From cb2ba1a846c984f9f7d31e15ed21ac1f22ee67ee Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:40:41 -0500 Subject: [PATCH 1/2] Clarified checkstyle changes and renamed some data structures for readability or conformity to documentation --- .../persist/validation/PcrValidator.java | 40 +++++------ ...eferenceManifestDetailsPageController.java | 47 +++++++------ .../ReferenceManifestPageController.java | 66 +++++++++---------- 3 files changed, 75 insertions(+), 78 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java index f964007f..a8b4c7fa 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java @@ -15,6 +15,7 @@ import org.apache.commons.codec.binary.Hex; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -62,17 +63,9 @@ public class PcrValidator { * @param pcrValues RIM provided baseline PCRs */ public PcrValidator(final String[] pcrValues) { - baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1]; - System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1); + baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1); } - /** - * Builds a string array of stored pcrs. - * - * @param pcrContent string representation of the pcr content - * @param algorithmLength length of the algorithm - * @return string array representation of the stored pcrs. - */ public static String[] buildStoredPcrs(final String pcrContent, final int algorithmLength) { // we have a full set of PCR values String[] pcrSet = pcrContent.split("\\n"); @@ -149,7 +142,7 @@ public class PcrValidator { } if (!baselinePcrs[i].equals(storedPcrs[i])) { - log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]); + log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i])); sb.append(String.format(failureMsg, i)); } } @@ -163,36 +156,36 @@ public class PcrValidator { * will ignore certin PCRs, Event Types and Event Variables present. * * @param tcgMeasurementLog Measurement log from the client - * @param eventValueMap The events stored as baseline to compare + * @param eventLogRecords The events stored as baseline to compare * @param policySettings db entity that holds all of policy * @return the events that didn't pass */ public List validateTpmEvents(final TCGEventLog tcgMeasurementLog, - final Map eventValueMap, + final Map eventLogRecords, final PolicySettings policySettings) { List tpmPcrEvents = new LinkedList<>(); for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) { if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) { - log.info("IMA Ignored -> {}", tpe); + log.info(String.format("IMA Ignored -> %s", tpe)); } else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START && tpe.getPcrIndex() <= TBOOT_PCR_END)) { - log.info("TBOOT Ignored -> {}", tpe); + log.info(String.format("TBOOT Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START && tpe.getPcrIndex() <= PXE_PCR_END)) { - log.info("OS Evt Ignored -> {}", tpe); + log.info(String.format("OS Evt Ignored -> %s", tpe)); } else { if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) { - log.info("GPT Ignored -> {}", tpe); + log.info(String.format("GPT Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && ( tpe.getEventTypeStr().contains(EVT_EFI_BOOT) || tpe.getEventTypeStr().contains(EVT_EFI_VAR))) { - log.info("OS Evt Ignored -> {}", tpe); + log.info(String.format("OS Evt Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && ( tpe.getEventTypeStr().contains(EVT_EFI_CFG) && tpe.getEventContentStr().contains("SecureBoot"))) { - log.info("OS Evt Config Ignored -> {}", tpe); + log.info(String.format("OS Evt Config Ignored -> %s", tpe)); } else { - if (!eventValueMap.containsKey(tpe.getEventDigestStr())) { + if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) { tpmPcrEvents.add(tpe); } } @@ -251,13 +244,12 @@ public class PcrValidator { // other information. String calculatedString = Hex.encodeHexString( pcrInfoShort.getCalculatedDigest()); - log.debug( - "Validating PCR information with the following:{}calculatedString = {}{}" - + "quoteString = {}", System.lineSeparator(), calculatedString, - System.lineSeparator(), quoteString); + log.debug("Validating PCR information with the following:" + + System.lineSeparator() + "calculatedString = " + calculatedString + + System.lineSeparator() + "quoteString = " + quoteString); validated = quoteString.contains(calculatedString); if (!validated) { - log.warn("{} not found in {}", calculatedString, quoteString); + log.warn(calculatedString + " not found in " + quoteString); } } catch (NoSuchAlgorithmException naEx) { log.error(naEx); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index ea440af0..ab515308 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -98,13 +98,10 @@ public class ReferenceManifestDetailsPageController * @throws CertificateException if a certificate doesn't parse. */ public static HashMap getRimDetailInfo(final UUID uuid, - final ReferenceManifestRepository - referenceManifestRepository, - final ReferenceDigestValueRepository - referenceDigestValueRepository, + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository, final CertificateRepository certificateRepository, - final CACredentialRepository - caCertificateRepository) + final CACredentialRepository caCertificateRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); @@ -141,14 +138,16 @@ public class ReferenceManifestDetailsPageController * @param certificateRepository the certificate manager. * @param caCertificateRepository the certificate manager. * @return mapping of the RIM information from the database. - * @throws java.io.IOException error for reading file bytes. + * @throws java.io.IOException error for reading file bytes. + * @throws NoSuchAlgorithmException If an unknown Algorithm is encountered. + * @throws CertificateException if a certificate doesn't parse. */ private static HashMap getBaseRimInfo( final BaseReferenceManifest baseRim, final ReferenceManifestRepository referenceManifestRepository, final CertificateRepository certificateRepository, final CACredentialRepository caCertificateRepository) - throws IOException { + throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); // Software Identity @@ -258,8 +257,8 @@ public class ReferenceManifestDetailsPageController caCertificateRepository)); RIM_VALIDATOR.setTrustStore(truststore); } catch (IOException e) { - log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(), - e.getMessage()); + log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": " + + e.getMessage()); } if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(), caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) { @@ -270,7 +269,7 @@ public class ReferenceManifestDetailsPageController break; } } catch (SupplyChainValidatorException scvEx) { - log.error("Error verifying cert chain: {}", scvEx.getMessage()); + log.error("Error verifying cert chain: " + scvEx.getMessage()); } } } @@ -286,7 +285,7 @@ public class ReferenceManifestDetailsPageController } } } catch (NullPointerException npEx) { - log.warn("Unable to link signing certificate: {}", npEx.getMessage()); + log.warn("Unable to link signing certificate: " + npEx.getMessage()); } return data; } @@ -298,7 +297,7 @@ public class ReferenceManifestDetailsPageController * @return list of X509Certificates */ private static List convertCACsToX509Certificates( - final Set set) + Set set) throws IOException { ArrayList certs = new ArrayList<>(set.size()); for (CertificateAuthorityCredential cac : set) { @@ -485,7 +484,7 @@ public class ReferenceManifestDetailsPageController final ReferenceDigestValueRepository referenceDigestValueRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); - LinkedList livelogEvents = new LinkedList<>(); + LinkedList evidence = new LinkedList<>(); BaseReferenceManifest base = null; List supports = new ArrayList<>(); SupportReferenceManifest baseSupport = null; @@ -498,7 +497,7 @@ public class ReferenceManifestDetailsPageController data.put("validationResult", measurements.getOverallValidationResult()); data.put("swidBase", true); - List eventValues = new LinkedList<>(); + List assertions = new LinkedList<>(); if (measurements.getDeviceName() != null) { supports.addAll(referenceManifestRepository.byDeviceName(measurements .getDeviceName())); @@ -518,19 +517,19 @@ public class ReferenceManifestDetailsPageController data.put("associatedRim", base.getId()); } - eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId())); + assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId())); } } TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes()); Map eventValueMap = new HashMap<>(); - for (ReferenceDigestValue rdv : eventValues) { - eventValueMap.put(rdv.getDigestValue(), rdv); + for (ReferenceDigestValue record : assertions) { + eventValueMap.put(record.getDigestValue(), record); } for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) { if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) { - livelogEvents.add(measurementEvent); + evidence.add(measurementEvent); } } @@ -544,7 +543,7 @@ public class ReferenceManifestDetailsPageController String bootVariable; String variablePrefix = "Variable Name:"; String variableSuffix = "UEFI_GUID"; - for (TpmPcrEvent tpe : livelogEvents) { + for (TpmPcrEvent tpe : evidence) { matchedEvents = new ArrayList<>(); for (TpmPcrEvent tpmPcrEvent : combinedBaselines) { if (tpmPcrEvent.getEventType() == tpe.getEventType()) { @@ -567,7 +566,7 @@ public class ReferenceManifestDetailsPageController } TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes()); - data.put("livelogEvents", livelogEvents); + data.put("livelogEvents", evidence); data.put("events", logProcessor.getEventList()); getEventSummary(data, logProcessor.getEventList()); @@ -608,6 +607,12 @@ public class ReferenceManifestDetailsPageController String uuidError = "Failed to parse ID from: " + params.getId(); messages.addError(uuidError); log.error(uuidError, iaEx); + } catch (CertificateException cEx) { + log.error(cEx); + } catch (NoSuchAlgorithmException nsEx) { + log.error(nsEx); + } catch (IOException ioEx) { + log.error(ioEx); } catch (Exception ex) { log.error(ex); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 7e885720..54af3181 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -76,10 +76,8 @@ public class ReferenceManifestPageController extends PageController getTableData( @Valid final DataTableInput input) { - log.debug("Handling request for summary list: {}", input); + log.debug("Handling request for summary list: " + input); String orderColumnName = input.getOrderColumnName(); - log.info("Ordering on column: {}", orderColumnName); - log.info("Querying with the following dataTableInput: {}", input); + log.info("Ordering on column: " + orderColumnName); + log.info("Querying with the following dataTableInput: " + input); FilteredRecordsList records = new FilteredRecordsList<>(); int currentPage = input.getStart() / input.getLength(); @@ -138,7 +136,7 @@ public class ReferenceManifestPageController extends PageController(records, input); } @@ -163,7 +161,7 @@ public class ReferenceManifestPageController extends PageController baseRims = new ArrayList<>(); List supportRims = new ArrayList<>(); - log.info("Processing {} uploaded files", files.length); + log.info(String.format("Processing %s uploaded files", files.length)); // loop through the files for (MultipartFile file : files) { @@ -179,22 +177,20 @@ public class ReferenceManifestPageController extends PageController { - log.info("Storing swidtag {}", rim.getFileName()); + log.info(String.format("Storing swidtag %s", rim.getFileName())); this.referenceManifestRepository.save(rim); }); - supportRims.forEach((rim) -> { - log.info("Storing event log {}", rim.getFileName()); + log.info(String.format("Storing event log %s", rim.getFileName())); this.referenceManifestRepository.save(rim); }); @@ -229,7 +225,7 @@ public class ReferenceManifestPageController extends PageController model = new HashMap<>(); PageMessages messages = new PageMessages(); @@ -274,7 +270,7 @@ public class ReferenceManifestPageController extends PageController dbSupportRims) { - List tpmEvents; + List referenceValues; TCGEventLog logProcessor = null; ReferenceManifest baseRim; ReferenceDigestValue newRdv; @@ -511,9 +507,9 @@ public class ReferenceManifestPageController extends PageController Date: Wed, 11 Dec 2024 10:04:10 -0500 Subject: [PATCH 2/2] Clean up checkstyle warnings --- .../persist/validation/PcrValidator.java | 13 ++++++++++--- .../ReferenceManifestDetailsPageController.java | 13 +++++++------ .../ReferenceManifestPageController.java | 14 +++++++------- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java index a8b4c7fa..6620f815 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java @@ -66,6 +66,13 @@ public class PcrValidator { baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1); } + /** + * Builds a string array of stored pcrs. + * + * @param pcrContent string representation of the pcr content + * @param algorithmLength length of the algorithm + * @return string array representation of the stored pcrs. + */ public static String[] buildStoredPcrs(final String pcrContent, final int algorithmLength) { // we have a full set of PCR values String[] pcrSet = pcrContent.split("\\n"); @@ -244,9 +251,9 @@ public class PcrValidator { // other information. String calculatedString = Hex.encodeHexString( pcrInfoShort.getCalculatedDigest()); - log.debug("Validating PCR information with the following:" + - System.lineSeparator() + "calculatedString = " + calculatedString + - System.lineSeparator() + "quoteString = " + quoteString); + log.debug("Validating PCR information with the following:" + + System.lineSeparator() + "calculatedString = " + calculatedString + + System.lineSeparator() + "quoteString = " + quoteString); validated = quoteString.contains(calculatedString); if (!validated) { log.warn(calculatedString + " not found in " + quoteString); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index ab515308..16d2e988 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -97,11 +97,12 @@ public class ReferenceManifestDetailsPageController * @throws NoSuchAlgorithmException If an unknown Algorithm is encountered. * @throws CertificateException if a certificate doesn't parse. */ - public static HashMap getRimDetailInfo(final UUID uuid, - final ReferenceManifestRepository referenceManifestRepository, - final ReferenceDigestValueRepository referenceDigestValueRepository, - final CertificateRepository certificateRepository, - final CACredentialRepository caCertificateRepository) + public static HashMap getRimDetailInfo( + final UUID uuid, + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository, + final CertificateRepository certificateRepository, + final CACredentialRepository caCertificateRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); @@ -297,7 +298,7 @@ public class ReferenceManifestDetailsPageController * @return list of X509Certificates */ private static List convertCACsToX509Certificates( - Set set) + final Set set) throws IOException { ArrayList certs = new ArrayList<>(set.size()); for (CertificateAuthorityCredential cac : set) { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 54af3181..fc84e213 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -76,8 +76,9 @@ public class ReferenceManifestPageController extends PageController