mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
issue_847: Fixed ALL checkstyle and spotbug errors in CA module. Fixing spotbug and checkstyle issues in CA_PORT module now.
This commit is contained in:
parent
7959a16a56
commit
6d770e9a63
@ -54,6 +54,9 @@ dependencies {
|
||||
testImplementation 'org.mockito:mockito-core:4.2.0'
|
||||
testImplementation 'org.springframework:spring-test:6.0.8'
|
||||
|
||||
compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
|
||||
annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
|
||||
|
||||
// spring management
|
||||
compileOnly libs.lombok
|
||||
implementation libs.lombok
|
||||
|
@ -9,6 +9,7 @@ import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.JoinTable;
|
||||
import jakarta.persistence.ManyToMany;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.util.ArrayList;
|
||||
@ -18,26 +19,24 @@ import java.util.List;
|
||||
/**
|
||||
* Stores results of a single element of the supply chain validation process.
|
||||
*/
|
||||
@Getter
|
||||
@Entity
|
||||
public class SupplyChainValidation extends ArchivableEntity {
|
||||
@Getter
|
||||
@Column
|
||||
private final ValidationType validationType;
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private final AppraisalStatus.Status validationResult;
|
||||
|
||||
@Getter(AccessLevel.NONE)
|
||||
@ManyToMany(fetch = FetchType.EAGER)
|
||||
@JoinTable(name = "CertificatesUsedToValidate",
|
||||
joinColumns = {@JoinColumn(name = "validation_id", nullable = false)})
|
||||
private final List<Certificate> certificatesUsed;
|
||||
|
||||
@Getter
|
||||
@Column(length = RESULT_MESSAGE_LENGTH)
|
||||
private final String message;
|
||||
|
||||
@Getter
|
||||
|
||||
@Column
|
||||
private String rimId;
|
||||
|
||||
|
@ -3,19 +3,20 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.Getter;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Path;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* This class persists Certificate Authority credentials by extending the base Certificate
|
||||
* class with fields unique to CA credentials.
|
||||
*/
|
||||
@Getter
|
||||
@Entity
|
||||
@EqualsAndHashCode
|
||||
public class CertificateAuthorityCredential extends Certificate {
|
||||
|
||||
/**
|
||||
@ -30,6 +31,7 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
|
||||
private static final int PREFIX_BYTE_SIZE = 4;
|
||||
|
||||
@Getter(AccessLevel.NONE)
|
||||
@Column
|
||||
private final byte[] subjectKeyIdentifier;
|
||||
|
||||
@ -37,11 +39,9 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
* this field is part of the TCG CA specification, but has not yet been found in
|
||||
* manufacturer-provided CAs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column
|
||||
private final String credentialType = "TCPA Trusted Platform Module Endorsement";
|
||||
|
||||
@Getter
|
||||
@Column
|
||||
private String subjectKeyIdString;
|
||||
|
||||
@ -112,10 +112,59 @@ public class CertificateAuthorityCredential extends Certificate {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that uses the provided certificate bytes and truncates a portion
|
||||
* of the certificate bytes array.
|
||||
*
|
||||
* @param certificateBytes byte array representation of the certificate bytes
|
||||
* @return a truncated certificate byte array
|
||||
*/
|
||||
private byte[] truncatePrefixBytes(final byte[] certificateBytes) {
|
||||
byte[] temp = new byte[CA_BYTE_SIZE];
|
||||
System.arraycopy(certificateBytes, PREFIX_BYTE_SIZE, temp, 0, CA_BYTE_SIZE);
|
||||
|
||||
return temp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Compares this Certificate Authority Credential object to another Certificate
|
||||
* Authority Credential object.
|
||||
*
|
||||
* @param o object to compare
|
||||
* @return true if both this and the provided Certificate Authority Credential objects are equal,
|
||||
* false otherwise
|
||||
*/
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
CertificateAuthorityCredential that = (CertificateAuthorityCredential) o;
|
||||
|
||||
// if (!Objects.equals(credentialType, that.credentialType)) {
|
||||
// return false;
|
||||
// }
|
||||
|
||||
return Arrays.equals(subjectKeyIdentifier, that.subjectKeyIdentifier);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an integer hash code.
|
||||
*
|
||||
* @return an integer hash code
|
||||
*/
|
||||
@Override
|
||||
public int hashCode() {
|
||||
final int hashCodeConst = 31;
|
||||
int result = super.hashCode();
|
||||
result = hashCodeConst * result + credentialType.hashCode();
|
||||
result = hashCodeConst * result + Arrays.hashCode(subjectKeyIdentifier);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
@ -1,214 +1,179 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
public class CertificateVariables {
|
||||
public final class CertificateVariables {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_HEADER = "-----BEGIN CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_FOOTER = "-----END CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_ATTRIBUTE_HEADER = "-----BEGIN ATTRIBUTE CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String PEM_ATTRIBUTE_FOOTER = "-----END ATTRIBUTE CERTIFICATE-----";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String MALFORMED_CERT_MESSAGE = "Malformed certificate detected.";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int MAX_CERT_LENGTH_BYTES = 2048;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int MAX_NUMERIC_PRECISION = 49;
|
||||
|
||||
/**
|
||||
* Can store up to 160 bit values.
|
||||
*/
|
||||
public static final int MAX_PUB_KEY_MODULUS_HEX_LENGTH = 1024;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT0 = 0;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT1 = 1;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT2 = 2;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT3 = 3;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT4 = 4;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT5 = 5;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT6 = 6;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT7 = 7;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final int KEY_USAGE_BIT8 = 8;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DS = "DIGITAL SIGNATURE";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_NR = "NON-REPUDIATION";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KE = "KEY ENCIPHERMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DE = "DATA ENCIPHERMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KA = "KEY AGREEMENT";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_KC = "KEY CERT SIGN";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_CS = "CRL SIGN";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_EO = "ENCIPHER ONLY";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String KEY_USAGE_DO = "DECIPHER ONLY";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_OID = "1.2.840.10045.4.3.2";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_SHA224_OID = "1.2.840.10045.4.1";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA256_OID = "1.2.840.113549.1.1.11";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA384_OID = "1.2.840.113549.1.1.12";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_OID = "1.2.840.113549.1.1.13";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA224_OID = "1.2.840.113549.1.1.14";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_224_OID = "1.2.840.113549.1.1.15";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_256_OID = "1.2.840.113549.1.1.16";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA256_STRING = "SHA256WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA384_STRING = "SHA384WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA224_STRING = "SHA224WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_STRING = "SHA512WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_224_STRING = "SHA512-224WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String RSA512_256_STRING = "SHA512-256WithRSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_STRING = "SHA256WithECDSA";
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public static final String ECDSA_SHA224_STRING = "SHA224WithECDSA";
|
||||
|
||||
/**
|
||||
* Private constructor was created to silence checkstyle error.
|
||||
*/
|
||||
private CertificateVariables() {
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSecurityAssertions;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSpecification;
|
||||
import jakarta.persistence.Column;
|
||||
@ -60,6 +61,9 @@ import java.util.Set;
|
||||
* trustedcomputinggroup.org/wp-content/uploads/Credential_Profiles_V1.2_Level2_Revision8.pdf
|
||||
*/
|
||||
@Log4j2
|
||||
@SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE",
|
||||
justification = "property credentialType is guaranteed to always be non-null/initialized. Warning"
|
||||
+ "stems from auto-generated lombok equals and hashcode method doing redundant null checks.")
|
||||
@EqualsAndHashCode(callSuper = false)
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Entity
|
||||
@ -115,7 +119,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
@Column
|
||||
private final String policyReference = null; // optional
|
||||
|
||||
/**
|
||||
@ -123,7 +127,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* manufacturer-provided ECs, and is therefore not currently parsed.
|
||||
*/
|
||||
@Getter
|
||||
@Column(nullable = true)
|
||||
@Column
|
||||
private final String revocationLocator = null; // optional
|
||||
|
||||
@Getter
|
||||
@ -265,13 +269,13 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
value = entry.getValue();
|
||||
if (oid.equals(TPM_MODEL)) {
|
||||
model = value.toString();
|
||||
log.debug("Found TPM Model: " + model);
|
||||
log.debug("Found TPM Model: {}", model);
|
||||
} else if (oid.equals(TPM_VERSION)) {
|
||||
version = value.toString();
|
||||
log.debug("Found TPM Version: " + version);
|
||||
log.debug("Found TPM Version: {}", version);
|
||||
} else if (oid.equals(TPM_MANUFACTURER)) {
|
||||
manufacturer = value.toString();
|
||||
log.debug("Found TPM Manufacturer: " + manufacturer);
|
||||
log.debug("Found TPM Manufacturer: {}", manufacturer);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -317,7 +321,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
ASN1Integer revision = (ASN1Integer) seq.getObjectAt(ASN1_REV_INDEX);
|
||||
tpmSpecification = new TPMSpecification(family.getString(), level.getValue(),
|
||||
revision.getValue());
|
||||
log.debug("Found TPM Spec:" + tpmSpecification);
|
||||
log.debug("Found TPM Spec:{}", tpmSpecification);
|
||||
} else if (addToMapping && key.equals(TPM_SECURITY_ASSERTIONS)) {
|
||||
// Parse TPM Security Assertions
|
||||
int seqPosition = 0;
|
||||
@ -343,7 +347,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
tpmSecurityAssertions = new TPMSecurityAssertions(ver.getValue(),
|
||||
fieldUpgradeable.isTrue());
|
||||
|
||||
log.debug("Found TPM Assertions: " + tpmSecurityAssertions);
|
||||
log.debug("Found TPM Assertions: {}", tpmSecurityAssertions);
|
||||
// Iterate through remaining fields to set optional attributes
|
||||
int tag;
|
||||
ASN1TaggedObject obj;
|
||||
@ -401,7 +405,6 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
* @param key if addToMapping is true, the key in the OID key/value pair
|
||||
* @throws IOException parsing of subcomponents in the tree failed.
|
||||
*/
|
||||
@SuppressWarnings("checkstyle:methodlength")
|
||||
private void parseSingle(final ASN1Primitive component, final boolean addToMapping,
|
||||
final String key) throws IOException {
|
||||
// null check the key if addToMapping is true
|
||||
@ -563,7 +566,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
} else {
|
||||
// there are some deprecated types that we don't parse
|
||||
log.error("Unparsed type: " + component.getClass());
|
||||
log.error("Unparsed type: {}", component.getClass());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.report;
|
||||
|
||||
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||
@ -28,6 +29,10 @@ import java.net.InetAddress;
|
||||
* information about the device. This <code>Report</code> includes the network,
|
||||
* OS, and TPM information.
|
||||
*/
|
||||
@SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE",
|
||||
justification = "various class properties here are guaranteed to always be non-null/initialized."
|
||||
+ " Warning stems from auto-generated lombok equals and hashcode method doing redundant "
|
||||
+ "null checks.")
|
||||
@NoArgsConstructor
|
||||
@EqualsAndHashCode(callSuper = false)
|
||||
@Log4j2
|
||||
|
@ -31,6 +31,12 @@ public enum HealthStatus {
|
||||
|
||||
private final String healthStatus;
|
||||
|
||||
/**
|
||||
* Determines if the provided health status is a valid health status.
|
||||
*
|
||||
* @param healthStatus string representation of the healh status
|
||||
* @return true if the health status is valid, otherwise false
|
||||
*/
|
||||
public static boolean isValidStatus(final String healthStatus) {
|
||||
return Arrays.stream(HealthStatus.values())
|
||||
.map(HealthStatus::name)
|
||||
|
@ -97,7 +97,7 @@ public final class ProvisionUtils {
|
||||
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||
|
||||
/**
|
||||
* This private constructor was created to silence checkstyle errors.
|
||||
* This private constructor was created to silence checkstyle error.
|
||||
*/
|
||||
private ProvisionUtils() {
|
||||
}
|
||||
@ -219,7 +219,8 @@ public final class ProvisionUtils {
|
||||
new PSource.PSpecified("".getBytes(StandardCharsets.UTF_8)));
|
||||
|
||||
cipher.init(Cipher.PRIVATE_KEY, privateKey, spec);
|
||||
} else {// initialize the cipher to decrypt using the ACA private key.
|
||||
} else {
|
||||
// initialize the cipher to decrypt using the ACA private key.
|
||||
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||
}
|
||||
|
||||
@ -532,15 +533,32 @@ public final class ProvisionUtils {
|
||||
credentialBlob[0] = topSize[1];
|
||||
credentialBlob[1] = topSize[0];
|
||||
credentialBlob[2] = 0x00;
|
||||
credentialBlob[3] = 0x20;
|
||||
System.arraycopy(integrityHmac, 0, credentialBlob, 4, 32);
|
||||
for (int i = 0; i < 98; i++) {
|
||||
credentialBlob[36 + i] = 0x00;
|
||||
|
||||
final int credBlobPosition4 = 3;
|
||||
final byte credBlobFourthPositionValue = 0x20;
|
||||
credentialBlob[credBlobPosition4] = credBlobFourthPositionValue;
|
||||
|
||||
final int credBlobPosition5 = 4;
|
||||
final int credBlobSizeFromPosition5 = 32;
|
||||
System.arraycopy(integrityHmac, 0, credentialBlob, credBlobPosition5, credBlobSizeFromPosition5);
|
||||
|
||||
final int credBlobPosition99 = 98;
|
||||
final int credBlobPosition37 = 36;
|
||||
|
||||
for (int i = 0; i < credBlobPosition99; i++) {
|
||||
credentialBlob[credBlobPosition37 + i] = 0x00;
|
||||
}
|
||||
System.arraycopy(encryptedSecret, 0, credentialBlob, 36, encryptedSecret.length);
|
||||
credentialBlob[134] = 0x00;
|
||||
credentialBlob[135] = 0x01;
|
||||
System.arraycopy(encryptedSeed, 0, credentialBlob, 136, 256);
|
||||
System.arraycopy(encryptedSecret, 0, credentialBlob, credBlobPosition37, encryptedSecret.length);
|
||||
|
||||
final int credBlobPosition135 = 134;
|
||||
credentialBlob[credBlobPosition135] = 0x00;
|
||||
|
||||
final int credBlobPosition136 = 135;
|
||||
credentialBlob[credBlobPosition136] = 0x01;
|
||||
|
||||
final int credBlobPosition137 = 136;
|
||||
final int credBlobSizeFromPosition137 = 256;
|
||||
System.arraycopy(encryptedSeed, 0, credentialBlob, credBlobPosition137, credBlobSizeFromPosition137);
|
||||
// return the result
|
||||
return credentialBlob;
|
||||
}
|
||||
@ -583,7 +601,8 @@ public final class ProvisionUtils {
|
||||
public static byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context,
|
||||
final int sizeInBytes)
|
||||
throws NoSuchAlgorithmException, InvalidKeyException {
|
||||
ByteBuffer b = ByteBuffer.allocate(4);
|
||||
final int capacity = 4;
|
||||
ByteBuffer b = ByteBuffer.allocate(capacity);
|
||||
b.putInt(1);
|
||||
byte[] counter = b.array();
|
||||
// get the label
|
||||
@ -592,24 +611,27 @@ public final class ProvisionUtils {
|
||||
labelWithEnding = label + "\0";
|
||||
}
|
||||
byte[] labelBytes = labelWithEnding.getBytes(StandardCharsets.UTF_8);
|
||||
b = ByteBuffer.allocate(4);
|
||||
b.putInt(sizeInBytes * 8);
|
||||
final int byteOffset = 8;
|
||||
b = ByteBuffer.allocate(capacity);
|
||||
b.putInt(sizeInBytes * byteOffset);
|
||||
byte[] desiredSizeInBits = b.array();
|
||||
int sizeOfMessage = 8 + labelBytes.length;
|
||||
int sizeOfMessage = byteOffset + labelBytes.length;
|
||||
if (context != null) {
|
||||
sizeOfMessage += context.length;
|
||||
}
|
||||
byte[] message = new byte[sizeOfMessage];
|
||||
int marker = 0;
|
||||
System.arraycopy(counter, 0, message, marker, 4);
|
||||
marker += 4;
|
||||
|
||||
final int markerLength = 4;
|
||||
System.arraycopy(counter, 0, message, marker, markerLength);
|
||||
marker += markerLength;
|
||||
System.arraycopy(labelBytes, 0, message, marker, labelBytes.length);
|
||||
marker += labelBytes.length;
|
||||
if (context != null) {
|
||||
System.arraycopy(context, 0, message, marker, context.length);
|
||||
marker += context.length;
|
||||
}
|
||||
System.arraycopy(desiredSizeInBits, 0, message, marker, 4);
|
||||
System.arraycopy(desiredSizeInBits, 0, message, marker, markerLength);
|
||||
Mac hmac;
|
||||
byte[] toReturn = new byte[sizeInBytes];
|
||||
|
||||
|
@ -14,7 +14,7 @@ import java.util.ListIterator;
|
||||
public final class CredentialHelper {
|
||||
|
||||
/**
|
||||
* Private constructor was created to silence checkstyle.
|
||||
* Private constructor was created to silence checkstyle error.
|
||||
*/
|
||||
private CredentialHelper() {
|
||||
}
|
||||
@ -88,10 +88,13 @@ public final class CredentialHelper {
|
||||
// Look for first ASN.1 Sequence marked by the two bytes (0x30) and (0x82)
|
||||
// The check advances our position in the ByteBuffer by one byte
|
||||
int currentPosition = certificateByteBuffer.position();
|
||||
if (certificateByteBuffer.get() == (byte) 0x30
|
||||
&& certificateByteBuffer.get(currentPosition + 1) == (byte) 0x82) {
|
||||
final byte byte1 = (byte) 0x30;
|
||||
final byte byte2 = (byte) 0x82;
|
||||
if (certificateByteBuffer.get() == byte1
|
||||
&& certificateByteBuffer.get(currentPosition + 1) == byte2) {
|
||||
// Check if we have anything more in the buffer than an ASN.1 Sequence header
|
||||
if (certificateByteBuffer.remaining() <= 3) {
|
||||
final int minByteBufferRemaining = 3;
|
||||
if (certificateByteBuffer.remaining() <= minByteBufferRemaining) {
|
||||
throw new IllegalArgumentException(malformedCertStringBuilder
|
||||
.append(" Certificate is nothing more than ASN.1 Sequence.")
|
||||
.toString());
|
||||
@ -103,7 +106,8 @@ public final class CredentialHelper {
|
||||
certificateLength = Short.toUnsignedInt(
|
||||
certificateByteBuffer.getShort(currentPosition + 2));
|
||||
// Add the 4 bytes that comprise the start of the ASN.1 Sequence and the length
|
||||
certificateLength += 4;
|
||||
final int startOfASN1Bytes = 4;
|
||||
certificateLength += startOfASN1Bytes;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -3,6 +3,7 @@ package hirs.attestationca.persist.provision.helper;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.mockito.Mock;
|
||||
@ -22,18 +23,37 @@ public class CredentialManagementHelperTest {
|
||||
|
||||
private static final String EK_HEADER_TRUNCATED
|
||||
= "/certificates/nuc-1/ek_cert_7_byte_header_removed.cer";
|
||||
|
||||
private static final String EK_UNTOUCHED
|
||||
= "/certificates/nuc-1/ek_cert_untouched.cer";
|
||||
|
||||
@Mock
|
||||
private CertificateRepository certificateRepository;
|
||||
|
||||
/**
|
||||
* Holds the AutoCloseable instance returned by openMocks.
|
||||
*/
|
||||
private AutoCloseable mocks;
|
||||
|
||||
/**
|
||||
* Setup mocks.
|
||||
*/
|
||||
@BeforeEach
|
||||
public void setUp() {
|
||||
//certificateRepository = mock(CertificateRepository.class);
|
||||
MockitoAnnotations.initMocks(this);
|
||||
mocks = MockitoAnnotations.openMocks(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tears down the mock instances.
|
||||
*
|
||||
* @throws Exception if there are any issues closing down mock instances
|
||||
*/
|
||||
@AfterEach
|
||||
public void tearDown() throws Exception {
|
||||
if (mocks != null) {
|
||||
mocks.close();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -93,7 +113,7 @@ public class CredentialManagementHelperTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests processing a valid EK with the 7 byte header in tact.
|
||||
* Tests processing a valid EK with the 7 byte header intact.
|
||||
*
|
||||
* @throws IOException if an IO error occurs
|
||||
*/
|
||||
|
@ -24,7 +24,8 @@ public class HIRSApplication {//extends SpringBootServletInitializer {
|
||||
|
||||
public static void main(String[] args) {
|
||||
// SpringApplication springApplication = new SpringApplication(HIRSApplication.class);
|
||||
// springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path", "/portal"));
|
||||
// springApplication.setDefaultProperties(Collections.singletonMap("server.servlet.context-path",
|
||||
// "/portal"));
|
||||
// springApplication.run(args);
|
||||
SpringApplication.run(HIRSApplication.class, args);
|
||||
}
|
||||
|
@ -27,7 +27,8 @@ public class HIRSDbInitializer extends AbstractAnnotationConfigDispatcherServlet
|
||||
} catch (NoSuchBeanDefinitionException nsbdEx) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug(
|
||||
"Unable to locate MultipartResolver with name 'multipartResolver': no multipart request handling provided");
|
||||
"Unable to locate MultipartResolver with name 'multipartResolver': no multipart"
|
||||
+ " request handling provided");
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
log.error(ex.getMessage());
|
||||
|
@ -251,7 +251,8 @@ public class PersistenceJPAConfig implements WebMvcConfigurer {
|
||||
|
||||
// @Bean(name="default-settings")
|
||||
// public PolicySettings supplyChainSettings() {
|
||||
// PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no validation flags set.");
|
||||
// PolicySettings scSettings = new PolicySettings("Default", "Settings are configured for no
|
||||
// validation flags set.");
|
||||
//
|
||||
// return scSettings;
|
||||
// }
|
||||
|
@ -16,16 +16,20 @@ import java.util.List;
|
||||
*
|
||||
* @param <T> the type of object that is being wrapped.
|
||||
*/
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PUBLIC)
|
||||
public final class DataTableResponse<T> {
|
||||
|
||||
private List<T> data = new LinkedList<T>();
|
||||
@Getter
|
||||
@Setter
|
||||
@Getter(AccessLevel.NONE)
|
||||
@Setter(AccessLevel.NONE)
|
||||
private final List<T> data = new LinkedList<T>();
|
||||
|
||||
private int draw;
|
||||
@Getter
|
||||
@Setter
|
||||
private long recordsTotal, recordsFiltered;
|
||||
|
||||
private long recordsTotal;
|
||||
|
||||
private long recordsFiltered;
|
||||
|
||||
/**
|
||||
* Builds a data table response using a FilteredRecordList.
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.datatables;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.listener;
|
@ -14,4 +14,4 @@ public interface PageParams {
|
||||
*/
|
||||
LinkedHashMap<String, ?> asMap();
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -222,4 +222,4 @@ public class DevicePageController extends PageController<NoPageParams> {
|
||||
return deviceIds;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -115,7 +115,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
|
||||
String orderColumnName = input.getOrderColumnName();
|
||||
log.info("Ordering on column: " + orderColumnName);
|
||||
log.info("Querying with the following dataTableInput: " + input.toString());
|
||||
log.info("Querying with the following dataTableInput: " + input);
|
||||
|
||||
FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
|
||||
int currentPage = input.getStart() / input.getLength();
|
||||
@ -281,10 +281,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
// send a 404 error when invalid Reference Manifest
|
||||
response.sendError(HttpServletResponse.SC_NOT_FOUND);
|
||||
} else {
|
||||
StringBuilder fileName = new StringBuilder("filename=\"");
|
||||
fileName.append(referenceManifest.getFileName());
|
||||
// Set filename for download.
|
||||
response.setHeader("Content-Disposition", "attachment;" + fileName);
|
||||
response.setHeader("Content-Disposition",
|
||||
"attachment;" + "filename=\"" + referenceManifest.getFileName()
|
||||
// Set filename for download.
|
||||
);
|
||||
response.setContentType("application/octet-stream");
|
||||
|
||||
// write cert to output stream
|
||||
@ -380,7 +381,6 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
* user.
|
||||
* @param baseRims object to store multiple files
|
||||
* @param supportRims object to store multiple files
|
||||
* @return a single or collection of reference manifest files.
|
||||
*/
|
||||
private void parseRIM(
|
||||
final MultipartFile file, final boolean supportRIM,
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.page.controllers;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.page;
|
@ -1 +1 @@
|
||||
package hirs.attestationca.portal.page.params;
|
||||
package hirs.attestationca.portal.page.params;
|
||||
|
@ -1 +1 @@
|
||||
package hirs.attestationca.portal.page.utils;
|
||||
package hirs.attestationca.portal.page.utils;
|
||||
|
@ -180,7 +180,9 @@ public abstract class PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Create page path (add pre-prefix and prefix path)
|
||||
* Create page path (add pre-prefix and prefix path).
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getPagePath() {
|
||||
String pagePath = PRE_PREFIX_PATH + page.getPrefixPath() + page.getViewName();
|
||||
@ -223,4 +225,4 @@ public abstract class PageControllerTest {
|
||||
PageController.PAGES_ATTRIBUTE, equalTo(Page.values()))
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -438,4 +438,4 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
|
||||
//assertEquals(issuedCredential.getEndorsementCredential().getId().toString(),
|
||||
// initialData.get("endorsementID"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -35,7 +35,7 @@ public class DevicePageControllerTest extends PageControllerTest {
|
||||
private static final String TEST_PLATFORM_CREDENTIAL
|
||||
= "/platform_credentials/Intel_pc.cer";
|
||||
// Base path for the page
|
||||
private String pagePath;
|
||||
private final String pagePath;
|
||||
// Repository manager to handle data access between device entity and data storage in db
|
||||
@Autowired
|
||||
private DeviceRepository deviceRepository;
|
||||
@ -103,4 +103,4 @@ public class DevicePageControllerTest extends PageControllerTest {
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -35,7 +35,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
|
||||
private static final String NONPCCERT = "certificates/fakeIntelIntermediateCA.pem";
|
||||
private static final String BADPCCERT = "certificates/badCert.pem";
|
||||
// Base path for the page
|
||||
private String pagePath;
|
||||
private final String pagePath;
|
||||
// Repository manager to handle data access between certificate entity and data storage in db
|
||||
@Autowired
|
||||
private CertificateRepository certificateRepository;
|
||||
@ -94,7 +94,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Uploads test cert to db
|
||||
* Uploads test cert to db.
|
||||
*
|
||||
* @return the cert that was uploaded
|
||||
* @throws Exception if an exception occurs
|
||||
@ -127,7 +127,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Archives test cert that is in db by setting the archive flag
|
||||
* Archives test cert that is in db by setting the archive flag.
|
||||
*
|
||||
* @throws Exception if an exception occurs
|
||||
*/
|
||||
|
@ -27,7 +27,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
public class PolicyPageControllerTest extends PageControllerTest {
|
||||
|
||||
// Base path for the page
|
||||
private String pagePath;
|
||||
private final String pagePath;
|
||||
|
||||
// Repository manager to handle data access between policy entity and data storage in db
|
||||
@Autowired
|
||||
@ -45,7 +45,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets up policy
|
||||
* Sets up policy.
|
||||
*/
|
||||
@BeforeAll
|
||||
public void setUpPolicy() {
|
||||
@ -376,8 +376,6 @@ public class PolicyPageControllerTest extends PageControllerTest {
|
||||
/**
|
||||
* Helper function to set policy member variable back to all false.
|
||||
* After this function, can set specific values to true and then need to save policy.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
private void setPolicy_AllFalse() {
|
||||
policy.setEcValidationEnabled(false);
|
||||
@ -388,9 +386,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
|
||||
|
||||
/**
|
||||
* Helper function to set policy member variable - PC Validation to True
|
||||
* Note: to set PC Validation to true, EC Validation must also be true
|
||||
*
|
||||
* @return void
|
||||
* Note: to set PC Validation to true, EC Validation must also be true.
|
||||
*/
|
||||
private void setPolicy_PcToTrue() {
|
||||
policy.setEcValidationEnabled(true);
|
||||
@ -399,9 +395,7 @@ public class PolicyPageControllerTest extends PageControllerTest {
|
||||
|
||||
/**
|
||||
* Helper function to set policy member variable - PC Attribute Validation to True
|
||||
* Note: to set PC Attribute Validation to true, PC Validation must also be true
|
||||
*
|
||||
* @return void
|
||||
* Note: to set PC Attribute Validation to true, PC Validation must also be true.
|
||||
*/
|
||||
private void setPolicy_PcAttributeToTrue() {
|
||||
setPolicy_PcToTrue();
|
||||
|
@ -39,7 +39,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
|
||||
private static final String NONCACERT = "certificates/fakeIntelIntermediateCA.pem";
|
||||
private static final String BADCERT = "certificates/badCert.pem";
|
||||
// Base path for the page
|
||||
private String pagePath;
|
||||
private final String pagePath;
|
||||
// Repository manager to handle data access between certificate entity and data storage in db
|
||||
@Autowired
|
||||
private CertificateRepository certificateRepository;
|
||||
@ -129,10 +129,9 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
|
||||
|
||||
Certificate cert = uploadTestCert();
|
||||
|
||||
StringBuilder fileName = new StringBuilder("attachment;filename=\"");
|
||||
fileName.append("CertificateAuthorityCredential_");
|
||||
fileName.append(cert.getSerialNumber());
|
||||
fileName.append(".cer\"");
|
||||
String fileName = "attachment;filename=\"" + "CertificateAuthorityCredential_" +
|
||||
cert.getSerialNumber() +
|
||||
".cer\"";
|
||||
|
||||
// verify cert file attachment and content
|
||||
getMockMvc()
|
||||
@ -143,7 +142,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().contentType("application/octet-stream"))
|
||||
.andExpect(header().string("Content-Disposition",
|
||||
fileName.toString()))
|
||||
fileName))
|
||||
.andExpect(content().bytes(cert.getRawBytes()));
|
||||
|
||||
}
|
||||
@ -164,7 +163,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Uploads test cert to db
|
||||
* Uploads test cert to db.
|
||||
*
|
||||
* @return the cert that was uploaded
|
||||
* @throws Exception if an exception occurs
|
||||
@ -201,7 +200,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Archives test cert that is in db by setting the archive flag
|
||||
* Archives test cert that is in db by setting the archive flag.
|
||||
*
|
||||
* @throws Exception if an exception occurs
|
||||
*/
|
||||
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.page.controllers;
|
@ -0,0 +1 @@
|
||||
package hirs.attestationca.portal.page;
|
@ -3,3 +3,5 @@ includeGroups=
|
||||
org.gradle.daemon=true
|
||||
org.gradle.jvmargs=-Xms256m -Xmx1024m
|
||||
org.gradle.caching=true
|
||||
#dependency versions
|
||||
spotBugAnnotationVersion=4.8.6
|
Loading…
Reference in New Issue
Block a user