Initial changes to refactor highlighting the failed components

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java

@@ -12,5 +12,5 @@
 public interface ComponentResultRepository extends JpaRepository<ComponentResult, UUID> {
 
     @Query(value = "SELECT * FROM ComponentResult where certificateId = ?1", nativeQuery = true)
-    List<ComponentResult> getComponentResultsByCertificate(UUID certificateId);
+    List<ComponentResult> findByCertificateId(UUID certificateId);
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java

@@ -115,8 +115,7 @@ public void setLastReportTimestamp(final Timestamp lastReportTimestamp) {
     public String toString() {
         return String.format("Device Name: %s%nStatus: %s%nSummary: %s%n",
                 name, healthStatus.getStatus(),
-                supplyChainValidationStatus.toString(),
-                summaryId);
+                supplyChainValidationStatus.toString());
     }
 
     @Override

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java

@@ -1,6 +1,8 @@
 package hirs.attestationca.persist.entity.userdefined.certificate;
 
 import hirs.attestationca.persist.entity.AbstractEntity;
+import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
+import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
 import jakarta.persistence.Entity;
 import lombok.AccessLevel;
 import lombok.EqualsAndHashCode;
@@ -10,29 +12,82 @@
 import java.util.Objects;
 import java.util.UUID;
 
+/**
+ * A component result is a DO to hold the status of a component validation status.  This will
+ * also be used to display this common information on the certificate details page.
+ */
 @EqualsAndHashCode(callSuper=false)
 @Getter
 @Entity
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 public class ComponentResult extends AbstractEntity {
 
     private UUID certificateId;
-    private int componentHash;
     private String expected;
     private String actual;
     private boolean mismatched;
 
-    public ComponentResult(final UUID certificateId, final int componentHash,
+    // embedded component info
+    private String manufacturer;
+    private String model;
+    private String serialNumber;
+    private String revisionNumber;
+    private boolean fieldReplaceable;
+    private ComponentClass componentClass;
+    private AttributeStatus attributeStatus;
+
+    /**
+     * default constructor.
+     * @param certificateId
+     * @param expected
+     * @param actual
+     * @param manufacturer
+     * @param model
+     * @param serialNumber
+     * @param revisionNumber
+     * @param fieldReplaceable
+     * @param componentClass
+     * @param attributeStatus
+     */
+    public ComponentResult(final UUID certificateId,
+                           final String expected, final String actual,
+                           final String manufacturer, final String model,
+                           final String serialNumber, final String revisionNumber,
+                           final boolean fieldReplaceable, final ComponentClass componentClass,
+                           final AttributeStatus attributeStatus) {
+        this.certificateId = certificateId;
+        this.expected = expected;
+        this.actual = actual;
+        this.mismatched = Objects.equals(expected, actual);
+        this.manufacturer = manufacturer;
+        this.model = model;
+        this.serialNumber = serialNumber;
+        this.revisionNumber = revisionNumber;
+        this.fieldReplaceable = fieldReplaceable;
+        this.componentClass = componentClass;
+        this.attributeStatus = attributeStatus;
+    }
+
+    /**
+     * default constructor.
+     * @param certificateId
+     * @param expected
+     * @param actual
+     */
+    public ComponentResult(final UUID certificateId,
                            final String expected, final String actual) {
         this.certificateId = certificateId;
-        this.componentHash = componentHash;
         this.expected = expected;
         this.actual = actual;
         this.mismatched = Objects.equals(expected, actual);
     }
 
+    /**
+     * The string method for log entries.
+     * @return a string for the component result
+     */
     public String toString() {
-        return String.format("ComponentResult[%d]: expected=[%s] actual=[%s]",
-                componentHash, expected, actual);
+        return String.format("ComponentResult: expected=[%s] actual=[%s]",
+                expected, actual);
     }
 }

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java

@@ -126,10 +126,7 @@ public static SupplyChainValidation evaluatePCAttributesStatus(
                     pc.setComponentFailures(result.getAdditionalInfo());
                     pc.setComponentFailureMessage(result.getMessage());
                     certificateRepository.save(pc);
-                    for (ComponentResult componentResult
-                            : CertificateAttributeScvValidator.getComponentResultList()) {
-                        componentResultRepository.save(componentResult);
-                    }
+                    log.error(CertificateAttributeScvValidator.getComponentResultMap().size());
                 }
                 return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
                         result.getMessage(), pc, Level.WARN);

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java

@@ -43,14 +43,14 @@
 @Log4j2
 public class CertificateAttributeScvValidator extends SupplyChainCredentialValidator {
 
-    private static List<ComponentResult> componentResultList = new LinkedList<>();
+    private static Map<ComponentIdentifier, List<ComponentResult>> componentResultMap = new HashMap<>();
 
     /**
      * Getter for the list of components to verify.
      * @return a collection of components
      */
-    public static List<ComponentResult> getComponentResultList() {
-        return Collections.unmodifiableList(componentResultList);
+    public static Map<ComponentIdentifier, List<ComponentResult>> getComponentResultMap() {
+        return Collections.unmodifiableMap(componentResultMap);
     }
 
     /**
@@ -881,14 +881,15 @@ private static boolean isMatch(final UUID certificateId,
                                    final ComponentIdentifier pcComponent,
                                    final ComponentInfo potentialMatch) {
         boolean matchesSoFar = true;
+        List<ComponentResult> componentResultList = new LinkedList<>();
 
         matchesSoFar &= isMatchOrEmptyInPlatformCert(
                 potentialMatch.getComponentManufacturer(),
                 pcComponent.getComponentManufacturer()
         );
 
         if (matchesSoFar) {
-            componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
+            componentResultList.add(new ComponentResult(certificateId,
                     potentialMatch.getComponentSerial(),
                     pcComponent.getComponentSerial().getString()));
         }
@@ -899,7 +900,7 @@ private static boolean isMatch(final UUID certificateId,
         );
 
         if (matchesSoFar) {
-            componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
+            componentResultList.add(new ComponentResult(certificateId,
                     potentialMatch.getComponentSerial(),
                     pcComponent.getComponentSerial().getString()));
         }
@@ -910,7 +911,7 @@ private static boolean isMatch(final UUID certificateId,
         );
 
         if (matchesSoFar) {
-            componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
+            componentResultList.add(new ComponentResult(certificateId,
                     potentialMatch.getComponentSerial(),
                     pcComponent.getComponentSerial().getString()));
         }
@@ -921,15 +922,16 @@ private static boolean isMatch(final UUID certificateId,
         );
 
         if (matchesSoFar) {
-            componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
+            componentResultList.add(new ComponentResult(certificateId,
                     potentialMatch.getComponentSerial(),
                     pcComponent.getComponentSerial().getString()));
         }
 
+        componentResultMap.put(pcComponent, componentResultList);
+
         return matchesSoFar;
     }
 
-
     /**
      * Checks if the fields in the potentialMatch match the fields in the pcComponent,
      * or if the relevant field in the pcComponent is empty.

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java

@@ -26,7 +26,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
      * Checks if the endorsement credential is valid.
      *
      * @param ec the endorsement credential to verify.
-     * @param trustStore trust store holding trusted trusted certificates.
+     * @param trustStore trust store holding trusted certificates.
      * @param acceptExpired whether or not to accept expired and not yet valid certificates
      *                      as valid.
      * @return the result of the validation.

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java

@@ -93,15 +93,13 @@ public static String verifyCertificate(final X509AttributeCertificateHolder cert
             } else if (trustStore.size() == 0) {
                 throw new SupplyChainValidatorException("Truststore is empty");
             }
-        } catch (KeyStoreException e) {
-            log.error("Error accessing trust store: " + e.getMessage());
+        } catch (KeyStoreException ksEx) {
+            log.error("Error accessing trust store: " + ksEx.getMessage());
         }
 
         try {
             Set<X509Certificate> trustedCerts = new HashSet<>();
-
             Enumeration<String> alias = trustStore.aliases();
-
             while (alias.hasMoreElements()) {
                 trustedCerts.add((X509Certificate) trustStore.getCertificate(alias.nextElement()));
             }
@@ -111,8 +109,8 @@ public static String verifyCertificate(final X509AttributeCertificateHolder cert
                 log.error("Cert chain could not be validated");
             }
             return certChainValidated;
-        } catch (KeyStoreException e) {
-            throw new SupplyChainValidatorException("Error with the trust store", e);
+        } catch (KeyStoreException ksEx) {
+            throw new SupplyChainValidatorException("Error with the trust store", ksEx);
         }
     }
 
@@ -139,8 +137,8 @@ public static boolean verifyCertificate(final X509Certificate cert,
             } else if (trustStore.size() == 0) {
                 throw new SupplyChainValidatorException("Truststore is empty");
             }
-        } catch (KeyStoreException e) {
-            log.error("Error accessing trust store: " + e.getMessage());
+        } catch (KeyStoreException ksEx) {
+            log.error("Error accessing trust store: " + ksEx.getMessage());
         }
 
         try {
@@ -152,9 +150,9 @@ public static boolean verifyCertificate(final X509Certificate cert,
             }
 
             return validateCertChain(cert, trustedCerts).isEmpty();
-        } catch (KeyStoreException e) {
-            log.error("Error accessing keystore", e);
-            throw new SupplyChainValidatorException("Error with the trust store", e);
+        } catch (KeyStoreException ksEx) {
+            log.error("Error accessing keystore", ksEx);
+            throw new SupplyChainValidatorException("Error with the trust store", ksEx);
         }
     }
 
@@ -498,10 +496,10 @@ private static boolean isSelfSigned(final X509Certificate cert)
             PublicKey key = cert.getPublicKey();
             cert.verify(key);
             return true;
-        } catch (SignatureException | InvalidKeyException e) {
+        } catch (SignatureException | InvalidKeyException ex) {
             return false;
-        } catch (CertificateException | NoSuchAlgorithmException | NoSuchProviderException e) {
-            log.error("Exception occurred while checking if cert is self-signed", e);
+        } catch (CertificateException | NoSuchAlgorithmException | NoSuchProviderException ex) {
+            log.error("Exception occurred while checking if cert is self-signed", ex);
             return false;
         }
     }

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java

@@ -372,8 +372,9 @@ public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
                 for (ComponentResult componentResult : componentResultRepository.findAll()) {
                     if (componentResult.getCertificateId()
                             .equals(certificate.getId())) {
-                        results.put(componentResult.getComponentHash(),
-                                componentResult.getExpected());
+//                        results.put(componentResult.getComponentHash(),
+//                                componentResult.getExpected());
+                        log.error(componentResult.toString());
                     }
                 }