diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index 5d19bc62..72b09a72 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -26,6 +26,12 @@ import java.util.Objects; @NoArgsConstructor(access = AccessLevel.PROTECTED) public class ComponentResult extends ArchivableEntity { + // String value for the Manufacturer title + public static final String ATTRIBUTE_MANUFACTURER = "Manufacturer"; + // String value for the Model title + public static final String ATTRIBUTE_MODEL = "Model"; + // String value for the Serial title + public static final String ATTRIBUTE_SERIAL = "Serial"; // String value for the revision title public static final String ATTRIBUTE_REVISION = "Revision"; // embedded component info diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java index 31914e15..bf7c832d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java @@ -6,6 +6,7 @@ import lombok.AccessLevel; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import org.apache.commons.lang3.StringUtils; import java.util.UUID; @@ -68,4 +69,16 @@ public class ComponentAttributeResult extends ArchivableEntity { public boolean checkMatchedStatus() { return this.actualValue.equals(this.expectedValue); } + + /** + * For the state of the object, this shouldn't be negative. + * @return the string value of the attribute name + */ + public String getAttribute() { + if (attribute == null) { + attribute = ""; + } + + return attribute; + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java index 98ea051c..320bc99f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java @@ -160,7 +160,7 @@ public class ValidationService { validateDeltaPlatformCredentialAttributes(deviceInfoReport, base, deltaMapping, componentInfos, componentResultRepository, componentAttributeRepository, - provisionSessionId); + provisionSessionId, ignoreRevisionAttribute); switch (result.getAppStatus()) { case PASS: return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index 45677b74..f15cd48f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -317,7 +317,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid final List componentInfos, final ComponentResultRepository componentResultRepository, final ComponentAttributeRepository componentAttributeRepository, - final UUID provisionSessionId) { + final UUID provisionSessionId, final boolean ignoreRevisionAttribute) { boolean fieldValidation = true; StringBuilder resultMessage = new StringBuilder(); List deltaCertificates = new LinkedList<>(deltaMapping.keySet()); @@ -374,9 +374,13 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid componentInfos, remainingComponentResults); for (ComponentAttributeResult componentAttributeResult : attributeResults) { - componentAttributeResult.setProvisionSessionId(provisionSessionId); - componentAttributeRepository.save(componentAttributeResult); - fieldValidation &= componentAttributeResult.checkMatchedStatus(); + if (componentAttributeResult.getAttribute() + .equalsIgnoreCase(ComponentResult.ATTRIBUTE_REVISION) + && !ignoreRevisionAttribute) { + componentAttributeResult.setProvisionSessionId(provisionSessionId); + componentAttributeRepository.save(componentAttributeResult); + fieldValidation &= componentAttributeResult.checkMatchedStatus(); + } } numOfAttributes = attributeResults.size(); } @@ -925,18 +929,27 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid // there are instances of components with the same class (ie hard disks, memory) List attributeResults = new ArrayList<>(); if (!componentInfo.getComponentManufacturer().equals(componentResult.getManufacturer())) { - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getManufacturer(), componentInfo.getComponentManufacturer())); + ComponentAttributeResult manufacturerAttribute = new ComponentAttributeResult( + componentResult.getId(), componentResult.getManufacturer(), + componentInfo.getComponentManufacturer()); + manufacturerAttribute.setAttribute(ComponentResult.ATTRIBUTE_MANUFACTURER); + attributeResults.add(manufacturerAttribute); } if (!componentInfo.getComponentModel().equals(componentResult.getModel())) { - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getModel(), componentInfo.getComponentModel())); + ComponentAttributeResult modelAttribute = new ComponentAttributeResult( + componentResult.getId(), componentResult.getModel(), + componentInfo.getComponentModel()); + modelAttribute.setAttribute(ComponentResult.ATTRIBUTE_MODEL); + attributeResults.add(modelAttribute); } if (!componentInfo.getComponentSerial().equals(componentResult.getSerialNumber())) { - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getSerialNumber(), componentInfo.getComponentSerial())); + ComponentAttributeResult serialAttribute = new ComponentAttributeResult( + componentResult.getId(), componentResult.getSerialNumber(), + componentInfo.getComponentSerial()); + serialAttribute.setAttribute(ComponentResult.ATTRIBUTE_SERIAL); + attributeResults.add(serialAttribute); } if (!componentInfo.getComponentRevision().equals(componentResult.getRevisionNumber())) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java index 8f30dfd6..bb4beedc 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java @@ -242,7 +242,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator { final List componentInfos, final ComponentResultRepository componentResultRepository, final ComponentAttributeRepository componentAttributeRepository, - final UUID provisionSessionId) { + final UUID provisionSessionId, final boolean ignoreRevisionAttribute) { final String baseErrorMessage = "Can't validate platform credential attributes without "; String message; @@ -282,6 +282,6 @@ public class CredentialValidator extends SupplyChainCredentialValidator { return CertificateAttributeScvValidator.validateDeltaAttributesChainV2p0( deviceInfoReport, deltaMapping, origPcComponents, componentInfos, componentResultRepository, - componentAttributeRepository, provisionSessionId); + componentAttributeRepository, provisionSessionId, ignoreRevisionAttribute); } }