From bcc00419234833298e76665cc9c6f8dbfec18e96 Mon Sep 17 00:00:00 2001
From: Cyrus <24922493+cyrus-dev@users.noreply.github.com>
Date: Tue, 27 Feb 2024 09:58:57 -0500
Subject: [PATCH] Final changes to mark mismatches between the device component
 and the expected platform certificate components.  In addition, some
 checkstyles issues are addressed as well.

---
 .../manager/ComponentAttributeRepository.java |  6 ++
 .../manager/ComponentInfoRepository.java      | 13 +++
 .../manager/ComponentResultRepository.java    | 15 +++-
 .../ReferenceDigestValueRepository.java       |  1 -
 .../entity/tpm/TPM2ProvisionerState.java      |  3 +-
 .../certificate/ComponentResult.java          |  5 +-
 .../certificate/PlatformCredential.java       |  1 -
 .../provision/IdentityClaimProcessor.java     |  1 +
 .../CertificateAttributeScvValidator.java     | 84 ++++++++++++++-----
 9 files changed, 100 insertions(+), 29 deletions(-)

diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
index 7924533c..69ac13a0 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
@@ -7,5 +7,11 @@ import java.util.List;
 import java.util.UUID;
 
 public interface ComponentAttributeRepository extends JpaRepository<ComponentAttributeResult, UUID> {
+    /**
+     * Query to look up Attribute Results based on the PlatformCredential's
+     * db component id.
+     * @param componentId the unique id for the component identifier
+     * @return a list of attribute results
+     */
     List<ComponentAttributeResult> findByComponentId(UUID componentId);
 }
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentInfoRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentInfoRepository.java
index 375fef32..67fec4f0 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentInfoRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentInfoRepository.java
@@ -7,6 +7,19 @@ import java.util.List;
 import java.util.UUID;
 
 public interface ComponentInfoRepository extends JpaRepository<ComponentInfo, UUID> {
+    /**
+     * Query that retrieves device components by device name.
+     * @param deviceName string for the host name
+     * @return a list of device components
+     */
     List<ComponentInfo> findByDeviceName(String deviceName);
+
+    /**
+     * Query that retrieves device components by device name and
+     * the component serial number.
+     * @param deviceName string for the host name
+     * @param componentSerial string for the component serial
+     * @return a list of device components
+     */
     List<ComponentInfo> findByDeviceNameAndComponentSerial(String deviceName, String componentSerial);
 }
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java
index b00bdae5..ab4ae592 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java
@@ -10,6 +10,19 @@ import java.util.UUID;
 @Repository
 public interface ComponentResultRepository extends JpaRepository<ComponentResult, UUID> {
 
+    /**
+     * Query based on the device serial number.
+     * @param boardSerialNumber variable holding the device serial number
+     * @return a list of component result.
+     */
     List<ComponentResult> findByBoardSerialNumber(String boardSerialNumber);
-    List<ComponentResult> findByCertificateSerialNumberAndBoardSerialNumber(String certificateSerialNumber, String boardSerialNumber);
+
+    /**
+     * Query based on certificate serial number and device serial number.
+     * @param certificateSerialNumber certificate specific serial number
+     * @param boardSerialNumber variable holding the device serial number
+     * @return a list of component result.
+     */
+    List<ComponentResult> findByCertificateSerialNumberAndBoardSerialNumber(
+            String certificateSerialNumber, String boardSerialNumber);
 }
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java
index c228a587..0d967757 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java
@@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.manager;
 
 import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
 import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 
 import java.util.List;
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java
index 94e849ba..7ac3afc9 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java
@@ -90,7 +90,8 @@ public class TPM2ProvisionerState {
     /**
      * Convenience method for finding the {@link TPM2ProvisionerState} associated with the nonce.
      *
-     * @param tpm2ProvisionerStateRepository the {@link TPM2ProvisionerStateRepository} to use when looking for the
+     * @param tpm2ProvisionerStateRepository the {@link TPM2ProvisionerStateRepository}
+     *                                       to use when looking for the
      * {@link TPM2ProvisionerState}
      * @param nonce the nonce to use as the key for the {@link TPM2ProvisionerState}
      * @return the {@link TPM2ProvisionerState} associated with the nonce;
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
index f38500e8..83d83e72 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
@@ -20,7 +20,6 @@ import java.util.Objects;
  * A component result is a DO to hold the status of a component validation status.  This will
  * also be used to display this common information on the certificate details page.
  */
-
 @Getter
 @Entity
 @EqualsAndHashCode(callSuper = false)
@@ -55,6 +54,8 @@ public class ComponentResult extends ArchivableEntity {
     /**
      * Default constructor.
      * @param boardSerialNumber associated platform certificate serial number.
+     * @param certificateSerialNumber unique number associated with header info.
+     * @param certificateType parameter holds version 1.2 or 2.0.
      * @param componentIdentifier object with information from the platform certificate components.
      */
     public ComponentResult(final String boardSerialNumber, final String certificateSerialNumber,
@@ -72,7 +73,7 @@ public class ComponentResult extends ArchivableEntity {
         }
         StringBuilder sb = new StringBuilder();
         for (ComponentAddress element : componentIdentifier.getComponentAddress()) {
-            sb.append(String.format("%s:%s;",element.getAddressTypeValue(),
+            sb.append(String.format("%s:%s;", element.getAddressTypeValue(),
                     element.getAddressValue().toString()));
         }
         componentAddress = sb.toString();
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
index 0e131ca9..fb31822a 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
@@ -7,7 +7,6 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Plat
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
-import hirs.attestationca.persist.service.selector.CertificateSelector;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Transient;
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
index 3302e349..f6d61de6 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
@@ -636,6 +636,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
                         platformCredential.getSerialNumber().toString(),
                         platformCredential.getPlatformChainType(),
                         componentIdentifier);
+                componentResult.setMismatched(false);
                 componentResultRepository.save(componentResult);
                 componentResults++;
             }
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
index 5deba6d2..10dece2f 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
@@ -292,10 +292,9 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
                         && identifier.getComponentModel() != null)
                 .collect(Collectors.toList());
 
-        String paccorOutputString = deviceInfoReport.getPaccorOutputString();
-        String unmatchedComponents;
+//        String paccorOutputString = deviceInfoReport.getPaccorOutputString();
+//        String unmatchedComponents;
 
-        // START A NEW
         // populate componentResults list
         List<ComponentResult> componentResults = componentResultRepository
                 .findByCertificateSerialNumberAndBoardSerialNumber(
@@ -345,22 +344,23 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
             });
 
             List<ComponentInfo> componentClassInfo;
+            List<ComponentAttributeResult> attributeResults = new ArrayList<>();
             for (ComponentResult componentResult : remainingComponentResults) {
                 componentClassInfo = componentDeviceMap.get(componentResult.getComponentClassValue());
-                if (componentClassInfo.size() > 1) {
-                    componentResult.setMismatched(!matchBasedOnClass(
-                            componentClassInfo, componentResult, componentAttributeRepository));
+                if (componentClassInfo.size() == 1) {
+                    attributeResults.addAll(generateComponentResults(componentClassInfo, componentResult));
+                } else {
+                    attributeResults.addAll(matchBasedOnAttributes(componentClassInfo, componentResult));
                 }
             }
 
-            for (ComponentResult componentResult : remainingComponentResults) {
-                fieldValidation &= !componentResult.isMismatched();
+            for (ComponentAttributeResult componentAttributeResult : attributeResults) {
+                componentAttributeRepository.save(componentAttributeResult);
+                fieldValidation &= componentAttributeResult.checkMatchedStatus();
             }
         }
 
 
-
-        // END
 //        try {
 //            List<ComponentInfo> componentInfoList
 //                    = getComponentInfoFromPaccorOutput(deviceInfoReport.getNetworkInfo().getHostname(),
@@ -389,27 +389,65 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
         }
     }
 
-    private static boolean matchBasedOnClass(final List<ComponentInfo> componentInfos,
-                                   final ComponentResult componentResult,
-                                   final ComponentAttributeRepository componentAttributeRepository) {
+    private static List<ComponentAttributeResult> generateComponentResults(
+            final List<ComponentInfo> componentInfos,
+            final ComponentResult componentResult) {
         // there are instances of components with the same class (ie hard disks, memory)
-        int listSize = componentInfos.size();
         List<ComponentAttributeResult> attributeResults = new ArrayList<>();
-        boolean matched = true;
         for (ComponentInfo componentInfo : componentInfos) {
             // just do a single pass and save the values
-            attributeResults.add(new ComponentAttributeResult(componentResult.getId(), componentResult.getManufacturer(), componentInfo.getComponentManufacturer()));
-            attributeResults.add(new ComponentAttributeResult(componentResult.getId(), componentResult.getModel(), componentInfo.getComponentModel()));
-            attributeResults.add(new ComponentAttributeResult(componentResult.getId(), componentResult.getSerialNumber(), componentInfo.getComponentSerial()));
-            attributeResults.add(new ComponentAttributeResult(componentResult.getId(), componentResult.getRevisionNumber(), componentInfo.getComponentRevision()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getManufacturer(), componentInfo.getComponentManufacturer()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getModel(), componentInfo.getComponentModel()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getSerialNumber(), componentInfo.getComponentSerial()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getRevisionNumber(), componentInfo.getComponentRevision()));
         }
 
-        for (ComponentAttributeResult componentAttributeResult : attributeResults) {
-            componentAttributeRepository.save(componentAttributeResult);
-            matched &= componentAttributeResult.checkMatchedStatus();
+        return attributeResults;
+    }
+
+    private static List<ComponentAttributeResult> matchBasedOnAttributes(
+            final List<ComponentInfo> componentClassInfo,
+            final ComponentResult componentResult) {
+        // this list only has those of the same class type
+        List<ComponentAttributeResult> attributeResults = new ArrayList<>();
+        Map<String, ComponentInfo> componentSerialMap = new HashMap<>();
+        componentClassInfo.stream().forEach((componentInfo) -> {
+            componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo);
+        });
+        // see if the serial exists
+        ComponentInfo componentInfo = componentSerialMap.get(componentResult.getSerialNumber());
+
+        if (componentInfo != null) {
+            // if the serial, create attribute result and move on
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getManufacturer(), componentInfo.getComponentManufacturer()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getModel(), componentInfo.getComponentModel()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getSerialNumber(), componentInfo.getComponentSerial()));
+            attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                    componentResult.getRevisionNumber(), componentInfo.getComponentRevision()));
+        } else {
+            // didn't find based on serial
+            // look for highest match; otherwise ignore
+            // I already know serial doesn't match
+            componentClassInfo.stream().forEach((ci) -> {
+                boolean manufacturerMatch, modelMatch, revisionMatch;
+                manufacturerMatch = ci.getComponentManufacturer().equals(componentResult.getManufacturer());
+                modelMatch = ci.getComponentModel().equals(componentResult.getModel());
+                revisionMatch = ci.getComponentRevision().equals(componentResult.getRevisionNumber());
+                if (manufacturerMatch && modelMatch && revisionMatch) {
+                    attributeResults.add(new ComponentAttributeResult(componentResult.getId(),
+                            componentResult.getSerialNumber(), ci.getComponentSerial()));
+                }
+            });
         }
 
-        return matched;
+        return attributeResults;
     }
 
     /**