issue_847: Fixed ALL checkstyle and spotbug errors in CA module. Fixing spotbug and checkstyle issues in CA_PORT module now.

HIRS_AttestationCA/build.gradle

@@ -54,6 +54,9 @@ dependencies {
     testImplementation 'org.mockito:mockito-core:4.2.0'
     testImplementation 'org.springframework:spring-test:6.0.8'
 
+    compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
+    annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
+
     // spring management
     compileOnly libs.lombok
     implementation libs.lombok

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java

@@ -9,6 +9,7 @@ import jakarta.persistence.FetchType;
 import jakarta.persistence.JoinColumn;
 import jakarta.persistence.JoinTable;
 import jakarta.persistence.ManyToMany;
+import lombok.AccessLevel;
 import lombok.Getter;
 
 import java.util.ArrayList;
@@ -18,26 +19,24 @@ import java.util.List;
 /**
  * Stores results of a single element of the supply chain validation process.
  */
+@Getter
 @Entity
 public class SupplyChainValidation extends ArchivableEntity {
-    @Getter
     @Column
     private final ValidationType validationType;
 
-    @Getter
     @Column
     private final AppraisalStatus.Status validationResult;
 
+    @Getter(AccessLevel.NONE)
     @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name = "CertificatesUsedToValidate",
             joinColumns = {@JoinColumn(name = "validation_id", nullable = false)})
     private final List<Certificate> certificatesUsed;
 
-    @Getter
     @Column(length = RESULT_MESSAGE_LENGTH)
     private final String message;
-    
+
-    @Getter
     @Column
     private String rimId;
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java

@@ -3,19 +3,20 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
 import hirs.attestationca.persist.entity.userdefined.Certificate;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
-import lombok.EqualsAndHashCode;
+import lombok.AccessLevel;
 import lombok.Getter;
 import org.apache.commons.codec.binary.Hex;
 
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.Arrays;
 
 /**
  * This class persists Certificate Authority credentials by extending the base Certificate
  * class with fields unique to CA credentials.
  */
+@Getter
 @Entity
-@EqualsAndHashCode
 public class CertificateAuthorityCredential extends Certificate {
 
     /**
@@ -30,6 +31,7 @@ public class CertificateAuthorityCredential extends Certificate {
 
     private static final int PREFIX_BYTE_SIZE = 4;
 
+    @Getter(AccessLevel.NONE)
     @Column
     private final byte[] subjectKeyIdentifier;
 
@@ -37,11 +39,9 @@ public class CertificateAuthorityCredential extends Certificate {
      * this field is part of the TCG CA specification, but has not yet been found in
      * manufacturer-provided CAs, and is therefore not currently parsed.
      */
-    @Getter
     @Column
     private final String credentialType = "TCPA Trusted Platform Module Endorsement";
 
-    @Getter
     @Column
     private String subjectKeyIdString;
 
@@ -112,10 +112,59 @@ public class CertificateAuthorityCredential extends Certificate {
         return null;
     }
 
+    /**
+     * Helper method that uses the provided certificate bytes and truncates a portion
+     * of the certificate bytes array.
+     *
+     * @param certificateBytes byte array representation of the certificate bytes
+     * @return a truncated certificate byte array
+     */
     private byte[] truncatePrefixBytes(final byte[] certificateBytes) {
         byte[] temp = new byte[CA_BYTE_SIZE];
         System.arraycopy(certificateBytes, PREFIX_BYTE_SIZE, temp, 0, CA_BYTE_SIZE);
 
         return temp;
     }
+
+    /**
+     * Compares this Certificate Authority Credential object to another Certificate
+     * Authority Credential object.
+     *
+     * @param o object to compare
+     * @return true if both this and the provided Certificate Authority Credential objects are equal,
+     * false otherwise
+     */
+    public boolean equals(final Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        if (!super.equals(o)) {
+            return false;
+        }
+
+        CertificateAuthorityCredential that = (CertificateAuthorityCredential) o;
+
+//        if (!Objects.equals(credentialType, that.credentialType)) {
+//            return false;
+//        }
+
+        return Arrays.equals(subjectKeyIdentifier, that.subjectKeyIdentifier);
+    }
+
+    /**
+     * Creates an integer hash code.
+     *
+     * @return an integer hash code
+     */
+    @Override
+    public int hashCode() {
+        final int hashCodeConst = 31;
+        int result = super.hashCode();
+        result = hashCodeConst * result + credentialType.hashCode();
+        result = hashCodeConst * result + Arrays.hashCode(subjectKeyIdentifier);
+        return result;
+    }
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java

@@ -1,214 +1,179 @@
 package hirs.attestationca.persist.entity.userdefined.certificate;
 
-public class CertificateVariables {
+public final class CertificateVariables {
 
     /**
      *
      */
     public static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----";
-
     /**
      *
      */
     public static final String PEM_FOOTER = "-----END CERTIFICATE-----";
-
     /**
      *
      */
     public static final String PEM_ATTRIBUTE_HEADER = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
-
     /**
      *
      */
     public static final String PEM_ATTRIBUTE_FOOTER = "-----END ATTRIBUTE CERTIFICATE-----";
-
     /**
      *
      */
     public static final String MALFORMED_CERT_MESSAGE = "Malformed certificate detected.";
-
     /**
      *
      */
     public static final int MAX_CERT_LENGTH_BYTES = 2048;
-
     /**
      *
      */
     public static final int MAX_NUMERIC_PRECISION = 49;
-
     /**
      * Can store up to 160 bit values.
      */
     public static final int MAX_PUB_KEY_MODULUS_HEX_LENGTH = 1024;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT0 = 0;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT1 = 1;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT2 = 2;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT3 = 3;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT4 = 4;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT5 = 5;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT6 = 6;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT7 = 7;
-
     /**
      *
      */
     public static final int KEY_USAGE_BIT8 = 8;
-
     /**
      *
      */
     public static final String KEY_USAGE_DS = "DIGITAL SIGNATURE";
-
     /**
      *
      */
     public static final String KEY_USAGE_NR = "NON-REPUDIATION";
-
     /**
      *
      */
     public static final String KEY_USAGE_KE = "KEY ENCIPHERMENT";
-
     /**
      *
      */
     public static final String KEY_USAGE_DE = "DATA ENCIPHERMENT";
-
     /**
      *
      */
     public static final String KEY_USAGE_KA = "KEY AGREEMENT";
-
     /**
      *
      */
     public static final String KEY_USAGE_KC = "KEY CERT SIGN";
-
     /**
      *
      */
     public static final String KEY_USAGE_CS = "CRL SIGN";
-
     /**
      *
      */
     public static final String KEY_USAGE_EO = "ENCIPHER ONLY";
-
     /**
      *
      */
     public static final String KEY_USAGE_DO = "DECIPHER ONLY";
-
     /**
      *
      */
     public static final String ECDSA_OID = "1.2.840.10045.4.3.2";
-
     /**
      *
      */
     public static final String ECDSA_SHA224_OID = "1.2.840.10045.4.1";
-
     /**
      *
      */
     public static final String RSA256_OID = "1.2.840.113549.1.1.11";
-
     /**
      *
      */
     public static final String RSA384_OID = "1.2.840.113549.1.1.12";
-
     /**
      *
      */
     public static final String RSA512_OID = "1.2.840.113549.1.1.13";
-
     /**
      *
      */
     public static final String RSA224_OID = "1.2.840.113549.1.1.14";
-
     /**
      *
      */
     public static final String RSA512_224_OID = "1.2.840.113549.1.1.15";
-
     /**
      *
      */
     public static final String RSA512_256_OID = "1.2.840.113549.1.1.16";
-
     /**
      *
      */
     public static final String RSA256_STRING = "SHA256WithRSA";
-
     /**
      *
      */
     public static final String RSA384_STRING = "SHA384WithRSA";
-
     /**
      *
      */
     public static final String RSA224_STRING = "SHA224WithRSA";
-
     /**
      *
      */
     public static final String RSA512_STRING = "SHA512WithRSA";
-
     /**
      *
      */
     public static final String RSA512_224_STRING = "SHA512-224WithRSA";
-
     /**
      *
      */
     public static final String RSA512_256_STRING = "SHA512-256WithRSA";
-
     /**
      *
      */
     public static final String ECDSA_STRING = "SHA256WithECDSA";
-
     /**
      *
      */
     public static final String ECDSA_SHA224_STRING = "SHA224WithECDSA";
+
+    /**
+     * Private constructor was created to silence checkstyle error.
+     */
+    private CertificateVariables() {
+    }
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java

@@ -1,5 +1,6 @@
 package hirs.attestationca.persist.entity.userdefined.certificate;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSecurityAssertions;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSpecification;
 import jakarta.persistence.Column;
@@ -60,6 +61,9 @@ import java.util.Set;
  * trustedcomputinggroup.org/wp-content/uploads/Credential_Profiles_V1.2_Level2_Revision8.pdf
  */
 @Log4j2
+@SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE",
+        justification = "property credentialType is guaranteed to always be non-null/initialized. Warning"
+                + "stems from auto-generated lombok equals and hashcode method doing redundant null checks.")
 @EqualsAndHashCode(callSuper = false)
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 @Entity
@@ -115,7 +119,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
      * manufacturer-provided ECs, and is therefore not currently parsed.
      */
     @Getter
-    @Column(nullable = true)
+    @Column
     private final String policyReference = null; // optional
 
     /**
@@ -123,7 +127,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
      * manufacturer-provided ECs, and is therefore not currently parsed.
      */
     @Getter
-    @Column(nullable = true)
+    @Column
     private final String revocationLocator = null; // optional
 
     @Getter
@@ -265,13 +269,13 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             value = entry.getValue();
             if (oid.equals(TPM_MODEL)) {
                 model = value.toString();
-                log.debug("Found TPM Model: " + model);
+                log.debug("Found TPM Model: {}", model);
             } else if (oid.equals(TPM_VERSION)) {
                 version = value.toString();
-                log.debug("Found TPM Version: " + version);
+                log.debug("Found TPM Version: {}", version);
             } else if (oid.equals(TPM_MANUFACTURER)) {
                 manufacturer = value.toString();
-                log.debug("Found TPM Manufacturer: " + manufacturer);
+                log.debug("Found TPM Manufacturer: {}", manufacturer);
             }
         }
     }
@@ -317,7 +321,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             ASN1Integer revision = (ASN1Integer) seq.getObjectAt(ASN1_REV_INDEX);
             tpmSpecification = new TPMSpecification(family.getString(), level.getValue(),
                     revision.getValue());
-            log.debug("Found TPM Spec:" + tpmSpecification);
+            log.debug("Found TPM Spec:{}", tpmSpecification);
         } else if (addToMapping && key.equals(TPM_SECURITY_ASSERTIONS)) {
             // Parse TPM Security Assertions
             int seqPosition = 0;
@@ -343,7 +347,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             tpmSecurityAssertions = new TPMSecurityAssertions(ver.getValue(),
                     fieldUpgradeable.isTrue());
 
-            log.debug("Found TPM Assertions: " + tpmSecurityAssertions);
+            log.debug("Found TPM Assertions: {}", tpmSecurityAssertions);
             // Iterate through remaining fields to set optional attributes
             int tag;
             ASN1TaggedObject obj;
@@ -401,7 +405,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
      * @param key          if addToMapping is true, the key in the OID key/value pair
      * @throws IOException parsing of subcomponents in the tree failed.
      */
-    @SuppressWarnings("checkstyle:methodlength")
     private void parseSingle(final ASN1Primitive component, final boolean addToMapping,
                              final String key) throws IOException {
         // null check the key if addToMapping is true
@@ -563,7 +566,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
 
         } else {
             // there are some deprecated types that we don't parse
-            log.error("Unparsed type: " + component.getClass());
+            log.error("Unparsed type: {}", component.getClass());
         }
     }
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReport.java

@@ -1,5 +1,6 @@
 package hirs.attestationca.persist.entity.userdefined.report;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hirs.attestationca.persist.entity.AbstractEntity;
 import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
 import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
@@ -28,6 +29,10 @@ import java.net.InetAddress;
  * information about the device. This <code>Report</code> includes the network,
  * OS, and TPM information.
  */
+@SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE",
+        justification = "various class properties here are guaranteed to always be non-null/initialized."
+                + " Warning stems from auto-generated lombok equals and hashcode method doing redundant "
+                + "null checks.")
 @NoArgsConstructor
 @EqualsAndHashCode(callSuper = false)
 @Log4j2

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/enums/HealthStatus.java

@@ -31,6 +31,12 @@ public enum HealthStatus {
 
     private final String healthStatus;
 
+    /**
+     * Determines if the provided health status is a valid health status.
+     *
+     * @param healthStatus string representation of the healh status
+     * @return true if the health status is valid, otherwise false
+     */
     public static boolean isValidStatus(final String healthStatus) {
         return Arrays.stream(HealthStatus.values())
                 .map(HealthStatus::name)

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/ProvisionUtils.java

@@ -97,7 +97,7 @@ public final class ProvisionUtils {
     private static final SecureRandom SECURE_RANDOM = new SecureRandom();
 
     /**
-     * This private constructor was created to silence checkstyle errors.
+     * This private constructor was created to silence checkstyle error.
      */
     private ProvisionUtils() {
     }
@@ -219,7 +219,8 @@ public final class ProvisionUtils {
                                 new PSource.PSpecified("".getBytes(StandardCharsets.UTF_8)));
 
                 cipher.init(Cipher.PRIVATE_KEY, privateKey, spec);
-            } else {// initialize the cipher to decrypt using the ACA private key.
+            } else {
+                // initialize the cipher to decrypt using the ACA private key.
                 cipher.init(Cipher.DECRYPT_MODE, privateKey);
             }
 
@@ -532,15 +533,32 @@ public final class ProvisionUtils {
         credentialBlob[0] = topSize[1];
         credentialBlob[1] = topSize[0];
         credentialBlob[2] = 0x00;
-        credentialBlob[3] = 0x20;
+
-        System.arraycopy(integrityHmac, 0, credentialBlob, 4, 32);
+        final int credBlobPosition4 = 3;
-        for (int i = 0; i < 98; i++) {
+        final byte credBlobFourthPositionValue = 0x20;
-            credentialBlob[36 + i] = 0x00;
+        credentialBlob[credBlobPosition4] = credBlobFourthPositionValue;
+
+        final int credBlobPosition5 = 4;
+        final int credBlobSizeFromPosition5 = 32;
+        System.arraycopy(integrityHmac, 0, credentialBlob, credBlobPosition5, credBlobSizeFromPosition5);
+
+        final int credBlobPosition99 = 98;
+        final int credBlobPosition37 = 36;
+
+        for (int i = 0; i < credBlobPosition99; i++) {
+            credentialBlob[credBlobPosition37 + i] = 0x00;
         }
-        System.arraycopy(encryptedSecret, 0, credentialBlob, 36, encryptedSecret.length);
+        System.arraycopy(encryptedSecret, 0, credentialBlob, credBlobPosition37, encryptedSecret.length);
-        credentialBlob[134] = 0x00;
+
-        credentialBlob[135] = 0x01;
+        final int credBlobPosition135 = 134;
-        System.arraycopy(encryptedSeed, 0, credentialBlob, 136, 256);
+        credentialBlob[credBlobPosition135] = 0x00;
+
+        final int credBlobPosition136 = 135;
+        credentialBlob[credBlobPosition136] = 0x01;
+
+        final int credBlobPosition137 = 136;
+        final int credBlobSizeFromPosition137 = 256;
+        System.arraycopy(encryptedSeed, 0, credentialBlob, credBlobPosition137, credBlobSizeFromPosition137);
         // return the result
         return credentialBlob;
     }
@@ -583,7 +601,8 @@ public final class ProvisionUtils {
     public static byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context,
                                    final int sizeInBytes)
             throws NoSuchAlgorithmException, InvalidKeyException {
-        ByteBuffer b = ByteBuffer.allocate(4);
+        final int capacity = 4;
+        ByteBuffer b = ByteBuffer.allocate(capacity);
         b.putInt(1);
         byte[] counter = b.array();
         // get the label
@@ -592,24 +611,27 @@ public final class ProvisionUtils {
             labelWithEnding = label + "\0";
         }
         byte[] labelBytes = labelWithEnding.getBytes(StandardCharsets.UTF_8);
-        b = ByteBuffer.allocate(4);
+        final int byteOffset = 8;
-        b.putInt(sizeInBytes * 8);
+        b = ByteBuffer.allocate(capacity);
+        b.putInt(sizeInBytes * byteOffset);
         byte[] desiredSizeInBits = b.array();
-        int sizeOfMessage = 8 + labelBytes.length;
+        int sizeOfMessage = byteOffset + labelBytes.length;
         if (context != null) {
             sizeOfMessage += context.length;
         }
         byte[] message = new byte[sizeOfMessage];
         int marker = 0;
-        System.arraycopy(counter, 0, message, marker, 4);
+
-        marker += 4;
+        final int markerLength = 4;
+        System.arraycopy(counter, 0, message, marker, markerLength);
+        marker += markerLength;
         System.arraycopy(labelBytes, 0, message, marker, labelBytes.length);
         marker += labelBytes.length;
         if (context != null) {
             System.arraycopy(context, 0, message, marker, context.length);
             marker += context.length;
         }
-        System.arraycopy(desiredSizeInBits, 0, message, marker, 4);
+        System.arraycopy(desiredSizeInBits, 0, message, marker, markerLength);
         Mac hmac;
         byte[] toReturn = new byte[sizeInBytes];
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java

@@ -14,7 +14,7 @@ import java.util.ListIterator;
 public final class CredentialHelper {
 
     /**
-     * Private constructor was created to silence checkstyle.
+     * Private constructor was created to silence checkstyle error.
      */
     private CredentialHelper() {
     }
@@ -88,10 +88,13 @@ public final class CredentialHelper {
             // Look for first ASN.1 Sequence marked by the two bytes (0x30) and (0x82)
             // The check advances our position in the ByteBuffer by one byte
             int currentPosition = certificateByteBuffer.position();
-            if (certificateByteBuffer.get() == (byte) 0x30
+            final byte byte1 = (byte) 0x30;
-                    && certificateByteBuffer.get(currentPosition + 1) == (byte) 0x82) {
+            final byte byte2 = (byte) 0x82;
+            if (certificateByteBuffer.get() == byte1
+                    && certificateByteBuffer.get(currentPosition + 1) == byte2) {
                 // Check if we have anything more in the buffer than an ASN.1 Sequence header
-                if (certificateByteBuffer.remaining() <= 3) {
+                final int minByteBufferRemaining = 3;
+                if (certificateByteBuffer.remaining() <= minByteBufferRemaining) {
                     throw new IllegalArgumentException(malformedCertStringBuilder
                             .append(" Certificate is nothing more than ASN.1 Sequence.")
                             .toString());
@@ -103,7 +106,8 @@ public final class CredentialHelper {
                 certificateLength = Short.toUnsignedInt(
                         certificateByteBuffer.getShort(currentPosition + 2));
                 // Add the 4 bytes that comprise the start of the ASN.1 Sequence and the length
-                certificateLength += 4;
+                final int startOfASN1Bytes = 4;
+                certificateLength += startOfASN1Bytes;
                 break;
             }
         }

HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelperTest.java

@@ -3,6 +3,7 @@ package hirs.attestationca.persist.provision.helper;
 import hirs.attestationca.persist.entity.manager.CertificateRepository;
 import hirs.attestationca.persist.entity.userdefined.Certificate;
 import org.apache.commons.io.IOUtils;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mock;
@@ -22,18 +23,37 @@ public class CredentialManagementHelperTest {
 
     private static final String EK_HEADER_TRUNCATED
             = "/certificates/nuc-1/ek_cert_7_byte_header_removed.cer";
+
     private static final String EK_UNTOUCHED
             = "/certificates/nuc-1/ek_cert_untouched.cer";
+
     @Mock
     private CertificateRepository certificateRepository;
 
+    /**
+     * Holds the AutoCloseable instance returned by openMocks.
+     */
+    private AutoCloseable mocks;
+
     /**
      * Setup mocks.
      */
     @BeforeEach
     public void setUp() {
         //certificateRepository = mock(CertificateRepository.class);
-        MockitoAnnotations.initMocks(this);
+        mocks = MockitoAnnotations.openMocks(this);
+    }
+
+    /**
+     * Tears down the mock instances.
+     *
+     * @throws Exception if there are any issues closing down mock instances
+     */
+    @AfterEach
+    public void tearDown() throws Exception {
+        if (mocks != null) {
+            mocks.close();
+        }
     }
 
     /**
@@ -93,7 +113,7 @@ public class CredentialManagementHelperTest {
     }
 
     /**
-     * Tests processing a valid EK with the 7 byte header in tact.
+     * Tests processing a valid EK with the 7 byte header intact.
      *
      * @throws IOException if an IO error occurs
      */

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSApplication.java

@@ -24,7 +24,8 @@ public class HIRSApplication {//extends SpringBootServletInitializer {
 
     public static void main(String[] args) {
 //        SpringApplication springApplication = new SpringApplication(HIRSApplication.class);
-//        springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path", "/portal"));
+//        springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path",
+//        "/portal"));
 //        springApplication.run(args);
         SpringApplication.run(HIRSApplication.class, args);
     }

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/HIRSDbInitializer.java

@@ -27,7 +27,8 @@ public class HIRSDbInitializer extends AbstractAnnotationConfigDispatcherServlet
         } catch (NoSuchBeanDefinitionException nsbdEx) {
             if (log.isDebugEnabled()) {
                 log.debug(
-                        "Unable to locate MultipartResolver with name 'multipartResolver': no multipart request handling provided");
+                        "Unable to locate MultipartResolver with name 'multipartResolver': no multipart"
+                                + " request handling provided");
             }
         } catch (Exception ex) {
             log.error(ex.getMessage());

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java

@@ -251,7 +251,8 @@ public class PersistenceJPAConfig implements WebMvcConfigurer {
 
 //    @Bean(name="default-settings")
 //    public PolicySettings supplyChainSettings() {
-//        PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no validation flags set.");
+//        PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no
+//        validation flags set.");
 //
 //        return scSettings;
 //    }

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/DataTableResponse.java

@@ -16,16 +16,20 @@ import java.util.List;
  *
  * @param <T> the type of object that is being wrapped.
  */
+@Getter
+@Setter
 @NoArgsConstructor(access = AccessLevel.PUBLIC)
 public final class DataTableResponse<T> {
 
-    private List<T> data = new LinkedList<T>();
+    @Getter(AccessLevel.NONE)
-    @Getter
+    @Setter(AccessLevel.NONE)
-    @Setter
+    private final List<T> data = new LinkedList<T>();
+
     private int draw;
-    @Getter
+
-    @Setter
+    private long recordsTotal;
-    private long recordsTotal, recordsFiltered;
+
+    private long recordsFiltered;
 
     /**
      * Builds a data table response using a FilteredRecordList.

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.datatables;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/listener/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.listener;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageParams.java

@@ -14,4 +14,4 @@ public interface PageParams {
      */
     LinkedHashMap<String, ?> asMap();
 
-}
+}

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java

@@ -222,4 +222,4 @@ public class DevicePageController extends PageController<NoPageParams> {
         return deviceIds;
     }
 
-}
+}

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java

@@ -115,7 +115,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
 
         String orderColumnName = input.getOrderColumnName();
         log.info("Ordering on column: " + orderColumnName);
-        log.info("Querying with the following dataTableInput: " + input.toString());
+        log.info("Querying with the following dataTableInput: " + input);
 
         FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
         int currentPage = input.getStart() / input.getLength();
@@ -281,10 +281,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
                 // send a 404 error when invalid Reference Manifest
                 response.sendError(HttpServletResponse.SC_NOT_FOUND);
             } else {
-                StringBuilder fileName = new StringBuilder("filename=\"");
-                fileName.append(referenceManifest.getFileName());
                 // Set filename for download.
-                response.setHeader("Content-Disposition", "attachment;" + fileName);
+                response.setHeader("Content-Disposition",
+                        "attachment;" + "filename=\"" + referenceManifest.getFileName()
+                        // Set filename for download.
+                );
                 response.setContentType("application/octet-stream");
 
                 // write cert to output stream
@@ -380,7 +381,6 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
      *                    user.
      * @param baseRims    object to store multiple files
      * @param supportRims object to store multiple files
-     * @return a single or collection of reference manifest files.
      */
     private void parseRIM(
             final MultipartFile file, final boolean supportRIM,

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.page.controllers;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.page;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/params/package-info.java

@@ -1 +1 @@
-package hirs.attestationca.portal.page.params;
+package hirs.attestationca.portal.page.params;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/package-info.java

@@ -1 +1 @@
-package hirs.attestationca.portal.page.utils;
+package hirs.attestationca.portal.page.utils;

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/PageControllerTest.java

@@ -180,7 +180,9 @@ public abstract class PageControllerTest {
     }
 
     /**
-     * Create page path (add pre-prefix and prefix path)
+     * Create page path (add pre-prefix and prefix path).
+     *
+     * @return
      */
     public String getPagePath() {
         String pagePath = PRE_PREFIX_PATH + page.getPrefixPath() + page.getViewName();
@@ -223,4 +225,4 @@ public abstract class PageControllerTest {
                         PageController.PAGES_ATTRIBUTE, equalTo(Page.values()))
                 );
     }
-}
+}

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageControllerTest.java

@@ -438,4 +438,4 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
         //assertEquals(issuedCredential.getEndorsementCredential().getId().toString(),
         //        initialData.get("endorsementID"));
     }
-}
+}

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/DevicePageControllerTest.java

@@ -35,7 +35,7 @@ public class DevicePageControllerTest extends PageControllerTest {
     private static final String TEST_PLATFORM_CREDENTIAL
             = "/platform_credentials/Intel_pc.cer";
     // Base path for the page
-    private String pagePath;
+    private final String pagePath;
     // Repository manager to handle data access between device entity and data storage in db
     @Autowired
     private DeviceRepository deviceRepository;
@@ -103,4 +103,4 @@ public class DevicePageControllerTest extends PageControllerTest {
                 .andReturn();
     }
 
-}
+}

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PlatformCredentialsPageControllerTest.java

@@ -35,7 +35,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
     private static final String NONPCCERT = "certificates/fakeIntelIntermediateCA.pem";
     private static final String BADPCCERT = "certificates/badCert.pem";
     // Base path for the page
-    private String pagePath;
+    private final String pagePath;
     // Repository manager to handle data access between certificate entity and data storage in db
     @Autowired
     private CertificateRepository certificateRepository;
@@ -94,7 +94,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
     }
 
     /**
-     * Uploads test cert to db
+     * Uploads test cert to db.
      *
      * @return the cert that was uploaded
      * @throws Exception if an exception occurs
@@ -127,7 +127,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
     }
 
     /**
-     * Archives test cert that is in db by setting the archive flag
+     * Archives test cert that is in db by setting the archive flag.
      *
      * @throws Exception if an exception occurs
      */

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PolicyPageControllerTest.java

@@ -27,7 +27,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 public class PolicyPageControllerTest extends PageControllerTest {
 
     // Base path for the page
-    private String pagePath;
+    private final String pagePath;
 
     // Repository manager to handle data access between policy entity and data storage in db
     @Autowired
@@ -45,7 +45,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
     }
 
     /**
-     * Sets up policy
+     * Sets up policy.
      */
     @BeforeAll
     public void setUpPolicy() {
@@ -376,8 +376,6 @@ public class PolicyPageControllerTest extends PageControllerTest {
     /**
      * Helper function to set policy member variable back to all false.
      * After this function, can set specific values to true and then need to save policy.
-     *
-     * @return void
      */
     private void setPolicy_AllFalse() {
         policy.setEcValidationEnabled(false);
@@ -388,9 +386,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
 
     /**
      * Helper function to set policy member variable - PC Validation to True
-     * Note: to set PC Validation to true, EC Validation must also be true
+     * Note: to set PC Validation to true, EC Validation must also be true.
-     *
-     * @return void
      */
     private void setPolicy_PcToTrue() {
         policy.setEcValidationEnabled(true);
@@ -399,9 +395,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
 
     /**
      * Helper function to set policy member variable - PC Attribute Validation to True
-     * Note: to set PC Attribute Validation to true, PC Validation must also be true
+     * Note: to set PC Attribute Validation to true, PC Validation must also be true.
-     *
-     * @return void
      */
     private void setPolicy_PcAttributeToTrue() {
         setPolicy_PcToTrue();

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/TrustChainManagementPageControllerTest.java

@@ -39,7 +39,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
     private static final String NONCACERT = "certificates/fakeIntelIntermediateCA.pem";
     private static final String BADCERT = "certificates/badCert.pem";
     // Base path for the page
-    private String pagePath;
+    private final String pagePath;
     // Repository manager to handle data access between certificate entity and data storage in db
     @Autowired
     private CertificateRepository certificateRepository;
@@ -129,10 +129,9 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
 
         Certificate cert = uploadTestCert();
 
-        StringBuilder fileName = new StringBuilder("attachment;filename=\"");
+        String fileName = "attachment;filename=\"" + "CertificateAuthorityCredential_" +
-        fileName.append("CertificateAuthorityCredential_");
+                cert.getSerialNumber() +
-        fileName.append(cert.getSerialNumber());
+                ".cer\"";
-        fileName.append(".cer\"");
 
         // verify cert file attachment and content
         getMockMvc()
@@ -143,7 +142,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
                 .andExpect(status().isOk())
                 .andExpect(content().contentType("application/octet-stream"))
                 .andExpect(header().string("Content-Disposition",
-                        fileName.toString()))
+                        fileName))
                 .andExpect(content().bytes(cert.getRawBytes()));
 
     }
@@ -164,7 +163,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
     }
 
     /**
-     * Uploads test cert to db
+     * Uploads test cert to db.
      *
      * @return the cert that was uploaded
      * @throws Exception if an exception occurs
@@ -201,7 +200,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
     }
 
     /**
-     * Archives test cert that is in db by setting the archive flag
+     * Archives test cert that is in db by setting the archive flag.
      *
      * @throws Exception if an exception occurs
      */

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.page.controllers;

HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/package-info.java

@@ -0,0 +1 @@
+package hirs.attestationca.portal.page;

gradle.properties

@@ -3,3 +3,5 @@ includeGroups=
 org.gradle.daemon=true
 org.gradle.jvmargs=-Xms256m -Xmx1024m
 org.gradle.caching=true
+#dependency versions
+spotBugAnnotationVersion=4.8.6