ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-30 08:04:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add selector for Endorsement Credential and Platform Credential Deletion (#66)

Browse Source 
Adds a selector method to retrieve ECs and PCs by their associated device
so they can be deleted.
This commit is contained in:
apldev2 2018-12-14 12:02:03 -05:00 committed by apldev3
parent 6624296abe
commit 634d09ff5d
3 changed files with 94 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java
View File

@ -52,6 +52,7 @@ import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.UUID;
/** /**
* *
@ -146,6 +147,18 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
setFieldValue(VERSION_FIELD, version); setFieldValue(VERSION_FIELD, version);
return this; return this;
} }
/**
* Specify a device id that certificates must have to be considered
* as matching.
*
* @param device the device id to query
* @return this instance (for chaining further calls)
*/
public Selector byDeviceId(final UUID device) {
setFieldValue(DEVICE_ID_FIELD, device);
return this;
}
} }
/** /**

13
HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
View File

@ -12,6 +12,7 @@ import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.UUID;
import javax.persistence.Column; import javax.persistence.Column;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.Transient; import javax.persistence.Transient;
@ -159,6 +160,18 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
setFieldValue(CHASSIS_SERIAL_NUMBER_FIELD, chassisSerialNumber); setFieldValue(CHASSIS_SERIAL_NUMBER_FIELD, chassisSerialNumber);
return this; return this;
} }
/**
* Specify a device id that certificates must have to be considered
* as matching.
*
* @param device the device id to query
* @return this instance (for chaining further calls)
*/
public Selector byDeviceId(final UUID device) {
setFieldValue(DEVICE_ID_FIELD, device);
return this;
}
} }
@Column @Column

71
HIRS_Utils/src/test/java/hirs/persist/DBCertificateManagerTest.java
View File

@ -160,7 +160,7 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
Session session = sessionFactory.getCurrentSession(); Session session = sessionFactory.getCurrentSession();
session.beginTransaction(); session.beginTransaction();
final Class<?>[] clazzes = final Class<?>[] clazzes =
{Certificate.class}; {Certificate.class, Device.class, DeviceGroup.class};
for (Class<?> clazz : clazzes) { for (Class<?> clazz : clazzes) {
final List<?> objects = session.createCriteria(clazz).list(); final List<?> objects = session.createCriteria(clazz).list();
for (Object o : objects) { for (Object o : objects) {
@ -169,6 +169,7 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
} }
LOGGER.debug("all {} removed", clazz); LOGGER.debug("all {} removed", clazz);
} }
session.getTransaction().commit(); session.getTransaction().commit();
} }
@ -390,12 +391,12 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
} }
/** /**
* Tests that a Certificate can be retrieved by its deviceId. * Tests that a IssuedAttestationCertificate can be retrieved by its deviceId.
* @throws IOException if there is a problem creating the certificate * @throws IOException if there is a problem creating the certificate
* @throws CertificateException if there is a problem deserializing the original X509Certificate * @throws CertificateException if there is a problem deserializing the original X509Certificate
*/ */
@Test @Test
public void testGetByDeviceId() throws IOException, CertificateException { public void testGetIssuedAttestationByDeviceId() throws IOException, CertificateException {
CertificateManager certMan = new DBCertificateManager(sessionFactory); CertificateManager certMan = new DBCertificateManager(sessionFactory);
DeviceManager deviceManager = new DBDeviceManager(sessionFactory); DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory); DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
@ -417,6 +418,70 @@ public class DBCertificateManagerTest extends SpringPersistenceTest {
} }
} }
/**
* Tests that an Endorsement Credential can be retrieved by its deviceId.
* @throws IOException if there is a problem creating the certificate
* @throws CertificateException if there is a problem deserializing the original X509Certificate
*/
@Test
public void testGetEndorsementByDeviceId() throws IOException, CertificateException {
CertificateManager certMan = new DBCertificateManager(sessionFactory);
DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
Device device = new Device("test_device");
DeviceGroup dg = new DeviceGroup("Default");
DeviceGroup savedDg = deviceGroupManager.saveDeviceGroup(dg);
device.setDeviceGroup(savedDg);
Device savedDevice = deviceManager.saveDevice(device);
EndorsementCredential endorsementCredential =
(EndorsementCredential) CertificateTest.getTestCertificate(
EndorsementCredential.class, CertificateTest.TEST_EC);
endorsementCredential.setDevice(savedDevice);
Certificate savedCert = certMan.save(endorsementCredential);
Set<EndorsementCredential> retrievedCerts =
EndorsementCredential.select(certMan).byDeviceId(savedDevice.getId()).
getCertificates();
Assert.assertEquals(retrievedCerts.size(), 1);
for (EndorsementCredential cert: retrievedCerts) {
Assert.assertEquals(savedCert.getId(), cert.getId());
}
}
/**
* Tests that an Endorsement Credential can be retrieved by its deviceId.
* @throws IOException if there is a problem creating the certificate
* @throws CertificateException if there is a problem deserializing the original X509Certificate
*/
@Test
public void testGetPlatformByDeviceId() throws IOException, CertificateException {
CertificateManager certMan = new DBCertificateManager(sessionFactory);
DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
Device device = new Device("test_device");
DeviceGroup dg = new DeviceGroup("Default");
DeviceGroup savedDg = deviceGroupManager.saveDeviceGroup(dg);
device.setDeviceGroup(savedDg);
Device savedDevice = deviceManager.saveDevice(device);
PlatformCredential platformCert = (PlatformCredential) CertificateTest.getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_2);
platformCert.setDevice(savedDevice);
Certificate savedCert = certMan.save(platformCert);
Set<PlatformCredential> retrievedCerts =
PlatformCredential.select(certMan).byDeviceId(savedDevice.getId()).
getCertificates();
Assert.assertEquals(retrievedCerts.size(), 1);
for (PlatformCredential cert: retrievedCerts) {
Assert.assertEquals(savedCert.getId(), cert.getId());
}
}
/** /**
* Tests that a single Certificate can be retrieved amongst many stored Certificates according * Tests that a single Certificate can be retrieved amongst many stored Certificates according
* to its type and subject. * to its type and subject.