ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-04-11 13:20:23 +00:00
Code Issues Actions15 Packages Projects Releases Wiki Activity

Corrected an issue with the root CA looking itself causing an issue

Browse Source 
because the one root CA had an illegal character.
This commit is contained in:
Cyrus 2023-10-10 13:31:45 -04:00
parent 556322ad39
commit ec39bf55a3
6 changed files with 13 additions and 14 deletions
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager
CACredentialRepository.java
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page
controllers
DevicePageController.javaReferenceManifestPageController.javaRimDatabasePageController.java
utils
CertificateStringMapBuilder.java
HIRS_Utils/src/main/java/hirs/utils
BouncyCastleUtils.java

1
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java

@ -17,4 +17,5 @@ public interface CACredentialRepository extends JpaRepository<CertificateAuthori
List<CertificateAuthorityCredential> findBySubject(String subject);
List<CertificateAuthorityCredential> findBySubjectSorted(String subject);
CertificateAuthorityCredential findBySubjectKeyIdentifier(byte[] subjectKeyIdentifier);
CertificateAuthorityCredential findBySubjectKeyIdString(String subjectKeyIdString);
}

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java

@ -96,8 +96,8 @@ public class DevicePageController extends PageController<NoPageParams> {
if (pagedResult.hasContent()) {
deviceList.addAll(pagedResult.getContent());
}
deviceList.setRecordsTotal(deviceRepository.count());
deviceList.setRecordsFiltered(deviceList.size());
deviceList.setRecordsTotal(input.getLength());
deviceList.setRecordsFiltered(deviceRepository.count());
FilteredRecordsList<HashMap<String, Object>> records
= retrieveDevicesAndAssociatedCertificates(deviceList);

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java

@ -119,7 +119,6 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
log.info("Querying with the following dataTableInput: " + input.toString());
FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
int itemCount = 0;
int currentPage = input.getStart() / input.getLength();
Pageable paging = PageRequest.of(currentPage, input.getLength(), Sort.by(orderColumnName));
org.springframework.data.domain.Page<ReferenceManifest> pagedResult = referenceManifestRepository.findAll(paging);
@ -128,12 +127,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
for (ReferenceManifest manifest : pagedResult.getContent()) {
if (!manifest.getRimType().equals(ReferenceManifest.MEASUREMENT_RIM)) {
records.add(manifest);
itemCount++;
}
}
}
records.setRecordsTotal(referenceManifestRepository.count());
records.setRecordsFiltered(itemCount);
records.setRecordsTotal(input.getLength());
records.setRecordsFiltered(referenceManifestRepository.count());
log.debug("Returning list of size: " + records.size());
return new DataTableResponse<>(records, input);

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java

@ -117,8 +117,8 @@ public class RimDatabasePageController extends PageController<NoPageParams> {
if (pagedResult.hasContent()) {
referenceDigestValues.addAll(pagedResult.getContent());
}
referenceDigestValues.setRecordsTotal(referenceDigestValueRepository.count());
referenceDigestValues.setRecordsFiltered(referenceDigestValues.size());
referenceDigestValues.setRecordsTotal(input.getLength());
referenceDigestValues.setRecordsFiltered(referenceDigestValueRepository.count());
// FilteredRecordsList<ReferenceDigestValue> referenceDigestValues =
// OrderedListQueryDataTableAdapter.getOrderedList(

8
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java

@ -20,6 +20,7 @@ import org.bouncycastle.util.encoders.Hex;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
@ -149,15 +150,14 @@ public final class CertificateStringMapBuilder {
final Certificate certificate,
final CertificateRepository certificateRepository,
final CACredentialRepository caCredentialRepository) {
List<CertificateAuthorityCredential> issuerCertificates = new LinkedList<>();
List<CertificateAuthorityCredential> issuerCertificates = new ArrayList<>();
CertificateAuthorityCredential skiCA = null;
String issuerResult;
//Check if there is a subject organization
if (certificate.getAuthorityKeyIdentifier() != null
&& !certificate.getAuthorityKeyIdentifier().isEmpty()) {
byte[] bytes = Hex.decode(certificate.getAuthorityKeyIdentifier());
skiCA = caCredentialRepository.findBySubjectKeyIdentifier(bytes);
skiCA = caCredentialRepository.findBySubjectKeyIdString(certificate.getAuthorityKeyIdentifier());
} else {
log.error(String.format("Certificate (%s) for %s has no authority key identifier.",
certificate.getClass().toString(), certificate.getSubject()));
@ -185,7 +185,7 @@ public final class CertificateStringMapBuilder {
if (issuerResult.isEmpty()) {
//Check if it's root certificate
if (BouncyCastleUtils.x500NameCompare(issuerCert.getIssuerSorted(),
issuerCert.getSubject())) {
issuerCert.getSubjectSorted())) {
return null;
}
return containsAllChain(issuerCert, certificateRepository, caCredentialRepository);

4
HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java

@ -36,8 +36,8 @@ public final class BouncyCastleUtils {
X500Name x500Name2;
try {
x500Name1 = new X500Name(nameValue1.replace(SEPARATOR_PLUS, SEPARATOR_COMMA));
x500Name2 = new X500Name(nameValue2.replace(SEPARATOR_PLUS, SEPARATOR_COMMA));
x500Name1 = new X500Name(nameValue1);
x500Name2 = new X500Name(nameValue2);
result = x500Name1.equals(x500Name2);
} catch (IllegalArgumentException iaEx) {
log.error(iaEx.toString());