mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-22 22:32:27 +00:00
issue_847: Added javadoc comments + params to the rest of the repo classes, cleaned up imports, and made more styling changes.
This commit is contained in:
parent
59f50212f1
commit
63521a4075
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist
entity
manager
CertificateRepository.javaEndorsementCredentialRepository.javaIDevIDCertificateRepository.javaIssuedCertificateRepository.javaPlatformCertificateRepository.javaReferenceDigestValueRepository.javaReferenceManifestRepository.javaSupplyChainValidationRepository.javaSupplyChainValidationSummaryRepository.javaTPM2ProvisionerStateRepository.java
userdefined
provision
service
validation
config/checkstyle
@ -38,100 +38,107 @@ public interface CertificateRepository extends JpaRepository<Certificate, UUID>
|
||||
/**
|
||||
* Query that retrieves a sorted list of certificates using the provided subject and dtype.
|
||||
*
|
||||
* @param subjectSorted
|
||||
* @param dType
|
||||
* @param subjectSorted subject
|
||||
* @param dType dtype
|
||||
* @return a list of sorted certificates
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where subjectSorted = ?1 AND DTYPE = ?2", nativeQuery = true)
|
||||
List<Certificate> findBySubjectSorted(String subjectSorted, String dType);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of certificates using the provided dtype.
|
||||
*
|
||||
* @param dType
|
||||
* @return
|
||||
* @param dType dtype
|
||||
* @return a list of certificates
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true)
|
||||
List<Certificate> findByType(String dType);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of certificates using the provided serial number and dtype.
|
||||
*
|
||||
* @param serialNumber
|
||||
* @param dType
|
||||
* @return
|
||||
* @param serialNumber serial number
|
||||
* @param dType dtype
|
||||
* @return a certificate
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true)
|
||||
Certificate findBySerialNumber(BigInteger serialNumber, String dType);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of platform credentials using the provided board serial number
|
||||
* and a dtype of "Platform Credential".
|
||||
*
|
||||
* @param boardSerialNumber
|
||||
* @return
|
||||
* @param boardSerialNumber board serial number
|
||||
* @return a list of platform credentials
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'",
|
||||
nativeQuery = true)
|
||||
List<PlatformCredential> byBoardSerialNumber(String boardSerialNumber);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a platform credential using the provided holder serial number
|
||||
* and a dtype of "Platform Credential".
|
||||
*
|
||||
* @param holderSerialNumber
|
||||
* @return
|
||||
* @param holderSerialNumber holder serial number
|
||||
* @return platform credential
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'",
|
||||
nativeQuery = true)
|
||||
PlatformCredential getPcByHolderSerialNumber(BigInteger holderSerialNumber);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of platform credentials using the provided holder serial number
|
||||
* and a dtype of "Platform Credential".
|
||||
*
|
||||
* @param holderSerialNumber
|
||||
* @return
|
||||
* @param holderSerialNumber holder serial numberz
|
||||
* @return a list of platform credentials
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'",
|
||||
nativeQuery = true)
|
||||
List<PlatformCredential> getByHolderSerialNumber(BigInteger holderSerialNumber);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a certificate using the provided certificate hash and dtype.
|
||||
*
|
||||
* @param certificateHash
|
||||
* @param dType
|
||||
* @return
|
||||
* @param certificateHash integer certificate hash
|
||||
* @param dType dtype
|
||||
* @return a certificate
|
||||
*/
|
||||
@Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true)
|
||||
Certificate findByCertificateHash(int certificateHash, String dType);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves an endorssement credential using the provided public key modulus hex value.
|
||||
*
|
||||
* @param publicKeyModulusHexValue
|
||||
* @return
|
||||
* @param publicKeyModulusHexValue public key modulus hex value
|
||||
* @return an endorsement credential
|
||||
*/
|
||||
EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves an issued attestation certificate using the provided device id.
|
||||
*
|
||||
* @param deviceId
|
||||
* @return
|
||||
* @param deviceId uuid representation of the device id
|
||||
* @return an issued attestation certificate
|
||||
*/
|
||||
IssuedAttestationCertificate findByDeviceId(UUID deviceId);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of issued attestation certificates using the provided device id,
|
||||
* isLDevID value and sort value.
|
||||
*
|
||||
* @param deviceId
|
||||
* @param isLDevID
|
||||
* @param sort
|
||||
* @return
|
||||
* @param deviceId device id
|
||||
* @param isLDevID is it a LDevId
|
||||
* @param sort sort
|
||||
* @return a list of issued attestation certificates
|
||||
*/
|
||||
List<IssuedAttestationCertificate> findByDeviceIdAndIsLDevID(UUID deviceId, boolean isLDevID, Sort sort);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a certificates using the provided certificate hash.
|
||||
*
|
||||
* @param certificateHash
|
||||
* @return
|
||||
* @param certificateHash integer certificate hash
|
||||
* @return a certificate
|
||||
*/
|
||||
Certificate findByCertificateHash(int certificateHash);
|
||||
}
|
||||
|
@ -14,43 +14,43 @@ import java.util.UUID;
|
||||
public interface EndorsementCredentialRepository extends JpaRepository<EndorsementCredential, UUID> {
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of endorsement credentials using the provided archive flag.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of endorsement credentials
|
||||
*/
|
||||
List<EndorsementCredential> findByArchiveFlag(boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a page of endorsement credentials using provided archive flag and pageable value.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @param pageable
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @param pageable pageable value
|
||||
* @return a page of endorsement credentials
|
||||
*/
|
||||
Page<EndorsementCredential> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves an endorsement credential using the provided holder serial number.
|
||||
*
|
||||
* @param holderSerialNumber
|
||||
* @return
|
||||
* @param holderSerialNumber big integer representation of the holder serial number
|
||||
* @return an endorsement credential
|
||||
*/
|
||||
EndorsementCredential findByHolderSerialNumber(BigInteger holderSerialNumber);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves an endorsement credential using the provided serial number.
|
||||
*
|
||||
* @param serialNumber
|
||||
* @return
|
||||
* @param serialNumber big integer representation of the serial number
|
||||
* @return an endorsement credential
|
||||
*/
|
||||
EndorsementCredential findBySerialNumber(BigInteger serialNumber);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of endorsement credentials using the provided device id.
|
||||
*
|
||||
* @param deviceId
|
||||
* @return
|
||||
* @param deviceId uuid representation of the device id
|
||||
* @return an endorsement credential
|
||||
*/
|
||||
List<EndorsementCredential> findByDeviceId(UUID deviceId);
|
||||
}
|
||||
|
@ -13,26 +13,70 @@ import java.util.UUID;
|
||||
public interface IDevIDCertificateRepository extends JpaRepository<IDevIDCertificate, UUID> {
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of IDevId certificates using the provided archive flag.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findByArchiveFlag(boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a page of IDevId certificates using the provided archive flag and pageable value.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @param pageable
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @param pageable pageable value
|
||||
* @return a page of IDevId certificates
|
||||
*/
|
||||
Page<IDevIDCertificate> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
/*List<IDevIDCertificate> findBySubject(String subject);
|
||||
List<IDevIDCertificate> findBySubjectSorted(String subject);
|
||||
List<IDevIDCertificate> findBySubjectAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
List<IDevIDCertificate> findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
|
||||
IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a list of IDevId certificates using the provided subject.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @return a list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubject(String subject);
|
||||
|
||||
/**
|
||||
* Query that retrieves a sorted list of IDevId certificates using the provided subject.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @return a sorted list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectSorted(String subject);
|
||||
|
||||
/**
|
||||
* Query that retrieves a list of IDevId certificates using the provided subject and archive flag.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a sorted list of IDevId certificates using the provided subject and archive flag.
|
||||
*
|
||||
* @param subject string representation of the subject
|
||||
* @param archiveFlag archive flag
|
||||
* @return a sorted list of IDevId certificates
|
||||
*/
|
||||
List<IDevIDCertificate> findBySubjectSortedAndArchiveFlag(String subject, boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves an IDevId certificate using the provided subject key identifier.
|
||||
*
|
||||
* @param subjectKeyIdentifier byte representation of the subject key identifier
|
||||
* @return an IDevId certificate
|
||||
*/
|
||||
IDevIDCertificate findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
|
||||
|
||||
/**
|
||||
* Query that retrieves an IDevId certificate using the provided subject key and archive flag.
|
||||
*
|
||||
* @param subjectKeyIdString string representation of the subject key id
|
||||
* @param archiveFlag archive flag
|
||||
* @return an IDevId certificate
|
||||
*/
|
||||
IDevIDCertificate findBySubjectKeyIdStringAndArchiveFlag(String subjectKeyIdString, boolean archiveFlag);
|
||||
}
|
@ -13,25 +13,28 @@ import java.util.UUID;
|
||||
public interface IssuedCertificateRepository extends JpaRepository<IssuedAttestationCertificate, UUID> {
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of issued attestation certificates using the provided archive flag.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of issued attestation certificates
|
||||
*/
|
||||
List<IssuedAttestationCertificate> findByArchiveFlag(boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a page of issued attestation certificates using the provided archive flag
|
||||
* and pageable value.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @param pageable
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @param pageable pageable value
|
||||
* @return a page of issued attestation certificates
|
||||
*/
|
||||
Page<IssuedAttestationCertificate> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
|
||||
/**
|
||||
* @param deviceId
|
||||
* @return
|
||||
* Query that retrieves a list of issued attestation certificates using the provided device id.
|
||||
*
|
||||
* @param deviceId uuid representation of the device id
|
||||
* @return a list of issued attestation certificates
|
||||
*/
|
||||
List<IssuedAttestationCertificate> findByDeviceId(UUID deviceId);
|
||||
}
|
@ -13,27 +13,28 @@ import java.util.UUID;
|
||||
public interface PlatformCertificateRepository extends JpaRepository<PlatformCredential, UUID> {
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of platform credentials using the provided archive flag.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of platform credentials
|
||||
*/
|
||||
List<PlatformCredential> findByArchiveFlag(boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a page of platform credentials using the provided archive flag
|
||||
* and pageable value.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @param pageable
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @param pageable pageable
|
||||
* @return a page of platform credentials
|
||||
*/
|
||||
Page<PlatformCredential> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of platform credentials using the provided device id.
|
||||
*
|
||||
* @param deviceId
|
||||
* @return
|
||||
* @param deviceId uuid representation of the device id
|
||||
* @return a list of platform credentials
|
||||
*/
|
||||
List<PlatformCredential> findByDeviceId(UUID deviceId);
|
||||
}
|
||||
|
@ -11,51 +11,51 @@ import java.util.UUID;
|
||||
public interface ReferenceDigestValueRepository extends JpaRepository<ReferenceDigestValue, UUID> {
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided model.
|
||||
*
|
||||
* @param model
|
||||
* @return
|
||||
* @param model string representation of the model
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findByModel(String model);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided manufacturer.
|
||||
*
|
||||
* @param manufacturer
|
||||
* @return
|
||||
* @param manufacturer string representation of the manufacturer
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findByManufacturer(String manufacturer);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided associated rim id.
|
||||
*
|
||||
* @param associatedRimId
|
||||
* @return
|
||||
* @param associatedRimId uuid representation of the associated rim ID
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findValuesByBaseRimId(UUID associatedRimId);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided support rim id.
|
||||
*
|
||||
* @param supportRimId
|
||||
* @return
|
||||
* @param supportRimId uuid representation of the support rim ID
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findBySupportRimId(UUID supportRimId);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided support rim hash.
|
||||
*
|
||||
* @param supportRimHash
|
||||
* @return
|
||||
* @param supportRimHash a string representation of the support rim hash
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findBySupportRimHash(String supportRimHash);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference digest values using the provided manufacturer and model.
|
||||
*
|
||||
* @param manufacturer
|
||||
* @param model
|
||||
* @return
|
||||
* @param manufacturer string representation of the manufacturer
|
||||
* @param model string representation of the model
|
||||
* @return a list of reference digest values
|
||||
*/
|
||||
List<ReferenceDigestValue> findByManufacturerAndModel(String manufacturer, String model);
|
||||
}
|
||||
|
@ -16,159 +16,192 @@ import java.util.UUID;
|
||||
@Repository
|
||||
public interface ReferenceManifestRepository extends JpaRepository<ReferenceManifest, UUID> {
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a reference manifest using the provided hex/dec hash.
|
||||
*
|
||||
* @param hexDecHash
|
||||
* @return
|
||||
* @param hexDecHash string representation of the hex dec hash
|
||||
* @return a reference manifest
|
||||
*/
|
||||
ReferenceManifest findByHexDecHash(String hexDecHash);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a reference manifest using the provided base 64 hash.
|
||||
*
|
||||
* @param base64Hash
|
||||
* @return
|
||||
* @param base64Hash string representation of the base 64 hash
|
||||
* @return a reference manifest
|
||||
*/
|
||||
ReferenceManifest findByBase64Hash(String base64Hash);
|
||||
|
||||
/**
|
||||
* @param hexDecHash
|
||||
* @param rimType
|
||||
* @return
|
||||
* Query that retrieves a reference manifest using the provided hex/dec hash and rim type.
|
||||
*
|
||||
* @param hexDecHash string representation of the hex dec hash
|
||||
* @param rimType string representation of the rim type
|
||||
* @return a reference manifest
|
||||
*/
|
||||
ReferenceManifest findByHexDecHashAndRimType(String hexDecHash, String rimType);
|
||||
|
||||
/**
|
||||
* @param hexDecHash
|
||||
* @param rimType
|
||||
* @return
|
||||
* Query that retrieves a reference manifest using the provided event log hash and rim type.
|
||||
*
|
||||
* @param hexDecHash string representation of the event log hash
|
||||
* @param rimType string representation of the rim type
|
||||
* @return a reference manifest
|
||||
*/
|
||||
ReferenceManifest findByEventLogHashAndRimType(String hexDecHash, String rimType);
|
||||
|
||||
/**
|
||||
* @param manufacturer
|
||||
* @param model
|
||||
* @return
|
||||
* Query that retrieves a list of base reference manifests using the provided manufacturer and model
|
||||
* and where the rim type is equal to base.
|
||||
*
|
||||
* @param manufacturer string representation of platform manufacturer
|
||||
* @param model string representation of platform model
|
||||
* @return a list of base reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 "
|
||||
+ "AND rimType = 'Base'", nativeQuery = true)
|
||||
List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model);
|
||||
|
||||
/**
|
||||
* @param manufacturer
|
||||
* @param dType
|
||||
* @return
|
||||
* Query that retrieves a list of base reference manifests using the provided manufacturer and model.
|
||||
*
|
||||
* @param manufacturer string representation of platform manufacturer
|
||||
* @param dType dtype
|
||||
* @return a list of base reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2",
|
||||
nativeQuery = true)
|
||||
List<BaseReferenceManifest> getByManufacturer(String manufacturer, String dType);
|
||||
|
||||
/**
|
||||
* @param model
|
||||
* @param dType
|
||||
* @return
|
||||
* Query that retrieves a reference manifest using the provided model and dtype.
|
||||
*
|
||||
* @param model string representation of platform model
|
||||
* @param dType dtype
|
||||
* @return a reference manifest
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2",
|
||||
nativeQuery = true)
|
||||
ReferenceManifest getByModel(String model, String dType);
|
||||
|
||||
/**
|
||||
* @return
|
||||
* Query that retrieves a list of base reference manifests where the dtype is a base reference manifest.
|
||||
*
|
||||
* @return a list of base reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'",
|
||||
nativeQuery = true)
|
||||
List<BaseReferenceManifest> findAllBaseRims();
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of support reference manifests where the dtype is a
|
||||
* support reference manifest.
|
||||
*
|
||||
* @return
|
||||
* @return a list of support reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'SupportReferenceManifest'",
|
||||
nativeQuery = true)
|
||||
List<SupportReferenceManifest> findAllSupportRims();
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a base reference manifest using the provided uuid and where the dtype is a
|
||||
* base reference manifest.
|
||||
*
|
||||
* @param uuid
|
||||
* @return
|
||||
* @param uuid uuid
|
||||
* @return a base reference manifest
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'BaseReferenceManifest'",
|
||||
nativeQuery = true)
|
||||
BaseReferenceManifest getBaseRimEntityById(UUID uuid);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a support reference manifest using the provided uuid and
|
||||
* where the dtype is a support reference manifest.
|
||||
*
|
||||
* @param uuid
|
||||
* @return
|
||||
* @param uuid uuid
|
||||
* @return a support reference manifest
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'SupportReferenceManifest'",
|
||||
nativeQuery = true)
|
||||
SupportReferenceManifest getSupportRimEntityById(UUID uuid);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves event log measurements using the provided uuid and where the dtype is an
|
||||
* event log measurement.
|
||||
*
|
||||
* @param uuid
|
||||
* @return
|
||||
* @param uuid uuid
|
||||
* @return event log measurements
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE id = ?1 AND DTYPE = 'EventLogMeasurements'",
|
||||
nativeQuery = true)
|
||||
EventLogMeasurements getEventLogRimEntityById(UUID uuid);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of support reference manifests using the provided device name and where the
|
||||
* dtype is a support reference manifest.
|
||||
*
|
||||
* @param deviceName
|
||||
* @return
|
||||
* @param deviceName string representation of the device name
|
||||
* @return a list of support reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 "
|
||||
+ "AND DTYPE = 'SupportReferenceManifest'", nativeQuery = true)
|
||||
List<SupportReferenceManifest> byDeviceName(String deviceName);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves event log measurements using the provided device name and where the dtype is
|
||||
* event log measurements.
|
||||
*
|
||||
* @param deviceName
|
||||
* @return
|
||||
* @param deviceName string representation of the device name
|
||||
* @return event log measurements
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE deviceName = ?1 "
|
||||
+ "AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
|
||||
EventLogMeasurements byMeasurementDeviceName(String deviceName);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of support reference manifests using the provided manufacturer and platform
|
||||
* model and where the rim type is support.
|
||||
*
|
||||
* @param manufacturer
|
||||
* @param model
|
||||
* @return
|
||||
* @param manufacturer string representation of platform manufacturer
|
||||
* @param model string representation of platform model
|
||||
* @return a list of support reference manifests
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Support'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 "
|
||||
+ "AND rimType = 'Support'", nativeQuery = true)
|
||||
List<SupportReferenceManifest> getSupportByManufacturerModel(String manufacturer, String model);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves event log measurements using the provided platform model and where the dtype is
|
||||
* event log measurements.
|
||||
*
|
||||
* @param model
|
||||
* @return
|
||||
* @param model string representation of platform model.
|
||||
* @return event log measurements
|
||||
*/
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
|
||||
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 "
|
||||
+ "AND DTYPE = 'EventLogMeasurements'", nativeQuery = true)
|
||||
EventLogMeasurements getLogByModel(String model);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference manifests using the provided device name.
|
||||
*
|
||||
* @param deviceName
|
||||
* @return
|
||||
* @param deviceName string representation of device name
|
||||
* @return a list of reference manifests
|
||||
*/
|
||||
List<ReferenceManifest> findByDeviceName(String deviceName);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a list of reference manifests using the provided archive flag.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @return a list of reference manifests
|
||||
*/
|
||||
List<ReferenceManifest> findByArchiveFlag(boolean archiveFlag);
|
||||
|
||||
/**
|
||||
* Query that retrieves a
|
||||
* Query that retrieves a page of reference manifests using the provided archive flag and pageable value.
|
||||
*
|
||||
* @param archiveFlag
|
||||
* @param pageable
|
||||
* @return
|
||||
* @param archiveFlag archive flag
|
||||
* @param pageable pageable
|
||||
* @return a page of reference manifests
|
||||
*/
|
||||
Page<ReferenceManifest> findByArchiveFlag(boolean archiveFlag, Pageable pageable);
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ public interface SupplyChainValidationRepository extends JpaRepository<SupplyCha
|
||||
/**
|
||||
* Query that retrieves a list of supply chain validation using the provided validate type.
|
||||
*
|
||||
* @param validateType validate type
|
||||
* @param validateType string representation of the validate type
|
||||
* @return a list of supply chain validation
|
||||
*/
|
||||
List<SupplyChainValidation> findByValidationType(String validateType);
|
||||
@ -20,7 +20,7 @@ public interface SupplyChainValidationRepository extends JpaRepository<SupplyCha
|
||||
/**
|
||||
* Query that retrieves a list of supply chain validation using the provided validation result.
|
||||
*
|
||||
* @param validationResult validation result
|
||||
* @param validationResult string representation of the validation result
|
||||
* @return a list of supply chain validation
|
||||
*/
|
||||
List<SupplyChainValidation> findByValidationResult(String validationResult);
|
||||
|
@ -15,19 +15,26 @@ public interface SupplyChainValidationSummaryRepository
|
||||
extends JpaRepository<SupplyChainValidationSummary, UUID> {
|
||||
|
||||
/**
|
||||
* @param device
|
||||
* @return
|
||||
* Query that retrieves a supply chain validation summary using the provided device.
|
||||
*
|
||||
* @param device device
|
||||
* @return a supply chain validation summary
|
||||
*/
|
||||
SupplyChainValidationSummary findByDevice(Device device);
|
||||
|
||||
/**
|
||||
* @return
|
||||
* Query that retrieves a list of supply chain validation summaries where the archive flag is false.
|
||||
*
|
||||
* @return a list of supply chain validation summary
|
||||
*/
|
||||
List<SupplyChainValidationSummary> findByArchiveFlagFalse();
|
||||
|
||||
/**
|
||||
* @param pageable
|
||||
* @return
|
||||
* Query that retrieves a page of supply chain validation summaries using the provided pageable value
|
||||
* and where the archive flag is false.
|
||||
*
|
||||
* @param pageable pageable
|
||||
* @return a page of supply chain validation summary
|
||||
*/
|
||||
Page<SupplyChainValidationSummary> findByArchiveFlagFalse(Pageable pageable);
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ public interface TPM2ProvisionerStateRepository extends JpaRepository<TPM2Provis
|
||||
/**
|
||||
* Query that retrieves the TPM2 Provisioner State using the provided first part of nonce.
|
||||
*
|
||||
* @param findByFirstPartOfNonce
|
||||
* @param findByFirstPartOfNonce long representation of the first part of nonce
|
||||
* @return TPM2 Provisioner State
|
||||
*/
|
||||
TPM2ProvisionerState findByFirstPartOfNonce(Long findByFirstPartOfNonce);
|
||||
|
@ -18,13 +18,11 @@ import org.bouncycastle.asn1.ASN1Encodable;
|
||||
import org.bouncycastle.asn1.ASN1GeneralizedTime;
|
||||
import org.bouncycastle.asn1.ASN1InputStream;
|
||||
import org.bouncycastle.asn1.ASN1Integer;
|
||||
import org.bouncycastle.asn1.ASN1Object;
|
||||
import org.bouncycastle.asn1.ASN1Primitive;
|
||||
import org.bouncycastle.asn1.ASN1Sequence;
|
||||
import org.bouncycastle.asn1.DERIA5String;
|
||||
import org.bouncycastle.asn1.DEROctetString;
|
||||
import org.bouncycastle.asn1.DERTaggedObject;
|
||||
import org.bouncycastle.asn1.DLSequence;
|
||||
import org.bouncycastle.asn1.DLTaggedObject;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.AccessDescription;
|
||||
@ -79,24 +77,6 @@ import java.util.Objects;
|
||||
@Entity
|
||||
public abstract class Certificate extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Holds the different certificate types.
|
||||
*/
|
||||
public enum CertificateType {
|
||||
/**
|
||||
* Basic X509 Certificate.
|
||||
*/
|
||||
X509_CERTIFICATE,
|
||||
/**
|
||||
* Basic Attribute Certificate.
|
||||
*/
|
||||
ATTRIBUTE_CERTIFICATE,
|
||||
/**
|
||||
* Invalid Certificate.
|
||||
*/
|
||||
INVALID_CERTIFICATE
|
||||
}
|
||||
|
||||
/**
|
||||
* Decimal digit representation of base 16.
|
||||
*/
|
||||
@ -106,6 +86,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
* Min length representing the attribute certificate.
|
||||
*/
|
||||
public static final int MIN_ATTR_CERT_LENGTH = 8;
|
||||
|
||||
/**
|
||||
* Holds the name of the entity 'ID' field.
|
||||
*/
|
||||
@ -120,52 +101,78 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
* Holds the name of the 'serialNumber' field.
|
||||
*/
|
||||
public static final String SERIAL_NUMBER_FIELD = "serialNumber";
|
||||
@Getter
|
||||
@Column(nullable = false, precision = CertificateVariables.MAX_NUMERIC_PRECISION, scale = 0)
|
||||
private final BigInteger serialNumber;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'issuer' field.
|
||||
*/
|
||||
public static final String ISSUER_FIELD = "issuer";
|
||||
@Getter
|
||||
@Column(nullable = false)
|
||||
private final String issuer;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'issuerSorted' field.
|
||||
*/
|
||||
public static final String ISSUER_SORTED_FIELD = "issuerSorted";
|
||||
@Getter
|
||||
@Column
|
||||
private final String issuerSorted;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'subject' field.
|
||||
*/
|
||||
public static final String SUBJECT_FIELD = "subject";
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
private final String subject;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'subjectSorted' field.
|
||||
*/
|
||||
public static final String SUBJECT_SORTED_FIELD = "subjectSorted";
|
||||
@Getter
|
||||
@Column
|
||||
private final String subjectSorted;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'encodedPublicKey' field.
|
||||
*/
|
||||
public static final String ENCODED_PUBLIC_KEY_FIELD = "encodedPublicKey";
|
||||
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = true)
|
||||
private final byte[] encodedPublicKey;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'encodedPublicKey' field.
|
||||
*/
|
||||
public static final String PUBLIC_KEY_MODULUS_FIELD = "publicKeyModulusHexValue";
|
||||
|
||||
/**
|
||||
* Holds the name of the 'certificateHash' field.
|
||||
*/
|
||||
public static final String CERTIFICATE_HASH_FIELD = "certificateHash";
|
||||
|
||||
/**
|
||||
* Holds the name of the 'holderSerialNumber' field.
|
||||
*/
|
||||
public static final String HOLDER_SERIAL_NUMBER_FIELD = "holderSerialNumber";
|
||||
|
||||
/**
|
||||
* Holds the name of the 'authorityKeyIdentifier' field.
|
||||
*/
|
||||
public static final String AUTHORITY_KEY_ID_FIELD = "authorityKeyIdentifier";
|
||||
|
||||
@SuppressWarnings("PMD.AvoidUsingHardCodedIP") // this is not an IP address; PMD thinks it is
|
||||
private static final String POLICY_CONSTRAINTS = "2.5.29.36";
|
||||
|
||||
@Getter
|
||||
@Column(nullable = false, precision = CertificateVariables.MAX_NUMERIC_PRECISION, scale = 0)
|
||||
private final BigInteger serialNumber;
|
||||
|
||||
@Getter
|
||||
@Column(nullable = false)
|
||||
private final String issuer;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final String issuerSorted;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final String subject;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final String subjectSorted;
|
||||
|
||||
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES)
|
||||
private final byte[] encodedPublicKey;
|
||||
|
||||
// We're currently seeing 2048-bit keys, which is 512 hex digits.
|
||||
// Using a max length of 1024 for future-proofing.
|
||||
@Getter
|
||||
@ -181,16 +188,9 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
@Column(nullable = false)
|
||||
private final Date endValidity;
|
||||
|
||||
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES*CertificateVariables.KEY_USAGE_BIT4, nullable = false)
|
||||
@JsonIgnore
|
||||
private byte[] certificateBytes;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'certificateHash' field.
|
||||
*/
|
||||
public static final String CERTIFICATE_HASH_FIELD = "certificateHash";
|
||||
@Column(nullable = false)
|
||||
@JsonIgnore @Getter
|
||||
@JsonIgnore
|
||||
@Getter
|
||||
private final int certificateHash;
|
||||
|
||||
/**
|
||||
@ -202,42 +202,48 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
@JsonIgnore
|
||||
private final int certAndTypeHash;
|
||||
|
||||
/**
|
||||
* Holds the name of the 'holderSerialNumber' field.
|
||||
*/
|
||||
public static final String HOLDER_SERIAL_NUMBER_FIELD = "holderSerialNumber";
|
||||
@Getter
|
||||
@Column(nullable = false, precision = CertificateVariables.MAX_NUMERIC_PRECISION)
|
||||
private final BigInteger holderSerialNumber;
|
||||
|
||||
@Getter
|
||||
@Column(nullable = false, precision = CertificateVariables.MAX_NUMERIC_PRECISION, scale = 0)
|
||||
private final BigInteger holderSerialNumber;
|
||||
@Getter
|
||||
private String holderIssuer;
|
||||
@Getter
|
||||
@Column(nullable = true, precision = CertificateVariables.MAX_NUMERIC_PRECISION, scale = 0)
|
||||
@Column(precision = CertificateVariables.MAX_NUMERIC_PRECISION)
|
||||
private final BigInteger authoritySerialNumber;
|
||||
|
||||
@SuppressWarnings("PMD.AvoidUsingHardCodedIP") // this is not an IP address; PMD thinks it is
|
||||
private static final String POLICY_CONSTRAINTS = "2.5.29.36";
|
||||
@Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES * CertificateVariables.KEY_USAGE_BIT4,
|
||||
nullable = false)
|
||||
@JsonIgnore
|
||||
private byte[] certificateBytes;
|
||||
|
||||
@Getter
|
||||
private String holderIssuer;
|
||||
// we don't need to persist this, but we don't want to unpack this cert multiple times
|
||||
@Transient
|
||||
private X509Certificate parsedX509Cert = null;
|
||||
|
||||
@Getter
|
||||
private String signatureAlgorithm, publicKeyAlgorithm;
|
||||
private String signatureAlgorithm;
|
||||
|
||||
@Getter
|
||||
private String keyUsage, extendedKeyUsage;
|
||||
private String publicKeyAlgorithm;
|
||||
|
||||
@Getter
|
||||
private String keyUsage;
|
||||
|
||||
@Getter
|
||||
private String extendedKeyUsage;
|
||||
|
||||
private byte[] policyConstraints;
|
||||
/**
|
||||
* Holds the name of the 'authorityKeyIdentifier' field.
|
||||
*/
|
||||
public static final String AUTHORITY_KEY_ID_FIELD = "authorityKeyIdentifier";
|
||||
|
||||
@Getter
|
||||
private String authorityKeyIdentifier;
|
||||
|
||||
@Getter
|
||||
private String authorityInfoAccess;
|
||||
|
||||
@Getter
|
||||
private String crlPoints;
|
||||
|
||||
@Getter
|
||||
private int publicKeySize;
|
||||
|
||||
@ -291,7 +297,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
* @param certificateBytes the contents of a certificate file
|
||||
* @throws IOException if there is a problem extracting information from the certificate
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
|
||||
public Certificate(final byte[] certificateBytes) throws IOException {
|
||||
Preconditions.checkArgument(
|
||||
certificateBytes != null,
|
||||
@ -342,7 +348,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
this.policyConstraints = x509Certificate
|
||||
.getExtensionValue(POLICY_CONSTRAINTS);
|
||||
authKeyIdentifier = AuthorityKeyIdentifier
|
||||
.getInstance((DLSequence) getExtensionValue(
|
||||
.getInstance(getExtensionValue(
|
||||
Extension.authorityKeyIdentifier.getId()));
|
||||
|
||||
this.authorityInfoAccess = getAuthorityInfoAccess(x509Certificate
|
||||
@ -460,6 +466,161 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
this.certAndTypeHash = Objects.hash(certificateHash, getClass().getSimpleName());
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the raw bytes for the certificate.
|
||||
*
|
||||
* @param certificatePath path to the certificate file
|
||||
* @return bytes from the certificate file
|
||||
* @throws IOException if there is a problem reading the file
|
||||
*/
|
||||
public static byte[] readBytes(final Path certificatePath) throws IOException {
|
||||
Preconditions.checkArgument(
|
||||
certificatePath != null,
|
||||
"Cannot construct a Certificate from a null path"
|
||||
);
|
||||
|
||||
return Files.readAllBytes(certificatePath);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve a formatted subject DN string from a certificate. This allows for extended support of DNs
|
||||
* found in various RFCs.
|
||||
*
|
||||
* @param certificate the certificate holding subject DNs
|
||||
* @return IOException if there is an issue decoding the subject DNs
|
||||
*/
|
||||
public static String getSubjectDNString(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
|
||||
X500Name x500Name = certificateHolder.getSubject();
|
||||
return x500Name.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve a formatted issuer DN string from a certificate. This allows for extended support of DNs found
|
||||
* in various RFCs.
|
||||
*
|
||||
* @param certificate the certificate holding issuer DNs
|
||||
* @return IOException if there is an issue decoding the issuer DNs
|
||||
*/
|
||||
public static String getIssuerDNString(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
|
||||
X500Name x500Name = certificateHolder.getIssuer();
|
||||
return x500Name.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve an RSA-based X509 certificate's public key modulus.
|
||||
*
|
||||
* @param certificate the certificate holding a public key
|
||||
* @return a BigInteger representing its public key's modulus or null if none found
|
||||
* @throws IOException if there is an issue decoding the encoded public key
|
||||
*/
|
||||
public static BigInteger getPublicKeyModulus(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
try {
|
||||
return getPublicKeyModulus(
|
||||
certificateHolder.getSubjectPublicKeyInfo().parsePublicKey().toASN1Primitive()
|
||||
);
|
||||
} catch (IOException e) {
|
||||
log.info("No RSA Key Detected in certificate");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the modulus of the given PublicKey.
|
||||
*
|
||||
* @param publicKey the public key
|
||||
* @return a BigInteger representing the public key's modulus
|
||||
* @throws IOException if there is an issue decoding the public key
|
||||
*/
|
||||
public static BigInteger getPublicKeyModulus(final PublicKey publicKey) throws IOException {
|
||||
ASN1Primitive publicKeyASN1 = ASN1Primitive.fromByteArray(publicKey.getEncoded());
|
||||
if (publicKeyASN1 instanceof ASN1Sequence publicKeyASN1Sequence) {
|
||||
ASN1BitString encodedModulusAndExponent = (ASN1BitString)
|
||||
publicKeyASN1Sequence.getObjectAt(1);
|
||||
byte[] modulusAndExponentBytes = encodedModulusAndExponent.getOctets();
|
||||
return getPublicKeyModulus(ASN1Primitive.fromByteArray(modulusAndExponentBytes));
|
||||
} else {
|
||||
throw new IOException("Could not read public key as ASN1Sequence");
|
||||
}
|
||||
}
|
||||
|
||||
private static BigInteger getPublicKeyModulus(final ASN1Primitive publicKey)
|
||||
throws IOException {
|
||||
if (publicKey instanceof ASN1Sequence pubKeySeq) {
|
||||
ASN1Encodable modulus = pubKeySeq.getObjectAt(0);
|
||||
if (modulus instanceof ASN1Integer) {
|
||||
return ((ASN1Integer) modulus).getValue();
|
||||
} else {
|
||||
throw new IOException("Could not read modulus as an ASN1Integer");
|
||||
}
|
||||
} else {
|
||||
throw new IOException("Could not parse public key information as an ASN1Sequence");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the X509 Name array from the issuer in an Attribute Certificate.
|
||||
*
|
||||
* @param issuer for the Attribute Certificate
|
||||
* @return a X500Name[] representing the names of the issuer
|
||||
*/
|
||||
public static X500Name[] getAttributeCertificateIssuerNames(final AttCertIssuer issuer) {
|
||||
final ASN1Encodable form = issuer.getIssuer();
|
||||
GeneralNames name;
|
||||
if (form instanceof V2Form) {
|
||||
name = ((V2Form) form).getIssuerName();
|
||||
} else {
|
||||
name = (GeneralNames) form;
|
||||
}
|
||||
|
||||
GeneralName[] names = name.getNames();
|
||||
List<X500Name> l = new ArrayList<>(names.length);
|
||||
|
||||
for (int i = 0; i != names.length; i++) {
|
||||
if (names[i].getTagNo() == GeneralName.directoryName) {
|
||||
l.add(X500Name.getInstance(names[i].getName()));
|
||||
}
|
||||
}
|
||||
|
||||
return l.toArray(new X500Name[l.size()]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the Date from an ASN1GeneralizedTime.
|
||||
*
|
||||
* @param time (ASN1GeneralizedTime) of the certificate
|
||||
* @return the Date from a ASN1GeneralizedTime
|
||||
*/
|
||||
public static Date recoverDate(final ASN1GeneralizedTime time) {
|
||||
try {
|
||||
return time.getDate();
|
||||
} catch (ParseException e) {
|
||||
throw new IllegalStateException("unable to recover date: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the CRL Distribution that is reference by the Revocation Locator
|
||||
* on the portal.
|
||||
@ -502,6 +663,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Getter for the x509 Platform Certificate version.
|
||||
*
|
||||
* @return a big integer representing the certificate version. If there
|
||||
* is an error, return the max value to visible show error.
|
||||
*/
|
||||
@ -564,7 +726,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
}
|
||||
|
||||
/**
|
||||
* Return whether or not this certificate is valid on a particular date.
|
||||
* Return whether this certificate is valid on a particular date.
|
||||
*
|
||||
* @param date the date of interest.
|
||||
* @return true if the attribute certificate is valid, false otherwise.
|
||||
@ -601,7 +763,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
protected CertificateType getCertificateType() throws IOException {
|
||||
//Parse the certificate into a sequence
|
||||
ASN1Sequence testCred1 = (ASN1Sequence) ASN1Primitive.fromByteArray(this.certificateBytes);
|
||||
ASN1Sequence testSeq = (ASN1Sequence) ((ASN1Object) testCred1.toArray()[0]);
|
||||
ASN1Sequence testSeq = (ASN1Sequence) testCred1.toArray()[0];
|
||||
|
||||
if (testSeq.toArray()[0] instanceof ASN1Integer) {
|
||||
if (testSeq.toArray().length >= MIN_ATTR_CERT_LENGTH) {
|
||||
@ -611,7 +773,8 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
// V1 X509Certificate
|
||||
return CertificateType.X509_CERTIFICATE;
|
||||
}
|
||||
} else if (testSeq.toArray()[0] instanceof DERTaggedObject || testSeq.toArray()[0] instanceof DLTaggedObject) {
|
||||
} else if (testSeq.toArray()[0] instanceof DERTaggedObject
|
||||
|| testSeq.toArray()[0] instanceof DLTaggedObject) {
|
||||
// V2 or V3 X509Certificate
|
||||
return CertificateType.X509_CERTIFICATE;
|
||||
}
|
||||
@ -619,7 +782,6 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
return CertificateType.INVALID_CERTIFICATE;
|
||||
}
|
||||
|
||||
|
||||
private String parseKeyUsage(final boolean[] bools) {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
||||
@ -636,6 +798,8 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Getter for the authorityKeyIdentifier.
|
||||
*
|
||||
* @param aki authority key identifier
|
||||
* @return the ID's byte representation
|
||||
*/
|
||||
private String authKeyIdentifierToString(final AuthorityKeyIdentifier aki) {
|
||||
@ -655,7 +819,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
*
|
||||
* @param oid Object Identifier
|
||||
* @return ASN1Primitive Content related to the requested OID
|
||||
* @throws java.io.IOException
|
||||
* @throws IOException io exception
|
||||
*/
|
||||
private ASN1Primitive getExtensionValue(final String oid) throws IOException {
|
||||
byte[] extensionValue = getX509Certificate().getExtensionValue(oid);
|
||||
@ -684,6 +848,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
/**
|
||||
* Getter for the AuthorityInfoAccess extension value on list format.
|
||||
*
|
||||
* @param authInfoAccess byte representation of the authority info access
|
||||
* @return List Authority info access list
|
||||
*/
|
||||
private String getAuthorityInfoAccess(final byte[] authInfoAccess) {
|
||||
@ -704,6 +869,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
/**
|
||||
* Getter for the AuthorityInfoAccess extension value on list format.
|
||||
*
|
||||
* @param authInfoAccess authority information access
|
||||
* @return List Authority info access list
|
||||
*/
|
||||
private String getAuthorityInfoAccess(final AuthorityInformationAccess authInfoAccess) {
|
||||
@ -724,7 +890,6 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Retrieve the original X509 attribute certificate.
|
||||
*
|
||||
@ -773,6 +938,7 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
|
||||
/**
|
||||
* Getter for the policy statement.
|
||||
*
|
||||
* @return cloned bit representation of constraints
|
||||
*/
|
||||
public byte[] getPolicyConstraints() {
|
||||
@ -837,159 +1003,20 @@ public abstract class Certificate extends ArchivableEntity {
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Gets the raw bytes for the certificate.
|
||||
* @param certificatePath path to the certificate file
|
||||
* @return bytes from the certificate file
|
||||
* @throws IOException if there is a problem reading the file
|
||||
* Holds the different certificate types.
|
||||
*/
|
||||
public static byte[] readBytes(final Path certificatePath) throws IOException {
|
||||
Preconditions.checkArgument(
|
||||
certificatePath != null,
|
||||
"Cannot construct a Certificate from a null path"
|
||||
);
|
||||
|
||||
return Files.readAllBytes(certificatePath);
|
||||
}
|
||||
|
||||
public enum CertificateType {
|
||||
/**
|
||||
* Retrieve a formatted subject DN string from a certificate. This allows for extended support of DNs found in
|
||||
* various RFCs.
|
||||
*
|
||||
* @param certificate the certificate holding subject DNs
|
||||
* @return IOException if there is an issue decoding the subject DNs
|
||||
* Basic X509 Certificate.
|
||||
*/
|
||||
public static String getSubjectDNString(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
|
||||
X500Name x500Name = certificateHolder.getSubject();
|
||||
return x500Name.toString();
|
||||
}
|
||||
|
||||
X509_CERTIFICATE,
|
||||
/**
|
||||
* Retrieve a formatted issuer DN string from a certificate. This allows for extended support of DNs found in
|
||||
* various RFCs.
|
||||
*
|
||||
* @param certificate the certificate holding issuer DNs
|
||||
* @return IOException if there is an issue decoding the issuer DNs
|
||||
* Basic Attribute Certificate.
|
||||
*/
|
||||
public static String getIssuerDNString(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
|
||||
X500Name x500Name = certificateHolder.getIssuer();
|
||||
return x500Name.toString();
|
||||
}
|
||||
|
||||
ATTRIBUTE_CERTIFICATE,
|
||||
/**
|
||||
* Retrieve an RSA-based X509 certificate's public key modulus.
|
||||
*
|
||||
* @param certificate the certificate holding a public key
|
||||
* @return a BigInteger representing its public key's modulus or null if none found
|
||||
* @throws IOException if there is an issue decoding the encoded public key
|
||||
* Invalid Certificate.
|
||||
*/
|
||||
public static BigInteger getPublicKeyModulus(final X509Certificate certificate)
|
||||
throws IOException {
|
||||
X509CertificateHolder certificateHolder = null;
|
||||
try {
|
||||
certificateHolder = new X509CertificateHolder(certificate.getEncoded());
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new IOException("Could not encode certificate", e);
|
||||
}
|
||||
try {
|
||||
return getPublicKeyModulus(
|
||||
certificateHolder.getSubjectPublicKeyInfo().parsePublicKey().toASN1Primitive()
|
||||
);
|
||||
} catch (IOException e) {
|
||||
log.info("No RSA Key Detected in certificate");
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the modulus of the given PublicKey.
|
||||
*
|
||||
* @param publicKey the public key
|
||||
* @return a BigInteger representing the public key's modulus
|
||||
* @throws IOException if there is an issue decoding the public key
|
||||
*/
|
||||
public static BigInteger getPublicKeyModulus(final PublicKey publicKey) throws IOException {
|
||||
ASN1Primitive publicKeyASN1 = ASN1Primitive.fromByteArray(publicKey.getEncoded());
|
||||
if (publicKeyASN1 instanceof ASN1Sequence) {
|
||||
ASN1Sequence publicKeyASN1Sequence = (ASN1Sequence) publicKeyASN1;
|
||||
ASN1BitString encodedModulusAndExponent = (ASN1BitString)
|
||||
publicKeyASN1Sequence.getObjectAt(1);
|
||||
byte[] modulusAndExponentBytes = encodedModulusAndExponent.getOctets();
|
||||
return getPublicKeyModulus(ASN1Primitive.fromByteArray(modulusAndExponentBytes));
|
||||
} else {
|
||||
throw new IOException("Could not read public key as ASN1Sequence");
|
||||
}
|
||||
}
|
||||
|
||||
private static BigInteger getPublicKeyModulus(final ASN1Primitive publicKey)
|
||||
throws IOException {
|
||||
if (publicKey instanceof ASN1Sequence) {
|
||||
ASN1Sequence pubKeySeq = (ASN1Sequence) publicKey;
|
||||
ASN1Encodable modulus = pubKeySeq.getObjectAt(0);
|
||||
if (modulus instanceof ASN1Integer) {
|
||||
return ((ASN1Integer) modulus).getValue();
|
||||
} else {
|
||||
throw new IOException("Could not read modulus as an ASN1Integer");
|
||||
}
|
||||
} else {
|
||||
throw new IOException("Could not parse public key information as an ASN1Sequence");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the X509 Name array from the issuer in an Attribute Certificate.
|
||||
*
|
||||
* @param issuer for the Attribute Certificate
|
||||
* @return a X500Name[] representing the names of the issuer
|
||||
*/
|
||||
public static X500Name[] getAttributeCertificateIssuerNames(final AttCertIssuer issuer) {
|
||||
final ASN1Encodable form = issuer.getIssuer();
|
||||
GeneralNames name;
|
||||
if (form instanceof V2Form) {
|
||||
name = ((V2Form) form).getIssuerName();
|
||||
} else {
|
||||
name = (GeneralNames) form;
|
||||
}
|
||||
|
||||
GeneralName[] names = name.getNames();
|
||||
List<X500Name> l = new ArrayList<>(names.length);
|
||||
|
||||
for (int i = 0; i != names.length; i++) {
|
||||
if (names[i].getTagNo() == GeneralName.directoryName) {
|
||||
l.add(X500Name.getInstance(names[i].getName()));
|
||||
}
|
||||
}
|
||||
|
||||
return (X500Name[]) l.toArray(new X500Name[l.size()]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the Date from an ASN1GeneralizedTime.
|
||||
*
|
||||
* @param time (ASN1GeneralizedTime) of the certificate
|
||||
* @return the Date from a ASN1GeneralizedTime
|
||||
*/
|
||||
public static Date recoverDate(final ASN1GeneralizedTime time) {
|
||||
try {
|
||||
return time.getDate();
|
||||
} catch (ParseException e) {
|
||||
throw new IllegalStateException("unable to recover date: " + e.getMessage());
|
||||
}
|
||||
INVALID_CERTIFICATE
|
||||
}
|
||||
}
|
||||
|
@ -65,6 +65,11 @@ public class Device extends AbstractEntity {
|
||||
@Column(name = "summary_id")
|
||||
private String summaryId;
|
||||
|
||||
/**
|
||||
* Constructor creates a Device object using the provided device info report.
|
||||
*
|
||||
* @param deviceInfoReport device information report
|
||||
*/
|
||||
public Device(final DeviceInfoReport deviceInfoReport) {
|
||||
super();
|
||||
if (deviceInfoReport != null) {
|
||||
@ -94,6 +99,7 @@ public class Device extends AbstractEntity {
|
||||
|
||||
/**
|
||||
* Getter for the report time stamp.
|
||||
*
|
||||
* @return a cloned version
|
||||
*/
|
||||
public Timestamp getLastReportTimestamp() {
|
||||
@ -106,12 +112,14 @@ public class Device extends AbstractEntity {
|
||||
|
||||
/**
|
||||
* Setter for the report time stamp.
|
||||
*
|
||||
* @param lastReportTimestamp
|
||||
*/
|
||||
public void setLastReportTimestamp(final Timestamp lastReportTimestamp) {
|
||||
this.lastReportTimestamp = (Timestamp) lastReportTimestamp.clone();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("Device Name: %s%nStatus: %s%nSummary: %s%n",
|
||||
name, (healthStatus == null ? "N/A" : healthStatus.getStatus()),
|
||||
@ -119,13 +127,14 @@ public class Device extends AbstractEntity {
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (!(o instanceof Device)) {
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (!(o instanceof Device device)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
Device device = (Device) o;
|
||||
return isStateOverridden == device.isStateOverridden
|
||||
&& Objects.equals(name, device.name)
|
||||
&& healthStatus == device.healthStatus
|
||||
|
@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
@ -21,48 +20,19 @@ import java.util.List;
|
||||
*/
|
||||
@Entity
|
||||
public class SupplyChainValidation extends ArchivableEntity {
|
||||
/**
|
||||
* Used to indicate which type of validation a result is related to.
|
||||
*/
|
||||
public enum ValidationType {
|
||||
/**
|
||||
* Validation of an endorsement credential.
|
||||
*/
|
||||
ENDORSEMENT_CREDENTIAL,
|
||||
|
||||
/**
|
||||
* Validation of a platform credential and also delta platform credentials from spec 1.1.
|
||||
*/
|
||||
PLATFORM_CREDENTIAL,
|
||||
|
||||
/**
|
||||
* Validation of a platform credential's attributes.
|
||||
*/
|
||||
PLATFORM_CREDENTIAL_ATTRIBUTES,
|
||||
|
||||
/**
|
||||
* Validation of the device firmware.
|
||||
*/
|
||||
FIRMWARE
|
||||
}
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final ValidationType validationType;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final AppraisalStatus.Status validationResult;
|
||||
|
||||
@ManyToMany(fetch = FetchType.EAGER)
|
||||
@JoinTable(name = "CertificatesUsedToValidate",
|
||||
joinColumns = {@JoinColumn(name = "validation_id", nullable = false)})
|
||||
private final List<Certificate> certificatesUsed;
|
||||
|
||||
@Getter
|
||||
@Column(length = RESULT_MESSAGE_LENGTH)
|
||||
private final String message;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private String rimId;
|
||||
@ -122,4 +92,29 @@ public class SupplyChainValidation extends ArchivableEntity {
|
||||
public List<Certificate> getCertificatesUsed() {
|
||||
return Collections.unmodifiableList(certificatesUsed);
|
||||
}
|
||||
|
||||
/**
|
||||
* Used to indicate which type of validation a result is related to.
|
||||
*/
|
||||
public enum ValidationType {
|
||||
/**
|
||||
* Validation of an endorsement credential.
|
||||
*/
|
||||
ENDORSEMENT_CREDENTIAL,
|
||||
|
||||
/**
|
||||
* Validation of a platform credential and also delta platform credentials from spec 1.1.
|
||||
*/
|
||||
PLATFORM_CREDENTIAL,
|
||||
|
||||
/**
|
||||
* Validation of a platform credential's attributes.
|
||||
*/
|
||||
PLATFORM_CREDENTIAL_ATTRIBUTES,
|
||||
|
||||
/**
|
||||
* Validation of the device firmware.
|
||||
*/
|
||||
FIRMWARE
|
||||
}
|
||||
}
|
||||
|
@ -32,7 +32,6 @@ import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* A container class to group multiple related {@link SupplyChainValidation} instances
|
||||
* together.
|
||||
@ -40,12 +39,10 @@ import java.util.UUID;
|
||||
@Entity
|
||||
public class SupplyChainValidationSummary extends ArchivableEntity {
|
||||
|
||||
private static final String DEVICE_ID_FIELD = "device.id";
|
||||
@ManyToOne
|
||||
@JoinColumn(name = "device_id")
|
||||
private final Device device;
|
||||
|
||||
private static final String DEVICE_ID_FIELD = "device.id";
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
@Enumerated(EnumType.STRING)
|
||||
@ -72,115 +69,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
|
||||
this.message = Strings.EMPTY;
|
||||
}
|
||||
|
||||
/**
|
||||
* This class enables the retrieval of SupplyChainValidationSummaries by their attributes.
|
||||
*/
|
||||
public static class Selector {
|
||||
private final CrudRepository<SupplyChainValidationSummary, UUID>
|
||||
supplyChainValidationSummaryCrudManager;
|
||||
|
||||
private final Map<String, Object> fieldValueSelections;
|
||||
|
||||
/**
|
||||
* Construct a new Selector that will use the given {@link CrudRepository} to
|
||||
* retrieve SupplyChainValidationSummaries.
|
||||
*
|
||||
* @param supplyChainValidationSummaryCrudManager the summary manager to be used to retrieve
|
||||
* supply chain validation summaries
|
||||
*/
|
||||
public Selector(
|
||||
final CrudRepository<SupplyChainValidationSummary, UUID>
|
||||
supplyChainValidationSummaryCrudManager) {
|
||||
Preconditions.checkArgument(
|
||||
supplyChainValidationSummaryCrudManager != null,
|
||||
"supply chain validation summary manager cannot be null"
|
||||
);
|
||||
|
||||
this.supplyChainValidationSummaryCrudManager = supplyChainValidationSummaryCrudManager;
|
||||
this.fieldValueSelections = new HashMap<>();
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct the criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this Selector.
|
||||
*
|
||||
* @return a Criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this instance
|
||||
*/
|
||||
public Predicate[] getCriterion(final CriteriaBuilder criteriaBuilder) {
|
||||
Predicate[] predicates = new Predicate[fieldValueSelections.size()];
|
||||
CriteriaQuery<SupplyChainValidationSummary> query = criteriaBuilder.createQuery(SupplyChainValidationSummary.class);
|
||||
Root<SupplyChainValidationSummary> root = query.from(SupplyChainValidationSummary.class);
|
||||
|
||||
int i = 0;
|
||||
for (Map.Entry<String, Object> fieldValueEntry : fieldValueSelections.entrySet()) {
|
||||
predicates[i++] = criteriaBuilder.equal(root.get(fieldValueEntry.getKey()), fieldValueEntry.getValue());
|
||||
}
|
||||
|
||||
return predicates;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a field name and value to match.
|
||||
*
|
||||
* @param name the field name to query
|
||||
* @param value the value to query
|
||||
*/
|
||||
protected void setFieldValue(final String name, final Object value) {
|
||||
Object valueToAssign = value;
|
||||
|
||||
Preconditions.checkArgument(
|
||||
value != null,
|
||||
"field value cannot be null."
|
||||
);
|
||||
|
||||
if (value instanceof String) {
|
||||
Preconditions.checkArgument(
|
||||
StringUtils.isNotEmpty((String) value),
|
||||
"field value cannot be empty."
|
||||
);
|
||||
}
|
||||
|
||||
if (value instanceof byte[]) {
|
||||
byte[] valueBytes = (byte[]) value;
|
||||
|
||||
Preconditions.checkArgument(
|
||||
ArrayUtils.isNotEmpty(valueBytes),
|
||||
"field value cannot be empty."
|
||||
);
|
||||
|
||||
valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length);
|
||||
}
|
||||
|
||||
fieldValueSelections.put(name, valueToAssign);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Specify a device id that supply chain validation summaries must have to be considered
|
||||
* as matching.
|
||||
*
|
||||
* @param device the device id to query
|
||||
* @return this instance (for chaining further calls)
|
||||
*/
|
||||
public Selector byDeviceId(final UUID device) {
|
||||
setFieldValue(DEVICE_ID_FIELD, device);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a Selector for use in retrieving SupplyChainValidationSummary.
|
||||
*
|
||||
* @param certMan the CrudManager to be used to retrieve persisted supply chain validation
|
||||
* summaries
|
||||
* @return a SupplyChainValidationSummary.Selector instance to use for retrieving certificates
|
||||
*/
|
||||
public static SupplyChainValidationSummary.Selector select(
|
||||
final CrudRepository<SupplyChainValidationSummary, UUID> certMan) {
|
||||
return new SupplyChainValidationSummary.Selector(certMan);
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a new SupplyChainValidationSummary.
|
||||
*
|
||||
@ -221,6 +109,18 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
|
||||
this.message = status.getMessage();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a Selector for use in retrieving SupplyChainValidationSummary.
|
||||
*
|
||||
* @param certMan the CrudManager to be used to retrieve persisted supply chain validation
|
||||
* summaries
|
||||
* @return a SupplyChainValidationSummary.Selector instance to use for retrieving certificates
|
||||
*/
|
||||
public static SupplyChainValidationSummary.Selector select(
|
||||
final CrudRepository<SupplyChainValidationSummary, UUID> certMan) {
|
||||
return new SupplyChainValidationSummary.Selector(certMan);
|
||||
}
|
||||
|
||||
/**
|
||||
* This retrieves the device associated with the supply chain validation summaries.
|
||||
*
|
||||
@ -270,4 +170,102 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
|
||||
return new AppraisalStatus(AppraisalStatus.Status.PASS,
|
||||
Strings.EMPTY);
|
||||
}
|
||||
|
||||
/**
|
||||
* This class enables the retrieval of SupplyChainValidationSummaries by their attributes.
|
||||
*/
|
||||
public static class Selector {
|
||||
private final CrudRepository<SupplyChainValidationSummary, UUID>
|
||||
supplyChainValidationSummaryCrudManager;
|
||||
|
||||
private final Map<String, Object> fieldValueSelections;
|
||||
|
||||
/**
|
||||
* Construct a new Selector that will use the given {@link CrudRepository} to
|
||||
* retrieve SupplyChainValidationSummaries.
|
||||
*
|
||||
* @param supplyChainValidationSummaryCrudManager the summary manager to be used to retrieve
|
||||
* supply chain validation summaries
|
||||
*/
|
||||
public Selector(
|
||||
final CrudRepository<SupplyChainValidationSummary, UUID>
|
||||
supplyChainValidationSummaryCrudManager) {
|
||||
Preconditions.checkArgument(
|
||||
supplyChainValidationSummaryCrudManager != null,
|
||||
"supply chain validation summary manager cannot be null"
|
||||
);
|
||||
|
||||
this.supplyChainValidationSummaryCrudManager = supplyChainValidationSummaryCrudManager;
|
||||
this.fieldValueSelections = new HashMap<>();
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct the criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this Selector.
|
||||
*
|
||||
* @return a Criterion that can be used to query for supply chain validation summaries
|
||||
* matching the configuration of this instance
|
||||
*/
|
||||
public Predicate[] getCriterion(final CriteriaBuilder criteriaBuilder) {
|
||||
Predicate[] predicates = new Predicate[fieldValueSelections.size()];
|
||||
CriteriaQuery<SupplyChainValidationSummary> query =
|
||||
criteriaBuilder.createQuery(SupplyChainValidationSummary.class);
|
||||
Root<SupplyChainValidationSummary> root = query.from(SupplyChainValidationSummary.class);
|
||||
|
||||
int i = 0;
|
||||
for (Map.Entry<String, Object> fieldValueEntry : fieldValueSelections.entrySet()) {
|
||||
predicates[i++] =
|
||||
criteriaBuilder.equal(root.get(fieldValueEntry.getKey()), fieldValueEntry.getValue());
|
||||
}
|
||||
|
||||
return predicates;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set a field name and value to match.
|
||||
*
|
||||
* @param name the field name to query
|
||||
* @param value the value to query
|
||||
*/
|
||||
protected void setFieldValue(final String name, final Object value) {
|
||||
Object valueToAssign = value;
|
||||
|
||||
Preconditions.checkArgument(
|
||||
value != null,
|
||||
"field value cannot be null."
|
||||
);
|
||||
|
||||
if (value instanceof String) {
|
||||
Preconditions.checkArgument(
|
||||
StringUtils.isNotEmpty((String) value),
|
||||
"field value cannot be empty."
|
||||
);
|
||||
}
|
||||
|
||||
if (value instanceof byte[] valueBytes) {
|
||||
|
||||
Preconditions.checkArgument(
|
||||
ArrayUtils.isNotEmpty(valueBytes),
|
||||
"field value cannot be empty."
|
||||
);
|
||||
|
||||
valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length);
|
||||
}
|
||||
|
||||
fieldValueSelections.put(name, valueToAssign);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Specify a device id that supply chain validation summaries must have to be considered
|
||||
* as matching.
|
||||
*
|
||||
* @param device the device id to query
|
||||
* @return this instance (for chaining further calls)
|
||||
*/
|
||||
public Selector byDeviceId(final UUID device) {
|
||||
setFieldValue(DEVICE_ID_FIELD, device);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -2,46 +2,209 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
public class CertificateVariables {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_FOOTER = "-----END CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_ATTRIBUTE_HEADER = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_ATTRIBUTE_FOOTER = "-----END ATTRIBUTE CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String MALFORMED_CERT_MESSAGE = "Malformed certificate detected.";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int MAX_CERT_LENGTH_BYTES = 2048;
|
||||
public static final int MAX_NUMERIC_PRECISION = 49; // Can store up to 160 bit values
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int MAX_NUMERIC_PRECISION = 49;
|
||||
/**
|
||||
* Can store up to 160 bit values
|
||||
*/
|
||||
public static final int MAX_PUB_KEY_MODULUS_HEX_LENGTH = 1024;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT0 = 0;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT1 = 1;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT2 = 2;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT3 = 3;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT4 = 4;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT5 = 5;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT6 = 6;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT7 = 7;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT8 = 8;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DS = "DIGITAL SIGNATURE";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_NR = "NON-REPUDIATION";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KE = "KEY ENCIPHERMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DE = "DATA ENCIPHERMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KA = "KEY AGREEMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KC = "KEY CERT SIGN";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_CS = "CRL SIGN";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_EO = "ENCIPHER ONLY";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DO = "DECIPHER ONLY";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_OID = "1.2.840.10045.4.3.2";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_SHA224_OID = "1.2.840.10045.4.1";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA256_OID = "1.2.840.113549.1.1.11";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA384_OID = "1.2.840.113549.1.1.12";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_OID = "1.2.840.113549.1.1.13";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA224_OID = "1.2.840.113549.1.1.14";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_224_OID = "1.2.840.113549.1.1.15";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_256_OID = "1.2.840.113549.1.1.16";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA256_STRING = "SHA256WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA384_STRING = "SHA384WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA224_STRING = "SHA224WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_STRING = "SHA512WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_224_STRING = "SHA512-224WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_256_STRING = "SHA512-256WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_STRING = "SHA256WithECDSA";
|
||||
|
||||
public static final String ECDSA_SHA224_STRING = "SHA224WithECDSA";
|
||||
}
|
||||
|
@ -6,8 +6,12 @@ import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Transient;
|
||||
import lombok.Getter;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import org.bouncycastle.asn1.*;
|
||||
import org.bouncycastle.asn1.ASN1Encodable;
|
||||
import org.bouncycastle.asn1.ASN1InputStream;
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.asn1.ASN1OctetString;
|
||||
import org.bouncycastle.asn1.ASN1Sequence;
|
||||
import org.bouncycastle.asn1.ASN1TaggedObject;
|
||||
import org.bouncycastle.asn1.x509.CertificatePolicies;
|
||||
import org.bouncycastle.asn1.x509.Extension;
|
||||
import org.bouncycastle.asn1.x509.PolicyInformation;
|
||||
@ -15,21 +19,13 @@ import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.CharBuffer;
|
||||
import java.nio.charset.Charset;
|
||||
import java.nio.charset.CharsetDecoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Path;
|
||||
import java.time.Instant;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
@Entity
|
||||
@Log4j2
|
||||
@ -154,6 +150,7 @@ public class IDevIDCertificate extends Certificate {
|
||||
|
||||
/**
|
||||
* Parses fields related to IDevID certificates.
|
||||
*
|
||||
* @throws IOException if a problem is encountered during parsing
|
||||
*/
|
||||
private void parseIDevIDCertificate() throws IOException {
|
||||
@ -207,12 +204,12 @@ public class IDevIDCertificate extends Certificate {
|
||||
} catch (IllegalArgumentException e) {
|
||||
// Some certs have been found to contain tagged objects for hwSerialNum.
|
||||
// Handle this as a special case.
|
||||
log.warn("Could not parse octet string for hwSerialNum. Attempting to parse tag.");
|
||||
log.warn(
|
||||
"Could not parse octet string for hwSerialNum. Attempting to parse tag.");
|
||||
try {
|
||||
tagObj1 = ASN1TaggedObject.getInstance(seq1.getObjectAt(1));
|
||||
obj2 = ASN1OctetString.getInstance(tagObj1, false);
|
||||
}
|
||||
catch (Exception i) { // Invalid object found
|
||||
} catch (Exception i) { // Invalid object found
|
||||
log.warn("Invalid object found for hwSerialNum.");
|
||||
break;
|
||||
}
|
||||
@ -237,7 +234,8 @@ public class IDevIDCertificate extends Certificate {
|
||||
// Check for certificate policy qualifiers, which should be present for IDevIDs if in compliance with the
|
||||
// TCG specification.
|
||||
// For interoperability reasons, this will only log a warning if a TCG OID is specified above.
|
||||
byte[] policyBytes = getX509Certificate().getExtensionValue(Extension.certificatePolicies.getId());
|
||||
byte[] policyBytes =
|
||||
getX509Certificate().getExtensionValue(Extension.certificatePolicies.getId());
|
||||
Map<String, Boolean> policyQualifiers = null;
|
||||
|
||||
if (policyBytes != null) {
|
||||
@ -264,7 +262,8 @@ public class IDevIDCertificate extends Certificate {
|
||||
failCondition = true;
|
||||
}
|
||||
if (failCondition) {
|
||||
log.warn("TPM policy qualifiers not found, or do not meet logical criteria. Certificate may not " +
|
||||
log.warn(
|
||||
"TPM policy qualifiers not found, or do not meet logical criteria. Certificate may not " +
|
||||
"be in compliance with TCG specification.");
|
||||
}
|
||||
}
|
||||
@ -288,8 +287,7 @@ public class IDevIDCertificate extends Certificate {
|
||||
public boolean hasTCGOIDs() {
|
||||
if (this.getHwType() != null) {
|
||||
return this.getHwType().equals(HWTYPE_TCG_TPM2_OID);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -1,6 +1,5 @@
|
||||
package hirs.attestationca.persist.provision;
|
||||
|
||||
import com.fasterxml.jackson.databind.ser.Serializers;
|
||||
import com.google.protobuf.ByteString;
|
||||
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
@ -69,24 +68,23 @@ import java.util.regex.Pattern;
|
||||
|
||||
@Log4j2
|
||||
public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
private static final String PCR_QUOTE_MASK = "0,1,2,3,4,5,6,7,8,9,10,11,12,13,"
|
||||
+ "14,15,16,17,18,19,20,21,22,23";
|
||||
|
||||
private static final int NUM_OF_VARIABLES = 5;
|
||||
/**
|
||||
* Number of bytes to include in the TPM2.0 nonce.
|
||||
*/
|
||||
public static final int NONCE_LENGTH = 20;
|
||||
private static final String PCR_QUOTE_MASK = "0,1,2,3,4,5,6,7,8,9,10,11,12,13,"
|
||||
+ "14,15,16,17,18,19,20,21,22,23";
|
||||
private static final int NUM_OF_VARIABLES = 5;
|
||||
private static final int MAC_BYTES = 6;
|
||||
|
||||
private SupplyChainValidationService supplyChainValidationService;
|
||||
private CertificateRepository certificateRepository;
|
||||
private ComponentResultRepository componentResultRepository;
|
||||
private ComponentInfoRepository componentInfoRepository;
|
||||
private ReferenceManifestRepository referenceManifestRepository;
|
||||
private ReferenceDigestValueRepository referenceDigestValueRepository;
|
||||
private DeviceRepository deviceRepository;
|
||||
private TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository;
|
||||
private final SupplyChainValidationService supplyChainValidationService;
|
||||
private final CertificateRepository certificateRepository;
|
||||
private final ComponentResultRepository componentResultRepository;
|
||||
private final ComponentInfoRepository componentInfoRepository;
|
||||
private final ReferenceManifestRepository referenceManifestRepository;
|
||||
private final ReferenceDigestValueRepository referenceDigestValueRepository;
|
||||
private final DeviceRepository deviceRepository;
|
||||
private final TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository;
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
@ -117,7 +115,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
* stores the device info, performs supply chain validation, generates a nonce,
|
||||
* and wraps that nonce with the make credential process before returning it to the client.
|
||||
* attCert.setPcrValues(pcrValues);
|
||||
|
||||
*
|
||||
* @param identityClaim the request to process, cannot be null
|
||||
* @return an identity claim response for the specified request containing a wrapped blob
|
||||
*/
|
||||
@ -195,7 +193,8 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
private AppraisalStatus.Status doSupplyChainValidation(
|
||||
final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) {
|
||||
// attempt to find an endorsement credential to validate
|
||||
EndorsementCredential endorsementCredential = parseEcFromIdentityClaim(claim, ekPub, certificateRepository);
|
||||
EndorsementCredential endorsementCredential =
|
||||
parseEcFromIdentityClaim(claim, ekPub, certificateRepository);
|
||||
|
||||
// attempt to find platform credentials to validate
|
||||
List<PlatformCredential> platformCredentials = parsePcsFromIdentityClaim(claim,
|
||||
@ -283,10 +282,10 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
|
||||
/**
|
||||
* Converts a protobuf DeviceInfo object to a HIRS Utils DeviceInfoReport object.
|
||||
*
|
||||
* @param claim the protobuf serialized identity claim containing the device info
|
||||
* @return a HIRS Utils DeviceInfoReport representation of device info
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim)
|
||||
throws NoSuchAlgorithmException {
|
||||
ProvisionerTpm2.DeviceInfo dv = claim.getDv();
|
||||
@ -425,7 +424,8 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
if (dv.getLogfileCount() > 0) {
|
||||
for (ByteString logFile : dv.getLogfileList()) {
|
||||
try {
|
||||
support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType(
|
||||
support =
|
||||
(SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType(
|
||||
Hex.encodeHexString(messageDigest.digest(logFile.toByteArray())),
|
||||
ReferenceManifest.SUPPORT_RIM);
|
||||
if (support == null) {
|
||||
@ -512,8 +512,10 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
}
|
||||
|
||||
// now update support rim
|
||||
SupportReferenceManifest dbSupport = (SupportReferenceManifest) referenceManifestRepository
|
||||
.findByHexDecHashAndRimType(swid.getHashValue(), ReferenceManifest.SUPPORT_RIM);
|
||||
SupportReferenceManifest dbSupport =
|
||||
(SupportReferenceManifest) referenceManifestRepository
|
||||
.findByHexDecHashAndRimType(swid.getHashValue(),
|
||||
ReferenceManifest.SUPPORT_RIM);
|
||||
if (dbSupport != null) {
|
||||
dbSupport.setFileName(swid.getName());
|
||||
dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
|
||||
@ -628,7 +630,8 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
}
|
||||
|
||||
if (baseSupportRim != null
|
||||
&& referenceDigestValueRepository.findBySupportRimHash(baseSupportRim.getHexDecHash()).isEmpty()) {
|
||||
&& referenceDigestValueRepository.findBySupportRimHash(baseSupportRim.getHexDecHash())
|
||||
.isEmpty()) {
|
||||
try {
|
||||
TCGEventLog logProcessor = new TCGEventLog(baseSupportRim.getRimBytes());
|
||||
ReferenceDigestValue rdv;
|
||||
|
@ -11,7 +11,11 @@ import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.manager.SupplyChainValidationRepository;
|
||||
import hirs.attestationca.persist.entity.manager.SupplyChainValidationSummaryRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.*;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
|
||||
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
@ -27,12 +31,10 @@ import lombok.extern.log4j.Log4j2;
|
||||
import org.apache.logging.log4j.Level;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.yaml.snakeyaml.events.Event;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -46,15 +48,15 @@ import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
|
||||
@Service
|
||||
public class SupplyChainValidationService {
|
||||
|
||||
private CACredentialRepository caCredentialRepository;
|
||||
private PolicyRepository policyRepository;
|
||||
private ReferenceManifestRepository referenceManifestRepository;
|
||||
private ReferenceDigestValueRepository referenceDigestValueRepository;
|
||||
private ComponentResultRepository componentResultRepository;
|
||||
private ComponentAttributeRepository componentAttributeRepository;
|
||||
private CertificateRepository certificateRepository;
|
||||
private SupplyChainValidationRepository supplyChainValidationRepository;
|
||||
private SupplyChainValidationSummaryRepository supplyChainValidationSummaryRepository;
|
||||
private final CACredentialRepository caCredentialRepository;
|
||||
private final PolicyRepository policyRepository;
|
||||
private final ReferenceManifestRepository referenceManifestRepository;
|
||||
private final ReferenceDigestValueRepository referenceDigestValueRepository;
|
||||
private final ComponentResultRepository componentResultRepository;
|
||||
private final ComponentAttributeRepository componentAttributeRepository;
|
||||
private final CertificateRepository certificateRepository;
|
||||
private final SupplyChainValidationRepository supplyChainValidationRepository;
|
||||
private final SupplyChainValidationSummaryRepository supplyChainValidationSummaryRepository;
|
||||
private UUID provisionSessionId;
|
||||
|
||||
/**
|
||||
@ -103,7 +105,6 @@ public class SupplyChainValidationService {
|
||||
* @param componentInfos list of components from the device
|
||||
* @return A summary of the validation results.
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec,
|
||||
final List<PlatformCredential> pcs,
|
||||
final Device device,
|
||||
@ -323,7 +324,8 @@ public class SupplyChainValidationService {
|
||||
deviceName));
|
||||
} else {
|
||||
ReferenceManifest manifest = referenceManifestRepository
|
||||
.findByHexDecHashAndRimType(sRim.getEventLogHash(), ReferenceManifest.MEASUREMENT_RIM);
|
||||
.findByHexDecHashAndRimType(sRim.getEventLogHash(),
|
||||
ReferenceManifest.MEASUREMENT_RIM);
|
||||
if (manifest instanceof EventLogMeasurements) {
|
||||
eventLog = (EventLogMeasurements) manifest;
|
||||
}
|
||||
@ -357,7 +359,8 @@ public class SupplyChainValidationService {
|
||||
|
||||
BaseReferenceManifest bRim = null;
|
||||
if (sRim != null && sRim.getAssociatedRim() != null) {
|
||||
Optional<ReferenceManifest> oRim = referenceManifestRepository.findById(sRim.getAssociatedRim());
|
||||
Optional<ReferenceManifest> oRim =
|
||||
referenceManifestRepository.findById(sRim.getAssociatedRim());
|
||||
if (oRim.isPresent()) {
|
||||
ReferenceManifest rim = oRim.get();
|
||||
if (rim instanceof BaseReferenceManifest) {
|
||||
@ -375,7 +378,8 @@ public class SupplyChainValidationService {
|
||||
Optional<SupplyChainValidationSummary> previousOpt
|
||||
//= this.supplyChainValidationSummaryRepository.findByDevice(deviceName);
|
||||
//= this.supplyChainValidationSummaryRepository.findByDevice(device);
|
||||
= this.supplyChainValidationSummaryRepository.findById(UUID.fromString(device.getSummaryId()));
|
||||
= this.supplyChainValidationSummaryRepository.findById(
|
||||
UUID.fromString(device.getSummaryId()));
|
||||
if (previousOpt.isPresent()) {
|
||||
SupplyChainValidationSummary previous = previousOpt.get();
|
||||
for (SupplyChainValidation scv : previous.getValidations()) {
|
||||
@ -421,6 +425,7 @@ public class SupplyChainValidationService {
|
||||
* If the platform attributes policy is enabled, this method updates the matched
|
||||
* status for the component result. This is done so that the details page for the
|
||||
* platform certificate highlights the title card red.
|
||||
*
|
||||
* @param componentResults list of associated component results
|
||||
*/
|
||||
private void updateComponentStatus(final List<ComponentResult> componentResults) {
|
||||
|
@ -49,10 +49,11 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
private static final String LC_UNKNOWN = "unknown";
|
||||
|
||||
/**
|
||||
* Validates platform credential attributes v1 p2.
|
||||
*
|
||||
* @param platformCredential
|
||||
* @param deviceInfoReport
|
||||
* @return
|
||||
* @param platformCredential platform credential
|
||||
* @param deviceInfoReport device information report
|
||||
* @return an appraisal status
|
||||
*/
|
||||
public static AppraisalStatus validatePlatformCredentialAttributesV1p2(
|
||||
final PlatformCredential platformCredential,
|
||||
@ -318,7 +319,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
* base cert for this specific chain
|
||||
* @return Appraisal Status of delta being validated.
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
|
||||
static AppraisalStatus validateDeltaAttributesChainV2p0(
|
||||
final DeviceInfoReport deviceInfoReport,
|
||||
final Map<PlatformCredential, SupplyChainValidation> deltaMapping,
|
||||
@ -856,6 +857,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
|
||||
/**
|
||||
* This method uses a specific hash to match device components with certificate components.
|
||||
*
|
||||
* @param componentInfos list of device component infos
|
||||
* @param compiledComponentList list of the remaining unmatched component results
|
||||
* @return remaining component results not matched
|
||||
@ -892,6 +894,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
|
||||
/**
|
||||
* This method is used to find matches based on the component class value.
|
||||
*
|
||||
* @param componentInfos list of device component infos
|
||||
* @param remainingComponentResults list of the remaining unmatched component results
|
||||
* @return a generated list of component attributes results
|
||||
@ -1019,7 +1022,6 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param deltaCertificates
|
||||
* @param componentResultRepository
|
||||
* @param componentAttributeRepository
|
||||
|
@ -12,8 +12,8 @@ import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.service.ValidationService;
|
||||
import hirs.utils.rim.ReferenceManifestValidator;
|
||||
import hirs.utils.SwidResource;
|
||||
import hirs.utils.rim.ReferenceManifestValidator;
|
||||
import hirs.utils.tpm.eventlog.TCGEventLog;
|
||||
import hirs.utils.tpm.eventlog.TpmPcrEvent;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
@ -24,7 +24,12 @@ import java.security.KeyStore;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
|
||||
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
|
||||
@ -35,7 +40,6 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
private static PcrValidator pcrValidator;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param device
|
||||
* @param policySettings
|
||||
* @param referenceManifestRepository
|
||||
@ -43,7 +47,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
* @param caCredentialRepository
|
||||
* @return
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
|
||||
public static AppraisalStatus validateFirmware(
|
||||
final Device device, final PolicySettings policySettings,
|
||||
final ReferenceManifestRepository referenceManifestRepository,
|
||||
@ -66,7 +70,8 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
// In this case, try to look up the event log associated with the device, then get the base rim associated by event log hash
|
||||
List<ReferenceManifest> deviceRims = referenceManifestRepository.findByDeviceName(hostName);
|
||||
for (ReferenceManifest deviceRim : deviceRims) {
|
||||
if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() && !deviceRim.isSwidPatch()) {
|
||||
if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() &&
|
||||
!deviceRim.isSwidPatch()) {
|
||||
baseReferenceManifest = (BaseReferenceManifest) deviceRim;
|
||||
}
|
||||
|
||||
@ -77,7 +82,9 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
|
||||
// Attempt to get an event log from the database matching the expected hash
|
||||
if (baseReferenceManifest == null && measurement != null) {
|
||||
baseReferenceManifest = (BaseReferenceManifest)referenceManifestRepository.findByEventLogHashAndRimType(measurement.getHexDecHash(), ReferenceManifest.BASE_RIM);
|
||||
baseReferenceManifest =
|
||||
(BaseReferenceManifest) referenceManifestRepository.findByEventLogHashAndRimType(
|
||||
measurement.getHexDecHash(), ReferenceManifest.BASE_RIM);
|
||||
}
|
||||
|
||||
String failedString = "";
|
||||
@ -101,7 +108,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
|
||||
if (passed) {
|
||||
List<SwidResource> resources =
|
||||
((BaseReferenceManifest) baseReferenceManifest).getFileResources();
|
||||
baseReferenceManifest.getFileResources();
|
||||
fwStatus = new AppraisalStatus(PASS,
|
||||
SupplyChainCredentialValidator.FIRMWARE_VALID);
|
||||
|
||||
@ -131,13 +138,15 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
try {
|
||||
certs.add(cac.getX509Certificate());
|
||||
} catch (IOException e) {
|
||||
log.error("Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": "
|
||||
log.error(
|
||||
"Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": "
|
||||
+ e.getMessage());
|
||||
}
|
||||
}
|
||||
referenceManifestValidator.setTrustStore(certs);
|
||||
try {
|
||||
if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(),
|
||||
if (referenceManifestValidator.validateXmlSignature(
|
||||
signingCert.getX509Certificate().getPublicKey(),
|
||||
signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) {
|
||||
try {
|
||||
if (!SupplyChainCredentialValidator.verifyCertificate(
|
||||
@ -268,7 +277,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
||||
}
|
||||
if (fwStatus.getAppStatus().equals(FAIL)) {
|
||||
fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s",
|
||||
fwStatus.getMessage(), sb.toString()));
|
||||
fwStatus.getMessage(), sb));
|
||||
} else {
|
||||
fwStatus = new AppraisalStatus(FAIL,
|
||||
sb.toString(), ReferenceManifest.MEASUREMENT_RIM);
|
||||
|
@ -133,7 +133,9 @@
|
||||
|
||||
<!-- Checks for Size Violations. -->
|
||||
<!-- See https://checkstyle.org/checks/sizes/index.html -->
|
||||
<module name="MethodLength"/>
|
||||
<module name="MethodLength">
|
||||
<property name="max" value="300"/>
|
||||
</module>
|
||||
|
||||
<!-- Checks for whitespace -->
|
||||
<!-- See https://checkstyle.org/checks/whitespace/index.html -->
|
||||
|
Loading…
Reference in New Issue
Block a user