From 433087961cb8fbe7b129cb5582dc85d098910e89 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:36:34 -0500 Subject: [PATCH 1/5] Tested uploading a rimel that had multiple matching manufacturer and model. The repo to check for this wasn't returning a single unique result and causes and error --- .../manager/ReferenceManifestRepository.java | 2 +- .../provision/IdentityClaimProcessor.java | 26 +++++++++---------- .../ReferenceManifestPageController.java | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index eb0892b2..0ab4020e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -18,7 +18,7 @@ public interface ReferenceManifestRepository extends JpaRepository getBaseByManufacturerModel(String manufacturer, String model); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true) List getByManufacturer(String manufacturer, String dType); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index 05e1ad77..d39f5962 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -448,7 +448,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { referenceManifestRepository.delete(measurements); } - BaseReferenceManifest baseRim = referenceManifestRepository + List baseRims = referenceManifestRepository .getBaseByManufacturerModel(dv.getHw().getManufacturer(), dv.getHw().getProductName()); measurements = temp; @@ -456,20 +456,20 @@ public class IdentityClaimProcessor extends AbstractProcessor { measurements.setPlatformModel(dv.getHw().getProductName()); measurements.setTagId(tagId); measurements.setDeviceName(dv.getNw().getHostname()); - if (baseRim != null) { - measurements.setAssociatedRim(baseRim.getAssociatedRim()); - } + this.referenceManifestRepository.save(measurements); - if (baseRim != null) { - // pull the base versions of the swidtag and rimel and set the - // event log hash for use during provision - SupportReferenceManifest sBaseRim = referenceManifestRepository - .getSupportRimEntityById(baseRim.getAssociatedRim()); - baseRim.setEventLogHash(temp.getHexDecHash()); - sBaseRim.setEventLogHash(temp.getHexDecHash()); - referenceManifestRepository.save(baseRim); - referenceManifestRepository.save(sBaseRim); + for (BaseReferenceManifest baseRim : baseRims) { + if (baseRim != null) { + // pull the base versions of the swidtag and rimel and set the + // event log hash for use during provision + SupportReferenceManifest sBaseRim = referenceManifestRepository + .getSupportRimEntityById(baseRim.getAssociatedRim()); + baseRim.setEventLogHash(temp.getHexDecHash()); + sBaseRim.setEventLogHash(temp.getHexDecHash()); + referenceManifestRepository.save(baseRim); + referenceManifestRepository.save(sBaseRim); + } } } catch (IOException ioEx) { log.error(ioEx); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index e9b53b74..4221dbe4 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -475,7 +475,7 @@ public class ReferenceManifestPageController extends PageController baseRims = new LinkedList<>(); - baseRims.add(this.referenceManifestRepository + baseRims.addAll(this.referenceManifestRepository .getBaseByManufacturerModel(supportRim.getPlatformManufacturer(), supportRim.getPlatformModel())); From 548d6bb1ebd0fdd662ba1356cc28ef9553ccab87 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 7 Nov 2023 10:05:35 -0500 Subject: [PATCH 2/5] There was an issue with finding the support RIM with the base RIM information. Changed how it finds the support RIM to using the hash for the swid resource. --- ...eferenceManifestDetailsPageController.java | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index c75b4776..4a85f764 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -112,9 +112,16 @@ public class ReferenceManifestDetailsPageController extends PageController Date: Wed, 8 Nov 2023 13:10:40 -0500 Subject: [PATCH 3/5] This push has changes to resolve archivable items not updating the archiveTime element. --- .../persist/entity/ArchivableEntity.java | 16 ++++++++++++- .../entity/manager/CertificateRepository.java | 6 ++--- .../CertificatePageController.java | 10 ++++---- ...eferenceManifestDetailsPageController.java | 24 +++++++++++-------- 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index a39ec842..6dc75f52 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -13,7 +13,6 @@ import java.util.Date; * An abstract archivable entity that can be deleted. */ @ToString -@Getter @MappedSuperclass public abstract class ArchivableEntity extends AbstractEntity { @@ -79,6 +78,21 @@ public abstract class ArchivableEntity extends AbstractEntity { } } + /** + * Returns the timestamp of when the entity was archived if applicable. If the + * entity has not been resolved, then null is returned. + * + * @return archivedTime + * If entity was archived, timestamp of the occurrence, null otherwise. + */ + public final Date getArchivedTime() { + if (archivedTime == null) { + return null; + } else { + return (Date) archivedTime.clone(); + } + } + /** * Sets the archivedTime to null. The archivedTime being null signifies that the entity has * not been archived. If the time is already null then this call was unnecessary. diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java index 5a97022d..90f94c1e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java @@ -13,7 +13,7 @@ import java.util.List; import java.util.UUID; @Repository -public interface CertificateRepository extends JpaRepository { +public interface CertificateRepository extends JpaRepository { @Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true) Certificate getCertificate(UUID uuid); @@ -22,7 +22,7 @@ public interface CertificateRepository extends JpaReposit @Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true) List findBySubjectSorted(String issuedSort, String dType); @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true) - List findByAll(String dType); + List findByType(String dType); @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true) Certificate findBySerialNumber(BigInteger serialNumber, String dType); @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) @@ -32,7 +32,7 @@ public interface CertificateRepository extends JpaReposit @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) List getByHolderSerialNumber(BigInteger holderSerialNumber); @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true) - T findByCertificateHash(int certificateHash, String dType); + Certificate findByCertificateHash(int certificateHash, String dType); EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue); IssuedAttestationCertificate findByDeviceId(UUID deviceId); Certificate findByCertificateHash(int certificateHash); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index 08df7d76..10d89a46 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -399,7 +399,7 @@ public class CertificatePageController extends PageController { } } - certificate.archive(); + certificate.archive("User requested deletion via UI"); certificateRepository.save(certificate); String deleteCompletedMessage = "Certificate successfully deleted"; @@ -512,7 +512,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("CertificateAuthorityCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -544,7 +544,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("PlatformCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -576,7 +576,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("IssuedAttestationCertificate"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -607,7 +607,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("EndorsementCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 4a85f764..f5a9dc2e 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -5,6 +5,7 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; @@ -293,17 +294,19 @@ public class ReferenceManifestDetailsPageController extends PageController certificates = certificateRepository - .findByAll("CertificateAuthorityCredential"); + List certificates = certificateRepository + .findByType("CertificateAuthorityCredential"); + CertificateAuthorityCredential caCert; //Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid data.put("signatureValid", false); - for (CertificateAuthorityCredential cert : certificates) { - KeyStore keystore = ValidationService.getCaChain(cert, caCertificateRepository); - if (RIM_VALIDATOR.validateXmlSignature(cert.getX509Certificate().getPublicKey(), - cert.getSubjectKeyIdString(), cert.getEncodedPublicKey())) { + for (Certificate certificate : certificates) { + caCert = (CertificateAuthorityCredential) certificate; + KeyStore keystore = ValidationService.getCaChain(caCert, caCertificateRepository); + if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(), + caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) { try { if (SupplyChainCredentialValidator.verifyCertificate( - cert.getX509Certificate(), keystore)) { + caCert.getX509Certificate(), keystore)) { data.replace("signatureValid", true); break; } @@ -315,10 +318,11 @@ public class ReferenceManifestDetailsPageController extends PageController Date: Mon, 13 Nov 2023 16:56:16 -0500 Subject: [PATCH 4/5] Updated code after recognizing an issue with archiving items. This doesn't include updating the values displayed at the bottom of the list page. --- .../persist/entity/ArchivableEntity.java | 7 +++++++ .../manager/CACredentialRepository.java | 2 +- .../EndorsementCredentialRepository.java | 1 + .../manager/IssuedCertificateRepository.java | 2 +- .../PlatformCertificateRepository.java | 2 ++ .../manager/ReferenceManifestRepository.java | 3 +++ .../provision/IdentityClaimProcessor.java | 1 + .../CertificatePageController.java | 21 +++---------------- .../ReferenceManifestPageController.java | 19 +++++------------ .../utils/CertificateStringMapBuilder.java | 2 +- 10 files changed, 25 insertions(+), 35 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index 6dc75f52..cd87fad3 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -3,6 +3,7 @@ package hirs.attestationca.persist.entity; import jakarta.persistence.Column; import jakarta.persistence.MappedSuperclass; import lombok.Getter; +import lombok.Setter; import lombok.ToString; import org.hibernate.annotations.JdbcTypeCode; import org.hibernate.type.SqlTypes; @@ -21,6 +22,11 @@ public abstract class ArchivableEntity extends AbstractEntity { */ public static final int MAX_MESSAGE_LENGTH = 2400; + @Getter + @Setter + @Column(nullable = false) + private boolean archiveFlag = false; + @Column(name = "archived_time") private Date archivedTime; @@ -54,6 +60,7 @@ public abstract class ArchivableEntity extends AbstractEntity { * false is archived time is already set, signifying the entity has been archived. */ public final boolean archive() { + this.archiveFlag = !archiveFlag; if (this.archivedTime == null) { this.archivedTime = new Date(); return true; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java index d3f3074f..1cdd9d12 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java @@ -11,7 +11,7 @@ import java.util.UUID; @Repository public interface CACredentialRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate where DTYPE='CertificateAuthorityCredential'", nativeQuery = true) + @Query(value = "SELECT * FROM Certificate WHERE DTYPE='CertificateAuthorityCredential' AND archiveFlag=false", nativeQuery = true) @Override List findAll(); List findBySubject(String subject); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java index 3ac197b1..70152cd0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java @@ -13,6 +13,7 @@ import java.util.UUID; @Repository public interface EndorsementCredentialRepository extends JpaRepository { + @Query(value = "SELECT * FROM Certificate WHERE DTYPE='EndorsementCredential' AND archiveFlag=false", nativeQuery = true) @Override List findAll(); EndorsementCredential findByHolderSerialNumber(BigInteger holderSerialNumber); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java index 3acc3cd9..26ac3a44 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java @@ -11,7 +11,7 @@ import java.util.UUID; @Repository public interface IssuedCertificateRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate where DTYPE='IssuedAttestationCertificate'", nativeQuery = true) + @Query(value = "SELECT * FROM Certificate WHERE DTYPE='IssuedAttestationCertificate' AND archiveFlag=false", nativeQuery = true) @Override List findAll(); List findByDeviceId(UUID deviceId); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java index 98ade299..4fb1d817 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java @@ -2,6 +2,7 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; import java.util.List; @@ -10,6 +11,7 @@ import java.util.UUID; @Repository public interface PlatformCertificateRepository extends JpaRepository { + @Query(value = "SELECT * FROM Certificate WHERE DTYPE='PlatformCredential' AND archiveFlag=false", nativeQuery = true) @Override List findAll(); List findByDeviceId(UUID deviceId); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index 0ab4020e..1d1064d6 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -4,6 +4,8 @@ import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; @@ -41,4 +43,5 @@ public interface ReferenceManifestRepository extends JpaRepository getSupportByManufacturerModel(String manufacturer, String model); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) EventLogMeasurements getLogByModel(String model); + Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index d39f5962..dfa63607 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -456,6 +456,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { measurements.setPlatformModel(dv.getHw().getProductName()); measurements.setTagId(tagId); measurements.setDeviceName(dv.getNw().getHostname()); + measurements.archive(); this.referenceManifestRepository.save(measurements); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index 10d89a46..bfe41eed 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -313,7 +313,7 @@ public class CertificatePageController extends PageController { return new DataTableResponse<>(records, input); } - return new DataTableResponse(new FilteredRecordsList<>(), input); + return new DataTableResponse<>(new FilteredRecordsList<>(), input); } /** @@ -375,7 +375,7 @@ public class CertificatePageController extends PageController { try { UUID uuid = UUID.fromString(id); - Certificate certificate = getCertificateById(certificateType, uuid); + Certificate certificate = certificateRepository.getReferenceById(uuid); if (certificate == null) { // Use the term "record" here to avoid user confusion b/t cert and cred String notFoundMessage = "Unable to locate record with ID: " + uuid; @@ -392,7 +392,7 @@ public class CertificatePageController extends PageController { for (PlatformCredential pc : sharedCertificates) { if (!pc.isPlatformBase()) { - pc.archive(); + pc.archive("User requested deletion via UI of the base certificate"); certificateRepository.save(pc); } } @@ -748,21 +748,6 @@ public class CertificatePageController extends PageController { return associatedCertificates; } - private Certificate getCertificateById(final String certificateType, final UUID uuid) { - switch (certificateType) { - case PLATFORMCREDENTIAL: - return this.platformCertificateRepository.getReferenceById(uuid); - case ENDORSEMENTCREDENTIAL: - return this.endorsementCredentialRepository.getReferenceById(uuid); - case ISSUEDCERTIFICATES: - return this.issuedCertificateRepository.getReferenceById(uuid); - case TRUSTCHAIN: - return this.caCredentialRepository.getReferenceById(uuid); - default: - return null; - } - } - /** * Parses an uploaded file into a certificate and populates the given model * with error messages if parsing fails. diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 4221dbe4..0200ca7f 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -120,15 +120,13 @@ public class ReferenceManifestPageController extends PageController records = new FilteredRecordsList<>(); int currentPage = input.getStart() / input.getLength(); Pageable paging = PageRequest.of(currentPage, input.getLength(), Sort.by(orderColumnName)); - org.springframework.data.domain.Page pagedResult = referenceManifestRepository.findAll(paging); + org.springframework.data.domain.Page pagedResult = referenceManifestRepository.findByArchiveFlag(false, paging); int rimCount = 0; if (pagedResult.hasContent()) { for (ReferenceManifest manifest : pagedResult.getContent()) { - if (!manifest.getRimType().equals(ReferenceManifest.MEASUREMENT_RIM)) { - records.add(manifest); - rimCount++; - } + records.add(manifest); + rimCount++; } records.setRecordsTotal(rimCount); } else { @@ -220,7 +218,6 @@ public class ReferenceManifestPageController extends PageController values = new LinkedList<>(); if (referenceManifest == null) { String notFoundMessage = "Unable to locate RIM with ID: " + id; @@ -228,14 +225,8 @@ public class ReferenceManifestPageController extends PageController issuerCertificates = new ArrayList<>(); + List issuerCertificates = new ArrayList<>(); CertificateAuthorityCredential skiCA = null; String issuerResult; From 861508c0efa80d3c4d15386d795266bf7736adef Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Tue, 14 Nov 2023 08:54:08 -0500 Subject: [PATCH 5/5] Added finally touches to not display archived items. As well display the correct count that doesn't include the archived items. Also added additional exception checks after testing uploading the wrong element to the wrong /list page --- .../persist/entity/ArchivableEntity.java | 4 +++- .../entity/manager/CACredentialRepository.java | 8 ++++---- .../EndorsementCredentialRepository.java | 9 ++++----- .../manager/IssuedCertificateRepository.java | 8 ++++---- .../manager/PlatformCertificateRepository.java | 8 ++++---- .../manager/ReferenceManifestRepository.java | 1 + .../controllers/CertificatePageController.java | 18 +++++++++--------- .../ReferenceManifestPageController.java | 4 ++-- 8 files changed, 31 insertions(+), 29 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index cd87fad3..db758042 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -60,9 +60,10 @@ public abstract class ArchivableEntity extends AbstractEntity { * false is archived time is already set, signifying the entity has been archived. */ public final boolean archive() { - this.archiveFlag = !archiveFlag; + this.archiveFlag = false; if (this.archivedTime == null) { this.archivedTime = new Date(); + archiveFlag = true; return true; } return false; @@ -112,6 +113,7 @@ public abstract class ArchivableEntity extends AbstractEntity { if (this.archivedTime != null) { this.archivedTime = null; this.archivedDescription = null; + archiveFlag = false; return true; } return false; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java index 1cdd9d12..e698955f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java @@ -1,8 +1,9 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; import java.util.List; @@ -11,9 +12,8 @@ import java.util.UUID; @Repository public interface CACredentialRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate WHERE DTYPE='CertificateAuthorityCredential' AND archiveFlag=false", nativeQuery = true) - @Override - List findAll(); + List findByArchiveFlag(boolean archiveFlag); + Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); List findBySubject(String subject); List findBySubjectSorted(String subject); CertificateAuthorityCredential findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java index 70152cd0..dbc459ec 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java @@ -1,9 +1,9 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; -import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; import java.math.BigInteger; @@ -13,9 +13,8 @@ import java.util.UUID; @Repository public interface EndorsementCredentialRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate WHERE DTYPE='EndorsementCredential' AND archiveFlag=false", nativeQuery = true) - @Override - List findAll(); + List findByArchiveFlag(boolean archiveFlag); + Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); EndorsementCredential findByHolderSerialNumber(BigInteger holderSerialNumber); List findByDeviceId(UUID deviceId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java index 26ac3a44..9ceb14e6 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java @@ -1,8 +1,9 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; import java.util.List; @@ -11,8 +12,7 @@ import java.util.UUID; @Repository public interface IssuedCertificateRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate WHERE DTYPE='IssuedAttestationCertificate' AND archiveFlag=false", nativeQuery = true) - @Override - List findAll(); + List findByArchiveFlag(boolean archiveFlag); + Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); List findByDeviceId(UUID deviceId); } \ No newline at end of file diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java index 4fb1d817..690d82ca 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java @@ -1,8 +1,9 @@ package hirs.attestationca.persist.entity.manager; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; import java.util.List; @@ -11,8 +12,7 @@ import java.util.UUID; @Repository public interface PlatformCertificateRepository extends JpaRepository { - @Query(value = "SELECT * FROM Certificate WHERE DTYPE='PlatformCredential' AND archiveFlag=false", nativeQuery = true) - @Override - List findAll(); + List findByArchiveFlag(boolean archiveFlag); + Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); List findByDeviceId(UUID deviceId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index 1d1064d6..4f5aa9ba 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -43,5 +43,6 @@ public interface ReferenceManifestRepository extends JpaRepository getSupportByManufacturerModel(String manufacturer, String model); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) EventLogMeasurements getLogByModel(String model); + List findByArchiveFlag(boolean archiveFlag); Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index bfe41eed..b22b3ac8 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -235,7 +235,7 @@ public class CertificatePageController extends PageController { // serial number. (pc.HolderSerialNumber = ec.SerialNumber) if (certificateType.equals(PLATFORMCREDENTIAL)) { FilteredRecordsList records = new FilteredRecordsList<>(); - org.springframework.data.domain.Page pagedResult = this.platformCertificateRepository.findAll(paging); + org.springframework.data.domain.Page pagedResult = this.platformCertificateRepository.findByArchiveFlag(false, paging); if (pagedResult.hasContent()) { records.addAll(pagedResult.getContent()); @@ -244,7 +244,7 @@ public class CertificatePageController extends PageController { records.setRecordsTotal(input.getLength()); } - records.setRecordsFiltered(platformCertificateRepository.count()); + records.setRecordsFiltered(platformCertificateRepository.findByArchiveFlag(false).size()); EndorsementCredential associatedEC; if (!records.isEmpty()) { @@ -268,7 +268,7 @@ public class CertificatePageController extends PageController { return new DataTableResponse<>(records, input); } else if (certificateType.equals(ENDORSEMENTCREDENTIAL)) { FilteredRecordsList records = new FilteredRecordsList<>(); - org.springframework.data.domain.Page pagedResult = this.endorsementCredentialRepository.findAll(paging); + org.springframework.data.domain.Page pagedResult = this.endorsementCredentialRepository.findByArchiveFlag(false, paging); if (pagedResult.hasContent()) { records.addAll(pagedResult.getContent()); @@ -277,13 +277,13 @@ public class CertificatePageController extends PageController { records.setRecordsTotal(input.getLength()); } - records.setRecordsFiltered(endorsementCredentialRepository.count()); + records.setRecordsFiltered(endorsementCredentialRepository.findByArchiveFlag(false).size()); log.debug("Returning list of size: " + records.size()); return new DataTableResponse<>(records, input); } else if (certificateType.equals(TRUSTCHAIN)) { FilteredRecordsList records = new FilteredRecordsList<>(); - org.springframework.data.domain.Page pagedResult = this.caCredentialRepository.findAll(paging); + org.springframework.data.domain.Page pagedResult = this.caCredentialRepository.findByArchiveFlag(false, paging); if (pagedResult.hasContent()) { records.addAll(pagedResult.getContent()); @@ -292,13 +292,13 @@ public class CertificatePageController extends PageController { records.setRecordsTotal(input.getLength()); } - records.setRecordsFiltered(caCredentialRepository.count()); + records.setRecordsFiltered(caCredentialRepository.findByArchiveFlag(false).size()); log.debug("Returning list of size: " + records.size()); return new DataTableResponse<>(records, input); } else if (certificateType.equals(ISSUEDCERTIFICATES)) { FilteredRecordsList records = new FilteredRecordsList<>(); - org.springframework.data.domain.Page pagedResult = this.issuedCertificateRepository.findAll(paging); + org.springframework.data.domain.Page pagedResult = this.issuedCertificateRepository.findByArchiveFlag(false, paging); if (pagedResult.hasContent()) { records.addAll(pagedResult.getContent()); @@ -307,7 +307,7 @@ public class CertificatePageController extends PageController { records.setRecordsTotal(input.getLength()); } - records.setRecordsFiltered(issuedCertificateRepository.count()); + records.setRecordsFiltered(issuedCertificateRepository.findByArchiveFlag(false).size()); log.debug("Returning list of size: " + records.size()); return new DataTableResponse<>(records, input); @@ -821,7 +821,7 @@ public class CertificatePageController extends PageController { log.error(failMessage, dEx); messages.addError(failMessage + dEx.getMessage()); return null; - } catch (IllegalArgumentException iaEx) { + } catch (IllegalArgumentException | IllegalStateException iaEx) { final String failMessage = String.format( "Certificate format not recognized(%s): ", fileName); log.error(failMessage, iaEx); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 0200ca7f..a4e8d5a9 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -133,7 +133,7 @@ public class ReferenceManifestPageController extends PageController(records, input); @@ -413,7 +413,7 @@ public class ReferenceManifestPageController extends PageController