ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-01 00:45:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

This push has changes to resolve archivable items not updating the

Browse Source 
archiveTime element.
This commit is contained in:
Cyrus 2023-11-08 13:10:40 -05:00
parent 548d6bb1eb
commit f01b5a2060
4 changed files with 37 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java
View File

@ -13,7 +13,6 @@ import java.util.Date;
* An abstract archivable entity that can be deleted. * An abstract archivable entity that can be deleted.
*/ */
@ToString @ToString
@Getter
@MappedSuperclass @MappedSuperclass
public abstract class ArchivableEntity extends AbstractEntity { public abstract class ArchivableEntity extends AbstractEntity {
@ -79,6 +78,21 @@ public abstract class ArchivableEntity extends AbstractEntity {
} }
} }
/**
* Returns the timestamp of when the entity was archived if applicable. If the
* entity has not been resolved, then null is returned.
*
* @return archivedTime
* If entity was archived, timestamp of the occurrence, null otherwise.
*/
public final Date getArchivedTime() {
if (archivedTime == null) {
return null;
} else {
return (Date) archivedTime.clone();
}
}
/** /**
* Sets the archivedTime to null. The archivedTime being null signifies that the entity has * Sets the archivedTime to null. The archivedTime being null signifies that the entity has
* not been archived. If the time is already null then this call was unnecessary. * not been archived. If the time is already null then this call was unnecessary.

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java
View File

@ -13,7 +13,7 @@ import java.util.List;
import java.util.UUID; import java.util.UUID;
@Repository @Repository
public interface CertificateRepository<T extends Certificate> extends JpaRepository<Certificate, UUID> { public interface CertificateRepository extends JpaRepository<Certificate, UUID> {
@Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where id = ?1", nativeQuery = true)
Certificate getCertificate(UUID uuid); Certificate getCertificate(UUID uuid);
@ -22,7 +22,7 @@ public interface CertificateRepository<T extends Certificate> extends JpaReposit
@Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where issuerSorted = ?1 AND DTYPE = ?2", nativeQuery = true)
List<Certificate> findBySubjectSorted(String issuedSort, String dType); List<Certificate> findBySubjectSorted(String issuedSort, String dType);
@Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where DTYPE = ?1", nativeQuery = true)
List<T> findByAll(String dType); List<Certificate> findByType(String dType);
@Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where serialNumber = ?1 AND DTYPE = ?2", nativeQuery = true)
Certificate findBySerialNumber(BigInteger serialNumber, String dType); Certificate findBySerialNumber(BigInteger serialNumber, String dType);
@Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where platformSerial = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
@ -32,7 +32,7 @@ public interface CertificateRepository<T extends Certificate> extends JpaReposit
@Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where holderSerialNumber = ?1 AND DTYPE = 'PlatformCredential'", nativeQuery = true)
List<PlatformCredential> getByHolderSerialNumber(BigInteger holderSerialNumber); List<PlatformCredential> getByHolderSerialNumber(BigInteger holderSerialNumber);
@Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true) @Query(value = "SELECT * FROM Certificate where certificateHash = ?1 AND DTYPE = ?2", nativeQuery = true)
T findByCertificateHash(int certificateHash, String dType); Certificate findByCertificateHash(int certificateHash, String dType);
EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue); EndorsementCredential findByPublicKeyModulusHexValue(String publicKeyModulusHexValue);
IssuedAttestationCertificate findByDeviceId(UUID deviceId); IssuedAttestationCertificate findByDeviceId(UUID deviceId);
Certificate findByCertificateHash(int certificateHash); Certificate findByCertificateHash(int certificateHash);

10
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
View File

@ -399,7 +399,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
} }
} }
certificate.archive(); certificate.archive("User requested deletion via UI");
certificateRepository.save(certificate); certificateRepository.save(certificate);
String deleteCompletedMessage = "Certificate successfully deleted"; String deleteCompletedMessage = "Certificate successfully deleted";
@ -512,7 +512,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files // get all files
bulkDownload(zipOut, this.certificateRepository.findByAll("CertificateAuthorityCredential"), singleFileName); bulkDownload(zipOut, this.certificateRepository.findByType("CertificateAuthorityCredential"), singleFileName);
// write cert to output stream // write cert to output stream
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: "; String uuidError = "Failed to parse ID from: ";
@ -544,7 +544,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files // get all files
bulkDownload(zipOut, this.certificateRepository.findByAll("PlatformCredential"), singleFileName); bulkDownload(zipOut, this.certificateRepository.findByType("PlatformCredential"), singleFileName);
// write cert to output stream // write cert to output stream
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: "; String uuidError = "Failed to parse ID from: ";
@ -576,7 +576,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files // get all files
bulkDownload(zipOut, this.certificateRepository.findByAll("IssuedAttestationCertificate"), singleFileName); bulkDownload(zipOut, this.certificateRepository.findByType("IssuedAttestationCertificate"), singleFileName);
// write cert to output stream // write cert to output stream
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: "; String uuidError = "Failed to parse ID from: ";
@ -607,7 +607,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) { try (ZipOutputStream zipOut = new ZipOutputStream(response.getOutputStream())) {
// get all files // get all files
bulkDownload(zipOut, this.certificateRepository.findByAll("EndorsementCredential"), singleFileName); bulkDownload(zipOut, this.certificateRepository.findByType("EndorsementCredential"), singleFileName);
// write cert to output stream // write cert to output stream
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
String uuidError = "Failed to parse ID from: "; String uuidError = "Failed to parse ID from: ";

24
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -5,6 +5,7 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository;
import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
@ -293,17 +294,19 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("pcrList", support.getExpectedPCRList()); data.put("pcrList", support.getExpectedPCRList());
} }
List<CertificateAuthorityCredential> certificates = certificateRepository List<Certificate> certificates = certificateRepository
.findByAll("CertificateAuthorityCredential"); .findByType("CertificateAuthorityCredential");
CertificateAuthorityCredential caCert;
//Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid //Report invalid signature unless RIM_VALIDATOR validates it and cert path is valid
data.put("signatureValid", false); data.put("signatureValid", false);
for (CertificateAuthorityCredential cert : certificates) { for (Certificate certificate : certificates) {
KeyStore keystore = ValidationService.getCaChain(cert, caCertificateRepository); caCert = (CertificateAuthorityCredential) certificate;
if (RIM_VALIDATOR.validateXmlSignature(cert.getX509Certificate().getPublicKey(), KeyStore keystore = ValidationService.getCaChain(caCert, caCertificateRepository);
cert.getSubjectKeyIdString(), cert.getEncodedPublicKey())) { if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
try { try {
if (SupplyChainCredentialValidator.verifyCertificate( if (SupplyChainCredentialValidator.verifyCertificate(
cert.getX509Certificate(), keystore)) { caCert.getX509Certificate(), keystore)) {
data.replace("signatureValid", true); data.replace("signatureValid", true);
break; break;
} }
@ -315,10 +318,11 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("skID", RIM_VALIDATOR.getSubjectKeyIdentifier()); data.put("skID", RIM_VALIDATOR.getSubjectKeyIdentifier());
try { try {
if (RIM_VALIDATOR.getPublicKey() != null) { if (RIM_VALIDATOR.getPublicKey() != null) {
for (CertificateAuthorityCredential cert : certificates) { for (Certificate certificate : certificates) {
if (Arrays.equals(cert.getEncodedPublicKey(), caCert = (CertificateAuthorityCredential) certificate;
if (Arrays.equals(caCert.getEncodedPublicKey(),
RIM_VALIDATOR.getPublicKey().getEncoded())) { RIM_VALIDATOR.getPublicKey().getEncoded())) {
data.put("issuerID", cert.getId().toString()); data.put("issuerID", caCert.getId().toString());
} }
} }
} }