From 81aeaf85c0d6840e935a9b085d0edd761c47265c Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 3 Aug 2022 21:08:14 -0400 Subject: [PATCH] Updated most of Supply Chain Validation impl. Didn't get further with the persistence configuration. Updated some of the Reference digest values. Will need to dig more into pulling information based on columns (if criteria) --- .../PersistenceConfiguration.java | 15 +-- .../repository/AppraiserRepository.java | 14 +++ .../service/AppraiserServiceImpl.java | 110 ++++++++++++++++++ .../service/CertificateServiceImpl.java | 2 +- .../attestationca/service/DbServiceImpl.java | 20 ++++ .../service/PolicyServiceImpl.java | 57 +++++++++ .../ReferenceDigestValueServiceImpl.java | 9 ++ .../SupplyChainValidationServiceImpl.java | 80 +++++++------ .../servicemanager/DBPolicyManager.java | 11 +- .../data/persist/BaseReferenceManifest.java | 16 +-- .../data/persist/EventLogMeasurements.java | 16 +-- .../persist/SupportReferenceManifest.java | 14 +-- .../persist/ReferenceManifestSelector.java | 19 +-- .../persist/service/AppraiserService.java | 65 +++++++++++ .../hirs/persist/service/DefaultService.java | 4 +- .../hirs/persist/service/PolicyService.java | 12 ++ .../service/ReferenceDigestValueService.java | 9 ++ 17 files changed, 381 insertions(+), 92 deletions(-) create mode 100644 HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/AppraiserRepository.java create mode 100644 HIRS_AttestationCA/src/main/java/hirs/attestationca/service/AppraiserServiceImpl.java create mode 100644 HIRS_Utils/src/main/java/hirs/persist/service/AppraiserService.java diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/PersistenceConfiguration.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/PersistenceConfiguration.java index 4b964a3b..ba01e313 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/PersistenceConfiguration.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/PersistenceConfiguration.java @@ -6,11 +6,7 @@ import hirs.attestationca.service.DeviceServiceImpl; import hirs.attestationca.service.PolicyServiceImpl; import hirs.attestationca.service.ReferenceDigestValueServiceImpl; import hirs.attestationca.service.ReferenceManifestServiceImpl; -import hirs.attestationca.servicemanager.DBManager; -import hirs.attestationca.servicemanager.DBPortalInfoManager; import hirs.data.persist.SupplyChainValidationSummary; -import hirs.persist.CrudManager; -import hirs.persist.PortalInfoManager; import hirs.persist.service.CertificateService; import hirs.persist.service.DeviceService; import hirs.persist.service.PolicyService; @@ -134,14 +130,13 @@ public class PersistenceConfiguration { * @return {@link hirs.attestationca.servicemanager.DBManager} */ @Bean - public CrudManager supplyChainValidationSummaryManager() { - DbServiceImpl manager - = new DbServiceImpl<>( - SupplyChainValidationSummary.class, + public DbServiceImpl supplyChainValidationSummaryManager() { + DbServiceImpl serviceImpl + = new DbServiceImpl( entityManager ); - setDbServiceRetrySettings(manager); - return manager; + setDbServiceRetrySettings(serviceImpl); + return serviceImpl; } /** diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/AppraiserRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/AppraiserRepository.java new file mode 100644 index 00000000..a3e1fcc5 --- /dev/null +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/AppraiserRepository.java @@ -0,0 +1,14 @@ +package hirs.attestationca.repository; + +import hirs.appraiser.Appraiser; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.UUID; + +/** + * Setting up for new creation for CRUD operations. + */ +@Repository +public interface AppraiserRepository extends JpaRepository { +} diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/AppraiserServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/AppraiserServiceImpl.java new file mode 100644 index 00000000..d3efd31b --- /dev/null +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/AppraiserServiceImpl.java @@ -0,0 +1,110 @@ +package hirs.attestationca.service; + +import hirs.appraiser.Appraiser; +import hirs.attestationca.repository.AppraiserRepository; +import hirs.persist.AppraiserManagerException; +import hirs.persist.DBManagerException; +import hirs.persist.service.AppraiserService; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.retry.RetryCallback; +import org.springframework.retry.RetryContext; +import org.springframework.stereotype.Service; + +import javax.persistence.EntityManager; +import java.util.List; +import java.util.UUID; + +/** + * A AppraiserServiceImpl manages Appraisers. A + * AppraiserServiceImpl is used to store and manage certificates. It has + * support for the basic create, read, update, and delete methods. + */ +@Service +public class AppraiserServiceImpl extends DbServiceImpl + implements AppraiserService { + private static final Logger LOGGER = LogManager.getLogger(); + @Autowired + private AppraiserRepository appraiserRepository; + + /** + * Default constructor. + * @param em entity manager for jpa hibernate events + */ + public AppraiserServiceImpl(final EntityManager em) { + } + + @Override + public Appraiser saveAppraiser(final Appraiser appraiser) throws AppraiserManagerException { + LOGGER.debug("saving appraiser: {}", appraiser); + + return getRetryTemplate().execute(new RetryCallback() { + @Override + public Appraiser doWithRetry(final RetryContext context) + throws DBManagerException { + return appraiserRepository.save(appraiser); + } + }); + } + + @Override + public void updateAppraiser(final Appraiser appraiser) throws AppraiserManagerException { + LOGGER.debug("updating appraiser: {}", appraiser); + Appraiser dBAppraiser; + + if (appraiser.getId() == null) { + LOGGER.debug("Appraiser not found: {}", appraiser); + dBAppraiser = appraiser; + } else { + // will not return null, throws and exception + dBAppraiser = appraiserRepository.getReferenceById( + UUID.fromString(appraiser.getId().toString())); + + // run through things that aren't equal and update + + if (!dBAppraiser.getName().equals(appraiser.getName())) { + dBAppraiser.setName(appraiser.getName()); + } + + } + + saveAppraiser(dBAppraiser); + } + + @Override + public Appraiser getAppraiser(final String name) throws AppraiserManagerException { + LOGGER.debug("retrieve appraiser: {}", name); + + return getRetryTemplate().execute(new RetryCallback() { + @Override + public Appraiser doWithRetry(final RetryContext context) + throws DBManagerException { + List appraiserList = appraiserRepository.findAll(); + for (Appraiser appraiser : appraiserList) { + if (appraiser.getName().equals(name)) { + return appraiser; + } + } + return null; } + }); + } + + @Override + public final void deleteAppraiser(final Appraiser appraiser) + throws AppraiserManagerException { + LOGGER.debug("Deleting appraiser by name: {}", appraiser.getName()); + + getRetryTemplate().execute(new RetryCallback() { + @Override + public Void doWithRetry(final RetryContext context) + throws DBManagerException { + appraiserRepository.delete(appraiser); + appraiserRepository.flush(); + return null; + } + }); + } +} diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java index d3da25d8..a0d58edb 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java @@ -48,7 +48,7 @@ public class CertificateServiceImpl extends DbServiceImpl public CertificateServiceImpl(final EntityManager em) { } - @Override + @Override public Certificate saveCertificate(final Certificate certificate) { LOGGER.debug("Saving certificate: {}", certificate); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DbServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DbServiceImpl.java index 5540cbb5..e6cfa248 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DbServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DbServiceImpl.java @@ -10,6 +10,7 @@ import org.springframework.retry.policy.SimpleRetryPolicy; import org.springframework.retry.support.RetryTemplate; import org.springframework.stereotype.Service; +import javax.persistence.EntityManager; import java.util.HashMap; import java.util.Map; @@ -35,6 +36,7 @@ public class DbServiceImpl { // structure for retrying methods in the database private RetryTemplate retryTemplate; + private EntityManager em; /** * Creates a new DbServiceImpl that uses the default database. The @@ -45,6 +47,16 @@ public class DbServiceImpl { setRetryTemplate(DEFAULT_MAX_RETRY_ATTEMPTS, DEFAULT_RETRY_WAIT_TIME_MS); } + /** + * Creates a new DbServiceImpl that uses the default database. The + * default database is used to store all of the objects. + * + */ + public DbServiceImpl(final EntityManager em) { + setRetryTemplate(DEFAULT_MAX_RETRY_ATTEMPTS, DEFAULT_RETRY_WAIT_TIME_MS); + this.em = em; + } + /** * Set the parameters used to retry database transactions. The retry template will * retry transactions that throw a LockAcquisitionException or StaleObjectStateException. @@ -86,4 +98,12 @@ public class DbServiceImpl { public void addRetryListener(final RetryListener retryListener) { retryTemplate.registerListener(retryListener); } + + /** + * Getter for the EntityManager. + * @return instance of the manager + */ + public final EntityManager getEm() { + return em; + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java index 85c72d9b..a575c98f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java @@ -1,21 +1,30 @@ package hirs.attestationca.service; import hirs.FilteredRecordsList; +import hirs.appraiser.Appraiser; import hirs.attestationca.repository.PolicyRepository; import hirs.data.persist.policy.Policy; import hirs.persist.CriteriaModifier; import hirs.persist.DBManagerException; import hirs.persist.OrderedQuery; +import hirs.persist.PolicyMapper; import hirs.persist.service.DefaultService; import hirs.persist.service.PolicyService; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.hibernate.Session; +import org.hibernate.Transaction; +import org.hibernate.query.Query; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.retry.RetryCallback; import org.springframework.retry.RetryContext; import org.springframework.stereotype.Service; import javax.persistence.EntityManager; +import javax.persistence.criteria.CriteriaBuilder; +import javax.persistence.criteria.CriteriaQuery; +import javax.persistence.criteria.Predicate; +import javax.persistence.criteria.Root; import java.util.List; import java.util.Map; import java.util.UUID; @@ -37,6 +46,7 @@ public class PolicyServiceImpl extends DbServiceImpl implements DefaultS * Default Constructor. */ public PolicyServiceImpl(final EntityManager em) { + super(em); } @Override @@ -111,6 +121,53 @@ public class PolicyServiceImpl extends DbServiceImpl implements DefaultS return savePolicy(dbPolicy); } + @Override + public final Policy getDefaultPolicy(final Appraiser appraiser) { + if (appraiser == null) { + LOGGER.error("cannot get default policy for null appraiser"); + return null; + } + + Policy ret = null; + Transaction tx = null; + Session session = getEm().unwrap(org.hibernate.Session.class); + try { + tx = session.beginTransaction(); + LOGGER.debug("retrieving policy mapper from db where appraiser = {}", + appraiser); + CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder(); + CriteriaQuery criteriaQuery = criteriaBuilder + .createQuery(PolicyMapper.class); + Root root = criteriaQuery.from(PolicyMapper.class); + Predicate recordPredicate = criteriaBuilder.and( + criteriaBuilder.equal(root.get("appraiser"), appraiser)); + criteriaQuery.select(root).where(recordPredicate); + Query query = session.createQuery(criteriaQuery); + List results = query.getResultList(); + PolicyMapper mapper = null; + if (results != null && !results.isEmpty()) { + mapper = results.get(0); + } + + if (mapper == null) { + LOGGER.debug("no policy mapper found for appraiser {}", + appraiser); + } else { + ret = mapper.getPolicy(); + } + session.getTransaction().commit(); + } catch (Exception e) { + final String msg = "unable to get default policy"; + LOGGER.error(msg, e); + if (tx != null) { + LOGGER.debug("rolling back transaction"); + tx.rollback(); + } + throw new DBManagerException(msg, e); + } + return ret; + } + @Override public FilteredRecordsList getOrderedList( final Class clazz, final String columnToOrder, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java index 646a0f16..b5679286 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java @@ -16,6 +16,7 @@ import org.springframework.retry.RetryContext; import org.springframework.stereotype.Service; import javax.persistence.EntityManager; +import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.UUID; @@ -113,6 +114,14 @@ public class ReferenceDigestValueServiceImpl extends DbServiceImpl getValuesByRimId(final UUID uuid) { + // this isn't right, it will look for the ids in the wrong column (CYRUYS) + // need to figure out repo search based on criteria associated with a specific column + + return new LinkedList<>(this.referenceDigestValueRepository.findAllById(uuid)); + } + @Override public FilteredRecordsList getOrderedList( final Class clazz, final String columnToOrder, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index ad09bd59..6d0c0093 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -22,14 +22,13 @@ import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.policy.PCRPolicy; import hirs.data.persist.policy.SupplyChainPolicy; -import hirs.persist.AppraiserManager; import hirs.persist.CrudManager; import hirs.persist.DBManagerException; -import hirs.persist.PolicyManager; -import hirs.persist.ReferenceDigestManager; -import hirs.persist.ReferenceEventManager; -import hirs.persist.ReferenceManifestManager; +import hirs.persist.service.AppraiserService; import hirs.persist.service.CertificateService; +import hirs.persist.service.PolicyService; +import hirs.persist.service.ReferenceDigestValueService; +import hirs.persist.service.ReferenceManifestService; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; import hirs.utils.BouncyCastleUtils; @@ -76,11 +75,11 @@ import static hirs.data.persist.AppraisalStatus.Status.PASS; @Import(PersistenceConfiguration.class) public class SupplyChainValidationServiceImpl implements SupplyChainValidationService { - private PolicyManager policyManager; - private AppraiserManager appraiserManager; - private ReferenceManifestManager referenceManifestManager; - private ReferenceDigestManager referenceDigestManager; - private ReferenceEventManager referenceEventManager; + private PolicyService policyService; + private AppraiserService appraiserService; + private ReferenceManifestService referenceManifestService; +// private ReferenceDigestValue referenceDigestManager; + private ReferenceDigestValueService referenceDigestValueService; private CertificateService certificateService; private CredentialValidator supplyChainCredentialValidator; private CrudManager supplyChainValidatorSummaryManager; @@ -101,33 +100,30 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe /** * Constructor. * - * @param policyManager the policy manager - * @param appraiserManager the appraiser manager + * @param policyService the policy service + * @param appraiserService the appraiser service * @param certificateService the cert service - * @param referenceManifestManager the RIM manager + * @param referenceManifestService the RIM service * @param supplyChainValidatorSummaryManager the summary manager * @param supplyChainCredentialValidator the credential validator - * @param referenceDigestManager the digest manager - * @param referenceEventManager the even manager + * @param referenceDigestValueService the event service */ @Autowired @SuppressWarnings("ParameterNumberCheck") public SupplyChainValidationServiceImpl( - final PolicyManager policyManager, final AppraiserManager appraiserManager, + final PolicyService policyService, final AppraiserService appraiserService, final CertificateService certificateService, - final ReferenceManifestManager referenceManifestManager, + final ReferenceManifestService referenceManifestService, final CrudManager supplyChainValidatorSummaryManager, final CredentialValidator supplyChainCredentialValidator, - final ReferenceDigestManager referenceDigestManager, - final ReferenceEventManager referenceEventManager) { - this.policyManager = policyManager; - this.appraiserManager = appraiserManager; + final ReferenceDigestValueService referenceDigestValueService) { + this.policyService = policyService; + this.appraiserService = appraiserService; this.certificateService = certificateService; - this.referenceManifestManager = referenceManifestManager; + this.referenceManifestService = referenceManifestService; this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager; this.supplyChainCredentialValidator = supplyChainCredentialValidator; - this.referenceDigestManager = referenceDigestManager; - this.referenceEventManager = referenceEventManager; + this.referenceDigestValueService = referenceDigestValueService; } /** @@ -136,9 +132,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * @return supply chain policy */ public SupplyChainPolicy getPolicy() { - final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( + final Appraiser supplyChainAppraiser = appraiserService.getAppraiser( SupplyChainAppraiser.NAME); - return (SupplyChainPolicy) policyManager.getDefaultPolicy( + return (SupplyChainPolicy) policyService.getDefaultPolicy( supplyChainAppraiser); } @@ -157,9 +153,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec, final Set pcs, final Device device) { - final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( + final Appraiser supplyChainAppraiser = appraiserService.getAppraiser( SupplyChainAppraiser.NAME); - SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy( + SupplyChainPolicy policy = (SupplyChainPolicy) policyService.getDefaultPolicy( supplyChainAppraiser); boolean acceptExpiredCerts = policy.isExpiredCertificateValidationEnabled(); PlatformCredential baseCredential = null; @@ -390,7 +386,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe ReferenceManifest supportReferenceManifest = null; EventLogMeasurements measurement = null; - baseReferenceManifests = BaseReferenceManifest.select(referenceManifestManager) + baseReferenceManifests = BaseReferenceManifest.select(referenceManifestService) .byModel(model).getRIMs(); for (BaseReferenceManifest bRim : baseReferenceManifests) { @@ -405,11 +401,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe failedString = "Base Reference Integrity Manifest\n"; passed = false; } else { - measurement = EventLogMeasurements.select(referenceManifestManager) + measurement = EventLogMeasurements.select(referenceManifestService) .byHexDecHash(baseReferenceManifest.getEventLogHash()).getRIM(); if (measurement == null) { - measurement = EventLogMeasurements.select(referenceManifestManager) + measurement = EventLogMeasurements.select(referenceManifestService) .byModel(baseReferenceManifest.getPlatformModel()).getRIM(); } } @@ -458,7 +454,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } for (SwidResource swidRes : resources) { - supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) + supportReferenceManifest = SupportReferenceManifest.select(referenceManifestService) .byHexDecHash(swidRes.getHashValue()).getRIM(); if (supportReferenceManifest != null) { // Removed the filename check from this if statement @@ -536,8 +532,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe try { if (measurement.getPlatformManufacturer().equals(manufacturer)) { tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes()); - eventValue = this.referenceEventManager - .getValuesByRimId(baseReferenceManifest); + eventValue = this.referenceDigestValueService + .getValuesByRimId(baseReferenceManifest.getId()); for (ReferenceDigestValue rdv : eventValue) { eventValueMap.put(rdv.getDigestValue(), rdv); } @@ -578,13 +574,14 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe EventLogMeasurements eventLog = (EventLogMeasurements) measurement; eventLog.setOverallValidationResult(fwStatus.getAppStatus()); - this.referenceManifestManager.update(eventLog); + this.referenceManifestService.updateReferenceManifest(eventLog, eventLog.getId()); } else { fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: " + "%s for %s can not be found", failedString, manufacturer)); if (measurement != null) { measurement.setOverallValidationResult(fwStatus.getAppStatus()); - this.referenceManifestManager.update(measurement); + this.referenceManifestService.updateReferenceManifest( + measurement, measurement.getId()); } } @@ -600,9 +597,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe */ @Override public SupplyChainValidationSummary validateQuote(final Device device) { - final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( + final Appraiser supplyChainAppraiser = appraiserService.getAppraiser( SupplyChainAppraiser.NAME); - SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy( + SupplyChainPolicy policy = (SupplyChainPolicy) policyService.getDefaultPolicy( supplyChainAppraiser); SupplyChainValidation quoteScv = null; SupplyChainValidationSummary summary = null; @@ -620,7 +617,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe try { Set supportRims = SupportReferenceManifest - .select(this.referenceManifestManager) + .select(this.referenceManifestService) .byManufacturerModel( device.getDeviceInfo().getHardwareInfo().getManufacturer(), device.getDeviceInfo().getHardwareInfo().getProductName()) @@ -631,7 +628,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } } eventLog = EventLogMeasurements - .select(this.referenceManifestManager) + .select(this.referenceManifestService) .byHexDecHash(sRim.getEventLogHash()).getRIM(); if (sRim == null) { @@ -663,7 +660,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe + "\nPCR hash and Quote hash do not match."); } eventLog.setOverallValidationResult(fwStatus.getAppStatus()); - this.referenceManifestManager.update(eventLog); + this.referenceManifestService.updateReferenceManifest( + eventLog, eventLog.getId()); } } catch (Exception ex) { LOGGER.error(ex); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java index 471cfa54..5dc88ccb 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java @@ -417,8 +417,7 @@ public class DBPolicyManager extends DBManager implements PolicyManager * there is none */ @Override - public final Policy getPolicy(final Appraiser appraiser, - final DeviceGroup deviceGroup) { + public final Policy getPolicy(final Appraiser appraiser) { if (appraiser == null) { LOGGER.error("cannot get policy for null appraiser"); return null; @@ -430,14 +429,13 @@ public class DBPolicyManager extends DBManager implements PolicyManager try { tx = session.beginTransaction(); LOGGER.debug("retrieving policy mapper from db where appraiser = " - + "{} and device group = {}", appraiser, deviceGroup); + + "{}", appraiser); CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder(); CriteriaQuery criteriaQuery = criteriaBuilder .createQuery(PolicyMapper.class); Root root = criteriaQuery.from(PolicyMapper.class); Predicate recordPredicate = criteriaBuilder.and( - criteriaBuilder.equal(root.get("appraiser"), appraiser), - criteriaBuilder.equal(root.get("deviceGroup"), deviceGroup)); + criteriaBuilder.equal(root.get("appraiser"), appraiser)); criteriaQuery.select(root).where(recordPredicate); Query query = session.createQuery(criteriaQuery); List results = query.getResultList(); @@ -447,8 +445,7 @@ public class DBPolicyManager extends DBManager implements PolicyManager } if (mapper == null) { - LOGGER.debug("no policy mapper found for appraiser {} and " - + "device group {}", appraiser, deviceGroup); + LOGGER.debug("no policy mapper found for appraiser {}", appraiser); } else { ret = mapper.getPolicy(); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index 215e075f..34628876 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -1,8 +1,8 @@ package hirs.data.persist; import com.fasterxml.jackson.annotation.JsonIgnore; -import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; +import hirs.persist.service.ReferenceManifestService; import hirs.utils.xjc.BaseElement; import hirs.utils.xjc.Directory; import hirs.utils.xjc.FilesystemItem; @@ -96,14 +96,14 @@ public class BaseReferenceManifest extends ReferenceManifest { public static class Selector extends ReferenceManifestSelector { /** * Construct a new ReferenceManifestSelector that will use - * the given (@link ReferenceManifestManager} + * the given (@link ReferenceManifestService} * to retrieve one or may BaseReferenceManifest. * - * @param referenceManifestManager the reference manifest manager to be used to retrieve + * @param referenceManifestService the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestManager referenceManifestManager) { - super(referenceManifestManager, BaseReferenceManifest.class); + public Selector(final ReferenceManifestService referenceManifestService) { + super(referenceManifestService, BaseReferenceManifest.class); } /** @@ -289,12 +289,12 @@ public class BaseReferenceManifest extends ReferenceManifest { /** * Get a Selector for use in retrieving ReferenceManifest. * - * @param rimMan the ReferenceManifestManager to be used to retrieve + * @param rimService the ReferenceManifestService to be used to retrieve * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestManager rimMan) { - return new Selector(rimMan); + public static Selector select(final ReferenceManifestService rimService) { + return new Selector(rimService); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java index 66b053cf..7f0e9e67 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java @@ -1,8 +1,8 @@ package hirs.data.persist; import com.fasterxml.jackson.annotation.JsonIgnore; -import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; +import hirs.persist.service.ReferenceManifestService; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; import org.apache.logging.log4j.LogManager; @@ -40,14 +40,14 @@ public class EventLogMeasurements extends ReferenceManifest { public static class Selector extends ReferenceManifestSelector { /** * Construct a new ReferenceManifestSelector that - * will use the given (@link ReferenceManifestManager} + * will use the given (@link ReferenceManifestService} * to retrieve one or may SupportReferenceManifest. * - * @param referenceManifestManager the reference manifest manager to be used to retrieve + * @param referenceManifestService the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestManager referenceManifestManager) { - super(referenceManifestManager, EventLogMeasurements.class, false); + public Selector(final ReferenceManifestService referenceManifestService) { + super(referenceManifestService, EventLogMeasurements.class, false); } /** @@ -131,12 +131,12 @@ public class EventLogMeasurements extends ReferenceManifest { /** * Get a Selector for use in retrieving ReferenceManifest. * - * @param rimMan the ReferenceManifestManager to be used to retrieve + * @param rimService the ReferenceManifestService to be used to retrieve * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestManager rimMan) { - return new Selector(rimMan); + public static Selector select(final ReferenceManifestService rimService) { + return new Selector(rimService); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index fcee4586..2248c76a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -1,8 +1,8 @@ package hirs.data.persist; import com.fasterxml.jackson.annotation.JsonIgnore; -import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; +import hirs.persist.service.ReferenceManifestService; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; import org.apache.logging.log4j.LogManager; @@ -40,11 +40,11 @@ public class SupportReferenceManifest extends ReferenceManifest { * use the given (@link ReferenceManifestManager} * to retrieve one or may SupportReferenceManifest. * - * @param referenceManifestManager the reference manifest manager to be used to retrieve + * @param referenceManifestService the reference manifest manager to be used to retrieve * reference manifests. */ - public Selector(final ReferenceManifestManager referenceManifestManager) { - super(referenceManifestManager, SupportReferenceManifest.class); + public Selector(final ReferenceManifestService referenceManifestService) { + super(referenceManifestService, SupportReferenceManifest.class); } /** @@ -141,12 +141,12 @@ public class SupportReferenceManifest extends ReferenceManifest { /** * Get a Selector for use in retrieving ReferenceManifest. * - * @param rimMan the ReferenceManifestManager to be used to retrieve + * @param rimService the ReferenceManifestService to be used to retrieve * persisted RIMs * @return a Selector instance to use for retrieving RIMs */ - public static Selector select(final ReferenceManifestManager rimMan) { - return new Selector(rimMan); + public static Selector select(final ReferenceManifestService rimService) { + return new Selector(rimService); } /** diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 556029cd..5397b184 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -3,6 +3,7 @@ package hirs.persist; import com.google.common.base.Preconditions; import hirs.data.persist.ReferenceManifest; import hirs.data.persist.certificate.Certificate; +import hirs.persist.service.ReferenceManifestService; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; @@ -45,7 +46,7 @@ public abstract class ReferenceManifestSelector { public static final String RIM_FILENAME_FIELD = "fileName"; private static final String RIM_TYPE_FIELD = "rimType"; - private final ReferenceManifestManager referenceManifestManager; + private final ReferenceManifestService referenceManifestService; private final Class referenceTypeClass; private final Map fieldValueSelections; @@ -54,26 +55,26 @@ public abstract class ReferenceManifestSelector { /** * Default Constructor. * - * @param referenceManifestManager the RIM manager to be used to retrieve RIMs + * @param referenceManifestService the RIM service to be used to retrieve RIMs * @param referenceTypeClass the type of Reference Manifest to process. */ - public ReferenceManifestSelector(final ReferenceManifestManager referenceManifestManager, + public ReferenceManifestSelector(final ReferenceManifestService referenceManifestService, final Class referenceTypeClass) { - this(referenceManifestManager, referenceTypeClass, true); + this(referenceManifestService, referenceTypeClass, true); } /** * Standard Constructor for the Selector. * - * @param referenceManifestManager the RIM manager to be used to retrieve RIMs + * @param referenceManifestService the RIM service to be used to retrieve RIMs * @param referenceTypeClass the type of Reference Manifest to process. * @param excludeArchivedRims true if excluding archived RIMs */ - public ReferenceManifestSelector(final ReferenceManifestManager referenceManifestManager, + public ReferenceManifestSelector(final ReferenceManifestService referenceManifestService, final Class referenceTypeClass, final boolean excludeArchivedRims) { Preconditions.checkArgument( - referenceManifestManager != null, + referenceManifestService != null, "reference manifest manager cannot be null" ); @@ -82,7 +83,7 @@ public abstract class ReferenceManifestSelector { "type cannot be null" ); - this.referenceManifestManager = referenceManifestManager; + this.referenceManifestService = referenceManifestService; this.referenceTypeClass = referenceTypeClass; this.excludeArchivedRims = excludeArchivedRims; this.fieldValueSelections = new HashMap<>(); @@ -218,7 +219,7 @@ public abstract class ReferenceManifestSelector { // construct and execute query private Set execute() { - Set results = this.referenceManifestManager.get(this); + Set results = this.referenceManifestService.get(this); return results; } diff --git a/HIRS_Utils/src/main/java/hirs/persist/service/AppraiserService.java b/HIRS_Utils/src/main/java/hirs/persist/service/AppraiserService.java new file mode 100644 index 00000000..9a9a52cb --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/persist/service/AppraiserService.java @@ -0,0 +1,65 @@ +package hirs.persist.service; + +import hirs.appraiser.Appraiser; +import hirs.persist.AppraiserManagerException; + +/** + * A AppraiserService manages Appraisers. A + * AppraiserService is used to store and manage Appraisers. It has + * support for the basic create, read, update, and delete methods. + */ +public interface AppraiserService { + /** + * Stores a new Appraiser. This stores a new + * Appraiser to be managed by the AppraiserManager + * . If the Appraiser is successfully saved then a reference to + * it is returned. + * + * @param appraiser + * appraiser to save + * @return reference to saved appraiser + * @throws hirs.persist.AppraiserManagerException + * if the appraiser has previously been saved or unexpected + * error occurs + */ + Appraiser saveAppraiser(Appraiser appraiser) + throws AppraiserManagerException; + + /** + * Updates an Appraiser. This updates the Appraiser + * that is managed so subsequent calls to get this Appraiser + * will return the values set by the incoming Appraiser. + * + * @param appraiser + * appraiser + * @throws AppraiserManagerException + * if unable to update the appraiser + */ + void updateAppraiser(Appraiser appraiser) throws AppraiserManagerException; + + /** + * Retrieves the Appraiser identified by name. If + * the Appraiser cannot be found then null is returned. + * + * @param name + * name of the Appraiser + * @return Appraiser whose name is name or null + * if not found + * @throws AppraiserManagerException + * if unable to retrieve the appraiser + */ + Appraiser getAppraiser(String name) throws AppraiserManagerException; + + /** + * Deletes the Appraiser identified by name. If + * the Appraiser is found and deleted then true is returned, + * otherwise false. + * + * @param appraiser + * name of the Appraiser to delete + * @throws AppraiserManagerException + * if unable to delete the appraiser for any reason other than + * not found + */ + void deleteAppraiser(Appraiser appraiser) throws AppraiserManagerException; +} diff --git a/HIRS_Utils/src/main/java/hirs/persist/service/DefaultService.java b/HIRS_Utils/src/main/java/hirs/persist/service/DefaultService.java index 28de926d..1a0b39a9 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/service/DefaultService.java +++ b/HIRS_Utils/src/main/java/hirs/persist/service/DefaultService.java @@ -1,5 +1,7 @@ package hirs.persist.service; +import hirs.persist.OrderedQuery; + import java.util.List; import java.util.UUID; @@ -9,7 +11,7 @@ import java.util.UUID; * support for the basic create, read, update, and delete methods. * @param class type */ -public interface DefaultService { +public interface DefaultService extends OrderedQuery { /** * Returns a list of all T. This searches through diff --git a/HIRS_Utils/src/main/java/hirs/persist/service/PolicyService.java b/HIRS_Utils/src/main/java/hirs/persist/service/PolicyService.java index 7fc4636e..9846391b 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/service/PolicyService.java +++ b/HIRS_Utils/src/main/java/hirs/persist/service/PolicyService.java @@ -1,5 +1,6 @@ package hirs.persist.service; +import hirs.appraiser.Appraiser; import hirs.data.persist.policy.Policy; import java.util.UUID; @@ -29,4 +30,15 @@ public interface PolicyService { * @return a Policy object */ Policy updatePolicy(Policy policy, UUID uuid); + + /** + * Returns the default Policy for the Appraiser. + * If the default Policy has not been set then this returns + * null. + * + * @param appraiser + * appraiser + * @return default policy + */ + Policy getDefaultPolicy(Appraiser appraiser); } diff --git a/HIRS_Utils/src/main/java/hirs/persist/service/ReferenceDigestValueService.java b/HIRS_Utils/src/main/java/hirs/persist/service/ReferenceDigestValueService.java index e455b8b4..83f694f8 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/service/ReferenceDigestValueService.java +++ b/HIRS_Utils/src/main/java/hirs/persist/service/ReferenceDigestValueService.java @@ -2,6 +2,7 @@ package hirs.persist.service; import hirs.data.persist.ReferenceDigestValue; +import java.util.List; import java.util.UUID; /** @@ -29,4 +30,12 @@ public interface ReferenceDigestValueService { * @return a ReferenceDigestValue object */ ReferenceDigestValue updateDigestValue(ReferenceDigestValue digestValue, UUID uuid); + + /** + * Persists a new Reference Digest value. + * + * @param uuid associated with the base rim or potentially support rim. + * @return the persisted list of ReferenceDigestValue + */ + List getValuesByRimId(UUID uuid); }