From e22d95c2e69c5317ffc93e6583fefa192fa0f04b Mon Sep 17 00:00:00 2001 From: iadgovuser29 <33426478+iadgovuser29@users.noreply.github.com> Date: Fri, 10 Dec 2021 09:07:28 -0500 Subject: [PATCH] Modified so PCI ID translation will highlight delta certs and show in Tooltips --- .../SupplyChainCredentialValidator.java | 75 +++++++++++-------- .../SupplyChainCredentialValidatorTest.java | 4 +- 2 files changed, 44 insertions(+), 35 deletions(-) diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index acd0a921..dc588634 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -565,20 +565,14 @@ public final class SupplyChainCredentialValidator implements CredentialValidator resultMessage.append(unmatchedComponents); // pass information of which ones failed in additionInfo + int counter = 0; for (ComponentIdentifier ci : validPcComponents) { - try { - if (ci.isVersion2()) { - ComponentIdentifierV2 pciCi = (ComponentIdentifierV2) ci; - if (PciIds.DB.isReady()) { - pciCi = PciIds.translate((ComponentIdentifierV2) ci); - } - additionalInfo.append(String.format("%d;", pciCi.hashCode())); - } else { - additionalInfo.append(String.format("%d;", ci.hashCode())); - } - } catch (Exception ex) { - LOGGER.error(ex.getMessage()); - } + counter++; + additionalInfo.append(String.format("%d;", ci.hashCode())); + } + if (counter > 0) { + additionalInfo.insert(0, "COMPID="); + additionalInfo.append(counter); } } @@ -710,6 +704,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator } if (!fieldValidation || !deltaSb.toString().isEmpty()) { + deltaSb.insert(0, "COMPID="); return new AppraisalStatus(FAIL, resultMessage.toString(), deltaSb.toString()); } @@ -729,21 +724,29 @@ public final class SupplyChainCredentialValidator implements CredentialValidator LOGGER.error("PACCOR output string:\n" + paccorOutputString); return new AppraisalStatus(ERROR, baseErrorMessage + ioEx.getMessage()); } + StringBuilder additionalInfo = new StringBuilder(); if (!fieldValidation) { - // instead of listing all unmatched, just print the #. The failure - // will link to the platform certificate that'll display them. - String failureResults = unmatchedComponents.substring(0, - unmatchedComponents.length() - 1); - String size = unmatchedComponents.substring(unmatchedComponents.length() - 1); resultMessage = new StringBuilder(); - - resultMessage.append(String.format("There are %s unmatched components " - + "on the Platform Certificate:%n", size)); + resultMessage.append("There are unmatched components:\n"); resultMessage.append(unmatchedComponents); - return new AppraisalStatus(FAIL, resultMessage.toString(), failureResults); + // pass information of which ones failed in additionInfo + int counter = 0; + for (ComponentIdentifier ci : baseCompList) { + counter++; + additionalInfo.append(String.format("%d;", ci.hashCode())); + } + if (counter > 0) { + additionalInfo.insert(0, "COMPID="); + additionalInfo.append(counter); + } + } + + if (fieldValidation) { + return new AppraisalStatus(PASS, PLATFORM_ATTRIBUTES_VALID); + } else { + return new AppraisalStatus(FAIL, resultMessage.toString(), additionalInfo.toString()); } - return new AppraisalStatus(PASS, PLATFORM_ATTRIBUTES_VALID); } private static String validateV2PlatformCredentialAttributes( @@ -775,14 +778,23 @@ public final class SupplyChainCredentialValidator implements CredentialValidator // now we return everything that was unmatched // what is in the component info/device reported components // is to be displayed as the failure + fullDeltaChainComponents.clear(); for (ComponentIdentifier ci : subCompIdList) { - ciV2 = (ComponentIdentifierV2) ci; - invalidPcIds.append(String.format("%d;", - ciV2.hashCode())); + if (ci.isVersion2() && PciIds.DB.isReady()) { + ci = PciIds.translate((ComponentIdentifierV2) ci); + } + LOGGER.error("Unmatched component: " + ci); + fullDeltaChainComponents.add(ci); + invalidPcIds.append(String.format( + "Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n", + ci.getComponentManufacturer(), + ci.getComponentModel(), + ci.getComponentSerial(), + ci.getComponentRevision())); } } - return String.format("COMPID=%s%d", invalidPcIds.toString(), subCompIdList.size()); + return invalidPcIds.toString(); } /** @@ -848,7 +860,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator = allDeviceInfoComponents.stream().filter(componentInfo -> componentInfo.getComponentManufacturer().equals(pcManufacturer)) .collect(Collectors.toList()); - // For each component listed in the platform credential from this manufacturer // find the ones that specify a serial number so we can match the most specific ones // first. @@ -857,7 +868,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator -> compIdentifier.getComponentSerial() != null && StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString())) .collect(Collectors.toList()); - // Now match up the components from the device info that are from the same // manufacturer and have a serial number. As matches are found, remove them from // both lists. @@ -878,7 +888,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator } } } - // For each component listed in the platform credential from this manufacturer // find the ones that specify value for the revision field so we can match the most // specific ones first. @@ -887,7 +896,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator -> compIdentifier.getComponentRevision() != null && StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString())) .collect(Collectors.toList()); - // Now match up the components from the device info that are from the same // manufacturer and specify a value for the revision field. As matches are found, // remove them from both lists. @@ -908,7 +916,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator } } } - // The remaining components from the manufacturer have only the 2 required fields so // just match them. List templist = new ArrayList<>(pcComponentsFromManufacturer); @@ -934,6 +941,10 @@ public final class SupplyChainCredentialValidator implements CredentialValidator int unmatchedComponentCounter = 1; for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) { + if (unmatchedComponent.isVersion2() && PciIds.DB.isReady()) { + unmatchedComponent = + PciIds.translate((ComponentIdentifierV2) unmatchedComponent); + } LOGGER.error("Unmatched component " + unmatchedComponentCounter++ + ": " + unmatchedComponent); sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n", diff --git a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java index 49dd4c91..a6903420 100644 --- a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java @@ -2256,9 +2256,7 @@ public class SupplyChainCredentialValidatorTest { .validateDeltaPlatformCredentialAttributes(delta1, deviceInfoReport, base, chainCredentials); Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL); - Assert.assertEquals(result.getMessage(), - "There are 1 unmatched components on the Platform Certificate:\n" - + "COMPID=370101885;1"); + Assert.assertEquals(result.getAdditionalInfo(), "COMPID=370101885;1"); } /**