Add selector for Endorsement Credential and Platform Credential Deletion (#66)

Adds a selector method to retrieve ECs and PCs by their associated device so they can be deleted.
2025-01-29 15:44:14 +00:00 · 2018-12-14 12:02:03 -05:00 · 2018-12-14 12:02:03 -05:00 · 634d09ff5d
commit 634d09ff5d
parent 6624296abe
3 changed files with 94 additions and 3 deletions
--- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java
@ -52,6 +52,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.UUID;

 /**
 *
@ -146,6 +147,18 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
            setFieldValue(VERSION_FIELD, version);
            return this;
        }
+
+        /**
+         * Specify a device id that certificates must have to be considered
+         * as matching.
+         *
+         * @param device the device id to query
+         * @return this instance (for chaining further calls)
+         */
+        public Selector byDeviceId(final UUID device) {
+            setFieldValue(DEVICE_ID_FIELD, device);
+            return this;
+        }
    }

    /**
--- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
@ -12,6 +12,7 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Transient;
@ -159,6 +160,18 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
            setFieldValue(CHASSIS_SERIAL_NUMBER_FIELD, chassisSerialNumber);
            return this;
        }
+
+        /**
+         * Specify a device id that certificates must have to be considered
+         * as matching.
+         *
+         * @param device the device id to query
+         * @return this instance (for chaining further calls)
+         */
+        public Selector byDeviceId(final UUID device) {
+            setFieldValue(DEVICE_ID_FIELD, device);
+            return this;
+        }
    }

    @Column
--- a/HIRS_Utils/src/test/java/hirs/persist/DBCertificateManagerTest.java
+++ b/HIRS_Utils/src/test/java/hirs/persist/DBCertificateManagerTest.java
@ -160,7 +160,7 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
        Session session = sessionFactory.getCurrentSession();
        session.beginTransaction();
        final Class<?>[] clazzes =
-                {Certificate.class};
+                {Certificate.class, Device.class, DeviceGroup.class};
        for (Class<?> clazz : clazzes) {
            final List<?> objects = session.createCriteria(clazz).list();
            for (Object o : objects) {
@ -169,6 +169,7 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
            }
            LOGGER.debug("all {} removed", clazz);
        }
+
        session.getTransaction().commit();
    }

@ -390,12 +391,12 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
    }

    /**
-     * Tests that a Certificate can be retrieved by its deviceId.
+     * Tests that a IssuedAttestationCertificate can be retrieved by its deviceId.
     * @throws IOException if there is a problem creating the certificate
     * @throws CertificateException if there is a problem deserializing the original X509Certificate
     */
    @Test
-    public void testGetByDeviceId() throws IOException, CertificateException {
+    public void testGetIssuedAttestationByDeviceId() throws IOException, CertificateException {
        CertificateManager certMan = new DBCertificateManager(sessionFactory);
        DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
        DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
@ -417,6 +418,70 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
        }
    }

+    /**
+     * Tests that an Endorsement Credential can be retrieved by its deviceId.
+     * @throws IOException if there is a problem creating the certificate
+     * @throws CertificateException if there is a problem deserializing the original X509Certificate
+     */
+    @Test
+    public void testGetEndorsementByDeviceId() throws IOException, CertificateException {
+        CertificateManager certMan = new DBCertificateManager(sessionFactory);
+        DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
+        DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
+
+        Device device = new Device("test_device");
+        DeviceGroup dg = new DeviceGroup("Default");
+        DeviceGroup savedDg = deviceGroupManager.saveDeviceGroup(dg);
+        device.setDeviceGroup(savedDg);
+        Device savedDevice = deviceManager.saveDevice(device);
+
+        EndorsementCredential endorsementCredential =
+                (EndorsementCredential) CertificateTest.getTestCertificate(
+                        EndorsementCredential.class, CertificateTest.TEST_EC);
+        endorsementCredential.setDevice(savedDevice);
+        Certificate savedCert = certMan.save(endorsementCredential);
+
+        Set<EndorsementCredential> retrievedCerts =
+                EndorsementCredential.select(certMan).byDeviceId(savedDevice.getId()).
+                        getCertificates();
+        Assert.assertEquals(retrievedCerts.size(), 1);
+        for (EndorsementCredential cert: retrievedCerts) {
+            Assert.assertEquals(savedCert.getId(), cert.getId());
+        }
+    }
+
+    /**
+     * Tests that an Endorsement Credential can be retrieved by its deviceId.
+     * @throws IOException if there is a problem creating the certificate
+     * @throws CertificateException if there is a problem deserializing the original X509Certificate
+     */
+    @Test
+    public void testGetPlatformByDeviceId() throws IOException, CertificateException {
+        CertificateManager certMan = new DBCertificateManager(sessionFactory);
+        DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
+        DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
+
+        Device device = new Device("test_device");
+        DeviceGroup dg = new DeviceGroup("Default");
+        DeviceGroup savedDg = deviceGroupManager.saveDeviceGroup(dg);
+        device.setDeviceGroup(savedDg);
+        Device savedDevice = deviceManager.saveDevice(device);
+
+        PlatformCredential platformCert = (PlatformCredential) CertificateTest.getTestCertificate(
+                PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_2);
+        platformCert.setDevice(savedDevice);
+        Certificate savedCert = certMan.save(platformCert);
+
+        Set<PlatformCredential> retrievedCerts =
+                PlatformCredential.select(certMan).byDeviceId(savedDevice.getId()).
+                        getCertificates();
+        Assert.assertEquals(retrievedCerts.size(), 1);
+        for (PlatformCredential cert: retrievedCerts) {
+            Assert.assertEquals(savedCert.getId(), cert.getId());
+        }
+    }
+
+
    /**
     * Tests that a single Certificate can be retrieved amongst many stored Certificates according
     * to its type and subject.