ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 21:43:18 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/gradle-7-update' into total-refactor

Browse Source
This commit is contained in:
Cyrus 2022-11-08 11:18:58 -05:00
commit b521be901c
396 changed files with 6233 additions and 42132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
HIRS_AttestationCA/build.gradle
View File

@ -1,89 +1,66 @@
apply plugin: 'war'
apply plugin: 'checkstyle'
plugins {
id 'war'
id 'java'
}
tasks.withType(JavaCompile) {
options.release = 11
}
repositories {
mavenCentral()
}
evaluationDependsOn(':HIRS_Utils')
sourceCompatibility = 1.8
dependencies {
compile project(':TPM_Utils')
compile project(':HIRS_Structs')
compile project(':HIRS_Utils')
// implementation project(':TPM_Utils')
implementation project(':HIRS_Structs')
implementation project(':HIRS_Utils')
implementation libs.bouncy.castle
implementation libs.commons.codec
implementation libs.commons.lang
implementation libs.commons.io
implementation libs.guava
implementation libs.javax.jaxb
implementation libs.spring.webmvc
implementation libs.spring.data
implementation libs.spring.boot
implementation libs.spring.retry
implementation libs.spring.plugin
implementation libs.log4j2
implementation libs.log4j2.web
implementation libs.protobuf.java
compile libs.bouncy_castle
compile libs.commons_codec
compile libs.commons_lang
compile libs.spring_webmvc
compile libs.log4j2
compile libs.log4j2_web
compile libs.protobuf_java
implementation libs.servlet.api
providedCompile libs.servlet_api
testImplementation project(':HIRS_Utils').sourceSets.test.output
testImplementation project(':HIRS_Utils').sourceSets.test.resources
testCompile project(':HIRS_Utils').sourceSets.test.output
testCompile project(':HIRS_Utils').sourceSets.test.resources
testCompile libs.commons_lang
testCompile libs.spring_test
testCompile libs.mockito
testCompile libs.testng
testCompile libs.hsqldb
testImplementation libs.commons.lang
testImplementation libs.spring.test
testImplementation libs.mockito
testImplementation libs.testng
testImplementation libs.hsqldb
}
task generateProtoBuf(type:Exec) {
workingDir 'config'
commandLine './genJavaProtoBuf.sh'
}
def copyVersion = project.task('copyVersion')
compileJava.dependsOn generateProtoBuf
copyVersion.dependsOn compileJava
war.dependsOn copyVersion
ext.configDir = new File(projectDir, 'config')
ext.checkstyleConfigDir = "$configDir/checkstyle"
checkstyle {
toolVersion = '8.10.1'
configFile = checkstyleConfigFile
configProperties.put('basedir', checkstyleConfigDir)
ignoreFailures = false
showViolations = true
}
war {
from(buildDir) {
include 'VERSION'
into 'WEB-INF/classes'
}
archiveName = 'HIRS_AttestationCA.war'
}
publishing {
publications {
maven(MavenPublication) {
artifactId 'hirs-attestationca'
artifact jar
pom.withXml {
def dependenciesNode = asNode().appendNode('dependencies')
configurations.runtime.allDependencies.each {
if (it.group != null && it.name != null) {
def dependencyNode = dependenciesNode.appendNode('dependency')
dependencyNode.appendNode('groupId', it.group)
dependencyNode.appendNode('artifactId', it.name)
dependencyNode.appendNode('version', it.version)
if (it.excludeRules.size() > 0) {
def exclusionsNode = dependencyNode.appendNode('exclusions')
it.excludeRules.each { rule ->
def exclusionNode = exclusionsNode.appendNode('exclusion')
exclusionNode.appendNode('groupId', rule.group)
exclusionNode.appendNode('artifactId', rule.module)
}
}
}
}
}
}
}
archiveFileName = 'HIRS_AttestationCA.war'
}

107
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -6,7 +6,7 @@ import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.exceptions.CertificateProcessingException;
import hirs.attestationca.exceptions.IdentityProcessingException;
import hirs.attestationca.exceptions.UnexpectedServerException;
import hirs.attestationca.service.SupplyChainValidationService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.Device;
@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.SupportReferenceManifest;
import hirs.data.persist.SwidResource;
@ -27,14 +26,13 @@ import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.DBManager;
import hirs.persist.DeviceManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.TPM2ProvisionerState;
import hirs.persist.service.CertificateService;
import hirs.persist.service.ReferenceManifestService;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
@ -176,12 +174,10 @@ public abstract class AbstractAttestationCertificateAuthority
*/
private Integer validDays = 1;
private final CertificateManager certificateManager;
private final ReferenceManifestManager referenceManifestManager;
private final CertificateService certificateService;
private final ReferenceManifestService referenceManifestService;
private final DeviceRegister deviceRegister;
private final DeviceManager deviceManager;
private final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager;
private final ReferenceDigestManager referenceDigestManager;
private final ReferenceEventManager referenceEventManager;
private String tpmQuoteHash = "";
private String tpmQuoteSignature = "";
@ -192,13 +188,11 @@ public abstract class AbstractAttestationCertificateAuthority
* @param privateKey the ACA private key
* @param acaCertificate the ACA certificate
* @param structConverter the struct converter
* @param certificateManager the certificate manager
* @param referenceManifestManager the Reference Manifest manager
* @param certificateService the certificate service
* @param referenceManifestService the Reference Manifest service
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
* @param deviceManager the device manager
* @param tpm2ProvisionerStateDBManager the DBManager for persisting provisioner state
* @param referenceDigestManager the reference digest manager
* @param referenceEventManager the reference event manager
*/
@SuppressWarnings("checkstyle:parameternumber")
@ -206,24 +200,20 @@ public abstract class AbstractAttestationCertificateAuthority
final SupplyChainValidationService supplyChainValidationService,
final PrivateKey privateKey, final X509Certificate acaCertificate,
final StructConverter structConverter,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final CertificateService certificateService,
final ReferenceManifestService referenceManifestService,
final DeviceRegister deviceRegister, final int validDays,
final DeviceManager deviceManager,
final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager) {
this.supplyChainValidationService = supplyChainValidationService;
this.privateKey = privateKey;
this.acaCertificate = acaCertificate;
this.structConverter = structConverter;
this.certificateManager = certificateManager;
this.referenceManifestManager = referenceManifestManager;
this.certificateService = certificateService;
this.referenceManifestService = referenceManifestService;
this.deviceRegister = deviceRegister;
this.validDays = validDays;
this.deviceManager = deviceManager;
this.tpm2ProvisionerStateDBManager = tpm2ProvisionerStateDBManager;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
}
@ -262,7 +252,7 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] ecBytesFromIdentityRequest = proof.getEndorsementCredential();
if (ArrayUtils.isNotEmpty(ecBytesFromIdentityRequest)) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
this.certificateManager, ecBytesFromIdentityRequest
this.certificateService, ecBytesFromIdentityRequest
);
try {
BigInteger publicKeyModulus = Certificate.getPublicKeyModulus(
@ -291,7 +281,7 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] pcBytesFromIdentityRequest = proof.getPlatformCredential();
if (ArrayUtils.isNotEmpty(pcBytesFromIdentityRequest)) {
platformCredentials.add(CredentialManagementHelper.storePlatformCredential(
this.certificateManager, pcBytesFromIdentityRequest
this.certificateService, pcBytesFromIdentityRequest
));
} else if (endorsementCredential != null) {
// if none in the identity request, look for uploaded platform credentials
@ -453,8 +443,6 @@ public abstract class AbstractAttestationCertificateAuthority
LOG.info("Sending nonce: " + strNonce);
LOG.info("Persisting claim of length: " + identityClaim.length);
tpm2ProvisionerStateDBManager.save(new TPM2ProvisionerState(nonce, identityClaim));
if (scp != null && scp.isIgnoreImaEnabled()) {
pcrQuoteMask = PCR_QUOTE_MASK.replace("10,", "");
}
@ -504,7 +492,7 @@ public abstract class AbstractAttestationCertificateAuthority
if (platformCredentials.size() == 1) {
for (PlatformCredential pc : platformCredentials) {
if (pc != null && pc.getPlatformSerial() != null) {
platformCredentials.addAll(PlatformCredential.select(this.certificateManager)
platformCredentials.addAll(PlatformCredential.select(this.certificateService)
.byBoardSerialNumber(pc.getPlatformSerial()).getCertificates());
}
}
@ -635,9 +623,6 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] derEncodedAttestationCertificate = getDerEncodedCertificate(
attestationCertificate);
// We validated the nonce and made use of the identity claim so state can be deleted
tpm2ProvisionerStateDBManager.delete(tpm2ProvisionerState);
// Package the signed certificate into a response
ByteString certificateBytes = ByteString
.copyFrom(derEncodedAttestationCertificate);
@ -811,7 +796,7 @@ public abstract class AbstractAttestationCertificateAuthority
if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
try {
support = SupportReferenceManifest.select(referenceManifestManager)
support = SupportReferenceManifest.select(referenceManifestService)
.byHexDecHash(Hex.encodeHexString(messageDigest.digest(
logFile.toByteArray()))).includeArchived()
.getRIM();
@ -829,13 +814,14 @@ public abstract class AbstractAttestationCertificateAuthority
support.getHexDecHash().substring(
support.getHexDecHash().length() - NUM_OF_VARIABLES)));
support.setDeviceName(dv.getNw().getHostname());
this.referenceManifestManager.save(support);
this.referenceManifestService.saveRIM(support);
} else {
LOG.info("Client provided Support RIM already loaded in database.");
if (support.isArchived()) {
support.restore();
support.resetCreateTime();
this.referenceManifestManager.update(support);
this.referenceManifestService.updateReferenceManifest(support,
support.getId());
}
}
} catch (IOException ioEx) {
@ -853,7 +839,7 @@ public abstract class AbstractAttestationCertificateAuthority
if (dv.getSwidfileCount() > 0) {
for (ByteString swidFile : dv.getSwidfileList()) {
try {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
dbBaseRim = BaseReferenceManifest.select(referenceManifestService)
.byBase64Hash(Base64.getEncoder()
.encodeToString(messageDigest
.digest(swidFile.toByteArray())))
@ -865,7 +851,7 @@ public abstract class AbstractAttestationCertificateAuthority
defaultClientName),
swidFile.toByteArray());
dbBaseRim.setDeviceName(dv.getNw().getHostname());
this.referenceManifestManager.save(dbBaseRim);
this.referenceManifestService.saveRIM(dbBaseRim);
} else {
LOG.info("Client provided Base RIM already loaded in database.");
/**
@ -875,7 +861,8 @@ public abstract class AbstractAttestationCertificateAuthority
if (dbBaseRim.isArchived()) {
dbBaseRim.restore();
dbBaseRim.resetCreateTime();
this.referenceManifestManager.update(dbBaseRim);
this.referenceManifestService.updateReferenceManifest(dbBaseRim,
dbBaseRim.getId());
}
}
} catch (IOException ioEx) {
@ -889,7 +876,7 @@ public abstract class AbstractAttestationCertificateAuthority
//update Support RIMs and Base RIMs.
for (ByteString swidFile : dv.getSwidfileList()) {
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
dbBaseRim = BaseReferenceManifest.select(referenceManifestService)
.byBase64Hash(Base64.getEncoder().encodeToString(messageDigest.digest(
swidFile.toByteArray()))).includeArchived()
.getRIM();
@ -908,7 +895,7 @@ public abstract class AbstractAttestationCertificateAuthority
// now update support rim
SupportReferenceManifest dbSupport = SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byHexDecHash(swid.getHashValue()).getRIM();
if (dbSupport != null) {
dbSupport.setFileName(swid.getName());
@ -921,11 +908,13 @@ public abstract class AbstractAttestationCertificateAuthority
dbBaseRim.setAssociatedRim(dbSupport.getId());
dbSupport.setUpdated(true);
dbSupport.setAssociatedRim(dbBaseRim.getId());
this.referenceManifestManager.update(dbSupport);
this.referenceManifestService.updateReferenceManifest(dbSupport,
dbSupport.getId());
listOfSavedRims.add(dbSupport);
}
}
this.referenceManifestManager.update(dbBaseRim);
this.referenceManifestService.updateReferenceManifest(dbBaseRim,
dbBaseRim.getId());
listOfSavedRims.add(dbBaseRim);
}
}
@ -940,18 +929,18 @@ public abstract class AbstractAttestationCertificateAuthority
EventLogMeasurements temp = new EventLogMeasurements(fileName,
dv.getLivelog().toByteArray());
// find previous version.
measurements = EventLogMeasurements.select(referenceManifestManager)
measurements = EventLogMeasurements.select(referenceManifestService)
.byDeviceName(dv.getNw().getHostname())
.includeArchived()
.getRIM();
if (measurements != null) {
// Find previous log and delete it
referenceManifestManager.deleteReferenceManifest(measurements);
referenceManifestService.deleteRIM(measurements);
}
BaseReferenceManifest baseRim = BaseReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byManufacturerModelBase(dv.getHw().getManufacturer(),
dv.getHw().getProductName())
.getRIM();
@ -963,19 +952,19 @@ public abstract class AbstractAttestationCertificateAuthority
if (baseRim != null) {
measurements.setAssociatedRim(baseRim.getAssociatedRim());
}
this.referenceManifestManager.save(measurements);
this.referenceManifestService.saveRIM(measurements);
if (baseRim != null) {
// pull the base versions of the swidtag and rimel and set the
// event log hash for use during provision
SupportReferenceManifest sBaseRim = SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byEntityId(baseRim.getAssociatedRim())
.getRIM();
baseRim.setEventLogHash(temp.getHexDecHash());
sBaseRim.setEventLogHash(temp.getHexDecHash());
referenceManifestManager.update(baseRim);
referenceManifestManager.update(sBaseRim);
referenceManifestService.updateReferenceManifest(baseRim, baseRim.getId());
referenceManifestService.updateReferenceManifest(sBaseRim, baseRim.getId());
}
} catch (IOException ioEx) {
LOG.error(ioEx);
@ -1010,7 +999,7 @@ public abstract class AbstractAttestationCertificateAuthority
List<SupportReferenceManifest> supplementalRims = new ArrayList<>();
List<SupportReferenceManifest> patchRims = new ArrayList<>();
Set<SupportReferenceManifest> dbSupportRims = SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byManufacturerModel(manufacturer, model).getRIMs();
List<ReferenceDigestValue> sourcedValues = referenceEventManager
.getValueByManufacturerModel(manufacturer, model);
@ -1144,7 +1133,7 @@ public abstract class AbstractAttestationCertificateAuthority
EndorsementCredential credential = null;
try {
credential = EndorsementCredential.select(this.certificateManager)
credential = EndorsementCredential.select(this.certificateService)
.byPublicKeyModulus(Certificate.getPublicKeyModulus(ekPublicKey))
.getCertificate();
} catch (IOException e) {
@ -1168,7 +1157,7 @@ public abstract class AbstractAttestationCertificateAuthority
} else {
LOG.debug("Searching for platform credential(s) based on holder serial number: "
+ ec.getSerialNumber());
credentials = PlatformCredential.select(this.certificateManager)
credentials = PlatformCredential.select(this.certificateService)
.byHolderSerialNumber(ec.getSerialNumber())
.getCertificates();
if (credentials == null || credentials.isEmpty()) {
@ -1799,11 +1788,11 @@ public abstract class AbstractAttestationCertificateAuthority
*/
private TPM2ProvisionerState getTpm2ProvisionerState(
final ProvisionerTpm2.CertificateRequest request) {
if (request.hasNonce()) {
byte[] nonce = request.getNonce().toByteArray();
return TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateDBManager,
nonce);
}
// if (request.hasNonce()) {
// byte[] nonce = request.getNonce().toByteArray();
// return TPM2ProvisionerState.getTPM2ProvisionerState(tpm2ProvisionerStateDBManager,
// nonce);
// }
return null;
}
@ -1839,7 +1828,7 @@ public abstract class AbstractAttestationCertificateAuthority
EndorsementCredential endorsementCredential = null;
if (identityClaim.hasEndorsementCredential()) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
this.certificateManager,
this.certificateService,
identityClaim.getEndorsementCredential().toByteArray());
} else if (ekPub != null) {
LOG.warn("Endorsement Cred was not in the identity claim from the client."
@ -1870,7 +1859,7 @@ public abstract class AbstractAttestationCertificateAuthority
for (ByteString platformCredential : identityClaim.getPlatformCredentialList()) {
if (!platformCredential.isEmpty()) {
platformCredentials.add(CredentialManagementHelper.storePlatformCredential(
this.certificateManager, platformCredential.toByteArray()));
this.certificateService, platformCredential.toByteArray()));
}
}
} else if (endorsementCredential != null) {
@ -1928,7 +1917,7 @@ public abstract class AbstractAttestationCertificateAuthority
derEncodedAttestationCertificate, endorsementCredential, platformCredentials);
if (scp != null) {
issuedAc = IssuedAttestationCertificate.select(certificateManager)
issuedAc = IssuedAttestationCertificate.select(certificateService)
.byDeviceId(device.getId()).getCertificate();
generateCertificate = scp.isIssueAttestationCertificate();
@ -1947,7 +1936,7 @@ public abstract class AbstractAttestationCertificateAuthority
}
if (generateCertificate) {
attCert.setDevice(device);
certificateManager.save(attCert);
certificateService.saveCertificate(attCert);
}
} catch (Exception e) {
LOG.error("Error saving generated Attestation Certificate to database.", e);

38
HIRS_AttestationCA/src/main/java/hirs/attestationca/AcaDbInit.java
View File

@ -1,11 +1,9 @@
package hirs.attestationca;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.SupplyChainPolicy;
import hirs.persist.AppraiserManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.PolicyManager;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.service.AppraiserService;
import hirs.persist.service.PolicyService;
import static hirs.attestationca.AbstractAttestationCertificateAuthority.LOG;
@ -21,30 +19,18 @@ public final class AcaDbInit {
* Insert the ACA's default entries into the DB. This class is invoked after successful
* install of the HIRS_AttestationCA RPM.
*
* @param appraiserManager the AppraiserManager to use to persist appraisers
* @param deviceGroupManager the DeviceGroupManager to use to persist device groups
* @param policyManager the PolicyManager to use to persist policies
* @param appraiserService the AppraiserService to use to persist appraisers
* @param policyService the PolicyService to use to persist policies
*/
public static synchronized void insertDefaultEntries(
final AppraiserManager appraiserManager,
final DeviceGroupManager deviceGroupManager,
final PolicyManager policyManager) {
final AppraiserService appraiserService,
final PolicyService policyService) {
LOG.info("Ensuring default ACA database entries are present.");
// Ensure the default group exists. It may have already been created by the Server RPM
DeviceGroup defaultGroup = deviceGroupManager.getDeviceGroup(DeviceGroup.DEFAULT_GROUP);
if (defaultGroup == null) {
LOG.info("Default group not found; saving...");
defaultGroup = deviceGroupManager.saveDeviceGroup(new DeviceGroup(
DeviceGroup.DEFAULT_GROUP,
"This is the default group"));
LOG.info("Saved default group.");
}
// If the SupplyChainAppraiser exists, do not attempt to re-save the supply chain appraiser
// or SupplyChainPolicy
SupplyChainAppraiser supplyChainAppraiser = (SupplyChainAppraiser)
appraiserManager.getAppraiser(SupplyChainAppraiser.NAME);
appraiserService.getAppraiser(SupplyChainAppraiser.NAME);
if (supplyChainAppraiser != null) {
LOG.info("Supply chain appraiser is present; not inserting any more entries.");
LOG.info("ACA database initialization complete.");
@ -54,15 +40,15 @@ public final class AcaDbInit {
// Create the SupplyChainAppraiser
LOG.info("Saving supply chain appraiser...");
supplyChainAppraiser = (SupplyChainAppraiser)
appraiserManager.saveAppraiser(new SupplyChainAppraiser());
appraiserService.saveAppraiser(new SupplyChainAppraiser());
// Create the SupplyChainPolicy
LOG.info("Saving default supply chain policy...");
SupplyChainPolicy supplyChainPolicy = new SupplyChainPolicy(
SupplyChainPolicy.DEFAULT_POLICY);
policyManager.savePolicy(supplyChainPolicy);
policyManager.setDefaultPolicy(supplyChainAppraiser, supplyChainPolicy);
policyManager.setPolicy(supplyChainAppraiser, defaultGroup, supplyChainPolicy);
policyService.savePolicy(supplyChainPolicy);
policyService.setDefaultPolicy(supplyChainAppraiser, supplyChainPolicy);
policyService.setPolicy(supplyChainAppraiser, supplyChainPolicy);
LOG.info("ACA database initialization complete.");
}

339
HIRS_AttestationCA/src/main/java/hirs/attestationca/AttestationCertificateAuthorityConfiguration.java Normal file
View File

@ -0,0 +1,339 @@
package hirs.attestationca;
import hirs.structs.converters.SimpleStructConverter;
import hirs.structs.converters.StructConverter;
import hirs.utils.LogConfigurationUtil;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.hibernate.jpa.HibernatePersistenceProvider;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.PropertySources;
import org.springframework.context.annotation.Scope;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.core.env.Environment;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.PostConstruct;
import javax.persistence.EntityManagerFactory;
import javax.sql.DataSource;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
/**
* Provides application context configuration for the Attestation Certificate
* Authority application. The properties are processed in order and as such, the
* last property file read in will override properties that may had already been
* defined previously. In other words, the 'defaults.properties' file provides a
* basic standard of properties that can be overrode by the
*/
@Configuration
@PropertySources({
@PropertySource(value = "classpath:defaults.properties"),
@PropertySource(value = "classpath:persistence.properties"),
// detects if file exists, if not, ignore errors
@PropertySource(value = "file:/etc/hirs/aca/aca.properties",
ignoreResourceNotFound = true)
})
@EnableTransactionManagement
@ComponentScan({ "hirs.attestationca", "hirs.attestationca.service", "hirs.attestationca.rest",
"hirs.validation", "hirs.data.service", "hirsattestationca.configuration" })
@EnableWebMvc
public class AttestationCertificateAuthorityConfiguration implements WebMvcConfigurer {
private static final Logger LOG
= LogManager.getLogger(AttestationCertificateAuthorityConfiguration.class);
static {
try {
LogConfigurationUtil.applyConfiguration();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@Autowired
private Environment environment;
/**
* Creates a JPA transaction manager.
* @return instance of the manager
*/
@Bean
public JpaTransactionManager jpaTransactionManager() {
JpaTransactionManager transactionManager = new JpaTransactionManager();
transactionManager.setEntityManagerFactory(entityManagerFactory());
return transactionManager;
}
/**
* @return bean to resolve injected annotation.Value property expressions
* for beans.
*/
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
/**
* Initialization of the ACA. Detects environment and runs configuration
* methods as required. This method is intended to be invoked by the Spring
* application context.
*/
@PostConstruct
void initialize() {
// ensure that Bouncy Castle is registered as a security provider
Security.addProvider(new BouncyCastleProvider());
// obtain path to ACA configuration
Path certificatesPath = Paths.get(
environment.getRequiredProperty("aca.directories.certificates"));
// create base directories if they do not exist
try {
Files.createDirectories(certificatesPath);
} catch (IOException e) {
throw new BeanInitializationException(
"Encountered error while initializing ACA directories: " + e.getMessage(), e);
}
// create the ACA key store if it doesn't exist
Path keyStorePath = Paths.get(environment.getRequiredProperty("aca.keyStore.location"));
if (!Files.exists(keyStorePath)) {
throw new IllegalStateException(
String.format("ACA Key Store not found at %s. Consult the HIRS User "
+ "Guide for ACA installation instructions.",
environment.getRequiredProperty("aca.keyStore.location")));
}
}
private HibernateJpaVendorAdapter vendorAdaptor() {
HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
vendorAdapter.setShowSql(true);
return vendorAdapter;
}
/**
* Configures a session factory bean that in turn configures the hibernate session factory.
* Enables auto scanning of annotations such that entities do not need to be registered in a
* hibernate configuration file.
*
* @return Entity Manager
*/
@Bean
public EntityManagerFactory entityManagerFactory() {
LocalContainerEntityManagerFactoryBean entityManagerFactoryBean
= new LocalContainerEntityManagerFactoryBean();
entityManagerFactoryBean.setJpaVendorAdapter(vendorAdaptor());
entityManagerFactoryBean.setDataSource(dataSource());
entityManagerFactoryBean.setPersistenceProviderClass(HibernatePersistenceProvider.class);
entityManagerFactoryBean.setPackagesToScan("hirs");
entityManagerFactoryBean.setJpaProperties(hibernateProperties());
return entityManagerFactoryBean.getObject();
}
private Map<String, String> getSettings() {
Map<String, String> settings = new HashMap<>();
settings.put("connection.driver_class",
environment.getRequiredProperty("persistence.db.driverClass"));
settings.put("dialect", environment.getRequiredProperty("persistence.hibernate.dialect"));
settings.put("hibernate.connection.url",
environment.getRequiredProperty("persistence.db.url"));
settings.put("hibernate.connection.username",
environment.getRequiredProperty("persistence.db.username"));
settings.put("hibernate.connection.password",
environment.getRequiredProperty("persistence.db.password"));
// settings.put("hibernate.current_session_context_class", );
settings.put("hibernate.show_sql", environment.getRequiredProperty("hibernate.show_sql"));
settings.put("hibernate.format_sql",
environment.getRequiredProperty("hibernate.format_sql"));
return settings;
}
/**
* Configures the data source to be used by the hibernate session factory.
*
* @return configured data source
*/
@Bean(destroyMethod = "close")
public DataSource dataSource() {
DriverManagerDataSource dataSource = new DriverManagerDataSource();
dataSource.setUrl(
environment.getRequiredProperty("persistence.db.url"));
dataSource.setUsername(
environment.getRequiredProperty("persistence.db.username"));
dataSource.setPassword(
environment.getRequiredProperty("persistence.db.password"));
dataSource.setDriverClassName(
environment.getRequiredProperty("persistence.db.driverClass"));
// dataSource.setMaximumPoolSize(Integer.parseInt(environment
// .getRequiredProperty("persistence.db.maximumPoolSize"));
// dataSource.setConnectionTimeout(Long.parseLong(environment.
// getRequiredProperty("persistence.db.connectionTimeout"));
// dataSource.setLeakDetectionThreshold(Long.parseLong(environment
// .getRequiredProperty("persistence.db.leakDetectionThreshold"));
return dataSource;
}
/**
* Generates properties using configuration file that will be used to configure the session
* factory.
*
* @return properties for hibernate session factory
*/
@Bean
public Properties hibernateProperties() {
Properties properties = new Properties();
// properties.put("hibernate.dialect",
// environment.getRequiredProperty("persistence.hibernate.dialect"));
// properties.put("hibernate.show_sql",
// environment.getRequiredProperty("hibernate.show_sql"));
// properties.put("hibernate.format_sql",
// environment.getRequiredProperty("hibernate.format_sql"));
properties.put("hibernate.hbm2ddl.auto",
environment.getRequiredProperty("persistence.hibernate.ddl"));
// properties.put("hibernate.current_session_context_class", "thread");
return properties;
}
/**
* @return the {@link PrivateKey} of the ACA
*/
@Bean
public PrivateKey privateKey() {
// obtain the key store
KeyStore keyStore = keyStore();
try {
// load the key from the key store
PrivateKey acaKey = (PrivateKey) keyStore.getKey("aca.keyStore.alias",
environment.getRequiredProperty("aca.keyStore.password").toCharArray());
// break early if the certificate is not available.
if (acaKey == null) {
throw new BeanInitializationException(String.format("Key with alias "
+ "%s was not in KeyStore %s. Ensure that the KeyStore has the "
+ "specified certificate. ",
environment.getRequiredProperty("aca.keyStore.alias"),
environment.getRequiredProperty("aca.keyStore.location")));
}
return acaKey;
} catch (Exception e) {
throw new BeanInitializationException("Encountered error loading ACA private key "
+ "from key store: " + e.getMessage(), e);
}
}
/**
* Bean holding the maximum retry attempts for a DB transaction.
* @return the maximum retry count
*/
@Bean(name = "maxTransactionRetryAttempts")
public int maxTransactionRetryAttempts() {
return environment.getRequiredProperty("persistence.db.maxTransactionRetryAttempts",
Integer.class);
}
/**
* Bean holding the time to wait until retrying a failed transaction.
* @return the wait time, in milliseconds
*/
@Bean(name = "retryWaitTimeMilliseconds")
public long retryWaitTimeMilliseconds() {
return environment.getRequiredProperty("persistence.db.retryWaitTimeMilliseconds",
Long.class);
}
/**
* @return the {@link X509Certificate} of the ACA
*/
@Bean
public X509Certificate acaCertificate() {
KeyStore keyStore = keyStore();
try {
X509Certificate acaCertificate = (X509Certificate) keyStore.getCertificate(
environment.getRequiredProperty("aca.keyStore.alias"));
// break early if the certificate is not available.
if (acaCertificate == null) {
throw new BeanInitializationException(String.format("Certificate with alias "
+ "%s was not in KeyStore %s. Ensure that the KeyStore has the "
+ "specified certificate. ",
environment.getRequiredProperty("aca.keyStore.alias"),
environment.getRequiredProperty("aca.keyStore.location")));
}
return acaCertificate;
} catch (KeyStoreException e) {
throw new BeanInitializationException("Encountered error loading ACA certificate "
+ "from key store: " + e.getMessage(), e);
}
}
/**
* @return the {@link java.security.KeyStore} that contains the certificates
* for the ACA.
*/
@Bean
public KeyStore keyStore() {
Path keyStorePath = Paths.get(environment.getRequiredProperty("aca.keyStore.location"));
// attempt to open the key store. if that fails, log a meaningful message before failing.
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(Files.newInputStream(keyStorePath),
environment.getRequiredProperty("aca.keyStore.password").toCharArray());
return keyStore;
} catch (Exception e) {
LOG.error(String.format(
"Encountered error while loading ACA key store. The most common issue is "
+ "that configured password does not work on the configured key"
+ " store %s.", keyStorePath));
LOG.error(String.format("Exception message: %s", e.getMessage()));
throw new BeanInitializationException(e.getMessage(), e);
}
}
/**
* Prototyped {@link StructConverter}. In other words, all instances
* returned by this method will be configured identically, but subsequent
* invocations will return a new instance.
*
* @return ready to use {@link StructConverter}.
*/
@Bean
@Scope("prototype")
public static StructConverter structConverter() {
return new SimpleStructConverter();
}
}

36
HIRS_AttestationCA/src/main/java/hirs/attestationca/CredentialManagementHelper.java
View File

@ -1,11 +1,11 @@
package hirs.attestationca;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException;
import hirs.persist.service.CertificateService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.util.List;
import java.util.stream.Collectors;
@ -24,16 +24,16 @@ public final class CredentialManagementHelper {
/**
* Parses and stores the EK in the cert manager. If the cert is already present and archived,
* it is unarchived.
* @param certificateManager the certificate manager used for storage
* @param certificateService the certificate service used for storage
* @param endorsementBytes the raw EK bytes used for parsing
* @return the parsed, valid EK
* @throws IllegalArgumentException if the provided bytes are not a valid EK.
*/
public static EndorsementCredential storeEndorsementCredential(
final CertificateManager certificateManager,
final CertificateService certificateService,
final byte[] endorsementBytes) throws IllegalArgumentException {
if (certificateManager == null) {
if (certificateService == null) {
throw new IllegalArgumentException("null certificate manager");
}
@ -60,17 +60,19 @@ public final class CredentialManagementHelper {
}
int certificateHash = endorsementCredential.getCertificateHash();
EndorsementCredential existingCredential =
EndorsementCredential.select(certificateManager).includeArchived()
EndorsementCredential.select(certificateService).includeArchived()
.byHashCode(certificateHash).getCertificate();
if (existingCredential == null) {
LOG.info("No Endorsement Credential found with hash: " + certificateHash);
return (EndorsementCredential) certificateManager.save(endorsementCredential);
return (EndorsementCredential) certificateService
.saveCertificate(endorsementCredential);
} else if (existingCredential.isArchived()) {
// if the EK is stored in the DB and it's archived, unarchive.
LOG.info("Unarchiving credential");
existingCredential.restore();
existingCredential.resetCreateTime();
certificateManager.update(existingCredential);
certificateService.updateCertificate(existingCredential,
existingCredential.getId());
}
return existingCredential;
}
@ -78,15 +80,15 @@ public final class CredentialManagementHelper {
/**
* Parses and stores the PC in the cert manager. If the cert is already present and archived,
* it is unarchived.
* @param certificateManager the certificate manager used for storage
* @param certificateService the certificate service used for storage
* @param platformBytes the raw PC bytes used for parsing
* @return the parsed, valid PC, or null if the provided bytes are not a valid EK.
*/
public static PlatformCredential storePlatformCredential(
final CertificateManager certificateManager,
final CertificateService certificateService,
final byte[] platformBytes) {
if (certificateManager == null) {
if (certificateService == null) {
throw new IllegalArgumentException("null certificate manager");
}
@ -108,7 +110,7 @@ public final class CredentialManagementHelper {
return null;
}
PlatformCredential existingCredential =
PlatformCredential.select(certificateManager)
PlatformCredential.select(certificateService)
.includeArchived()
.byHashCode(platformCredential
.getCertificateHash())
@ -116,7 +118,7 @@ public final class CredentialManagementHelper {
if (existingCredential == null) {
if (platformCredential.getPlatformSerial() != null) {
List<PlatformCredential> certificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(platformCredential.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
if (!certificates.isEmpty()) {
@ -134,12 +136,14 @@ public final class CredentialManagementHelper {
}
}
}
return (PlatformCredential) certificateManager.save(platformCredential);
return (PlatformCredential) certificateService
.saveCertificate(platformCredential);
} else if (existingCredential.isArchived()) {
// if the PC is stored in the DB and it's archived, unarchive.
LOG.info("Unarchiving credential");
existingCredential.restore();
certificateManager.update(existingCredential);
certificateService.updateCertificate(existingCredential,
existingCredential.getId());
return existingCredential;
}

23
HIRS_AttestationCA/src/main/java/hirs/attestationca/InitializationListener.java
View File

@ -1,16 +1,14 @@
package hirs.attestationca;
import org.hibernate.SessionFactory;
import hirs.attestationca.service.AppraiserServiceImpl;
import hirs.attestationca.service.PolicyServiceImpl;
import hirs.utils.HIRSProfiles;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.orm.hibernate4.LocalSessionFactoryBean;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import hirs.persist.DBAppraiserManager;
import hirs.persist.DBDeviceGroupManager;
import hirs.persist.DBPolicyManager;
import hirs.persist.PersistenceConfiguration;
import hirs.utils.HIRSProfiles;
/**
* Simply holds a contextInitialized method which will be called when the web app starts.
@ -22,15 +20,14 @@ public class InitializationListener implements ServletContextListener {
context.getEnvironment().addActiveProfile(HIRSProfiles.SERVER);
// register the database configuration and refresh the context
context.register(PersistenceConfiguration.class);
context.register(AttestationCertificateAuthorityConfiguration.class);
context.refresh();
// obtain reference to hibernate session factory
SessionFactory sessionFactory = context.getBean(LocalSessionFactoryBean.class).getObject();
AcaDbInit.insertDefaultEntries(
new DBAppraiserManager(sessionFactory),
new DBDeviceGroupManager(sessionFactory),
new DBPolicyManager(sessionFactory)
EntityManager entityManager = context.getBean(EntityManagerFactory.class)
.createEntityManager();
AcaDbInit.insertDefaultEntries(new AppraiserServiceImpl(entityManager),
new PolicyServiceImpl()
);
}

179
HIRS_AttestationCA/src/main/java/hirs/attestationca/SystemInit.java Normal file
View File

@ -0,0 +1,179 @@
package hirs.attestationca;
import hirs.appraiser.Appraiser;
import hirs.appraiser.AppraiserPlugin;
import hirs.appraiser.AppraiserPluginManager;
import hirs.appraiser.DeviceInfoAppraiser;
import hirs.appraiser.IMAAppraiser;
import hirs.appraiser.TPMAppraiser;
import hirs.attestationca.configuration.PersistenceConfiguration;
import hirs.attestationca.service.AppraiserServiceImpl;
import hirs.attestationca.service.PolicyServiceImpl;
import hirs.data.persist.policy.HIRSPolicy;
import hirs.data.persist.policy.Policy;
import hirs.data.persist.policy.TPMPolicy;
import hirs.utils.HIRSProfiles;
import hirs.utils.SpringContextProvider;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.ClassPathBeanDefinitionScanner;
import org.springframework.core.type.filter.AssignableTypeFilter;
import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean;
import javax.persistence.EntityManagerFactory;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* This class initializes the system for appraisals. This stores the requisite items in the database
* to ensure that an appraisal can happen. For example, the system requires that a set of
* <code>Appraiser</code>s be defined in the database. This class will initialize the set of
* <code>Appraiser</code>s.
*/
public final class SystemInit {
private static final Logger LOGGER = LogManager.getLogger(SystemInit.class);
private static final int ALL_MASK = 0xFFFFFF;
private static final int NONE_MASK = 0x000000;
private static final String TPM_POLICY_NAME = "Test TPM Policy";
private SystemInit() {
/* do nothing */
}
/**
* Initializes the system by creating a new <code>IMAAppraiser</code> and storing it in the
* database.
* <p>
* This method is currently available for command line use, but is not used within the project.
*
* @param args not used
*/
@SuppressWarnings("checkstyle:methodlength")
public static void main(final String[] args) {
LOGGER.info("Seeding database with initial entries...");
// construct application context
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
context.getEnvironment().addActiveProfile(HIRSProfiles.SERVER);
// create class path scanner for discovering appraiser plugins
ClassPathBeanDefinitionScanner scanner = new ClassPathBeanDefinitionScanner(context, false);
scanner.addIncludeFilter(new AssignableTypeFilter(AppraiserPlugin.class));
scanner.addIncludeFilter(new AssignableTypeFilter(SpringContextProvider.class));
scanner.addIncludeFilter(new AssignableTypeFilter(AppraiserPluginManager.class));
// scan for appraiser plugins
int registeredBeanCount = scanner.scan("hirs");
System.out.println("Beans scanned " + registeredBeanCount);
LOGGER.info("Beans scanned: " + registeredBeanCount);
// register the database configuration and refresh the context
context.register(PersistenceConfiguration.class);
context.refresh();
// obtain reference to hibernate Entity Manager
EntityManagerFactory entityManagerFactory
= context.getBean(LocalContainerEntityManagerFactoryBean.class).getObject();
// initialize the managers for this initialization process
AppraiserServiceImpl appraiserServiceImpl = new AppraiserServiceImpl(
entityManagerFactory.createEntityManager());
PolicyServiceImpl policyServiceImpl = new PolicyServiceImpl();
LOGGER.info("Checking for DeviceInfo appraiser...");
DeviceInfoAppraiser deviceInfoAppraiser = (DeviceInfoAppraiser)
appraiserServiceImpl.getAppraiser(DeviceInfoAppraiser.NAME);
if (deviceInfoAppraiser == null) {
LOGGER.info("DeviceInfo appraiser not found; creating...");
appraiserServiceImpl.saveAppraiser(new DeviceInfoAppraiser());
} else {
LOGGER.info("DeviceInfo appraiser found.");
}
LOGGER.info("Checking for TPM appraiser...");
TPMAppraiser tpmApp = (TPMAppraiser) appraiserServiceImpl.getAppraiser(TPMAppraiser.NAME);
if (tpmApp == null) {
LOGGER.info("TPM appraiser not found; creating...");
tpmApp = (TPMAppraiser) appraiserServiceImpl.saveAppraiser(new TPMAppraiser());
} else {
LOGGER.info("TPM appraiser found.");
}
// build up required appraisers set
Set<Class<? extends Appraiser>> requiredAppraisers = new HashSet<>();
requiredAppraisers.add(DeviceInfoAppraiser.class);
requiredAppraisers.add(TPMAppraiser.class);
requiredAppraisers.add(IMAAppraiser.class);
// obtain plugins from the context
Collection<AppraiserPlugin> appraiserPlugins =
context.getBeansOfType(AppraiserPlugin.class).values();
LOGGER.info("Total Appraiser Plugins: " + appraiserPlugins.size());
System.out.println("Total Appraiser Plugins: " + appraiserPlugins.size());
// merge the appraiser plugins with the hirs policy appraisers
for (AppraiserPlugin appraiserPlugin : appraiserPlugins) {
// add in appraiser plugin to required appraisers list
requiredAppraisers.add(appraiserPlugin.getClass());
LOGGER.info("Checking for plugin appraiser {}...", appraiserPlugin);
Appraiser storedAppraiser = appraiserServiceImpl
.getAppraiser(appraiserPlugin.getName());
if (storedAppraiser == null) {
LOGGER.info("Saving plugin appraiser {}...", appraiserPlugin);
storedAppraiser = appraiserServiceImpl.saveAppraiser(appraiserPlugin);
} else {
LOGGER.info("Found plugin appraiser {}.", appraiserPlugin);
}
Policy policy = appraiserPlugin.getDefaultPolicy();
if (policy != null) {
LOGGER.info("Saving plugin appraiser's default policy: {}", policy);
policy = policyServiceImpl.savePolicy(policy);
policyServiceImpl.setDefaultPolicy(storedAppraiser, policy);
}
}
// create HIRS policy
LOGGER.info("Checking for HIRS policy...");
HIRSPolicy hirsPolicy = (HIRSPolicy) policyServiceImpl.getPolicyByName(
HIRSPolicy.DEFAULT_HIRS_POLICY_NAME
);
if (hirsPolicy == null) {
LOGGER.info(
"HIRS policy not found; saving with required appraisers: {}",
requiredAppraisers
);
hirsPolicy = new HIRSPolicy(HIRSPolicy.DEFAULT_HIRS_POLICY_NAME);
hirsPolicy.setRequiredAppraisers(requiredAppraisers);
// initialize the default policy
policyServiceImpl.savePolicy(hirsPolicy);
} else {
LOGGER.info("HIRS policy found.");
}
// initiate the default tpm policy
LOGGER.info("Checking for TPM policy...");
TPMPolicy tpmPolicy = (TPMPolicy) policyServiceImpl.getPolicyByName(TPM_POLICY_NAME);
if (tpmPolicy == null) {
LOGGER.info("TPM policy not found, creating...");
tpmPolicy = new TPMPolicy(TPM_POLICY_NAME);
tpmPolicy.setAppraiseFullReport(true);
tpmPolicy.setAppraisePcrMask(NONE_MASK);
tpmPolicy.setDefaultPcrAppraisalValues();
tpmPolicy.setReportPcrMask(ALL_MASK);
tpmPolicy = (TPMPolicy) policyServiceImpl.savePolicy(tpmPolicy);
policyServiceImpl.setDefaultPolicy(tpmApp, tpmPolicy);
} else {
LOGGER.info("TPM policy found.");
}
LOGGER.info("Complete.");
}
}

290
HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/AttestationCertificateAuthorityConfiguration.java
View File

@ -1,290 +0,0 @@
package hirs.attestationca.configuration;
import hirs.persist.DBDeviceGroupManager;
import hirs.persist.DBDeviceManager;
import hirs.persist.DBReferenceDigestManager;
import hirs.persist.DBReferenceEventManager;
import hirs.persist.DBReferenceManifestManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import hirs.persist.HibernateConfiguration;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.structs.converters.SimpleStructConverter;
import hirs.structs.converters.StructConverter;
import hirs.utils.LogConfigurationUtil;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.PropertySources;
import org.springframework.context.annotation.Scope;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.core.env.Environment;
import org.springframework.orm.hibernate4.LocalSessionFactoryBean;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import javax.annotation.PostConstruct;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
/**
* Provides application context configuration for the Attestation Certificate
* Authority application. The properties are processed in order and as such, the
* last property file read in will override properties that may had already been
* defined previously. In other words, the 'defaults.properties' file provides a
* basic standard of properties that can be overrode by the
*/
@Configuration
@PropertySources({
@PropertySource(value = "classpath:defaults.properties"),
// detects if file exists, if not, ignore errors
@PropertySource(value = "file:/etc/hirs/aca/aca.properties",
ignoreResourceNotFound = true)
})
@ComponentScan({ "hirs.attestationca", "hirs.attestationca.service", "hirs.attestationca.rest",
"hirs.validation", "hirs.data.service" })
@Import(HibernateConfiguration.class)
@EnableWebMvc
public class AttestationCertificateAuthorityConfiguration extends WebMvcConfigurerAdapter {
private static final Logger LOG
= LogManager.getLogger(AttestationCertificateAuthorityConfiguration.class);
static {
try {
LogConfigurationUtil.applyConfiguration();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
private static final String CLIENT_FILES_PATH = "file:/etc/hirs/aca/client-files/";
@Value("${aca.directories.certificates}")
private String certificatesLocation;
@Value("${aca.keyStore.location}")
private String keyStoreLocation;
@Value("${aca.keyStore.password:''}")
private String keyStorePassword;
@Value("${aca.keyStore.alias}")
private String keyAlias;
@Autowired
private Environment environment;
@Autowired
private LocalSessionFactoryBean sessionFactory;
/**
* @return bean to resolve injected annotation.Value property expressions
* for beans.
*/
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
/**
* Initialization of the ACA. Detects environment and runs configuration
* methods as required. This method is intended to be invoked by the Spring
* application context.
*/
@PostConstruct
void initialize() {
// ensure that Bouncy Castle is registered as a security provider
Security.addProvider(new BouncyCastleProvider());
// obtain path to ACA configuration
Path certificatesPath = Paths.get(certificatesLocation);
// create base directories if they do not exist
try {
Files.createDirectories(certificatesPath);
} catch (IOException e) {
throw new BeanInitializationException(
"Encountered error while initializing ACA directories: " + e.getMessage(), e);
}
// create the ACA key store if it doesn't exist
Path keyStorePath = Paths.get(keyStoreLocation);
if (!Files.exists(keyStorePath)) {
throw new IllegalStateException(
String.format("ACA Key Store not found at %s. Consult the HIRS User "
+ "Guide for ACA installation instructions.", keyStoreLocation));
}
}
/**
* @return the {@link PrivateKey} of the ACA
*/
@Bean
public PrivateKey privateKey() {
// obtain the key store
KeyStore keyStore = keyStore();
try {
// load the key from the key store
PrivateKey acaKey = (PrivateKey) keyStore.getKey(keyAlias,
keyStorePassword.toCharArray());
// break early if the certificate is not available.
if (acaKey == null) {
throw new BeanInitializationException(String.format("Key with alias "
+ "%s was not in KeyStore %s. Ensure that the KeyStore has the "
+ "specified certificate. ", keyAlias, keyStoreLocation));
}
return acaKey;
} catch (Exception e) {
throw new BeanInitializationException("Encountered error loading ACA private key "
+ "from key store: " + e.getMessage(), e);
}
}
/**
* @return the {@link X509Certificate} of the ACA
*/
@Bean
public X509Certificate acaCertificate() {
KeyStore keyStore = keyStore();
try {
X509Certificate acaCertificate = (X509Certificate) keyStore.getCertificate(keyAlias);
// break early if the certificate is not available.
if (acaCertificate == null) {
throw new BeanInitializationException(String.format("Certificate with alias "
+ "%s was not in KeyStore %s. Ensure that the KeyStore has the "
+ "specified certificate. ", keyAlias, keyStoreLocation));
}
return acaCertificate;
} catch (KeyStoreException e) {
throw new BeanInitializationException("Encountered error loading ACA certificate "
+ "from key store: " + e.getMessage(), e);
}
}
/**
* @return the {@link java.security.KeyStore} that contains the certificates
* for the ACA.
*/
@Bean
public KeyStore keyStore() {
Path keyStorePath = Paths.get(keyStoreLocation);
// attempt to open the key store. if that fails, log a meaningful message before failing.
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(Files.newInputStream(keyStorePath), keyStorePassword.toCharArray());
return keyStore;
} catch (Exception e) {
LOG.error(String.format(
"Encountered error while loading ACA key store. The most common issue is "
+ "that configured password does not work on the configured key"
+ " store %s.", keyStorePath));
LOG.error(String.format("Exception message: %s", e.getMessage()));
throw new BeanInitializationException(e.getMessage(), e);
}
}
/**
* Prototyped {@link StructConverter}. In other words, all instances
* returned by this method will be configured identically, but subsequent
* invocations will return a new instance.
*
* @return ready to use {@link StructConverter}.
*/
@Bean
@Scope("prototype")
public static StructConverter structConverter() {
return new SimpleStructConverter();
}
/**
* Creates a {@link DeviceGroupManager} ready to use.
*
* @return {@link DeviceGroupManager}
*/
@Bean
public DeviceGroupManager deviceGroupManager() {
return new DBDeviceGroupManager(sessionFactory.getObject());
}
/**
* Creates a {@link DeviceManager} ready to use.
*
* @return {@link DeviceManager}
*/
@Bean
public DeviceManager deviceManager() {
return new DBDeviceManager(sessionFactory.getObject());
}
/**
* Creates a {@link ReferenceManifestManager} ready to use.
*
* @return {@link ReferenceManifestManager}
*/
@Bean
public ReferenceManifestManager referenceManifestManager() {
return new DBReferenceManifestManager(sessionFactory.getObject());
}
/**
* Creates a {@link ReferenceDigestManager} ready to use.
*
* @return {@link ReferenceDigestManager}
*/
@Bean
public ReferenceDigestManager referenceDigestManager() {
return new DBReferenceDigestManager(sessionFactory.getObject());
}
/**
* Creates a {@link ReferenceEventManager} ready to use.
*
* @return {@link ReferenceEventManager}
*/
@Bean
public ReferenceEventManager referenceEventManager() {
return new DBReferenceEventManager(sessionFactory.getObject());
}
@Override
public void addResourceHandlers(final ResourceHandlerRegistry resourceHandlerRegistry) {
resourceHandlerRegistry.addResourceHandler("/client-files/**")
.addResourceLocations(CLIENT_FILES_PATH);
}
@Override
public void configureDefaultServletHandling(final DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}

6
HIRS_Utils/src/main/java/hirs/utils/MySqlUtf8CompatibleDialect.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/MySqlUtf8CompatibleDialect.java
View File

@ -1,6 +1,6 @@
package hirs.utils;
package hirs.attestationca.configuration;
import org.hibernate.dialect.MySQL5InnoDBDialect;
import org.hibernate.dialect.MySQLDialect;
/**
* This class is a shim on top of the standard MySQL5InnoDBDialect to set the row format
@ -24,7 +24,7 @@ import org.hibernate.dialect.MySQL5InnoDBDialect;
* https://dev.mysql.com/doc/refman/5.7/en/innodb-row-format-dynamic.html
* https://dev.mysql.com/doc/refman/5.5/en/innodb-restrictions.html
*/
public class MySqlUtf8CompatibleDialect extends MySQL5InnoDBDialect {
public class MySqlUtf8CompatibleDialect extends MySQLDialect {
/**
* Returns the table 'type' string, which specifies the storage engine (via the
* super call) and appends the desired row format.

139
HIRS_AttestationCA/src/main/java/hirs/attestationca/configuration/PersistenceConfiguration.java Normal file
View File

@ -0,0 +1,139 @@
package hirs.attestationca.configuration;
import hirs.attestationca.AttestationCertificateAuthorityConfiguration;
import hirs.attestationca.service.CertificateServiceImpl;
import hirs.attestationca.service.DbServiceImpl;
import hirs.attestationca.service.DeviceServiceImpl;
import hirs.attestationca.service.PolicyServiceImpl;
import hirs.attestationca.service.ReferenceDigestValueServiceImpl;
import hirs.attestationca.service.ReferenceManifestServiceImpl;
import hirs.persist.service.CertificateService;
import hirs.persist.service.DeviceService;
import hirs.persist.service.PolicyService;
import hirs.persist.service.ReferenceDigestValueService;
import hirs.persist.service.ReferenceManifestService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.PersistenceContext;
/**
* Persistence Configuration for Spring enabled applications. Constructs a Hibernate SessionFactory
* backed powered by a HikariCP connection pooled data source. Module-specific settings
* need to be set in the persistence-extended.properties file on the classpath. If another module
* such as the HIRS_Portal uses this class and doesn't have a persistence-extended.properties
* file, the default persistence file will be used instead.
*/
@Configuration
@EnableJpaRepositories("hirs.attestationca.service")
@ComponentScan(basePackages = "hirs.data.persist")
@Import({ AttestationCertificateAuthorityConfiguration.class })
public class PersistenceConfiguration {
/**
* The bean name to retrieve the default/general implementation of {@link }.
*/
public static final String DEVICE_STATE_MANAGER_BEAN_NAME = "general_db_man_bean";
@Autowired
private EntityManagerFactory entityManagerFactory;
@PersistenceContext
private EntityManager entityManager = entityManagerFactory.createEntityManager();
@Autowired
private long retryWaitTimeMilliseconds;
@Autowired
private int maxTransactionRetryAttempts;
/**
* Creates a {@link hirs.persist.service.PolicyService} ready to use.
*
* @return {@link hirs.persist.service.PolicyService}
*/
@Bean
public PolicyService policyService() {
PolicyServiceImpl serviceImpl = new PolicyServiceImpl();
setDbServiceRetrySettings(serviceImpl);
return serviceImpl;
}
/**
* Creates a {@link hirs.persist.service.DeviceService} ready to use.
*
* @return {@link hirs.persist.service.DeviceService}
*/
@Bean
public DeviceService deviceService() {
DeviceServiceImpl serviceImpl = new DeviceServiceImpl();
setDbServiceRetrySettings(serviceImpl);
return serviceImpl;
}
/**
* Creates a {@link hirs.persist.service.CertificateService} ready to use.
*
* @return {@link hirs.persist.service.CertificateService}
*/
@Bean
public CertificateService certificateService() {
CertificateServiceImpl serviceImpl = new CertificateServiceImpl();
setDbServiceRetrySettings(serviceImpl);
return serviceImpl;
}
/**
* Creates a {@link hirs.persist.service.ReferenceManifestService} ready to use.
*
* @return {@link hirs.persist.service.ReferenceManifestService}
*/
@Bean
public ReferenceManifestService referenceManifestService() {
ReferenceManifestServiceImpl serviceImpl
= new ReferenceManifestServiceImpl();
setDbServiceRetrySettings(serviceImpl);
return serviceImpl;
}
/**
* Creates a {@link hirs.persist.service.ReferenceDigestValueService} ready to use.
*
* @return {@link hirs.persist.service.ReferenceDigestValueService}
*/
@Bean
public ReferenceDigestValueService referenceEventService() {
ReferenceDigestValueServiceImpl serviceImpl
= new ReferenceDigestValueServiceImpl();
setDbServiceRetrySettings(serviceImpl);
return serviceImpl;
}
//
// /**
// * Creates a {@link hirs.attestationca.servicemanager.DBManager}
// * for SupplyChainValidationSummary persistence, ready for use.
// *
// * @return {@link hirs.attestationca.servicemanager.DBManager}
// */
// @Bean
// public DbServiceImpl<SupplyChainValidationSummary> supplyChainValidationSummaryManager() {
// DbServiceImpl<SupplyChainValidationSummary> serviceImpl
// = new DbServiceImpl<SupplyChainValidationSummary>(entityManager);
// setDbServiceRetrySettings(serviceImpl);
// return serviceImpl;
// }
/**
* Apply the spring-wired retry template settings to the db manager.
* @param dbServiceImpl the service to apply the retry settings to
*/
private void setDbServiceRetrySettings(final DbServiceImpl dbServiceImpl) {
dbServiceImpl.setRetryTemplate(maxTransactionRetryAttempts, retryWaitTimeMilliseconds);
}
}

24
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/AppraiserRepository.java Normal file
View File

@ -0,0 +1,24 @@
package hirs.attestationca.repository;
import hirs.appraiser.Appraiser;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
*/
@Repository
public interface AppraiserRepository extends JpaRepository<Appraiser, UUID> {
/**
* Finds a <code>Appraiser</code>.
* If the <code>Appraiser</code> is successfully retrieved then a reference to
* it is returned.
*
* @param name the name to search by
* @return reference to saved appraiser
*/
Appraiser findByName(String name);
}

14
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/CertificateRepository.java Normal file
View File

@ -0,0 +1,14 @@
package hirs.attestationca.repository;
import hirs.data.persist.certificate.Certificate;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
*/
@Repository
public interface CertificateRepository extends JpaRepository<Certificate, UUID> {
}

25
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/DeviceRepository.java Normal file
View File

@ -0,0 +1,25 @@
package hirs.attestationca.repository;
import hirs.data.persist.Device;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
*/
@Repository
public interface DeviceRepository extends JpaRepository<Device, UUID> {
/**
* Finds a <code>Device</code>.
* If the <code>Device</code> is successfully retrieved then a reference to
* it is returned.
*
* @param name the name to search by
* @return reference to saved Device
*/
Device findByName(String name);
}

34
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/PolicyRepository.java Normal file
View File

@ -0,0 +1,34 @@
package hirs.attestationca.repository;
import hirs.data.persist.policy.Policy;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
* @param <T> super type for Policy child type
*/
@Repository
public interface PolicyRepository<T extends Policy> extends JpaRepository<T, UUID> {
/**
* Saves the <code>Policy</code> in the database. This creates a new
* database session and saves the policy.
*
* @param policy Policy to save
* @return reference to saved policy
*/
T save(T policy);
/**
* Updates a <code>Policy</code>. This updates the database entries to
* reflect the new values that should be set.
*
* @param policy Policy object to save
* @param uuid UUID for the database object
* @return a Policy object
*/
T updatePolicy(T policy, UUID uuid);
}

40
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/ReferenceDigestValueRepository.java Normal file
View File

@ -0,0 +1,40 @@
package hirs.attestationca.repository;
import hirs.data.persist.ReferenceDigestValue;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
*/
@Repository
public interface ReferenceDigestValueRepository extends JpaRepository<ReferenceDigestValue, UUID> {
/**
* Persists a new Reference Digest value.
*
* @param uuid associated with the base rim .
* @return the persisted list of ReferenceDigestValue
*/
List<ReferenceDigestValue> findValuesByBaseRimId(UUID uuid);
/**
* Persists a new Reference Digest value.
*
* @param uuid associated with the support rim.
* @return the persisted list of ReferenceDigestValue
*/
List<ReferenceDigestValue> findValuesBySupportRimId(UUID uuid);
/**
* List<String> results = session.createCriteria(User.class).add(Projections.projectionList()
* .add(Projections.property("id")).add()....).list();
*
* List<Object[]> result = session.createCriteria(User.class).setProjection(Projections
* .projectionList().add(Projections.groupProperty("lastName"))
* .add(Projections.rowCount())).list();
*/
}

25
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/ReferenceManifestRepository.java Normal file
View File

@ -0,0 +1,25 @@
package hirs.attestationca.repository;
import hirs.data.persist.ReferenceManifest;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
/**
* Setting up for new creation for CRUD operations.
* @param <T> super type for ReferenceManifest child type
*/
@Repository
public interface ReferenceManifestRepository<T extends ReferenceManifest>
extends JpaRepository<ReferenceManifest, UUID> {
/**
* Saves the <code>ReferenceManifest</code> in the database. This creates a new
* database session and saves the device.
*
* @param rim ReferenceManifest to save
* @return reference to saved rim
*/
T saveRIM(T rim);
}

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/repository/package-info.java Normal file
View File

@ -0,0 +1,4 @@
/**
* Contains class structures for the interface and base CRUD operations for hibernate.
*/
package hirs.attestationca.repository;

25
HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java
View File

@ -1,15 +1,12 @@
package hirs.attestationca.rest;
import hirs.attestationca.AbstractAttestationCertificateAuthority;
import hirs.attestationca.service.SupplyChainValidationService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.DBManager;
import hirs.persist.DeviceManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.TPM2ProvisionerState;
import hirs.persist.service.CertificateService;
import hirs.persist.service.ReferenceManifestService;
import hirs.structs.converters.StructConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@ -38,13 +35,11 @@ public class RestfulAttestationCertificateAuthority
* @param privateKey the ACA private key
* @param acaCertificate the ACA certificate
* @param structConverter the struct converter
* @param certificateManager the certificate manager
* @param referenceManifestManager the referenceManifestManager
* @param certificateService the certificate service
* @param referenceManifestService the referenceManifestManager
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
* @param deviceManager the device manager
* @param tpm2ProvisionerStateDBManager the DBManager for persisting provisioner state
* @param referenceDigestManager the reference digest manager
* @param referenceEventManager the reference event manager
*/
@SuppressWarnings({ "checkstyle:parameternumber" })
@ -53,18 +48,16 @@ public class RestfulAttestationCertificateAuthority
final SupplyChainValidationService supplyChainValidationService,
final PrivateKey privateKey, final X509Certificate acaCertificate,
final StructConverter structConverter,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final CertificateService certificateService,
final ReferenceManifestService referenceManifestService,
final DeviceRegister deviceRegister,
final DeviceManager deviceManager,
final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager,
@Value("${aca.certificates.validity}") final int validDays) {
super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
certificateManager, referenceManifestManager,
certificateService, referenceManifestService,
deviceRegister, validDays, deviceManager,
tpm2ProvisionerStateDBManager, referenceDigestManager, referenceEventManager);
referenceEventManager);
}
/*

113
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/AppraiserServiceImpl.java Normal file
View File

@ -0,0 +1,113 @@
package hirs.attestationca.service;
import hirs.appraiser.Appraiser;
import hirs.attestationca.repository.AppraiserRepository;
import hirs.persist.AppraiserManagerException;
import hirs.persist.DBManagerException;
import hirs.persist.service.AppraiserService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.UUID;
/**
* A <code>AppraiserServiceImpl</code> manages <code>Appraiser</code>s. A
* <code>AppraiserServiceImpl</code> is used to store and manage certificates. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class AppraiserServiceImpl extends DbServiceImpl<Appraiser>
implements AppraiserService {
private static final Logger LOGGER = LogManager.getLogger();
@Autowired
private AppraiserRepository appraiserRepository;
@PersistenceContext
private EntityManager entityManager;
/**
* Default constructor.
* @param entityManager entity manager for jpa hibernate events
*/
public AppraiserServiceImpl(final EntityManager entityManager) {
this.entityManager = entityManager;
}
@Override
public boolean archive(final UUID uuid) {
return false;
}
@Override
public Appraiser saveAppraiser(final Appraiser appraiser) throws AppraiserManagerException {
LOGGER.debug("saving appraiser: {}", appraiser);
return getRetryTemplate().execute(new RetryCallback<Appraiser,
DBManagerException>() {
@Override
public Appraiser doWithRetry(final RetryContext context)
throws DBManagerException {
return appraiserRepository.save(appraiser);
}
});
}
@Override
public void updateAppraiser(final Appraiser appraiser) throws AppraiserManagerException {
LOGGER.debug("updating appraiser: {}", appraiser);
Appraiser dBAppraiser;
if (appraiser.getId() == null) {
LOGGER.debug("Appraiser not found: {}", appraiser);
dBAppraiser = appraiser;
} else {
// will not return null, throws and exception
dBAppraiser = appraiserRepository.getReferenceById(
UUID.fromString(appraiser.getId().toString()));
// run through things that aren't equal and update
if (!dBAppraiser.getName().equals(appraiser.getName())) {
dBAppraiser.setName(appraiser.getName());
}
}
saveAppraiser(dBAppraiser);
}
@Override
public Appraiser getAppraiser(final String name) throws AppraiserManagerException {
LOGGER.debug("retrieve appraiser: {}", name);
return getRetryTemplate().execute(new RetryCallback<Appraiser,
DBManagerException>() {
@Override
public Appraiser doWithRetry(final RetryContext context)
throws DBManagerException {
return appraiserRepository.findByName(name);
}
});
}
@Override
public final void deleteAppraiser(final Appraiser appraiser)
throws AppraiserManagerException {
LOGGER.debug("Deleting appraiser by name: {}", appraiser.getName());
getRetryTemplate().execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
appraiserRepository.delete(appraiser);
appraiserRepository.flush();
return null;
}
});
}
}

210
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/CertificateServiceImpl.java Normal file
View File

@ -0,0 +1,210 @@
package hirs.attestationca.service;
import hirs.FilteredRecordsList;
import hirs.attestationca.repository.CertificateRepository;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateSelector;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.service.CertificateService;
import hirs.persist.service.DefaultService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
/**
* A <code>CertificateServiceImpl</code> manages <code>Certificate</code>s. A
* <code>CertificateServiceImpl</code> is used to store and manage certificates. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class CertificateServiceImpl extends DbServiceImpl<Certificate>
implements DefaultService<Certificate>, CertificateService {
private static final Logger LOGGER = LogManager.getLogger(CertificateServiceImpl.class);
@Autowired
private CertificateRepository certificateRepository;
@PersistenceContext
private EntityManager entityManager;
@Override
public Certificate saveCertificate(final Certificate certificate) {
LOGGER.debug("Saving certificate: {}", certificate);
return getRetryTemplate().execute(new RetryCallback<Certificate,
DBManagerException>() {
@Override
public Certificate doWithRetry(final RetryContext context)
throws DBManagerException {
return certificateRepository.save(certificate);
}
});
}
@Override
public Certificate updateCertificate(final Certificate certificate) {
LOGGER.debug("Updating certificate: {}", certificate);
Certificate dbCertificate;
if (certificate.getId() == null) {
LOGGER.debug("Certificate not found: {}", certificate);
dbCertificate = certificate;
} else {
// will not return null, throws and exception
dbCertificate = certificateRepository.getReferenceById(certificate.getId());
// run through things that aren't equal and update
getCertificateClass(dbCertificate); // need to coming
}
return saveCertificate(dbCertificate);
}
@Override
public Certificate updateCertificate(final Certificate certificate,
final UUID uuid) {
LOGGER.debug("Updating certificate: {}", certificate);
Certificate dbCertificate;
if (uuid == null) {
LOGGER.debug("Certificate not found: {}", certificate);
dbCertificate = certificate;
} else {
// will not return null, throws and exception
dbCertificate = certificateRepository.getReferenceById(uuid);
// run through things that aren't equal and update
getCertificateClass(dbCertificate); // need to coming
}
return saveCertificate(dbCertificate);
}
@Override
public <T extends Certificate> Set<T> getCertificate(
final CertificateSelector certificateSelector) {
return new HashSet<>(0);
}
@Override
public List<Certificate> getList() {
LOGGER.debug("Getting all certificates...");
return getRetryTemplate().execute(new RetryCallback<List<Certificate>,
DBManagerException>() {
@Override
public List<Certificate> doWithRetry(final RetryContext context)
throws DBManagerException {
return certificateRepository.findAll();
}
});
}
@Override
public void updateElements(final List<Certificate> certificates) {
LOGGER.debug("Updating {} certificates...", certificates.size());
certificates.stream().forEach((certificate) -> {
if (certificate != null) {
this.updateCertificate(certificate, certificate.getId());
}
});
certificateRepository.flush();
}
@Override
public void deleteObjectById(final UUID uuid) {
LOGGER.debug("Deleting certificate by id: {}", uuid);
getRetryTemplate().execute(new RetryCallback<Void,
DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
certificateRepository.deleteById(uuid);
certificateRepository.flush();
return null;
}
});
}
@Override
public FilteredRecordsList getOrderedList(
final Class<Certificate> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns)
throws DBManagerException {
return null;
}
@Override
public FilteredRecordsList<Certificate> getOrderedList(
final Class<Certificate> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier)
throws DBManagerException {
return null;
}
/**
* Gets the concrete certificate class type to query for.
*
* @param certificate the instance of the certificate to get type.
* @return the certificate class type
*/
private Class<? extends Certificate> getCertificateClass(final Certificate certificate) {
if (certificate instanceof PlatformCredential) {
return PlatformCredential.class;
} else if (certificate instanceof EndorsementCredential) {
return EndorsementCredential.class;
} else if (certificate instanceof CertificateAuthorityCredential) {
return CertificateAuthorityCredential.class;
} else if (certificate instanceof IssuedAttestationCertificate) {
return IssuedAttestationCertificate.class;
} else {
return null;
}
}
@Override
public boolean archive(final UUID uuid) {
LOGGER.debug("archiving object: {}", uuid);
if (uuid == null) {
LOGGER.debug("null name argument");
return false;
}
Certificate target = (Certificate)
this.certificateRepository.getReferenceById(uuid);
if (target == null) {
return false;
}
if (!(target instanceof ArchivableEntity)) {
throw new DBManagerException("unable to archive non-archivable object");
}
((ArchivableEntity) target).archive();
this.updateCertificate(target, uuid);
return true;
}
}

123
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DbServiceImpl.java Normal file
View File

@ -0,0 +1,123 @@
package hirs.attestationca.service;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.StaleObjectStateException;
import org.hibernate.exception.LockAcquisitionException;
import org.springframework.retry.RetryListener;
import org.springframework.retry.backoff.FixedBackOffPolicy;
import org.springframework.retry.policy.SimpleRetryPolicy;
import org.springframework.retry.support.RetryTemplate;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
/**
* @param <T> passed in type
* Generic database manager for managing objects in a database. This provides create, read, update,
* archive, and delete operations for managing objects in a database.
*
*/
public abstract class DbServiceImpl<T> {
private static final Logger LOGGER = LogManager.getLogger(DbServiceImpl.class);
/**
* The default maximum number of retries to attempt a database transaction.
*/
public static final int DEFAULT_MAX_RETRY_ATTEMPTS = 10;
/*
* The default number of milliseconds to wait before retrying a database transaction.
*/
private static final long DEFAULT_RETRY_WAIT_TIME_MS = 3000;
// structure for retrying methods in the database
private RetryTemplate retryTemplate;
@PersistenceContext
private EntityManager entityManager;
/**
* Creates a new <code>DbServiceImpl</code> that uses the default database. The
* default database is used to store all of the objects.
*
*/
public DbServiceImpl() {
setRetryTemplate(DEFAULT_MAX_RETRY_ATTEMPTS, DEFAULT_RETRY_WAIT_TIME_MS);
}
/**
* Creates a new <code>DbServiceImpl</code> that uses the default database. The
* default database is used to store all of the objects.
* @param entityManager entity manager for jpa hibernate events
*
*/
public DbServiceImpl(final EntityManager entityManager) {
setRetryTemplate(DEFAULT_MAX_RETRY_ATTEMPTS, DEFAULT_RETRY_WAIT_TIME_MS);
this.entityManager = entityManager;
}
/**
* Set the parameters used to retry database transactions. The retry template will
* retry transactions that throw a LockAcquisitionException or StaleObjectStateException.
* @param maxTransactionRetryAttempts the maximum number of database transaction attempts
* @param retryWaitTimeMilliseconds the transaction retry wait time in milliseconds
*/
public final void setRetryTemplate(final int maxTransactionRetryAttempts,
final long retryWaitTimeMilliseconds) {
Map<Class<? extends Throwable>, Boolean> exceptionsToRetry = new HashMap<>();
exceptionsToRetry.put(LockAcquisitionException.class, true);
exceptionsToRetry.put(StaleObjectStateException.class, true);
SimpleRetryPolicy retryPolicy = new SimpleRetryPolicy(
maxTransactionRetryAttempts,
exceptionsToRetry,
true,
false
);
FixedBackOffPolicy backoffPolicy = new FixedBackOffPolicy();
backoffPolicy.setBackOffPeriod(retryWaitTimeMilliseconds);
this.retryTemplate = new RetryTemplate();
this.retryTemplate.setRetryPolicy(retryPolicy);
this.retryTemplate.setBackOffPolicy(backoffPolicy);
}
/**
* Accessor method for the retry function.
* @return instance of the RetryTemplate
*/
protected RetryTemplate getRetryTemplate() {
return this.retryTemplate;
}
/**
* Registers a retry listener to be notified of retry activity.
* @param retryListener the retry listener
*/
public void addRetryListener(final RetryListener retryListener) {
retryTemplate.registerListener(retryListener);
}
/**
* Getter for the EntityManager.
* @return instance of the manager
*/
public final EntityManager getEm() {
return entityManager;
}
/**
* Archives the named object and updates it in the database.
*
* @param uuid unique id of the object to archive
* @return true if the object was successfully found and archived,
* false if the object was not found
* @throws hirs.persist.DBManagerException if the object is not an instance
* of <code>ArchivableEntity</code>
*/
public abstract boolean archive(UUID uuid);
}

151
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/DeviceServiceImpl.java Normal file
View File

@ -0,0 +1,151 @@
package hirs.attestationca.service;
import hirs.FilteredRecordsList;
import hirs.attestationca.repository.DeviceRepository;
import hirs.data.persist.Device;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.DeviceManagerException;
import hirs.persist.service.DefaultService;
import hirs.persist.service.DeviceService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.List;
import java.util.Map;
import java.util.UUID;
/**
* A <code>DeviceServiceImpl</code> manages <code>Device</code>s. A
* <code>DeviceServiceImpl</code> is used to store and manage devices. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class DeviceServiceImpl extends DbServiceImpl<Device>
implements DefaultService<Device>, DeviceService {
private static final Logger LOGGER = LogManager.getLogger(DeviceServiceImpl.class);
@Autowired
private DeviceRepository deviceRepository;
@PersistenceContext
private EntityManager entityManager;
@Override
public final Device getByName(final String name) {
LOGGER.debug("Find device by name: {}", name);
return getRetryTemplate().execute(new RetryCallback<Device,
DBManagerException>() {
@Override
public Device doWithRetry(final RetryContext context)
throws DBManagerException {
return deviceRepository.findByName(name);
}
});
}
@Override
public final Device saveDevice(final Device device) throws DeviceManagerException {
LOGGER.debug("Saving device: {}", device);
return getRetryTemplate().execute(new RetryCallback<Device,
DBManagerException>() {
@Override
public Device doWithRetry(final RetryContext context)
throws DBManagerException {
return deviceRepository.save(device);
}
});
}
@Override
public final Device updateDevice(final Device device, final UUID deviceId)
throws DeviceManagerException {
LOGGER.debug("Updating device: {}", device);
Device dbDevice;
if (deviceId == null) {
LOGGER.debug("Device not found: {}", device);
dbDevice = device;
} else {
// will not return null, throws and exception
dbDevice = deviceRepository.getReferenceById(deviceId);
// run through things that aren't equal and update
}
return saveDevice(dbDevice);
}
@Override
public final List<Device> getList() {
LOGGER.debug("Getting all devices...");
return getRetryTemplate().execute(new RetryCallback<List<Device>, DBManagerException>() {
@Override
public List<Device> doWithRetry(final RetryContext context)
throws DBManagerException {
return deviceRepository.findAll();
}
});
}
@Override
public void updateElements(final List<Device> devices) {
LOGGER.debug("Updating {} devices...", devices.size());
devices.stream().forEach((device) -> {
if (device != null) {
this.updateDevice(device, device.getId());
}
});
deviceRepository.flush();
}
@Override
public final void deleteObjectById(final UUID uuid)
throws DeviceManagerException {
LOGGER.debug("Deleting deviceById: {}", uuid);
getRetryTemplate().execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
deviceRepository.deleteById(uuid);
deviceRepository.flush();
return null;
}
});
}
@Override
public FilteredRecordsList getOrderedList(
final Class<Device> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns)
throws DBManagerException {
return null;
}
@Override
public FilteredRecordsList<Device> getOrderedList(
final Class<Device> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier)
throws DBManagerException {
return null;
}
@Override
public boolean archive(final UUID uuid) {
return true;
}
}

231
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java Normal file
View File

@ -0,0 +1,231 @@
package hirs.attestationca.service;
import hirs.FilteredRecordsList;
import hirs.appraiser.Appraiser;
import hirs.attestationca.repository.PolicyRepository;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.policy.Policy;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyMapper;
import hirs.persist.service.DefaultService;
import hirs.persist.service.PolicyService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.query.Query;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.util.List;
import java.util.Map;
import java.util.UUID;
/**
* A <code>PolicyServiceImpl</code> manages <code>Policy</code>s. A
* <code>PolicyServiceImpl</code> is used to store and manage policies. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class PolicyServiceImpl extends DbServiceImpl<Policy>
implements DefaultService<Policy>, PolicyService {
private static final Logger LOGGER = LogManager.getLogger(PolicyServiceImpl.class);
@Autowired
private PolicyRepository policyRepository;
@PersistenceContext
private EntityManager entityManager;
@Override
public List<Policy> getList() {
LOGGER.debug("Getting all policies...");
return getRetryTemplate().execute(new RetryCallback<List<Policy>, DBManagerException>() {
@Override
public List<Policy> doWithRetry(final RetryContext context)
throws DBManagerException {
policyRepository.findAll();
return null;
}
});
}
@Override
public void updateElements(final List<Policy> policies) {
LOGGER.debug("Updating {} certificates...", policies.size());
policies.stream().forEach((policy) -> {
if (policy != null) {
this.updatePolicy(policy, policy.getId());
}
});
policyRepository.flush();
}
@SuppressWarnings("unchecked")
@Override
public void deleteObjectById(final UUID uuid) {
LOGGER.debug("Deleting policy by id: {}", uuid);
getRetryTemplate().execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
policyRepository.deleteById(uuid);
policyRepository.flush();
return null;
}
});
}
@SuppressWarnings("unchecked")
@Override
public Policy savePolicy(final Policy policy) {
LOGGER.debug("Saving policy: {}", policy);
return getRetryTemplate().execute(new RetryCallback<Policy, DBManagerException>() {
@Override
public Policy doWithRetry(final RetryContext context)
throws DBManagerException {
return policyRepository.save(policy);
}
});
}
@SuppressWarnings("unchecked")
@Override
public Policy updatePolicy(final Policy policy, final UUID uuid) {
LOGGER.debug("Updating policy: {}", policy);
Policy dbPolicy;
if (uuid == null) {
LOGGER.debug("Policy not found: {}", policy);
dbPolicy = policy;
} else {
// will not return null, throws and exception
dbPolicy = (Policy) policyRepository.getReferenceById(uuid);
// run through things that aren't equal and update
}
return savePolicy(dbPolicy);
}
@Override
public final Policy getDefaultPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get default policy for null appraiser");
return null;
}
Policy ret = null;
Transaction tx = null;
Session session = getEm().unwrap(org.hibernate.Session.class);
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = {}",
appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}",
appraiser);
} else {
ret = mapper.getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get default policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
return ret;
}
@Override
public Policy getPolicyByName(final String name) {
for (Policy policy : getList()) {
if (policy.getName().equals(name)) {
return policy;
}
}
return null;
}
@Override
public void setPolicy(final Appraiser appraiser, final Policy policy) {
}
@Override
public void setDefaultPolicy(final Appraiser appraiser, final Policy policy) {
}
@Override
public FilteredRecordsList getOrderedList(
final Class<Policy> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns)
throws DBManagerException {
return null;
}
@Override
public FilteredRecordsList<Policy> getOrderedList(
final Class<Policy> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier)
throws DBManagerException {
return null;
}
@SuppressWarnings("unchecked")
@Override
public boolean archive(final UUID uuid) {
LOGGER.debug("archiving object: {}", uuid);
if (uuid == null) {
LOGGER.debug("null name argument");
return false;
}
Policy target = (Policy)
this.policyRepository.getReferenceById(uuid);
if (target == null) {
return false;
}
if (!(target instanceof ArchivableEntity)) {
throw new DBManagerException("unable to archive non-archivable object");
}
((ArchivableEntity) target).archive();
this.updatePolicy(target, uuid);
return true;
}
}

200
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceDigestValueServiceImpl.java Normal file
View File

@ -0,0 +1,200 @@
package hirs.attestationca.service;
import hirs.FilteredRecordsList;
import hirs.attestationca.repository.ReferenceDigestValueRepository;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.ReferenceDigestValue;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.service.DefaultService;
import hirs.persist.service.ReferenceDigestValueService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.UUID;
/**
* A <code>ReferenceDigestValueServiceImpl</code> manages <code>Digest Value Event</code>s. A
* <code>ReferenceDigestValueServiceImpl</code> is used to store and manage digest events. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class ReferenceDigestValueServiceImpl extends DbServiceImpl<ReferenceDigestValue>
implements DefaultService<ReferenceDigestValue>, ReferenceDigestValueService {
private static final Logger LOGGER = LogManager
.getLogger(ReferenceDigestValueServiceImpl.class);
@Autowired
private ReferenceDigestValueRepository referenceDigestValueRepository;
@PersistenceContext
private EntityManager entityManager;
@Override
public List<ReferenceDigestValue> getList() {
LOGGER.debug("Getting all reference digest value...");
return this.referenceDigestValueRepository.findAll();
}
@Override
public void updateElements(final List<ReferenceDigestValue> referenceDigestValues) {
LOGGER.debug("Updating {} reference digest values...", referenceDigestValues.size());
referenceDigestValues.stream().forEach((values) -> {
if (values != null) {
this.updateDigestValue(values, values.getId());
}
});
referenceDigestValueRepository.flush();
}
@Override
public void deleteObjectById(final UUID uuid) {
LOGGER.debug("Deleting reference digest values by id: {}", uuid);
getRetryTemplate().execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
referenceDigestValueRepository.deleteById(uuid);
referenceDigestValueRepository.flush();
return null;
}
});
}
@Override
public ReferenceDigestValue saveDigestValue(final ReferenceDigestValue digestValue) {
LOGGER.debug("Saving reference digest value: {}", digestValue);
return getRetryTemplate().execute(new RetryCallback<ReferenceDigestValue,
DBManagerException>() {
@Override
public ReferenceDigestValue doWithRetry(final RetryContext context)
throws DBManagerException {
return referenceDigestValueRepository.save(digestValue);
}
});
}
@Override
public ReferenceDigestValue updateDigestValue(
final ReferenceDigestValue digestValue, final UUID uuid) {
LOGGER.debug("Updating reference digest value: {}", digestValue);
ReferenceDigestValue dbDigestValue;
if (uuid == null) {
LOGGER.debug("Reference Digest Value not found: {}", digestValue);
dbDigestValue = digestValue;
} else {
// will not return null, throws and exception
dbDigestValue = this.referenceDigestValueRepository.getReferenceById(uuid);
// run through things that aren't equal and update
if (!dbDigestValue.getDigestValue().equals(digestValue.getDigestValue())) {
dbDigestValue.setDigestValue(digestValue.getDigestValue());
}
if (!dbDigestValue.getEventType().equals(digestValue.getEventType())) {
dbDigestValue.setEventType(digestValue.getEventType());
}
}
return saveDigestValue(dbDigestValue);
}
@Override
public List<ReferenceDigestValue> getValuesByBaseRimId(final UUID uuid) {
LOGGER.debug("Find reference digest values base on: {}", uuid);
return getRetryTemplate().execute(new RetryCallback<List<ReferenceDigestValue>,
DBManagerException>() {
@Override
public List<ReferenceDigestValue> doWithRetry(final RetryContext context)
throws DBManagerException {
return referenceDigestValueRepository.findValuesByBaseRimId(uuid);
}
});
}
@Override
public List<ReferenceDigestValue> getValuesBySupportRimId(final UUID uuid) {
LOGGER.debug("Find reference digest values base on: {}", uuid);
return getRetryTemplate().execute(new RetryCallback<List<ReferenceDigestValue>,
DBManagerException>() {
@Override
public List<ReferenceDigestValue> doWithRetry(final RetryContext context)
throws DBManagerException {
return referenceDigestValueRepository.findValuesBySupportRimId(uuid);
}
});
}
@Override
public FilteredRecordsList getOrderedList(
final Class<ReferenceDigestValue> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns)
throws DBManagerException {
LOGGER.debug("Getting ordered object list");
Class<ReferenceDigestValue> searchClass = clazz;
if (clazz == null) {
LOGGER.debug("clazz is null");
searchClass = ReferenceDigestValue.class;
}
if (searchableColumns != null) {
LOGGER.info(searchClass.getName() + " querying for "
+ Arrays.toString(searchableColumns.entrySet().toArray())
+ " with search strings \"" + search + "\"");
}
//Object that will store query values
FilteredRecordsList<ReferenceDigestValue> rdvOrderedList = new FilteredRecordsList<>();
// Search
// Query keywordQuery = queryBuilder.
// sort
return rdvOrderedList;
}
@Override
public FilteredRecordsList<ReferenceDigestValue> getOrderedList(
final Class<ReferenceDigestValue> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier)
throws DBManagerException {
return null;
}
@Override
public boolean archive(final UUID uuid) {
LOGGER.debug("archiving object: {}", uuid);
if (uuid == null) {
LOGGER.debug("null name argument");
return false;
}
ReferenceDigestValue target = (ReferenceDigestValue)
this.referenceDigestValueRepository.getReferenceById(uuid);
if (target == null) {
return false;
}
if (!(target instanceof ArchivableEntity)) {
throw new DBManagerException("unable to archive non-archivable object");
}
((ArchivableEntity) target).archive();
this.updateDigestValue(target, uuid);
return true;
}
}

176
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/ReferenceManifestServiceImpl.java Normal file
View File

@ -0,0 +1,176 @@
package hirs.attestationca.service;
import hirs.FilteredRecordsList;
import hirs.attestationca.repository.ReferenceManifestRepository;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.ReferenceManifest;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.ReferenceManifestSelector;
import hirs.persist.service.ReferenceManifestService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
/**
* A <code>ReferenceManifestServiceImpl</code> manages <code>ReferenceManifestService</code>s. A
* <code>ReferenceManifestServiceImpl</code> is used to store and manage reference manifest. It has
* support for the basic create, read, update, and delete methods.
*/
@Service
public class ReferenceManifestServiceImpl extends DbServiceImpl<ReferenceManifest>
implements ReferenceManifestService {
private static final Logger LOGGER = LogManager.getLogger(ReferenceManifestServiceImpl.class);
@Autowired
private ReferenceManifestRepository referenceManifestRepository;
@PersistenceContext
private EntityManager entityManager;
@SuppressWarnings("unchecked")
@Override
public ReferenceManifest saveRIM(final ReferenceManifest rim) {
LOGGER.debug("Saving reference manifest: {}", rim);
return getRetryTemplate().execute(new RetryCallback<ReferenceManifest,
DBManagerException>() {
@Override
public ReferenceManifest doWithRetry(final RetryContext context)
throws DBManagerException {
return referenceManifestRepository.saveRIM(rim);
}
});
}
@Override
public ReferenceManifest updateReferenceManifest(final ReferenceManifest rim) {
return updateReferenceManifest(rim, rim.getId());
}
@SuppressWarnings("unchecked")
@Override
public ReferenceManifest updateReferenceManifest(final ReferenceManifest rim,
final UUID uuid) {
LOGGER.debug("Updating reference manifest: {}", rim);
ReferenceManifest dbRim;
if (uuid == null) {
LOGGER.debug("Reference Manifest not found: {}", rim);
dbRim = rim;
} else {
// will not return null, throws and exception
dbRim = (ReferenceManifest) this.referenceManifestRepository
.getReferenceById(uuid);
// run through things that aren't equal and update
}
return saveRIM(dbRim);
}
@Override
public void deleteRIM(final ReferenceManifest rim) {
deleteObjectById(rim.getId());
}
@Override
public <T extends ReferenceManifest> Set<T> getReferenceManifest(
final ReferenceManifestSelector referenceManifestSelector) {
return new HashSet<>(0);
}
@SuppressWarnings("unchecked")
@Override
public List<ReferenceManifest> getList() {
LOGGER.debug("Getting all reference manifest...");
return getRetryTemplate().execute(new RetryCallback<List<ReferenceManifest>,
DBManagerException>() {
@Override
public List<ReferenceManifest> doWithRetry(final RetryContext context)
throws DBManagerException {
return referenceManifestRepository.findAll();
}
});
}
@Override
public void updateElements(final List<ReferenceManifest> referenceManifests) {
LOGGER.debug("Updating {} reference manifests...", referenceManifests.size());
referenceManifests.stream().forEach((rim) -> {
if (rim != null) {
this.updateReferenceManifest(rim, rim.getId());
}
});
}
@SuppressWarnings("unchecked")
@Override
public void deleteObjectById(final UUID uuid) {
LOGGER.debug("Deleting reference manifest by id: {}", uuid);
getRetryTemplate().execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context)
throws DBManagerException {
referenceManifestRepository.deleteById(uuid);
referenceManifestRepository.flush();
return null;
}
});
}
@Override
public FilteredRecordsList getOrderedList(
final Class<ReferenceManifest> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns)
throws DBManagerException {
return null;
}
@Override
public FilteredRecordsList<ReferenceManifest> getOrderedList(
final Class<ReferenceManifest> clazz, final String columnToOrder,
final boolean ascending, final int firstResult, final int maxResults,
final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier)
throws DBManagerException {
return null;
}
@SuppressWarnings("unchecked")
@Override
public boolean archive(final UUID uuid) throws DBManagerException {
LOGGER.debug("archiving object: {}", uuid);
if (uuid == null) {
LOGGER.debug("null name argument");
return false;
}
ReferenceManifest target = (ReferenceManifest)
this.referenceManifestRepository.getReferenceById(uuid);
if (target == null) {
return false;
}
if (!(target instanceof ArchivableEntity)) {
throw new DBManagerException("unable to archive non-archivable object");
}
((ArchivableEntity) target).archive();
this.updateReferenceManifest(target, uuid);
return true;
}
}

619
HIRS_Utils/src/main/java/hirs/persist/AbstractDbManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/AbstractDbManager.java
View File

@ -1,47 +1,35 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import hirs.FilteredRecordsList;
import org.apache.commons.lang3.reflect.FieldUtils;
import hirs.data.persist.ArchivableEntity;
import hirs.persist.CriteriaModifier;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.Hibernate;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.StatelessSession;
import org.hibernate.Transaction;
import org.hibernate.criterion.Conjunction;
import org.hibernate.criterion.CriteriaSpecification;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.MatchMode;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hibernate.internal.SessionFactoryImpl;
import org.hibernate.query.Query;
import org.hibernate.service.spi.ServiceRegistryImplementor;
import org.springframework.stereotype.Service;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import static org.hibernate.criterion.Restrictions.ilike;
import static org.hibernate.criterion.Restrictions.sqlRestriction;
@ -53,107 +41,44 @@ import static org.hibernate.criterion.Restrictions.sqlRestriction;
*
* @param <T> type of objects to manage by this manager
*/
@Service
public abstract class AbstractDbManager<T> implements CrudManager<T> {
private static final Logger LOGGER = LogManager.getLogger(AbstractDbManager.class);
private static final int MAX_CLASS_CACHE_ENTRIES = 500;
private final Class<T> clazz;
private Class<T> clazz;
private SessionFactory factory;
private EntityManager em;
/**
* Creates a new <code>AbstractDbManager</code>.
*
* @param clazz Class to search for when doing Hibernate queries,
* unfortunately class type of T cannot be determined using only T
* @param sessionFactory the session factory to use to interact with the database
* @param em the entity manager to use to interact with the database
*/
public AbstractDbManager(final Class<T> clazz, final SessionFactory sessionFactory) {
public AbstractDbManager(final Class<T> clazz, final EntityManager em) {
if (clazz == null) {
LOGGER.error("AbstractDbManager cannot be instantiated with a null class");
throw new IllegalArgumentException(
"AbstractDbManager cannot be instantiated with a null class"
);
}
if (sessionFactory == null) {
if (em == null) {
LOGGER.error("AbstractDbManager cannot be instantiated with a null SessionFactory");
throw new IllegalArgumentException(
"AbstractDbManager cannot be instantiated with a null SessionFactory"
);
}
this.clazz = clazz;
this.factory = sessionFactory;
this.em = em;
// this.factory = sessionFactory;
}
private static final LoadingCache<Class, Set<Field>> PERSISTED_FIELDS =
CacheBuilder.newBuilder()
.maximumSize(MAX_CLASS_CACHE_ENTRIES)
.build(
new CacheLoader<Class, Set<Field>>() {
@Override
public Set<Field> load(final Class clazz) throws Exception {
return getPersistedFields(clazz);
}
}
);
private static Set<Field> getPersistedFields(final Class clazz) {
Set<Field> fields = new HashSet<>();
for (Field f : clazz.getDeclaredFields()) {
if (f.isAnnotationPresent(OneToMany.class)
|| f.isAnnotationPresent(ManyToMany.class)
|| f.isAnnotationPresent(ManyToOne.class)
|| f.isAnnotationPresent(OneToOne.class)
|| f.isAnnotationPresent(Column.class)) {
fields.add(f);
}
}
if (clazz.getSuperclass() != Object.class) {
fields.addAll(getPersistedFields(clazz.getSuperclass()));
}
return fields;
}
private static final LoadingCache<Class, Set<Field>> LAZY_LOADED_FIELDS =
CacheBuilder.newBuilder()
.maximumSize(MAX_CLASS_CACHE_ENTRIES)
.build(
new CacheLoader<Class, Set<Field>>() {
@Override
public Set<Field> load(final Class clazz) throws Exception {
return getLazyFields(clazz);
}
}
);
private static Set<Field> getLazyFields(final Class clazz) {
Set<Field> fields = new HashSet<>();
for (Field f : clazz.getDeclaredFields()) {
if (f.isAnnotationPresent(OneToMany.class)) {
if (f.getAnnotation(OneToMany.class).fetch().equals(FetchType.LAZY)) {
fields.add(f);
}
continue;
}
if (f.isAnnotationPresent(ManyToMany.class)) {
if (f.getAnnotation(ManyToMany.class).fetch().equals(FetchType.LAZY)) {
fields.add(f);
}
continue;
}
}
if (clazz.getSuperclass() != Object.class) {
fields.addAll(getLazyFields(clazz.getSuperclass()));
}
return fields;
@Override
public void setClazz(final Class<T> classToSet) {
this.clazz = classToSet;
}
/**
@ -162,7 +87,8 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @return the configured database implementation
*/
protected DBManager.DBImpl getConfiguredImplementation() {
String dialect = ((SessionFactoryImpl) factory).getDialect().toString().toLowerCase();
String dialect = ((ServiceRegistryImplementor) em).getParentServiceRegistry()
.getParentServiceRegistry().toString().toLowerCase();
if (dialect.contains("hsql")) {
return DBManager.DBImpl.HSQL;
} else if (dialect.contains("mysql")) {
@ -186,6 +112,7 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @throws DBManagerException if unable to find the baseline or delete it
* from the database
*/
@SuppressWarnings("unchecked")
protected boolean doDelete(final Serializable id) throws DBManagerException {
LOGGER.debug("deleting object: {}", id);
if (id == null) {
@ -195,19 +122,18 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
boolean deleted = false;
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
//factory.getCurrentSession();
try {
LOGGER.debug("retrieving object from db");
tx = session.beginTransaction();
Object o = session.get(clazz, id);
if (o != null && clazz.isInstance(o)) {
T objectOfTypeT = clazz.cast(o);
Object obj = session.get(clazz, id);
T objectOfTypeT = (T) obj;
LOGGER.debug("found object, deleting it");
session.delete(objectOfTypeT);
deleted = true;
} else {
LOGGER.debug("object not found");
}
tx.commit();
} catch (Exception e) {
final String msg = "unable to retrieve object";
@ -242,18 +168,33 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
boolean deleted = false;
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
CriteriaBuilder builder = session.getCriteriaBuilder();
try {
LOGGER.debug("retrieving object from db");
tx = session.beginTransaction();
Object object = session.createCriteria(clazz)
.add(Restrictions.eq("name", name)).uniqueResult();
if (object != null && clazz.isInstance(object)) {
T objectOfTypeT = clazz.cast(object);
LOGGER.debug("found object, deleting it");
session.delete(objectOfTypeT);
deleted = true;
}
// Root<T> myObjectRoot = criteria.from(this.clazz);
// Object object = session.getSessionFactory().getCurrentSession()
// .createCriteria(this.clazz.getClass())
// .add(Restrictions.eq("name", name)).uniqueResult();
//
// T objectOfTypeT = (T) object;
// LOGGER.debug("found object, deleting it");
// session.delete(objectOfTypeT);
// deleted = true;
CriteriaQuery<T> criteriaQuery = builder.createQuery(clazz);
Root<T> root = criteriaQuery.from(clazz);
Predicate recordPredicate = builder.and(
builder.equal(root.get("name"), name));
criteriaQuery.select(root).where(recordPredicate).distinct(true);
Query<T> query = session.createQuery(criteriaQuery);
T result = query.getSingleResult();
session.delete(result);
deleted = true;
tx.commit();
} catch (Exception e) {
final String msg = "unable to retrieve object";
@ -279,7 +220,7 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @throws DBManagerException if unable to find the baseline or delete it
* from the database
*/
protected boolean doDelete(final T object) throws DBManagerException {
protected boolean doDelete(final ArchivableEntity object) throws DBManagerException {
LOGGER.debug("deleting object: {}", object);
if (object == null) {
LOGGER.debug("null object argument");
@ -287,7 +228,7 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
}
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
try {
LOGGER.debug("deleting object from db");
tx = session.beginTransaction();
@ -311,21 +252,31 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @return the number of entities deleted
* @throws DBManagerException if unable to delete the records
*/
@SuppressWarnings("unchecked")
protected int doDeleteAll() throws DBManagerException {
int numEntitiesDeleted = 0;
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
try {
LOGGER.debug("Deleting instances of class: {}", clazz);
LOGGER.debug("Deleting instances of class: {}", this.clazz.getClass());
tx = session.beginTransaction();
List instances = session.createCriteria(clazz)
.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY).list();
for (Object instance : instances) {
if (instance != null && clazz.isInstance(instance)) {
session.delete(clazz.cast(instance));
numEntitiesDeleted++;
}
CriteriaBuilder builder = session.getCriteriaBuilder();
CriteriaQuery<T> criteriaQuery = builder.createQuery(this.clazz);
Root<T> root = criteriaQuery.from(this.clazz);
criteriaQuery.select(root).distinct(true);
Query<T> query = session.createQuery(criteriaQuery);
List<T> results = query.getResultList();
for (T result : results) {
session.delete(result);
numEntitiesDeleted++;
}
// List instances = session.createCriteria(this.clazz.getClass())
// .setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY).list();
// for (Object instance : instances) {
// session.delete((T) instance);
// numEntitiesDeleted++;
// }
tx.commit();
} catch (Exception e) {
final String msg = "unable to truncate class";
@ -343,51 +294,61 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* Runs a Criteria query using the given collection of Criterion over the
* associated class.
*
* @param criteriaCollection the collection of Criterion to apply
* @param predicateCollection the collection of Criterion to apply
*
* @return a List of objects that match the criteria
* @throws DBManagerException if an error is encountered while performing the query or creating
* the result objects
*/
protected List<T> doGetWithCriteria(final Collection<Criterion> criteriaCollection)
protected List<T> doGetWithCriteria(final Collection<Predicate> predicateCollection)
throws DBManagerException {
return doGetWithCriteria(clazz, criteriaCollection);
return doGetWithCriteria(clazz, predicateCollection);
}
/**
* Runs a Criteria query using the given collection of Criterion over the
* associated class.
*
* @param <U> the specific type of class to retrieve
* @param clazzToGet the specific type of class to retrieve
* (should extend this class' &lt;T&gt; parameter)
* @param clazzToGet the class of object to retrieve
* @param criteriaCollection the collection of Criterion to apply
* @param predicateCollection the collection of Criterion to apply
*
* @return a List of objects that match the criteria
* @throws DBManagerException if an error is encountered while performing the query or creating
* the result objects
*/
protected final <U extends T> List<U> doGetWithCriteria(
final Class<U> clazzToGet,
final Collection<Criterion> criteriaCollection
protected final List<T> doGetWithCriteria(
final Class<T> clazzToGet,
final Collection<Predicate> predicateCollection
) throws DBManagerException {
LOGGER.debug("running criteria query over: {}", clazzToGet);
if (clazzToGet == null || criteriaCollection == null) {
if (clazzToGet == null || predicateCollection == null) {
LOGGER.debug("null object argument");
throw new NullPointerException("criteria or restrictions");
}
List<U> ret = new ArrayList<>();
List<T> ret = new ArrayList<>();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
try {
LOGGER.debug("retrieving criteria from db");
tx = session.beginTransaction();
Criteria criteria = session.createCriteria(clazzToGet);
for (Criterion crit : criteriaCollection) {
criteria.add(crit);
CriteriaBuilder builder = session.getCriteriaBuilder();
CriteriaQuery<T> criteriaQuery = builder.createQuery(this.clazz);
Root<T> root = criteriaQuery.from(this.clazz);
criteriaQuery.select(root);
for (Predicate predicate : predicateCollection) {
criteriaQuery.where(predicate);
}
List list = criteria.list();
for (Object o : list) {
Query<T> query = session.createQuery(criteriaQuery);
List<T> results = query.getResultList();
// Criteria criteria = session.createCriteria(clazzToGet);
// for (Criterion crit : criteriaCollection) {
// criteria.add(crit);
// }
// List list = criteria.list();
for (Object o : results) {
if (o != null && clazzToGet.isInstance(o)) {
ret.add(clazzToGet.cast(o));
}
@ -416,6 +377,7 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @throws DBManagerException if object has previously been saved or an
* error occurs while trying to save it to the database
*/
@SuppressWarnings("unchecked")
protected T doSave(final T object) throws DBManagerException {
LOGGER.debug("saving object: {}", object);
if (object == null) {
@ -424,14 +386,14 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
}
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
try {
LOGGER.debug("saving object in db");
tx = session.beginTransaction();
final Serializable id = session.save(object);
Object o = session.get(object.getClass(), id);
T o = (T) session.get(object.getClass(), id);
session.getTransaction().commit();
return clazz.cast(o);
return o;
} catch (Exception e) {
final String msg = "unable to save object";
LOGGER.error(msg, e);
@ -458,7 +420,7 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
}
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = em.unwrap(org.hibernate.Session.class);
try {
LOGGER.debug("updating object in db");
tx = session.beginTransaction();
@ -493,12 +455,24 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
}
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving " + clazz.toString() + " from db");
tx = session.beginTransaction();
T ret = clazz.cast(session.createCriteria(clazz)
.add(Restrictions.eq("name", name)).uniqueResult());
CriteriaBuilder builder = session.getCriteriaBuilder();
CriteriaQuery<T> criteriaQuery = builder.createQuery(clazz);
Root<T> root = criteriaQuery.from(clazz);
Predicate recordPredicate = builder.and(
builder.equal(root.get("name"), name));
criteriaQuery.select(root).where(recordPredicate);
Query<T> query = session.createQuery(criteriaQuery);
List<T> results = query.getResultList();
T ret = null;
if (results != null && !results.isEmpty()) {
ret = results.get(0);
}
// T ret = clazz.cast(session.createCriteria(clazz)
// .add(Restrictions.eq("name", name)).uniqueResult());
tx.commit();
return ret;
} catch (Exception e) {
@ -529,146 +503,11 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
return null;
}
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving object from db");
tx = session.beginTransaction();
T ret = clazz.cast(session.get(clazz, id));
tx.commit();
return ret;
} catch (Exception e) {
final String msg = "unable to retrieve object";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
}
private void doLoadLazyFields(final Object obj, final boolean recurse)
throws ExecutionException, IllegalAccessException, NoSuchMethodException,
InvocationTargetException {
doLoadLazyFields(obj, recurse, new HashSet<>());
}
private void doLoadLazyFields(final Object obj, final boolean recurse,
final Set<Object> doNotLoad)
throws ExecutionException, IllegalAccessException, NoSuchMethodException,
InvocationTargetException {
if (obj == null) {
return;
}
if (!obj.getClass().isAnnotationPresent(Entity.class)) {
return;
}
doNotLoad.add(obj);
for (Field field : LAZY_LOADED_FIELDS.get(obj.getClass())) {
field.setAccessible(true);
Object fieldObj = FieldUtils.readField(obj, field.getName(), true);
Hibernate.initialize(fieldObj);
field.setAccessible(false);
if (fieldObj instanceof Collection) {
Collection.class.getMethod("size").invoke(fieldObj);
}
}
if (recurse) {
for (Field field : PERSISTED_FIELDS.get(obj.getClass())) {
field.setAccessible(true);
Object fieldObj = FieldUtils.readField(obj, field.getName(), true);
field.setAccessible(false);
if (!doNotLoad.contains(fieldObj)) {
if (fieldObj instanceof Collection) {
for (Object o : (Collection) fieldObj) {
doLoadLazyFields(o, true, doNotLoad);
}
} else {
doLoadLazyFields(fieldObj, true, doNotLoad);
}
}
}
}
}
/**
* Retrieves the <code>Object</code> from the database. This searches the
* database for an entry whose name matches <code>name</code>. It then
* reconstructs the <code>Object</code> from the database entry. It will also
* load all the lazy fields in the given class. If the parameter <code>recurse</code>
* is set to true, this method will recursively descend into each of the object's fields
* to load all the lazily-loaded entities. If false, only the fields belonging to the object
* itself will be loaded.
*
* @param name name of the object
* @param recurse whether to recursively load lazy data throughout the object's structures
* @return object if found, otherwise null.
* @throws DBManagerException if unable to search the database or recreate
* the <code>Object</code>
*/
protected T doGetAndLoadLazyFields(final String name, final boolean recurse)
throws DBManagerException {
LOGGER.debug("getting object: {}", name);
if (name == null) {
LOGGER.debug("null id argument");
return null;
}
Transaction tx = null;
Session session = factory.getCurrentSession();
try {
LOGGER.debug("retrieving " + clazz.toString() + " from db");
tx = session.beginTransaction();
T ret = clazz.cast(session.createCriteria(clazz)
.add(Restrictions.eq("name", name)).uniqueResult());
doLoadLazyFields(ret, recurse);
tx.commit();
return ret;
} catch (Exception e) {
final String msg = "unable to retrieve object";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
}
/**
* Retrieves the <code>Object</code> from the database. This searches the
* database for an entry whose id matches <code>id</code>. It then
* reconstructs the <code>Object</code> from the database entry. It will also
* load all the lazy fields in the given class. If the parameter <code>recurse</code>
* is set to true, this method will recursively descend into each of the object's fields
* to load all the lazily-loaded entities. If false, only the fields belonging to the object
* itself will be loaded.
*
* @param id id of the object
* @param recurse whether to recursively load lazy data throughout the object's structures
* @return object if found, otherwise null.
* @throws DBManagerException if unable to search the database or recreate
* the <code>Object</code>
*/
protected T doGetAndLoadLazyFields(final Serializable id, final boolean recurse)
throws DBManagerException {
LOGGER.debug("getting object: {}", id);
if (id == null) {
LOGGER.debug("null id argument");
return null;
}
Transaction tx = null;
Session session = factory.getCurrentSession();
try {
LOGGER.debug("retrieving object from db");
tx = session.beginTransaction();
T ret = clazz.cast(session.get(clazz, id));
doLoadLazyFields(ret, recurse);
T ret = (T) session.get(clazz, id);
tx.commit();
return ret;
} catch (Exception e) {
@ -690,37 +529,46 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* managed. This class argument allows the caller to limit which types of
* <code>T</code> should be returned.
*
* @param clazz class type of <code>T</code>s to search for (may be null to
* @param entity class type of <code>T</code>s to search for (may be null to
* use Class&lt;T&gt;)
* @param additionalRestriction - an added Criterion to use in the query, null for none
* @return list of <code>T</code> names
* @throws DBManagerException if unable to search the database
*/
protected List<T> doGetList(final Class<? extends T> clazz,
@SuppressWarnings("unchecked")
protected List<T> doGetList(final Class<T> entity,
final Criterion additionalRestriction)
throws DBManagerException {
LOGGER.debug("Getting object list");
Class<? extends T> searchClass = clazz;
if (clazz == null) {
LOGGER.debug("clazz is null");
searchClass = this.clazz;
if (entity == null) {
LOGGER.debug("entity is null");
return new ArrayList<>();
}
Class<T> searchClass = entity;
List<T> objects = new ArrayList<>();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("Retrieving objects from db of class {}", searchClass.getName());
LOGGER.debug("Retrieving objects from db of class {}", searchClass);
tx = session.beginTransaction();
Criteria criteria = session.createCriteria(searchClass);
if (additionalRestriction != null) {
criteria.add(additionalRestriction);
}
List list = criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY).list();
for (Object o : list) {
if (searchClass.isInstance(o)) {
objects.add(searchClass.cast(o));
}
CriteriaBuilder builder = session.getCriteriaBuilder();
CriteriaQuery<T> criteriaQuery = builder.createQuery(searchClass);
Root<T> root = criteriaQuery.from(criteriaQuery.getResultType());
Predicate recordPredicate = builder.and(
);
criteriaQuery.select(root).where(recordPredicate).distinct(true);
Query<T> query = session.createQuery(criteriaQuery);
List<T> results = query.getResultList();
// Criteria criteria = session.createCriteria(searchClass);
// if (additionalRestriction != null) {
// criteriaQuery.add(additionalRestriction);
// }
// List list = criteria.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY).list();
for (Object o : results) {
objects.add((T) o);
}
tx.commit();
LOGGER.debug("Got {} objects", objects.size());
@ -756,12 +604,12 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
* @throws DBManagerException if unable to create the list
*/
@SuppressWarnings("checkstyle:parameternumber")
protected FilteredRecordsList<T> doGetOrderedList(final Class<? extends T> clazz,
protected FilteredRecordsList<T> doGetOrderedList(final Class<T> clazz,
final String columnToOrder, final boolean ascending, final int firstResult,
final int maxResults, final String search, final Map<String, Boolean> searchableColumns,
final CriteriaModifier criteriaModifier) throws DBManagerException {
LOGGER.debug("Getting object list");
Class<? extends T> searchClass = clazz;
Class<T> searchClass = clazz;
if (clazz == null) {
LOGGER.debug("clazz is null");
searchClass = this.clazz;
@ -778,20 +626,33 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
List<T> objects = new ArrayList<>();
Transaction tx = null;
Session session = factory.getCurrentSession();
try {
Session session = getSession();
CriteriaBuilder builder = session.getCriteriaBuilder();
// try {
LOGGER.debug("updating object in db");
tx = session.beginTransaction();
//Returns totalResults in the given entity
Criteria criteria = session.createCriteria(searchClass)
.setProjection(Projections.countDistinct("id"));
criteriaModifier.modify(criteria);
CriteriaQuery<Long> criteriaQuery = builder.createQuery(Long.class);
Root<T> root = criteriaQuery.from(clazz);
criteriaQuery.select(builder.count(criteriaQuery.from(clazz)));
List<Predicate> predicates = new ArrayList<>();
Long totalResultCount = (Long) criteria.uniqueResult();
predicates.add(builder.isNotNull(root.get("id")));
// is this enough to not use the id column?
criteriaQuery.select(builder.countDistinct(root));
criteriaQuery.where(predicates.toArray(new Predicate[]{}));
// Criteria criteria = session.createCriteria(searchClass)
// .setProjection(Projections.countDistinct("id"));
// criteriaModifier.modify(criteria);
// criteria.uniqueResult();
Long totalResultCount = session.createQuery(criteriaQuery).getSingleResult();
Long recordsFiltered = totalResultCount;
Conjunction and = Restrictions.conjunction();
Conjunction restrictions = Restrictions.conjunction();
if (totalResultCount != 0) {
LOGGER.info("Total result count greater than 0");
//Builds the search criteria from all of the searchable columns
@ -808,17 +669,21 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
or.add(ilikeCast(entry.getKey(), word));
}
}
and.add(or);
restrictions.add(or); // cyrus-dev
}
}
LOGGER.info("Search columns filtered");
//Retrieves a count of all the records after being filtered
criteria.setProjection(Projections.countDistinct("id"))
.add(and);
// criteria.setProjection(Projections.countDistinct("id"))
// .add(restrictions);
// criteriaQuery.add(restrictions);
criteriaQuery.where(predicates.toArray(new Predicate[]{}));
try {
LOGGER.info("Get unique result from criteria object");
recordsFiltered = (Long) criteria.uniqueResult();
//(Long) criteria.uniqueResult();
recordsFiltered = session.createQuery(criteriaQuery).uniqueResult();
} catch (HibernateException e) {
LOGGER.error(e.getMessage());
}
@ -828,59 +693,61 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
//Generates an inner query that handles the searching, paging,
//and sorting of the data. The query returns distinct ids in
//order based on these values
Criteria uniqueSubCriteria = session.createCriteria(searchClass)
.setProjection(
Projections.distinct(
Projections.property("id")))
.add(and)
.setFirstResult(firstResult)
.setMaxResults(maxResults);
criteriaModifier.modify(uniqueSubCriteria);
if (ascending) {
uniqueSubCriteria.addOrder(Order.asc(columnToOrder));
} else {
uniqueSubCriteria.addOrder(Order.desc(columnToOrder));
}
List ids = uniqueSubCriteria.list();
// session.getCriteriaBuilder().createQuery(searchClass).
// Criteria uniqueSubCriteria = session.createCriteria(searchClass)
// .setProjection(
// Projections.distinct(
// Projections.property("id")))
// .add(restrictions)
// .setFirstResult(firstResult)
// .setMaxResults(maxResults);
// criteriaModifier.modify(uniqueSubCriteria);
// if (ascending) {
// uniqueSubCriteria.addOrder(Order.asc(columnToOrder));
// } else {
// uniqueSubCriteria.addOrder(Order.desc(columnToOrder));
// }
//
// List ids = uniqueSubCriteria.list();
//Values take the unique identities that passed all other
//criteria and returns the desired entity. Queries needed to be
//separated in order to keep pagination and distinct results
Criteria finalCriteria = session.createCriteria(searchClass)
.add(Restrictions.in("id", ids))
.setResultTransformer(
CriteriaSpecification.DISTINCT_ROOT_ENTITY);
criteriaModifier.modify(finalCriteria);
//Checks the order and validates before returning the values
if (ascending) {
finalCriteria.addOrder(Order.asc(columnToOrder));
} else {
finalCriteria.addOrder(Order.desc(columnToOrder));
}
List list = finalCriteria.list();
for (Object o : list) {
if (clazz.isInstance(o)) {
objects.add(clazz.cast(o));
}
}
// Criteria finalCriteria = session.createCriteria(searchClass)
// .add(Restrictions.in("id", ids))
// .setResultTransformer(
// CriteriaSpecification.DISTINCT_ROOT_ENTITY);
// criteriaModifier.modify(finalCriteria);
//
// //Checks the order and validates before returning the values
// if (ascending) {
// finalCriteria.addOrder(Order.asc(columnToOrder));
// } else {
// finalCriteria.addOrder(Order.desc(columnToOrder));
// }
//
// List list = finalCriteria.list();
// for (Object o : list) {
// if (clazz.isInstance(o)) {
// objects.add(clazz.cast(o));
// }
// }
// }
//Stores results of all the queries for the JQuery Datatable
aqr.setRecordsTotal(totalResultCount);
aqr.setRecordsFiltered(recordsFiltered);
aqr.addAll(objects);
tx.commit();
// } catch (HibernateException e) {
// final String msg = "unable to update object";
// LOGGER.error(msg, e);
// if (tx != null) {
// LOGGER.debug("rolling back transaction");
// tx.rollback();
// }
// throw e;
}
//Stores results of all the queries for the JQuery Datatable
aqr.setRecordsTotal(totalResultCount);
aqr.setRecordsFiltered(recordsFiltered);
aqr.addAll(objects);
tx.commit();
} catch (HibernateException e) {
final String msg = "unable to update object";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw e;
}
LOGGER.info(searchClass.getName() + " found " + aqr.getRecordsTotal() + " records");
return aqr;
}
@ -891,18 +758,18 @@ public abstract class AbstractDbManager<T> implements CrudManager<T> {
*
* @return session factory
*/
protected final SessionFactory getFactory() {
return factory;
protected final Session getSession() {
return em.unwrap(org.hibernate.Session.class);
}
/**
* Returns a StatelessSession that can be used for querying.
*
* @return stateless session
*/
protected final StatelessSession getStatelessSession() {
return factory.openStatelessSession();
}
// /**
// * Returns a StatelessSession that can be used for querying.
// *
// * @return stateless session
// */
// protected final StatelessSession getStatelessSession() {
// return factory.openStatelessSession();
// }
/**

19
HIRS_Utils/src/main/java/hirs/persist/DBAppraiserManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBAppraiserManager.java
View File

@ -1,16 +1,21 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.appraiser.Appraiser;
import hirs.persist.AppraiserManager;
import hirs.persist.AppraiserManagerException;
import hirs.persist.DBManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.SessionFactory;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.util.List;
/**
* This class defines a <code>ApprasierManager</code> that stores the
* appraisers in a database.
*/
@Service
public class DBAppraiserManager extends DBManager<Appraiser> implements AppraiserManager {
private static final Logger LOGGER = LogManager.getLogger();
@ -19,10 +24,10 @@ public class DBAppraiserManager extends DBManager<Appraiser> implements Appraise
* database. The default database is used to store all of the
* <code>Appraiser</code>s.
*
* @param sessionFactory session factory used to access database connections
* @param em entity manager used to access database connections
*/
public DBAppraiserManager(final SessionFactory sessionFactory) {
super(Appraiser.class, sessionFactory);
public DBAppraiserManager(final EntityManager em) {
super(Appraiser.class, em);
}
/**
@ -34,7 +39,7 @@ public class DBAppraiserManager extends DBManager<Appraiser> implements Appraise
* @param appraiser
* appraiser to save
* @return reference to saved appraiser
* @throws AppraiserManagerException
* @throws hirs.persist.AppraiserManagerException
* if appraiser has previously been saved or an error occurs
* while trying to save it to the database
*/
@ -97,7 +102,7 @@ public class DBAppraiserManager extends DBManager<Appraiser> implements Appraise
public final List<Appraiser> getAppraiserList(final Class<? extends Appraiser> clazz)
throws AppraiserManagerException {
LOGGER.debug("getting appraiser list");
return getList(clazz);
return null; //getList(clazz); cyrus-dev
}
/**

187
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBCertificateManager.java Normal file
View File

@ -0,0 +1,187 @@
package hirs.attestationca.servicemanager;
import hirs.data.persist.certificate.Certificate;
import hirs.persist.CertificateManager;
import hirs.persist.CertificateSelector;
import hirs.persist.DBManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.retry.RetryCallback;
import org.springframework.retry.RetryContext;
import org.springframework.retry.support.RetryTemplate;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
/**
* This class is used to persist and retrieve {@link Certificate}s into and from a database.
*/
@Service
public class DBCertificateManager extends DBManager<Certificate>
implements CertificateManager {
private static final Logger LOGGER = LogManager.getLogger(DBCertificateManager.class);
// structure for retrying methods in the database
private RetryTemplate retryTemplate;
/**
* Creates a new {@link DBCertificateManager} that uses the default
* database.
*
* @param em entity manager used to access database connections
*/
public DBCertificateManager(final EntityManager em) {
super(Certificate.class, em);
}
/**
* This method does not need to be used directly as it is used by
* {@link hirs.persist.CertificateSelector}'s
* get methods. Regardless, it may be used to retrieve certificates
* by other code in this
* package, given a configured CertificateSelector.
*
* Example:
*
* <pre>
* {@code
* CertificateSelector certSelector =
* new CertificateSelector(Certificate.Type.CERTIFICATE_AUTHORITY)
* .byIssuer("CN=Some certain issuer");
*
* Set<Certificate> certificates = certificateManager.get(certSelector);}
* </pre>
*
* @param <T> the type of certificate that will be retrieved
* @param certificateSelector a configured {@link hirs.persist.CertificateSelector}
* to use for querying
* @return the resulting set of Certificates, possibly empty
*/
@SuppressWarnings("unchecked")
public <T extends Certificate> Set<T> getCertificate(
final CertificateSelector certificateSelector) {
return new HashSet<>(0
// (List<T>) getWithCriteria(
// certificateSelector.getCertificateClass(),
// Collections.singleton(certificateSelector.getCriterion())
// )
);
}
/**
* Remove a certificate from the database.
*
* @param certificate the certificate to delete
* @return true if deletion was successful, false otherwise
*/
public boolean deleteCertificate(final Certificate certificate) {
return delete(certificate);
}
/**
* Saves the <code>Object</code> in the database. This creates a new
* database session and saves the object. If the <code>Object</code> had
* previously been saved then a <code>DBManagerException</code> is thrown.
*
* @param object object to save
* @return reference to saved object
* @throws hirs.persist.DBManagerException if object has previously been saved or an
* error occurs while trying to save it to the database
*/
@Override
public Certificate saveCertificate(final Certificate object) throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Certificate, DBManagerException>() {
@Override
public Certificate doWithRetry(final RetryContext context) throws DBManagerException {
return doSave(object);
}
});
}
/**
* Deletes the object from the database. This removes all of the database
* entries that stored information with regards to the this object.
* <p>
* If the object is referenced by any other tables then this will throw a
* <code>DBManagerException</code>.
*
* @param object instance of the object to delete
* @return true if successfully found and deleted the object
* @throws DBManagerException if unable to find the baseline or delete it
* from the database
*/
public final boolean delete(final Certificate object) throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Boolean, DBManagerException>() {
@Override
public Boolean doWithRetry(final RetryContext context) throws DBManagerException {
return doDelete(object);
}
});
}
/**
* Updates an object stored in the database. This updates the database
* entries to reflect the new values that should be set.
*
* @param object object to update
* @throws DBManagerException if an error occurs while trying to save it to the database
*/
public final void updateCertificate(final Certificate object) throws DBManagerException {
retryTemplate.execute(new RetryCallback<Void, DBManagerException>() {
@Override
public Void doWithRetry(final RetryContext context) throws DBManagerException {
doUpdate(object);
return null;
}
});
}
/**
* Retrieves the <code>Object</code> from the database. This searches the
* database for an entry whose name matches <code>name</code>. It then
* reconstructs the <code>Object</code> from the database entry.
*
* @param id id of the object
* @return object if found, otherwise null.
* @throws DBManagerException if unable to search the database or recreate
* the <code>Object</code>
*/
public final Certificate getCertificate(final Serializable id) throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Certificate, DBManagerException>() {
@Override
public Certificate doWithRetry(final RetryContext context) throws DBManagerException {
return doGet(id);
}
});
}
// /**
// * Set the parameters used to retry database transactions. The retry template will
// * retry transactions that throw a LockAcquisitionException or StaleObjectStateException.
// * @param maxTransactionRetryAttempts the maximum number of database transaction attempts
// * @param retryWaitTimeMilliseconds the transaction retry wait time in milliseconds
// */
// public final void setRetryTemplate(final int maxTransactionRetryAttempts,
// final long retryWaitTimeMilliseconds) {
// Map<Class<? extends Throwable>, Boolean> exceptionsToRetry = new HashMap<>();
// exceptionsToRetry.put(LockAcquisitionException.class, true);
// exceptionsToRetry.put(StaleObjectStateException.class, true);
//
// SimpleRetryPolicy retryPolicy = new SimpleRetryPolicy(
// maxTransactionRetryAttempts,
// exceptionsToRetry,
// true,
// false
// );
//
// FixedBackOffPolicy backoffPolicy = new FixedBackOffPolicy();
// backoffPolicy.setBackOffPeriod(retryWaitTimeMilliseconds);
// this.retryTemplate = new RetryTemplate();
// this.retryTemplate.setRetryPolicy(retryPolicy);
// this.retryTemplate.setBackOffPolicy(backoffPolicy);
// }
}

78
HIRS_Utils/src/main/java/hirs/persist/DBDeviceManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBDeviceManager.java
View File

@ -1,31 +1,39 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.FilteredRecordsList;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.DeviceManager;
import hirs.persist.DeviceManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.HibernateException;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;
import org.hibernate.query.Query;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.JoinType;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* This class defines a <code>DeviceManager</code> that stores the devices
* in a database.
*/
@Service
public class DBDeviceManager extends DBManager<Device> implements
DeviceManager {
@ -36,10 +44,10 @@ public class DBDeviceManager extends DBManager<Device> implements
* database. The default database is used to store all of the
* <code>Device</code>s.
*
* @param sessionFactory session factory used to access database connections
* @param em entity manager used to access database connections
*/
public DBDeviceManager(final SessionFactory sessionFactory) {
super(Device.class, sessionFactory);
public DBDeviceManager(final EntityManager em) {
super(Device.class, em);
}
/**
@ -51,7 +59,7 @@ public class DBDeviceManager extends DBManager<Device> implements
* @param device
* device to save
* @return reference to saved device
* @throws DeviceManagerException
* @throws hirs.persist.DeviceManagerException
* if device has previously been saved or an error occurs
* while trying to save it to the database
*/
@ -103,7 +111,7 @@ public class DBDeviceManager extends DBManager<Device> implements
throws DeviceManagerException {
LOGGER.debug("updating all devices in list");
Session session = getFactory().getCurrentSession();
Session session = getSession();
Transaction tx = session.beginTransaction();
try {
for (final Device device : deviceList) {
@ -208,7 +216,8 @@ public class DBDeviceManager extends DBManager<Device> implements
return super.getOrderedList(Device.class, columnToOrder, ascending, firstResult,
maxResults, search, searchableColumns, modifier);
} catch (DBManagerException e) {
throw new AlertManagerException(e);
LOGGER.error(e);
return null;
}
}
/**
@ -245,21 +254,29 @@ public class DBDeviceManager extends DBManager<Device> implements
public final List<Device> getDefaultDevices() throws DeviceManagerException {
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
List<Device> devices = new ArrayList<>();
try {
LOGGER.debug("retrieving defaults devices from db");
tx = session.beginTransaction();
List list = session.createCriteria(Device.class).createAlias("deviceGroup", "group")
.add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP))
.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY)
.list();
for (Object o : list) {
if (o instanceof Device) {
devices.add((Device) o);
}
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<Device> criteriaQuery = criteriaBuilder.createQuery(Device.class);
Root<Device> root = criteriaQuery.from(Device.class);
root.join("group.name", JoinType.LEFT).alias("group");
Predicate recordPredicate = criteriaBuilder
.and(criteriaBuilder.equal(root.get("group.name"), "Default Group"));
criteriaQuery.select(root).where(recordPredicate).distinct(true);
Query<Device> query = session.createQuery(criteriaQuery);
List<Device> results = query.getResultList();
if (results != null) {
devices.addAll(results);
}
// List list = session.createCriteria(Device.class).createAlias("deviceGroup", "group")
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP))
// .setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY)
// .list();
tx.commit();
} catch (HibernateException e) {
final String msg = "unable to retrieve default devices";
@ -281,9 +298,6 @@ public class DBDeviceManager extends DBManager<Device> implements
*
* @param name of the device to be deleted
* @return true if successfully found and deleted, false if otherwise
* @throws DeviceGroupManagerException
* if unable to find the device group or delete it from the
* database
*/
@Override
public final boolean deleteDevice(final String name)

84
HIRS_Utils/src/main/java/hirs/persist/DBManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBManager.java
View File

@ -1,11 +1,12 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.FilteredRecordsList;
import hirs.data.persist.ArchivableEntity;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.SessionFactory;
import org.hibernate.StaleObjectStateException;
import org.hibernate.criterion.Criterion;
import org.hibernate.exception.LockAcquisitionException;
@ -15,7 +16,10 @@ import org.springframework.retry.RetryListener;
import org.springframework.retry.backoff.FixedBackOffPolicy;
import org.springframework.retry.policy.SimpleRetryPolicy;
import org.springframework.retry.support.RetryTemplate;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.criteria.Predicate;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashMap;
@ -23,11 +27,12 @@ import java.util.List;
import java.util.Map;
/**
* @param <T> passed in type
* Generic database manager for managing objects in a database. This provides create, read, update,
* archive, and delete operations for managing objects in a database.
*
* @param <T> type of objects to manage by this manager
*/
@Service
public class DBManager<T> extends AbstractDbManager<T> {
private static final Logger LOGGER = LogManager.getLogger(DBManager.class);
@ -63,11 +68,11 @@ public class DBManager<T> extends AbstractDbManager<T> {
* default database is used to store all of the objects.
*
* @param clazz Class to search for when doing Hibernate queries
* @param sessionFactory the session factory to use to connect to the database
* @param em the entity manager to use to connect to the database
* unfortunately class type of T cannot be determined using only T
*/
public DBManager(final Class<T> clazz, final SessionFactory sessionFactory) {
super(clazz, sessionFactory);
public DBManager(final Class<T> clazz, final EntityManager em) {
super(clazz, em);
setRetryTemplate(DEFAULT_MAX_RETRY_ATTEMPTS, DEFAULT_RETRY_WAIT_TIME_MS);
}
@ -109,20 +114,21 @@ public class DBManager<T> extends AbstractDbManager<T> {
* Runs a Criteria query using the given collection of Criterion over the
* associated class.
*
* @param criteriaCollection the collection of Criterion to apply
* @param predicateCollection the collection of Criterion to apply
*
* @return a List of objects that match the criteria
* @throws DBManagerException if an error is encountered while performing the query or creating
* @throws hirs.persist.DBManagerException if an error is encountered
* while performing the query or creating
* the result objects
*/
public final List<T> getWithCriteria(final Collection<Criterion> criteriaCollection)
public final List<T> getWithCriteria(final Collection<Predicate> predicateCollection)
throws DBManagerException {
return retryTemplate.execute(
new RetryCallback<List<T>, DBManagerException>() {
@Override
public List<T> doWithRetry(final RetryContext context)
throws DBManagerException {
return doGetWithCriteria(criteriaCollection);
return doGetWithCriteria(predicateCollection);
}
});
}
@ -131,8 +137,6 @@ public class DBManager<T> extends AbstractDbManager<T> {
* Runs a Criteria query using the given collection of Criterion over the
* associated class.
*
* @param <U> the specific type of class to retrieve
* (should extend this class' &lt;T&gt; parameter)
* @param clazzToGet the class of object to retrieve
* @param criteriaCollection the collection of Criterion to apply
*
@ -140,13 +144,13 @@ public class DBManager<T> extends AbstractDbManager<T> {
* @throws DBManagerException if an error is encountered while performing the query or creating
* the result objects
*/
protected final <U extends T> List<U> getWithCriteria(
final Class<U> clazzToGet,
final Collection<Criterion> criteriaCollection) throws DBManagerException {
protected final List<T> getWithCriteria(
final Class<T> clazzToGet,
final Collection<Predicate> criteriaCollection) throws DBManagerException {
return retryTemplate.execute(
new RetryCallback<List<U>, DBManagerException>() {
new RetryCallback<List<T>, DBManagerException>() {
@Override
public List<U> doWithRetry(final RetryContext context)
public List<T> doWithRetry(final RetryContext context)
throws DBManagerException {
return doGetWithCriteria(clazzToGet, criteriaCollection);
}
@ -264,7 +268,8 @@ public class DBManager<T> extends AbstractDbManager<T> {
return retryTemplate.execute(new RetryCallback<T, DBManagerException>() {
@Override
public T doWithRetry(final RetryContext context) throws DBManagerException {
return doGetAndLoadLazyFields(name, recurse);
return null;
// return doGetAndLoadLazyFields(name, recurse);
}
});
}
@ -286,7 +291,8 @@ public class DBManager<T> extends AbstractDbManager<T> {
*/
public final T getAndLoadLazyFields(final Serializable id, final boolean recurse)
throws DBManagerException {
return doGetAndLoadLazyFields(id, recurse);
return null;
// return doGetAndLoadLazyFields(id, recurse);
}
/**
@ -297,14 +303,14 @@ public class DBManager<T> extends AbstractDbManager<T> {
* managed. This class argument allows the caller to limit which types of
* <code>T</code> should be returned.
*
* @param clazz class type of <code>T</code>s to search for (may be null to
* @param entity class type of <code>T</code>s to search for (may be null to
* use Class&lt;T&gt;)
* @return list of <code>T</code> names
* @throws DBManagerException if unable to search the database
*/
public List<T> getList(final Class<? extends T> clazz)
public List<T> getList(final Class<T> entity)
throws DBManagerException {
return getList(clazz, null);
return getList(entity, null);
}
/**
@ -315,19 +321,19 @@ public class DBManager<T> extends AbstractDbManager<T> {
* managed. This class argument allows the caller to limit which types of
* <code>T</code> should be returned.
*
* @param clazz class type of <code>T</code>s to search for (may be null to
* @param entity class type of <code>T</code>s to search for (may be null to
* use Class&lt;T&gt;)
* @param additionalRestriction additional restrictions to apply to criteria.
* @return list of <code>T</code> names
* @throws DBManagerException if unable to search the database
*/
@Override
public List<T> getList(final Class<? extends T> clazz, final Criterion additionalRestriction)
public List<T> getList(final Class<T> entity, final Criterion additionalRestriction)
throws DBManagerException {
return retryTemplate.execute(new RetryCallback<List<T>, DBManagerException>() {
@Override
public List<T> doWithRetry(final RetryContext context) throws DBManagerException {
return doGetList(clazz, additionalRestriction);
return doGetList(entity, additionalRestriction);
}
});
}
@ -352,7 +358,7 @@ public class DBManager<T> extends AbstractDbManager<T> {
*/
@Override
public final FilteredRecordsList getOrderedList(
final Class<? extends T> clazz, final String columnToOrder,
final Class<T> clazz, final String columnToOrder,
final boolean ascending, final int firstResult,
final int maxResults, final String search,
final Map<String, Boolean> searchableColumns)
@ -391,7 +397,7 @@ public class DBManager<T> extends AbstractDbManager<T> {
*/
@SuppressWarnings("checkstyle:parameternumber")
public final FilteredRecordsList<T> getOrderedList(
final Class<? extends T> clazz, final String columnToOrder,
final Class<T> clazz, final String columnToOrder,
final boolean ascending, final int firstResult,
final int maxResults, final String search,
final Map<String, Boolean> searchableColumns, final CriteriaModifier criteriaModifier)
@ -421,7 +427,6 @@ public class DBManager<T> extends AbstractDbManager<T> {
* @throws DBManagerException if unable to find the baseline or delete it
* from the database
*/
public final boolean delete(final String name) throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Boolean, DBManagerException>() {
@Override
@ -444,7 +449,7 @@ public class DBManager<T> extends AbstractDbManager<T> {
* @throws DBManagerException if unable to find the baseline or delete it
* from the database
*/
public final boolean delete(final Serializable id)
public final boolean deleteById(final Serializable id)
throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Boolean, DBManagerException>() {
@Override
@ -454,27 +459,6 @@ public class DBManager<T> extends AbstractDbManager<T> {
});
}
/**
* Deletes the object from the database. This removes all of the database
* entries that stored information with regards to the this object.
* <p>
* If the object is referenced by any other tables then this will throw a
* <code>DBManagerException</code>.
*
* @param object object to delete
* @return true if successfully found and deleted the object
* @throws DBManagerException if unable to delete the object from the database
*/
@Override
public final boolean delete(final T object) throws DBManagerException {
return retryTemplate.execute(new RetryCallback<Boolean, DBManagerException>() {
@Override
public Boolean doWithRetry(final RetryContext context) throws DBManagerException {
return doDelete(object);
}
});
}
/**
* Archives the named object and updates it in the database.
*

305
HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java
View File

@ -1,30 +1,33 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import com.google.common.base.Preconditions;
import hirs.appraiser.Appraiser;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.baseline.HasBaselines;
import hirs.data.persist.Policy;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import hirs.data.persist.policy.Policy;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyManager;
import hirs.persist.PolicyManagerException;
import hirs.persist.PolicyMapper;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hibernate.query.Query;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.io.Serializable;
import java.util.List;
/**
* This class defines a <code>PolicyManager</code> that stores policies in a
* database.
*/
@Repository
public class DBPolicyManager extends DBManager<Policy> implements PolicyManager {
private static final Logger LOGGER = LogManager.getLogger(DBPolicyManager.class);
@ -34,10 +37,10 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* parameter is used to initialize a session factory to manage all hibernate
* sessions.
*
* @param factory session factory to manage connections to hibernate db
* @param em Entity Manager to manage connections to hibernate db
*/
public DBPolicyManager(final SessionFactory factory) {
super(Policy.class, factory);
public DBPolicyManager(final EntityManager em) {
super(Policy.class, em);
}
/**
@ -46,7 +49,7 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* @param policy
* policy to save
* @return <code>Policy</code> that was saved
* @throws PolicyManagerException
* @throws hirs.persist.PolicyManagerException
* if policy has previously been saved or an error occurs while
* trying to save it to the database
*/
@ -95,36 +98,7 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
public final List<Policy> getPolicyList(final Class<? extends Policy> clazz)
throws PolicyManagerException {
LOGGER.debug("getting policy list");
try {
return super.getList(clazz, Restrictions.isNull("archivedTime"));
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Return a list of all the policies that contain the given baseline.
*
* @param clazz the class of Policy to search
* @param baseline the baseline that should be a member of returned Policies
* @return the list of matching Policies
*/
@Override
public List<Policy> getPoliciesContainingBaseline(
final Class<? extends Policy> clazz,
final Baseline baseline
) {
List<Policy> matchingPolicies = new ArrayList<>();
List<Policy> policies = getPolicyList(clazz);
for (Policy policy : policies) {
if (policy instanceof HasBaselines) {
HasBaselines policyWithBaselines = (HasBaselines) policy;
if (policyWithBaselines.getBaselines().contains(baseline)) {
matchingPolicies.add(policy);
}
}
}
return matchingPolicies;
return null;
}
/**
@ -173,6 +147,18 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
}
}
/**
* Deletes the policy given.
*
* @param policy {@link Policy} to be deleted
* @return status of the deletion
* @throws DBManagerException
*/
@Override
public final boolean delete(final Policy policy) throws DBManagerException {
return false;
}
/**
* Sets the default <code>Policy</code> to use for an <code>Appraiser</code>.
* This updates the database to reflect this change so that when this
@ -191,20 +177,39 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
LOGGER.error("cannot set default policy on null appraiser");
throw new NullPointerException("appraiser");
}
final SessionFactory factory = getFactory();
Session session = factory.getCurrentSession();
Session session = getSession();
Transaction tx = session.beginTransaction();
try {
final Criteria criteria = session.createCriteria(DeviceGroup.class)
.add(Restrictions.eq("name", DeviceGroup.DEFAULT_GROUP));
DeviceGroup group = (DeviceGroup) criteria.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyMapperCriteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyMapperRoot = policyMapperCriteriaQuery
.from(PolicyMapper.class);
Predicate policyPredicate = criteriaBuilder.and(
criteriaBuilder.equal(policyMapperRoot.get("appraiser"), appraiser),
criteriaBuilder.equal(policyMapperRoot.get("group.name"),
"Default Group"));
policyMapperCriteriaQuery.select(policyMapperRoot).where(policyPredicate);
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
final Criteria cr = session.createCriteria(PolicyMapper.class)
.createAlias("deviceGroup", "group")
.add(Restrictions.eq("appraiser", appraiser))
.add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
PolicyMapper mapper = null;
Query<PolicyMapper> policyMapperQuery = session.createQuery(policyMapperCriteriaQuery);
List<PolicyMapper> policyMappers = policyMapperQuery.getResultList();
if (policyMappers != null && !policyMappers.isEmpty()) {
mapper = policyMappers.get(0);
}
// final Criteria criteria = session.createCriteria(DeviceGroup.class)
// .add(Restrictions.eq("name", DeviceGroup.DEFAULT_GROUP));
// DeviceGroup group = (DeviceGroup) criteria.uniqueResult();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.debug("policy is null so removing policy");
if (mapper != null) {
@ -214,7 +219,7 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
LOGGER.info("setting default policy {} on appraiser {}",
policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy, group));
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
@ -247,8 +252,7 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* If the default <code>Policy</code> has not been set then this returns
* null.
*
* @param appraiser
* appraiser
* @param appraiser appraiser
* @return default policy
*/
@Override
@ -259,18 +263,31 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
}
Policy ret = null;
final SessionFactory factory = getFactory();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = {}",
appraiser);
final Criteria cr = session.createCriteria(PolicyMapper.class)
.createAlias("deviceGroup", "group")
.add(Restrictions.eq("appraiser", appraiser))
.add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser),
criteriaBuilder.equal(root.get("group.name"), "Default Group"));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}",
appraiser);
@ -308,36 +325,50 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* there is none
*/
@Override
public final Policy getPolicy(
final Appraiser appraiser,
final Device device) {
public final Policy getPolicy(final Appraiser appraiser, final Device device) {
Preconditions.checkArgument(appraiser != null, "Appraiser must not be null");
Preconditions.checkArgument(device != null, "Device must not be null");
Policy ret = null;
final SessionFactory factory = getFactory();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{} and device= {}", appraiser, device);
final Criteria deviceCr = session.createCriteria(Device.class)
.add(Restrictions.eq("name", device.getName()));
final Device retrievedDevice = (Device) deviceCr.uniqueResult();
DeviceGroup deviceGroup = null;
if (retrievedDevice != null) {
deviceGroup = retrievedDevice.getDeviceGroup();
final CriteriaBuilder deviceCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<Device> criteriaQuery = deviceCriteriaBuilder.createQuery(Device.class);
Root<Device> root = criteriaQuery.from(Device.class);
Predicate recordPredicate = deviceCriteriaBuilder.and(
deviceCriteriaBuilder.equal(root.get("name"), device.getName()));
criteriaQuery.select(root).where(recordPredicate);
Query<Device> query = session.createQuery(criteriaQuery);
List<Device> results = query.getResultList();
Device retrievedDevice = null;
if (results != null && !results.isEmpty()) {
retrievedDevice = results.get(0);
}
final Criteria cr = session.createCriteria(PolicyMapper.class)
.add(Restrictions.eq("appraiser", appraiser))
.add(Restrictions.eq("deviceGroup", deviceGroup));
final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {} and "
+ "device group {}", appraiser, deviceGroup);
// final Criteria deviceCr = session.createCriteria(Device.class)
// .add(Restrictions.eq("name", device.getName()));
// final Device retrievedDevice = (Device) deviceCr.uniqueResult();
final CriteriaBuilder policyCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyCriteriaQuery = policyCriteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyRoot = policyCriteriaQuery.from(PolicyMapper.class);
Predicate policyPredicate = policyCriteriaBuilder.and(
policyCriteriaBuilder.equal(policyRoot.get("appraiser"), appraiser));
policyCriteriaQuery.select(policyRoot).where(policyPredicate);
Query<PolicyMapper> policyQuery = session.createQuery(policyCriteriaQuery);
List<PolicyMapper> policyResults = policyQuery.getResultList();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policyResults == null) {
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = mapper.getPolicy();
ret = policyResults.get(0).getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
@ -360,36 +391,40 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* policy for the given appraiser. If neither the specific policy for the
* device group or the default policy is found, null is returned.
*
* @param appraiser
* appraiser
* @param deviceGroup
* device group
* @param appraiser appraiser
* @return policy associated with the appraiser-device group pair or null if
* there is none
*/
@Override
public final Policy getPolicy(final Appraiser appraiser,
final DeviceGroup deviceGroup) {
public final Policy getPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get policy for null appraiser");
return null;
}
Policy ret = null;
final SessionFactory factory = getFactory();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{} and device group = {}", appraiser, deviceGroup);
final Criteria cr = session.createCriteria(PolicyMapper.class)
.add(Restrictions.eq("appraiser", appraiser))
.add(Restrictions.eq("deviceGroup", deviceGroup));
final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
+ "{}", appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {} and "
+ "device group {}", appraiser, deviceGroup);
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = mapper.getPolicy();
}
@ -406,9 +441,6 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
if (ret == null) {
String groupName = "null";
if (deviceGroup != null) {
groupName = deviceGroup.getName();
}
final String msg = String.format("unable to find policy for appraiser '%s'"
+ " for device group '%s'", appraiser.getName(), groupName);
LOGGER.debug(msg);
@ -422,31 +454,34 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
* <code>DeviceGroup</code> pair. This updates the database to reflect this
* change so that when this class is loaded it should read that property.
*
* @param appraiser
* appraiser
* @param deviceGroup
* device group
* @param policy
* policy
* @param appraiser appraiser
* @param policy policy
*/
@Override
public final void setPolicy(final Appraiser appraiser,
final DeviceGroup deviceGroup, final Policy policy) {
public final void setPolicy(final Appraiser appraiser, final Policy policy) {
Preconditions.checkNotNull(appraiser, "Cannot set policy on null appraiser");
Preconditions.checkNotNull(deviceGroup, "Cannot set policy on null device group");
final SessionFactory factory = getFactory();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("Finding existing policy mapper from db where "
+ "appraiser = {} and device group = {}", appraiser,
deviceGroup);
final Criteria cr = session.createCriteria(PolicyMapper.class)
.add(Restrictions.eq("appraiser", appraiser))
.add(Restrictions.eq("deviceGroup", deviceGroup));
final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.info("Policy is null, so removing policy from device group {}");
if (mapper != null) {
@ -454,10 +489,9 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
}
} else {
LOGGER.info("Setting policy {} on appraiser {} on device "
+ "group {}", policy, appraiser, deviceGroup);
+ "group {}", policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy,
deviceGroup));
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
@ -486,21 +520,20 @@ public class DBPolicyManager extends DBManager<Policy> implements PolicyManager
int count = 0;
if (policy != null) {
final SessionFactory factory = getFactory();
Transaction tx = null;
Session session = factory.getCurrentSession();
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving group use count for policy {}", policy);
final Criteria cr = session.createCriteria(PolicyMapper.class)
.add(Restrictions.eq("policy", policy))
.setProjection(Projections.projectionList()
.add(Projections.count("policy")));
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("policy", policy))
// .setProjection(Projections.projectionList()
// .add(Projections.count("policy")));
final Object result = cr.uniqueResult();
if (result != null && result instanceof Long) {
count = ((Long) result).intValue();
}
// final Object result = cr.uniqueResult();
// if (result != null && result instanceof Long) {
// count = ((Long) result).intValue();
// }
} catch (Exception e) {
// Log the error and return -1 to enable error handling.
count = -1;

26
HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPortalInfoManager.java
View File

@ -1,19 +1,23 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.data.persist.info.PortalInfo;
import hirs.data.persist.enums.PortalScheme;
import java.net.URI;
import java.net.URISyntaxException;
import hirs.data.persist.info.PortalInfo;
import hirs.persist.DBManagerException;
import hirs.persist.PortalInfoManager;
import hirs.persist.PortalInfoManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.SessionFactory;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.net.URI;
import java.net.URISyntaxException;
/**
* A <code>DBPortalInfoManager</code> is a service (extends <code>DBManager</code>) that
* implements the <code>PortalInfoManager</code> that stores and retrieves Portal Info objects.
*/
@Service
public class DBPortalInfoManager extends DBManager<PortalInfo> implements PortalInfoManager {
private static final Logger LOGGER = LogManager.getLogger(DBPortalInfoManager.class);
@ -22,10 +26,10 @@ public class DBPortalInfoManager extends DBManager<PortalInfo> implements Portal
* Creates a new <code>DBPortalInfoManager</code>. The optional SessionFactory parameter is
* used to manage sessions with a hibernate db.
*
* @param factory a hibernate session
* @param em a hibernate session
*/
public DBPortalInfoManager(final SessionFactory factory) {
super(PortalInfo.class, factory);
public DBPortalInfoManager(final EntityManager em) {
super(PortalInfo.class, em);
}
/**
@ -35,7 +39,7 @@ public class DBPortalInfoManager extends DBManager<PortalInfo> implements Portal
*
* @param info PortalInfo to save
* @return reference to saved PortalInfo
* @throws PortalInfoManagerException if PortalInfo has previously been saved or an
* @throws hirs.persist.PortalInfoManagerException if PortalInfo has previously been saved or an
* error occurs while trying to save it to the database
*/
@Override

124
HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBReferenceEventManager.java
View File

@ -1,17 +1,25 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.ReferenceDigestRecord;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupportReferenceManifest;
import hirs.persist.DBManagerException;
import hirs.persist.DeviceManagerException;
import hirs.persist.ReferenceEventManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;
import org.hibernate.query.Query;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@ -22,18 +30,20 @@ import java.util.UUID;
* This class is used to persist and retrieve {@link hirs.data.persist.ReferenceDigestValue}s into
* and from the database.
*/
@Service
public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
implements ReferenceEventManager {
private static final Logger LOGGER = LogManager.getLogger(DBReferenceDigestManager.class);
private static final Logger LOGGER = LogManager.getLogger(DBReferenceEventManager.class);
/**
* Default Constructor.
*
* @param sessionFactory session factory used to access database connections
* @param em entity manager used to access database connections
*/
public DBReferenceEventManager(final SessionFactory sessionFactory) {
super(ReferenceDigestValue.class, sessionFactory);
public DBReferenceEventManager(final EntityManager em) {
super(ReferenceDigestValue.class, em);
this.setClazz(ReferenceDigestValue.class);
}
@Override
@ -61,20 +71,38 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
return null;
}
ReferenceDigestValue dbRecord;
ReferenceDigestValue dbRecord = null;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving referenceDigestValue from db");
tx = session.beginTransaction();
dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
.add(Restrictions.eq("supportRimId",
referenceDigestValue.getSupportRimId()))
.add(Restrictions.eq("digestValue",
referenceDigestValue.getDigestValue()))
.add(Restrictions.eq("eventNumber",
referenceDigestValue.getPcrIndex()))
.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReferenceDigestValue> criteriaQuery = criteriaBuilder
.createQuery(ReferenceDigestValue.class);
Root<ReferenceDigestValue> root = criteriaQuery.from(ReferenceDigestValue.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("supportRimId"),
referenceDigestValue.getSupportRimId()),
criteriaBuilder.equal(root.get("digestValue"),
referenceDigestValue.getDigestValue()),
criteriaBuilder.equal(root.get("eventNumber"),
referenceDigestValue.getPcrIndex()));
criteriaQuery.select(root).where(recordPredicate);
Query<ReferenceDigestValue> query = session.createQuery(criteriaQuery);
List<ReferenceDigestValue> results = query.getResultList();
if (results != null && !results.isEmpty()) {
dbRecord = results.get(0);
}
// dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
// .add(Restrictions.eq("supportRimId",
// referenceDigestValue.getSupportRimId()))
// .add(Restrictions.eq("digestValue",
// referenceDigestValue.getDigestValue()))
// .add(Restrictions.eq("eventNumber",
// referenceDigestValue.getPcrIndex()))
// .uniqueResult();
tx.commit();
} catch (Exception ex) {
final String msg = "unable to retrieve object";
@ -113,15 +141,28 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
return null;
}
ReferenceDigestValue dbRecord;
ReferenceDigestValue dbRecord = null;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving referenceDigestValue from db");
tx = session.beginTransaction();
dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
.add(Restrictions.eq("id",
referenceDigestValue.getId())).uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReferenceDigestValue> criteriaQuery = criteriaBuilder
.createQuery(ReferenceDigestValue.class);
Root<ReferenceDigestValue> root = criteriaQuery.from(ReferenceDigestValue.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("id"), referenceDigestValue.getId()));
criteriaQuery.select(root).where(recordPredicate);
Query<ReferenceDigestValue> query = session.createQuery(criteriaQuery);
List<ReferenceDigestValue> results = query.getResultList();
if (results != null && !results.isEmpty()) {
dbRecord = results.get(0);
}
// dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
// .add(Restrictions.eq("id",
// referenceDigestValue.getId())).uniqueResult();
tx.commit();
} catch (Exception ex) {
final String msg = "unable to retrieve object";
@ -142,15 +183,28 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
throw new NullPointerException("null event digest argument");
}
ReferenceDigestValue dbRecord;
ReferenceDigestValue dbRecord = null;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving referenceDigestValue from db");
tx = session.beginTransaction();
dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
.add(Restrictions.eq("digestValue",
eventDigest)).uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReferenceDigestValue> criteriaQuery = criteriaBuilder
.createQuery(ReferenceDigestValue.class);
Root<ReferenceDigestValue> root = criteriaQuery.from(ReferenceDigestValue.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("digestValue"), eventDigest));
criteriaQuery.select(root).where(recordPredicate);
Query<ReferenceDigestValue> query = session.createQuery(criteriaQuery);
List<ReferenceDigestValue> results = query.getResultList();
if (results != null && !results.isEmpty()) {
dbRecord = results.get(0);
}
// dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class)
// .add(Restrictions.eq("digestValue",
// eventDigest)).uniqueResult();
tx.commit();
} catch (Exception ex) {
final String msg = "unable to retrieve object";
@ -311,12 +365,16 @@ public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
@Override
public boolean deleteEvent(final ReferenceDigestValue referenceDigestValue) {
boolean result;
LOGGER.info(String.format("Deleting reference to %s",
referenceDigestValue.getId()));
try {
result = super.delete(referenceDigestValue);
} catch (DBManagerException dbMEx) {
throw new RuntimeException(dbMEx);
if (referenceDigestValue == null || referenceDigestValue.getId() == null) {
result = false;
} else {
LOGGER.info(String.format("Deleting reference to %s",
referenceDigestValue.getId()));
try {
result = super.deleteById(referenceDigestValue.getId());
} catch (DBManagerException dbMEx) {
throw new RuntimeException(dbMEx);
}
}
return result;
}

66
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBReferenceManifestManager.java Normal file
View File

@ -0,0 +1,66 @@
package hirs.attestationca.servicemanager;
import hirs.data.persist.ReferenceManifest;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.ReferenceManifestSelector;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.util.HashSet;
import java.util.Set;
/**
* This class is used to persist and retrieve {@link ReferenceManifest}s into
* and from the database.
*/
@Service
public class DBReferenceManifestManager extends DBManager<ReferenceManifest>
implements ReferenceManifestManager {
private static final Logger LOGGER = LogManager.getLogger(DBReferenceManifestManager.class);
/**
* Default Constructor.
*
* @param em entity manager used to access database connections
*/
public DBReferenceManifestManager(final EntityManager em) {
super(ReferenceManifest.class, em);
}
/**
* This method does not need to be used directly as it is used by
* {@link hirs.persist.ReferenceManifestSelector}'s get* methods. Regardless, it may be
* used to retrieve ReferenceManifest by other code in this package, given a
* configured ReferenceManifestSelector.
*
* @param referenceManifestSelector a configured
* {@link hirs.persist.ReferenceManifestSelector} to use for querying
* @return the resulting set of ReferenceManifest, possibly empty
*/
@Override
@SuppressWarnings("unchecked")
public <T extends ReferenceManifest> Set<T> get(
final ReferenceManifestSelector referenceManifestSelector) {
LOGGER.info("Getting the full set of Reference Manifest files.");
// CriteriaBuilder builder = this.getFactory().getCriteriaBuilder();
return new HashSet<>(0
// new HashSet<>((List<T>) getWithCriteria(
// referenceManifestSelector.getReferenceManifestClass(),
// referenceManifestSelector.getCriterion(builder))
);
}
/**
* Remove a ReferenceManifest from the database.
*
* @param referenceManifest the referenceManifest to delete
* @return true if deletion was successful, false otherwise
*/
public boolean deleteReferenceManifest(final ReferenceManifest referenceManifest) {
LOGGER.info(String.format("Deleting reference to %s", referenceManifest.getTagId()));
return deleteById(referenceManifest.getId());
}
}

196
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBReportManager.java Executable file
View File

@ -0,0 +1,196 @@
package hirs.attestationca.servicemanager;
import hirs.data.persist.Report;
import hirs.persist.DBManagerException;
import hirs.persist.ReportManager;
import hirs.persist.ReportManagerException;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;
import org.hibernate.criterion.Conjunction;
import org.hibernate.criterion.Disjunction;
import org.hibernate.criterion.MatchMode;
import org.hibernate.criterion.Restrictions;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import static org.apache.logging.log4j.LogManager.getLogger;
import static org.hibernate.criterion.Restrictions.ilike;
/**
* This class defines a <code>ReportManager</code> that stores the reports in a
* database.
*/
@Service
public class DBReportManager extends DBManager<Report> implements ReportManager {
private static final Logger LOGGER = getLogger(DBReportManager.class);
/**
* Creates a new <code>DBReportManager</code> that uses the provided sessionFactory
* to interact with a database.
*
* @param em entity manager used to access database connections
*/
public DBReportManager(final EntityManager em) {
super(Report.class, em);
}
/**
* Saves the <code>Report</code> in the database and returns it.
*
* @param report
* report to save
* @return <code>Report</code> that was saved
* @throws hirs.persist.DBManagerException
* if Report has previously been saved or an error occurs while
* trying to save it to the database
*/
@Override
public final Report saveReport(final Report report)
throws DBManagerException {
LOGGER.debug("Saving report: {}", report);
try {
return super.save(report);
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
/**
* Returns a list of all <code>Report</code>s of type <code>clazz</code>.
* This searches through the database for this information.
*
* All Reports will be returned without measurement records as they are
* lazily loaded for performance. If the records of a report are necessary,
* a method will need to be written to return the records inside of a
* transaction.
*
* @param clazz
* class type of <code>Report</code>s to return (may be null)
* @return list of <code>Report</code>s
* @throws ReportManagerException
* if unable to search the database
*/
@Override
public final List<Report> getReportList(final Class<?
extends Report> clazz)
throws ReportManagerException {
LOGGER.debug("getting report list");
try {
//super.getList(Report);
return null;
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
/**
* Retrieves the <code>Report</code> from the database. This searches the
* database for an entry whose id matches <code>id</code>. It then
* reconstructs a <code>Report</code> object from the database entry.
*
* Note: <code>IMAMeasurementRecords</code> are lazily loaded so the object
* returned will not contain them for performance purposes. If the whole
* report needs to be retrieved a method will need to be written to return
* the records inside of a transaction.
*
* @param id id of the report
* @return report
* @throws ReportManagerException
* if unable to search the database or recreate the <code>Report</code>
*/
@Override
public final Report getReport(final UUID id) throws ReportManagerException {
LOGGER.debug("getting report: {}", id);
try {
return super.get(id);
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
@Override
public final Report getCompleteReport(final UUID id) throws ReportManagerException {
LOGGER.debug("getting full report: {}", id);
try {
return super.getAndLoadLazyFields(id, true);
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
/**
* Updates a <code>Report</code>. This updates the database entries
* to reflect the new values that should be set.
*
* @param report
* report to be updated
* @throws ReportManagerException
* if Report an error occurs while updating the report or
* while trying to save it to the database
*/
@Override
public void updateReport(final Report report) throws ReportManagerException {
LOGGER.debug("updating report: {}", report);
try {
super.update(report);
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
/**
* Deletes the <code>Report</code> from the database. This removes all of
* the database entries that stored information with regards to the this
* <code>Report</code>.
* <p>
* If the <code>Report</code> is referenced by any other tables then this
* will throw a <code>ReportManagerException</code>.
*
* @param id
* id of the <code>Report</code> to delete
* @return true if successfully found and deleted the <code>Report</code>
* @throws ReportManagerException
* if unable to find the baseline or delete it from the
* database
*/
@Override
public final boolean deleteReport(final UUID id)
throws ReportManagerException {
LOGGER.debug("deleting baseline: {}", id);
try {
return false; //super.delete(id);
} catch (DBManagerException e) {
throw new ReportManagerException(e);
}
}
private Conjunction buildImaRecordSearchFilter(final String search, final
Map<String, Boolean> searchableColumns) {
// Search for all words in all searchable columns
Conjunction and = Restrictions.conjunction();
String[] searchWords = StringUtils.split(search);
for (String word : searchWords) {
// Every word must be in at least one column
Disjunction or = Restrictions.disjunction();
for (Map.Entry<String, Boolean> entry
: searchableColumns.entrySet()) {
if (entry.getValue()) {
if (entry.getKey().equals("digest")) {
or.add(ilikeHex("digest", word));
} else {
or.add(ilike(entry.getKey(), word,
MatchMode.ANYWHERE));
}
} else {
or.add(ilikeCast(entry.getKey(), word));
}
}
and.add(or);
}
return and;
}
}

36
HIRS_Utils/src/main/java/hirs/persist/DBReportRequestStateManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBReportRequestStateManager.java
View File

@ -1,13 +1,16 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.data.persist.Device;
import hirs.data.persist.ReportRequestState;
import hirs.persist.ReportRequestStateManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.util.Collections;
import java.util.Date;
import java.util.List;
@ -16,6 +19,7 @@ import java.util.List;
* This class defines a <code>ReportRequestStateManager</code> that stores ReportRequestStates in a
* database.
*/
@Service
public class DBReportRequestStateManager extends DBManager<ReportRequestState>
implements ReportRequestStateManager {
private static final Logger LOGGER = LogManager.getLogger(DBReportRequestStateManager.class);
@ -24,10 +28,10 @@ public class DBReportRequestStateManager extends DBManager<ReportRequestState>
* Creates a new <code>DBReportRequestStateManager</code> that uses the default database. The
* default database is used to store all of the <code>ReportRequestState</code>s.
*
* @param sessionFactory session factory used to access database connections
* @param em entity manager used to access database connections
*/
public DBReportRequestStateManager(final SessionFactory sessionFactory) {
super(ReportRequestState.class, sessionFactory);
public DBReportRequestStateManager(final EntityManager em) {
super(ReportRequestState.class, em);
}
/**
@ -38,8 +42,12 @@ public class DBReportRequestStateManager extends DBManager<ReportRequestState>
*/
@Override
public final ReportRequestState getState(final Device device) {
Criterion crit = Restrictions.eq("device", device);
List<ReportRequestState> results = getWithCriteria(Collections.singletonList(crit));
CriteriaBuilder builder = this.getSession().getCriteriaBuilder();
Root<ReportRequestState> root = builder.createQuery(ReportRequestState.class)
.from(ReportRequestState.class);
Predicate predicate = builder.equal(root.get("device"), device);
List<ReportRequestState> results = getWithCriteria(Collections.singletonList(predicate));
if (results.isEmpty()) {
return null;
} else {
@ -55,8 +63,12 @@ public class DBReportRequestStateManager extends DBManager<ReportRequestState>
*/
@Override
public final List<ReportRequestState> getLateDeviceStates() {
Criterion criterion = Restrictions.le("dueDate", new Date());
return getWithCriteria(Collections.singletonList(criterion));
CriteriaBuilder builder = this.getSession().getCriteriaBuilder();
Root<ReportRequestState> root = builder.createQuery(ReportRequestState.class)
.from(ReportRequestState.class);
Predicate predicate = builder.lessThanOrEqualTo(root.get("dueDate"), new Date());
return getWithCriteria(Collections.singletonList(predicate));
}
/**
@ -85,6 +97,6 @@ public class DBReportRequestStateManager extends DBManager<ReportRequestState>
*/
@Override
public final void deleteState(final ReportRequestState state) {
delete(state);
delete(state.toString()); // cyrus-dev
}
}

232
HIRS_Utils/src/main/java/hirs/persist/DBReportSummaryManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBReportSummaryManager.java
View File

@ -1,32 +1,33 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.FilteredRecordsList;
import static org.apache.logging.log4j.LogManager.getLogger;
import hirs.data.persist.ReportSummary;
import hirs.persist.DBManagerException;
import hirs.persist.ReportSummaryManager;
import hirs.persist.ReportSummaryManagerException;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.criterion.Order;
import org.hibernate.query.Query;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.ProjectionList;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hibernate.criterion.Subqueries;
import static org.apache.logging.log4j.LogManager.getLogger;
/**
* This class defines a <code>DBReportSummaryManager</code> that stores the
* report
* summary in a database.
*/
@Service
public class DBReportSummaryManager extends DBManager<ReportSummary>
implements ReportSummaryManager {
@ -38,10 +39,10 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
* The default database is used to store all of the
* <code>ReportSummary</code> objects.
*
* @param sessionFactory session factory used to access database connections
* @param em entity manager used to access database connections
*/
public DBReportSummaryManager(final SessionFactory sessionFactory) {
super(ReportSummary.class, sessionFactory);
public DBReportSummaryManager(final EntityManager em) {
super(ReportSummary.class, em);
}
/**
@ -50,7 +51,7 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
* @param report
* report summary to save
* @return <code>ReportSummary</code> that was saved
* @throws ReportSummaryManagerException
* @throws hirs.persist.ReportSummaryManagerException
* if ReportSummary has previously been saved or an error
* occurs while trying to save it to the database
*/
@ -100,11 +101,12 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
*/
@Override
public final List<ReportSummary> getReportSummaryList(
final Class<? extends ReportSummary> clazz)
final ReportSummary clazz)
throws ReportSummaryManagerException {
LOGGER.debug("getting ReportSummary list");
try {
return super.getList(clazz);
// this should work but there is an issue with the ReportSummary class
return null; //super.getList(clazz);
} catch (DBManagerException e) {
throw new ReportSummaryManagerException(e);
}
@ -135,19 +137,21 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
List<ReportSummary> reportSummaryList = new ArrayList<>();
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving objects from db");
tx = session.beginTransaction();
List list = session.createCriteria(ReportSummary.class)
.add(Restrictions.eq("clientHostname", hostname))
.setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY)
.list();
for (Object o : list) {
if (o instanceof ReportSummary) {
reportSummaryList.add((ReportSummary) o);
}
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReportSummary> criteriaQuery = criteriaBuilder
.createQuery(ReportSummary.class);
Root<ReportSummary> root = criteriaQuery.from(ReportSummary.class);
Predicate recordPredicate = criteriaBuilder
.and(criteriaBuilder.equal(root.get("clientHostname"), hostname));
criteriaQuery.select(root).where(recordPredicate).distinct(true);
Query<ReportSummary> query = session.createQuery(criteriaQuery);
List<ReportSummary> results = query.getResultList();
if (results != null) {
reportSummaryList.addAll(results);
}
tx.commit();
@ -163,57 +167,6 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
return reportSummaryList;
}
/**
* Returns a list of all <code>ReportSummary</code> objects that are ordered
* by a column and direction (ASC, DESC) that is provided by the user. This
* method helps support the server-side processing in the JQuery DataTables.
*
* @param columnToOrder Column to be ordered
* @param ascending direction of sort
* @param firstResult starting point of first result in set
* @param maxResults total number we want returned for display in table
* @param search string of criteria to be matched to visible columns
* @param searchableColumns Map of String and boolean values with column
* headers and whether they are to. Boolean is true if field provides
* a typical String that can be searched by Hibernate without
* transformation.
* @param hostname name of the device to filter on
* @return FilteredRecordsList object with fields for DataTables
* @throws ReportSummaryManagerException
* if unable to create the list
*/
@Override
public final FilteredRecordsList<ReportSummary> getOrderedReportSummaryList(
final String columnToOrder, final boolean ascending, final int firstResult,
final int maxResults, final String search,
final Map<String, Boolean> searchableColumns,
final String hostname) throws ReportSummaryManagerException {
if (columnToOrder == null) {
LOGGER.debug("null object argument");
throw new NullPointerException("object");
}
// allows filtering by specific hostname. If no hostname specified, always match.
CriteriaModifier modifier = new CriteriaModifier() {
@Override
public void modify(final Criteria criteria) {
criteria.add(Restrictions.ilike("clientHostname",
StringUtils.defaultIfBlank(hostname, "%")));
}
};
LOGGER.debug("Getting report summary list");
final FilteredRecordsList<ReportSummary> summaries;
try {
summaries = super.getOrderedList(ReportSummary.class, columnToOrder,
ascending, firstResult, maxResults, search,
searchableColumns, modifier);
} catch (DBManagerException e) {
throw new BaselineManagerException(e);
}
LOGGER.debug("Got {} report summaries", summaries.size());
return summaries;
}
/**
* Retrieves the <code>ReportSummary</code> from the database. This
* searches the database for an entry whose id matches <code>id</code>.
@ -260,14 +213,19 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
ReportSummary object;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving objects from db");
tx = session.beginTransaction();
object = (ReportSummary) session
.createCriteria(ReportSummary.class)
.add(Restrictions.eq("report.id", id))
.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReportSummary> criteriaQuery = criteriaBuilder
.createQuery(ReportSummary.class);
Root<ReportSummary> root = criteriaQuery.from(ReportSummary.class);
Predicate recordPredicate = criteriaBuilder
.and(criteriaBuilder.equal(root.get("report.id"), id));
criteriaQuery.select(root).where(recordPredicate);
Query<ReportSummary> query = session.createQuery(criteriaQuery);
object = query.uniqueResult();
tx.commit();
} catch (Exception e) {
final String msg = "unable to retrieve query list";
@ -281,33 +239,6 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
return object;
}
/**
* Deletes the <code>ReportSummary</code> from the database. This removes
* all of the database entries that stored information with regards to the
* this <code>ReportSummary</code>.
* <p>
* If the <code>ReportSummary</code> is referenced by any other tables then
* this will throw a <code>ReportSummaryManagerException</code>.
*
* @param id
* id of the <code>ReportSummary</code> to delete
* @return true if successfully found and deleted the
* <code>ReportSummary</code>
* @throws ReportSummaryManagerException
* if unable to find the baseline or delete it from the
* database
*/
@Override
public final boolean deleteReportSummary(final Long id)
throws ReportSummaryManagerException {
LOGGER.debug("deleting report summary: {}", id);
try {
return super.delete(id);
} catch (DBManagerException e) {
throw new ReportSummaryManagerException(e);
}
}
/**
* Returns a list of <code>ReportSummary</code>s that contains the latest
* report from each client. This searches through the database for this
@ -324,28 +255,39 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
List<ReportSummary> reportSummaryList = new ArrayList<>();
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving objects from db");
tx = session.beginTransaction();
DetachedCriteria uniqueHosts = DetachedCriteria.forClass(
ReportSummary.class);
// DetachedCriteria uniqueHosts = DetachedCriteria.forClass(
// ReportSummary.class);
ProjectionList properties = Projections.projectionList();
properties.add(Projections.groupProperty("clientHostname"));
properties.add(Projections.max("timestamp"), "timestamp");
// ProjectionList properties = Projections.projectionList();
// properties.add(Projections.groupProperty("clientHostname"));
// properties.add(Projections.max("timestamp"), "timestamp");
//
// uniqueHosts.setProjection(properties);
//
// List list = session.createCriteria(ReportSummary.class)
// .add(Subqueries.propertiesIn(
// new String[]{"clientHostname", "timestamp"},
// uniqueHosts))
// .list();
// for (Object o : list) {
// if (o instanceof ReportSummary) {
// reportSummaryList.add((ReportSummary) o);
// }
// }
uniqueHosts.setProjection(properties);
List list = session.createCriteria(ReportSummary.class)
.add(Subqueries.propertiesIn(
new String[]{"clientHostname", "timestamp"},
uniqueHosts))
.list();
for (Object o : list) {
if (o instanceof ReportSummary) {
reportSummaryList.add((ReportSummary) o);
}
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReportSummary> criteriaQuery = criteriaBuilder
.createQuery(ReportSummary.class);
Root<ReportSummary> root = criteriaQuery.from(ReportSummary.class);
criteriaQuery.multiselect(root.get("clientHostname"), root.get("timestamp"));
Query<ReportSummary> query = session.createQuery(criteriaQuery);
List<ReportSummary> results = query.getResultList();
if (results != null) {
reportSummaryList.addAll(results);
}
tx.commit();
} catch (Exception e) {
@ -417,17 +359,29 @@ public class DBReportSummaryManager extends DBManager<ReportSummary>
ReportSummary object;
Transaction tx = null;
Session session = getFactory().getCurrentSession();
Session session = getSession();
try {
LOGGER.debug("retrieving objects from db");
tx = session.beginTransaction();
//Returns a ReportSummary based on the timestamp and hostname
object = (ReportSummary) session.createCriteria(ReportSummary.class)
.addOrder(order)
.add(Restrictions.eq("clientHostname", hostname))
.setFirstResult(firstResult)
.setMaxResults(uniqueResult)
.uniqueResult();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<ReportSummary> criteriaQuery = criteriaBuilder
.createQuery(ReportSummary.class);
Root<ReportSummary> root = criteriaQuery.from(ReportSummary.class);
Predicate recordPredicate = criteriaBuilder
.and(criteriaBuilder.equal(root.get("clientHostname"), hostname));
criteriaQuery.select(root).where(recordPredicate);
Query<ReportSummary> query = session.createQuery(criteriaQuery);
query.setFirstResult(firstResult);
query.setMaxResults(uniqueResult);
object = query.getSingleResult();
// object = (ReportSummary) session.createCriteria(ReportSummary.class)
// .addOrder(order)
// .add(Restrictions.eq("clientHostname", hostname))
// .setFirstResult(firstResult)
// .setMaxResults(uniqueResult)
// .uniqueResult();
tx.commit();
} catch (Exception e) {
final String msg = "unable to retrieve query list";

22
HIRS_Utils/src/main/java/hirs/persist/DBRepositoryManager.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBRepositoryManager.java
View File

@ -1,16 +1,20 @@
package hirs.persist;
package hirs.attestationca.servicemanager;
import hirs.persist.RepositoryManager;
import hirs.repository.RepoPackage;
import hirs.repository.Repository;
import org.hibernate.SessionFactory;
import org.springframework.stereotype.Service;
import javax.persistence.EntityManager;
import java.io.Serializable;
import java.util.List;
/**
* This class defines a {@link RepositoryManager} that stores Repositories and RepoPackages
* This class defines a {@link hirs.persist.RepositoryManager} that
* stores Repositories and RepoPackages
* in a database.
*/
@Service
public class DBRepositoryManager implements RepositoryManager {
private final DBManager<Repository> repositoryDBManager;
private final DBManager<RepoPackage> repoPackageDBManager;
@ -19,12 +23,12 @@ public class DBRepositoryManager implements RepositoryManager {
* Creates a new <code>DBRepositoryManager</code> that uses the default
* database. The default database is used to store and retrieve all objects.
*
* @param sessionFactory session factory used to access database connections
* @param entityManager object used to access database connections
*/
public DBRepositoryManager(final SessionFactory sessionFactory) {
public DBRepositoryManager(final EntityManager entityManager) {
super();
repositoryDBManager = new DBManager<>(Repository.class, sessionFactory);
repoPackageDBManager = new DBManager<>(RepoPackage.class, sessionFactory);
repositoryDBManager = new DBManager<>(Repository.class, entityManager);
repoPackageDBManager = new DBManager<>(RepoPackage.class, entityManager);
}
/**
@ -58,7 +62,7 @@ public class DBRepositoryManager implements RepositoryManager {
* @return a list of Repositories
*/
@Override
public final List<Repository> getRepositoryList(final Class<? extends Repository> clazz) {
public final List<Repository> getRepositoryList(final Class<Repository> clazz) {
return repositoryDBManager.getList(clazz);
}
@ -91,7 +95,7 @@ public class DBRepositoryManager implements RepositoryManager {
*/
@Override
public final boolean deleteRepository(final Repository<?> repository) {
return repositoryDBManager.delete(repository);
return repositoryDBManager.delete(repository.getName());
}
/**

7
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/package-info.java Normal file
View File

@ -0,0 +1,7 @@
/**
* Service objects for the DAOs; storing and retrieving objects from the
* database.
*/
package hirs.attestationca.servicemanager;

8
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationService.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationService.java
View File

@ -1,12 +1,12 @@
package hirs.attestationca.service;
import java.util.Set;
package hirs.attestationca.validation;
import hirs.data.persist.Device;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.policy.SupplyChainPolicy;
import java.util.Set;
/**

126
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationServiceImpl.java
View File

@ -1,17 +1,16 @@
package hirs.attestationca.service;
package hirs.attestationca.validation;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.configuration.PersistenceConfiguration;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.ArchivableEntity;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.PCRPolicy;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidation;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.SupportReferenceManifest;
@ -21,15 +20,15 @@ import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.AppraiserManager;
import hirs.persist.CertificateManager;
import hirs.data.persist.policy.PCRPolicy;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
import hirs.persist.PersistenceConfiguration;
import hirs.persist.PolicyManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.AppraiserService;
import hirs.persist.service.CertificateService;
import hirs.persist.service.PolicyService;
import hirs.persist.service.ReferenceDigestValueService;
import hirs.persist.service.ReferenceManifestService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.BouncyCastleUtils;
@ -76,12 +75,12 @@ import static hirs.data.persist.AppraisalStatus.Status.PASS;
@Import(PersistenceConfiguration.class)
public class SupplyChainValidationServiceImpl implements SupplyChainValidationService {
private PolicyManager policyManager;
private AppraiserManager appraiserManager;
private ReferenceManifestManager referenceManifestManager;
private ReferenceDigestManager referenceDigestManager;
private ReferenceEventManager referenceEventManager;
private CertificateManager certificateManager;
private PolicyService policyService;
private AppraiserService appraiserService;
private ReferenceManifestService referenceManifestService;
// private ReferenceDigestValue referenceDigestManager;
private ReferenceDigestValueService referenceDigestValueService;
private CertificateService certificateService;
private CredentialValidator supplyChainCredentialValidator;
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
@ -92,42 +91,39 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
* Constructor to set just the CertificateManager, so that cert chain validating
* methods can be called from outside classes.
*
* @param certificateManager the cert manager
* @param certificateService the cert service
*/
public SupplyChainValidationServiceImpl(final CertificateManager certificateManager) {
this.certificateManager = certificateManager;
public SupplyChainValidationServiceImpl(final CertificateService certificateService) {
this.certificateService = certificateService;
}
/**
* Constructor.
*
* @param policyManager the policy manager
* @param appraiserManager the appraiser manager
* @param certificateManager the cert manager
* @param referenceManifestManager the RIM manager
* @param policyService the policy service
* @param appraiserService the appraiser service
* @param certificateService the cert service
* @param referenceManifestService the RIM service
* @param supplyChainValidatorSummaryManager the summary manager
* @param supplyChainCredentialValidator the credential validator
* @param referenceDigestManager the digest manager
* @param referenceEventManager the even manager
* @param referenceDigestValueService the event service
*/
@Autowired
@SuppressWarnings("ParameterNumberCheck")
public SupplyChainValidationServiceImpl(
final PolicyManager policyManager, final AppraiserManager appraiserManager,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final PolicyService policyService, final AppraiserService appraiserService,
final CertificateService certificateService,
final ReferenceManifestService referenceManifestService,
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
final CredentialValidator supplyChainCredentialValidator,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager) {
this.policyManager = policyManager;
this.appraiserManager = appraiserManager;
this.certificateManager = certificateManager;
this.referenceManifestManager = referenceManifestManager;
final ReferenceDigestValueService referenceDigestValueService) {
this.policyService = policyService;
this.appraiserService = appraiserService;
this.certificateService = certificateService;
this.referenceManifestService = referenceManifestService;
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
this.supplyChainCredentialValidator = supplyChainCredentialValidator;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
this.referenceDigestValueService = referenceDigestValueService;
}
/**
@ -136,9 +132,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
* @return supply chain policy
*/
public SupplyChainPolicy getPolicy() {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
final Appraiser supplyChainAppraiser = appraiserService.getAppraiser(
SupplyChainAppraiser.NAME);
return (SupplyChainPolicy) policyManager.getDefaultPolicy(
return (SupplyChainPolicy) policyService.getDefaultPolicy(
supplyChainAppraiser);
}
@ -157,9 +153,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec,
final Set<PlatformCredential> pcs,
final Device device) {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
final Appraiser supplyChainAppraiser = appraiserService.getAppraiser(
SupplyChainAppraiser.NAME);
SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
SupplyChainPolicy policy = (SupplyChainPolicy) policyService.getDefaultPolicy(
supplyChainAppraiser);
boolean acceptExpiredCerts = policy.isExpiredCertificateValidationEnabled();
PlatformCredential baseCredential = null;
@ -179,7 +175,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// store the device with the credential
if (ec != null) {
ec.setDevice(device);
this.certificateManager.update(ec);
this.certificateService.updateCertificate(ec, ec.getId());
}
}
@ -208,7 +204,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
deltaMapping.put(pc, null);
}
pc.setDevice(device);
this.certificateManager.update(pc);
this.certificateService.updateCertificate(pc, pc.getId());
}
@ -353,7 +349,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (pc.isBase()) {
// Grab all certs associated with this platform chain
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(pc.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
@ -390,7 +386,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
ReferenceManifest supportReferenceManifest = null;
EventLogMeasurements measurement = null;
baseReferenceManifests = BaseReferenceManifest.select(referenceManifestManager)
baseReferenceManifests = BaseReferenceManifest.select(referenceManifestService)
.byModel(model).getRIMs();
for (BaseReferenceManifest bRim : baseReferenceManifests) {
@ -405,11 +401,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
failedString = "Base Reference Integrity Manifest\n";
passed = false;
} else {
measurement = EventLogMeasurements.select(referenceManifestManager)
measurement = EventLogMeasurements.select(referenceManifestService)
.byHexDecHash(baseReferenceManifest.getEventLogHash()).getRIM();
if (measurement == null) {
measurement = EventLogMeasurements.select(referenceManifestManager)
measurement = EventLogMeasurements.select(referenceManifestService)
.byModel(baseReferenceManifest.getPlatformModel()).getRIM();
}
}
@ -433,7 +429,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
//Validate signing cert
Set<CertificateAuthorityCredential> allCerts =
CertificateAuthorityCredential.select(certificateManager).getCertificates();
CertificateAuthorityCredential.select(certificateService).getCertificates();
CertificateAuthorityCredential signingCert = null;
for (CertificateAuthorityCredential cert : allCerts) {
signingCert = cert;
@ -459,7 +455,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
for (SwidResource swidRes : resources) {
supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager)
supportReferenceManifest = SupportReferenceManifest.select(referenceManifestService)
.byHexDecHash(swidRes.getHashValue()).getRIM();
if (supportReferenceManifest != null) {
// Removed the filename check from this if statement
@ -537,8 +533,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
try {
if (measurement.getPlatformManufacturer().equals(manufacturer)) {
tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
eventValue = this.referenceEventManager
.getValuesByRimId(baseReferenceManifest);
eventValue = this.referenceDigestValueService
.getValuesByBaseRimId(baseReferenceManifest.getId());
for (ReferenceDigestValue rdv : eventValue) {
eventValueMap.put(rdv.getDigestValue(), rdv);
}
@ -579,13 +575,14 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
EventLogMeasurements eventLog = (EventLogMeasurements) measurement;
eventLog.setOverallValidationResult(fwStatus.getAppStatus());
this.referenceManifestManager.update(eventLog);
this.referenceManifestService.updateReferenceManifest(eventLog, eventLog.getId());
} else {
fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: "
+ "%s for %s can not be found", failedString, manufacturer));
if (measurement != null) {
measurement.setOverallValidationResult(fwStatus.getAppStatus());
this.referenceManifestManager.update(measurement);
this.referenceManifestService.updateReferenceManifest(
measurement, measurement.getId());
}
}
@ -601,9 +598,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
*/
@Override
public SupplyChainValidationSummary validateQuote(final Device device) {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
final Appraiser supplyChainAppraiser = appraiserService.getAppraiser(
SupplyChainAppraiser.NAME);
SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
SupplyChainPolicy policy = (SupplyChainPolicy) policyService.getDefaultPolicy(
supplyChainAppraiser);
SupplyChainValidation quoteScv = null;
SupplyChainValidationSummary summary = null;
@ -621,7 +618,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
try {
Set<SupportReferenceManifest> supportRims = SupportReferenceManifest
.select(this.referenceManifestManager)
.select(this.referenceManifestService)
.byManufacturerModel(
device.getDeviceInfo().getHardwareInfo().getManufacturer(),
device.getDeviceInfo().getHardwareInfo().getProductName())
@ -632,7 +629,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
}
eventLog = EventLogMeasurements
.select(this.referenceManifestManager)
.select(this.referenceManifestService)
.byHexDecHash(sRim.getEventLogHash()).getRIM();
if (sRim == null) {
@ -664,7 +661,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
+ "\nPCR hash and Quote hash do not match.");
}
eventLog.setOverallValidationResult(fwStatus.getAppStatus());
this.referenceManifestManager.update(eventLog);
this.referenceManifestService.updateReferenceManifest(
eventLog, eventLog.getId());
}
} catch (Exception ex) {
LOGGER.error(ex);
@ -781,7 +779,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
case FAIL:
if (!result.getAdditionalInfo().isEmpty()) {
pc.setComponentFailures(result.getAdditionalInfo());
this.certificateManager.update(pc);
this.certificateService.updateCertificate(pc, pc.getId());
}
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), pc, Level.WARN);
@ -817,10 +815,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
case FAIL:
if (!result.getAdditionalInfo().isEmpty()) {
base.setComponentFailures(result.getAdditionalInfo());
this.certificateManager.update(base);
this.certificateService.updateCertificate(base, base.getId());
}
// we are adding things to componentFailures
this.certificateManager.update(delta);
this.certificateService.updateCertificate(delta, delta.getId());
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), delta, Level.WARN);
case ERROR:
@ -914,7 +912,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
&& !credential.getAuthKeyId().isEmpty()) {
byte[] bytes = Hex.decode(credential.getAuthKeyId());
skiCA = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectKeyIdentifier(bytes).getCertificate();
}
@ -922,13 +920,13 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (credential.getIssuerSorted() == null
|| credential.getIssuerSorted().isEmpty()) {
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubject(credential.getIssuer())
.getCertificates();
} else {
//Get certificates by subject organization
certAuthsWithMatchingIssuer = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectSorted(credential.getIssuerSorted())
.getCertificates();
}
@ -970,7 +968,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (platformSerialNumber != null) {
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(platformSerialNumber)
.getCertificates().stream().collect(Collectors.toList());

5
HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/package-info.java Normal file
View File

@ -0,0 +1,5 @@
/**
* Contains the main functionality of the SupplyChainValidationService. Executes the actual
* validation based on the current supply chain policy.
*/
package hirs.attestationca.validation;

28
HIRS_AttestationCA/src/main/resources/persistence.properties Normal file
View File

@ -0,0 +1,28 @@
# Properties used to create JDBC connection
# WARNING: DO NOT USE "disableSslHostnameVerification=true" FOR A REMOTE DATABASE
persistence.db.url = jdbc:mariadb://localhost/hirs_db?autoReconnect=true&useSSL=true&requireSSL=true&amp;enabledSslProtocolSuites=TLSv1&disableSslHostnameVerification=true
persistence.db.username = hirs_db
persistence.db.password = hirs_db
# update?
persistence.db.driverClass = org.mariadb.jdbc.Driver
persistence.db.maximumPoolSize = 10
persistence.db.connectionTimeout = 30000
persistence.db.leakDetectionThreshold = 0
persistence.db.maxTransactionRetryAttempts = 10
persistence.db.retryWaitTimeMilliseconds = 3000
# Properties used by the Hibernate Session Factory
persistence.hibernate.dialect = hirs.attestationca.configuration.MySqlUtf8CompatibleDialect
persistence.hibernate.ddl = update
hibernate.show_sql = true
hibernate.format_sql = true
persistence.hibernate.contextClass = org.springframework.orm.hibernate5.SpringSessionContext
persistence.hibernate.provider = org.hibernate.hikaricp.internal.HikariCPConnectionProvider
spring.datasource.url = jdbc:mariadb://localhost/hirs_db?autoReconnect=true&useSSL=true&requireSSL=true&amp;enabledSslProtocolSuites=TLSv1&disableSslHostnameVerification=true
spring.datasource.username = hirs_db
spring.datasource.password = hirs_db
spring.datasource.driver-class-name = org.mariadb.jdbc.Driver
spring.jpa.generate-ddl = true
# caching the entity manager in a persistence
# inject the entity manger in spring using context

2
HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java
View File

@ -132,7 +132,7 @@ public class AbstractAttestationCertificateAuthorityTest {
public void setup() {
aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(),
null, null, null, null, null, 1,
null, null, null, null) {
null, null) {
};
}

12
HIRS_AttestationCA/src/test/java/hirs/attestationca/CredentialManagementHelperTest.java
View File

@ -1,13 +1,13 @@
package hirs.attestationca;
import hirs.data.persist.certificate.Certificate;
import hirs.persist.service.CertificateService;
import org.apache.commons.io.IOUtils;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import java.io.FileInputStream;
import java.io.IOException;
import hirs.data.persist.certificate.Certificate;
import hirs.persist.CertificateManager;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
@ -18,7 +18,7 @@ import static org.mockito.Mockito.verify;
*/
public class CredentialManagementHelperTest {
private CertificateManager certMan;
private CertificateService certMan;
private static final String EK_HEADER_TRUNCATED
= "/certificates/nuc-1/ek_cert_7_byte_header_removed.cer";
@ -30,7 +30,7 @@ public class CredentialManagementHelperTest {
*/
@BeforeMethod
public void setUp() {
certMan = mock(CertificateManager.class);
certMan = mock(CertificateService.class);
}
/**
@ -85,7 +85,7 @@ public class CredentialManagementHelperTest {
byte[] ekBytes = IOUtils.toByteArray(new FileInputStream(path));
CredentialManagementHelper.storeEndorsementCredential(certMan, ekBytes);
verify(certMan).save(any(Certificate.class));
verify(certMan).saveCertificate(any(Certificate.class));
}
/**
@ -99,6 +99,6 @@ public class CredentialManagementHelperTest {
byte[] ekBytes = IOUtils.toByteArray(new FileInputStream(path));
CredentialManagementHelper.storeEndorsementCredential(certMan, ekBytes);
verify(certMan).save(any(Certificate.class));
verify(certMan).saveCertificate(any(Certificate.class));
}
}

6
HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java
View File

@ -1,5 +1,7 @@
package hirs.attestationca;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
@ -16,8 +18,6 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNull;
@ -189,7 +189,7 @@ public class IssuedCertificateAttributeHelperTest {
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();
DERTaggedObject derTaggedObject = (DERTaggedObject) dlSequence.getObjectAt(0);
DERSequence derSequence = (DERSequence) derTaggedObject.getObject();
DERSequence derSequence = (DERSequence) derTaggedObject.getLoadedObject();
Enumeration enumeration = derSequence.getObjects();
while (enumeration.hasMoreElements()) {

95
HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/data/persist/DeviceInfoReportTest.java
View File

@ -1,21 +1,19 @@
package hirs.data.persist;
package hirs.attestationca.data.persist;
import hirs.attestationca.persist.SpringPersistenceTest;
import hirs.attestationca.servicemanager.DBReportManager;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.foss.XMLCleaner;
import hirs.persist.DBReportManager;
import hirs.persist.ReportManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
@ -32,8 +30,6 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
/**
@ -71,28 +67,6 @@ public class DeviceInfoReportTest extends SpringPersistenceTest {
LOGGER.debug("closing session factory");
}
/**
* Resets the test state to a known good state. This currently only resets
* the database by removing all <code>Report</code> objects.
*/
@AfterMethod
public final void resetTestState() {
LOGGER.debug("reset test state");
LOGGER.debug("deleting all reports");
Session session = sessionFactory.getCurrentSession();
session.beginTransaction();
try {
final List<?> reports = session.createCriteria(Report.class).list();
for (Object o : reports) {
LOGGER.debug("deleting report: {}", o);
session.delete(o);
}
LOGGER.debug("all reports removed");
} finally {
session.getTransaction().commit();
}
}
/**
* Tests instantiation of a DeviceInfoReport.
*/
@ -218,61 +192,6 @@ public class DeviceInfoReportTest extends SpringPersistenceTest {
EXPECTED_CLIENT_VERSION);
}
/**
* Tests that the DeviceInfoReport can search a list of baselines to find if
* any contain the fields necessary to detect a kernel update.
*/
@Test
public final void testMatchesKernelInfo() {
final DeviceInfoReport deviceInfoReport =
new DeviceInfoReport(networkInfo, osInfo, firmwareInfo, hardwareInfo, tpmInfo);
final List<TpmWhiteListBaseline> tpmBaselines = Arrays.asList(
new TpmWhiteListBaseline("Best named TPM Baseline"),
new TpmWhiteListBaseline("Bob"),
new TpmWhiteListBaseline("Worst named Baseline. Ever.")
);
final String osName = "test os name";
final String osVersion = "test os version";
final String manufacturer = "test manufacturer";
final String productName = "test product name";
final String version = "test version";
tpmBaselines.get(1).setFirmwareInfo(createTestFirmwareInfo());
tpmBaselines.get(1).setHardwareInfo(
new HardwareInfo(manufacturer, productName, version, "wrong value",
"wrong value", "wrong value"));
tpmBaselines.get(1).setOSInfo(new OSInfo(osName, osVersion, "N/A", "not used", "ignored"));
final boolean expected = true;
Assert.assertEquals(deviceInfoReport.matchesKernelInfo(tpmBaselines), expected);
}
/**
* Tests that the method will return false when even one field is mismatched.
*/
@Test
public final void testMatchesKernelInfoMismatch() {
final DeviceInfoReport deviceInfoReport =
new DeviceInfoReport(networkInfo, osInfo, firmwareInfo, hardwareInfo, tpmInfo);
final List<TpmWhiteListBaseline> tpmBaselines = Arrays.asList(
new TpmWhiteListBaseline("Best named TPM Baseline"),
new TpmWhiteListBaseline("Bob"),
new TpmWhiteListBaseline("Worst named Baseline. Ever.")
);
final String osName = "test os name";
final String osVersion = "88"; // osversion won't match
final String manufacturer = "test manufacturer";
final String productName = "test product name";
final String version = "test version";
tpmBaselines.get(2).setFirmwareInfo(createTestFirmwareInfo());
tpmBaselines.get(2).setHardwareInfo(
new HardwareInfo(manufacturer, productName, version, "wrong value",
"wrong value", "wrong value"));
tpmBaselines.get(2).setOSInfo(new OSInfo(osName, osVersion, "N/A", "not used", "ignored"));
final boolean expected = false;
Assert.assertEquals(deviceInfoReport.matchesKernelInfo(tpmBaselines), expected);
}
/**
* Tests that a <code>DeviceInfoReport</code> can be saved in the
* <code>ReportManager</code> and then deleted.

5
HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/data/persist/DeviceTest.java
View File

@ -1,5 +1,8 @@
package hirs.data.persist;
package hirs.attestationca.data.persist;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.enums.HealthStatus;
import org.testng.Assert;
import org.testng.annotations.Test;

20
HIRS_Utils/src/test/java/hirs/persist/DBAppraiserManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBAppraiserManagerTest.java
View File

@ -1,16 +1,21 @@
package hirs.persist;
package hirs.attestationca.persist;
import hirs.appraiser.Appraiser;
import hirs.appraiser.IMAAppraiser;
import hirs.appraiser.TPMAppraiser;
import hirs.appraiser.TestAppraiser;
import hirs.data.persist.SpringPersistenceTest;
import hirs.attestationca.servicemanager.DBAppraiserManager;
import hirs.persist.AppraiserManager;
import org.hibernate.Session;
import org.hibernate.query.Query;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
@ -38,9 +43,16 @@ public class DBAppraiserManagerTest extends SpringPersistenceTest {
*/
@AfterMethod
public void resetTestState() {
Session session = sessionFactory.getCurrentSession();
Session session = sessionFactory.unwrap(org.hibernate.Session.class);
session.beginTransaction();
final List<?> baselines = session.createCriteria(Appraiser.class).list();
CriteriaBuilder builder = session.getCriteriaBuilder();
CriteriaQuery<Appraiser> criteriaQuery = builder.createQuery(Appraiser.class);
Root<Appraiser> root = criteriaQuery.from(Appraiser.class);
criteriaQuery.select(root);
Query<Appraiser> query = session.createQuery(criteriaQuery);
List<Appraiser> baselines = query.getResultList();
// final List<?> baselines = session.createCriteria(Appraiser.class).list();
for (Object o : baselines) {
session.delete(o);
}

87
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBDeviceGroupManagerTest.java Normal file
View File

@ -0,0 +1,87 @@
package hirs.attestationca.persist;
import hirs.appraiser.Appraiser;
import hirs.attestationca.servicemanager.DBDeviceManager;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.policy.Policy;
import hirs.persist.DBUtility;
import hirs.persist.DeviceManager;
import hirs.persist.PolicyMapper;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
/**
* Unit tests for the <code>DBDeviceGroupManager</code> class.
*/
public final class DBDeviceGroupManagerTest extends SpringPersistenceTest {
private static final Logger LOGGER = LogManager.getLogger(DBDeviceGroupManagerTest.class);
private final String deviceGroupName = "Test Device Group";
private final String deviceName = "Test Device";
/**
* Default constructor that does nothing.
*/
public DBDeviceGroupManagerTest() {
/* do nothing */
}
/**
* Initializes a <code>SessionFactory</code>. The factory is used for an
* in-memory database that is used for testing.
*/
@BeforeClass
public void setup() {
}
/**
* Closes the <code>SessionFactory</code> from setup.
*/
@AfterClass
public void tearDown() {
}
/**
* Resets the test state to a known good state. This currently only resets
* the database by removing all <code>Device</code> and
* <code>DeviceInfoReport</code> objects.
*/
@AfterMethod
public void resetTestState() {
DBUtility.removeAllInstances(sessionFactory, Device.class);
DBUtility.removeAllInstances(sessionFactory, DeviceInfoReport.class);
DBUtility.removeAllInstances(sessionFactory, PolicyMapper.class);
DBUtility.removeAllInstances(sessionFactory, Appraiser.class);
DBUtility.removeAllInstances(sessionFactory, Policy.class);
}
/**
* Tests that the <code>DBDeviceGroupManager</code> throws a
* <code>DeviceGroupManagerException</code> if the device parameter is null.
*/
@Test(expectedExceptions = NullPointerException.class)
public void testSaveNullDevice() {
LOGGER.debug("testSaveNullDevice test started");
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
mgr.saveDevice(null);
Assert.fail("save did not fail");
}
/**
* Tests that the <code>DBDeviceGroupManager</code> throws a
* <code>DeviceManagerException</code> if the device parameter is null.
*/
@Test(expectedExceptions = NullPointerException.class)
public void testUpdateNullDevice() {
LOGGER.debug("testUpdateNullDevice test started");
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
mgr.updateDevice(null);
Assert.fail("save did not fail");
}
}

222
HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBDeviceManagerTest.java
View File

@ -1,29 +1,28 @@
package hirs.persist;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
package hirs.attestationca.persist;
import hirs.attestationca.data.persist.DeviceTest;
import hirs.attestationca.servicemanager.DBDeviceManager;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.DeviceTest;
import hirs.data.persist.enums.HealthStatus;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.SpringPersistenceTest;
import hirs.persist.DBUtility;
import hirs.persist.DeviceManager;
import hirs.persist.DeviceManagerException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
/**
* <code>DBDeviceManagerTest</code> is a unit test class for the
* <code>DBDeviceManager</code> class.
@ -63,7 +62,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
@AfterMethod
public void resetTestState() {
DBUtility.removeAllInstances(sessionFactory, Device.class);
DBUtility.removeAllInstances(sessionFactory, DeviceGroup.class);
DBUtility.removeAllInstances(sessionFactory, DeviceInfoReport.class);
}
@ -80,8 +78,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 0);
Assert.assertEquals(DBUtility.getCount(sessionFactory, DeviceInfoReport.class), 0);
final Device device = DeviceTest.getTestDevice(deviceName);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final Device d2 = mgr.saveDevice(device);
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 1);
@ -95,27 +91,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
);
}
/**
* Tests that the <code>DBDeviceManager</code> throws a
* <code>DeviceManagerException</code> if a <code>Device</code> is saved
* twice.
*
* @throws DeviceManagerException if any unexpected errors occur
* @throws Exception
* if any unexpected errors occur
*/
@Test(expectedExceptions = DeviceManagerException.class)
public void testSaveTwice() throws DeviceManagerException, Exception {
LOGGER.debug("testSaveTwice test started");
final Device device = new Device(deviceName);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final Device b2 = mgr.saveDevice(device);
mgr.saveDevice(b2);
Assert.fail("second save did not fail");
}
/**
* Tests that the <code>DBDeviceManager</code> throws a
* <code>DeviceManagerException</code> if a <code>Device</code> is saved
@ -149,35 +124,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
Assert.fail("save did not fail");
}
/**
* Tests that when a <code>Device</code> is deleted, the
* <code>Device</code> is removed from the DB.
*
* @throws Exception if error occurs while creating test device
*/
@Test
public void testDeleteDevice() throws Exception {
LOGGER.debug("testDeleteDevice");
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 0);
final Device device = new Device(deviceName);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final Device savedDevice = mgr.saveDevice(device);
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 1);
Assert.assertTrue(DBUtility.isInDatabase(sessionFactory, Device.class, deviceName));
final UUID deviceID = savedDevice.getId();
Assert.assertNotNull(deviceID);
boolean deleteSuccessful = mgr.deleteDevice(deviceName);
Assert.assertTrue(deleteSuccessful);
Assert.assertFalse(
DBUtility.isInDatabase(sessionFactory, DeviceGroup.class, deviceName)
);
}
/**
* Tests that the <code>DBDeviceManager</code> can update a
* <code>Device</code>.
@ -193,8 +139,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
LOGGER.debug("saving new device in db");
final Device device = DeviceTest.getTestDevice(deviceName);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final Device d2 = mgr.saveDevice(device);
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 1);
@ -219,71 +163,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
Assert.assertEquals(DBUtility.getCount(sessionFactory, DeviceInfoReport.class), 1);
}
/**
* This tests that when a <code>Device</code> is updated with a null
* <code>DeviceInfoReport</code> then the old report is removed from the
* database.
*
* @throws Exception
* if any unexpected errors occur in getting a Device
*/
@Test
public void testUpdateNullReport() throws Exception {
LOGGER.debug("testUpdate test started");
LOGGER.debug("asserting db is empty");
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 0);
Assert.assertEquals(DBUtility.getCount(sessionFactory, DeviceInfoReport.class), 0);
LOGGER.debug("saving new device in db");
final Device device = DeviceTest.getTestDevice(deviceName);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final Device d2 = mgr.saveDevice(device);
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 1);
Assert.assertEquals(DBUtility.getCount(sessionFactory, DeviceInfoReport.class), 1);
LOGGER.debug("updating device will null device info");
d2.setDeviceInfo(null);
mgr.updateDevice(d2);
Assert.assertEquals(DBUtility.getCount(sessionFactory, Device.class), 1);
Assert.assertEquals(DBUtility.getCount(sessionFactory, DeviceInfoReport.class), 0);
}
/**
* Tests that the <code>DBDeviceManager</code> fails to update a
* <code>Device</code> that has the same name as an existing
* <code>Device</code>.
*
* @throws DeviceManagerException if any unexpected errors occur
* @throws Exception
* if any unexpected errors occur
*/
@Test
public void testUpdateSameName() throws DeviceManagerException, Exception {
LOGGER.debug("testUpdateSameName test started");
final String name1 = "Test Device 1";
final String name2 = "Test Device 2";
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
Device d1 = new Device(name1);
Device d2 = new Device(name2);
d1.setDeviceGroup(group);
d2.setDeviceGroup(group);
mgr.saveDevice(d1);
d2 = mgr.saveDevice(d2);
d2.setName(name1);
DeviceManagerException expected = null;
try {
mgr.updateDevice(d2);
} catch (DeviceManagerException e) {
expected = e;
}
Assert.assertNotNull(expected);
Assert.assertTrue(DBUtility.isInDatabase(sessionFactory, Device.class, name1));
Assert.assertTrue(DBUtility.isInDatabase(sessionFactory, Device.class, name2));
}
/**
* Tests that the <code>DBDeviceManager</code> throws a
* <code>DeviceManagerException</code> if the device parameter is null.
@ -298,31 +177,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
Assert.fail("save did not fail");
}
/**
* Tests that the <code>DBDeviceManager</code> can successfully return a
* <code>Device</code> from the database.
*
* @throws Exception
* if any unexpected errors occur in getting a Device
*/
@Test
public void testGet() throws Exception {
LOGGER.debug("testGet test started");
final Device device = DeviceTest.getTestDevice(deviceName);
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final ReportManager reportMgr = new DBReportManager(sessionFactory);
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
device.setDeviceGroup(group);
final Device d2 = mgr.saveDevice(device);
final UUID reportId = d2.getDeviceInfo().getId();
final Device dbDevice = mgr.getDevice(d2.getName());
Assert.assertEquals(dbDevice, d2);
final DeviceInfoReport dbReport = (DeviceInfoReport) reportMgr
.getReport(reportId);
Assert.assertEquals(dbReport, device.getDeviceInfo());
Assert.assertEquals(dbDevice.getHealthStatus(), HealthStatus.UNKNOWN);
}
/**
* Tests that the <code>DBDeviceManager</code> returns null when null name
* is passed to get.
@ -346,32 +200,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
Assert.assertNull(mgr.getDevice(unknown));
}
/**
* Tests that the <code>DBDeviceManager</code> returns a complete list of
* all the names of the devices that it manages.
*
* @throws Exception
* if any unexpected errors occur in getting a Device
*/
@Test
public void testGetDeviceNameList() throws Exception {
LOGGER.debug("testGetDeviceNameList test started");
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final String[] names = {"Device1", "Device2", "Device3", "Device4"};
final List<String> namesList = new LinkedList<>();
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
for (String name : names) {
final Device device = DeviceTest.getTestDevice(name);
device.setDeviceGroup(group);
mgr.saveDevice(device);
namesList.add(name);
}
final List<String> dbNames = mgr.getDeviceNameList();
Collections.sort(dbNames);
Assert.assertEquals(dbNames, namesList);
}
/**
* Tests that the <code>DBDeviceManager</code> returns an empty list when
* get list is called when there are no items in the database.
@ -392,26 +220,6 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
* if any unexpected errors occur in getting a Device
*/
@Test
public void testGetDeviceSet() throws Exception {
LOGGER.debug("testGetDeviceSet test started");
final DeviceManager mgr = new DBDeviceManager(sessionFactory);
final String[] names = {"Device1", "Device2", "Device3", "Device4"};
final Device[] expectedDevices = new Device[names.length];
final DeviceGroup group = createGroup(DeviceGroup.DEFAULT_GROUP);
for (int i = 0; i < names.length; ++i) {
final Device device = DeviceTest.getTestDevice(names[i]);
expectedDevices[i] = device;
device.setDeviceGroup(group);
mgr.saveDevice(device);
}
final Set<Device> devices = mgr.getDeviceList();
Assert.assertEquals(devices.size(), expectedDevices.length);
for (int i = 0; i < expectedDevices.length; ++i) {
Assert.assertTrue(devices.contains(expectedDevices[i]));
}
}
/**
* Tests that the <code>DBDeviceManager</code> returns an empty list when
* get list is called when there are no items in the database.
@ -424,10 +232,4 @@ public final class DBDeviceManagerTest extends SpringPersistenceTest {
final Set<Device> devices = mgr.getDeviceList();
Assert.assertEquals(devices, devicesList);
}
private DeviceGroup createGroup(final String name) throws Exception {
DeviceGroup group = new DeviceGroup(name);
final DeviceGroupManager groupManager = new DBDeviceGroupManager(sessionFactory);
return groupManager.saveDeviceGroup(group);
}
}

14
HIRS_Utils/src/test/java/hirs/persist/DBManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBManagerTest.java
View File

@ -1,7 +1,9 @@
package hirs.persist;
package hirs.attestationca.persist;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hirs.data.persist.SpringPersistenceTest;
import hirs.attestationca.servicemanager.DBManager;
import hirs.data.persist.LazyTestItemChild;
import hirs.persist.DBManagerException;
import hirs.persist.DBUtility;
import org.hibernate.LazyInitializationException;
import org.hibernate.StaleObjectStateException;
import org.hibernate.exception.LockAcquisitionException;
@ -14,7 +16,6 @@ import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import hirs.data.persist.LazyTestItemChild;
import java.sql.SQLException;
@ -69,10 +70,7 @@ public class DBManagerTest extends SpringPersistenceTest {
* LazyInitializationException.
*/
@Test(expectedExceptions = LazyInitializationException.class)
@SuppressFBWarnings(
value = "RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT",
justification = "The statement is meant to throw an exception"
)
public final void testGet() {
LazyTestItemChild child = new LazyTestItemChild("Test Child");
DBManager<LazyTestItemChild> childMan =

26
HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBPortalInfoManagerTest.java
View File

@ -1,4 +1,17 @@
package hirs.persist;
package hirs.attestationca.persist;
import hirs.attestationca.servicemanager.DBPortalInfoManager;
import hirs.data.persist.enums.PortalScheme;
import hirs.data.persist.info.PortalInfo;
import hirs.persist.DBUtility;
import hirs.persist.PortalInfoManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import java.lang.reflect.Field;
import java.net.URI;
@ -6,17 +19,6 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import hirs.data.persist.SpringPersistenceTest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import hirs.data.persist.info.PortalInfo;
import hirs.data.persist.enums.PortalScheme;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
/**
* Tests for the DBPortalInfoManager.
*/

23
HIRS_Utils/src/test/java/hirs/persist/DBReportRequestStateManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBReportRequestStateManagerTest.java
View File

@ -1,17 +1,18 @@
package hirs.persist;
package hirs.attestationca.persist;
import hirs.attestationca.servicemanager.DBDeviceManager;
import hirs.attestationca.servicemanager.DBReportRequestStateManager;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.attestationca.data.persist.DeviceTest;
import hirs.data.persist.ReportRequestState;
import hirs.data.persist.SpringPersistenceTest;
import hirs.data.persist.type.ReportRequestType;
import hirs.persist.DBManagerException;
import hirs.persist.DBUtility;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import hirs.data.persist.DeviceTest;
import java.util.ArrayList;
import java.util.Date;
@ -33,14 +34,10 @@ public class DBReportRequestStateManagerTest extends SpringPersistenceTest {
*/
@BeforeClass
public final void setup() throws Exception {
DeviceGroup group = new DeviceGroup(DeviceGroup.DEFAULT_GROUP);
new DBDeviceGroupManager(sessionFactory).saveDeviceGroup(group);
Device testDevice;
DBDeviceManager dbDeviceManager = new DBDeviceManager(sessionFactory);
for (int i = 0; i < NUMBER_OF_DEVICES; i++) {
testDevice = DeviceTest.getTestDevice("Device " + i);
testDevice.setDeviceGroup(group);
testDevices.add(dbDeviceManager.save(testDevice));
}
}
@ -71,7 +68,7 @@ public class DBReportRequestStateManagerTest extends SpringPersistenceTest {
DBReportRequestStateManager mgr = new DBReportRequestStateManager(sessionFactory);
Device device = testDevices.get(0);
ReportRequestState state = getTestReportRequestState(device);
state.setDueDate(DeviceGroup.MINUTE_MS_INTERVAL);
state.setDueDate(ReportRequestState.MINUTE_MS_INTERVAL);
mgr.saveState(state);
ReportRequestState retrievedState = mgr.getState(device);
@ -116,7 +113,7 @@ public class DBReportRequestStateManagerTest extends SpringPersistenceTest {
ReportRequestState newState = getTestReportRequestState(
testDevices.get(0)
);
newState.setDueDate(DeviceGroup.MINUTE_MS_INTERVAL);
newState.setDueDate(ReportRequestState.MINUTE_MS_INTERVAL);
mgr.update(newState);
Assert.assertEquals(mgr.getState(testDevices.get(0)), newState);
}
@ -129,7 +126,7 @@ public class DBReportRequestStateManagerTest extends SpringPersistenceTest {
public final void testUpdateExistentState() {
DBReportRequestStateManager mgr = new DBReportRequestStateManager(sessionFactory);
ReportRequestState deviceState = getTestReportRequestState(testDevices.get(0));
deviceState.setDueDate(DeviceGroup.MINUTE_MS_INTERVAL);
deviceState.setDueDate(ReportRequestState.MINUTE_MS_INTERVAL);
ReportRequestState newState = mgr.saveState(deviceState);
newState.setReportRequestType(ReportRequestType.ON_DEMAND_REPORT);
mgr.update(newState);
@ -155,7 +152,7 @@ public class DBReportRequestStateManagerTest extends SpringPersistenceTest {
public final void testDeleteExistentState() {
DBReportRequestStateManager mgr = new DBReportRequestStateManager(sessionFactory);
ReportRequestState deviceState = getTestReportRequestState(testDevices.get(0));
deviceState.setDueDate(DeviceGroup.MINUTE_MS_INTERVAL);
deviceState.setDueDate(ReportRequestState.MINUTE_MS_INTERVAL);
ReportRequestState state = mgr.saveState(deviceState);
mgr.deleteState(state);
Assert.assertEquals(mgr.getList(ReportRequestState.class).size(), 0);

4
HIRS_Utils/src/test/java/hirs/persist/DBReportSummaryManagerTest.java → HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/DBReportSummaryManagerTest.java
View File

@ -1,11 +1,11 @@
package hirs.persist;
package hirs.attestationca.persist;
import hirs.appraiser.HIRSAppraiser;
import hirs.appraiser.IMAAppraiser;
import hirs.attestationca.servicemanager.DBReportSummaryManager;
import hirs.data.persist.AppraisalResult;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.ReportSummary;
import hirs.data.persist.SpringPersistenceTest;
import org.apache.commons.lang3.RandomStringUtils;
import org.testng.Assert;

25
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/SpringPersistenceTest.java Normal file
View File

@ -0,0 +1,25 @@
package hirs.attestationca.persist;
import hirs.attestationca.configuration.PersistenceConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.testng.AbstractTestNGSpringContextTests;
import javax.persistence.EntityManager;
/**
* Base class that autowires a session factory for use of
* any tests that need a database connection.
*/
@ContextConfiguration(classes = PersistenceConfiguration.class)
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
public class SpringPersistenceTest extends AbstractTestNGSpringContextTests {
/**
* Autowired session factory.
*/
@SuppressWarnings("checkstyle:visibilitymodifier")
@Autowired
protected EntityManager sessionFactory;
}

143
HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java
View File

@ -1,12 +1,13 @@
package hirs.attestationca.service;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.persist.SpringPersistenceTest;
import hirs.attestationca.servicemanager.DBCertificateManager;
import hirs.attestationca.servicemanager.DBDeviceManager;
import hirs.attestationca.validation.SupplyChainValidationServiceImpl;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.SpringPersistenceTest;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.SupplyChainValidation;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.certificate.Certificate;
@ -14,17 +15,13 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.DeviceAssociatedCertificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.AppraiserManager;
import hirs.persist.CertificateManager;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.CrudManager;
import hirs.persist.DBCertificateManager;
import hirs.persist.DBDeviceGroupManager;
import hirs.persist.DBDeviceManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import hirs.persist.PolicyManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.service.AppraiserService;
import hirs.persist.service.CertificateService;
import hirs.persist.service.PolicyService;
import hirs.persist.service.ReferenceDigestValueService;
import hirs.validation.CredentialValidator;
import hirs.validation.SupplyChainCredentialValidator;
import org.mockito.ArgumentCaptor;
@ -77,13 +74,13 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
private static final String NUC_EC = "/certificates/nuc_ec.pem";
@Mock
private PolicyManager policyManager;
private PolicyService policyManager;
@Mock
private AppraiserManager appraiserManager;
private AppraiserService appraiserManager;
@Mock
private CertificateManager certificateManager;
private CertificateService certificateManager;
@Mock
private CredentialValidator supplyChainCredentialValidator;
@ -92,10 +89,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
private CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryDBManager;
@Mock
private ReferenceDigestManager referenceDigestManager;
@Mock
private ReferenceEventManager referenceEventManager;
private ReferenceDigestValueService referenceEventManager;
@InjectMocks
private SupplyChainValidationServiceImpl service;
@ -166,11 +160,11 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
resultPcs.add(delta);
// mock credential retrieval
when(certificateManager.get(any(EndorsementCredential.Selector.class)))
when(certificateManager.getCertificate(any(EndorsementCredential.Selector.class)))
.thenReturn(resultEcs);
when(certificateManager.get(any(PlatformCredential.Selector.class)))
when(certificateManager.getCertificate(any(PlatformCredential.Selector.class)))
.thenReturn(resultPcs);
when(certificateManager.get(any(CertificateAuthorityCredential.Selector.class)))
when(certificateManager.getCertificate(any(CertificateAuthorityCredential.Selector.class)))
.thenReturn(Collections.emptySet());
}
@ -181,11 +175,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
public void teardown() {
DBCertificateManager certMan = new DBCertificateManager(sessionFactory);
DBDeviceManager deviceMan = new DBDeviceManager(sessionFactory);
DBDeviceGroupManager groupMan = new DBDeviceGroupManager(sessionFactory);
certMan.deleteAll();
deviceMan.deleteAll();
groupMan.deleteAll();
}
/**
* All validations enabled, all pass.
@ -217,7 +209,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
// verify the certs were updated with the test device object and saved in the cert man
ArgumentCaptor<DeviceAssociatedCertificate> certificatesCaptor
= ArgumentCaptor.forClass(DeviceAssociatedCertificate.class);
verify(certificateManager, times(3)).update(certificatesCaptor.capture());
verify(certificateManager, times(3)).updateCertificate(certificatesCaptor.capture());
List<DeviceAssociatedCertificate> certificateArgs = certificatesCaptor.getAllValues();
for (DeviceAssociatedCertificate certArg : certificateArgs) {
@ -441,7 +433,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
*/
@Test
public final void testGetCaChain() throws URISyntaxException, IOException, KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -452,7 +444,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -469,9 +460,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC1_EC).toURI())));
realCertMan.save(endorsementCredential);
realCertMan.save(rootCa);
realCertMan.save(globalSignCaCert);
realCertMan.saveCertificate(endorsementCredential);
realCertMan.saveCertificate(rootCa);
realCertMan.saveCertificate(globalSignCaCert);
KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
@ -488,9 +479,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Assert.assertNull(ks.getCertificate(stmCaAlias));
Assert.assertNull(ks.getCertificate(gsCaAlias));
realCertMan.delete(endorsementCredential);
realCertMan.delete(rootCa);
realCertMan.delete(globalSignCaCert);
realCertMan.deleteObjectById(endorsementCredential.getId());
realCertMan.deleteObjectById(rootCa.getId());
realCertMan.deleteObjectById(globalSignCaCert.getId());
}
/**
@ -503,7 +494,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
@Test
public final void testGetNotFullCaChain() throws URISyntaxException, IOException,
KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -514,7 +505,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -527,8 +517,8 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC1_EC).toURI())));
realCertMan.save(endorsementCredential);
realCertMan.save(rootCa);
realCertMan.saveCertificate(endorsementCredential);
realCertMan.saveCertificate(rootCa);
KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
@ -538,8 +528,8 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Assert.assertNull(ks.getCertificate(stmCaAlias));
Assert.assertEquals(ks.size(), 0);
realCertMan.delete(endorsementCredential);
realCertMan.delete(rootCa);
realCertMan.deleteObjectById(endorsementCredential.getId());
realCertMan.deleteObjectById(rootCa.getId());
}
/**
@ -551,7 +541,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
@Test
public final void testGetEmptyCaChain() throws URISyntaxException, IOException,
KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -562,7 +552,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -570,13 +559,13 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC1_EC).toURI())));
realCertMan.save(endorsementCredential);
realCertMan.saveCertificate(endorsementCredential);
KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
Assert.assertEquals(ks.size(), 0);
realCertMan.delete(endorsementCredential);
realCertMan.deleteObjectById(endorsementCredential.getId());
}
/**
@ -589,7 +578,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
@Test
public final void testGetCaChainWithExtraCerts() throws URISyntaxException, IOException,
KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -600,7 +589,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -622,10 +610,10 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC1_EC).toURI())));
realCertMan.save(endorsementCredential);
realCertMan.save(rootCa);
realCertMan.save(globalSignCaCert);
realCertMan.save(intelCa);
realCertMan.saveCertificate(endorsementCredential);
realCertMan.saveCertificate(rootCa);
realCertMan.saveCertificate(globalSignCaCert);
realCertMan.saveCertificate(intelCa);
KeyStore ks = mostlyMockedService.getCaChain(endorsementCredential);
@ -637,10 +625,10 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Assert.assertNull(ks.getCertificate(gsCaAlias));
Assert.assertEquals(ks.size(), 0);
realCertMan.delete(endorsementCredential);
realCertMan.delete(rootCa);
realCertMan.delete(globalSignCaCert);
realCertMan.delete(intelCa);
realCertMan.deleteObjectById(endorsementCredential.getId());
realCertMan.deleteObjectById(rootCa.getId());
realCertMan.deleteObjectById(globalSignCaCert.getId());
realCertMan.deleteObjectById(intelCa.getId());
}
/**
@ -651,7 +639,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
*/
@Test
public final void testGetPcCaChain() throws URISyntaxException, IOException, KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -662,7 +650,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -675,8 +662,8 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC_PC).toURI())));
realCertMan.save(platformCredential);
realCertMan.save(intelCa);
realCertMan.saveCertificate(platformCredential);
realCertMan.saveCertificate(intelCa);
KeyStore ks = mostlyMockedService.getCaChain(platformCredential);
@ -685,8 +672,8 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Assert.assertNotNull(ks.getCertificate(intelCaAlias));
Assert.assertEquals(ks.size(), 1);
realCertMan.delete(platformCredential);
realCertMan.delete(intelCa);
realCertMan.deleteObjectById(platformCredential.getId());
realCertMan.deleteObjectById(intelCa.getId());
}
/**
@ -699,7 +686,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
@Test
public final void testGetPcCaChainNoMatches() throws URISyntaxException, IOException,
KeyStoreException {
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
// the main service in this class only uses mocked managers, we need a real DB certificate
// manager for this test, so we make a second service.
@ -710,7 +697,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator,
referenceDigestManager,
referenceEventManager
);
@ -727,17 +713,17 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Files.readAllBytes(Paths.get(getClass().getResource(
NUC_PC).toURI())));
realCertMan.save(platformCredential);
realCertMan.save(rootCa);
realCertMan.save(globalSignCaCert);
realCertMan.saveCertificate(platformCredential);
realCertMan.saveCertificate(rootCa);
realCertMan.saveCertificate(globalSignCaCert);
KeyStore ks = mostlyMockedService.getCaChain(platformCredential);
Assert.assertEquals(ks.size(), 0);
realCertMan.delete(platformCredential);
realCertMan.delete(rootCa);
realCertMan.delete(globalSignCaCert);
realCertMan.deleteObjectById(platformCredential.getId());
realCertMan.deleteObjectById(rootCa.getId());
realCertMan.deleteObjectById(globalSignCaCert.getId());
}
/**
@ -753,7 +739,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
when(policy.isPcValidationEnabled()).thenReturn(false);
when(policy.isPcAttributeValidationEnabled()).thenReturn(false);
CertificateManager realCertMan = new DBCertificateManager(sessionFactory);
CertificateServiceImpl realCertMan = new CertificateServiceImpl();
Device storedDevice = getStoredTestDevice();
SupplyChainValidationServiceImpl mostlyMockedService = new SupplyChainValidationServiceImpl(
@ -763,7 +749,6 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
null,
supplyChainValidationSummaryDBManager,
new SupplyChainCredentialValidator(),
referenceDigestManager,
referenceEventManager
);
@ -780,15 +765,15 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
GS_ROOT_CA).toURI()))
);
realCertMan.save(stmTpmEkIntermediateCA);
realCertMan.save(globalSignTpmRoot);
realCertMan.save(stmEkRootCa);
realCertMan.saveCertificate(stmTpmEkIntermediateCA);
realCertMan.saveCertificate(globalSignTpmRoot);
realCertMan.saveCertificate(stmEkRootCa);
EndorsementCredential nucEc = new EndorsementCredential(
Files.readAllBytes(Paths.get(getClass().getResource(NUC_EC).toURI()))
);
realCertMan.save(nucEc);
realCertMan.saveCertificate(nucEc);
SupplyChainValidationSummary summary = mostlyMockedService.validateSupplyChain(
nucEc, Collections.emptySet(), storedDevice
@ -809,20 +794,16 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
Assert.assertEquals(updatedStoredEc.getDevice().getId(), storedDevice.getId());
realCertMan.delete(stmTpmEkIntermediateCA);
realCertMan.delete(globalSignTpmRoot);
realCertMan.delete(stmEkRootCa);
realCertMan.delete(nucEc);
realCertMan.deleteObjectById(stmTpmEkIntermediateCA.getId());
realCertMan.deleteObjectById(globalSignTpmRoot.getId());
realCertMan.deleteObjectById(stmEkRootCa.getId());
realCertMan.deleteObjectById(nucEc.getId());
}
private Device getStoredTestDevice() {
DeviceManager deviceManager = new DBDeviceManager(sessionFactory);
DeviceGroupManager deviceGroupManager = new DBDeviceGroupManager(sessionFactory);
DeviceGroup testGroup = new DeviceGroup("group1");
Device testDevice = new Device("SCVSI-test");
testDevice.setDeviceGroup(deviceGroupManager.saveDeviceGroup(testGroup));
return deviceManager.saveDevice(testDevice);
}
}

113
HIRS_AttestationCAPortal/build.gradle
View File

@ -1,94 +1,69 @@
apply plugin: 'checkstyle'
apply plugin: 'findbugs'
apply plugin: 'java'
apply plugin: 'jacoco'
apply plugin: 'pmd'
apply plugin: 'war'
plugins {
id 'java'
id 'war'
}
sourceCompatibility = 1.8
java {
toolchain {
languageVersion = JavaLanguageVersion.of(11)
}
}
repositories {
flatDir {
dirs 'libs'
}
mavenCentral()
}
dependencies {
providedCompile 'javax.servlet:javax.servlet-api:3.1.0' //libs.servlet_api
implementation project(':HIRS_Utils')
implementation project(':HIRS_AttestationCA')
implementation libs.bouncy.castle
implementation libs.servlet.api
implementation libs.commons.io
implementation libs.commons.lang
implementation libs.commons.upload
implementation libs.gson
implementation libs.guava // for com.google.common
implementation libs.hibernate
implementation libs.hibernate.validator
implementation libs.http
implementation libs.jstl
implementation libs.javax.validation
implementation libs.log4j2
implementation libs.log4j2.web
implementation libs.pci.ids
implementation libs.servlet.api
implementation libs.spring.context
implementation libs.spring.jdbc
implementation libs.spring.orm
implementation libs.spring.transaction
implementation libs.spring.webmvc
testImplementation libs.hamcrest
compile(project(':HIRS_Utils')) {
exclude module: "javassist"
}
compile(project(':HIRS_AttestationCA'))
compile libs.commons_io
compile libs.commons_lang
compile libs.commons_upload
compile libs.gson
compile libs.guava // for com.google.common
compile libs.hibernate
compile libs.http
compile libs.jstl
compile libs.log4j2
compile libs.log4j2_web
compile libs.pci_ids
compile 'javax.servlet:javax.servlet-api:3.1.0' //libs.servlet_api
compile libs.spring_webmvc
compile 'org.springframework:spring-context-support:4.3.30.RELEASE'
compile 'org.hibernate:hibernate-validator:5.3.4.Final'
compileOnly libs.checkstyle
compileOnly libs.findbugs
runtime fileTree(dir: 'build/plugins', include: ['*.jar'])
testCompile 'org.hamcrest:hamcrest-all:1.3'
// override the servlet API for testing. Required for Spring Integration tests
testCompile 'javax.servlet:javax.servlet-api:3.1.0'
testCompile libs.hsqldb
testCompile libs.spring_test
testCompile libs.testng
testCompile libs.mockito
testCompile libs.testng
testCompile 'org.skyscreamer:jsonassert:1.2.3' // for .andExpect(content().json(json))
testRuntime 'com.jayway.jsonpath:json-path:2.1.0'
}
test {
useTestNG()
testImplementation libs.servlet.api
testImplementation libs.hsqldb
testImplementation libs.spring.test
testImplementation libs.testng
testImplementation libs.mockito
testImplementation libs.testng
testImplementation libs.jsonassert
testImplementation libs.jsonpath
}
def copyVersion = project.task('copyVersion')
copyVersion.dependsOn compileJava
war.dependsOn copyVersion
war.dependsOn addPlugins
war {
from(buildDir) {
include 'VERSION'
into 'WEB-INF/classes'
}
archiveName = 'HIRS_AttestationCAPortal.war'
archiveFileName = 'HIRS_AttestationCAPortal.war'
}
ext.configDir = new File(projectDir, 'config')
ext.checkstyleConfigDir = "$configDir/checkstyle"
checkstyle {
toolVersion = '8.10.1'
configFile = checkstyleConfigFile
configProperties.put('basedir', checkstyleConfigDir)
ignoreFailures = false
showViolations = true
}
ext.findbugsConfigDir = "$configDir/findbugs"
findbugs {
toolVersion = '3.0.0'
ignoreFailures = false
effort = 'max'
excludeFilter = new File(findbugsConfigDir, 'suppressions.xml')
}

20
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/datatables/OrderedListQueryDataTableAdapter.java
View File

@ -1,14 +1,14 @@
package hirs.attestationca.portal.datatables;
import hirs.FilteredRecordsList;
import hirs.persist.CriteriaModifier;
import hirs.persist.OrderedQuery;
import org.hibernate.Criteria;
import org.springframework.util.CollectionUtils;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import hirs.FilteredRecordsList;
import hirs.persist.CriteriaModifier;
import hirs.persist.OrderedListQuerier;
/**
* A class to adapt the Javascript DataTable java class abstractions to the DBManager's getting
@ -30,8 +30,8 @@ public final class OrderedListQueryDataTableAdapter<T> {
* @param <T> the parameter type
* @return the filtered record list
*/
public static <T> FilteredRecordsList<T> getOrderedList(final Class<? extends T> clazz,
final OrderedListQuerier<T> dbManager,
public static <T> FilteredRecordsList<T> getOrderedList(final Class<T> clazz,
final OrderedQuery<T> dbManager,
final DataTableInput dataTableInput,
final String orderColumnName) {
@ -54,10 +54,12 @@ public final class OrderedListQueryDataTableAdapter<T> {
* @param <T> the parameter type
* @return the filtered record list
*/
public static <T> FilteredRecordsList<T> getOrderedList(final Class<? extends T> clazz,
final OrderedListQuerier<T> dbManager, final DataTableInput dataTableInput,
final String orderColumnName,
final CriteriaModifier criteriaModifier) {
public static <T> FilteredRecordsList<T> getOrderedList(
final Class<T> clazz,
final OrderedQuery<T> dbManager,
final DataTableInput dataTableInput,
final String orderColumnName,
final CriteriaModifier criteriaModifier) {
Map<String, Boolean> searchableColumnMap = new HashMap<>();
for (Column column : dataTableInput.getColumns()) {

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java
View File

@ -1,6 +1,6 @@
package hirs.attestationca.portal.model;
import hirs.data.persist.SupplyChainPolicy;
import hirs.data.persist.policy.SupplyChainPolicy;
/**
* PolicyPage model object to demonstrate data exchange between policy.jsp page

31
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/AcaInitializer.java Normal file
View File

@ -0,0 +1,31 @@
package hirs.attestationca.portal.page;
import hirs.attestationca.AttestationCertificateAuthorityConfiguration;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
/**
* Simply holds a contextInitialized method which will be called when the web app starts.
*/
public class AcaInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {
AttestationCertificateAuthorityConfiguration.class
};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] {
CommonPageConfiguration.class, AttestationCertificateAuthorityConfiguration.class
};
}
@Override
protected String[] getServletMappings() {
return new String[] {
"/"
};
}
}

24
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/CommonPageConfiguration.java
View File

@ -1,15 +1,20 @@
package hirs.attestationca.portal.page;
import hirs.attestationca.AttestationCertificateAuthorityConfiguration;
import hirs.attestationca.portal.datatables.DataTableView;
import hirs.attestationca.portal.persistence.PersistenceConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
@ -19,12 +24,15 @@ import java.nio.charset.StandardCharsets;
* Specifies the location to scan for page controllers, view resolver for JSON data, and view
* resolver to map view names to jsp files.
*/
@Repository
@Configuration
@EnableTransactionManagement
@EnableWebMvc
@ComponentScan("hirs.attestationca.portal.page.controllers")
@Import({ PersistenceConfiguration.class })
public class CommonPageConfiguration {
@Import({ AttestationCertificateAuthorityConfiguration.class })
public class CommonPageConfiguration implements WebMvcConfigurer {
private static final String CLIENT_FILES_PATH = "file:/etc/hirs/aca/client-files/";
/**
* @return bean to resolve injected annotation.Value
@ -77,4 +85,14 @@ public class CommonPageConfiguration {
return resolver;
}
@Override
public void addResourceHandlers(final ResourceHandlerRegistry resourceHandlerRegistry) {
resourceHandlerRegistry.addResourceHandler("/client-files/**")
.addResourceLocations(CLIENT_FILES_PATH);
}
@Override
public void configureDefaultServletHandling(final DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageConfiguration.java
View File

@ -1,14 +1,14 @@
package hirs.attestationca.portal.page;
import hirs.attestationca.configuration.AttestationCertificateAuthorityConfiguration;
import hirs.attestationca.AttestationCertificateAuthorityConfiguration;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
/**
* Main Spring configuration class for the ACA Portal. Uses the Common page configuration,
* as well as the ACA configuration for accessing the ACA certificate.
*/
@Import({ CommonPageConfiguration.class, AttestationCertificateAuthorityConfiguration.class })
public class PageConfiguration extends WebMvcConfigurerAdapter {
public class PageConfiguration implements WebMvcConfigurer {
}

25
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java
View File

@ -4,13 +4,13 @@ import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.CertificateDetailsPageParams;
import hirs.attestationca.portal.util.CertificateStringMapBuilder;
import hirs.persist.CertificateManager;
import hirs.persist.service.CertificateService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import java.io.IOException;
@ -22,8 +22,8 @@ import static hirs.attestationca.portal.page.Page.CERTIFICATE_DETAILS;
/**
* Controller for the Certificate Details page.
*/
@Controller
@RequestMapping("/certificate-details")
@RestController
@RequestMapping(path = "/certificate-details")
public class CertificateDetailsPageController extends PageController<CertificateDetailsPageParams> {
/**
@ -31,17 +31,18 @@ public class CertificateDetailsPageController extends PageController<Certificate
*/
static final String INITIAL_DATA = "initialData";
private final CertificateManager certificateManager;
@Autowired
private final CertificateService certificateService;
private static final Logger LOGGER =
LogManager.getLogger(CertificateDetailsPageController.class);
/**
* Constructor providing the Page's display and routing specification.
* @param certificateManager the certificate manager
* @param certificateService the certificate service
*/
@Autowired
public CertificateDetailsPageController(final CertificateManager certificateManager) {
public CertificateDetailsPageController(final CertificateService certificateService) {
super(CERTIFICATE_DETAILS);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
}
/**
@ -79,19 +80,19 @@ public class CertificateDetailsPageController extends PageController<Certificate
switch (type) {
case "certificateauthority":
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
uuid, certificateManager));
uuid, certificateService));
break;
case "endorsement":
data.putAll(CertificateStringMapBuilder.getEndorsementInformation(uuid,
certificateManager));
certificateService));
break;
case "platform":
data.putAll(CertificateStringMapBuilder.getPlatformInformation(uuid,
certificateManager));
certificateService));
break;
case "issued":
data.putAll(CertificateStringMapBuilder.getIssuedInformation(uuid,
certificateManager));
certificateService));
break;
default:
String typeError = "Invalid certificate type: " + params.getType();

91
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java
View File

@ -14,11 +14,11 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.CriteriaModifier;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
import hirs.persist.OrderedListQuerier;
import hirs.persist.OrderedQuery;
import hirs.persist.service.CertificateService;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.encoders.DecoderException;
import org.hibernate.Criteria;
@ -26,14 +26,15 @@ import org.hibernate.criterion.Restrictions;
import org.hibernate.sql.JoinType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StreamUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
@ -57,12 +58,14 @@ import static org.apache.logging.log4j.LogManager.getLogger;
/**
* Controller for the Certificates list all pages.
*/
@Controller
@RequestMapping("/certificate-request")
@RestController
@RequestMapping(path = "/certificate-request")
public class CertificateRequestPageController extends PageController<NoPageParams> {
private final CertificateManager certificateManager;
private final OrderedListQuerier<Certificate> dataTableQuerier;
@Autowired
private final CertificateService certificateService;
@Autowired
private final OrderedQuery<Certificate> dataTableQuerier;
private CertificateAuthorityCredential certificateAuthorityCredential;
@ -81,17 +84,17 @@ public class CertificateRequestPageController extends PageController<NoPageParam
/**
* Constructor providing the Page's display and routing specification.
*
* @param certificateManager the certificate manager
* @param certificateService the certificate service impl
* @param crudManager the CRUD manager for certificates
* @param acaCertificate the ACA's X509 certificate
*/
@Autowired
public CertificateRequestPageController(
final CertificateManager certificateManager,
final CertificateService certificateService,
final CrudManager<Certificate> crudManager,
final X509Certificate acaCertificate) {
super(Page.TRUST_CHAIN);
this.certificateManager = certificateManager;
this.certificateService = certificateService;
this.dataTableQuerier = crudManager;
try {
@ -127,6 +130,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
* redirect.
* @return the path for the view and data model for the page.
*/
@GetMapping
@RequestMapping("/{certificateType}")
public ModelAndView initPage(@PathVariable("certificateType") final String certificateType,
final NoPageParams params, final Model model) {
@ -148,7 +152,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
mav = getBaseModelAndView(Page.TRUST_CHAIN);
// Map with the ACA certificate information
data.putAll(CertificateStringMapBuilder.getCertificateAuthorityInformation(
certificateAuthorityCredential, this.certificateManager));
certificateAuthorityCredential, this.certificateService));
mav.addObject(ACA_CERT_DATA, data);
break;
default:
@ -168,6 +172,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
* @return the data table
*/
@ResponseBody
@GetMapping
@RequestMapping(value = "/{certificateType}/list",
produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
@ -217,7 +222,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
PlatformCredential pc = (PlatformCredential) records.get(i);
// find the EC using the PC's "holder serial number"
associatedEC = EndorsementCredential
.select(certificateManager)
.select(certificateService)
.bySerialNumber(pc.getHolderSerialNumber())
.getCertificate();
@ -257,7 +262,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try {
UUID uuid = UUID.fromString(id);
Certificate certificate = getCertificateById(certificateType, uuid, certificateManager);
Certificate certificate = getCertificateById(certificateType, uuid, certificateService);
if (certificate == null) {
// Use the term "record" here to avoid user confusion b/t cert and cred
String notFoundMessage = "Unable to locate record with ID: " + uuid;
@ -271,13 +276,13 @@ public class CertificateRequestPageController extends PageController<NoPageParam
List<PlatformCredential> sharedCertificates = getCertificateByBoardSN(
certificateType,
platformCertificate.getPlatformSerial(),
certificateManager);
certificateService);
if (sharedCertificates != null) {
for (PlatformCredential pc : sharedCertificates) {
if (!pc.isBase()) {
pc.archive();
certificateManager.update(pc);
certificateService.updateCertificate(pc, pc.getId());
}
}
}
@ -285,7 +290,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
}
certificate.archive();
certificateManager.update(certificate);
certificateService.updateCertificate(certificate, uuid);
String deleteCompletedMessage = "Certificate successfully deleted";
messages.addInfo(deleteCompletedMessage);
@ -325,7 +330,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try {
UUID uuid = UUID.fromString(id);
Certificate certificate = getCertificateById(certificateType, uuid, certificateManager);
Certificate certificate = getCertificateById(certificateType, uuid, certificateService);
if (certificate == null) {
// Use the term "record" here to avoid user confusion b/t cert and cred
String notFoundMessage = "Unable to locate record with ID: " + uuid;
@ -399,7 +404,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (CertificateAuthorityCredential ca : CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("ca-certificates[%s].cer",
Integer.toHexString(ca.getCertificateHash()));
@ -443,7 +448,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (PlatformCredential pc : PlatformCredential.select(certificateManager)
for (PlatformCredential pc : PlatformCredential.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Platform_Certificates[%s].cer",
Integer.toHexString(pc.getCertificateHash()));
@ -488,7 +493,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (IssuedAttestationCertificate ic : IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Issued_Certificates[%s].cer",
Integer.toHexString(ic.getCertificateHash()));
@ -533,7 +538,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
for (EndorsementCredential ek : EndorsementCredential
.select(certificateManager)
.select(certificateService)
.getCertificates()) {
zipFileName = String.format("Endorsement_Certificates[%s].cer",
Integer.toHexString(ek.getCertificateHash()));
@ -584,7 +589,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
certificateType,
file.getOriginalFilename(),
messages, certificate,
certificateManager);
certificateService);
}
}
@ -621,7 +626,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
* @param certificateType String containing the certificate type
* @return the certificate class type
*/
private static Class<? extends Certificate> getCertificateClass(final String certificateType) {
private static Class getCertificateClass(final String certificateType) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential.class;
@ -661,33 +666,33 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param uuid the ID of the cert
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private Certificate getCertificateById(
final String certificateType,
final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case ENDORSEMENTCREDENTIAL:
return EndorsementCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case ISSUEDCERTIFICATES:
return IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
case TRUSTCHAIN:
return CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
default:
@ -701,30 +706,30 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param certificateHash the hash of the certificate's bytes
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private Certificate getCertificateByHash(
final String certificateType,
final int certificateHash,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
case ENDORSEMENTCREDENTIAL:
return EndorsementCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
case TRUSTCHAIN:
return CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.includeArchived()
.byHashCode(certificateHash)
.getCertificate();
@ -738,13 +743,13 @@ public class CertificateRequestPageController extends PageController<NoPageParam
*
* @param certificateType String containing the certificate type
* @param serialNumber the platform serial number
* @param certificateManager the certificate manager to query
* @param certificateService the certificate service to query
* @return the certificate or null if none is found
*/
private List<PlatformCredential> getCertificateByBoardSN(
final String certificateType,
final String serialNumber,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
if (serialNumber == null) {
return null;
@ -753,7 +758,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
switch (certificateType) {
case PLATFORMCREDENTIAL:
return PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(serialNumber)
.getCertificates().stream().collect(Collectors.toList());
default:
@ -834,7 +839,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
* be stored
* @param messages contains any messages that will be display on the page
* @param certificate the certificate to store
* @param certificateManager the DB manager to use
* @param certificateService the DB service to use
* @return the messages for the page
*/
private void storeCertificate(
@ -842,7 +847,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
final String fileName,
final PageMessages messages,
final Certificate certificate,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
Certificate existingCertificate;
@ -851,7 +856,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
existingCertificate = getCertificateByHash(
certificateType,
certificate.getCertificateHash(),
certificateManager);
certificateService);
} catch (DBManagerException e) {
final String failMessage = "Querying for existing certificate failed ("
+ fileName + "): ";
@ -869,7 +874,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
List<PlatformCredential> sharedCertificates = getCertificateByBoardSN(
certificateType,
platformCertificate.getPlatformSerial(),
certificateManager);
certificateService);
if (sharedCertificates != null) {
for (PlatformCredential pc : sharedCertificates) {
@ -906,7 +911,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
}**/
}
certificateManager.save(certificate);
certificateService.saveCertificate(certificate);
final String successMsg
= String.format("New certificate successfully uploaded (%s): ", fileName);
@ -928,7 +933,7 @@ public class CertificateRequestPageController extends PageController<NoPageParam
if (existingCertificate.isArchived()) {
existingCertificate.restore();
existingCertificate.resetCreateTime();
certificateManager.update(existingCertificate);
certificateService.updateCertificate(existingCertificate, certificate.getId());
final String successMsg = String.format("Pre-existing certificate "
+ "found and unarchived (%s): ", fileName);

37
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicesPageController.java
View File

@ -1,19 +1,26 @@
package hirs.attestationca.portal.page.controllers;
import hirs.FilteredRecordsList;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.DataTableResponse;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import static hirs.attestationca.portal.page.Page.DEVICES;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.attestationca.servicemanager.DBManager;
import hirs.data.persist.Device;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.DeviceAssociatedCertificate;
import hirs.persist.service.DeviceService;
import org.apache.logging.log4j.Logger;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import java.util.ArrayList;
@ -22,37 +29,34 @@ import java.util.HashMap;
import java.util.List;
import java.util.UUID;
import static hirs.attestationca.portal.page.Page.DEVICES;
import static org.apache.logging.log4j.LogManager.getLogger;
import org.hibernate.criterion.Restrictions;
import hirs.FilteredRecordsList;
import hirs.data.persist.Device;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.DeviceAssociatedCertificate;
import hirs.persist.DBManager;
import hirs.persist.DeviceManager;
/**
* Controller for the Device page.
*/
@Controller
@RequestMapping("/devices")
@RestController
@RequestMapping(path = "/devices")
public class DevicesPageController extends PageController<NoPageParams> {
private final DeviceManager deviceManager;
@Autowired
private final DeviceService deviceService;
// this may be what I need to do for all of them
@Autowired
private final DBManager<Certificate> certificateDBManager;
private static final Logger LOGGER = getLogger(DevicesPageController.class);
/**
* Constructor providing the Page's display and routing specification.
* @param deviceManager the device manager
* @param deviceService the device manager
* @param certificateDBManager the certificate DB manager
*/
@Autowired
public DevicesPageController(
final DeviceManager deviceManager,
final DeviceService deviceService,
final DBManager<Certificate> certificateDBManager) {
super(DEVICES);
this.deviceManager = deviceManager;
this.deviceService = deviceService;
this.certificateDBManager = certificateDBManager;
}
@ -76,6 +80,7 @@ public class DevicesPageController extends PageController<NoPageParams> {
* @return the data tables response, including the result set and paging information
*/
@ResponseBody
@GetMapping
@RequestMapping(value = "list", produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
public DataTableResponse<HashMap<String, Object>> getTableData(
@ -86,7 +91,7 @@ public class DevicesPageController extends PageController<NoPageParams> {
// get all the devices
FilteredRecordsList<Device> deviceList =
OrderedListQueryDataTableAdapter.getOrderedList(Device.class,
deviceManager, input, orderColumnName);
deviceService, input, orderColumnName);
FilteredRecordsList<HashMap<String, Object>> record
= retrieveDevicesAndAssociatedCertificates(deviceList);

16
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/HelpController.java
View File

@ -1,24 +1,26 @@
package hirs.attestationca.portal.page.controllers;
import static hirs.attestationca.portal.page.Page.HELP;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.params.NoPageParams;
import java.io.File;
import java.io.IOException;
import static org.apache.logging.log4j.LogManager.getLogger;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import java.io.File;
import java.io.IOException;
import static hirs.attestationca.portal.page.Page.HELP;
import static org.apache.logging.log4j.LogManager.getLogger;
/**
* Controller for the Help page.
*/
@Controller
@RequestMapping("/help")
@RestController
@RequestMapping(path = "/help")
public class HelpController extends PageController<NoPageParams> {
@Autowired

46
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
View File

@ -6,17 +6,18 @@ import hirs.attestationca.portal.model.PolicyPageModel;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.data.persist.SupplyChainPolicy;
import hirs.persist.AppraiserManager;
import hirs.persist.PolicyManager;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.PolicyManagerException;
import hirs.persist.service.AppraiserService;
import hirs.persist.service.PolicyService;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
@ -31,8 +32,8 @@ import static org.apache.logging.log4j.LogManager.getLogger;
/**
* Controller for the Policy page.
*/
@Controller
@RequestMapping("/policy")
@RestController
@RequestMapping(path = "/policy")
public class PolicyPageController extends PageController<NoPageParams> {
private static final Logger LOGGER = getLogger(PolicyPageController.class);
@ -45,8 +46,10 @@ public class PolicyPageController extends PageController<NoPageParams> {
private static final String ENABLED_EXPIRES_PARAMETER_VALUE = "expires";
private PolicyManager policyManager;
private AppraiserManager appraiserManager;
@Autowired
private PolicyService policyService;
@Autowired
private AppraiserService appraiserService;
/**
* Model attribute name used by initPage for the initial data passed to the
@ -63,15 +66,15 @@ public class PolicyPageController extends PageController<NoPageParams> {
/**
* Constructor.
*
* @param policyManager the policy manager
* @param appraiserManager the appraiser manager
* @param policyService the policy service
* @param appraiserService the appraiser service
*/
@Autowired
public PolicyPageController(final PolicyManager policyManager,
final AppraiserManager appraiserManager) {
public PolicyPageController(final PolicyService policyService,
final AppraiserService appraiserService) {
super(POLICY);
this.policyManager = policyManager;
this.appraiserManager = appraiserManager;
this.policyService = policyService;
this.appraiserService = appraiserService;
}
/**
@ -108,6 +111,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
* @return View containing the url and parameters
* @throws URISyntaxException if malformed URI
*/
@GetMapping
@RequestMapping(value = "update-pc-validation", method = RequestMethod.POST)
public RedirectView updatePcVal(@ModelAttribute final PolicyPageModel ppModel,
final RedirectAttributes attr) throws URISyntaxException {
@ -159,6 +163,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
* @return View containing the url and parameters
* @throws URISyntaxException if malformed URI
*/
@GetMapping
@RequestMapping(value = "update-pc-attribute-validation", method = RequestMethod.POST)
public RedirectView updatePcAttributeVal(@ModelAttribute final PolicyPageModel ppModel,
final RedirectAttributes attr)
@ -928,9 +933,9 @@ public class PolicyPageController extends PageController<NoPageParams> {
* @return The default Supply Chain Policy
*/
private SupplyChainPolicy getDefaultPolicy() {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
final Appraiser supplyChainAppraiser = appraiserService.getAppraiser(
SupplyChainAppraiser.NAME);
return (SupplyChainPolicy) policyManager.getDefaultPolicy(
return (SupplyChainPolicy) policyService.getDefaultPolicy(
supplyChainAppraiser);
}
@ -952,13 +957,12 @@ public class PolicyPageController extends PageController<NoPageParams> {
return policy;
}
private void savePolicyAndApplySuccessMessage(final PolicyPageModel ppModel,
final Map<String, Object> model,
final PageMessages messages,
final String successMessage,
private void savePolicyAndApplySuccessMessage(
final PolicyPageModel ppModel, final Map<String, Object> model,
final PageMessages messages, final String successMessage,
final SupplyChainPolicy policy) {
// save the policy to the DB
policyManager.updatePolicy(policy);
policyService.updatePolicy(policy, policy.getId());
// Log and set the success message
messages.addSuccess(successMessage);

130
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -4,7 +4,7 @@ import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import hirs.attestationca.service.SupplyChainValidationServiceImpl;
import hirs.attestationca.validation.SupplyChainValidationServiceImpl;
import hirs.data.persist.BaseReferenceManifest;
import hirs.data.persist.EventLogMeasurements;
import hirs.data.persist.ReferenceDigestValue;
@ -12,11 +12,10 @@ import hirs.data.persist.ReferenceManifest;
import hirs.data.persist.SupportReferenceManifest;
import hirs.data.persist.SwidResource;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DBManagerException;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.CertificateService;
import hirs.persist.service.ReferenceDigestValueService;
import hirs.persist.service.ReferenceManifestService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.utils.ReferenceManifestValidator;
@ -25,9 +24,9 @@ import hirs.validation.SupplyChainValidatorException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import java.io.IOException;
@ -47,15 +46,17 @@ import java.util.UUID;
/**
* Controller for the Reference Manifest Details page.
*/
@Controller
@RequestMapping("/rim-details")
@RestController
@RequestMapping(path = "/rim-details")
public class ReferenceManifestDetailsPageController
extends PageController<ReferenceManifestDetailsPageParams> {
private final ReferenceManifestManager referenceManifestManager;
private final ReferenceDigestManager referenceDigestManager;
private final ReferenceEventManager referenceEventManager;
private final CertificateManager certificateManager;
@Autowired
private final ReferenceManifestService referenceManifestService;
@Autowired
private final ReferenceDigestValueService referenceDigestValueService;
@Autowired
private final CertificateService certificateService;
private static final ReferenceManifestValidator RIM_VALIDATOR
= new ReferenceManifestValidator();
private static final Logger LOGGER
@ -64,22 +65,19 @@ public class ReferenceManifestDetailsPageController
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the reference manifest manager.
* @param referenceDigestManager the reference digest manager.
* @param referenceEventManager the reference event manager.
* @param certificateManager the certificate manager.
* @param referenceManifestService the reference manifest service.
* @param referenceDigestValueService the reference event service.
* @param certificateService the certificate service.
*/
@Autowired
public ReferenceManifestDetailsPageController(
final ReferenceManifestManager referenceManifestManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager,
final CertificateManager certificateManager) {
final ReferenceManifestService referenceManifestService,
final ReferenceDigestValueService referenceDigestValueService,
final CertificateService certificateService) {
super(Page.RIM_DETAILS);
this.referenceManifestManager = referenceManifestManager;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
this.certificateManager = certificateManager;
this.referenceManifestService = referenceManifestService;
this.referenceDigestValueService = referenceDigestValueService;
this.certificateService = certificateService;
}
/**
@ -109,8 +107,8 @@ public class ReferenceManifestDetailsPageController
} else {
try {
UUID uuid = UUID.fromString(params.getId());
data.putAll(getRimDetailInfo(uuid, referenceManifestManager,
referenceDigestManager, referenceEventManager, certificateManager));
data.putAll(getRimDetailInfo(uuid, referenceManifestService,
referenceDigestValueService, certificateService));
} catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
@ -137,44 +135,42 @@ public class ReferenceManifestDetailsPageController
* Gathers all information and returns it for displays.
*
* @param uuid database reference for the requested RIM.
* @param referenceManifestManager the reference manifest manager.
* @param referenceDigestManager the reference digest manager.
* @param referenceEventManager the reference event manager.
* @param certificateManager the certificate manager.
* @param referenceManifestService the reference manifest service.
* @param referenceDigestValueService the reference digest value service.
* @param certificateService the certificate service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestManager referenceManifestManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager,
final CertificateManager certificateManager)
throws IOException,
final ReferenceManifestService referenceManifestService,
final ReferenceDigestValueService referenceDigestValueService,
final CertificateService certificateService)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
BaseReferenceManifest bRim = BaseReferenceManifest.select(referenceManifestManager)
BaseReferenceManifest bRim = BaseReferenceManifest.select(referenceManifestService)
.byEntityId(uuid).getRIM();
if (bRim != null) {
data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateManager));
data.putAll(getBaseRimInfo(bRim, referenceManifestService, certificateService));
}
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager)
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestService)
.byEntityId(uuid).getRIM();
if (sRim != null) {
data.putAll(getSupportRimInfo(sRim, referenceManifestManager));
data.putAll(getSupportRimInfo(sRim, referenceManifestService));
}
EventLogMeasurements bios = EventLogMeasurements.select(referenceManifestManager)
EventLogMeasurements bios = EventLogMeasurements.select(referenceManifestService)
.byEntityId(uuid).getRIM();
if (bios != null) {
data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager,
referenceDigestManager, referenceEventManager));
data.putAll(getMeasurementsRimInfo(bios, referenceManifestService,
referenceDigestValueService));
}
return data;
@ -185,8 +181,8 @@ public class ReferenceManifestDetailsPageController
* Gathers all information and returns it for displays.
*
* @param baseRim established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param certificateManager the certificate manager.
* @param referenceManifestService the reference manifest service.
* @param certificateService the certificate service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -194,8 +190,8 @@ public class ReferenceManifestDetailsPageController
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestManager referenceManifestManager,
final CertificateManager certificateManager)
final ReferenceManifestService referenceManifestService,
final CertificateService certificateService)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -228,7 +224,7 @@ public class ReferenceManifestDetailsPageController
data.put("linkHref", baseRim.getLinkHref());
data.put("linkHrefLink", "");
for (BaseReferenceManifest bRim : BaseReferenceManifest
.select(referenceManifestManager).getRIMs()) {
.select(referenceManifestService).getRIMs()) {
if (baseRim.getLinkHref().contains(bRim.getTagId())) {
data.put("linkHrefLink", bRim.getId());
}
@ -249,7 +245,7 @@ public class ReferenceManifestDetailsPageController
data.put("pcUriLocal", baseRim.getPcURILocal());
data.put("rimLinkHash", baseRim.getRimLinkHash());
if (baseRim.getRimLinkHash() != null) {
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestService)
.byHexDecHash(baseRim.getRimLinkHash()).getRIM();
if (rim != null) {
data.put("rimLinkId", rim.getId());
@ -265,14 +261,14 @@ public class ReferenceManifestDetailsPageController
SupportReferenceManifest support = null;
if (baseRim.getAssociatedRim() == null) {
support = SupportReferenceManifest.select(referenceManifestManager)
support = SupportReferenceManifest.select(referenceManifestService)
.byManufacturer(baseRim.getPlatformManufacturer())
.getRIM();
if (support != null) {
baseRim.setAssociatedRim(support.getId());
}
} else {
support = SupportReferenceManifest.select(referenceManifestManager)
support = SupportReferenceManifest.select(referenceManifestService)
.byEntityId(baseRim.getAssociatedRim()).getRIM();
}
// going to have to pull the filename and grab that from the DB
@ -300,13 +296,13 @@ public class ReferenceManifestDetailsPageController
}
Set<CertificateAuthorityCredential> certificates =
CertificateAuthorityCredential.select(certificateManager)
CertificateAuthorityCredential.select(certificateService)
.getCertificates();
//Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid
data.put("signatureValid", false);
for (CertificateAuthorityCredential cert : certificates) {
SupplyChainValidationServiceImpl scvsImpl =
new SupplyChainValidationServiceImpl(certificateManager);
new SupplyChainValidationServiceImpl(certificateService);
KeyStore keystore = scvsImpl.getCaChain(cert);
if (RIM_VALIDATOR.validateXmlSignature(cert)) {
try {
@ -339,7 +335,7 @@ public class ReferenceManifestDetailsPageController
* Gathers all information and returns it for displays.
*
* @param support established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param referenceManifestService the reference manifest service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -347,21 +343,21 @@ public class ReferenceManifestDetailsPageController
*/
private static HashMap<String, Object> getSupportRimInfo(
final SupportReferenceManifest support,
final ReferenceManifestManager referenceManifestManager)
final ReferenceManifestService referenceManifestService)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
EventLogMeasurements measurements = null;
if (support.getAssociatedRim() == null) {
Set<BaseReferenceManifest> baseRims = BaseReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byRimType(ReferenceManifest.BASE_RIM).getRIMs();
for (BaseReferenceManifest baseRim : baseRims) {
if (baseRim != null && baseRim.getAssociatedRim() != null
&& baseRim.getAssociatedRim().equals(support.getId())) {
support.setAssociatedRim(baseRim.getId());
try {
referenceManifestManager.update(support);
referenceManifestService.updateReferenceManifest(support);
} catch (DBManagerException ex) {
LOGGER.error("Failed to update Support RIM", ex);
}
@ -373,7 +369,7 @@ public class ReferenceManifestDetailsPageController
// testing this independent of the above if statement because the above
// starts off checking if associated rim is null; that is irrelevant for
// this statement.
measurements = EventLogMeasurements.select(referenceManifestManager)
measurements = EventLogMeasurements.select(referenceManifestService)
.byHexDecHash(support.getHexDecHash()).getRIM();
if (support.isSwidPatch()) {
@ -499,9 +495,8 @@ public class ReferenceManifestDetailsPageController
* Gathers all information and returns it for displays.
*
* @param measurements established ReferenceManifest Type.
* @param referenceManifestManager the reference manifest manager.
* @param referenceDigestManager the reference digest manager.
* @param referenceEventManager the reference event manager.
* @param referenceManifestService the reference manifest service.
* @param referenceDigestValueService the reference digest value service.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
@ -509,9 +504,8 @@ public class ReferenceManifestDetailsPageController
*/
private static HashMap<String, Object> getMeasurementsRimInfo(
final EventLogMeasurements measurements,
final ReferenceManifestManager referenceManifestManager,
final ReferenceDigestManager referenceDigestManager,
final ReferenceEventManager referenceEventManager)
final ReferenceManifestService referenceManifestService,
final ReferenceDigestValueService referenceDigestValueService)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
@ -530,7 +524,7 @@ public class ReferenceManifestDetailsPageController
List<ReferenceDigestValue> eventValues = new ArrayList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byDeviceName(measurements
.getDeviceName()).getRIMs());
for (SupportReferenceManifest support : supports) {
@ -544,16 +538,18 @@ public class ReferenceManifestDetailsPageController
data.put("supportId", baseSupport.getId());
base = BaseReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byEntityId(baseSupport.getAssociatedRim())
.getRIM();
data.put("tagId", baseSupport.getTagId());
if (base != null) {
data.put("associatedRim", base.getId());
// this was moved from outside of the null check
// for a reason I believe
eventValues.addAll(referenceDigestValueService
.getValuesByBaseRimId(base.getId()));
}
eventValues.addAll(referenceEventManager.getValuesByRimId(base));
}
}

52
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -19,7 +19,7 @@ import hirs.data.persist.certificate.Certificate;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.ReferenceManifestService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import org.apache.commons.codec.binary.Base64;
@ -30,13 +30,14 @@ import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StreamUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
@ -66,8 +67,8 @@ import java.util.zip.ZipOutputStream;
/**
* Controller for the Reference Manifest page.
*/
@Controller
@RequestMapping("/reference-manifests")
@RestController
@RequestMapping(path = "/reference-manifests")
public class ReferenceManifestPageController
extends PageController<NoPageParams> {
@ -75,7 +76,9 @@ public class ReferenceManifestPageController
private static final String LOG_FILE_PATTERN = "([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)";
private final BiosDateValidator biosValidator;
private final ReferenceManifestManager referenceManifestManager;
@Autowired
private final ReferenceManifestService referenceManifestService;
@Autowired
private final ReferenceEventManager referenceEventManager;
private static final Logger LOGGER
= LogManager.getLogger(ReferenceManifestPageController.class);
@ -125,15 +128,15 @@ public class ReferenceManifestPageController
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the reference manifest manager
* @param referenceManifestService the reference manifest service
* @param referenceEventManager this is the reference event manager
*/
@Autowired
public ReferenceManifestPageController(
final ReferenceManifestManager referenceManifestManager,
final ReferenceManifestService referenceManifestService,
final ReferenceEventManager referenceEventManager) {
super(Page.REFERENCE_MANIFESTS);
this.referenceManifestManager = referenceManifestManager;
this.referenceManifestService = referenceManifestService;
this.referenceEventManager = referenceEventManager;
this.biosValidator = new BiosDateValidator(BIOS_RELEASE_DATE_FORMAT);
}
@ -161,6 +164,7 @@ public class ReferenceManifestPageController
* information
*/
@ResponseBody
@GetMapping
@RequestMapping(value = "/list",
produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
@ -181,7 +185,7 @@ public class ReferenceManifestPageController
FilteredRecordsList<ReferenceManifest> records
= OrderedListQueryDataTableAdapter.getOrderedList(
ReferenceManifest.class,
referenceManifestManager,
referenceManifestService,
input, orderColumnName, criteriaModifier);
LOGGER.debug("Returning list of size: " + records.size());
@ -242,7 +246,7 @@ public class ReferenceManifestPageController
// Make sure we are getting the db version of the file
updatedSupportRims.put(support.getHexDecHash(),
SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byHexDecHash(support.getHexDecHash())
.getRIM());
}
@ -285,7 +289,7 @@ public class ReferenceManifestPageController
LOGGER.warn(notFoundMessage);
} else {
referenceManifest.archive();
referenceManifestManager.update(referenceManifest);
referenceManifestService.updateReferenceManifest(referenceManifest);
String deleteCompletedMessage = "RIM successfully deleted";
messages.addInfo(deleteCompletedMessage);
@ -378,9 +382,9 @@ public class ReferenceManifestPageController
List<ReferenceManifest> referenceManifestList = new LinkedList<>();
referenceManifestList.addAll(BaseReferenceManifest
.select(referenceManifestManager).getRIMs());
.select(referenceManifestService).getRIMs());
referenceManifestList.addAll(SupportReferenceManifest
.select(referenceManifestManager).getRIMs());
.select(referenceManifestService).getRIMs());
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files
@ -419,16 +423,16 @@ public class ReferenceManifestPageController
*/
private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException {
UUID uuid = UUID.fromString(id);
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestService)
.byEntityId(uuid).getRIM();
if (rim == null) {
rim = SupportReferenceManifest.select(referenceManifestManager)
rim = SupportReferenceManifest.select(referenceManifestService)
.byEntityId(uuid).getRIM();
}
if (rim == null) {
rim = EventLogMeasurements.select(referenceManifestManager)
rim = EventLogMeasurements.select(referenceManifestService)
.byEntityId(uuid).getRIM();
}
@ -510,7 +514,7 @@ public class ReferenceManifestPageController
digest.digest(referenceManifest.getRimBytes()));
}
existingManifest = SupportReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byHexDecHash(rimHash)
.includeArchived()
.getRIM();
@ -520,7 +524,7 @@ public class ReferenceManifestPageController
digest.digest(referenceManifest.getRimBytes()));
}
existingManifest = BaseReferenceManifest
.select(referenceManifestManager).byBase64Hash(rimHash)
.select(referenceManifestService).byBase64Hash(rimHash)
.includeArchived()
.getRIM();
}
@ -534,7 +538,7 @@ public class ReferenceManifestPageController
try {
// save the new certificate if no match is found
if (existingManifest == null) {
referenceManifestManager.save(referenceManifest);
referenceManifestService.saveRIM(referenceManifest);
final String successMsg = String.format("RIM successfully uploaded (%s): ",
fileName);
@ -554,7 +558,7 @@ public class ReferenceManifestPageController
if (existingManifest != null && existingManifest.isArchived()) {
existingManifest.restore();
existingManifest.resetCreateTime();
referenceManifestManager.update(existingManifest);
referenceManifestService.updateReferenceManifest(existingManifest);
final String successMsg
= String.format("Pre-existing RIM found and unarchived (%s): ", fileName);
@ -575,7 +579,7 @@ public class ReferenceManifestPageController
HashMap<String, BaseReferenceManifest> tempMap = new HashMap<>();
for (BaseReferenceManifest base : uploadedBaseRims) {
// this is done to make sure we have the version with the UUID
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
dbBaseRim = BaseReferenceManifest.select(referenceManifestService)
.byBase64Hash(base.getBase64Hash()).getRIM();
if (dbBaseRim != null) {
for (SwidResource swid : dbBaseRim.parseResource()) {
@ -594,7 +598,7 @@ public class ReferenceManifestPageController
Map<String, SupportReferenceManifest> updatedSupportRims = new HashMap<>();
List<String> hashValues = new LinkedList<>(dbBaseRims.keySet());
for (String supportHash : hashValues) {
supportRim = SupportReferenceManifest.select(referenceManifestManager)
supportRim = SupportReferenceManifest.select(referenceManifestService)
.byHexDecHash(supportHash).getRIM();
// I have to assume the baseRim is from the database
// Updating the id values, manufacturer, model
@ -606,7 +610,7 @@ public class ReferenceManifestPageController
supportRim.setTagId(dbBaseRim.getTagId());
supportRim.setAssociatedRim(dbBaseRim.getId());
supportRim.setUpdated(true);
referenceManifestManager.update(supportRim);
referenceManifestService.updateReferenceManifest(supportRim);
updatedSupportRims.put(supportHash, supportRim);
}
}
@ -624,7 +628,7 @@ public class ReferenceManifestPageController
if (supportRim != null && (supportRim.getId() != null
&& !supportRim.getId().toString().equals(""))) {
Set<BaseReferenceManifest> baseRims = BaseReferenceManifest
.select(referenceManifestManager)
.select(referenceManifestService)
.byManufacturerModel(supportRim.getPlatformManufacturer(),
supportRim.getPlatformModel()).getRIMs();

43
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java
View File

@ -8,28 +8,26 @@ import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.attestationca.service.ReferenceDigestValueServiceImpl;
import hirs.attestationca.service.ReferenceManifestServiceImpl;
import hirs.data.persist.ReferenceDigestValue;
import hirs.data.persist.SupportReferenceManifest;
import hirs.data.persist.certificate.Certificate;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.DBReferenceDigestManager;
import hirs.persist.DBReferenceEventManager;
import hirs.persist.DBReferenceManifestManager;
import hirs.persist.ReferenceDigestManager;
import hirs.persist.ReferenceEventManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.service.ReferenceManifestService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import java.text.DateFormat;
@ -39,17 +37,16 @@ import java.text.SimpleDateFormat;
/**
* Controller for the TPM Events page.
*/
@Controller
@RequestMapping("/rim-database")
@RestController
@RequestMapping(path = "/rim-database")
public class RimDatabasePageController
extends PageController<NoPageParams> {
private static final String BIOS_RELEASE_DATE_FORMAT = "yyyy-MM-dd";
private final BiosDateValidator biosValidator;
private final ReferenceManifestManager referenceManifestManager;
private final ReferenceDigestManager referenceDigestManager;
private final ReferenceEventManager referenceEventManager;
private final ReferenceManifestService referenceManifestService;
private final ReferenceDigestValueServiceImpl referenceDigestValueService;
private static final Logger LOGGER
= LogManager.getLogger(RimDatabasePageController.class);
@ -98,19 +95,16 @@ public class RimDatabasePageController
/**
* Constructor providing the Page's display and routing specification.
*
* @param referenceManifestManager the ReferenceManifestManager object
* @param referenceDigestManager the ReferenceDigestManager object
* @param referenceEventManager the referenceEventManager object
* @param referenceManifestService the referenceManifestService object
* @param referenceDigestValueService the referenceDigestValueService object
*/
@Autowired
public RimDatabasePageController(
final DBReferenceManifestManager referenceManifestManager,
final DBReferenceDigestManager referenceDigestManager,
final DBReferenceEventManager referenceEventManager) {
final ReferenceManifestServiceImpl referenceManifestService,
final ReferenceDigestValueServiceImpl referenceDigestValueService) {
super(Page.RIM_DATABASE);
this.referenceManifestManager = referenceManifestManager;
this.referenceDigestManager = referenceDigestManager;
this.referenceEventManager = referenceEventManager;
this.referenceManifestService = referenceManifestService;
this.referenceDigestValueService = referenceDigestValueService;
this.biosValidator = new BiosDateValidator(BIOS_RELEASE_DATE_FORMAT);
}
@ -137,6 +131,7 @@ public class RimDatabasePageController
* information
*/
@ResponseBody
@GetMapping
@RequestMapping(value = "/list",
produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
@ -160,19 +155,19 @@ public class RimDatabasePageController
FilteredRecordsList<ReferenceDigestValue> referenceDigestValues =
OrderedListQueryDataTableAdapter.getOrderedList(
ReferenceDigestValue.class,
referenceEventManager,
referenceDigestValueService,
input, orderColumnName, criteriaModifier);
SupportReferenceManifest support;
for (ReferenceDigestValue rdv : referenceDigestValues) {
// We are updating the base rim ID field if necessary and
if (rdv.getBaseRimId() == null) {
support = SupportReferenceManifest.select(referenceManifestManager)
support = SupportReferenceManifest.select(referenceManifestService)
.byEntityId(rdv.getSupportRimId()).getRIM();
if (support != null) {
rdv.setBaseRimId(support.getAssociatedRim());
try {
referenceEventManager.updateEvent(rdv);
referenceDigestValueService.updateDigestValue(rdv, rdv.getId());
} catch (DBManagerException e) {
LOGGER.error("Failed to update TPM Event with Base RIM ID");
LOGGER.error(rdv);

37
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java
View File

@ -13,20 +13,21 @@ import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2;
import hirs.persist.CertificateManager;
import hirs.persist.CriteriaModifier;
import hirs.persist.CrudManager;
import hirs.persist.DeviceManager;
import hirs.persist.service.CertificateService;
import hirs.persist.service.DeviceService;
import org.apache.logging.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
@ -52,13 +53,16 @@ import static org.apache.logging.log4j.LogManager.getLogger;
/**
* Controller for the Validation Reports page.
*/
@Controller
@RequestMapping("/validation-reports")
@RestController
@RequestMapping(path = "/validation-reports")
public class ValidationReportsPageController extends PageController<NoPageParams> {
@Autowired
private final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
private final CertificateManager certificateManager;
private final DeviceManager deviceManager;
@Autowired
private final CertificateService certificateService;
@Autowired
private final DeviceService deviceService;
private static String systemColumnHeaders = "Verified Manufacturer,"
+ "Model,SN,Verification Date,Device Status";
@ -72,18 +76,18 @@ public class ValidationReportsPageController extends PageController<NoPageParams
/**
* Constructor providing the Page's display and routing specification.
* @param supplyChainValidatorSummaryManager the manager
* @param certificateManager the certificate manager
* @param deviceManager the device manager
* @param certificateService the certificate service
* @param deviceService the device service
*/
@Autowired
public ValidationReportsPageController(
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
final CertificateManager certificateManager,
final DeviceManager deviceManager) {
final CertificateService certificateService,
final DeviceService deviceService) {
super(VALIDATION_REPORTS);
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
this.certificateManager = certificateManager;
this.deviceManager = deviceManager;
this.certificateService = certificateService;
this.deviceService = deviceService;
}
/**
@ -105,6 +109,7 @@ public class ValidationReportsPageController extends PageController<NoPageParams
* @return the data table response containing the supply chain summary records
*/
@ResponseBody
@GetMapping
@RequestMapping(value = "list", produces = MediaType.APPLICATION_JSON_VALUE,
method = RequestMethod.GET)
public DataTableResponse<SupplyChainValidationSummary> getTableData(
@ -260,8 +265,8 @@ public class ValidationReportsPageController extends PageController<NoPageParams
if ((createTimes.get(i).isAfter(startDate) || createTimes.get(i).isEqual(startDate))
&& (createTimes.get(i).isBefore(endDate)
|| createTimes.get(i).isEqual(endDate))) {
UUID deviceId = deviceManager.getDevice(deviceNames[i]).getId();
PlatformCredential pc = PlatformCredential.select(certificateManager)
UUID deviceId = deviceService.getByName(deviceNames[i]).getId();
PlatformCredential pc = PlatformCredential.select(certificateService)
.byDeviceId(deviceId).getCertificate();
if (jsonVersion) {
jsonReportData.add(assembleJsonContent(pc, parseComponents(pc),
@ -376,7 +381,7 @@ public class ValidationReportsPageController extends PageController<NoPageParams
componentFailureString.append(pc.getComponentFailures());
// get all the certificates associated with the platform serial
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(pc.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
// combine all components in each certificate

125
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/persistence/PersistenceConfiguration.java
View File

@ -1,125 +0,0 @@
package hirs.attestationca.portal.persistence;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.persist.AppraiserManager;
import hirs.persist.CrudManager;
import hirs.persist.DBAppraiserManager;
import hirs.persist.DBCertificateManager;
import hirs.persist.DBDeviceGroupManager;
import hirs.persist.DBDeviceManager;
import hirs.persist.DBManager;
import hirs.persist.DBPolicyManager;
import hirs.persist.DBReferenceDigestManager;
import hirs.persist.DBReferenceEventManager;
import hirs.persist.DBReferenceManifestManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import hirs.persist.HibernateConfiguration;
import hirs.persist.PolicyManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.orm.hibernate4.LocalSessionFactoryBean;
/**
* Spring configuration class for persistence beans used by the Attestation CA Portal.
*/
@Configuration
@Import({ HibernateConfiguration.class })
public class PersistenceConfiguration {
@Autowired
private LocalSessionFactoryBean sessionFactory;
/**
* Creates a {@link PolicyManager} ready to use.
*
* @return {@link PolicyManager}
*/
@Bean
public PolicyManager policyManager() {
return new DBPolicyManager(sessionFactory.getObject());
}
/**
* Creates a {@link DeviceManager} ready to use.
*
* @return {@link DeviceManager}
*/
@Bean
public DeviceManager deviceManager() {
return new DBDeviceManager(sessionFactory.getObject());
}
/**
* Creates a {@link DBCertificateManager} ready to use.
*
* @return {@link DBCertificateManager}
*/
@Bean
public DBCertificateManager certificateManager() {
return new DBCertificateManager(sessionFactory.getObject());
}
/**
* Creates a {@link DBReferenceManifestManager} ready to use.
*
* @return {@link DBReferenceManifestManager}
*/
@Bean
public DBReferenceManifestManager referenceManifestManager() {
return new DBReferenceManifestManager(sessionFactory.getObject());
}
/**
* Creates a {@link DBReferenceDigestManager} ready to use.
*
* @return {@link DBReferenceDigestManager}
*/
@Bean
public DBReferenceDigestManager referenceDigestManager() {
return new DBReferenceDigestManager(sessionFactory.getObject());
}
/**
* Creates a {@link DBReferenceEventManager} ready to use.
*
* @return {@link DBReferenceEventManager}
*/
@Bean
public DBReferenceEventManager referenceEventManager() {
return new DBReferenceEventManager(sessionFactory.getObject());
}
/**
* Creates a {@link AppraiserManager} ready to use.
*
* @return {@link AppraiserManager}
*/
@Bean
public AppraiserManager appraiserManager() {
return new DBAppraiserManager(sessionFactory.getObject());
}
/**
* Creates a {@link DeviceGroupManager} ready to use.
*
* @return {@link DeviceGroupManager}
*/
@Bean
public DeviceGroupManager deviceGroupManager() {
return new DBDeviceGroupManager(sessionFactory.getObject());
}
/**
* Creates a {@link DBManager} for SupplyChainValidationSummary persistence, ready for use.
*
* @return {@link DBManager}
*/
@Bean
public CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryManager() {
return new DBManager<>(SupplyChainValidationSummary.class, sessionFactory.getObject());
}
}

99
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java
View File

@ -1,30 +1,29 @@
package hirs.attestationca.portal.util;
import hirs.persist.service.CertificateService;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.utils.BouncyCastleUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.List;
import java.util.Comparator;
import java.util.stream.Collectors;
import java.util.Set;
import java.util.UUID;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.persist.CertificateManager;
import hirs.utils.BouncyCastleUtils;
import org.bouncycastle.util.encoders.Hex;
import java.util.Collections;
import java.util.stream.Collectors;
/**
* Utility class for mapping certificate information in to string maps. These are used to display
@ -43,11 +42,11 @@ public final class CertificateStringMapBuilder {
* Returns the general information.
*
* @param certificate certificate to get the general information.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the general certificate information.
*/
public static HashMap<String, String> getGeneralCertificateInfo(
final Certificate certificate, final CertificateManager certificateManager) {
final Certificate certificate, final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
@ -102,7 +101,7 @@ public final class CertificateStringMapBuilder {
//Get issuer ID if not self signed
if (data.get("isSelfSigned").equals("false")) {
//Get the missing certificate chain for not self sign
Certificate missingCert = containsAllChain(certificate, certificateManager);
Certificate missingCert = containsAllChain(certificate, certificateService);
String issuerResult;
if (missingCert != null) {
@ -111,7 +110,7 @@ public final class CertificateStringMapBuilder {
}
//Find all certificates that could be the issuer certificate based on subject name
for (Certificate issuerCert : CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectSorted(certificate.getIssuerSorted())
.getCertificates()) {
@ -141,12 +140,12 @@ public final class CertificateStringMapBuilder {
* Recursive function that check if all the certificate chain is present.
*
* @param certificate certificate to get the issuer
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a boolean indicating if it has the full chain or not.
*/
public static Certificate containsAllChain(
final Certificate certificate,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
Set<CertificateAuthorityCredential> issuerCertificates = new HashSet<>();
CertificateAuthorityCredential skiCA = null;
String issuerResult;
@ -155,7 +154,7 @@ public final class CertificateStringMapBuilder {
&& !certificate.getAuthKeyId().isEmpty()) {
byte[] bytes = Hex.decode(certificate.getAuthKeyId());
skiCA = CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.bySubjectKeyIdentifier(bytes).getCertificate();
} else {
LOGGER.error(String.format("Certificate (%s) for %s has no authority key identifier.",
@ -166,12 +165,12 @@ public final class CertificateStringMapBuilder {
if (certificate.getIssuerSorted() == null
|| certificate.getIssuerSorted().isEmpty()) {
//Get certificates by subject
issuerCertificates = CertificateAuthorityCredential.select(certificateManager)
issuerCertificates = CertificateAuthorityCredential.select(certificateService)
.bySubject(certificate.getIssuer())
.getCertificates();
} else {
//Get certificates by subject organization
issuerCertificates = CertificateAuthorityCredential.select(certificateManager)
issuerCertificates = CertificateAuthorityCredential.select(certificateService)
.bySubjectSorted(certificate.getIssuerSorted())
.getCertificates();
}
@ -189,7 +188,7 @@ public final class CertificateStringMapBuilder {
issuerCert.getSubject())) {
return null;
}
return containsAllChain(issuerCert, certificateManager);
return containsAllChain(issuerCert, certificateService);
}
} catch (IOException e) {
LOGGER.error(e);
@ -204,21 +203,21 @@ public final class CertificateStringMapBuilder {
* Returns the Certificate Authority information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
CertificateAuthorityCredential certificate =
CertificateAuthorityCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
String notFoundMessage = "Unable to find Certificate Authority "
+ "Credential with ID: " + uuid;
return getCertificateAuthorityInfoHelper(certificateManager, certificate, notFoundMessage);
return getCertificateAuthorityInfoHelper(certificateService, certificate, notFoundMessage);
}
@ -226,23 +225,23 @@ public final class CertificateStringMapBuilder {
* Returns the Trust Chain credential information.
*
* @param certificate the certificate
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getCertificateAuthorityInformation(
final CertificateAuthorityCredential certificate,
final CertificateManager certificateManager) {
return getCertificateAuthorityInfoHelper(certificateManager, certificate,
final CertificateService certificateService) {
return getCertificateAuthorityInfoHelper(certificateService, certificate,
"No cert provided for mapping");
}
private static HashMap<String, String> getCertificateAuthorityInfoHelper(
final CertificateManager certificateManager,
final CertificateService certificateService,
final CertificateAuthorityCredential certificate, final String notFoundMessage) {
HashMap<String, String> data = new HashMap<>();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
data.put("subjectKeyIdentifier",
Arrays.toString(certificate.getSubjectKeyIdentifier()));
//x509 credential version
@ -259,18 +258,18 @@ public final class CertificateStringMapBuilder {
* Returns the endorsement credential information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getEndorsementInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
EndorsementCredential certificate = EndorsementCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
// Set extra fields
data.put("manufacturer", certificate.getManufacturer());
data.put("model", certificate.getModel());
@ -302,22 +301,22 @@ public final class CertificateStringMapBuilder {
* Returns the Platform credential information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
* @throws IOException when parsing the certificate
* @throws IllegalArgumentException invalid argument on parsing the certificate
*/
public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
final CertificateManager certificateManager)
final CertificateService certificateService)
throws IllegalArgumentException, IOException {
HashMap<String, Object> data = new HashMap<>();
PlatformCredential certificate = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
data.put("credentialType", certificate.getCredentialType());
data.put("platformType", certificate.getPlatformType());
data.put("manufacturer", certificate.getManufacturer());
@ -338,7 +337,7 @@ public final class CertificateStringMapBuilder {
data.put("holderIssuer", certificate.getHolderIssuer());
if (certificate.isBase()) {
EndorsementCredential ekCertificate = EndorsementCredential
.select(certificateManager)
.select(certificateService)
.bySerialNumber(certificate.getHolderSerialNumber())
.getCertificate();
if (ekCertificate != null) {
@ -348,7 +347,7 @@ public final class CertificateStringMapBuilder {
if (certificate.getPlatformType() != null
&& certificate.getPlatformType().equals("Delta")) {
PlatformCredential holderCertificate = PlatformCredential
.select(certificateManager)
.select(certificateService)
.bySerialNumber(certificate.getHolderSerialNumber())
.getCertificate();
if (holderCertificate != null) {
@ -358,7 +357,7 @@ public final class CertificateStringMapBuilder {
}
PlatformCredential prevCertificate = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byHolderSerialNumber(certificate.getSerialNumber())
.getCertificate();
@ -398,7 +397,7 @@ public final class CertificateStringMapBuilder {
if (certificate.getPlatformSerial() != null) {
// link certificate chain
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.select(certificateService)
.byBoardSerialNumber(certificate.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
@ -463,18 +462,18 @@ public final class CertificateStringMapBuilder {
* Returns the Issued Attestation Certificate information.
*
* @param uuid ID for the certificate.
* @param certificateManager the certificate manager for retrieving certs.
* @param certificateService the certificate service for retrieving certs.
* @return a hash map with the endorsement certificate information.
*/
public static HashMap<String, String> getIssuedInformation(final UUID uuid,
final CertificateManager certificateManager) {
final CertificateService certificateService) {
HashMap<String, String> data = new HashMap<>();
IssuedAttestationCertificate certificate = IssuedAttestationCertificate
.select(certificateManager)
.select(certificateService)
.byEntityId(uuid)
.getCertificate();
if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.putAll(getGeneralCertificateInfo(certificate, certificateService));
// add endorsement credential ID if not null
if (certificate.getEndorsementCredential() != null) {

26
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java
View File

@ -6,7 +6,7 @@ import com.github.marandus.pciid.service.PciIdsDatabase;
import com.google.common.base.Strings;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ASN1UTF8String;
import java.io.File;
import java.io.FileInputStream;
@ -129,8 +129,8 @@ public final class PciIds {
final String compClassValue = component.getComponentClass().getCategoryValue();
if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC)
|| compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) {
DERUTF8String manufacturer = translateVendor(component.getComponentManufacturer());
DERUTF8String model = translateDevice(component.getComponentManufacturer(),
ASN1UTF8String manufacturer = translateVendor(component.getComponentManufacturer());
ASN1UTF8String model = translateDevice(component.getComponentManufacturer(),
component.getComponentModel());
newComponent = new ComponentIdentifierV2(component.getComponentClass(),
@ -153,15 +153,15 @@ public final class PciIds {
/**
* Look up the vendor name from the PCI IDs list, if the input string contains an ID.
* If any part of this fails, return the original manufacturer value.
* @param refManufacturer DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered vendor name, or the original manufacturer value.
* @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier
* @return ASN1UTF8String with the discovered vendor name, or the original manufacturer value.
*/
public static DERUTF8String translateVendor(final DERUTF8String refManufacturer) {
DERUTF8String manufacturer = refManufacturer;
public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) {
ASN1UTF8String manufacturer = refManufacturer;
if (manufacturer != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) {
Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase());
if (ven != null && !Strings.isNullOrEmpty(ven.getName())) {
manufacturer = new DERUTF8String(ven.getName());
manufacturer = ASN1UTF8String.getInstance(ven.getName());
}
}
return manufacturer;
@ -175,10 +175,10 @@ public final class PciIds {
* @param refModel DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered device name, or the original model value.
*/
public static DERUTF8String translateDevice(final DERUTF8String refManufacturer,
final DERUTF8String refModel) {
DERUTF8String manufacturer = refManufacturer;
DERUTF8String model = refModel;
public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer,
final ASN1UTF8String refModel) {
ASN1UTF8String manufacturer = refManufacturer;
ASN1UTF8String model = refModel;
if (manufacturer != null
&& model != null
&& manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")
@ -186,7 +186,7 @@ public final class PciIds {
Device dev = DB.findDevice(manufacturer.getString().toLowerCase(),
model.getString().toLowerCase());
if (dev != null && !Strings.isNullOrEmpty(dev.getName())) {
model = new DERUTF8String(dev.getName());
model = ASN1UTF8String.getInstance(dev.getName());
}
}
return model;

2
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/PageTestConfiguration.java
View File

@ -6,7 +6,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
import org.springframework.orm.hibernate4.LocalSessionFactoryBean;
import org.springframework.orm.hibernate5.LocalSessionFactoryBean;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import javax.sql.DataSource;

123
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageControllerTest.java
View File

@ -1,43 +1,42 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import hirs.attestationca.portal.page.PageControllerTest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.web.servlet.MvcResult;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.web.servlet.ModelAndView;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.security.Security;
import static org.hamcrest.Matchers.hasProperty;
import static org.hamcrest.Matchers.hasItem;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.web.servlet.MvcResult;
import static org.hamcrest.Matchers.hasProperty;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import java.util.List;
/**
* Integration tests that test the URL End Points of CertificateDetailsPageController.
@ -51,9 +50,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Autowired
private DeviceManager deviceManager;
@Autowired
private DeviceGroupManager deviceGroupManager;
private CertificateAuthorityCredential caCertificate;
private CertificateAuthorityCredential caRootCertificate;
private PlatformCredential platformCredential;
@ -96,13 +92,8 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
Set<PlatformCredential> pcCertSet = new HashSet<>();
//Create new device group
DeviceGroup group = new DeviceGroup("default");
group = deviceGroupManager.saveDeviceGroup(group);
//Create new device and save it
Device device = new Device("Test");
device.setDeviceGroup(group);
device = deviceManager.saveDevice(device);
//Upload and save EK Cert
@ -112,7 +103,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_ENDORSEMENT_CREDENTIAL,
null,
null);
certificateManager.save(endorsementCredential);
certificateManager.saveCertificate(endorsementCredential);
//Upload and save CA Cert
caCertificate = (CertificateAuthorityCredential)
@ -121,7 +112,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_CA_CERTIFICATE,
null,
null);
certificateManager.save(caCertificate);
certificateManager.saveCertificate(caCertificate);
//Upload and save root Cert
caRootCertificate = (CertificateAuthorityCredential)
@ -130,7 +121,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_ROOT_CA_CERTIFICATE,
null,
null);
certificateManager.save(caRootCertificate);
certificateManager.saveCertificate(caRootCertificate);
//Upload and save Platform Cert
platformCredential = (PlatformCredential)
@ -139,7 +130,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_PLATFORM_CREDENTIAL,
null,
null);
certificateManager.save(platformCredential);
certificateManager.saveCertificate(platformCredential);
pcCertSet.add(platformCredential);
@ -150,7 +141,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_PLATFORM_CREDENTIAL_2,
null,
null);
certificateManager.save(platformCredential2);
certificateManager.saveCertificate(platformCredential2);
pcCertSet.add(platformCredential);
@ -161,7 +152,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
TEST_PLATFORM_CREDENTIAL_2_PCI,
null,
null);
certificateManager.save(platformCertificatePCI);
certificateManager.saveCertificate(platformCertificatePCI);
pcCertSet.add(platformCertificatePCI);
@ -173,7 +164,7 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
endorsementCredential,
pcCertSet);
issuedCredential.setDevice(device);
certificateManager.save(issuedCredential);
certificateManager.saveCertificate(issuedCredential);
}
/**
@ -238,7 +229,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPageCertificateAuthority() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", caCertificate.getId().toString())
@ -246,14 +236,16 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(status().isOk())
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, String> initialData = (Map<String, String>) result
.getModelAndView()
.getModel()
Map<String, String> initialData = (Map<String, String>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), caCertificate.getIssuer());
}
/**
@ -265,7 +257,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPagePlatform() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", platformCredential.getId().toString())
@ -274,15 +265,18 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, String> initialData = (Map<String, String>) result
.getModelAndView()
.getModel()
Map<String, String> initialData = (Map<String, String>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), platformCredential.getIssuer());
Assert.assertEquals(initialData.get("credentialType"),
((PlatformCredential) platformCredential).getCredentialType());
}
/**
@ -294,7 +288,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPagePlatform20() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", platformCredential2.getId().toString())
@ -302,11 +295,14 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(status().isOk())
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, Object> initialData = (Map<String, Object>) result
.getModelAndView()
.getModel()
Map<String, Object> initialData = (Map<String, Object>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), platformCredential2.getIssuer());
Assert.assertEquals(initialData.get("credentialType"),
@ -320,7 +316,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
Assert.assertNotNull(initialData.get("platformProperties"));
obj = (List<?>) initialData.get("platformProperties");
Assert.assertEquals(obj.size(), 2);
}
/**
@ -332,7 +327,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPagePlatform20PCI() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", platformCertificatePCI.getId().toString())
@ -340,11 +334,14 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(status().isOk())
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, Object> initialData = (Map<String, Object>) result
.getModelAndView()
.getModel()
Map<String, Object> initialData = (Map<String, Object>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), platformCertificatePCI.getIssuer());
Assert.assertEquals(initialData.get("credentialType"),
@ -358,7 +355,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
Assert.assertNotNull(initialData.get("platformProperties"));
obj = (List<?>) initialData.get("platformProperties");
Assert.assertEquals(obj.size(), 0);
}
/**
@ -370,7 +366,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPageEndorsement() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", endorsementCredential.getId().toString())
@ -378,11 +373,14 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(status().isOk())
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, String> initialData = (Map<String, String>) result
.getModelAndView()
.getModel()
Map<String, String> initialData = (Map<String, String>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), endorsementCredential.getIssuer());
Assert.assertEquals(initialData.get("manufacturer"),
@ -397,20 +395,21 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPageID() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", caCertificate.getId().toString())
.param("type", "certificateauthority"))
.andExpect(model().attributeExists(
CertificateDetailsPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, String> initialData = (Map<String, String>) result
.getModelAndView()
.getModel()
Map<String, String> initialData = (Map<String, String>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), caCertificate.getIssuer());
@ -427,7 +426,6 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
@Rollback
@SuppressWarnings("unchecked")
public void testInitPageIssuedAttestation() throws Exception {
MvcResult result = getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName())
.param("id", issuedCredential.getId().toString())
@ -435,11 +433,14 @@ public class CertificateDetailsPageControllerTest extends PageControllerTest {
.andExpect(status().isOk())
.andExpect(model().attributeExists(PolicyPageController.INITIAL_DATA))
.andReturn();
ModelAndView modelAndView = result.getModelAndView();
Map<String, Object> modelMap = Collections.EMPTY_MAP;
if (modelAndView != null) {
modelMap = modelAndView.getModel();
}
// Obtain initialData HashMap
Map<String, String> initialData = (Map<String, String>) result
.getModelAndView()
.getModel()
Map<String, String> initialData = (Map<String, String>) modelMap
.get(PolicyPageController.INITIAL_DATA);
Assert.assertEquals(initialData.get("issuer"), issuedCredential.getIssuer());
Assert.assertEquals(initialData.get("endorsementID"),

40
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/DevicesPageControllerTest.java
View File

@ -1,31 +1,30 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.portal.page.PageControllerTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.annotations.Test;
import static hirs.attestationca.portal.page.Page.DEVICES;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import static org.hamcrest.Matchers.hasSize;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import static hirs.attestationca.portal.page.Page.DEVICES;
import static org.hamcrest.Matchers.hasSize;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.testng.annotations.BeforeClass;
/**
* Integration tests that test the URL End Points of DevicePageController.
@ -43,15 +42,11 @@ public class DevicesPageControllerTest extends PageControllerTest {
private static final String TEST_PLATFORM_CREDENTIAL
= "/platform_credentials/Intel_pc.cer";
private DeviceGroup group;
private Device device;
@Autowired
private DeviceManager deviceManager;
@Autowired
private DeviceGroupManager deviceGroupManager;
@Autowired
private CertificateManager certificateManager;
@ -68,32 +63,27 @@ public class DevicesPageControllerTest extends PageControllerTest {
*/
@BeforeClass
public void beforeMethod() throws IOException {
//Create new device group
group = new DeviceGroup(DEVICE_GROUP_NAME);
group = deviceGroupManager.saveDeviceGroup(group);
//Create new device and save it
device = new Device(DEVICE_NAME);
device.setSupplyChainStatus(AppraisalStatus.Status.PASS);
device.setDeviceGroup(group);
device = deviceManager.saveDevice(device);
//Upload and save EK Cert
EndorsementCredential ec = (EndorsementCredential)
getTestCertificate(EndorsementCredential.class, TEST_ENDORSEMENT_CREDENTIAL);
ec.setDevice(device);
certificateManager.save(ec);
certificateManager.saveCertificate(ec);
//Add second EK Cert without a device
ec = (EndorsementCredential)
getTestCertificate(EndorsementCredential.class, TEST_ENDORSEMENT_CREDENTIAL_2);
certificateManager.save(ec);
certificateManager.saveCertificate(ec);
//Upload and save Platform Cert
PlatformCredential pc = (PlatformCredential)
getTestCertificate(PlatformCredential.class, TEST_PLATFORM_CREDENTIAL);
pc.setDevice(device);
certificateManager.save(pc);
certificateManager.saveCertificate(pc);
}

22
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/EndorsementKeyCredentialsPageControllerTest.java
View File

@ -1,10 +1,10 @@
package hirs.attestationca.portal.page.controllers;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.persist.CertificateManager;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.attestationca.portal.page.PageMessages;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.persist.service.CertificateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockMultipartFile;
@ -30,7 +30,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class EndorsementKeyCredentialsPageControllerTest extends PageControllerTest {
@Autowired
private CertificateManager certificateManager;
private CertificateService certificateService;
private static final String EKCERT = "fakeIntelIntermediateCA.pem";
private static final String BADEKCERT = "badCert.pem";
@ -73,7 +73,7 @@ public class EndorsementKeyCredentialsPageControllerTest extends PageControllerT
public void uploadAndArchiveNonEndorsementCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/endorsement-key-credentials/upload")
.multipart("/certificate-request/endorsement-key-credentials/upload")
.file(nonEkCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -87,7 +87,8 @@ public class EndorsementKeyCredentialsPageControllerTest extends PageControllerT
// verify the cert was actually stored
Set<Certificate> records =
certificateManager.get(EndorsementCredential.select(certificateManager));
certificateService.getCertificate(
EndorsementCredential.select(certificateService));
Assert.assertEquals(records.size(), 1);
Certificate cert = records.iterator().next();
@ -99,8 +100,8 @@ public class EndorsementKeyCredentialsPageControllerTest extends PageControllerT
.param("id", cert.getId().toString()))
.andExpect(status().is3xxRedirection())
.andReturn();
records = certificateManager.get(EndorsementCredential
.select(certificateManager).includeArchived());
records = certificateService.getCertificate(EndorsementCredential
.select(certificateService).includeArchived());
Assert.assertEquals(records.size(), 1);
cert = records.iterator().next();
@ -117,7 +118,7 @@ public class EndorsementKeyCredentialsPageControllerTest extends PageControllerT
public void uploadBadEndorsementCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/endorsement-key-credentials/upload")
.multipart("/certificate-request/endorsement-key-credentials/upload")
.file(badCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -130,7 +131,8 @@ public class EndorsementKeyCredentialsPageControllerTest extends PageControllerT
// verify the cert was not actually stored
Set<Certificate> records =
certificateManager.get(EndorsementCredential.select(certificateManager));
certificateService.getCertificate(
EndorsementCredential.select(certificateService));
Assert.assertEquals(records.size(), 0);
}
}

36
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/IssuedCertificatesPageControllerTest.java
View File

@ -1,33 +1,33 @@
package hirs.attestationca.portal.page.controllers;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.DeviceManager;
import static hirs.attestationca.portal.page.Page.ISSUED_CERTIFICATES;
import hirs.attestationca.portal.page.PageControllerTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashSet;
import java.util.Set;
import static hirs.attestationca.portal.page.Page.ISSUED_CERTIFICATES;
import static org.hamcrest.Matchers.hasSize;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
/**
* Integration tests that test the URL End Points of IssuedCertificatesPageController.
@ -47,14 +47,11 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
private Set<PlatformCredential> platformCredentials;
private IssuedAttestationCertificate issued;
private DeviceGroup group;
private Device device;
@Autowired
private DeviceManager deviceManager;
@Autowired
private DeviceGroupManager deviceGroupManager;
@Autowired
private CertificateManager certificateManager;
@ -65,13 +62,8 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
*/
@BeforeClass
public void beforeMethod() throws IOException {
//Create new device grup
group = new DeviceGroup("default");
group = deviceGroupManager.saveDeviceGroup(group);
//Create new device and save it
device = new Device("Test");
device.setDeviceGroup(group);
device = deviceManager.saveDevice(device);
//Upload and save EK Cert
@ -82,7 +74,7 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
null,
null);
ec.setDevice(device);
certificateManager.save(ec);
certificateManager.saveCertificate(ec);
//Set up multi-platform cert Attestation Cert
platformCredentials = new HashSet<>();
@ -95,7 +87,7 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
null,
null);
pc.setDevice(device);
certificateManager.save(pc);
certificateManager.saveCertificate(pc);
platformCredentials.add(pc);
pc = (PlatformCredential)
@ -105,7 +97,7 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
null,
null);
pc.setDevice(device);
certificateManager.save(pc);
certificateManager.saveCertificate(pc);
platformCredentials.add(pc);
issued = (IssuedAttestationCertificate)
@ -115,7 +107,7 @@ public class IssuedCertificatesPageControllerTest extends PageControllerTest {
ec,
platformCredentials);
issued.setDevice(device);
certificateManager.save(issued);
certificateManager.saveCertificate(issued);
}

32
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PlatformCredentialsPageControllerTest.java
View File

@ -1,10 +1,10 @@
package hirs.attestationca.portal.page.controllers;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.CertificateManager;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.attestationca.portal.page.PageMessages;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.persist.service.CertificateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockMultipartFile;
@ -29,7 +29,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
public class PlatformCredentialsPageControllerTest extends PageControllerTest {
@Autowired
private CertificateManager certificateManager;
private CertificateService certificateService;
// A cert that is an actual PC cert file and should be parsable.
private MockMultipartFile realPcCertFile;
@ -82,7 +82,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
private Certificate uploadTestCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/platform-credentials/upload")
.multipart("/certificate-request/platform-credentials/upload")
.file(realPcCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -95,7 +95,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
// verify the cert was actually stored
Set<Certificate> records =
certificateManager.get(PlatformCredential.select(certificateManager));
certificateService.getCertificate(PlatformCredential.select(certificateService));
Assert.assertEquals(records.size(), 1);
Certificate cert = records.iterator().next();
@ -113,8 +113,8 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
.andReturn();
Set<Certificate> records =
certificateManager.get(PlatformCredential
.select(certificateManager).includeArchived());
certificateService.getCertificate(PlatformCredential
.select(certificateService).includeArchived());
Assert.assertEquals(records.size(), 1);
Assert.assertTrue(records.iterator().next().isArchived());
@ -133,7 +133,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
// upload the same cert again
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/platform-credentials/upload")
.multipart("/certificate-request/platform-credentials/upload")
.file(realPcCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -147,8 +147,8 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
"Pre-existing certificate found and unarchived (" + REALPCCERT + "): ");
// verify the cert was actually stored
Set<Certificate> records = certificateManager.get(PlatformCredential.select(
certificateManager));
Set<Certificate> records = certificateService.getCertificate(PlatformCredential.select(
certificateService));
Assert.assertEquals(records.size(), 1);
Certificate newCert = records.iterator().next();
@ -168,12 +168,12 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
public void uploadNonPlatformCert() throws Exception {
// verify the cert was not actually stored
Set<Certificate> originalRecords =
certificateManager.get(PlatformCredential.select(certificateManager));
certificateService.getCertificate(PlatformCredential.select(certificateService));
Assert.assertEquals(originalRecords.size(), 0);
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/platform-credentials/upload")
.multipart("/certificate-request/platform-credentials/upload")
.file(nonPcCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -186,7 +186,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
// verify the cert was not actually stored
Set<Certificate> records =
certificateManager.get(PlatformCredential.select(certificateManager));
certificateService.getCertificate(PlatformCredential.select(certificateService));
Assert.assertEquals(records.size(), 0);
}
@ -199,7 +199,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
public void uploadBadPlatformCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/platform-credentials/upload")
.multipart("/certificate-request/platform-credentials/upload")
.file(badCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -212,7 +212,7 @@ public class PlatformCredentialsPageControllerTest extends PageControllerTest {
// verify the cert was not actually stored
Set<Certificate> records =
certificateManager.get(PlatformCredential.select(certificateManager));
certificateService.getCertificate(PlatformCredential.select(certificateService));
Assert.assertEquals(records.size(), 0);
}
}

36
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PolicyPageControllerTest.java
View File

@ -2,28 +2,25 @@ package hirs.attestationca.portal.page.controllers;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.SupplyChainPolicy;
import hirs.persist.AppraiserManager;
import hirs.persist.DeviceGroupManager;
import hirs.persist.PolicyManager;
import org.testng.Assert;
import static hirs.attestationca.portal.page.Page.POLICY;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageControllerTest;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasProperty;
import static org.hamcrest.Matchers.is;
import hirs.data.persist.policy.SupplyChainPolicy;
import hirs.persist.AppraiserManager;
import hirs.persist.PolicyManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import static hirs.attestationca.portal.page.Page.POLICY;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasProperty;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.flash;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import hirs.attestationca.portal.page.PageController;
/**
* Integration tests that test the URL End Points of PolicyPageController.
@ -36,9 +33,6 @@ public class PolicyPageControllerTest extends PageControllerTest {
@Autowired
private AppraiserManager appraiserManager;
@Autowired
private DeviceGroupManager groupManager;
private SupplyChainPolicy policy;
/**
@ -54,12 +48,6 @@ public class PolicyPageControllerTest extends PageControllerTest {
*/
@BeforeClass
public void setUpPolicy() {
// create default group so that the policy can be applied as a default.
if (groupManager.getDeviceGroup(DeviceGroup.DEFAULT_GROUP) == null) {
groupManager.saveDeviceGroup(new DeviceGroup(DeviceGroup.DEFAULT_GROUP));
}
appraiserManager.saveAppraiser(new SupplyChainAppraiser());
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);

26
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/TrustChainManagementPageControllerTest.java
View File

@ -4,7 +4,7 @@ import hirs.attestationca.portal.page.PageControllerTest;
import hirs.attestationca.portal.page.PageMessages;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.persist.CertificateManager;
import hirs.persist.service.CertificateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockMultipartFile;
@ -21,8 +21,8 @@ import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Set;
import static org.hamcrest.Matchers.hasEntry;
import static hirs.attestationca.portal.page.Page.TRUST_CHAIN;
import static org.hamcrest.Matchers.hasEntry;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
@ -35,7 +35,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class TrustChainManagementPageControllerTest extends PageControllerTest {
@Autowired
private CertificateManager certificateManager;
private CertificateService certificateService;
@Autowired
private X509Certificate acaCert;
@ -156,7 +156,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
private Certificate uploadTestCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/trust-chain/upload")
.multipart("/certificate-request/trust-chain/upload")
.file(nonCaCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -170,7 +170,8 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
// verify the cert was actually stored
Set<Certificate> records =
certificateManager.get(CertificateAuthorityCredential.select(certificateManager));
certificateService.getCertificate(
CertificateAuthorityCredential.select(certificateService));
Assert.assertEquals(records.size(), 1);
//Check the cert is not already in the archive
@ -187,8 +188,8 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
.param("id", cert.getId().toString()))
.andExpect(status().is3xxRedirection())
.andReturn();
Set<Certificate> records = certificateManager.get(CertificateAuthorityCredential
.select(certificateManager).includeArchived());
Set<Certificate> records = certificateService.getCertificate(CertificateAuthorityCredential
.select(certificateService).includeArchived());
Assert.assertEquals(records.size(), 1);
Assert.assertTrue(records.iterator().next().isArchived());
@ -207,7 +208,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
// upload the same certificate again
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/trust-chain/upload")
.multipart("/certificate-request/trust-chain/upload")
.file(nonCaCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -221,8 +222,8 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
"Pre-existing certificate found and unarchived (" + NONCACERT + "): ");
// verify the cert can be retrieved without looking at archived certs
Set<Certificate> records = certificateManager.get(CertificateAuthorityCredential
.select(certificateManager).includeArchived());
Set<Certificate> records = certificateService.getCertificate(CertificateAuthorityCredential
.select(certificateService).includeArchived());
Assert.assertEquals(records.size(), 1);
Certificate newCert = records.iterator().next();
@ -242,7 +243,7 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
public void uploadBadCaCert() throws Exception {
// perform upload. Attach csv file and add HTTP parameters for the baseline name and type.
MvcResult result = getMockMvc().perform(MockMvcRequestBuilders
.fileUpload("/certificate-request/trust-chain/upload")
.multipart("/certificate-request/trust-chain/upload")
.file(badCertFile))
.andExpect(status().is3xxRedirection())
.andReturn();
@ -255,7 +256,8 @@ public class TrustChainManagementPageControllerTest extends PageControllerTest {
// verify the cert was not actually stored
Set<Certificate> records =
certificateManager.get(CertificateAuthorityCredential.select(certificateManager));
certificateService.getCertificate(
CertificateAuthorityCredential.select(certificateService));
Assert.assertEquals(records.size(), 0);
}

12
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/datatables/OrderedListQueryDataTableAdapterTest.java
View File

@ -1,14 +1,14 @@
package hirs.attestationca.portal.page.datatables;
import hirs.FilteredRecordsList;
import hirs.data.persist.Device;
import hirs.persist.CriteriaModifier;
import hirs.persist.OrderedListQuerier;
import hirs.attestationca.portal.datatables.Column;
import hirs.attestationca.portal.datatables.DataTableInput;
import hirs.attestationca.portal.datatables.Order;
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
import hirs.attestationca.portal.datatables.Search;
import hirs.data.persist.Device;
import hirs.persist.CriteriaModifier;
import hirs.persist.OrderedQuery;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Matchers;
@ -36,7 +36,7 @@ import static org.mockito.Mockito.when;
*/
public class OrderedListQueryDataTableAdapterTest {
private OrderedListQuerier<Device> querier;
private OrderedQuery<Device> querier;
private FilteredRecordsList filteredList;
@ -54,8 +54,8 @@ public class OrderedListQueryDataTableAdapterTest {
// sets up the @Captor
MockitoAnnotations.initMocks(this);
querier = (OrderedListQuerier<Device>)
mock(OrderedListQuerier.class);
querier = (OrderedQuery<Device>)
mock(OrderedQuery .class);
filteredList = new FilteredRecordsList();

39
HIRS_Provisioner/src/main/java/hirs/provisioner/client/RestfulClientProvisioner.java
View File

@ -1,6 +1,20 @@
package hirs.provisioner.client;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hirs.DeviceInfoReportRequest;
import hirs.client.collector.DeviceInfoCollector;
import hirs.collector.CollectorException;
import hirs.data.persist.DeviceInfoReport;
import hirs.provisioner.CommandLineArguments;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
import hirs.structs.elements.aca.IdentityResponseEnvelope;
import hirs.structs.elements.tpm.AsymmetricKeyParams;
import hirs.structs.elements.tpm.AsymmetricPublicKey;
import hirs.structs.elements.tpm.RsaSubParams;
import hirs.structs.elements.tpm.StorePubKey;
import hirs.tpm.tss.Tpm;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -25,20 +39,6 @@ import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.UUID;
import hirs.DeviceInfoReportRequest;
import hirs.client.collector.DeviceInfoCollector;
import hirs.collector.CollectorException;
import hirs.data.persist.DeviceInfoReport;
import hirs.provisioner.CommandLineArguments;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
import hirs.structs.elements.aca.IdentityResponseEnvelope;
import hirs.structs.elements.tpm.AsymmetricKeyParams;
import hirs.structs.elements.tpm.AsymmetricPublicKey;
import hirs.structs.elements.tpm.RsaSubParams;
import hirs.structs.elements.tpm.StorePubKey;
import hirs.tpm.tss.Tpm;
/**
* Client implementation that uses a RestTemplate to communicate
@ -176,10 +176,17 @@ public class RestfulClientProvisioner implements ClientProvisioner {
RSAPublicKey getACAPublicKey() {
// request the public key from the ACA
ResponseEntity<byte[]> response = restTemplate.getForEntity(acaPublicKeyURL, byte[].class);
X509EncodedKeySpec keySpec;
byte[] body = response.getBody();
try {
// use the public key information to create encoded key specification. then create a
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(response.getBody());
if (body == null) {
throw new ProvisioningException("Encountered error: "
+ "ResponseEntity body is null.", null);
} else {
// use the public key information to create encoded key specification. then create a
keySpec = new X509EncodedKeySpec(body);
}
// create the public key from that specification
return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(keySpec);

2
HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java
View File

@ -60,7 +60,7 @@ public class DeviceInfoCollectorTest extends PowerMockTestCase {
final int numberOfDmiDecodeCalls = 9;
// the following two lines assert that collectDmiDecodeValue was called 9 times
PowerMockito.verifyStatic(times(numberOfDmiDecodeCalls));
PowerMockito.verifyStatic(DeviceInfoCollector.class, times(numberOfDmiDecodeCalls));
DeviceInfoCollector.collectDmiDecodeValue(any(OSName.class), anyString());
Assert.assertNotNull(report.getNetworkInfo());

34
HIRS_Structs/build.gradle
View File

@ -1,33 +1,21 @@
apply plugin: 'java'
apply plugin: 'checkstyle'
plugins {
id 'java'
}
repositories {
mavenCentral()
}
sourceCompatibility = 1.8
dependencies {
compile libs.commons_lang
testCompile libs.mockito
testCompile libs.testng
implementation libs.commons.lang
testImplementation libs.mockito
testImplementation libs.testng
}
ext.configDir = new File(projectDir, 'config')
ext.checkstyleConfigDir = "$configDir/checkstyle"
checkstyle {
toolVersion = '5.7'
configFile = checkstyleConfigFile
configProperties.put('basedir', checkstyleConfigDir)
ignoreFailures = false
showViolations = true
}
publishing {
publications {
maven(MavenPublication) {
artifactId 'hirs-structs'
from components.java
}
}
}

176
HIRS_Utils/build.gradle
View File

@ -1,141 +1,61 @@
apply plugin: 'checkstyle'
apply plugin: 'eclipse'
apply plugin: 'findbugs'
apply plugin: 'java'
apply plugin: 'jacoco'
apply plugin: 'pmd'
plugins {
id 'eclipse'
id 'java'
}
ext.configDir = new File(projectDir, 'config')
sourceCompatibility = 1.8
sourceSets {
integrationTest {
java.srcDir file('src/integration/java')
compileClasspath = sourceSets.main.output + sourceSets.test.output + configurations.testRuntime
runtimeClasspath = output + compileClasspath
}
tasks.withType(JavaCompile) {
options.release = 11
}
task utilsTestJar(type: Jar) {
from sourceSets.test.output
repositories {
mavenCentral()
}
dependencies {
compile libs.gson // required for plugin
compile libs.bouncy_castle
compile libs.commons_cli
compile libs.commons_codec
compile libs.commons_csv
compile libs.commons_exec
compile libs.commons_io
compile libs.commons_lang
compile libs.commons_http
compile libs.commons_valid
compile libs.hibernate
compile libs.hikari
compile libs.jackson
compile libs.jadira_usertype
compile libs.joda_time
compile libs.log4j2
compile libs.mariadb
compile libs.pci_ids
compile libs.reflections
compile libs.guava
compile libs.spring_core
compile libs.spring_retry
compile libs.minimal_json
compile (libs.xml_rpc_client) {
exclude group: 'junit'
}
compile 'org.jboss.logging:jboss-logging:3.2.0.Final'
compile 'org.apache.commons:commons-text:1.9'
implementation libs.bouncy.castle
implementation libs.checkstyle
implementation libs.commons.cli
implementation libs.commons.codec
implementation libs.commons.csv
implementation libs.commons.exec
implementation libs.commons.io
implementation libs.commons.lang
implementation libs.commons.http
implementation libs.commons.text
implementation libs.commons.valid
implementation libs.findbugs
implementation libs.gson
implementation libs.guava
implementation libs.hibernate
implementation libs.jackson.databind
implementation libs.jadira.usertype
implementation libs.javax.annotation
implementation libs.jboss.logging
implementation libs.joda.time
implementation libs.log4j2.core
implementation libs.mariadb
implementation libs.minimal.json
implementation libs.pci.ids
implementation libs.reflections
implementation libs.spring.core
implementation libs.spring.retry
implementation libs.spring.plugin
implementation libs.xml.rpc.client
// add spring plugin, but do not pull transitive dependencies (causes conflicts)
compile(libs.spring_plugin) {
exclude group: "org.springframework"
}
compileOnly libs.checkstyle
compileOnly libs.findbugs
runtime fileTree(dir: 'build/plugins', include: ['*.jar'])
testCompile libs.spring_test
testCompile libs.hsqldb
testCompile libs.jcommander
testCompile libs.mockito
testCompile libs.powermock
testCompile libs.testng
testCompile libs.checkstyle
testCompile libs.findbugs
testCompile libs.commons_lang
}
task generateXjcLibrary(type:Exec) {
workingDir 'config'
commandLine './genXjcLibrary.sh'
}
compileJava.dependsOn generateXjcLibrary
task importBaseline(type:JavaExec) {
description 'Imports Baselines into the database'
main = "hirs.persist.ImportCLI"
if (project.hasProperty("mainArgs") ) {
args mainArgs.split()
}
classpath = sourceSets.main.runtimeClasspath
}
task integrationTest(type: Test) {
testClassesDir = sourceSets.integrationTest.output.classesDir
classpath = sourceSets.integrationTest.runtimeClasspath
testImplementation libs.spring.test
testImplementation libs.hsqldb
testImplementation libs.jcommander
testImplementation libs.mockito
testImplementation libs.powermock
testImplementation libs.powermock.mockito
testImplementation libs.powermock.testng
testImplementation libs.testng
testImplementation libs.checkstyle
testImplementation libs.findbugs
testImplementation libs.commons.lang
}
ext.checkstyleConfigDir = "$configDir/checkstyle"
checkstyle {
toolVersion = '8.10.1'
configFile = checkstyleConfigFile
configProperties.put('basedir', checkstyleConfigDir)
ignoreFailures = false
showViolations = true
}
ext.findbugsConfigDir = "$configDir/findbugs"
findbugs {
toolVersion = '3.0.0'
ignoreFailures = false
effort = 'max'
excludeFilter = new File(findbugsConfigDir, 'suppressions.xml')
}
pmdMain {
exclude '**/xjc/**'
}
jacocoTestReport {
reports {
xml.enabled true
csv.enabled true
html.enabled true
html.destination "${buildDir}/reports/jacoco/html"
}
}
publishing {
publications {
maven(MavenPublication) {
artifactId 'hirs-utils'
from components.java
}
testResources(MavenPublication) {
artifactId 'hirs-utils-test'
artifact utilsTestJar
}
}
}

BIN
HIRS_Utils/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

5
HIRS_Utils/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@ -0,0 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

240
HIRS_Utils/gradlew vendored Executable file
View File

@ -0,0 +1,240 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
APP_NAME="Gradle"
APP_BASE_NAME=${0##*/}
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

12
HIRS_Utils/src/integration/java/integration/hirs/repository/spacewalk/SpacewalkServiceConsoleTester.java
View File

@ -1,15 +1,17 @@
package integration.hirs.repository.spacewalk;
import hirs.persist.PersistenceConfiguration;
import hirs.persist.RepositoryManager;
import hirs.repository.RepositoryException;
import hirs.repository.RepositoryUpdateService;
import hirs.repository.spacewalk.Credentials;
import hirs.repository.spacewalk.SpacewalkChannel;
import hirs.repository.spacewalk.SpacewalkChannelRepository;
import hirs.repository.spacewalk.SpacewalkService;
import hirs.repository.spacewalk.SpacewalkException;
import hirs.repository.spacewalk.SpacewalkPackage;
import hirs.repository.spacewalk.SpacewalkService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import java.io.IOException;
import java.net.MalformedURLException;
@ -17,10 +19,6 @@ import java.net.URL;
import java.util.List;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
/**
* Console tester application that exercises the SpacewalkService test by connecting to a real
* Spacewalk instance with username / password.
@ -72,7 +70,7 @@ public final class SpacewalkServiceConsoleTester {
private static void loadBeansFromSpringContext() {
AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext();
context.register(PersistenceConfiguration.class);
// context.register(null);
context.refresh();
// register a shutdown hook such that components are properly shutdown when JVM is closing

52
HIRS_Utils/src/main/java/hirs/DeviceGroupSerializer.java
View File

@ -1,52 +0,0 @@
package hirs;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import hirs.data.persist.DeviceGroup;
import java.io.IOException;
import java.util.Date;
/**
* Serializes <code>DeviceGroup</code> data for Json to process.
*/
public class DeviceGroupSerializer extends JsonSerializer<DeviceGroup> {
@Override
public void serialize(final DeviceGroup value, final JsonGenerator gen,
final SerializerProvider serializers) throws IOException {
gen.writeStartObject();
if (value.getId() != null) {
gen.writeStringField("id", value.getId().toString());
} else {
gen.writeNullField("id");
}
gen.writeNumberField("createTime", value.getCreateTime().getTime());
Date archivedTime = value.getArchivedTime();
if (archivedTime != null) {
gen.writeNumberField("archivedTime", archivedTime.getTime());
} else {
gen.writeNullField("archivedTime");
}
gen.writeStringField("archivedDescription", value.getArchivedDescription());
gen.writeStringField("name", value.getName());
gen.writeStringField("description", value.getDescription());
gen.writeNumberField("periodicReportDelayThreshold",
value.getPeriodicReportDelayThreshold());
gen.writeBooleanField("enablePeriodicReportDelayAlert",
value.isEnablePeriodicReportDelayAlert());
gen.writeNumberField("onDemandReportDelayThreshold",
value.getOnDemandReportDelayThreshold());
gen.writeBooleanField("enableOnDemandReportDelayAlert",
value.isEnableOnDemandReportDelayAlert());
gen.writeBooleanField("waitForAppraisalCompletionEnabled",
value.isWaitForAppraisalCompletionEnabled());
gen.writeObjectField("scheduledJobInfo", value.getScheduledJobInfo());
gen.writeNumberField("numberOfDevices", value.getNumberOfDevices());
gen.writeNumberField("numberOfTrustedDevices", value.getNumberOfTrustedDevices());
gen.writeStringField("healthStatus", value.getHealthStatus().toString());
gen.writeBooleanField("archived", value.isArchived());
gen.writeEndObject();
}
}

102
HIRS_Utils/src/main/java/hirs/IMAReportRequest.java
View File

@ -1,102 +0,0 @@
package hirs;
import static org.apache.logging.log4j.LogManager.getLogger;
import hirs.data.persist.IMAReport;
import hirs.data.persist.Report;
import javax.xml.bind.annotation.XmlElement;
import org.apache.logging.log4j.Logger;
/**
* <code>IMAReportRequest</code> is an immutable class and extends
* <code>ReportRequest</code> to specify parameters which define
* the composition of the IMA report to be generated by the client.
* For example, <code>IMAReportRequest</code> specifies whether a full IMA
* report should be generated and submitted for appraisal or whether a delta
* report (containing new entries since last full report) should be generated
* and submitted. If a delta report is being requested, then an index must be
* provided which is used to inform the client which subset of measurements
* to include in the report.
*/
public final class IMAReportRequest implements ReportRequest {
private static final Logger LOGGER = getLogger(IMAReportRequest.class);
@XmlElement
private final String bootcycleId;
@XmlElement
private final int index;
/**
* Default constructor required to enable marshalling and unmarshalling
* to/from xml.
*/
public IMAReportRequest() {
this(null, 0);
}
/**
* Creates a new <code>IMAReportRequest</code>. The boot-cycle ID and index
* are set. The boot-cycle ID may be null to indicate that it is unknown by
* the appraiser and a full report should be sent. The index is the index of
* the new IMA record to send. An index of zero indicates a full report
* should be sent.
* <p>
* If the boot-cycle is null then the index must be zero. Otherwise an
* <code>IllegalArgumentException</code> is thrown.
*
* @param bootcycleId
* boot-cycle ID
* @param i
* value to use as IMA index
*/
public IMAReportRequest(final String bootcycleId, final int i) {
LOGGER.debug("Entering constructor");
if (i >= 0) {
index = i;
} else {
String msg = "Cannot init IMAReportRequest with index less than 0";
LOGGER.error(msg);
throw new IllegalArgumentException(msg);
}
if (bootcycleId == null && i != 0) {
String msg = "null boot-cycle ID must have index of 0";
LOGGER.error(msg);
throw new IllegalArgumentException(msg);
}
this.bootcycleId = bootcycleId;
LOGGER.debug("Exiting constructor");
}
@Override
public Class<? extends Report> getReportType() {
return IMAReport.class;
}
/**
* Returns the boot-cycle ID. This is the last boot-cycle ID that was saved
* by the appraiser. If this is null or different than the boot-cycle ID for
* the collector then a full report shall be sent.
*
* @return boot-cycle ID
*/
public String getBootcycleId() {
return bootcycleId;
}
/**
* Method returns the IMA index.
* @return index used to specify start location of measurement entries to
* include in IMA report
*/
public int getIMAIndex() {
return index;
}
@Override
public String toString() {
return String.format("(%s, %d)", bootcycleId, index);
}
}

17
HIRS_Utils/src/main/java/hirs/IntegrityReportRequest.java
View File

@ -1,22 +1,20 @@
package hirs;
import static org.apache.logging.log4j.LogManager.getLogger;
import hirs.data.persist.IntegrityReport;
import hirs.data.persist.Report;
import org.apache.logging.log4j.Logger;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import org.apache.logging.log4j.Logger;
import static org.apache.logging.log4j.LogManager.getLogger;
/**
* <code>IntegrityReportRequest</code> is used to manage the request of specific
@ -42,8 +40,7 @@ public class IntegrityReportRequest implements ReportRequest {
Collections.unmodifiableList(Arrays.asList(
IntegrityReportRequest.class,
DeviceInfoReportRequest.class,
TPMReportRequest.class,
IMAReportRequest.class
TPMReportRequest.class
));
/**

2
HIRS_Utils/src/main/java/hirs/ReportRequest.java
View File

@ -15,7 +15,7 @@ import javax.xml.bind.annotation.XmlTransient;
* client and submitted to the <code>Appraiser</code> for processing.
*/
@XmlTransient
@XmlSeeAlso(value = { IntegrityReportRequest.class, TPMReportRequest.class, IMAReportRequest.class,
@XmlSeeAlso(value = { IntegrityReportRequest.class, TPMReportRequest.class,
DeviceInfoReportRequest.class })
public interface ReportRequest {

151
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java
View File

@ -1,151 +0,0 @@
package hirs.alert;
import hirs.alert.resolve.AddToIMABaselineAlertResolver;
import hirs.alert.resolve.AddToTPMBaselineAlertResolver;
import hirs.alert.resolve.AlertResolver;
import hirs.alert.resolve.IgnoreAlertResolver;
import hirs.alert.resolve.RemoveFromIMABaselineAlertResolver;
import hirs.alert.resolve.RemoveFromTPMBaselineAlertResolver;
import hirs.alert.resolve.RequestNewReportAlertResolver;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.baseline.SimpleImaBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
/**
* Specifies actions that can be taken to resolve an Alert.
*/
public enum AlertResolutionAction {
/**
* Take no action.
*/
NONE("No action taken"),
/**
* Ignore the given alert or alerts.
*/
IGNORE("Ignored Once", IgnoreAlertResolver.class),
/**
* Add the referenced IMA record to a baseline.
*/
ADD_TO_IMA_BASELINE("Added to IMA Baseline", AddToIMABaselineAlertResolver.class,
SimpleImaBaseline.class),
/**
* Remove the referenced IMA record from any baselines it can be found in.
*/
REMOVE_FROM_IMA_BASELINE("Removed from IMA Baseline", RemoveFromIMABaselineAlertResolver.class,
SimpleImaBaseline.class),
/**
* Add the referenced TPM record to a baseline.
*/
ADD_TO_TPM_BASELINE("Added to TPM baseline", AddToTPMBaselineAlertResolver.class,
TpmWhiteListBaseline.class),
/**
* Remove the referenced TPM record from any baselines it can be found in.
*/
REMOVE_FROM_TPM_BASELINE("Removed from TPM Baseline", RemoveFromTPMBaselineAlertResolver.class,
TpmWhiteListBaseline.class),
/**
* Request a new report.
*/
REQUEST_NEW_REPORT("Requested new report.", RequestNewReportAlertResolver.class);
private final String defaultReason;
private final Class<? extends AlertResolver> alertResolver;
private final Class<? extends Baseline> baselineType;
/**
* Construct a new AlertResolutionAction with a reason the alert has been resolved, the class
* that can perform the resolution, and the class of baseline operated on by this resolution.
*
* @param defaultReason the reason an alert can be considered resolved as a result of this
* action
* @param alertResolver the class that will perform the resolution action
* @param baselineType the type of baseline operated on by this resolution action
*/
AlertResolutionAction(final String defaultReason,
final Class<? extends AlertResolver> alertResolver,
final Class<? extends Baseline> baselineType) {
this.defaultReason = defaultReason;
this.alertResolver = alertResolver;
this.baselineType = baselineType;
}
/**
* Construct a new AlertResolutionAction with a reason the alert has been resolved and the class
* that can perform the resolution.
*
* @param defaultReason the reason an alert can be considered resolved as a result of this
* action
* @param alertResolver the class that will perform the resolution action
*/
AlertResolutionAction(final String defaultReason,
final Class<? extends AlertResolver> alertResolver) {
this.defaultReason = defaultReason;
this.baselineType = null;
this.alertResolver = alertResolver;
}
/**
* Construct a new AlertResolutionAction with a reason the alert has been resolved.
*
* @param defaultReason the reason an alert can be considered resolved as a result of this
* action
*/
AlertResolutionAction(final String defaultReason) {
this.defaultReason = defaultReason;
this.baselineType = null;
this.alertResolver = null;
}
/**
* Returns a string containing a generic reason for the resolution if not provided by the user.
*
* @return string containing a generic reason for the resolution
*/
public String getDefaultReason() {
return defaultReason;
}
/**
* Returns the AlertResolver class for the action.
*
* @return the AlertResolver class for the action
*/
public Class<? extends AlertResolver> getAlertResolver() {
return alertResolver;
}
/**
* Returns the appropriate {@link Baseline} class for the action or null if the action does not
* involve a baseline.
*
* @return the appropriate {@link Baseline} class for the action
*/
public Class<? extends Baseline> getBaselineType() {
return baselineType;
}
/**
* Returns true if the resolution modifies a Baseline.
*
* @return true if the resolution modifies a Baseline
*/
public boolean isBaselineResolution() {
return baselineType != null;
}
/**
* Returns true if the resolution can resolve the specified Baseline.
*
* @param baseline the Baseline to test
* @return true if the resolution can resolve the specified Baseline.
*/
public boolean canResolve(final Baseline baseline) {
if (baseline == null || baselineType == null) {
return false;
} else {
return baselineType.isAssignableFrom(baseline.getClass());
}
}
}

84
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionOption.java
View File

@ -1,84 +0,0 @@
package hirs.alert;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.List;
/**
* A serializable response for a possible alert resolution option.
*/
@SuppressFBWarnings("URF_UNREAD_FIELD")
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY)
public class AlertResolutionOption {
// the operation that will be attempted if this option is executed
private final AlertResolutionAction action;
// why the chosen option is provided
private final String reason;
// the names of the baselines that can be affected by this option
private List<String> whitelistNames;
private List<String> requiredSetNames;
private List<String> ignoreSetNames;
private List<String> tpmBaselineNames;
/**
* Create a new <code>AlertResolutionOption</code>.
*
* @param action to take if this option is chosen
* @param reason why the chosen option is provided
*/
public AlertResolutionOption(final AlertResolutionAction action, final String reason) {
this.action = action;
this.reason = reason;
}
/**
* Set the names of whitelists that can be edited by choosing this option.
*
* @param whitelistNames that can be edited
*/
public void setWhitelistNames(final List<String> whitelistNames) {
this.whitelistNames = whitelistNames;
}
/**
* Set the names of required sets that can be edited by choosing this option.
*
* @param requiredSetNames that can be edited
*/
public void setRequiredSetNames(final List<String> requiredSetNames) {
this.requiredSetNames = requiredSetNames;
}
/**
* Set the names of ignore sets that can be edited by choosing this option.
*
* @param ignoreSetNames that can be edited
*/
public void setIgnoreSetNames(final List<String> ignoreSetNames) {
this.ignoreSetNames = ignoreSetNames;
}
/**
* Set the names of TPM baselines that can be edited by choosing this option.
*
* @param tpmBaselineNames that can be edited
*/
public void setTpmBaselineNames(final List<String> tpmBaselineNames) {
this.tpmBaselineNames = tpmBaselineNames;
}
/**
* Checks if the specified action matches this option's action.
*
* @param action the action to check
* @return true if the specified action matches this option's action
*/
public boolean hasAction(final AlertResolutionAction action) {
return action == this.action;
}
}

65
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionRequest.java
View File

@ -1,65 +0,0 @@
package hirs.alert;
import hirs.data.persist.Alert;
import java.util.Collections;
import java.util.List;
/**
* Describes a resolution for an alert as specified by a user.
*/
public class AlertResolutionRequest {
private final List<Alert> alerts;
private final AlertResolutionAction action;
private final String baselineName;
private final String reason;
/**
* Constructor for AlertResolutionRequest.
* @param alerts the alerts being resolved
* @param action the action to take for resolving the alerts
* @param baselineName the baseline
* @param reason the reason for taking the action
*/
public AlertResolutionRequest(final List<Alert> alerts, final AlertResolutionAction action,
final String baselineName, final String reason) {
this.alerts = alerts;
this.action = action;
this.baselineName = baselineName;
this.reason = reason;
}
/**
* Gets an unmodifiable List of the alerts.
* @return an unmodifiable List of the alerts
*/
public List<Alert> getAlerts() {
return Collections.unmodifiableList(alerts);
}
/**
* Gets the action being taken for the alerts.
* @return the action being taken for the alerts
*/
public AlertResolutionAction getAction() {
return action;
}
/**
* Gets the name of the baseline.
* @return the name of the baseline
*/
public String getBaselineName() {
return baselineName;
}
/**
* Gets the reason for taking the action.
* @return the reason for taking the action
*/
public String getReason() {
return reason;
}
}

368
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java
View File

@ -1,368 +0,0 @@
package hirs.alert;
import hirs.alert.resolve.AlertResolver;
import hirs.appraiser.Appraiser;
import hirs.appraiser.IMAAppraiser;
import hirs.appraiser.TPMAppraiser;
import hirs.data.persist.Alert;
import hirs.alert.resolve.AlertResolverFactory;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.TPMBaseline;
import hirs.data.persist.TPMPolicy;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.AlertSource;
import hirs.data.persist.enums.AlertType;
import hirs.persist.AppraiserManager;
import hirs.persist.DeviceManager;
import hirs.persist.PolicyManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
import hirs.persist.AlertManager;
import hirs.persist.BaselineManager;
import hirs.persist.DeviceHealthManager;
import hirs.persist.ImaBaselineRecordManager;
/**
* A service to resolve {@link Alert}s that are no longer problematic. Determines the possible
* actions that can be taken given a specific set of alerts and takes those actions.
*/
@Service
public class AlertResolutionService {
private static final Logger LOGGER = LogManager.getLogger(AlertResolutionService.class);
@Autowired
private DeviceManager deviceManager;
@Autowired
private AppraiserManager appraiserManager;
@Autowired
private PolicyManager policyManager;
@Autowired
private AlertManager alertManager;
@Autowired
private DeviceHealthManager deviceHealthManager;
@Autowired
private BaselineManager baselineManager;
@Autowired
private ImaBaselineRecordManager imaBaselineRecordManager;
@Autowired
private AlertResolverFactory alertResolverFactory;
/**
* This method will evaluate alerts and provide potentially useful
* <code>AlertResolutionOption</code>s for resolution.
*
* @param alerts alerts to be evaluated for resolution
* @return
* Returns a list of <code>AlertResolutionOption</code>s based on the source,
* type, and associated policy of the given alerts
*/
public List<AlertResolutionOption> getResolutionOptions(final List<Alert> alerts) {
// find cases where ignoring is the only option, such as nonexistent devices or groups,
// multiple alert sources, or multiple device groups
List<AlertResolutionOption> options = getIgnoreOnlyOptions(alerts);
if (!options.isEmpty()) {
return options;
}
// now the alert sources and the device groups of the referenced devices should all be
// the same, so take them from the first alert
DeviceGroup deviceGroup = deviceManager.getDevice(alerts.get(0).getDeviceName())
.getDeviceGroup();
AlertSource source = alerts.get(0).getSource();
// build a list of resolution options specific to the alert source
LOGGER.debug(String.format("source of alerts is %s", source.toString()));
switch (source) {
case IMA_APPRAISER:
return getImaResolutionOptions(alerts, deviceGroup);
case TPM_APPRAISER:
return getTpmResolutionOptions(alerts, deviceGroup);
// only the default options are supported for all other alerts
default:
return getDefaultOptions(alerts);
}
}
/**
* Determine if the given alerts support any actions besides ignoring. This will be the case if
* one of the following is true:
* <ul>
* <li>Any of the alerts has a null device or nonexistent device name</li>
* <li>Any of the alerts references a device with a null group</li>
* <li>Any two alerts have different sources</li>
* <li>Any two alerts have different device groups (and thus different policies)</li>
* </ul>
*
* @param alerts the list of alerts to check
* @return a list with an ignore option or an empty list if there might be more options
*/
private List<AlertResolutionOption> getIgnoreOnlyOptions(final List<Alert> alerts) {
List<AlertResolutionOption> options = new ArrayList<>();
Device device = null;
AlertSource sharedSource = null;
AlertSource currentSource = null;
DeviceGroup sharedDeviceGroup = null;
DeviceGroup currentDeviceGroup = null;
for (Alert alert : alerts) {
// the device might be null if the report was malformed
device = deviceManager.getDevice(alert.getDeviceName());
if (device == null) {
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"One or more alerts reference a nonexistent device."));
return options;
}
// the device group shouldn't be null, but we should check it
currentDeviceGroup = device.getDeviceGroup();
if (currentDeviceGroup == null) {
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"One or more alerts reference a device with a nonexistent group."));
return options;
}
currentSource = alert.getSource();
if (currentSource == null) {
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"One or more alerts is missing an alert source."));
return options;
}
// if this is the first alert in the list
if (sharedSource == null && sharedDeviceGroup == null) {
sharedSource = currentSource;
sharedDeviceGroup = currentDeviceGroup;
} else {
if (!currentSource.equals(sharedSource)) {
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"Multiple alerts reference different alert sources."));
return options;
}
if (!currentDeviceGroup.equals(sharedDeviceGroup)) {
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"One or more alerts reference devices in different device groups."));
return options;
}
}
}
// an empty options list means the alert list may be actionable
return options;
}
/**
* Determine resolution options for alerts with IMA Appraiser as the alert source.
* @param alertList - list of alerts that share a source and device group
* @return a list of <code>AlertResolutionOption</code>s
*/
private List<AlertResolutionOption> getImaResolutionOptions(
final List<Alert> alertList, final DeviceGroup deviceGroup) {
boolean canAddToBaseline = true;
AlertType alertType;
for (Alert alert : alertList) {
alertType = alert.getType();
// addToBaseline only helps if each alert would be fixed by adding a record
if (!alertType.equals(AlertType.WHITELIST_MISMATCH)
&& !alertType.equals(AlertType.REQUIRED_SET_MISMATCH)
&& !alertType.equals(AlertType.UNKNOWN_FILE)) {
LOGGER.debug("cannot add ima record to baseline to resolve alert because alert is"
+ " type {}", alertType);
canAddToBaseline = false;
break;
}
}
List<AlertResolutionOption> options = getDefaultOptions(alertList);
if (canAddToBaseline) {
options.add(getAddToImaBaselineOption(deviceGroup));
}
return options;
}
/**
* Create an <code>AlertResolutionOption</code> to add to the IMA baselines associated with the
* given device group.
*
* @param deviceGroup to get IMA baselines from
* @return option including the possible baselines to add to
*/
private AlertResolutionOption getAddToImaBaselineOption(final DeviceGroup deviceGroup) {
AlertResolutionOption option = new AlertResolutionOption(
AlertResolutionAction.ADD_TO_IMA_BASELINE,
"One or more alerts could be resolved by adding a record to an IMA baseline.");
Appraiser appraiser = appraiserManager.getAppraiser(IMAAppraiser.NAME);
IMAPolicy imaPolicy = (IMAPolicy) policyManager.getPolicy(appraiser, deviceGroup);
List<ImaAcceptableRecordBaseline> whitelists = new ArrayList<>(imaPolicy.getWhitelists());
List<ImaAcceptableRecordBaseline> requiredSets =
new ArrayList<>(imaPolicy.getRequiredSets());
List<ImaIgnoreSetBaseline> ignoreSets = new ArrayList<>(imaPolicy.getIgnoreSets());
List<String> whitelistNames = new ArrayList<>();
for (ImaBaseline whitelist : whitelists) {
whitelistNames.add(whitelist.getName());
}
option.setWhitelistNames(whitelistNames);
List<String> requiredSetNames = new ArrayList<>();
for (ImaBaseline requiredSet : requiredSets) {
requiredSetNames.add(requiredSet.getName());
}
option.setRequiredSetNames(requiredSetNames);
List<String> ignoreSetNames = new ArrayList<>();
for (ImaIgnoreSetBaseline ignoreSet : ignoreSets) {
ignoreSetNames.add(ignoreSet.getName());
}
option.setIgnoreSetNames(ignoreSetNames);
return option;
}
/**
* Determine resolution options for alerts with TPM Appraiser as the alert source.
* @param alertList - list of alerts that share a source and device group
* @return a list of <code>AlertResolutionOption</code>s
*/
private List<AlertResolutionOption> getTpmResolutionOptions(
final List<Alert> alertList, final DeviceGroup deviceGroup) {
boolean canEditBaseline = true;
// should only attempt to add to the baseline if all the alerts are of
// the type WHITE_LIST_PCR_MISMATCH
for (Alert alert : alertList) {
if (!alert.getType().equals(AlertType.WHITE_LIST_PCR_MISMATCH)) {
canEditBaseline = false;
break;
}
}
List<AlertResolutionOption> options = getDefaultOptions(alertList);
if (canEditBaseline) {
options.add(getAddToTpmBaselineOption(deviceGroup));
options.add(new AlertResolutionOption(
AlertResolutionAction.REMOVE_FROM_TPM_BASELINE,
"One or more alerts could be resolved by removing a record from a TPM "
+ "baseline."));
}
return options;
}
/**
* Create an <code>AlertResolutionOption</code> to add to the TPM baselines associated with the
* given device group.
*
* @param deviceGroup to get TPM baselines from
* @return option including the possible baselines to add to
*/
private AlertResolutionOption getAddToTpmBaselineOption(final DeviceGroup deviceGroup) {
AlertResolutionOption option = new AlertResolutionOption(
AlertResolutionAction.ADD_TO_TPM_BASELINE,
"One or more alerts could be resolved by adding a record to a TPM baseline.");
Appraiser appraiser = appraiserManager.getAppraiser(TPMAppraiser.NAME);
TPMPolicy tpmPolicy = (TPMPolicy) policyManager.getPolicy(appraiser, deviceGroup);
List<TpmWhiteListBaseline> tpmBaselines
= new ArrayList<>(tpmPolicy.getTpmWhiteListBaselines());
List<String> tpmBaselineNames = new ArrayList<>();
for (TPMBaseline baseline : tpmBaselines) {
tpmBaselineNames.add(baseline.getName());
}
option.setTpmBaselineNames(tpmBaselineNames);
return option;
}
/**
* Build the list of default options.
* @return a list of the options available for all alerts
*/
private List<AlertResolutionOption> getDefaultOptions(final List<Alert> alertList) {
List<AlertResolutionOption> options = new ArrayList<>();
LOGGER.debug("adding default alert resolution options for alert source {}",
alertList.get(0).getSource());
// ignoring the alert and requesting a new report are always options
options.add(new AlertResolutionOption(
AlertResolutionAction.IGNORE,
"Default alert resolution option"));
options.add(new AlertResolutionOption(
AlertResolutionAction.REQUEST_NEW_REPORT,
"Default alert resolution option"));
return options;
}
/**
* Checks AlertResolutionRequest parameters, then creates and invokes the appropriate
* AlertResolver.
*
* @param request the AlertResolution request defining the action to be taken
* @return AlertResolutionResults containing the resolved alerts and errors
*/
@SuppressWarnings("checkstyle:avoidinlineconditionals")
public AlertResolver resolve(final AlertResolutionRequest request) {
// check alerts
final List<Alert> alerts = request.getAlerts();
if (alerts == null || alerts.isEmpty()) {
return alertResolverFactory.getAnonymous("No alerts were provided.");
}
// check if valid resolution
final AlertResolutionAction action = request.getAction();
List<AlertResolutionOption> options = getResolutionOptions(request.getAlerts());
for (AlertResolutionOption option : options) {
if (option.hasAction(action)) {
LOGGER.info("Resolving " + alerts.size() + " alert(s) by " + action + "...");
return alertResolverFactory.get(request).resolve();
}
}
// return error
String msg = action + " is not a valid resolution for the specified alert";
msg += request.getAlerts().size() == 1 ? "." : "s.";
return alertResolverFactory.getAnonymous(msg);
}
}

Some files were not shown because too many files have changed in this diff Show More