDM base hash algorithm size is not >0 " + - "stopping cert chain processing"; - } - if(spdmCertChainError.isEmpty()) { + if (spdmCertChainError.isEmpty()) { spdmCertChain = new SpdmCertificateChain(spdmCertChainBytes, spdmBaseHashAlgoSize); } } @@ -101,13 +100,11 @@ public class DeviceSecurityEventDataSubHeaderCertChain extends DeviceSecurityEve dsedSubHeaderInfo += " SPDM Base Hash Algorithm = " + spdmBaseHashAlgoStr + "\n"; // SPDM Certificate Chain output - if(!spdmCertChainError.isEmpty()) { + if (!spdmCertChainError.isEmpty()) { dsedSubHeaderInfo += " SPDM cert chain error: " + spdmCertChainError + "\n"; - } - else if(spdmCertChain == null) { + } else if (spdmCertChain == null) { dsedSubHeaderInfo += " SPDM cert chain error: Could not parse cert chain\n"; - } - else { + } else { dsedSubHeaderInfo += spdmCertChain.toString(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java index 86ecce59..c13c2251 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock.java @@ -115,17 +115,17 @@ public class DeviceSecurityEventDataSubHeaderSpdmMeasurementBlock extends Device dsedSubHeaderInfo += " SPDM Hash Algorithm = " + spdmHashAlgoStr + "\n"; // SPDM Measurement Block List output - dsedSubHeaderInfo += " Number of SPDM Measurement Blocks = " + - spdmMeasurementBlockList.size() + "\n"; + dsedSubHeaderInfo += " Number of SPDM Measurement Blocks = " + + spdmMeasurementBlockList.size() + "\n"; int spdmMeasBlockCnt = 1; for (SpdmMeasurementBlock spdmMeasBlock : spdmMeasurementBlockList) { - dsedSubHeaderInfo += " SPDM Measurement Block # " + spdmMeasBlockCnt++ + " of " + - spdmMeasurementBlockList.size() + "\n"; + dsedSubHeaderInfo += " SPDM Measurement Block # " + spdmMeasBlockCnt++ + " of " + + spdmMeasurementBlockList.size() + "\n"; dsedSubHeaderInfo += spdmMeasBlock.toString(); } - if(spdmMeasurementBlockReadError) { - dsedSubHeaderInfo += " Error reading SPDM Measurement Block #" + - spdmMeasBlockCnt + ", halting processing\n"; + if (spdmMeasurementBlockReadError) { + dsedSubHeaderInfo += " Error reading SPDM Measurement Block #" + + spdmMeasBlockCnt + ", halting processing\n"; } return dsedSubHeaderInfo; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java index 5d2696b6..13612538 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventHeader.java @@ -63,8 +63,8 @@ public abstract class DeviceSecurityEventHeader { @Getter private String signature = ""; /** - * Version determines data structure used (..DATA or ..DATA2), - * which determines whether ..HEADER or ..HEADER2 is used + * Version determines data structure used (..DATA or ..DATA2). + * This determines whether ..HEADER or ..HEADER2 is used. */ @Getter private String version = ""; @@ -108,7 +108,7 @@ public abstract class DeviceSecurityEventHeader { * @param dsedBytes byte array holding the DeviceSecurityEventData/Data2. * @param startByte starting byte of device type (depends on header fields before it). */ - public void extractDeviceType(final byte[] dsedBytes, int startByte) { + public void extractDeviceType(final byte[] dsedBytes, final int startByte) { // get the device type ID byte[] deviceTypeBytes = new byte[UefiConstants.SIZE_4]; @@ -124,24 +124,26 @@ public abstract class DeviceSecurityEventHeader { * @param dsedBytes byte array holding the DeviceSecurityEventData/Data2. * @param startByte starting byte of device path (depends on header fields before it). */ - public void extractDevicePathAndFinalSize(final byte[] dsedBytes, int startByte) { + public void extractDevicePathAndFinalSize(final byte[] dsedBytes, final int startByte) { + + int startByteUpdated = startByte; // get the device path length byte[] devicePathLengthBytes = new byte[8]; - System.arraycopy(dsedBytes, startByte, devicePathLengthBytes, 0, 8); + System.arraycopy(dsedBytes, startByteUpdated, devicePathLengthBytes, 0, 8); int devicePathLength = HexUtils.leReverseInt(devicePathLengthBytes); // get the device path if (devicePathLength > 0) { - startByte = startByte + 8; + startByteUpdated = startByteUpdated + 8; byte[] devPathBytes = new byte[devicePathLength]; - System.arraycopy(dsedBytes, startByte, devPathBytes, + System.arraycopy(dsedBytes, startByteUpdated, devPathBytes, 0, devicePathLength); devicePath = new UefiDevicePath(devPathBytes); } // header total size - dsedHeaderLength = startByte + devicePathLength; + dsedHeaderLength = startByteUpdated + devicePathLength; } /** @@ -176,8 +178,7 @@ public abstract class DeviceSecurityEventHeader { if (devicePath != null) { dsedHeaderCommonInfo += " SPDM Device Path:\n"; dsedHeaderCommonInfo += devicePath; - } - else { + } else { dsedHeaderCommonInfo += " SPDM Device Path = Unknown or invalid\n"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java index 56b0d5f1..8f879311 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvEfiSpdmDeviceSecurityEvent.java @@ -43,7 +43,7 @@ public class EvEfiSpdmDeviceSecurityEvent { /** * Human-readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event. */ - String spdmInfo = ""; + private String spdmInfo = ""; /** * EvEfiSpdmFirmwareBlob constructor. @@ -72,24 +72,20 @@ public class EvEfiSpdmDeviceSecurityEvent { if (dsedVersion.equals("0200")) { dsed = new DeviceSecurityEventData2(eventData); spdmInfo += dsed.toString(); - } - else { + } else { spdmInfo += " Incompatible version for DeviceSecurityEventData2: " + dsedVersion + "\n"; } - } - else if (dsedSignature.contains("SPDM Device Sec")) { // implies Device Security event + } else if (dsedSignature.contains("SPDM Device Sec")) { // implies Device Security event spdmInfo = " Signature = SPDM Device Sec\n"; if (dsedVersion.equals("0100")) { dsed = new DeviceSecurityEventData(eventData); spdmInfo += dsed.toString(); - } - else { + } else { spdmInfo += " Incompatible version for DeviceSecurityEventData: " + dsedVersion + "\n"; } - } - else { + } else { spdmInfo = " Signature = Undetermined value: " + dsedSignature + "\n"; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java index 812b46cd..9635b1c7 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/EvNoAction.java @@ -47,7 +47,7 @@ public class EvNoAction { * Human-readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event. */ @Getter - String noActionInfo = ""; + private String noActionInfo = ""; /** * EvNoAction constructor. @@ -90,7 +90,13 @@ public class EvNoAction { return bSpecIDEvent; } - public String specIDEventToString(EvEfiSpecIdEvent specIDEvent) { + /** + * Returns a human-readable description of a SpecId event. + * + * @param specIDEvent byte array holding the event. + * @return a description of the event. + */ + public String specIDEventToString(final EvEfiSpecIdEvent specIDEvent) { String specIdInfo = ""; specIdInfo += " Signature = Spec ID Event03 : "; @@ -109,6 +115,7 @@ public class EvNoAction { /** * Returns a human-readable description of locality based on numeric representation lookup. * + * @param eventData byte array holding the event from which to grab locality * @return a description of the locality. */ private String getLocality(final byte[] eventData) { diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java index 2022b9aa..1e6e9134 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/NvIndexInstanceEventLogData.java @@ -36,7 +36,7 @@ public class NvIndexInstanceEventLogData { /** * Human-readable description of the data within this DEVICE_SECURITY_EVENT_DATA/..DATA2 event. */ - String nvIndexInstanceInfo = ""; + private String nvIndexInstanceInfo = ""; /** * NvIndexInstanceEventLogData constructor. @@ -84,13 +84,11 @@ public class NvIndexInstanceEventLogData { if (dsedVersion.equals("0200")) { dsed = new DeviceSecurityEventData2(dsedEventData); nvIndexInstanceInfo += dsed.toString(); - } - else { + } else { nvIndexInstanceInfo += " Incompatible version for DeviceSecurityEventData2: " + dsedVersion + "\n"; } - } - else { + } else { nvIndexInstanceInfo = " Signature error: should be \'SPDM Device Sec2\' but is " + signature + "\n"; } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java index b057e3a9..8d0062c6 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmCertificateChain.java @@ -34,9 +34,9 @@ import java.util.ArrayList; */ public class SpdmCertificateChain { - /** - * Length of the certificate chain to include all fields in this structure. - */ + ///** + // * Length of the certificate chain to include all fields in this structure. + // */ //private int length = 0; /** * Root hash. @@ -53,11 +53,11 @@ public class SpdmCertificateChain { /** * Human-readable description of any error associated with SPDM base hash alg. */ - String spdmBaseHashAlgoError = ""; + private String spdmBaseHashAlgoError = ""; /** * Human-readable description of any error associated with parsing the X509 certs. */ - String certProcessingError = ""; + private String certProcessingError = ""; /** * SpdmCertificateChain Constructor. @@ -67,10 +67,9 @@ public class SpdmCertificateChain { */ public SpdmCertificateChain(final byte[] spdmCertChainBytes, final int rootHashLength) { - if(rootHashLength <= 0) { + if (rootHashLength <= 0) { spdmBaseHashAlgoError = "SPDM base hash algorithm size is not >0"; - } - else { + } else { byte[] lengthBytes = new byte[2]; System.arraycopy(spdmCertChainBytes, 0, lengthBytes, 0, 2); //length = HexUtils.leReverseInt(lengthBytes); @@ -123,15 +122,15 @@ public class SpdmCertificateChain { certList.add(cert); numberOfCerts++; } catch (IOException e) { - certProcessingError += "Error with Cert # " + (numberOfCerts+1) + certProcessingError += "Error with Cert # " + (numberOfCerts + 1) + ": IOException (error reading cert data)"; break; } catch (CertificateException e) { - certProcessingError += "Error with Cert # " + (numberOfCerts+1) + certProcessingError += "Error with Cert # " + (numberOfCerts + 1) + ": CertificateException"; break; } catch (NoSuchAlgorithmException e) { - certProcessingError += "Error with Cert # " + numberOfCerts+1 + certProcessingError += "Error with Cert # " + (numberOfCerts + 1) + ": CNoSuchAlgorithmException"; break; } @@ -147,19 +146,18 @@ public class SpdmCertificateChain { String spdmCertChainInfo = ""; - if(!spdmBaseHashAlgoError.isEmpty()) { + if (!spdmBaseHashAlgoError.isEmpty()) { spdmCertChainInfo += " *** ERROR with SPDM base hash algorithm size ***\n"; spdmCertChainInfo += " " + spdmBaseHashAlgoError + "\n"; spdmCertChainInfo += " Stopping processing of this cert chain\n"; - } - else { + } else { spdmCertChainInfo += " Root hash = " + HexUtils.byteArrayToHexString(rootHash) + "\n"; spdmCertChainInfo += " Number of certs in chain = " + numberOfCerts + "\n"; int certCnt = 1; for (UefiX509Cert cert : certList) { - spdmCertChainInfo += " Cert # " + certCnt++ + " of " + - numberOfCerts + ": ------------------\n"; + spdmCertChainInfo += " Cert # " + certCnt++ + " of " + + numberOfCerts + ": ------------------\n"; spdmCertChainInfo += cert.toString(); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java index 202e6c03..63d3a788 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmHa.java @@ -11,7 +11,7 @@ import lombok.NoArgsConstructor; public class SpdmHa { /** - * Spdm Hash Alg = Raw bit stream + * Spdm Hash Alg = Raw bit stream. */ public static final int TPM_ALG_RAW = 1; /** diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java index b64f18dc..4a90cacb 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/spdm/SpdmMeasurement.java @@ -61,7 +61,7 @@ public class SpdmMeasurement { } /** - * Lookup for SPDM measurement value type + * Lookup for SPDM measurement value type. * * @param measValType the numerical representation of the measurement value type. * @@ -118,10 +118,10 @@ public class SpdmMeasurement { public String toString() { String spdmMeasInfo = ""; - spdmMeasInfo += " SPDM Measurement Value Type = " + - dmtfSpecMeasurementValueTypeToString(dmtfSpecMeasurementValueType); - spdmMeasInfo += "\n SPDM Measurement Value = " + - HexUtils.byteArrayToHexString(dmtfSpecMeasurementValue); + spdmMeasInfo += " SPDM Measurement Value Type = " + + dmtfSpecMeasurementValueTypeToString(dmtfSpecMeasurementValueType); + spdmMeasInfo += "\n SPDM Measurement Value = " + + HexUtils.byteArrayToHexString(dmtfSpecMeasurementValue); spdmMeasInfo += "\n"; return spdmMeasInfo; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiDevicePath.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiDevicePath.java index 879e27f8..099b0050 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiDevicePath.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiDevicePath.java @@ -93,7 +93,9 @@ public class UefiDevicePath { */ private String processDevPath(final byte[] path) { StringBuilder pInfo = new StringBuilder(); - int devLength = 0, pathOffset = 0, devCount = 0; + int devLength = 0; + int pathOffset = 0; + int devCount = 0; while (true) { Byte devPath = Byte.valueOf(path[pathOffset]); if ((devPath.intValue() == UefiConstants.TERMINATOR) @@ -214,7 +216,7 @@ public class UefiDevicePath { subType += " _HID = " + HexUtils.byteArrayToHexString(hid) + "\n"; System.arraycopy(path, 2 * UefiConstants.SIZE_4 + offset, hid, 0, UefiConstants.SIZE_4); String uid = HexUtils.byteArrayToHexString(hid); - if(uid.contains("00000000")) { + if (uid.contains("00000000")) { uid = "No _UID exists for this device"; } subType += " _UID = " + uid + "\n"; diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java index f15f49c1..fd103f62 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiGuid.java @@ -28,20 +28,20 @@ public class UefiGuid { */ private static final int UUID_EPOCH_DIVISOR = 10000; /** - * Filesystem path of vendor-table.json + * Filesystem path of vendor-table.json. */ private static final Path JSON_PATH = FileSystems.getDefault().getPath("/etc", "hirs", "aca", "default-properties", "vendor-table.json"); /** - * Name of vendor-table file in code + * Name of vendor-table file in code. */ private static final String JSON_FILENAME = "vendor-table.json"; /** - * Reference to the vendor-table json object + * Reference to the vendor-table json object. */ private JsonObject uefiVendorRef; /** - * Track status of vendor-table.json + * Track status of vendor-table.json. */ @Getter private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; @@ -77,13 +77,12 @@ public class UefiGuid { uefiVendorRef = JsonUtils.getSpecificJsonObject(vendorPathString, "VendorTable"); - if(!isVendorTableReferenceHandleEmpty()) { + if (!isVendorTableReferenceHandleEmpty()) { vendorTableFileStatus = FILESTATUS_FROM_FILESYSTEM; - } - else { + } else { // could not access vendor-table.json from filesystem, so attempt to access from code uefiVendorRef = JsonUtils.getSpecificJsonObject(JSON_FILENAME, "VendorTable"); - if(!isVendorTableReferenceHandleEmpty()) { + if (!isVendorTableReferenceHandleEmpty()) { vendorTableFileStatus = FILESTATUS_FROM_CODE; } } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java index 15937f34..9ccd0c56 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiSignatureList.java @@ -107,7 +107,7 @@ public class UefiSignatureList { */ private UefiGuid signatureType = null; /** - * Track status of vendor-table.json + * Track status of vendor-table.json. */ @Getter private String vendorTableFileStatus = FILESTATUS_NOT_ACCESSIBLE; @@ -235,17 +235,16 @@ public class UefiSignatureList { StringBuilder sigInfo = new StringBuilder(); if (!signatureTypeValid) { - sigInfo.append(" *** Unknown UEFI Signature Type encountered:\n" + - " " + signatureType.toString() + "\n"); - } - else { + sigInfo.append(" *** Unknown UEFI Signature Type encountered:\n" + + " " + signatureType.toString() + "\n"); + } else { sigInfo.append(" UEFI Signature List Type = " + signatureType.toString() + "\n"); sigInfo.append(" Number of Certs or Hashes in UEFI Signature List = " + numberOfCerts + "\n"); int certOrHashCnt = 1; for (int i = 0; i < sigList.size(); i++) { - sigInfo.append(" Cert or Hash # " + certOrHashCnt++ + " of " + - numberOfCerts + ": ------------------\n"); + sigInfo.append(" Cert or Hash # " + certOrHashCnt++ + " of " + + numberOfCerts + ": ------------------\n"); UefiSignatureData certData = sigList.get(i); sigInfo.append(certData.toString()); } diff --git a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java index a78f2f59..04752a3a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java +++ b/HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/uefi/UefiVariable.java @@ -42,11 +42,11 @@ public class UefiVariable { @Getter private String efiVarName = ""; /** - * Encountered invalid UEFI Signature List + * Encountered invalid UEFI Signature List. */ private boolean invalidSignatureListEncountered = false; /** - * Invalid UEFI Signature List + * Invalid UEFI Signature List. */ private String invalidSignatureListStatus = ""; /** @@ -78,7 +78,7 @@ public class UefiVariable { /** * Human-readable description of the data within the SPDM devdc (to be updated with more test data). */ - String spdmDevdcInfo = ""; + private String spdmDevdcInfo = ""; /** * EFIVariable constructor. @@ -184,13 +184,13 @@ public class UefiVariable { // the if statement is executed // [new event file status = list.getVendorTableFileStatus()] // (ie. if the new file status is not-accessible or from-code, then want to update) - if((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) && - (list.getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { + if ((vendorTableFileStatus != FILESTATUS_NOT_ACCESSIBLE) + && (list.getVendorTableFileStatus() != FILESTATUS_FROM_FILESYSTEM)) { vendorTableFileStatus = list.getVendorTableFileStatus(); } // efiVariableSigListContents += list.toString(); - if(!list.isSignatureTypeValid()) { + if (!list.isSignatureTypeValid()) { invalidSignatureListEncountered = true; invalidSignatureListStatus = list.toString(); break; @@ -200,7 +200,7 @@ public class UefiVariable { } /** - * Method for processing the data in an EFI Signature Data, where the data is known to be an X509 cert + * Method for processing the data in an EFI Signature Data, where the data is known to be an X509 cert. * * @param efiSigData Byte array holding the SignatureData data * @throws java.security.cert.CertificateException If there's a problem parsing the X509 certificate. @@ -296,23 +296,23 @@ public class UefiVariable { } // Signature List output (if there are any Signature Lists) - if (certSuperList.size() > 0){ + if (certSuperList.size() > 0) { efiVariable.append("Number of UEFI Signature Lists = " + certSuperList.size() + "\n"); int certSuperListCnt = 1; for (UefiSignatureList uefiSigList : certSuperList) { - efiVariable.append("UEFI Signature List # " + certSuperListCnt++ + " of " + - certSuperList.size() + ": ------------------\n"); + efiVariable.append("UEFI Signature List # " + certSuperListCnt++ + " of " + + certSuperList.size() + ": ------------------\n"); efiVariable.append(uefiSigList.toString()); } } - if(invalidSignatureListEncountered) { + if (invalidSignatureListEncountered) { efiVariable.append(invalidSignatureListStatus); - efiVariable.append("*** Encountered invalid Signature Type - " + - "Stopped processing of this event data\n"); + efiVariable.append("*** Encountered invalid Signature Type - " + + "Stopped processing of this event data\n"); } // Signature Data output (if there is a Signature Data) - if(!spdmDevdcInfo.isEmpty()) { + if (!spdmDevdcInfo.isEmpty()) { efiVariable.append(spdmDevdcInfo); }