From 63521a40757d10ccd4ee3e931e5b5b8b24bdb32d Mon Sep 17 00:00:00 2001 From: TheSilentCoder <184309164+ThatSilentCoder@users.noreply.github.com> Date: Thu, 17 Oct 2024 17:12:58 -0400 Subject: [PATCH] issue_847: Added javadoc comments + params to the rest of the repo classes, cleaned up imports, and made more styling changes. --- .../entity/manager/CertificateRepository.java | 87 ++-- .../EndorsementCredentialRepository.java | 32 +- .../manager/IDevIDCertificateRepository.java | 72 ++- .../manager/IssuedCertificateRepository.java | 23 +- .../PlatformCertificateRepository.java | 21 +- .../ReferenceDigestValueRepository.java | 38 +- .../manager/ReferenceManifestRepository.java | 169 +++--- .../SupplyChainValidationRepository.java | 4 +- ...upplyChainValidationSummaryRepository.java | 17 +- .../TPM2ProvisionerStateRepository.java | 2 +- .../entity/userdefined/Certificate.java | 485 +++++++++--------- .../persist/entity/userdefined/Device.java | 19 +- .../userdefined/SupplyChainValidation.java | 61 +-- .../SupplyChainValidationSummary.java | 230 ++++----- .../certificate/CertificateVariables.java | 165 +++++- .../certificate/IDevIDCertificate.java | 36 +- .../provision/IdentityClaimProcessor.java | 57 +- .../service/SupplyChainValidationService.java | 63 +-- .../CertificateAttributeScvValidator.java | 26 +- .../validation/FirmwareScvValidator.java | 37 +- config/checkstyle/checkstyle.xml | 4 +- 21 files changed, 977 insertions(+), 671 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java index 5aeb4ba9..ee4f5a7a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java @@ -29,7 +29,7 @@ public interface CertificateRepository extends JpaRepository * Query that retrieves a list of certificates using the provided subject and dtype. * * @param subject subject - * @param dType d type + * @param dType dtype * @return a list of certificates */ @Query(value = "SELECT * FROM Certificate where subject = ?1 AND DTYPE = ?2", nativeQuery = true) @@ -38,100 +38,107 @@ public interface CertificateRepository extends JpaRepository /** * Query that retrieves a sorted list of certificates using the provided subject and dtype. * - * @param subjectSorted - * @param dType + * @param subjectSorted subject + * @param dType dtype * @return a list of sorted certificates */ @Query(value = "SELECT * FROM Certificate where subjectSorted = ?1 AND DTYPE = ?2", nativeQuery = true) List findBySubjectSorted(String subjectSorted, String dType); /** - * Query that retrieves a + * Query that retrieves a list of certificates using the provided dtype. * - * @param dType - * @return + * @param dType dtype + * @return a list of certificates */ @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true) List findByType(String dType); /** - * Query that retrieves a + * Query that retrieves a list of certificates using the provided serial number and dtype. * - * @param serialNumber - * @param dType - * @return + * @param serialNumber serial number + * @param dType dtype + * @return a certificate */ @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true) Certificate findBySerialNumber(BigInteger serialNumber, String dType); /** - * Query that retrieves a + * Query that retrieves a list of platform credentials using the provided board serial number + * and a dtype of "Platform Credential". * - * @param boardSerialNumber - * @return + * @param boardSerialNumber board serial number + * @return a list of platform credentials */ - @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", + nativeQuery = true) List byBoardSerialNumber(String boardSerialNumber); /** - * Query that retrieves a + * Query that retrieves a platform credential using the provided holder serial number + * and a dtype of "Platform Credential". * - * @param holderSerialNumber - * @return + * @param holderSerialNumber holder serial number + * @return platform credential */ - @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", + nativeQuery = true) PlatformCredential getPcByHolderSerialNumber(BigInteger holderSerialNumber); /** - * Query that retrieves a + * Query that retrieves a list of platform credentials using the provided holder serial number + * and a dtype of "Platform Credential". * - * @param holderSerialNumber - * @return + * @param holderSerialNumber holder serial numberz + * @return a list of platform credentials */ - @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) + @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", + nativeQuery = true) List getByHolderSerialNumber(BigInteger holderSerialNumber); /** - * Query that retrieves a + * Query that retrieves a certificate using the provided certificate hash and dtype. * - * @param certificateHash - * @param dType - * @return + * @param certificateHash integer certificate hash + * @param dType dtype + * @return a certificate */ @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true) Certificate findByCertificateHash(int certificateHash, String dType); /** - * Query that retrieves a + * Query that retrieves an endorssement credential using the provided public key modulus hex value. * - * @param publicKeyModulusHexValue - * @return + * @param publicKeyModulusHexValue public key modulus hex value + * @return an endorsement credential */ EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue); /** - * Query that retrieves a + * Query that retrieves an issued attestation certificate using the provided device id. * - * @param deviceId - * @return + * @param deviceId uuid representation of the device id + * @return an issued attestation certificate */ IssuedAttestationCertificate findByDeviceId(UUID deviceId); /** - * Query that retrieves a + * Query that retrieves a list of issued attestation certificates using the provided device id, + * isLDevID value and sort value. * - * @param deviceId - * @param isLDevID - * @param sort - * @return + * @param deviceId device id + * @param isLDevID is it a LDevId + * @param sort sort + * @return a list of issued attestation certificates */ List findByDeviceIdAndIsLDevID(UUID deviceId, boolean isLDevID, Sort sort); /** - * Query that retrieves a + * Query that retrieves a certificates using the provided certificate hash. * - * @param certificateHash - * @return + * @param certificateHash integer certificate hash + * @return a certificate */ Certificate findByCertificateHash(int certificateHash); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java index a2d67fd5..dbf09fdf 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/EndorsementCredentialRepository.java @@ -14,43 +14,43 @@ import java.util.UUID; public interface EndorsementCredentialRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a list of endorsement credentials using the provided archive flag. * - * @param archiveFlag - * @return + * @param archiveFlag archive flag + * @return a list of endorsement credentials */ List findByArchiveFlag(boolean archiveFlag); /** - * Query that retrieves a + * Query that retrieves a page of endorsement credentials using provided archive flag and pageable value. * - * @param archiveFlag - * @param pageable - * @return + * @param archiveFlag archive flag + * @param pageable pageable value + * @return a page of endorsement credentials */ Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); /** - * Query that retrieves a + * Query that retrieves an endorsement credential using the provided holder serial number. * - * @param holderSerialNumber - * @return + * @param holderSerialNumber big integer representation of the holder serial number + * @return an endorsement credential */ EndorsementCredential findByHolderSerialNumber(BigInteger holderSerialNumber); /** - * Query that retrieves a + * Query that retrieves an endorsement credential using the provided serial number. * - * @param serialNumber - * @return + * @param serialNumber big integer representation of the serial number + * @return an endorsement credential */ EndorsementCredential findBySerialNumber(BigInteger serialNumber); /** - * Query that retrieves a + * Query that retrieves a list of endorsement credentials using the provided device id. * - * @param deviceId - * @return + * @param deviceId uuid representation of the device id + * @return an endorsement credential */ List findByDeviceId(UUID deviceId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IDevIDCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IDevIDCertificateRepository.java index 2aee1e4a..02325ef7 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IDevIDCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IDevIDCertificateRepository.java @@ -13,26 +13,70 @@ import java.util.UUID; public interface IDevIDCertificateRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a list of IDevId certificates using the provided archive flag. * - * @param archiveFlag - * @return + * @param archiveFlag archive flag + * @return a list of IDevId certificates */ List findByArchiveFlag(boolean archiveFlag); /** - * Query that retrieves a + * Query that retrieves a page of IDevId certificates using the provided archive flag and pageable value. * - * @param archiveFlag - * @param pageable - * @return + * @param archiveFlag archive flag + * @param pageable pageable value + * @return a page of IDevId certificates */ Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); - /*List findBySubject(String subject); - List findBySubjectSorted(String subject); - List findBySubjectAndArchiveFlag(String subject, boolean archiveFlag); - List findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag); - IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier); - IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag); + + /** + * Query that retrieves a list of IDevId certificates using the provided subject. + * + * @param subject string representation of the subject + * @return a list of IDevId certificates */ -} \ No newline at end of file + List findBySubject(String subject); + + /** + * Query that retrieves a sorted list of IDevId certificates using the provided subject. + * + * @param subject string representation of the subject + * @return a sorted list of IDevId certificates + */ + List findBySubjectSorted(String subject); + + /** + * Query that retrieves a list of IDevId certificates using the provided subject and archive flag. + * + * @param subject string representation of the subject + * @param archiveFlag archive flag + * @return a list of IDevId certificates + */ + List findBySubjectAndArchiveFlag(String subject, boolean archiveFlag); + + /** + * Query that retrieves a sorted list of IDevId certificates using the provided subject and archive flag. + * + * @param subject string representation of the subject + * @param archiveFlag archive flag + * @return a sorted list of IDevId certificates + */ + List findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag); + + /** + * Query that retrieves an IDevId certificate using the provided subject key identifier. + * + * @param subjectKeyIdentifier byte representation of the subject key identifier + * @return an IDevId certificate + */ + IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier); + + /** + * Query that retrieves an IDevId certificate using the provided subject key and archive flag. + * + * @param subjectKeyIdString string representation of the subject key id + * @param archiveFlag archive flag + * @return an IDevId certificate + */ + IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag); +} diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java index 8d56626e..0d50494f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/IssuedCertificateRepository.java @@ -13,25 +13,28 @@ import java.util.UUID; public interface IssuedCertificateRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a list of issued attestation certificates using the provided archive flag. * - * @param archiveFlag - * @return + * @param archiveFlag archive flag + * @return a list of issued attestation certificates */ List findByArchiveFlag(boolean archiveFlag); /** - * Query that retrieves a + * Query that retrieves a page of issued attestation certificates using the provided archive flag + * and pageable value. * - * @param archiveFlag - * @param pageable - * @return + * @param archiveFlag archive flag + * @param pageable pageable value + * @return a page of issued attestation certificates */ Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); /** - * @param deviceId - * @return + * Query that retrieves a list of issued attestation certificates using the provided device id. + * + * @param deviceId uuid representation of the device id + * @return a list of issued attestation certificates */ List findByDeviceId(UUID deviceId); -} \ No newline at end of file +} diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java index bd65c0cb..ad7a4190 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/PlatformCertificateRepository.java @@ -13,27 +13,28 @@ import java.util.UUID; public interface PlatformCertificateRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a list of platform credentials using the provided archive flag. * - * @param archiveFlag - * @return + * @param archiveFlag archive flag + * @return a list of platform credentials */ List findByArchiveFlag(boolean archiveFlag); /** - * Query that retrieves a + * Query that retrieves a page of platform credentials using the provided archive flag + * and pageable value. * - * @param archiveFlag - * @param pageable - * @return + * @param archiveFlag archive flag + * @param pageable pageable + * @return a page of platform credentials */ Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); /** - * Query that retrieves a + * Query that retrieves a list of platform credentials using the provided device id. * - * @param deviceId - * @return + * @param deviceId uuid representation of the device id + * @return a list of platform credentials */ List findByDeviceId(UUID deviceId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java index 2df75216..008c2abe 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java @@ -11,51 +11,51 @@ import java.util.UUID; public interface ReferenceDigestValueRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided model. * - * @param model - * @return + * @param model string representation of the model + * @return a list of reference digest values */ List findByModel(String model); /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided manufacturer. * - * @param manufacturer - * @return + * @param manufacturer string representation of the manufacturer + * @return a list of reference digest values */ List findByManufacturer(String manufacturer); /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided associated rim id. * - * @param associatedRimId - * @return + * @param associatedRimId uuid representation of the associated rim ID + * @return a list of reference digest values */ List findValuesByBaseRimId(UUID associatedRimId); /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided support rim id. * - * @param supportRimId - * @return + * @param supportRimId uuid representation of the support rim ID + * @return a list of reference digest values */ List findBySupportRimId(UUID supportRimId); /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided support rim hash. * - * @param supportRimHash - * @return + * @param supportRimHash a string representation of the support rim hash + * @return a list of reference digest values */ List findBySupportRimHash(String supportRimHash); /** - * Query that retrieves a + * Query that retrieves a list of reference digest values using the provided manufacturer and model. * - * @param manufacturer - * @param model - * @return + * @param manufacturer string representation of the manufacturer + * @param model string representation of the model + * @return a list of reference digest values */ List findByManufacturerAndModel(String manufacturer, String model); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index c2f4175f..5f145fb0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -16,159 +16,192 @@ import java.util.UUID; @Repository public interface ReferenceManifestRepository extends JpaRepository { /** - * Query that retrieves a + * Query that retrieves a reference manifest using the provided hex/dec hash. * - * @param hexDecHash - * @return + * @param hexDecHash string representation of the hex dec hash + * @return a reference manifest */ ReferenceManifest findByHexDecHash(String hexDecHash); /** - * Query that retrieves a + * Query that retrieves a reference manifest using the provided base 64 hash. * - * @param base64Hash - * @return + * @param base64Hash string representation of the base 64 hash + * @return a reference manifest */ ReferenceManifest findByBase64Hash(String base64Hash); /** - * @param hexDecHash - * @param rimType - * @return + * Query that retrieves a reference manifest using the provided hex/dec hash and rim type. + * + * @param hexDecHash string representation of the hex dec hash + * @param rimType string representation of the rim type + * @return a reference manifest */ ReferenceManifest findByHexDecHashAndRimType(String hexDecHash, String rimType); /** - * @param hexDecHash - * @param rimType - * @return + * Query that retrieves a reference manifest using the provided event log hash and rim type. + * + * @param hexDecHash string representation of the event log hash + * @param rimType string representation of the rim type + * @return a reference manifest */ ReferenceManifest findByEventLogHashAndRimType(String hexDecHash, String rimType); /** - * @param manufacturer - * @param model - * @return + * Query that retrieves a list of base reference manifests using the provided manufacturer and model + * and where the rim type is equal to base. + * + * @param manufacturer string representation of platform manufacturer + * @param model string representation of platform model + * @return a list of base reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 " + + "AND rimType = 'Base'", nativeQuery = true) List getBaseByManufacturerModel(String manufacturer, String model); /** - * @param manufacturer - * @param dType - * @return + * Query that retrieves a list of base reference manifests using the provided manufacturer and model. + * + * @param manufacturer string representation of platform manufacturer + * @param dType dtype + * @return a list of base reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", + nativeQuery = true) List getByManufacturer(String manufacturer, String dType); /** - * @param model - * @param dType - * @return + * Query that retrieves a reference manifest using the provided model and dtype. + * + * @param model string representation of platform model + * @param dType dtype + * @return a reference manifest */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", + nativeQuery = true) ReferenceManifest getByModel(String model, String dType); /** - * @return + * Query that retrieves a list of base reference manifests where the dtype is a base reference manifest. + * + * @return a list of base reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", + nativeQuery = true) List findAllBaseRims(); /** - * Query that retrieves a + * Query that retrieves a list of support reference manifests where the dtype is a + * support reference manifest. * - * @return + * @return a list of support reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'", + nativeQuery = true) List findAllSupportRims(); /** - * Query that retrieves a + * Query that retrieves a base reference manifest using the provided uuid and where the dtype is a + * base reference manifest. * - * @param uuid - * @return + * @param uuid uuid + * @return a base reference manifest */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'", + nativeQuery = true) BaseReferenceManifest getBaseRimEntityById(UUID uuid); /** - * Query that retrieves a + * Query that retrieves a support reference manifest using the provided uuid and + * where the dtype is a support reference manifest. * - * @param uuid - * @return + * @param uuid uuid + * @return a support reference manifest */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'", + nativeQuery = true) SupportReferenceManifest getSupportRimEntityById(UUID uuid); /** - * Query that retrieves a + * Query that retrieves event log measurements using the provided uuid and where the dtype is an + * event log measurement. * - * @param uuid - * @return + * @param uuid uuid + * @return event log measurements */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'", + nativeQuery = true) EventLogMeasurements getEventLogRimEntityById(UUID uuid); /** - * Query that retrieves a + * Query that retrieves a list of support reference manifests using the provided device name and where the + * dtype is a support reference manifest. * - * @param deviceName - * @return + * @param deviceName string representation of the device name + * @return a list of support reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 " + + "AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true) List byDeviceName(String deviceName); /** - * Query that retrieves a + * Query that retrieves event log measurements using the provided device name and where the dtype is + * event log measurements. * - * @param deviceName - * @return + * @param deviceName string representation of the device name + * @return event log measurements */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 " + + "AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) EventLogMeasurements byMeasurementDeviceName(String deviceName); /** - * Query that retrieves a + * Query that retrieves a list of support reference manifests using the provided manufacturer and platform + * model and where the rim type is support. * - * @param manufacturer - * @param model - * @return + * @param manufacturer string representation of platform manufacturer + * @param model string representation of platform model + * @return a list of support reference manifests */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Support'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 " + + "AND rimType = 'Support'", nativeQuery = true) List getSupportByManufacturerModel(String manufacturer, String model); /** - * Query that retrieves a + * Query that retrieves event log measurements using the provided platform model and where the dtype is + * event log measurements. * - * @param model - * @return + * @param model string representation of platform model. + * @return event log measurements */ - @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) + @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 " + + "AND DTYPE = 'EventLogMeasurements'", nativeQuery = true) EventLogMeasurements getLogByModel(String model); /** - * Query that retrieves a + * Query that retrieves a list of reference manifests using the provided device name. * - * @param deviceName - * @return + * @param deviceName string representation of device name + * @return a list of reference manifests */ List findByDeviceName(String deviceName); /** - * Query that retrieves a + * Query that retrieves a list of reference manifests using the provided archive flag. * - * @param archiveFlag - * @return + * @param archiveFlag archive flag + * @return a list of reference manifests */ List findByArchiveFlag(boolean archiveFlag); /** - * Query that retrieves a + * Query that retrieves a page of reference manifests using the provided archive flag and pageable value. * - * @param archiveFlag - * @param pageable - * @return + * @param archiveFlag archive flag + * @param pageable pageable + * @return a page of reference manifests */ Page findByArchiveFlag(boolean archiveFlag, Pageable pageable); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java index 3b66c935..6e6da523 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationRepository.java @@ -12,7 +12,7 @@ public interface SupplyChainValidationRepository extends JpaRepository findByValidationType(String validateType); @@ -20,7 +20,7 @@ public interface SupplyChainValidationRepository extends JpaRepository findByValidationResult(String validationResult); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationSummaryRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationSummaryRepository.java index 19741741..bf4964b3 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationSummaryRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/SupplyChainValidationSummaryRepository.java @@ -15,19 +15,26 @@ public interface SupplyChainValidationSummaryRepository extends JpaRepository { /** - * @param device - * @return + * Query that retrieves a supply chain validation summary using the provided device. + * + * @param device device + * @return a supply chain validation summary */ SupplyChainValidationSummary findByDevice(Device device); /** - * @return + * Query that retrieves a list of supply chain validation summaries where the archive flag is false. + * + * @return a list of supply chain validation summary */ List findByArchiveFlagFalse(); /** - * @param pageable - * @return + * Query that retrieves a page of supply chain validation summaries using the provided pageable value + * and where the archive flag is false. + * + * @param pageable pageable + * @return a page of supply chain validation summary */ Page findByArchiveFlagFalse(Pageable pageable); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/TPM2ProvisionerStateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/TPM2ProvisionerStateRepository.java index e5cd76d2..ea6c7e91 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/TPM2ProvisionerStateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/TPM2ProvisionerStateRepository.java @@ -10,7 +10,7 @@ public interface TPM2ProvisionerStateRepository extends JpaRepository l = new ArrayList<>(names.length); + + for (int i = 0; i != names.length; i++) { + if (names[i].getTagNo() == GeneralName.directoryName) { + l.add(X500Name.getInstance(names[i].getName())); + } + } + + return l.toArray(new X500Name[l.size()]); + } + + /** + * Retrieve the Date from an ASN1GeneralizedTime. + * + * @param time (ASN1GeneralizedTime) of the certificate + * @return the Date from a ASN1GeneralizedTime + */ + public static Date recoverDate(final ASN1GeneralizedTime time) { + try { + return time.getDate(); + } catch (ParseException e) { + throw new IllegalStateException("unable to recover date: " + e.getMessage()); + } + } + /** * Getter for the CRL Distribution that is reference by the Revocation Locator * on the portal. @@ -502,6 +663,7 @@ public abstract class Certificate extends ArchivableEntity { /** * Getter for the x509 Platform Certificate version. + * * @return a big integer representing the certificate version. If there * is an error, return the max value to visible show error. */ @@ -519,7 +681,7 @@ public abstract class Certificate extends ArchivableEntity { * Checks if another certificate is the issuer for this certificate. * * @param issuer the other certificate to check (must be an X509Certificate, - * not an X509AttributeCertificateHolder) + * not an X509AttributeCertificateHolder) * @return whether or not the other certificate is the issuer for this certificate * @throws IOException if there is an issue deserializing either certificate */ @@ -536,7 +698,7 @@ public abstract class Certificate extends ArchivableEntity { certX509.verify(issuerX509.getPublicKey()); isIssuer = ""; } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException - | NoSuchProviderException | SignatureException e) { + | NoSuchProviderException | SignatureException e) { log.error(e); } break; @@ -550,8 +712,8 @@ public abstract class Certificate extends ArchivableEntity { isIssuer = ""; } } catch (NoSuchAlgorithmException - | InvalidKeyException - | SignatureException sigEx) { + | InvalidKeyException + | SignatureException sigEx) { log.error(sigEx); } break; @@ -564,7 +726,7 @@ public abstract class Certificate extends ArchivableEntity { } /** - * Return whether or not this certificate is valid on a particular date. + * Return whether this certificate is valid on a particular date. * * @param date the date of interest. * @return true if the attribute certificate is valid, false otherwise. @@ -601,7 +763,7 @@ public abstract class Certificate extends ArchivableEntity { protected CertificateType getCertificateType() throws IOException { //Parse the certificate into a sequence ASN1Sequence testCred1 = (ASN1Sequence) ASN1Primitive.fromByteArray(this.certificateBytes); - ASN1Sequence testSeq = (ASN1Sequence) ((ASN1Object) testCred1.toArray()[0]); + ASN1Sequence testSeq = (ASN1Sequence) testCred1.toArray()[0]; if (testSeq.toArray()[0] instanceof ASN1Integer) { if (testSeq.toArray().length >= MIN_ATTR_CERT_LENGTH) { @@ -611,7 +773,8 @@ public abstract class Certificate extends ArchivableEntity { // V1 X509Certificate return CertificateType.X509_CERTIFICATE; } - } else if (testSeq.toArray()[0] instanceof DERTaggedObject || testSeq.toArray()[0] instanceof DLTaggedObject) { + } else if (testSeq.toArray()[0] instanceof DERTaggedObject + || testSeq.toArray()[0] instanceof DLTaggedObject) { // V2 or V3 X509Certificate return CertificateType.X509_CERTIFICATE; } @@ -619,7 +782,6 @@ public abstract class Certificate extends ArchivableEntity { return CertificateType.INVALID_CERTIFICATE; } - private String parseKeyUsage(final boolean[] bools) { StringBuilder sb = new StringBuilder(); @@ -636,6 +798,8 @@ public abstract class Certificate extends ArchivableEntity { /** * Getter for the authorityKeyIdentifier. + * + * @param aki authority key identifier * @return the ID's byte representation */ private String authKeyIdentifierToString(final AuthorityKeyIdentifier aki) { @@ -655,7 +819,7 @@ public abstract class Certificate extends ArchivableEntity { * * @param oid Object Identifier * @return ASN1Primitive Content related to the requested OID - * @throws java.io.IOException + * @throws IOException io exception */ private ASN1Primitive getExtensionValue(final String oid) throws IOException { byte[] extensionValue = getX509Certificate().getExtensionValue(oid); @@ -684,6 +848,7 @@ public abstract class Certificate extends ArchivableEntity { /** * Getter for the AuthorityInfoAccess extension value on list format. * + * @param authInfoAccess byte representation of the authority info access * @return List Authority info access list */ private String getAuthorityInfoAccess(final byte[] authInfoAccess) { @@ -704,6 +869,7 @@ public abstract class Certificate extends ArchivableEntity { /** * Getter for the AuthorityInfoAccess extension value on list format. * + * @param authInfoAccess authority information access * @return List Authority info access list */ private String getAuthorityInfoAccess(final AuthorityInformationAccess authInfoAccess) { @@ -724,7 +890,6 @@ public abstract class Certificate extends ArchivableEntity { return sb.toString(); } - /** * Retrieve the original X509 attribute certificate. * @@ -773,6 +938,7 @@ public abstract class Certificate extends ArchivableEntity { /** * Getter for the policy statement. + * * @return cloned bit representation of constraints */ public byte[] getPolicyConstraints() { @@ -837,159 +1003,20 @@ public abstract class Certificate extends ArchivableEntity { } /** - * - * Gets the raw bytes for the certificate. - * @param certificatePath path to the certificate file - * @return bytes from the certificate file - * @throws IOException if there is a problem reading the file + * Holds the different certificate types. */ - public static byte[] readBytes(final Path certificatePath) throws IOException { - Preconditions.checkArgument( - certificatePath != null, - "Cannot construct a Certificate from a null path" - ); - - return Files.readAllBytes(certificatePath); - } - - /** - * Retrieve a formatted subject DN string from a certificate. This allows for extended support of DNs found in - * various RFCs. - * - * @param certificate the certificate holding subject DNs - * @return IOException if there is an issue decoding the subject DNs - */ - public static String getSubjectDNString(final X509Certificate certificate) - throws IOException { - X509CertificateHolder certificateHolder = null; - try { - certificateHolder = new X509CertificateHolder(certificate.getEncoded()); - } catch (CertificateEncodingException e) { - throw new IOException("Could not encode certificate", e); - } - - X500Name x500Name = certificateHolder.getSubject(); - return x500Name.toString(); - } - - /** - * Retrieve a formatted issuer DN string from a certificate. This allows for extended support of DNs found in - * various RFCs. - * - * @param certificate the certificate holding issuer DNs - * @return IOException if there is an issue decoding the issuer DNs - */ - public static String getIssuerDNString(final X509Certificate certificate) - throws IOException { - X509CertificateHolder certificateHolder = null; - try { - certificateHolder = new X509CertificateHolder(certificate.getEncoded()); - } catch (CertificateEncodingException e) { - throw new IOException("Could not encode certificate", e); - } - - X500Name x500Name = certificateHolder.getIssuer(); - return x500Name.toString(); - } - - /** - * Retrieve an RSA-based X509 certificate's public key modulus. - * - * @param certificate the certificate holding a public key - * @return a BigInteger representing its public key's modulus or null if none found - * @throws IOException if there is an issue decoding the encoded public key - */ - public static BigInteger getPublicKeyModulus(final X509Certificate certificate) - throws IOException { - X509CertificateHolder certificateHolder = null; - try { - certificateHolder = new X509CertificateHolder(certificate.getEncoded()); - } catch (CertificateEncodingException e) { - throw new IOException("Could not encode certificate", e); - } - try { - return getPublicKeyModulus( - certificateHolder.getSubjectPublicKeyInfo().parsePublicKey().toASN1Primitive() - ); - } catch (IOException e) { - log.info("No RSA Key Detected in certificate"); - return null; - } - } - - /** - * Retrieves the modulus of the given PublicKey. - * - * @param publicKey the public key - * @return a BigInteger representing the public key's modulus - * @throws IOException if there is an issue decoding the public key - */ - public static BigInteger getPublicKeyModulus(final PublicKey publicKey) throws IOException { - ASN1Primitive publicKeyASN1 = ASN1Primitive.fromByteArray(publicKey.getEncoded()); - if (publicKeyASN1 instanceof ASN1Sequence) { - ASN1Sequence publicKeyASN1Sequence = (ASN1Sequence) publicKeyASN1; - ASN1BitString encodedModulusAndExponent = (ASN1BitString) - publicKeyASN1Sequence.getObjectAt(1); - byte[] modulusAndExponentBytes = encodedModulusAndExponent.getOctets(); - return getPublicKeyModulus(ASN1Primitive.fromByteArray(modulusAndExponentBytes)); - } else { - throw new IOException("Could not read public key as ASN1Sequence"); - } - } - - private static BigInteger getPublicKeyModulus(final ASN1Primitive publicKey) - throws IOException { - if (publicKey instanceof ASN1Sequence) { - ASN1Sequence pubKeySeq = (ASN1Sequence) publicKey; - ASN1Encodable modulus = pubKeySeq.getObjectAt(0); - if (modulus instanceof ASN1Integer) { - return ((ASN1Integer) modulus).getValue(); - } else { - throw new IOException("Could not read modulus as an ASN1Integer"); - } - } else { - throw new IOException("Could not parse public key information as an ASN1Sequence"); - } - } - - /** - * Retrieve the X509 Name array from the issuer in an Attribute Certificate. - * - * @param issuer for the Attribute Certificate - * @return a X500Name[] representing the names of the issuer - */ - public static X500Name[] getAttributeCertificateIssuerNames(final AttCertIssuer issuer) { - final ASN1Encodable form = issuer.getIssuer(); - GeneralNames name; - if (form instanceof V2Form) { - name = ((V2Form) form).getIssuerName(); - } else { - name = (GeneralNames) form; - } - - GeneralName[] names = name.getNames(); - List l = new ArrayList<>(names.length); - - for (int i = 0; i != names.length; i++) { - if (names[i].getTagNo() == GeneralName.directoryName) { - l.add(X500Name.getInstance(names[i].getName())); - } - } - - return (X500Name[]) l.toArray(new X500Name[l.size()]); - } - - /** - * Retrieve the Date from an ASN1GeneralizedTime. - * - * @param time (ASN1GeneralizedTime) of the certificate - * @return the Date from a ASN1GeneralizedTime - */ - public static Date recoverDate(final ASN1GeneralizedTime time) { - try { - return time.getDate(); - } catch (ParseException e) { - throw new IllegalStateException("unable to recover date: " + e.getMessage()); - } + public enum CertificateType { + /** + * Basic X509 Certificate. + */ + X509_CERTIFICATE, + /** + * Basic Attribute Certificate. + */ + ATTRIBUTE_CERTIFICATE, + /** + * Invalid Certificate. + */ + INVALID_CERTIFICATE } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java index ff6e7c0f..d3f26d4a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java @@ -65,6 +65,11 @@ public class Device extends AbstractEntity { @Column(name = "summary_id") private String summaryId; + /** + * Constructor creates a Device object using the provided device info report. + * + * @param deviceInfoReport device information report + */ public Device(final DeviceInfoReport deviceInfoReport) { super(); if (deviceInfoReport != null) { @@ -94,6 +99,7 @@ public class Device extends AbstractEntity { /** * Getter for the report time stamp. + * * @return a cloned version */ public Timestamp getLastReportTimestamp() { @@ -106,12 +112,14 @@ public class Device extends AbstractEntity { /** * Setter for the report time stamp. + * * @param lastReportTimestamp */ public void setLastReportTimestamp(final Timestamp lastReportTimestamp) { this.lastReportTimestamp = (Timestamp) lastReportTimestamp.clone(); } + @Override public String toString() { return String.format("Device Name: %s%nStatus: %s%nSummary: %s%n", name, (healthStatus == null ? "N/A" : healthStatus.getStatus()), @@ -119,13 +127,14 @@ public class Device extends AbstractEntity { } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof Device)) { + public boolean equals(final Object o) { + if (this == o) { + return true; + } + if (!(o instanceof Device device)) { return false; } - Device device = (Device) o; return isStateOverridden == device.isStateOverridden && Objects.equals(name, device.name) && healthStatus == device.healthStatus @@ -141,4 +150,4 @@ public class Device extends AbstractEntity { supplyChainValidationStatus, lastReportTimestamp, isStateOverridden, overrideReason, summaryId); } -} \ No newline at end of file +} diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java index c316f313..4c8a4f2d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java @@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.userdefined; import com.google.common.base.Preconditions; import hirs.attestationca.persist.entity.ArchivableEntity; -import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.enums.AppraisalStatus; import jakarta.persistence.Column; import jakarta.persistence.Entity; @@ -21,48 +20,19 @@ import java.util.List; */ @Entity public class SupplyChainValidation extends ArchivableEntity { - /** - * Used to indicate which type of validation a result is related to. - */ - public enum ValidationType { - /** - * Validation of an endorsement credential. - */ - ENDORSEMENT_CREDENTIAL, - - /** - * Validation of a platform credential and also delta platform credentials from spec 1.1. - */ - PLATFORM_CREDENTIAL, - - /** - * Validation of a platform credential's attributes. - */ - PLATFORM_CREDENTIAL_ATTRIBUTES, - - /** - * Validation of the device firmware. - */ - FIRMWARE - } - @Getter @Column private final ValidationType validationType; - @Getter @Column private final AppraisalStatus.Status validationResult; - @ManyToMany(fetch = FetchType.EAGER) @JoinTable(name = "CertificatesUsedToValidate", - joinColumns = { @JoinColumn(name = "validation_id", nullable = false) }) + joinColumns = {@JoinColumn(name = "validation_id", nullable = false)}) private final List certificatesUsed; - @Getter @Column(length = RESULT_MESSAGE_LENGTH) private final String message; - @Getter @Column private String rimId; @@ -81,10 +51,10 @@ public class SupplyChainValidation extends ArchivableEntity { /** * Construct a new SupplyChainValidation instance. * - * @param validationType the type of validation this instance will represent; not null + * @param validationType the type of validation this instance will represent; not null * @param validationResult whether the validation was successful or not * @param certificatesUsed certificates used, if any, in the validation process; not null - * @param message a related information or error message; may be null + * @param message a related information or error message; may be null */ public SupplyChainValidation(final ValidationType validationType, final AppraisalStatus.Status validationResult, @@ -122,4 +92,29 @@ public class SupplyChainValidation extends ArchivableEntity { public List getCertificatesUsed() { return Collections.unmodifiableList(certificatesUsed); } + + /** + * Used to indicate which type of validation a result is related to. + */ + public enum ValidationType { + /** + * Validation of an endorsement credential. + */ + ENDORSEMENT_CREDENTIAL, + + /** + * Validation of a platform credential and also delta platform credentials from spec 1.1. + */ + PLATFORM_CREDENTIAL, + + /** + * Validation of a platform credential's attributes. + */ + PLATFORM_CREDENTIAL_ATTRIBUTES, + + /** + * Validation of the device firmware. + */ + FIRMWARE + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java index 8793fe37..b0f5a43c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java @@ -32,7 +32,6 @@ import java.util.Set; import java.util.UUID; - /** * A container class to group multiple related {@link SupplyChainValidation} instances * together. @@ -40,12 +39,10 @@ import java.util.UUID; @Entity public class SupplyChainValidationSummary extends ArchivableEntity { + private static final String DEVICE_ID_FIELD = "device.id"; @ManyToOne @JoinColumn(name = "device_id") private final Device device; - - private static final String DEVICE_ID_FIELD = "device.id"; - @Getter @Column @Enumerated(EnumType.STRING) @@ -72,120 +69,11 @@ public class SupplyChainValidationSummary extends ArchivableEntity { this.message = Strings.EMPTY; } - /** - * This class enables the retrieval of SupplyChainValidationSummaries by their attributes. - */ - public static class Selector { - private final CrudRepository - supplyChainValidationSummaryCrudManager; - - private final Map fieldValueSelections; - - /** - * Construct a new Selector that will use the given {@link CrudRepository} to - * retrieve SupplyChainValidationSummaries. - * - * @param supplyChainValidationSummaryCrudManager the summary manager to be used to retrieve - * supply chain validation summaries - */ - public Selector( - final CrudRepository - supplyChainValidationSummaryCrudManager) { - Preconditions.checkArgument( - supplyChainValidationSummaryCrudManager != null, - "supply chain validation summary manager cannot be null" - ); - - this.supplyChainValidationSummaryCrudManager = supplyChainValidationSummaryCrudManager; - this.fieldValueSelections = new HashMap<>(); - } - - /** - * Construct the criterion that can be used to query for supply chain validation summaries - * matching the configuration of this Selector. - * - * @return a Criterion that can be used to query for supply chain validation summaries - * matching the configuration of this instance - */ - public Predicate[] getCriterion(final CriteriaBuilder criteriaBuilder) { - Predicate[] predicates = new Predicate[fieldValueSelections.size()]; - CriteriaQuery query = criteriaBuilder.createQuery(SupplyChainValidationSummary.class); - Root root = query.from(SupplyChainValidationSummary.class); - - int i = 0; - for (Map.Entry fieldValueEntry : fieldValueSelections.entrySet()) { - predicates[i++] = criteriaBuilder.equal(root.get(fieldValueEntry.getKey()), fieldValueEntry.getValue()); - } - - return predicates; - } - - /** - * Set a field name and value to match. - * - * @param name the field name to query - * @param value the value to query - */ - protected void setFieldValue(final String name, final Object value) { - Object valueToAssign = value; - - Preconditions.checkArgument( - value != null, - "field value cannot be null." - ); - - if (value instanceof String) { - Preconditions.checkArgument( - StringUtils.isNotEmpty((String) value), - "field value cannot be empty." - ); - } - - if (value instanceof byte[]) { - byte[] valueBytes = (byte[]) value; - - Preconditions.checkArgument( - ArrayUtils.isNotEmpty(valueBytes), - "field value cannot be empty." - ); - - valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length); - } - - fieldValueSelections.put(name, valueToAssign); - } - - - /** - * Specify a device id that supply chain validation summaries must have to be considered - * as matching. - * - * @param device the device id to query - * @return this instance (for chaining further calls) - */ - public Selector byDeviceId(final UUID device) { - setFieldValue(DEVICE_ID_FIELD, device); - return this; - } - } - - /** - * Get a Selector for use in retrieving SupplyChainValidationSummary. - * - * @param certMan the CrudManager to be used to retrieve persisted supply chain validation - * summaries - * @return a SupplyChainValidationSummary.Selector instance to use for retrieving certificates - */ - public static SupplyChainValidationSummary.Selector select( - final CrudRepository certMan) { - return new SupplyChainValidationSummary.Selector(certMan); - } - /** * Construct a new SupplyChainValidationSummary. * - * @param device device that underwent supply chain validation - * @param validations a Collection of Validations that should comprise this summary; not null + * @param device device that underwent supply chain validation + * @param validations a Collection of Validations that should comprise this summary; not null * @param provisionSessionId randomly generated UUID to associate with results */ public SupplyChainValidationSummary(final Device device, @@ -198,7 +86,7 @@ public class SupplyChainValidationSummary extends ArchivableEntity { /** * Construct a new SupplyChainValidationSummary. * - * @param device device that underwent supply chain validation + * @param device device that underwent supply chain validation * @param validations a Collection of Validations that should comprise this summary; not null */ public SupplyChainValidationSummary(final Device device, @@ -221,6 +109,18 @@ public class SupplyChainValidationSummary extends ArchivableEntity { this.message = status.getMessage(); } + /** + * Get a Selector for use in retrieving SupplyChainValidationSummary. + * + * @param certMan the CrudManager to be used to retrieve persisted supply chain validation + * summaries + * @return a SupplyChainValidationSummary.Selector instance to use for retrieving certificates + */ + public static SupplyChainValidationSummary.Selector select( + final CrudRepository certMan) { + return new SupplyChainValidationSummary.Selector(certMan); + } + /** * This retrieves the device associated with the supply chain validation summaries. * @@ -270,4 +170,102 @@ public class SupplyChainValidationSummary extends ArchivableEntity { return new AppraisalStatus(AppraisalStatus.Status.PASS, Strings.EMPTY); } + + /** + * This class enables the retrieval of SupplyChainValidationSummaries by their attributes. + */ + public static class Selector { + private final CrudRepository + supplyChainValidationSummaryCrudManager; + + private final Map fieldValueSelections; + + /** + * Construct a new Selector that will use the given {@link CrudRepository} to + * retrieve SupplyChainValidationSummaries. + * + * @param supplyChainValidationSummaryCrudManager the summary manager to be used to retrieve + * supply chain validation summaries + */ + public Selector( + final CrudRepository + supplyChainValidationSummaryCrudManager) { + Preconditions.checkArgument( + supplyChainValidationSummaryCrudManager != null, + "supply chain validation summary manager cannot be null" + ); + + this.supplyChainValidationSummaryCrudManager = supplyChainValidationSummaryCrudManager; + this.fieldValueSelections = new HashMap<>(); + } + + /** + * Construct the criterion that can be used to query for supply chain validation summaries + * matching the configuration of this Selector. + * + * @return a Criterion that can be used to query for supply chain validation summaries + * matching the configuration of this instance + */ + public Predicate[] getCriterion(final CriteriaBuilder criteriaBuilder) { + Predicate[] predicates = new Predicate[fieldValueSelections.size()]; + CriteriaQuery query = + criteriaBuilder.createQuery(SupplyChainValidationSummary.class); + Root root = query.from(SupplyChainValidationSummary.class); + + int i = 0; + for (Map.Entry fieldValueEntry : fieldValueSelections.entrySet()) { + predicates[i++] = + criteriaBuilder.equal(root.get(fieldValueEntry.getKey()), fieldValueEntry.getValue()); + } + + return predicates; + } + + /** + * Set a field name and value to match. + * + * @param name the field name to query + * @param value the value to query + */ + protected void setFieldValue(final String name, final Object value) { + Object valueToAssign = value; + + Preconditions.checkArgument( + value != null, + "field value cannot be null." + ); + + if (value instanceof String) { + Preconditions.checkArgument( + StringUtils.isNotEmpty((String) value), + "field value cannot be empty." + ); + } + + if (value instanceof byte[] valueBytes) { + + Preconditions.checkArgument( + ArrayUtils.isNotEmpty(valueBytes), + "field value cannot be empty." + ); + + valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length); + } + + fieldValueSelections.put(name, valueToAssign); + } + + + /** + * Specify a device id that supply chain validation summaries must have to be considered + * as matching. + * + * @param device the device id to query + * @return this instance (for chaining further calls) + */ + public Selector byDeviceId(final UUID device) { + setFieldValue(DEVICE_ID_FIELD, device); + return this; + } + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java index 621ef771..9db24544 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java @@ -2,46 +2,209 @@ package hirs.attestationca.persist.entity.userdefined.certificate; public class CertificateVariables { + /** + * + */ public static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----"; + + /** + * + */ public static final String PEM_FOOTER = "-----END CERTIFICATE-----"; + + /** + * + */ public static final String PEM_ATTRIBUTE_HEADER = "-----BEGIN ATTRIBUTE CERTIFICATE-----"; + + /** + * + */ public static final String PEM_ATTRIBUTE_FOOTER = "-----END ATTRIBUTE CERTIFICATE-----"; + + /** + * + */ public static final String MALFORMED_CERT_MESSAGE = "Malformed certificate detected."; + + /** + * + */ public static final int MAX_CERT_LENGTH_BYTES = 2048; - public static final int MAX_NUMERIC_PRECISION = 49; // Can store up to 160 bit values + + /** + * + */ + public static final int MAX_NUMERIC_PRECISION = 49; + /** + * Can store up to 160 bit values + */ public static final int MAX_PUB_KEY_MODULUS_HEX_LENGTH = 1024; + + /** + * + */ public static final int KEY_USAGE_BIT0 = 0; + + /** + * + */ public static final int KEY_USAGE_BIT1 = 1; + + /** + * + */ public static final int KEY_USAGE_BIT2 = 2; + + /** + * + */ public static final int KEY_USAGE_BIT3 = 3; + + /** + * + */ public static final int KEY_USAGE_BIT4 = 4; + + /** + * + */ public static final int KEY_USAGE_BIT5 = 5; + + /** + * + */ public static final int KEY_USAGE_BIT6 = 6; + + /** + * + */ public static final int KEY_USAGE_BIT7 = 7; + + /** + * + */ public static final int KEY_USAGE_BIT8 = 8; + + /** + * + */ public static final String KEY_USAGE_DS = "DIGITAL SIGNATURE"; + + /** + * + */ public static final String KEY_USAGE_NR = "NON-REPUDIATION"; + + /** + * + */ public static final String KEY_USAGE_KE = "KEY ENCIPHERMENT"; + + /** + * + */ public static final String KEY_USAGE_DE = "DATA ENCIPHERMENT"; + + /** + * + */ public static final String KEY_USAGE_KA = "KEY AGREEMENT"; + + /** + * + */ public static final String KEY_USAGE_KC = "KEY CERT SIGN"; + + /** + * + */ public static final String KEY_USAGE_CS = "CRL SIGN"; + + /** + * + */ public static final String KEY_USAGE_EO = "ENCIPHER ONLY"; + + /** + * + */ public static final String KEY_USAGE_DO = "DECIPHER ONLY"; + + /** + * + */ public static final String ECDSA_OID = "1.2.840.10045.4.3.2"; + + /** + * + */ public static final String ECDSA_SHA224_OID = "1.2.840.10045.4.1"; + + /** + * + */ public static final String RSA256_OID = "1.2.840.113549.1.1.11"; + + /** + * + */ public static final String RSA384_OID = "1.2.840.113549.1.1.12"; + + /** + * + */ public static final String RSA512_OID = "1.2.840.113549.1.1.13"; + + /** + * + */ public static final String RSA224_OID = "1.2.840.113549.1.1.14"; + + /** + * + */ public static final String RSA512_224_OID = "1.2.840.113549.1.1.15"; + + /** + * + */ public static final String RSA512_256_OID = "1.2.840.113549.1.1.16"; + + /** + * + */ public static final String RSA256_STRING = "SHA256WithRSA"; + + /** + * + */ public static final String RSA384_STRING = "SHA384WithRSA"; + + /** + * + */ public static final String RSA224_STRING = "SHA224WithRSA"; + + /** + * + */ public static final String RSA512_STRING = "SHA512WithRSA"; + + /** + * + */ public static final String RSA512_224_STRING = "SHA512-224WithRSA"; + + /** + * + */ public static final String RSA512_256_STRING = "SHA512-256WithRSA"; + + /** + * + */ public static final String ECDSA_STRING = "SHA256WithECDSA"; + public static final String ECDSA_SHA224_STRING = "SHA224WithECDSA"; } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IDevIDCertificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IDevIDCertificate.java index a282c6b8..43c77842 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IDevIDCertificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/IDevIDCertificate.java @@ -6,8 +6,12 @@ import jakarta.persistence.Entity; import jakarta.persistence.Transient; import lombok.Getter; import lombok.extern.log4j.Log4j2; -import org.apache.commons.codec.binary.Hex; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.x509.CertificatePolicies; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.PolicyInformation; @@ -15,21 +19,13 @@ import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.nio.ByteBuffer; -import java.nio.CharBuffer; -import java.nio.charset.Charset; -import java.nio.charset.CharsetDecoder; -import java.nio.charset.StandardCharsets; import java.nio.file.Path; import java.time.Instant; -import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; -import java.util.List; import java.util.Map; import java.util.Objects; -import java.util.Set; @Entity @Log4j2 @@ -154,6 +150,7 @@ public class IDevIDCertificate extends Certificate { /** * Parses fields related to IDevID certificates. + * * @throws IOException if a problem is encountered during parsing */ private void parseIDevIDCertificate() throws IOException { @@ -207,12 +204,12 @@ public class IDevIDCertificate extends Certificate { } catch (IllegalArgumentException e) { // Some certs have been found to contain tagged objects for hwSerialNum. // Handle this as a special case. - log.warn("Could not parse octet string for hwSerialNum. Attempting to parse tag."); + log.warn( + "Could not parse octet string for hwSerialNum. Attempting to parse tag."); try { tagObj1 = ASN1TaggedObject.getInstance(seq1.getObjectAt(1)); obj2 = ASN1OctetString.getInstance(tagObj1, false); - } - catch (Exception i) { // Invalid object found + } catch (Exception i) { // Invalid object found log.warn("Invalid object found for hwSerialNum."); break; } @@ -223,7 +220,7 @@ public class IDevIDCertificate extends Certificate { // the hwSerialNum field will be parsed accordingly. hwType = obj1.toString(); if (hasTCGOIDs()) { - tcgOid = true; + tcgOid = true; } // Convert octet string to byte array @@ -237,7 +234,8 @@ public class IDevIDCertificate extends Certificate { // Check for certificate policy qualifiers, which should be present for IDevIDs if in compliance with the // TCG specification. // For interoperability reasons, this will only log a warning if a TCG OID is specified above. - byte[] policyBytes = getX509Certificate().getExtensionValue(Extension.certificatePolicies.getId()); + byte[] policyBytes = + getX509Certificate().getExtensionValue(Extension.certificatePolicies.getId()); Map policyQualifiers = null; if (policyBytes != null) { @@ -264,8 +262,9 @@ public class IDevIDCertificate extends Certificate { failCondition = true; } if (failCondition) { - log.warn("TPM policy qualifiers not found, or do not meet logical criteria. Certificate may not " + - "be in compliance with TCG specification."); + log.warn( + "TPM policy qualifiers not found, or do not meet logical criteria. Certificate may not " + + "be in compliance with TCG specification."); } } @@ -288,8 +287,7 @@ public class IDevIDCertificate extends Certificate { public boolean hasTCGOIDs() { if (this.getHwType() != null) { return this.getHwType().equals(HWTYPE_TCG_TPM2_OID); - } - else { + } else { return false; } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index 2b95045a..f3446c26 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -1,6 +1,5 @@ package hirs.attestationca.persist.provision; -import com.fasterxml.jackson.databind.ser.Serializers; import com.google.protobuf.ByteString; import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2; import hirs.attestationca.persist.entity.manager.CertificateRepository; @@ -69,24 +68,23 @@ import java.util.regex.Pattern; @Log4j2 public class IdentityClaimProcessor extends AbstractProcessor { - private static final String PCR_QUOTE_MASK = "0,1,2,3,4,5,6,7,8,9,10,11,12,13," - + "14,15,16,17,18,19,20,21,22,23"; - - private static final int NUM_OF_VARIABLES = 5; /** * Number of bytes to include in the TPM2.0 nonce. */ public static final int NONCE_LENGTH = 20; + private static final String PCR_QUOTE_MASK = "0,1,2,3,4,5,6,7,8,9,10,11,12,13," + + "14,15,16,17,18,19,20,21,22,23"; + private static final int NUM_OF_VARIABLES = 5; private static final int MAC_BYTES = 6; - private SupplyChainValidationService supplyChainValidationService; - private CertificateRepository certificateRepository; - private ComponentResultRepository componentResultRepository; - private ComponentInfoRepository componentInfoRepository; - private ReferenceManifestRepository referenceManifestRepository; - private ReferenceDigestValueRepository referenceDigestValueRepository; - private DeviceRepository deviceRepository; - private TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository; + private final SupplyChainValidationService supplyChainValidationService; + private final CertificateRepository certificateRepository; + private final ComponentResultRepository componentResultRepository; + private final ComponentInfoRepository componentInfoRepository; + private final ReferenceManifestRepository referenceManifestRepository; + private final ReferenceDigestValueRepository referenceDigestValueRepository; + private final DeviceRepository deviceRepository; + private final TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository; /** * Constructor. @@ -116,8 +114,8 @@ public class IdentityClaimProcessor extends AbstractProcessor { * Basic implementation of the ACA processIdentityClaimTpm2 method. Parses the claim, * stores the device info, performs supply chain validation, generates a nonce, * and wraps that nonce with the make credential process before returning it to the client. - * attCert.setPcrValues(pcrValues); - + * attCert.setPcrValues(pcrValues); + * * @param identityClaim the request to process, cannot be null * @return an identity claim response for the specified request containing a wrapped blob */ @@ -147,7 +145,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { } } - ByteString blobStr = ByteString.copyFrom(new byte[]{}); + ByteString blobStr = ByteString.copyFrom(new byte[] {}); if (validationResult == AppraisalStatus.Status.PASS) { RSAPublicKey akPub = ProvisionUtils.parsePublicKey(claim.getAkPublicArea().toByteArray()); byte[] nonce = ProvisionUtils.generateRandomBytes(NONCE_LENGTH); @@ -195,7 +193,8 @@ public class IdentityClaimProcessor extends AbstractProcessor { private AppraisalStatus.Status doSupplyChainValidation( final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) { // attempt to find an endorsement credential to validate - EndorsementCredential endorsementCredential = parseEcFromIdentityClaim(claim, ekPub, certificateRepository); + EndorsementCredential endorsementCredential = + parseEcFromIdentityClaim(claim, ekPub, certificateRepository); // attempt to find platform credentials to validate List platformCredentials = parsePcsFromIdentityClaim(claim, @@ -283,10 +282,10 @@ public class IdentityClaimProcessor extends AbstractProcessor { /** * Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object. + * * @param claim the protobuf serialized identity claim containing the device info * @return a HIRS Utils DeviceInfoReport representation of device info */ - @SuppressWarnings("methodlength") private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) throws NoSuchAlgorithmException { ProvisionerTpm2.DeviceInfo dv = claim.getDv(); @@ -357,7 +356,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { String fileName = ""; Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"); Matcher matcher; - MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); + MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); if (dv.getSwidfileCount() > 0) { for (ByteString swidFile : dv.getSwidfileList()) { @@ -425,9 +424,10 @@ public class IdentityClaimProcessor extends AbstractProcessor { if (dv.getLogfileCount() > 0) { for (ByteString logFile : dv.getLogfileList()) { try { - support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType( + support = + (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType( Hex.encodeHexString(messageDigest.digest(logFile.toByteArray())), - ReferenceManifest.SUPPORT_RIM); + ReferenceManifest.SUPPORT_RIM); if (support == null) { /* Either the logFile does not have a corresponding support RIM in the backend @@ -512,8 +512,10 @@ public class IdentityClaimProcessor extends AbstractProcessor { } // now update support rim - SupportReferenceManifest dbSupport = (SupportReferenceManifest) referenceManifestRepository - .findByHexDecHashAndRimType(swid.getHashValue(), ReferenceManifest.SUPPORT_RIM); + SupportReferenceManifest dbSupport = + (SupportReferenceManifest) referenceManifestRepository + .findByHexDecHashAndRimType(swid.getHashValue(), + ReferenceManifest.SUPPORT_RIM); if (dbSupport != null) { dbSupport.setFileName(swid.getName()); dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); @@ -584,7 +586,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { dv.getNw().getHostname())); } - // Get TPM info, currently unimplemented + // Get TPM info, currently unimplemented TPMInfo tpmInfo = new TPMInfo(DeviceInfoEnums.NOT_SPECIFIED, (short) 0, (short) 0, @@ -628,7 +630,8 @@ public class IdentityClaimProcessor extends AbstractProcessor { } if (baseSupportRim != null - && referenceDigestValueRepository.findBySupportRimHash(baseSupportRim.getHexDecHash()).isEmpty()) { + && referenceDigestValueRepository.findBySupportRimHash(baseSupportRim.getHexDecHash()) + .isEmpty()) { try { TCGEventLog logProcessor = new TCGEventLog(baseSupportRim.getRimBytes()); ReferenceDigestValue rdv; @@ -688,7 +691,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { log.error(String.format("Patching value does not exist (%s)", patchedValue)); } else { - // WIP - Until we get patch examples + // WIP - Until we get patch examples dbRdv.setPatched(true); } } @@ -721,7 +724,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { } private int handleDeviceComponents(final String hostName, final String paccorString) { - int deviceComponents = 0 ; + int deviceComponents = 0; Map componentInfoMap = new HashMap<>(); try { List componentInfos = SupplyChainCredentialValidator diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java index ff5b1611..1b763368 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java @@ -11,7 +11,11 @@ import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; import hirs.attestationca.persist.entity.manager.SupplyChainValidationRepository; import hirs.attestationca.persist.entity.manager.SupplyChainValidationSummaryRepository; -import hirs.attestationca.persist.entity.userdefined.*; +import hirs.attestationca.persist.entity.userdefined.Device; +import hirs.attestationca.persist.entity.userdefined.PolicySettings; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; +import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; @@ -27,12 +31,10 @@ import lombok.extern.log4j.Log4j2; import org.apache.logging.log4j.Level; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import org.yaml.snakeyaml.events.Event; import java.security.KeyStore; import java.util.ArrayList; import java.util.HashMap; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -46,28 +48,28 @@ import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS; @Service public class SupplyChainValidationService { - private CACredentialRepository caCredentialRepository; - private PolicyRepository policyRepository; - private ReferenceManifestRepository referenceManifestRepository; - private ReferenceDigestValueRepository referenceDigestValueRepository; - private ComponentResultRepository componentResultRepository; - private ComponentAttributeRepository componentAttributeRepository; - private CertificateRepository certificateRepository; - private SupplyChainValidationRepository supplyChainValidationRepository; - private SupplyChainValidationSummaryRepository supplyChainValidationSummaryRepository; + private final CACredentialRepository caCredentialRepository; + private final PolicyRepository policyRepository; + private final ReferenceManifestRepository referenceManifestRepository; + private final ReferenceDigestValueRepository referenceDigestValueRepository; + private final ComponentResultRepository componentResultRepository; + private final ComponentAttributeRepository componentAttributeRepository; + private final CertificateRepository certificateRepository; + private final SupplyChainValidationRepository supplyChainValidationRepository; + private final SupplyChainValidationSummaryRepository supplyChainValidationSummaryRepository; private UUID provisionSessionId; /** * Constructor. * - * @param caCredentialRepository ca credential repository - * @param policyRepository the policy manager - * @param certificateRepository the cert manager - * @param componentResultRepository the comp result manager - * @param referenceManifestRepository the RIM manager - * @param supplyChainValidationRepository the scv manager + * @param caCredentialRepository ca credential repository + * @param policyRepository the policy manager + * @param certificateRepository the cert manager + * @param componentResultRepository the comp result manager + * @param referenceManifestRepository the RIM manager + * @param supplyChainValidationRepository the scv manager * @param supplyChainValidationSummaryRepository the summary manager - * @param referenceDigestValueRepository the even manager + * @param referenceDigestValueRepository the even manager */ @Autowired @SuppressWarnings("ParameterNumberCheck") @@ -97,13 +99,12 @@ public class SupplyChainValidationService { * an identity request and validates the supply chain in accordance to the * current supply chain policy. * - * @param ec The endorsement credential from the identity request. - * @param pcs The platform credentials from the identity request. - * @param device The device to be validated. + * @param ec The endorsement credential from the identity request. + * @param pcs The platform credentials from the identity request. + * @param device The device to be validated. * @param componentInfos list of components from the device * @return A summary of the validation results. */ - @SuppressWarnings("methodlength") public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec, final List pcs, final Device device, @@ -250,8 +251,8 @@ public class SupplyChainValidationService { updateComponentStatus(componentResultRepository .findByCertificateSerialNumberAndBoardSerialNumber( - baseCredential.getSerialNumber().toString(), - baseCredential.getPlatformSerial())); + baseCredential.getSerialNumber().toString(), + baseCredential.getPlatformSerial())); } if (!attrErrorMessage.isEmpty()) { //combine platform and platform attributes @@ -323,9 +324,10 @@ public class SupplyChainValidationService { deviceName)); } else { ReferenceManifest manifest = referenceManifestRepository - .findByHexDecHashAndRimType(sRim.getEventLogHash(), ReferenceManifest.MEASUREMENT_RIM); + .findByHexDecHashAndRimType(sRim.getEventLogHash(), + ReferenceManifest.MEASUREMENT_RIM); if (manifest instanceof EventLogMeasurements) { - eventLog = (EventLogMeasurements)manifest; + eventLog = (EventLogMeasurements) manifest; } } if (eventLog == null) { @@ -357,7 +359,8 @@ public class SupplyChainValidationService { BaseReferenceManifest bRim = null; if (sRim != null && sRim.getAssociatedRim() != null) { - Optional oRim = referenceManifestRepository.findById(sRim.getAssociatedRim()); + Optional oRim = + referenceManifestRepository.findById(sRim.getAssociatedRim()); if (oRim.isPresent()) { ReferenceManifest rim = oRim.get(); if (rim instanceof BaseReferenceManifest) { @@ -375,7 +378,8 @@ public class SupplyChainValidationService { Optional previousOpt //= this.supplyChainValidationSummaryRepository.findByDevice(deviceName); //= this.supplyChainValidationSummaryRepository.findByDevice(device); - = this.supplyChainValidationSummaryRepository.findById(UUID.fromString(device.getSummaryId())); + = this.supplyChainValidationSummaryRepository.findById( + UUID.fromString(device.getSummaryId())); if (previousOpt.isPresent()) { SupplyChainValidationSummary previous = previousOpt.get(); for (SupplyChainValidation scv : previous.getValidations()) { @@ -421,6 +425,7 @@ public class SupplyChainValidationService { * If the platform attributes policy is enabled, this method updates the matched * status for the component result. This is done so that the details page for the * platform certificate highlights the title card red. + * * @param componentResults list of associated component results */ private void updateComponentStatus(final List componentResults) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index a427835c..060855ea 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -49,10 +49,11 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid private static final String LC_UNKNOWN = "unknown"; /** + * Validates platform credential attributes v1 p2. * - * @param platformCredential - * @param deviceInfoReport - * @return + * @param platformCredential platform credential + * @param deviceInfoReport device information report + * @return an appraisal status */ public static AppraisalStatus validatePlatformCredentialAttributesV1p2( final PlatformCredential platformCredential, @@ -159,7 +160,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid * @param componentAttributeRepository db access to component attribute match status * @param componentInfos list of device components * @param provisionSessionId UUID associated with the SCV Summary - * @param ignoreRevisionAttribute policy flag to ignore the revision attribute + * @param ignoreRevisionAttribute policy flag to ignore the revision attribute * @return either PASS or FAIL */ public static AppraisalStatus validatePlatformCredentialAttributesV2p0( @@ -275,10 +276,10 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid numOfAttributes = attributeResults.size(); boolean saveAttributeResult; for (ComponentAttributeResult componentAttributeResult : attributeResults) { - saveAttributeResult = true; + saveAttributeResult = true; if (ignoreRevisionAttribute) { - saveAttributeResult = !componentAttributeResult.getAttribute() - .equalsIgnoreCase(ComponentResult.ATTRIBUTE_REVISION); + saveAttributeResult = !componentAttributeResult.getAttribute() + .equalsIgnoreCase(ComponentResult.ATTRIBUTE_REVISION); } if (saveAttributeResult) { componentAttributeResult.setProvisionSessionId(provisionSessionId); @@ -318,7 +319,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid * base cert for this specific chain * @return Appraisal Status of delta being validated. */ - @SuppressWarnings("methodlength") + static AppraisalStatus validateDeltaAttributesChainV2p0( final DeviceInfoReport deviceInfoReport, final Map deltaMapping, @@ -366,7 +367,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid if (!componentAttributeResults.isEmpty()) { resultMessage.append(String.format("There are %d errors with Delta " - + "Components associated with: %s%n", + + "Components associated with: %s%n", componentAttributeResults.size(), deltaCertificates.get(0).getPlatformSerial())); fieldValidation = false; @@ -856,7 +857,8 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid /** * This method uses a specific hash to match device components with certificate components. - * @param componentInfos list of device component infos + * + * @param componentInfos list of device component infos * @param compiledComponentList list of the remaining unmatched component results * @return remaining component results not matched */ @@ -892,7 +894,8 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid /** * This method is used to find matches based on the component class value. - * @param componentInfos list of device component infos + * + * @param componentInfos list of device component infos * @param remainingComponentResults list of the remaining unmatched component results * @return a generated list of component attributes results */ @@ -1019,7 +1022,6 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid } /** - * * @param deltaCertificates * @param componentResultRepository * @param componentAttributeRepository diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java index eb450250..9d922042 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java @@ -12,8 +12,8 @@ import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.service.ValidationService; -import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.SwidResource; +import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import lombok.extern.log4j.Log4j2; @@ -24,7 +24,12 @@ import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.*; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL; import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS; @@ -35,7 +40,6 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { private static PcrValidator pcrValidator; /** - * * @param device * @param policySettings * @param referenceManifestRepository @@ -43,7 +47,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { * @param caCredentialRepository * @return */ - @SuppressWarnings("methodlength") + public static AppraisalStatus validateFirmware( final Device device, final PolicySettings policySettings, final ReferenceManifestRepository referenceManifestRepository, @@ -66,7 +70,8 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { // In this case, try to look up the event log associated with the device, then get the base rim associated by event log hash List deviceRims = referenceManifestRepository.findByDeviceName(hostName); for (ReferenceManifest deviceRim : deviceRims) { - if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() && !deviceRim.isSwidPatch()) { + if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() && + !deviceRim.isSwidPatch()) { baseReferenceManifest = (BaseReferenceManifest) deviceRim; } @@ -77,7 +82,9 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { // Attempt to get an event log from the database matching the expected hash if (baseReferenceManifest == null && measurement != null) { - baseReferenceManifest = (BaseReferenceManifest)referenceManifestRepository.findByEventLogHashAndRimType(measurement.getHexDecHash(), ReferenceManifest.BASE_RIM); + baseReferenceManifest = + (BaseReferenceManifest) referenceManifestRepository.findByEventLogHashAndRimType( + measurement.getHexDecHash(), ReferenceManifest.BASE_RIM); } String failedString = ""; @@ -101,7 +108,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { if (passed) { List resources = - ((BaseReferenceManifest) baseReferenceManifest).getFileResources(); + baseReferenceManifest.getFileResources(); fwStatus = new AppraisalStatus(PASS, SupplyChainCredentialValidator.FIRMWARE_VALID); @@ -131,20 +138,22 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { try { certs.add(cac.getX509Certificate()); } catch (IOException e) { - log.error("Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": " - + e.getMessage()); + log.error( + "Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": " + + e.getMessage()); } } referenceManifestValidator.setTrustStore(certs); try { - if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(), - signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) { + if (referenceManifestValidator.validateXmlSignature( + signingCert.getX509Certificate().getPublicKey(), + signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) { try { if (!SupplyChainCredentialValidator.verifyCertificate( - signingCert.getX509Certificate(), keyStore)) { + signingCert.getX509Certificate(), keyStore)) { passed = false; fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: invalid certificate path."); + "Firmware validation failed: invalid certificate path."); } } catch (IOException ioEx) { log.error("Error getting X509 cert from manager: " + ioEx.getMessage()); @@ -268,7 +277,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { } if (fwStatus.getAppStatus().equals(FAIL)) { fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s", - fwStatus.getMessage(), sb.toString())); + fwStatus.getMessage(), sb)); } else { fwStatus = new AppraisalStatus(FAIL, sb.toString(), ReferenceManifest.MEASUREMENT_RIM); diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml index b6346de4..5d872646 100644 --- a/config/checkstyle/checkstyle.xml +++ b/config/checkstyle/checkstyle.xml @@ -133,7 +133,9 @@ - + + +