This push has changes to resolve archivable items not updating the

archiveTime element.
2025-01-31 16:35:29 +00:00 · 2023-11-08 13:10:40 -05:00 · 2023-11-08 13:10:40 -05:00 · f01b5a2060
commit f01b5a2060
parent 548d6bb1eb
4 changed files with 37 additions and 19 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java
@ -13,7 +13,6 @@ import java.util.Date;
 * An abstract archivable entity that can be deleted.
 */
@ToString
-@Getter
@MappedSuperclass
 public abstract class ArchivableEntity extends AbstractEntity {

@ -79,6 +78,21 @@ public abstract class ArchivableEntity extends AbstractEntity {
        }
    }

+    /**
+     * Returns the timestamp of when the entity was archived if applicable. If the
+     * entity has not been resolved, then null is returned.
+     *
+     * @return archivedTime
+     *      If entity was archived, timestamp of the occurrence, null otherwise.
+     */
+    public final Date getArchivedTime() {
+        if (archivedTime == null) {
+            return null;
+        } else {
+            return (Date) archivedTime.clone();
+        }
+    }
+
    /**
     * Sets the archivedTime to null.  The archivedTime being null signifies that the entity has
     * not been archived.  If the time is already null then this call was unnecessary.
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java
@ -13,7 +13,7 @@ import java.util.List;
 import java.util.UUID;

@Repository
-public interface CertificateRepository<T extends Certificate> extends JpaRepository<Certificate, UUID> {
+public interface CertificateRepository extends JpaRepository<Certificate, UUID> {

    @Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true)
    Certificate getCertificate(UUID uuid);
@ -22,7 +22,7 @@ public interface CertificateRepository<T extends Certificate> extends JpaReposit
    @Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND  DTYPE = ?2", nativeQuery = true)
    List<Certificate> findBySubjectSorted(String issuedSort, String dType);
    @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true)
-    List<T> findByAll(String dType);
+    List<Certificate> findByType(String dType);
    @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true)
    Certificate findBySerialNumber(BigInteger serialNumber, String dType);
    @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
@ -32,7 +32,7 @@ public interface CertificateRepository<T extends Certificate> extends JpaReposit
    @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
    List<PlatformCredential> getByHolderSerialNumber(BigInteger holderSerialNumber);
    @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true)
-    T findByCertificateHash(int certificateHash, String dType);
+    Certificate findByCertificateHash(int certificateHash, String dType);
    EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue);
    IssuedAttestationCertificate findByDeviceId(UUID deviceId);
    Certificate findByCertificateHash(int certificateHash);
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
@ -399,7 +399,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
                    }
                }

-                certificate.archive();
+                certificate.archive("User requested deletion via UI");
                certificateRepository.save(certificate);

                String deleteCompletedMessage = "Certificate successfully deleted";
@ -512,7 +512,7 @@ public class CertificatePageController extends PageController<NoPageParams> {

        try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
            // get all files
-            bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName);
+            bulkDownload(zipOut, this.certificateRepository.findByType("CertificateAuthorityCredential"), singleFileName);
            // write cert to output stream
        } catch (IllegalArgumentException ex) {
            String uuidError = "Failed to parse ID from: ";
@ -544,7 +544,7 @@ public class CertificatePageController extends PageController<NoPageParams> {

        try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
            // get all files
-            bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName);
+            bulkDownload(zipOut, this.certificateRepository.findByType("PlatformCredential"), singleFileName);
            // write cert to output stream
        } catch (IllegalArgumentException ex) {
            String uuidError = "Failed to parse ID from: ";
@ -576,7 +576,7 @@ public class CertificatePageController extends PageController<NoPageParams> {

        try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
            // get all files
-            bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName);
+            bulkDownload(zipOut, this.certificateRepository.findByType("IssuedAttestationCertificate"), singleFileName);
            // write cert to output stream
        } catch (IllegalArgumentException ex) {
            String uuidError = "Failed to parse ID from: ";
@ -607,7 +607,7 @@ public class CertificatePageController extends PageController<NoPageParams> {

        try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
            // get all files
-            bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName);
+            bulkDownload(zipOut, this.certificateRepository.findByType("EndorsementCredential"), singleFileName);
            // write cert to output stream
        } catch (IllegalArgumentException ex) {
            String uuidError = "Failed to parse ID from: ";
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
@ -5,6 +5,7 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository;
 import hirs.attestationca.persist.entity.manager.CertificateRepository;
 import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
 import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
+import hirs.attestationca.persist.entity.userdefined.Certificate;
 import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
 import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
 import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
@ -293,17 +294,19 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
            data.put("pcrList", support.getExpectedPCRList());
        }

-        List<CertificateAuthorityCredential> certificates = certificateRepository
-                .findByAll("CertificateAuthorityCredential");
+        List<Certificate> certificates = certificateRepository
+                .findByType("CertificateAuthorityCredential");
+        CertificateAuthorityCredential caCert;
        //Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid
        data.put("signatureValid", false);
-        for (CertificateAuthorityCredential cert : certificates) {
-            KeyStore keystore = ValidationService.getCaChain(cert, caCertificateRepository);
-            if (RIM_VALIDATOR.validateXmlSignature(cert.getX509Certificate().getPublicKey(),
-                    cert.getSubjectKeyIdString(), cert.getEncodedPublicKey())) {
+        for (Certificate certificate : certificates) {
+            caCert = (CertificateAuthorityCredential) certificate;
+            KeyStore keystore = ValidationService.getCaChain(caCert, caCertificateRepository);
+            if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
+                    caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
                try {
                    if (SupplyChainCredentialValidator.verifyCertificate(
-                            cert.getX509Certificate(), keystore)) {
+                            caCert.getX509Certificate(), keystore)) {
                        data.replace("signatureValid", true);
                        break;
                    }
@ -315,10 +318,11 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
        data.put("skID", RIM_VALIDATOR.getSubjectKeyIdentifier());
        try {
            if (RIM_VALIDATOR.getPublicKey() != null) {
-                for (CertificateAuthorityCredential cert : certificates) {
-                    if (Arrays.equals(cert.getEncodedPublicKey(),
+                for (Certificate certificate : certificates) {
+                    caCert = (CertificateAuthorityCredential) certificate;
+                    if (Arrays.equals(caCert.getEncodedPublicKey(),
                            RIM_VALIDATOR.getPublicKey().getEncoded())) {
-                        data.put("issuerID", cert.getId().toString());
+                        data.put("issuerID", caCert.getId().toString());
                    }
                }
            }