From f01b5a206048339d34d1c10a819f53cb6ecc6e8c Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 8 Nov 2023 13:10:40 -0500 Subject: [PATCH] This push has changes to resolve archivable items not updating the archiveTime element. --- .../persist/entity/ArchivableEntity.java | 16 ++++++++++++- .../entity/manager/CertificateRepository.java | 6 ++--- .../CertificatePageController.java | 10 ++++---- ...eferenceManifestDetailsPageController.java | 24 +++++++++++-------- 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index a39ec842..6dc75f52 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -13,7 +13,6 @@ import java.util.Date; * An abstract archivable entity that can be deleted. */ @ToString -@Getter @MappedSuperclass public abstract class ArchivableEntity extends AbstractEntity { @@ -79,6 +78,21 @@ public abstract class ArchivableEntity extends AbstractEntity { } } + /** + * Returns the timestamp of when the entity was archived if applicable. If the + * entity has not been resolved, then null is returned. + * + * @return archivedTime + * If entity was archived, timestamp of the occurrence, null otherwise. + */ + public final Date getArchivedTime() { + if (archivedTime == null) { + return null; + } else { + return (Date) archivedTime.clone(); + } + } + /** * Sets the archivedTime to null. The archivedTime being null signifies that the entity has * not been archived. If the time is already null then this call was unnecessary. diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java index 5a97022d..90f94c1e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java @@ -13,7 +13,7 @@ import java.util.List; import java.util.UUID; @Repository -public interface CertificateRepository extends JpaRepository { +public interface CertificateRepository extends JpaRepository { @Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true) Certificate getCertificate(UUID uuid); @@ -22,7 +22,7 @@ public interface CertificateRepository extends JpaReposit @Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true) List findBySubjectSorted(String issuedSort, String dType); @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true) - List findByAll(String dType); + List findByType(String dType); @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true) Certificate findBySerialNumber(BigInteger serialNumber, String dType); @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) @@ -32,7 +32,7 @@ public interface CertificateRepository extends JpaReposit @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) List getByHolderSerialNumber(BigInteger holderSerialNumber); @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true) - T findByCertificateHash(int certificateHash, String dType); + Certificate findByCertificateHash(int certificateHash, String dType); EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue); IssuedAttestationCertificate findByDeviceId(UUID deviceId); Certificate findByCertificateHash(int certificateHash); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index 08df7d76..10d89a46 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -399,7 +399,7 @@ public class CertificatePageController extends PageController { } } - certificate.archive(); + certificate.archive("User requested deletion via UI"); certificateRepository.save(certificate); String deleteCompletedMessage = "Certificate successfully deleted"; @@ -512,7 +512,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("CertificateAuthorityCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -544,7 +544,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("PlatformCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -576,7 +576,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("IssuedAttestationCertificate"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; @@ -607,7 +607,7 @@ public class CertificatePageController extends PageController { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { // get all files - bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName); + bulkDownload(zipOut, this.certificateRepository.findByType("EndorsementCredential"), singleFileName); // write cert to output stream } catch (IllegalArgumentException ex) { String uuidError = "Failed to parse ID from: "; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 4a85f764..f5a9dc2e 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -5,6 +5,7 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; @@ -293,17 +294,19 @@ public class ReferenceManifestDetailsPageController extends PageController certificates = certificateRepository - .findByAll("CertificateAuthorityCredential"); + List certificates = certificateRepository + .findByType("CertificateAuthorityCredential"); + CertificateAuthorityCredential caCert; //Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid data.put("signatureValid", false); - for (CertificateAuthorityCredential cert : certificates) { - KeyStore keystore = ValidationService.getCaChain(cert, caCertificateRepository); - if (RIM_VALIDATOR.validateXmlSignature(cert.getX509Certificate().getPublicKey(), - cert.getSubjectKeyIdString(), cert.getEncodedPublicKey())) { + for (Certificate certificate : certificates) { + caCert = (CertificateAuthorityCredential) certificate; + KeyStore keystore = ValidationService.getCaChain(caCert, caCertificateRepository); + if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(), + caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) { try { if (SupplyChainCredentialValidator.verifyCertificate( - cert.getX509Certificate(), keystore)) { + caCert.getX509Certificate(), keystore)) { data.replace("signatureValid", true); break; } @@ -315,10 +318,11 @@ public class ReferenceManifestDetailsPageController extends PageController