mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
issue_847: Made more styling fixes to the entity files. 300 more changes left to go.
This commit is contained in:
parent
63521a4075
commit
615bbc7547
@ -29,54 +29,55 @@ public interface IDevIDCertificateRepository extends JpaRepository<IDevIDCertifi
|
||||
*/
|
||||
Page<IDevIDCertificate> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
|
||||
/**
|
||||
* Query that retrieves a list of IDevId certificates using the provided subject.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @return a list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubject(String subject);
|
||||
|
||||
/**
|
||||
* Query that retrieves a sorted list of IDevId certificates using the provided subject.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @return a sorted list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectSorted(String subject);
|
||||
|
||||
/**
|
||||
* Query that retrieves a list of IDevId certificates using the provided subject and archive flag.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a sorted list of IDevId certificates using the provided subject and archive flag.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @param archiveFlag archive flag
|
||||
* @return a sorted list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves an IDevId certificate using the provided subject key identifier.
|
||||
*
|
||||
* @param subjectKeyIdentifier byte representation of the subject key identifier
|
||||
* @return an IDevId certificate
|
||||
*/
|
||||
IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
|
||||
|
||||
/**
|
||||
* Query that retrieves an IDevId certificate using the provided subject key and archive flag.
|
||||
*
|
||||
* @param subjectKeyIdString string representation of the subject key id
|
||||
* @param archiveFlag archive flag
|
||||
* @return an IDevId certificate
|
||||
*/
|
||||
IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag);
|
||||
// /**
|
||||
// * Query that retrieves a list of IDevId certificates using the provided subject.
|
||||
// *
|
||||
// * @param subject string representation of the subject
|
||||
// * @return a list of IDevId certificates
|
||||
// */
|
||||
// List<IDevIDCertificate> findBySubject(String subject);
|
||||
//
|
||||
// /**
|
||||
// * Query that retrieves a sorted list of IDevId certificates using the provided subject.
|
||||
// *
|
||||
// * @param subject string representation of the subject
|
||||
// * @return a sorted list of IDevId certificates
|
||||
// */
|
||||
// List<IDevIDCertificate> findBySubjectSorted(String subject);
|
||||
//
|
||||
// /**
|
||||
// * Query that retrieves a list of IDevId certificates using the provided subject and archive flag.
|
||||
// *
|
||||
// * @param subject string representation of the subject
|
||||
// * @param archiveFlag archive flag
|
||||
// * @return a list of IDevId certificates
|
||||
// */
|
||||
// List<IDevIDCertificate> findBySubjectAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
//
|
||||
// /**
|
||||
// * Query that retrieves a sorted list of IDevId certificates using the provided subject and archive flag.
|
||||
// *
|
||||
// * @param subject string representation of the subject
|
||||
// * @param archiveFlag archive flag
|
||||
// * @return a sorted list of IDevId certificates
|
||||
// */
|
||||
// List<IDevIDCertificate> findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
//
|
||||
// /**
|
||||
// * Query that retrieves an IDevId certificate using the provided subject key identifier.
|
||||
// *
|
||||
// * @param subjectKeyIdentifier byte representation of the subject key identifier
|
||||
// * @return an IDevId certificate
|
||||
// */
|
||||
// IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
|
||||
//
|
||||
// /**
|
||||
// * Query that retrieves an IDevId certificate using the provided subject key and archive flag.
|
||||
// *
|
||||
// * @param subjectKeyIdString string representation of the subject key id
|
||||
// * @param archiveFlag archive flag
|
||||
// * @return an IDevId certificate
|
||||
// */
|
||||
// IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag);
|
||||
}
|
||||
|
@ -28,7 +28,8 @@ import java.util.UUID;
|
||||
* This class represents the Reference Integrity Manifest object that will be
|
||||
* loaded into the DB and displayed in the ACA.
|
||||
*/
|
||||
@Getter @ToString
|
||||
@Getter
|
||||
@ToString
|
||||
@EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false)
|
||||
@Log4j2
|
||||
@Entity
|
||||
@ -74,56 +75,71 @@ public class ReferenceManifest extends ArchivableEntity {
|
||||
|
||||
@EqualsAndHashCode.Include
|
||||
@Column(columnDefinition = "mediumblob", nullable = false)
|
||||
private byte[] rimBytes;
|
||||
private final byte[] rimBytes;
|
||||
@Setter
|
||||
@EqualsAndHashCode.Include
|
||||
@Column(nullable = false)
|
||||
private String rimType = "Base";
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String tagId = null;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private boolean swidPatch = false;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private boolean swidSupplemental = false;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String platformManufacturer = null;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String platformManufacturerId = null;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String swidTagVersion = null;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String swidVersion = null;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String platformModel = null;
|
||||
|
||||
@Setter
|
||||
@Column(nullable = false)
|
||||
private String fileName = null;
|
||||
|
||||
@Setter
|
||||
@JdbcTypeCode(java.sql.Types.VARCHAR)
|
||||
@Column
|
||||
private UUID associatedRim;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String deviceName;
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String hexDecHash = "";
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
private String eventLogHash = "";
|
||||
|
||||
@Setter
|
||||
@Column
|
||||
@JsonIgnore
|
||||
private String base64Hash = "";
|
||||
|
||||
|
||||
/**
|
||||
* Default constructor necessary for Hibernate.
|
||||
*/
|
||||
@ -141,6 +157,7 @@ public class ReferenceManifest extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Default constructor for ingesting the bytes of the file content.
|
||||
*
|
||||
* @param rimBytes - file contents.
|
||||
*/
|
||||
public ReferenceManifest(final byte[] rimBytes) {
|
||||
@ -183,10 +200,20 @@ public class ReferenceManifest extends ArchivableEntity {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if this reference manifest's rim type is a base rim.
|
||||
*
|
||||
* @return true if the rim type is a base rim, false otherwise
|
||||
*/
|
||||
public boolean isBase() {
|
||||
return rimType.equals(BASE_RIM);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if this reference manifest's rim type is a support rim.
|
||||
*
|
||||
* @return true if the rim type is a support rim, false otherwise
|
||||
*/
|
||||
public boolean isSupport() {
|
||||
return rimType.equals(SUPPORT_RIM);
|
||||
}
|
||||
|
@ -203,6 +203,7 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
|
||||
* Construct the criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this Selector.
|
||||
*
|
||||
* @param criteriaBuilder criteria builder
|
||||
* @return a Criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this instance
|
||||
*/
|
||||
|
@ -3,39 +3,36 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* This class persists Certificate Authority credentials by extending the base Certificate
|
||||
* class with fields unique to CA credentials.
|
||||
*/
|
||||
@Entity
|
||||
@EqualsAndHashCode
|
||||
public class CertificateAuthorityCredential extends Certificate {
|
||||
|
||||
|
||||
@SuppressWarnings("PMD.AvoidUsingHardCodedIP")
|
||||
private static final String SUBJECT_KEY_IDENTIFIER_EXTENSION = "2.5.29.14";
|
||||
|
||||
/**
|
||||
* Holds the name of the 'subjectKeyIdentifier' field.
|
||||
*/
|
||||
public static final String SUBJECT_KEY_IDENTIFIER_FIELD = "subjectKeyIdentifier";
|
||||
|
||||
@SuppressWarnings("PMD.AvoidUsingHardCodedIP")
|
||||
private static final String SUBJECT_KEY_IDENTIFIER_EXTENSION = "2.5.29.14";
|
||||
|
||||
private static final int CA_BYTE_SIZE = 20;
|
||||
|
||||
private static final int PREFIX_BYTE_SIZE = 4;
|
||||
|
||||
@Column
|
||||
private final byte[] subjectKeyIdentifier;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private String subjectKeyIdString;
|
||||
|
||||
/**
|
||||
* this field is part of the TCG CA specification, but has not yet been found in
|
||||
* manufacturer-provided CAs, and is therefore not currently parsed.
|
||||
@ -44,6 +41,10 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
@Column
|
||||
private final String credentialType = "TCPA Trusted Platform Module Endorsement";
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private String subjectKeyIdString;
|
||||
|
||||
/**
|
||||
* Construct a new CertificateAuthorityCredential given its binary contents. The given
|
||||
* certificate should represent either an X509 certificate or X509 attribute certificate.
|
||||
@ -117,35 +118,4 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
|
||||
return temp;
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("checkstyle:avoidinlineconditionals")
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
CertificateAuthorityCredential that = (CertificateAuthorityCredential) o;
|
||||
|
||||
// if (!Objects.equals(credentialType, that.credentialType)) {
|
||||
// return false;
|
||||
// }
|
||||
|
||||
return Arrays.equals(subjectKeyIdentifier, that.subjectKeyIdentifier);
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings({"checkstyle:magicnumber", "checkstyle:avoidinlineconditionals"})
|
||||
public int hashCode() {
|
||||
int result = super.hashCode();
|
||||
result = 31 * result + (credentialType != null ? credentialType.hashCode() : 0);
|
||||
result = 31 * result + Arrays.hashCode(subjectKeyIdentifier);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
@ -36,8 +36,9 @@ public class CertificateVariables {
|
||||
*
|
||||
*/
|
||||
public static final int MAX_NUMERIC_PRECISION = 49;
|
||||
|
||||
/**
|
||||
* Can store up to 160 bit values
|
||||
* Can store up to 160 bit values.
|
||||
*/
|
||||
public static final int MAX_PUB_KEY_MODULUS_HEX_LENGTH = 1024;
|
||||
|
||||
@ -206,5 +207,8 @@ public class CertificateVariables {
|
||||
*/
|
||||
public static final String ECDSA_STRING = "SHA256WithECDSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_SHA224_STRING = "SHA224WithECDSA";
|
||||
}
|
||||
|
@ -26,46 +26,76 @@ import java.util.Objects;
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
public class ComponentResult extends ArchivableEntity {
|
||||
|
||||
// String value for the Manufacturer title
|
||||
/**
|
||||
* String value for the Manufacturer title.
|
||||
*/
|
||||
public static final String ATTRIBUTE_MANUFACTURER = "Manufacturer";
|
||||
// String value for the Model title
|
||||
|
||||
/**
|
||||
* String value for the Model title.
|
||||
*/
|
||||
public static final String ATTRIBUTE_MODEL = "Model";
|
||||
// String value for the Serial title
|
||||
|
||||
/**
|
||||
* String value for the Serial title.
|
||||
*/
|
||||
public static final String ATTRIBUTE_SERIAL = "Serial";
|
||||
// String value for the revision title
|
||||
|
||||
/**
|
||||
* String value for the revision title.
|
||||
*/
|
||||
public static final String ATTRIBUTE_REVISION = "Revision";
|
||||
// embedded component info
|
||||
|
||||
/**
|
||||
* Embedded component info.
|
||||
*/
|
||||
@Setter
|
||||
private String manufacturer;
|
||||
|
||||
@Setter
|
||||
private String model;
|
||||
|
||||
@Setter
|
||||
private String serialNumber;
|
||||
|
||||
@Setter
|
||||
private String revisionNumber;
|
||||
|
||||
private boolean fieldReplaceable = false;
|
||||
|
||||
// this is a string because component class doesn't inherit serializable.
|
||||
@Setter
|
||||
private String componentClassValue;
|
||||
|
||||
private String componentClassStr;
|
||||
|
||||
private String componentClassType;
|
||||
|
||||
private AttributeStatus attributeStatus;
|
||||
|
||||
private String componentAddress;
|
||||
|
||||
private boolean version2 = false;
|
||||
|
||||
@Setter
|
||||
private boolean delta = false;
|
||||
|
||||
@Setter
|
||||
private boolean failedValidation;
|
||||
|
||||
private String certificateType;
|
||||
|
||||
private String issuerDN;
|
||||
private String certificateSerialNumber;
|
||||
private String boardSerialNumber;
|
||||
private String uniformResourceIdentifier;
|
||||
|
||||
private String certificateSerialNumber;
|
||||
|
||||
private String boardSerialNumber;
|
||||
|
||||
private String uniformResourceIdentifier;
|
||||
|
||||
/**
|
||||
* Default constructor.
|
||||
*
|
||||
* @param boardSerialNumber associated platform certificate serial number.
|
||||
* @param certificateSerialNumber unique number associated with header info.
|
||||
* @param certificateType parameter holds version 1.2 or 2.0.
|
||||
@ -94,10 +124,9 @@ public class ComponentResult extends ArchivableEntity {
|
||||
|
||||
// V2 fields
|
||||
if (componentIdentifier.isVersion2()
|
||||
&& componentIdentifier instanceof ComponentIdentifierV2) {
|
||||
&& componentIdentifier instanceof ComponentIdentifierV2 ciV2) {
|
||||
// this is a downside of findbugs, the code is set up to indicate if a CI is V2 or not
|
||||
// but find bugs is throwing a flag because instanceof isn't being used.
|
||||
ComponentIdentifierV2 ciV2 = (ComponentIdentifierV2) componentIdentifier;
|
||||
this.componentClassValue = ciV2.getComponentClass().getComponentIdentifier();
|
||||
this.componentClassStr = ciV2.getComponentClass().toString();
|
||||
this.componentClassType = ciV2.getComponentClass().getRegistryType();
|
||||
@ -117,6 +146,7 @@ public class ComponentResult extends ArchivableEntity {
|
||||
* This method is only used by the certificate-details.jsp page. This
|
||||
* method splits the compiled string of addresses into the component address
|
||||
* object for display on the jsp page.
|
||||
*
|
||||
* @return a collection of component addresses.
|
||||
*/
|
||||
public List<ComponentAddress> getComponentAddresses() {
|
||||
@ -135,6 +165,7 @@ public class ComponentResult extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Returns a hash code that is associated with common fields for components.
|
||||
*
|
||||
* @return int value of the elements
|
||||
*/
|
||||
public int hashCommonElements() {
|
||||
@ -144,6 +175,7 @@ public class ComponentResult extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* The string method for log entries.
|
||||
*
|
||||
* @return a string for the component result
|
||||
*/
|
||||
public String toString() {
|
||||
|
@ -53,11 +53,10 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
*
|
||||
* This class persists an Endorsement Credential by extending the base Certificate
|
||||
* class with fields unique to Endorsement credentials, as defined in the Trusted
|
||||
* Computing Group Credential Profiles, specification v.1.2.
|
||||
*
|
||||
* <p>
|
||||
* trustedcomputinggroup.org/wp-content/uploads/Credential_Profiles_V1.2_Level2_Revision8.pdf
|
||||
*/
|
||||
@Log4j2
|
||||
@ -105,11 +104,27 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* this field is part of the TCG EC specification, but has not yet been found in
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column
|
||||
private String credentialType = "TCPA Trusted Platform Module Endorsement";
|
||||
private final String credentialType = "TCPA Trusted Platform Module Endorsement";
|
||||
|
||||
/**
|
||||
* this field is part of the TCG EC specification, but has not yet been found in
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
private final String policyReference = null; // optional
|
||||
|
||||
/**
|
||||
* this field is part of the TCG EC specification, but has not yet been found in
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
private final String revocationLocator = null; // optional
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
@ -131,22 +146,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
@Embedded
|
||||
private TPMSecurityAssertions tpmSecurityAssertions = null; //optional
|
||||
|
||||
/*
|
||||
* this field is part of the TCG EC specification, but has not yet been found in
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
private String policyReference = null; // optional
|
||||
|
||||
/*
|
||||
* this field is part of the TCG EC specification, but has not yet been found in
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
private String revocationLocator = null; // optional
|
||||
|
||||
@Transient
|
||||
private Set<String> expectedOids;
|
||||
|
||||
@ -180,6 +179,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* Parses the bytes as an EK. If parsing fails initially, the optionally present header
|
||||
* is removed and tried again. The cert header, if present, contains some certificate length
|
||||
* information which isn't needed for parsing.
|
||||
*
|
||||
* @param certificateBytes the bytes of the EC
|
||||
* @return the EC if a valid credential, null otherwise
|
||||
*/
|
||||
@ -228,6 +228,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* ASN1Primitives in the certificate and searches for matching OID keys of specific values. If
|
||||
* matching OID keys are found, their values are encoded in the fields of the current
|
||||
* EndorsementCredential object.
|
||||
*
|
||||
* @throws IOException the input certificate bytes were not readable into an X509
|
||||
* certificate format
|
||||
*/
|
||||
@ -280,6 +281,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* however, the method is set to add the sequence to the OID mapping, it may search for
|
||||
* patterns that correspond to the TPM Security Assertions and TPM Specification and set
|
||||
* those fields appropriately.
|
||||
*
|
||||
* @param seq the sequence to parse
|
||||
* @param addToMapping whether or not to store the sequence value as an OID key/value value
|
||||
* @param key the associated OID key with this value necessary if addToMapping is true
|
||||
@ -315,7 +317,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
ASN1Integer revision = (ASN1Integer) seq.getObjectAt(ASN1_REV_INDEX);
|
||||
tpmSpecification = new TPMSpecification(family.getString(), level.getValue(),
|
||||
revision.getValue());
|
||||
log.debug("Found TPM Spec:" + tpmSpecification.toString());
|
||||
log.debug("Found TPM Spec:" + tpmSpecification);
|
||||
} else if (addToMapping && key.equals(TPM_SECURITY_ASSERTIONS)) {
|
||||
// Parse TPM Security Assertions
|
||||
int seqPosition = 0;
|
||||
@ -341,7 +343,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
tpmSecurityAssertions = new TPMSecurityAssertions(ver.getValue(),
|
||||
fieldUpgradeable.isTrue());
|
||||
|
||||
log.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
|
||||
log.debug("Found TPM Assertions: " + tpmSecurityAssertions);
|
||||
// Iterate through remaining fields to set optional attributes
|
||||
int tag;
|
||||
ASN1TaggedObject obj;
|
||||
@ -392,6 +394,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* Parses the many different types of ASN1Primitives and searches for specific OID
|
||||
* key/value pairs. Works by traversing the entire ASN1Primitive tree with a single
|
||||
* pass and populates relevant fields in the EndorsementCredential object.
|
||||
*
|
||||
* @param component the ASN1Primitive to parse
|
||||
* @param addToMapping whether or not the current component has been matched as the
|
||||
* value in an expected TPM OID key/value pair
|
||||
@ -421,13 +424,11 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
parsedFields.put(key, ((ASN1ObjectIdentifier) component).getId());
|
||||
}
|
||||
|
||||
} else if (component instanceof ASN1TaggedObject) {
|
||||
ASN1TaggedObject taggedObj = (ASN1TaggedObject) component;
|
||||
} else if (component instanceof ASN1TaggedObject taggedObj) {
|
||||
parseSingle(taggedObj.getBaseObject().toASN1Primitive(), addToMapping, key);
|
||||
|
||||
} else if (component instanceof ASN1OctetString) {
|
||||
} else if (component instanceof ASN1OctetString octStr) {
|
||||
// this may contain parseable data or may just be a OID key-pair value
|
||||
ASN1OctetString octStr = (ASN1OctetString) component;
|
||||
byte[] bytes = octStr.getOctets();
|
||||
ByteArrayInputStream inStream = new ByteArrayInputStream(bytes);
|
||||
ASN1InputStream octIn = new ASN1InputStream(inStream);
|
||||
@ -446,12 +447,11 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
}
|
||||
}
|
||||
|
||||
} else if (component instanceof ASN1Set) {
|
||||
} else if (component instanceof ASN1Set set) {
|
||||
// all ECs seen to this point use sets differently than sequences and their sets
|
||||
// don't contain top level OIDs, so we can parse everything term by term, if that
|
||||
// ceases to be the case, we need to switch to this parsing to be more like
|
||||
// parseSequences in the future
|
||||
ASN1Set set = (ASN1Set) component;
|
||||
Enumeration setContents = set.getObjects();
|
||||
ASN1Encodable subComp;
|
||||
while (setContents.hasMoreElements()) {
|
||||
|
@ -4,6 +4,7 @@ import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Transient;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.bouncycastle.asn1.ASN1Encodable;
|
||||
@ -21,13 +22,13 @@ import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Path;
|
||||
import java.time.Instant;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
|
||||
@Entity
|
||||
@Getter
|
||||
@EqualsAndHashCode
|
||||
@Log4j2
|
||||
public class IDevIDCertificate extends Certificate {
|
||||
|
||||
@ -45,28 +46,24 @@ public class IDevIDCertificate extends Certificate {
|
||||
private static final String POLICY_QUALIFIER_VERIFIED_TPM_FIXED = "2.23.133.11.1.2";
|
||||
private static final String POLICY_QUALIFIER_VERIFIED_TPM_RESTRICTED = "2.23.133.11.1.3";
|
||||
|
||||
@Getter
|
||||
@Transient
|
||||
private byte[] subjectAltName;
|
||||
|
||||
/**
|
||||
* Corresponds to the hwType field found in a Hardware Module Name (if present).
|
||||
*/
|
||||
@Getter
|
||||
@Column
|
||||
private String hwType;
|
||||
|
||||
/**
|
||||
* Corresponds to the serial number found in a Hardware Module Name (if present).
|
||||
*/
|
||||
@Getter
|
||||
@Column
|
||||
private byte[] hwSerialNum;
|
||||
|
||||
/**
|
||||
* TPM policy qualifiers (TCG only).
|
||||
*/
|
||||
@Getter
|
||||
@Column
|
||||
private String tpmPolicies;
|
||||
|
||||
@ -106,13 +103,14 @@ public class IDevIDCertificate extends Certificate {
|
||||
}
|
||||
|
||||
/**
|
||||
* Obtains TPM policy qualifiers from the Certificate Policies extension, if present. These policy qualifiers are
|
||||
* specified in the TCG document "TPM 2.0 Keys for Device Identity and Attestation".
|
||||
* Obtains TPM policy qualifiers from the Certificate Policies extension, if present. These policy
|
||||
* qualifiers are specified in the TCG document "TPM 2.0 Keys for Device Identity and Attestation".
|
||||
*
|
||||
* @param policyBytes byte array representation of the policy
|
||||
* @return A {@link java.util.Map} containing the policy qualifiers obtained.
|
||||
* @throws IOException if policy qualifiers cannot be parsed from extension value
|
||||
*/
|
||||
public Map<String, Boolean> getTPMPolicyQualifiers(byte[] policyBytes) throws IOException {
|
||||
public Map<String, Boolean> getTPMPolicyQualifiers(final byte[] policyBytes) throws IOException {
|
||||
CertificatePolicies certPolicies =
|
||||
CertificatePolicies.getInstance(JcaX509ExtensionUtils.parseExtensionValue(policyBytes));
|
||||
Map<String, Boolean> policyQualifiers = new HashMap<>();
|
||||
@ -167,13 +165,13 @@ public class IDevIDCertificate extends Certificate {
|
||||
ASN1OctetString obj = (ASN1OctetString) input.readObject();
|
||||
boolean tcgOid = false;
|
||||
|
||||
// Parse the otherName structure. According to the specification "TPM 2.0 Keys for Device Identity and
|
||||
// Attestation", otherName can contain up to two structures: HardwareModuleName and PermanentIdentifier.
|
||||
// Currently, this parser only supports HardwareModuleName (if present).
|
||||
// Parse the otherName structure. According to the specification "TPM 2.0 Keys for Device Identity
|
||||
// and Attestation", otherName can contain up to two structures: HardwareModuleName and
|
||||
// PermanentIdentifier. Currently, this parser only supports HardwareModuleName (if present).
|
||||
|
||||
if (obj != null) {
|
||||
// Parse Hardware Module Name structure, comprised of a hwType and hwSerialNum, and associated OID
|
||||
// See also RFC 4108
|
||||
// Parse Hardware Module Name structure, comprised of a hwType and hwSerialNum,
|
||||
// and associated OID. See also RFC 4108
|
||||
ASN1Sequence seq1 = ASN1Sequence.getInstance(obj.getOctets());
|
||||
|
||||
// Iterate over GeneralNames sequence until HardwareModuleName is found
|
||||
@ -205,7 +203,8 @@ public class IDevIDCertificate extends Certificate {
|
||||
// Some certs have been found to contain tagged objects for hwSerialNum.
|
||||
// Handle this as a special case.
|
||||
log.warn(
|
||||
"Could not parse octet string for hwSerialNum. Attempting to parse tag.");
|
||||
"Could not parse octet string for hwSerialNum. "
|
||||
+ "Attempting to parse tag.");
|
||||
try {
|
||||
tagObj1 = ASN1TaggedObject.getInstance(seq1.getObjectAt(1));
|
||||
obj2 = ASN1OctetString.getInstance(tagObj1, false);
|
||||
@ -215,9 +214,9 @@ public class IDevIDCertificate extends Certificate {
|
||||
}
|
||||
}
|
||||
|
||||
// If an OID corresponding to TPM 2.0 for hwType is supported, according to the
|
||||
// specification "TPM 2.0 Keys for Device Identity and Attestation", the contents of
|
||||
// the hwSerialNum field will be parsed accordingly.
|
||||
// If an OID corresponding to TPM 2.0 for hwType is supported, according
|
||||
// to the specification "TPM 2.0 Keys for Device Identity and Attestation",
|
||||
// the contents of the hwSerialNum field will be parsed accordingly.
|
||||
hwType = obj1.toString();
|
||||
if (hasTCGOIDs()) {
|
||||
tcgOid = true;
|
||||
@ -231,9 +230,9 @@ public class IDevIDCertificate extends Certificate {
|
||||
}
|
||||
}
|
||||
|
||||
// Check for certificate policy qualifiers, which should be present for IDevIDs if in compliance with the
|
||||
// TCG specification.
|
||||
// For interoperability reasons, this will only log a warning if a TCG OID is specified above.
|
||||
// Check for certificate policy qualifiers, which should be present for IDevIDs if in compliance
|
||||
// with the TCG specification. For interoperability reasons, this will only log a warning
|
||||
// if a TCG OID is specified above.
|
||||
byte[] policyBytes =
|
||||
getX509Certificate().getExtensionValue(Extension.certificatePolicies.getId());
|
||||
Map<String, Boolean> policyQualifiers = null;
|
||||
@ -255,23 +254,23 @@ public class IDevIDCertificate extends Certificate {
|
||||
});
|
||||
tpmPolicies = qualifierSB.toString();
|
||||
|
||||
failCondition = !(policyQualifiers.get("verifiedTPMResidency") &&
|
||||
(policyQualifiers.get("verifiedTPMFixed") ||
|
||||
policyQualifiers.get("verifiedTPMRestricted")));
|
||||
failCondition = !(policyQualifiers.get("verifiedTPMResidency")
|
||||
&& (policyQualifiers.get("verifiedTPMFixed")
|
||||
|| policyQualifiers.get("verifiedTPMRestricted")));
|
||||
} else {
|
||||
failCondition = true;
|
||||
}
|
||||
if (failCondition) {
|
||||
log.warn(
|
||||
"TPM policy qualifiers not found, or do not meet logical criteria. Certificate may not " +
|
||||
"be in compliance with TCG specification.");
|
||||
"TPM policy qualifiers not found, or do not meet logical criteria. "
|
||||
+ "Certificate may not be in compliance with TCG specification.");
|
||||
}
|
||||
}
|
||||
|
||||
// Log a warning if notAfter field has an expiry date that is not indefinite
|
||||
if (!this.getEndValidity().toInstant().equals(Instant.ofEpochSecond(UNDEFINED_EXPIRY_DATE))) {
|
||||
log.warn("IDevID does not contain an indefinite expiry date. This may indicate an invalid " +
|
||||
"certificate.");
|
||||
log.warn("IDevID does not contain an indefinite expiry date. This may indicate an invalid "
|
||||
+ "certificate.");
|
||||
}
|
||||
|
||||
input.close();
|
||||
@ -279,8 +278,8 @@ public class IDevIDCertificate extends Certificate {
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to check whether a given IDevID certificate has TCG OIDs, in order to check compliance with various
|
||||
* fields.
|
||||
* Function to check whether a given IDevID certificate has TCG OIDs, in order to check compliance with
|
||||
* various fields.
|
||||
*
|
||||
* @return a boolean value
|
||||
*/
|
||||
@ -291,41 +290,4 @@ public class IDevIDCertificate extends Certificate {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("checkstyle:avoidinlineconditionals")
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
IDevIDCertificate that = (IDevIDCertificate) o;
|
||||
|
||||
if (!Objects.equals(getTpmPolicies(), that.getTpmPolicies())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!Objects.equals(getHwType(), that.getHwType())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return Arrays.equals(getHwSerialNum(), that.getHwSerialNum());
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings({"checkstyle:magicnumber", "checkstyle:avoidinlineconditionals"})
|
||||
public int hashCode() {
|
||||
int result = super.hashCode();
|
||||
result = 31 * result + (getTpmPolicies() != null ? getTpmPolicies().hashCode() : 0);
|
||||
result = 31 * result + (getHwType() != null ? getHwType().hashCode() : 0);
|
||||
result = 31 * result + (getHwSerialNum() != null ? Arrays.hashCode(getHwSerialNum()) : 0);
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
@ -28,6 +28,9 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
*/
|
||||
public static final String AIC_TYPE_LABEL = "TCPA Trusted Platform Identity";
|
||||
|
||||
@Column
|
||||
public boolean isLDevID;
|
||||
|
||||
@ManyToOne(fetch = FetchType.EAGER)
|
||||
@JoinColumn(name = "ek_id")
|
||||
private EndorsementCredential endorsementCredential;
|
||||
@ -36,11 +39,9 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
@JoinColumn(name = "pc_id")
|
||||
private List<PlatformCredential> platformCredentials;
|
||||
|
||||
@Column
|
||||
public boolean isLDevID;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param certificateBytes the issued certificate bytes
|
||||
* @param endorsementCredential the endorsement credential
|
||||
* @param platformCredentials the platform credentials
|
||||
@ -58,9 +59,11 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param certificatePath path to certificate
|
||||
* @param endorsementCredential the endorsement credential
|
||||
* @param platformCredentials the platform credentials
|
||||
* @param isLDevID is it an LDev ID
|
||||
* @throws IOException if there is a problem extracting information from the certificate
|
||||
*/
|
||||
public IssuedAttestationCertificate(final Path certificatePath,
|
||||
@ -70,8 +73,4 @@ public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
|
||||
throws IOException {
|
||||
this(readBytes(certificatePath), endorsementCredential, platformCredentials, isLDevID);
|
||||
}
|
||||
|
||||
public List<PlatformCredential> getPlatformCredentials() {
|
||||
return new ArrayList<>(platformCredentials);
|
||||
}
|
||||
}
|
||||
|
@ -46,7 +46,6 @@ import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class persists Platform credentials by extending the base Certificate
|
||||
@ -61,24 +60,29 @@ import java.util.UUID;
|
||||
@Entity
|
||||
public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* TCPA Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement";
|
||||
/**
|
||||
* TCG Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement";
|
||||
private static final int TCG_SPECIFICATION_LENGTH = 3;
|
||||
// These are Object Identifiers (OIDs) for sections in the credentials
|
||||
private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1";
|
||||
private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2";
|
||||
|
||||
// OID for TCG Attributes
|
||||
private static final String PLATFORM_MANUFACTURER = "2.23.133.2.4";
|
||||
private static final String PLATFORM_MODEL = "2.23.133.2.5";
|
||||
private static final String PLATFORM_VERSION = "2.23.133.2.6";
|
||||
private static final String PLATFORM_SERIAL = "2.23.133.2.23";
|
||||
private static final String PLATFORM_BASEBOARD_CHASSIS_COMBINED = "2.23.133.5.1.6";
|
||||
|
||||
// OID for TCG Platform Class Common Attributes
|
||||
private static final String PLATFORM_MANUFACTURER_2_0 = "2.23.133.5.1.1";
|
||||
private static final String PLATFORM_MODEL_2_0 = "2.23.133.5.1.4";
|
||||
private static final String PLATFORM_VERSION_2_0 = "2.23.133.5.1.5";
|
||||
private static final String PLATFORM_SERIAL_2_0 = "2.23.133.5.1.6";
|
||||
|
||||
// OID for Certificate Attributes
|
||||
private static final String TCG_PLATFORM_SPECIFICATION = "2.23.133.2.17";
|
||||
private static final String TPM_SECURITY_ASSERTION = "2.23.133.2.18";
|
||||
@ -115,16 +119,11 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
// number of extra bytes potentially present in a cert header.
|
||||
private static final int PC_CERT_HEADER_BYTE_COUNT = 8;
|
||||
|
||||
/**
|
||||
* TCPA Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement";
|
||||
|
||||
/**
|
||||
* TCG Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement";
|
||||
private static final String MANUFACTURER_FIELD = "manufacturer";
|
||||
private static final String MODEL_FIELD = "model";
|
||||
private static final String VERSION_FIELD = "version";
|
||||
private static final String PLATFORM_SERIAL_FIELD = "platformSerial";
|
||||
private static final String CHASSIS_SERIAL_NUMBER_FIELD = "chassisSerialNumber";
|
||||
|
||||
@Column
|
||||
private String credentialType = null;
|
||||
@ -132,23 +131,18 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
@Column
|
||||
private boolean platformBase = false;
|
||||
|
||||
private static final String MANUFACTURER_FIELD = "manufacturer";
|
||||
@Column
|
||||
private String manufacturer = null;
|
||||
|
||||
private static final String MODEL_FIELD = "model";
|
||||
@Column
|
||||
private String model = null;
|
||||
|
||||
private static final String VERSION_FIELD = "version";
|
||||
@Column
|
||||
private String version = null;
|
||||
|
||||
private static final String PLATFORM_SERIAL_FIELD = "platformSerial";
|
||||
@Column
|
||||
private String platformSerial = null;
|
||||
|
||||
private static final String CHASSIS_SERIAL_NUMBER_FIELD = "chassisSerialNumber";
|
||||
@Column
|
||||
private String chassisSerialNumber;
|
||||
|
||||
@ -175,6 +169,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
@Column(length = MAX_MESSAGE_LENGTH)
|
||||
private String componentFailures = Strings.EMPTY;
|
||||
|
||||
@Column(length = MAX_MESSAGE_LENGTH)
|
||||
private String componentFailureMessage = Strings.EMPTY;
|
||||
|
||||
@ -182,6 +177,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
private EndorsementCredential endorsementCredential = null;
|
||||
|
||||
private String platformChainType = Strings.EMPTY;
|
||||
|
||||
private boolean isDeltaChain = false;
|
||||
|
||||
/**
|
||||
@ -223,6 +219,105 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
this(readBytes(certificatePath), true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses the bytes as an PC. If parsing fails initially, the optionally present header
|
||||
* is removed and tried again. The cert header, if present, contains some certificate length
|
||||
* information which isn't needed for parsing.
|
||||
*
|
||||
* @param certificateBytes the bytes of the PC
|
||||
* @return the PC if a valid credential, null otherwise
|
||||
*/
|
||||
public static PlatformCredential parseWithPossibleHeader(final byte[] certificateBytes) {
|
||||
PlatformCredential credential = null;
|
||||
|
||||
try {
|
||||
// first, attempt parsing as is
|
||||
credential = new PlatformCredential(certificateBytes);
|
||||
} catch (Exception e) {
|
||||
// attempt parsing again after removing extra header bytes.
|
||||
if (certificateBytes.length > PC_CERT_HEADER_BYTE_COUNT) {
|
||||
log.debug("Attempting parse after removing extra header bytes");
|
||||
try {
|
||||
byte[] truncatedBytes = ArrayUtils.subarray(
|
||||
certificateBytes, PC_CERT_HEADER_BYTE_COUNT,
|
||||
certificateBytes.length);
|
||||
credential = new PlatformCredential(truncatedBytes);
|
||||
} catch (Exception e1) {
|
||||
log.warn("Failed to parse PC after multiple attempts", e1);
|
||||
}
|
||||
} else {
|
||||
log.warn("EK parsing failed (only one attempt possible)", e);
|
||||
}
|
||||
}
|
||||
return credential;
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify if the AlgorithmIdentifiers are equal.
|
||||
*
|
||||
* @param id1 AlgorithIdentifier one
|
||||
* @param id2 AlgorithIdentifier two
|
||||
* @return True if are the same, False if not
|
||||
*/
|
||||
public static boolean isAlgIdEqual(final AlgorithmIdentifier id1,
|
||||
final AlgorithmIdentifier id2) {
|
||||
if (!id1.getAlgorithm().equals(id2.getAlgorithm())) {
|
||||
return false;
|
||||
}
|
||||
if (id1.getParameters() == null) {
|
||||
return id2.getParameters() == null || id2.getParameters().equals(DERNull.INSTANCE);
|
||||
}
|
||||
if (id2.getParameters() == null) {
|
||||
return id1.getParameters() == null || id1.getParameters().equals(DERNull.INSTANCE);
|
||||
}
|
||||
return id1.getParameters().equals(id2.getParameters());
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the PolicyQualifier from the Certificate Policies Extension.
|
||||
*
|
||||
* @param certificate Attribute Certificate information
|
||||
* @return Policy Qualifier from the Certificate Policies Extension
|
||||
*/
|
||||
public static Map<String, String> getPolicyQualifier(
|
||||
final AttributeCertificateInfo certificate) {
|
||||
Preconditions.checkArgument(certificate.getExtensions() != null,
|
||||
"Platform certificate should have extensions.");
|
||||
|
||||
CertificatePolicies certPolicies
|
||||
= CertificatePolicies.fromExtensions(certificate.getExtensions());
|
||||
Map<String, String> policyQualifiers = new HashMap<>();
|
||||
String userNoticeQualifier = "";
|
||||
String cpsURI = "";
|
||||
|
||||
if (certPolicies != null) {
|
||||
// Must contain at least one Policy
|
||||
for (PolicyInformation policy : certPolicies.getPolicyInformation()) {
|
||||
for (ASN1Encodable pQualifierInfo : policy.getPolicyQualifiers().toArray()) {
|
||||
PolicyQualifierInfo info = PolicyQualifierInfo.getInstance(pQualifierInfo);
|
||||
// Subtract the data based on the OID
|
||||
switch (info.getPolicyQualifierId().getId()) {
|
||||
case POLICY_QUALIFIER_CPSURI:
|
||||
cpsURI = DERIA5String.getInstance(info.getQualifier()).getString();
|
||||
break;
|
||||
case POLICY_QUALIFIER_USER_NOTICE:
|
||||
UserNotice userNotice = UserNotice.getInstance(info.getQualifier());
|
||||
userNoticeQualifier = userNotice.getExplicitText().getString();
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Add to map
|
||||
policyQualifiers.put("userNotice", userNoticeQualifier);
|
||||
policyQualifiers.put("cpsURI", cpsURI);
|
||||
|
||||
return policyQualifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate the signature on the attribute certificate in this holder.
|
||||
*
|
||||
@ -253,37 +348,6 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
return verifier.verify(attCert.getSignatureValue().getOctets());
|
||||
}
|
||||
/**
|
||||
* Parses the bytes as an PC. If parsing fails initially, the optionally present header
|
||||
* is removed and tried again. The cert header, if present, contains some certificate length
|
||||
* information which isn't needed for parsing.
|
||||
* @param certificateBytes the bytes of the PC
|
||||
* @return the PC if a valid credential, null otherwise
|
||||
*/
|
||||
public static PlatformCredential parseWithPossibleHeader(final byte[] certificateBytes) {
|
||||
PlatformCredential credential = null;
|
||||
|
||||
try {
|
||||
// first, attempt parsing as is
|
||||
credential = new PlatformCredential(certificateBytes);
|
||||
} catch (Exception e) {
|
||||
// attempt parsing again after removing extra header bytes.
|
||||
if (certificateBytes.length > PC_CERT_HEADER_BYTE_COUNT) {
|
||||
log.debug("Attempting parse after removing extra header bytes");
|
||||
try {
|
||||
byte[] truncatedBytes = ArrayUtils.subarray(
|
||||
certificateBytes, PC_CERT_HEADER_BYTE_COUNT,
|
||||
certificateBytes.length);
|
||||
credential = new PlatformCredential(truncatedBytes);
|
||||
} catch (Exception e1) {
|
||||
log.warn("Failed to parse PC after multiple attempts", e1);
|
||||
}
|
||||
} else {
|
||||
log.warn("EK parsing failed (only one attempt possible)", e);
|
||||
}
|
||||
}
|
||||
return credential;
|
||||
}
|
||||
|
||||
private void parseFields() throws IOException {
|
||||
AttributeCertificateInfo certificate = getAttributeCertificate().getAcinfo();
|
||||
@ -340,6 +404,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Parse a 1.2 Platform Certificate (Attribute Certificate).
|
||||
*
|
||||
* @param certificate Attribute Certificate
|
||||
*/
|
||||
private void parseAttributeCert(final AttributeCertificateInfo certificate) {
|
||||
@ -392,6 +457,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Parse a 2.0 Platform Certificate (Attribute Certificate).
|
||||
*
|
||||
* @param certificate Attribute Certificate
|
||||
*/
|
||||
private void parseAttributeCert2(final AttributeCertificateInfo certificate)
|
||||
@ -440,6 +506,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the x509 Platform Certificate version.
|
||||
*
|
||||
* @return a big integer representing the certificate version.
|
||||
*/
|
||||
@Override
|
||||
@ -458,6 +525,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the cPSuri from the Certificate Policies.
|
||||
*
|
||||
* @return cPSuri from the CertificatePolicies.
|
||||
* @throws IOException when reading the certificate.
|
||||
*/
|
||||
@ -473,6 +541,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the Platform Configuration Attribute from the Platform Certificate.
|
||||
*
|
||||
* @return a map with all the attributes
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
* @throws IOException when reading the certificate.
|
||||
@ -523,6 +592,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the specified attribute from the Platform Certificate.
|
||||
*
|
||||
* @param attributeName to retrieve from the map.
|
||||
* @return an Object with the attribute.
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
@ -535,6 +605,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the Platform Configuration Attribute from the Platform Certificate.
|
||||
*
|
||||
* @return a map with the Platform Configuration information.
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
* @throws IOException when reading the certificate.
|
||||
@ -552,6 +623,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the Platform Configuration URI Attribute from the Platform Certificate.
|
||||
*
|
||||
* @return an URIReference object to the Platform Configuration URI.
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
* @throws IOException when reading the certificate.
|
||||
@ -567,6 +639,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the TBB Security Assertion from the Platform Certificate.
|
||||
*
|
||||
* @return a TBBSecurityAssertion object.
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
* @throws IOException when reading the certificate.
|
||||
@ -612,6 +685,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
/**
|
||||
* Get the list of component identifiers if there are any.
|
||||
*
|
||||
* @return the list of component identifiers if there are any
|
||||
*/
|
||||
public List<ComponentIdentifier> getComponentIdentifiers() {
|
||||
@ -626,76 +700,4 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
}
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify if the AlgorithmIdentifiers are equal.
|
||||
*
|
||||
* @param id1 AlgorithIdentifier one
|
||||
* @param id2 AlgorithIdentifier two
|
||||
* @return True if are the same, False if not
|
||||
*/
|
||||
public static boolean isAlgIdEqual(final AlgorithmIdentifier id1,
|
||||
final AlgorithmIdentifier id2) {
|
||||
if (!id1.getAlgorithm().equals(id2.getAlgorithm())) {
|
||||
return false;
|
||||
}
|
||||
if (id1.getParameters() == null) {
|
||||
if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
if (id2.getParameters() == null) {
|
||||
if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return id1.getParameters().equals(id2.getParameters());
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the PolicyQualifier from the Certificate Policies Extension.
|
||||
*
|
||||
* @param certificate Attribute Certificate information
|
||||
* @return Policy Qualifier from the Certificate Policies Extension
|
||||
*/
|
||||
public static Map<String, String> getPolicyQualifier(
|
||||
final AttributeCertificateInfo certificate) {
|
||||
Preconditions.checkArgument(certificate.getExtensions() != null,
|
||||
"Platform certificate should have extensions.");
|
||||
|
||||
CertificatePolicies certPolicies
|
||||
= CertificatePolicies.fromExtensions(certificate.getExtensions());
|
||||
Map<String, String> policyQualifiers = new HashMap<>();
|
||||
String userNoticeQualifier = "";
|
||||
String cpsURI = "";
|
||||
|
||||
if (certPolicies != null) {
|
||||
// Must contain at least one Policy
|
||||
for (PolicyInformation policy : certPolicies.getPolicyInformation()) {
|
||||
for (ASN1Encodable pQualifierInfo: policy.getPolicyQualifiers().toArray()) {
|
||||
PolicyQualifierInfo info = PolicyQualifierInfo.getInstance(pQualifierInfo);
|
||||
// Subtract the data based on the OID
|
||||
switch (info.getPolicyQualifierId().getId()) {
|
||||
case POLICY_QUALIFIER_CPSURI:
|
||||
cpsURI = DERIA5String.getInstance(info.getQualifier()).getString();
|
||||
break;
|
||||
case POLICY_QUALIFIER_USER_NOTICE:
|
||||
UserNotice userNotice = UserNotice.getInstance(info.getQualifier());
|
||||
userNoticeQualifier = userNotice.getExplicitText().getString();
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Add to map
|
||||
policyQualifiers.put("userNotice", userNoticeQualifier);
|
||||
policyQualifiers.put("cpsURI", cpsURI);
|
||||
|
||||
return policyQualifiers;
|
||||
}
|
||||
}
|
||||
|
@ -62,25 +62,16 @@ public class ComponentAddress {
|
||||
|
||||
/**
|
||||
* Get the string value for the address type.
|
||||
*
|
||||
* @return the string value for the address type
|
||||
*/
|
||||
public String getAddressTypeValue() {
|
||||
String typeValue;
|
||||
switch (this.addressType.getId()) {
|
||||
case ETHERNET_MAC:
|
||||
typeValue = "ethernet mac";
|
||||
break;
|
||||
case WLAN_MAC:
|
||||
typeValue = "wlan mac";
|
||||
break;
|
||||
case BLUETOOTH_MAC:
|
||||
typeValue = "bluetooth mac";
|
||||
break;
|
||||
default:
|
||||
typeValue = "unknown mac";
|
||||
break;
|
||||
}
|
||||
return typeValue;
|
||||
return switch (this.addressType.getId()) {
|
||||
case ETHERNET_MAC -> "ethernet mac";
|
||||
case WLAN_MAC -> "wlan mac";
|
||||
case BLUETOOTH_MAC -> "bluetooth mac";
|
||||
default -> "unknown mac";
|
||||
};
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -6,7 +6,6 @@ import lombok.AccessLevel;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
@ -14,7 +13,7 @@ import java.util.UUID;
|
||||
* This is tied to the ComponentResult class. If a component has a mismatched
|
||||
* value from what the device has listed, this class represents which attribute
|
||||
* of that component mismatched.
|
||||
*
|
||||
* <p>
|
||||
* If this is a delta issue, the component ID would be set to null if the
|
||||
* remove or modified don't exist.
|
||||
*/
|
||||
@ -24,16 +23,21 @@ import java.util.UUID;
|
||||
public class ComponentAttributeResult extends ArchivableEntity {
|
||||
|
||||
private UUID componentId;
|
||||
|
||||
@Setter
|
||||
private UUID provisionSessionId;
|
||||
|
||||
// this is used to identify Revision for the ignore policy
|
||||
@Setter
|
||||
private String attribute;
|
||||
|
||||
private String expectedValue;
|
||||
|
||||
private String actualValue;
|
||||
|
||||
/**
|
||||
* Default constructor that populates the expected and actual values.
|
||||
*
|
||||
* @param componentId id associated with component result
|
||||
* @param expectedValue platform certificate value
|
||||
* @param actualValue paccor value from the device
|
||||
@ -48,6 +52,7 @@ public class ComponentAttributeResult extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Default constructor that populates the expected and actual values.
|
||||
*
|
||||
* @param componentId id associated with component result
|
||||
* @param provisionSessionId an id for the associated provision
|
||||
* @param expectedValue platform certificate value
|
||||
@ -65,6 +70,8 @@ public class ComponentAttributeResult extends ArchivableEntity {
|
||||
/**
|
||||
* This method is used to check the mismatched status flag for
|
||||
* displaying red if there is a failure.
|
||||
*
|
||||
* @return true if there is status match, false otherwise
|
||||
*/
|
||||
public boolean checkMatchedStatus() {
|
||||
return this.actualValue.equals(this.expectedValue);
|
||||
@ -72,6 +79,7 @@ public class ComponentAttributeResult extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* For the state of the object, this shouldn't be negative.
|
||||
*
|
||||
* @return the string value of the attribute name
|
||||
*/
|
||||
public String getAttribute() {
|
||||
|
@ -23,39 +23,52 @@ import java.nio.file.Path;
|
||||
* componentClassRegistry ComponentClassRegistry,
|
||||
* componentClassValue OCTET STRING SIZE(4) ) }
|
||||
* </pre>
|
||||
*
|
||||
* <p>
|
||||
* A note for the future.
|
||||
*/
|
||||
public class ComponentClass {
|
||||
@Getter
|
||||
public class
|
||||
ComponentClass {
|
||||
private static final String TCG_COMPONENT_REGISTRY = "2.23.133.18.3.1";
|
||||
|
||||
private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
|
||||
|
||||
private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath(
|
||||
"C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json");
|
||||
private static final Path JSON_PATH = WINDOWS_JSON_PATH.toFile().exists() ? WINDOWS_JSON_PATH :
|
||||
FileSystems.getDefault().getPath(
|
||||
|
||||
private static final Path JSON_PATH = WINDOWS_JSON_PATH.toFile().exists() ? WINDOWS_JSON_PATH
|
||||
: FileSystems.getDefault().getPath(
|
||||
"/etc", "hirs", "aca", "default-properties", "component-class.json");
|
||||
|
||||
private static final String OTHER_STRING = "Other";
|
||||
|
||||
private static final String UNKNOWN_STRING = "Unknown";
|
||||
|
||||
private static final String NONE_STRING = "None";
|
||||
|
||||
// Used to indicate that the component string value provided is erroneous
|
||||
private static final String ERROR = "-1";
|
||||
|
||||
private static final int MID_INDEX = 4;
|
||||
|
||||
/**
|
||||
* All TCG categories have Other and Unknown as the first 2 values.
|
||||
*/
|
||||
private static final String OTHER = "0000";
|
||||
|
||||
private static final String UNKNOWN = "0001";
|
||||
|
||||
@Getter
|
||||
private String category, categoryStr;
|
||||
@Getter
|
||||
private String component, componentStr;
|
||||
@Getter
|
||||
private String registryType;
|
||||
@Getter
|
||||
private String componentIdentifier;
|
||||
private final String registryType;
|
||||
|
||||
private final String componentIdentifier;
|
||||
|
||||
private String category;
|
||||
|
||||
private String categoryStr;
|
||||
|
||||
private String component;
|
||||
|
||||
private String componentStr;
|
||||
|
||||
/**
|
||||
* Default class constructor.
|
||||
@ -106,11 +119,11 @@ public class ComponentClass {
|
||||
this.componentIdentifier = verifyComponentValue(componentIdentifier);
|
||||
}
|
||||
|
||||
switch (registryOid) {
|
||||
case TCG_COMPONENT_REGISTRY -> registryType = "TCG";
|
||||
case SMBIOS_COMPONENT_REGISTRY -> registryType = "SMBIOS";
|
||||
default -> registryType = UNKNOWN_STRING;
|
||||
}
|
||||
this.registryType = switch (registryOid) {
|
||||
case TCG_COMPONENT_REGISTRY -> "TCG";
|
||||
case SMBIOS_COMPONENT_REGISTRY -> "SMBIOS";
|
||||
default -> UNKNOWN_STRING;
|
||||
};
|
||||
|
||||
switch (this.componentIdentifier) {
|
||||
case OTHER:
|
||||
@ -135,9 +148,39 @@ public class ComponentClass {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This method converts the string representation of the component ID into
|
||||
* an integer. Or throws and error if the format is in error.
|
||||
*
|
||||
* @param component string representation of the component ID
|
||||
* @return the int representation of the component
|
||||
*/
|
||||
private static String verifyComponentValue(final String component) {
|
||||
String componentValue = ERROR;
|
||||
|
||||
if (component != null) {
|
||||
try {
|
||||
if (component.contains("x")) {
|
||||
componentValue = component.substring(component.indexOf("x") + 1);
|
||||
} else {
|
||||
if (component.contains("#")) {
|
||||
componentValue = component.replace("#", "");
|
||||
} else {
|
||||
return component;
|
||||
}
|
||||
}
|
||||
} catch (NumberFormatException nfEx) {
|
||||
//invalid entry
|
||||
}
|
||||
}
|
||||
|
||||
return componentValue;
|
||||
}
|
||||
|
||||
/**
|
||||
* This is the main way this class will be referenced and how it
|
||||
* will be displayed on the portal.
|
||||
*
|
||||
* @return String combination of category and component.
|
||||
*/
|
||||
@Override
|
||||
@ -173,12 +216,14 @@ public class ComponentClass {
|
||||
found = true;
|
||||
JsonObject componentTypes = categories.get(name)
|
||||
.asObject().get("Types").asObject();
|
||||
categoryStr = name;
|
||||
this.categoryStr = name;
|
||||
|
||||
switch (componentMask) {
|
||||
case OTHER -> componentStr = OTHER_STRING;
|
||||
case UNKNOWN -> componentStr = UNKNOWN_STRING;
|
||||
default -> getComponent(componentTypes);
|
||||
if (componentMask.equals(OTHER)) {
|
||||
this.componentStr = OTHER_STRING;
|
||||
} else if (componentMask.equals(UNKNOWN)) {
|
||||
this.componentStr = UNKNOWN_STRING;
|
||||
} else {
|
||||
getComponent(componentTypes);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -192,6 +237,7 @@ public class ComponentClass {
|
||||
|
||||
/**
|
||||
* Returns the value of the comparison between a category and the what's in the id.
|
||||
*
|
||||
* @param category the category to compare
|
||||
* @param componentId the id value to compare
|
||||
* @return true if they match
|
||||
@ -219,33 +265,4 @@ public class ComponentClass {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This method converts the string representation of the component ID into
|
||||
* an integer. Or throws and error if the format is in error.
|
||||
*
|
||||
* @param component string representation of the component ID
|
||||
* @return the int representation of the component
|
||||
*/
|
||||
private static String verifyComponentValue(final String component) {
|
||||
String componentValue = ERROR;
|
||||
|
||||
if (component != null) {
|
||||
try {
|
||||
if (component.contains("x")) {
|
||||
componentValue = component.substring(component.indexOf("x") + 1);
|
||||
} else {
|
||||
if (component.contains("#")) {
|
||||
componentValue = component.replace("#", "");
|
||||
} else {
|
||||
return component;
|
||||
}
|
||||
}
|
||||
} catch (NumberFormatException nfEx) {
|
||||
//invalid entry
|
||||
}
|
||||
}
|
||||
|
||||
return componentValue;
|
||||
}
|
||||
}
|
||||
|
@ -44,13 +44,11 @@ public class ComponentIdentifier {
|
||||
* Maximum number of configurations.
|
||||
*/
|
||||
public static final int CONFIGMAX = 32;
|
||||
|
||||
private static final int MANDATORY_ELEMENTS = 2;
|
||||
// optional sequence objects
|
||||
/**
|
||||
* Static variable indicated array position for the serial number.
|
||||
*/
|
||||
protected static final int COMPONENT_SERIAL = 0;
|
||||
// optional sequence objects
|
||||
/**
|
||||
* Static variable indicated array position for the revision info.
|
||||
*/
|
||||
@ -68,13 +66,22 @@ public class ComponentIdentifier {
|
||||
*/
|
||||
protected static final int COMPONENT_ADDRESS = 4;
|
||||
|
||||
private static final int MANDATORY_ELEMENTS = 2;
|
||||
|
||||
private DERUTF8String componentManufacturer;
|
||||
|
||||
private DERUTF8String componentModel;
|
||||
|
||||
private DERUTF8String componentSerial;
|
||||
|
||||
private DERUTF8String componentRevision;
|
||||
|
||||
private ASN1ObjectIdentifier componentManufacturerId;
|
||||
|
||||
private ASN1Boolean fieldReplaceable;
|
||||
|
||||
private List<ComponentAddress> componentAddress;
|
||||
|
||||
private boolean validationResult = true;
|
||||
|
||||
/**
|
||||
@ -119,6 +126,7 @@ public class ComponentIdentifier {
|
||||
|
||||
/**
|
||||
* Constructor given the SEQUENCE that contains Component Identifier.
|
||||
*
|
||||
* @param sequence containing the component identifier
|
||||
* @throws IllegalArgumentException if there was an error on the parsing
|
||||
*/
|
||||
@ -193,22 +201,6 @@ public class ComponentIdentifier {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the component addresses.
|
||||
* @return a collection of component addresses
|
||||
*/
|
||||
public List<ComponentAddress> getComponentAddress() {
|
||||
return componentAddress.stream().toList();
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter for the list of component addresses.
|
||||
* @param componentAddress collection of addresses
|
||||
*/
|
||||
public void setComponentAddress(List<ComponentAddress> componentAddress) {
|
||||
this.componentAddress = componentAddress.stream().toList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
@ -230,7 +222,7 @@ public class ComponentIdentifier {
|
||||
}
|
||||
sb.append(", fieldReplaceable=");
|
||||
if (fieldReplaceable != null) {
|
||||
sb.append(fieldReplaceable.toString());
|
||||
sb.append(fieldReplaceable);
|
||||
}
|
||||
sb.append(", componentAddress=");
|
||||
if (!componentAddress.isEmpty()) {
|
||||
|
@ -79,7 +79,6 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
* @param componentPlatformUri object containing the URI Reference
|
||||
* @param attributeStatus object containing enumerated status
|
||||
*/
|
||||
@SuppressWarnings("checkstyle:parameternumber")
|
||||
public ComponentIdentifierV2(final ComponentClass componentClass,
|
||||
final DERUTF8String componentManufacturer,
|
||||
final DERUTF8String componentModel,
|
||||
@ -103,6 +102,7 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
|
||||
/**
|
||||
* Constructor given the SEQUENCE that contains Component Identifier.
|
||||
*
|
||||
* @param sequence containing the component identifier
|
||||
* @throws IllegalArgumentException if there was an error on the parsing
|
||||
*/
|
||||
@ -120,7 +120,8 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
ASN1OctetString.getInstance(componentIdSeq.getObjectAt(tag)).toString());
|
||||
|
||||
// Mandatory values
|
||||
this.setComponentManufacturer((DERUTF8String) ASN1UTF8String.getInstance(sequence.getObjectAt(tag++)));
|
||||
this.setComponentManufacturer(
|
||||
(DERUTF8String) ASN1UTF8String.getInstance(sequence.getObjectAt(tag++)));
|
||||
this.setComponentModel((DERUTF8String) ASN1UTF8String.getInstance(sequence.getObjectAt(tag++)));
|
||||
|
||||
// Continue reading the sequence if it does contain more than 2 values
|
||||
@ -202,9 +203,15 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
if (!super.equals(o)) return false;
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
ComponentIdentifierV2 that = (ComponentIdentifierV2) o;
|
||||
return Objects.equals(componentClass, that.componentClass)
|
||||
&& Objects.equals(certificateIdentifier, that.certificateIdentifier)
|
||||
@ -241,7 +248,7 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
}
|
||||
sb.append(", fieldReplaceable=");
|
||||
if (getFieldReplaceable() != null) {
|
||||
sb.append(getFieldReplaceable().toString());
|
||||
sb.append(getFieldReplaceable());
|
||||
}
|
||||
sb.append(", componentAddress=");
|
||||
if (getComponentAddress().size() > 0) {
|
||||
@ -252,11 +259,11 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
}
|
||||
sb.append(", certificateIdentifier=");
|
||||
if (certificateIdentifier != null) {
|
||||
sb.append(certificateIdentifier.toString());
|
||||
sb.append(certificateIdentifier);
|
||||
}
|
||||
sb.append(", componentPlatformUri=");
|
||||
if (componentPlatformUri != null) {
|
||||
sb.append(componentPlatformUri.toString());
|
||||
sb.append(componentPlatformUri);
|
||||
}
|
||||
sb.append(", status=");
|
||||
if (attributeStatus != null) {
|
||||
|
@ -12,13 +12,6 @@ import hirs.attestationca.persist.enums.HealthStatus;
|
||||
import hirs.attestationca.portal.page.Page;
|
||||
import hirs.attestationca.portal.page.PageController;
|
||||
import hirs.attestationca.portal.page.PageControllerTest;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.security.Security;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@ -27,8 +20,15 @@ import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.annotation.Rollback;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
|
||||
import static org.hamcrest.Matchers.hasProperty;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.Security;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.hasProperty;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
|
||||
@ -40,25 +40,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
|
||||
public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
|
||||
// Base path for the page
|
||||
private String pagePath;
|
||||
|
||||
// Repository manager to handle data access between device entity and data storage in db
|
||||
@Autowired
|
||||
private DeviceRepository deviceRepository;
|
||||
|
||||
// Repository manager to handle data access between certificate entity and data storage in db
|
||||
@Autowired
|
||||
private CertificateRepository certificateRepository;
|
||||
|
||||
private CertificateAuthorityCredential caCertificate;
|
||||
private CertificateAuthorityCredential caRootCertificate;
|
||||
private PlatformCredential platformCredential;
|
||||
private PlatformCredential platformCredential2;
|
||||
private PlatformCredential platformCertificatePCI;
|
||||
private EndorsementCredential endorsementCredential;
|
||||
private IssuedAttestationCertificate issuedCredential;
|
||||
|
||||
// Random UUID for certificate search.
|
||||
private static final String ID = "046b6c7f-0b8a-43b9-b35d-6489e6daee91";
|
||||
private static final String TEST_CA_CERTIFICATE
|
||||
@ -75,6 +56,21 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
= "/platform_credentials/basic_plat_cert_2-0.pem";
|
||||
private static final String TEST_PLATFORM_CREDENTIAL_2_PCI
|
||||
= "/platform_credentials/pciids_plat_cert_2-0.pem";
|
||||
// Base path for the page
|
||||
private final String pagePath;
|
||||
// Repository manager to handle data access between device entity and data storage in db
|
||||
@Autowired
|
||||
private DeviceRepository deviceRepository;
|
||||
// Repository manager to handle data access between certificate entity and data storage in db
|
||||
@Autowired
|
||||
private CertificateRepository certificateRepository;
|
||||
private CertificateAuthorityCredential caCertificate;
|
||||
private CertificateAuthorityCredential caRootCertificate;
|
||||
private PlatformCredential platformCredential;
|
||||
private PlatformCredential platformCredential2;
|
||||
private PlatformCredential platformCertificatePCI;
|
||||
private EndorsementCredential endorsementCredential;
|
||||
private IssuedAttestationCertificate issuedCredential;
|
||||
|
||||
/**
|
||||
* Constructor providing the Page's display and routing specification.
|
||||
@ -268,7 +264,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
.getModel()
|
||||
.get(PolicyPageController.INITIAL_DATA);
|
||||
assertEquals(platformCredential.getIssuer(), initialData.get("issuer"));
|
||||
assertEquals(((PlatformCredential) platformCredential).getCredentialType(),
|
||||
assertEquals(platformCredential.getCredentialType(),
|
||||
initialData.get("credentialType"));
|
||||
|
||||
}
|
||||
@ -298,7 +294,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
.getModel()
|
||||
.get(PolicyPageController.INITIAL_DATA);
|
||||
assertEquals(platformCredential2.getIssuer(), initialData.get("issuer"));
|
||||
assertEquals(((PlatformCredential) platformCredential2).getCredentialType(),
|
||||
assertEquals(platformCredential2.getCredentialType(),
|
||||
initialData.get("credentialType"));
|
||||
// Check component identifier
|
||||
assertNotNull(initialData.get("componentsIdentifier"));
|
||||
@ -337,7 +333,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
.getModel()
|
||||
.get(PolicyPageController.INITIAL_DATA);
|
||||
assertEquals(platformCertificatePCI.getIssuer(), initialData.get("issuer"));
|
||||
assertEquals(((PlatformCredential) platformCertificatePCI).getCredentialType(),
|
||||
assertEquals(platformCertificatePCI.getCredentialType(),
|
||||
initialData.get("credentialType"));
|
||||
// Check component identifier
|
||||
assertNotNull(initialData.get("componentsIdentifier"));
|
||||
@ -376,7 +372,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
.getModel()
|
||||
.get(PolicyPageController.INITIAL_DATA);
|
||||
assertEquals(endorsementCredential.getIssuer(), initialData.get("issuer"));
|
||||
assertEquals(((EndorsementCredential) endorsementCredential).getManufacturer(),
|
||||
assertEquals(endorsementCredential.getManufacturer(),
|
||||
initialData.get("manufacturer"));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user