diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java index e11ab1463..d8ce5315f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java @@ -6,6 +6,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2; import jakarta.persistence.Column; import jakarta.persistence.Entity; @@ -64,25 +65,30 @@ public class PlatformCredential extends DeviceAssociatedCertificate { * TCPA Trusted Platform Endorsement. */ public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement"; + /** * TCG Trusted Platform Endorsement. */ public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement"; private static final int TCG_SPECIFICATION_LENGTH = 3; + // These are Object Identifiers (OIDs) for sections in the credentials private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1"; private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2"; + // OID for TCG Attributes private static final String PLATFORM_MANUFACTURER = "2.23.133.2.4"; private static final String PLATFORM_MODEL = "2.23.133.2.5"; private static final String PLATFORM_VERSION = "2.23.133.2.6"; private static final String PLATFORM_SERIAL = "2.23.133.2.23"; private static final String PLATFORM_BASEBOARD_CHASSIS_COMBINED = "2.23.133.5.1.6"; + // OID for TCG Platform Class Common Attributes private static final String PLATFORM_MANUFACTURER_2_0 = "2.23.133.5.1.1"; private static final String PLATFORM_MODEL_2_0 = "2.23.133.5.1.4"; private static final String PLATFORM_VERSION_2_0 = "2.23.133.5.1.5"; private static final String PLATFORM_SERIAL_2_0 = "2.23.133.5.1.6"; + // OID for Certificate Attributes private static final String TCG_PLATFORM_SPECIFICATION = "2.23.133.2.17"; private static final String TPM_SECURITY_ASSERTION = "2.23.133.2.18"; @@ -582,8 +588,7 @@ public Map getAllAttributes() break; default: // No class defined for this attribute - log.warn("No class defined for attribute with OID: " - + attr.getAttrType().getId()); + log.warn("No class defined for attribute with OID: {}", attr.getAttrType().getId()); break; } } @@ -621,6 +626,24 @@ && getAttribute("platformConfiguration") instanceof PlatformConfiguration) { return null; } + /** + * Get the Version 2 Platform Configuration Attribute from the Platform Certificate. + * + * @return a map with the Version 2 Platform Configuration information. + * @throws IllegalArgumentException when there is a parsing error + * @throws IOException when reading the certificate. + */ + public PlatformConfigurationV2 getPlatformConfigurationV2() + throws IllegalArgumentException, IOException { + + if (getAttribute("platformConfiguration") != null + && getAttribute("platformConfiguration") instanceof PlatformConfigurationV2) { + return (PlatformConfigurationV2) getAttribute("platformConfiguration"); + } + + return null; + } + /** * Get the Platform Configuration URI Attribute from the Platform Certificate. * @@ -695,9 +718,27 @@ public List getComponentIdentifiers() { return platformConfig.getComponentIdentifier(); } } catch (IOException e) { - log.error("Unable to parse Platform Configuration from Credential or find" + log.error("Unable to parse Platform Configuration from Platform Credential or find" + "component identifiers"); } return Collections.emptyList(); } + + /** + * Get the list of version 2 component identifiers if there are any. + * + * @return the list of version 2 component identifiers if there are any + */ + public List getComponentIdentifiersV2() { + try { + PlatformConfigurationV2 platformConfigV2 = getPlatformConfigurationV2(); + if (platformConfigV2 != null) { + return platformConfigV2.getComponentIdentifierV2(); + } + } catch (IOException e) { + log.error("Unable to parse Platform Configuration Version 2 from Platform Credential or find" + + "version 2 component identifiers"); + } + return Collections.emptyList(); + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java index ab4683d1a..95684d3aa 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java @@ -33,6 +33,10 @@ private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3"; + private static final String PCIE_BASED_COMPONENT_REGISTRY = "2.23.133.18.3.4"; + + private static final String STORAGE_COMPONENT_REGISTRY = "2.23.133.18.3.5"; + private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath( "C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json"); @@ -122,6 +126,8 @@ public ComponentClass(final String registryOid, this.registryType = switch (registryOid) { case TCG_COMPONENT_REGISTRY -> "TCG"; case SMBIOS_COMPONENT_REGISTRY -> "SMBIOS"; + case PCIE_BASED_COMPONENT_REGISTRY -> "PCIE"; + case STORAGE_COMPONENT_REGISTRY -> "STORAGE"; default -> UNKNOWN_STRING; }; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java index 9680dc926..6622aa1c0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java @@ -14,11 +14,15 @@ */ @AllArgsConstructor public abstract class PlatformConfiguration { - private ArrayList componentIdentifier = new ArrayList<>(); + + private List componentIdentifier; + @Getter @Setter private URIReference componentIdentifierUri; - private ArrayList platformProperties = new ArrayList<>(); + + private List platformProperties; + @Getter @Setter private URIReference platformPropertiesUri; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java index 58dd341d1..8e2a4c176 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java @@ -6,6 +6,8 @@ import org.bouncycastle.asn1.ASN1TaggedObject; import java.util.ArrayList; +import java.util.Collections; +import java.util.List; import java.util.stream.Collectors; /** @@ -26,9 +28,10 @@ public class PlatformConfigurationV2 extends PlatformConfiguration { private static final int COMPONENT_IDENTIFIER_URI = 1; private static final int PLATFORM_PROPERTIES = 2; private static final int PLATFORM_PROPERTIES_URI = 3; + private List componentIdentifierV2; /** - * Constructor given the SEQUENCE that contains Platform Configuration. + * Constructor given the SEQUENCE that contains version 2 Platform Configuration. * * @param sequence containing the the Platform Configuration. * @throws IllegalArgumentException if there was an error on the parsing @@ -87,6 +90,21 @@ public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgume } } + /** + * @return a collection of version 2 component identifiers. + */ + public List getComponentIdentifierV2() { + return Collections.unmodifiableList(componentIdentifierV2); + } + + /** + * @param componentIdentifierV2 list of version 2 component identifiers + */ + public void setComponentIdentifierV2( + final List componentIdentifierV2) { + this.componentIdentifierV2 = new ArrayList<>(componentIdentifierV2); + } + /** * Creates a string representation of the Platform Configuration V2 object. * @@ -96,9 +114,9 @@ public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgume public String toString() { StringBuilder sb = new StringBuilder(); sb.append("PlatformConfiguration{"); - sb.append("componentIdentifier="); - if (getComponentIdentifier().size() > 0) { - sb.append(getComponentIdentifier() + sb.append("componentIdentifierV2="); + if (!getComponentIdentifierV2().isEmpty()) { + sb.append(getComponentIdentifierV2() .stream() .map(Object::toString) .collect(Collectors.joining(","))); @@ -108,7 +126,7 @@ public String toString() { sb.append(getComponentIdentifierUri()); } sb.append(", platformProperties="); - if (getPlatformProperties().size() > 0) { + if (!getPlatformProperties().isEmpty()) { sb.append(getPlatformProperties() .stream() .map(Object::toString) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index af9464ca2..4f5a34f81 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -80,8 +80,7 @@ public static AppraisalStatus validatePlatformCredentialAttributesV1p2( deviceBaseboardSerialNumber = null; } else { deviceInfoSerialNumbers.put("board serial number", deviceBaseboardSerialNumber); - log.info("Using device board serial number for validation: " - + deviceBaseboardSerialNumber); + log.info("Using device board serial number for validation: {}", deviceBaseboardSerialNumber); } if (StringUtils.isEmpty(deviceChassisSerialNumber) @@ -89,16 +88,15 @@ public static AppraisalStatus validatePlatformCredentialAttributesV1p2( log.error("Failed to retrieve device chassis serial number"); } else { deviceInfoSerialNumbers.put("chassis serial number", deviceChassisSerialNumber); - log.info("Using device chassis serial number for validation: " - + deviceChassisSerialNumber); + log.info("Using device chassis serial number for validation: {}", deviceChassisSerialNumber); } + if (StringUtils.isEmpty(deviceSystemSerialNumber) || DeviceInfoEnums.NOT_SPECIFIED.equalsIgnoreCase(deviceSystemSerialNumber)) { log.error("Failed to retrieve device system serial number"); } else { deviceInfoSerialNumbers.put("system serial number", deviceSystemSerialNumber); - log.info("Using device system serial number for validation: " - + deviceSystemSerialNumber); + log.info("Using device system serial number for validation: {}", deviceSystemSerialNumber); } AppraisalStatus status; @@ -233,12 +231,19 @@ public static AppraisalStatus validatePlatformCredentialAttributesV2p0( passesValidation &= fieldValidation; - // Retrieve the list of all components from the Platform Credential - List allPcComponents - = new ArrayList<>(platformCredential.getComponentIdentifiers()); + // Retrieve the list of all version 2 component identifiers from the Platform Credential + List allPcComponents + = new ArrayList<>(platformCredential.getComponentIdentifiersV2()); // All components listed in the Platform Credential must have a manufacturer and model - for (ComponentIdentifier pcComponent : allPcComponents) { + for (ComponentIdentifierV2 pcComponent : allPcComponents) { + + fieldValidation = pcComponent.getComponentClass() != null; + + if (!fieldValidation) { + resultMessage.append("Component class is null\n"); + } + fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer", pcComponent.getComponentManufacturer()); @@ -263,18 +268,24 @@ public static AppraisalStatus validatePlatformCredentialAttributesV2p0( .findByCertificateSerialNumberAndBoardSerialNumber( platformCredential.getSerialNumber().toString(), platformCredential.getPlatformSerial()); + // first create hash map based on hashCode List remainingComponentResults = checkDeviceHashMap( componentInfos, componentResults); + //this is used to get a unique count List componentIdList = new ArrayList<>(); + int numOfAttributes = 0; + if (!remainingComponentResults.isEmpty()) { List attributeResults = checkComponentClassMap( componentInfos, remainingComponentResults); numOfAttributes = attributeResults.size(); + boolean saveAttributeResult; + for (ComponentAttributeResult componentAttributeResult : attributeResults) { saveAttributeResult = true; if (ignoreRevisionAttribute) { @@ -293,6 +304,7 @@ public static AppraisalStatus validatePlatformCredentialAttributesV2p0( } StringBuilder additionalInfo = new StringBuilder(); + if (numOfAttributes > 0) { resultMessage.append(String.format("There are %d component(s) not matched%n " + "with %d total attributes mismatched.", @@ -455,7 +467,7 @@ && isMatch(cId, cInfo)) { if (ci.isVersion2() && PciIds.DB.isReady()) { ci = AcaPciIds.translate((ComponentIdentifierV2) ci); } - log.error("Unmatched component: " + ci); + log.error("Unmatched component: {}", ci); fullDeltaChainComponents.add(ci); invalidPcIds.append(String.format( "Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n", @@ -532,6 +544,7 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc = allDeviceInfoComponents.stream().filter(componentInfo -> componentInfo.getComponentManufacturer().equals(pcManufacturer)) .collect(Collectors.toList()); + // For each component listed in the platform credential from this manufacturer // find the ones that specify a serial number so we can match the most specific ones // first. @@ -539,7 +552,8 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc = pcComponentsFromManufacturer.stream().filter(compIdentifier -> compIdentifier.getComponentSerial() != null && StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString())) - .collect(Collectors.toList()); + .toList(); + // Now match up the components from the device info that are from the same // manufacturer and have a serial number. As matches are found, remove them from // both lists. @@ -567,7 +581,7 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc = pcComponentsFromManufacturer.stream().filter(compIdentifier -> compIdentifier.getComponentRevision() != null && StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString())) - .collect(Collectors.toList()); + .toList(); // Now match up the components from the device info that are from the same // manufacturer and specify a value for the revision field. As matches are found, // remove them from both lists. @@ -608,8 +622,7 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc if (!pcUnmatchedComponents.isEmpty()) { untrimmedPcComponents.clear(); StringBuilder sb = new StringBuilder(); - log.error(String.format("Platform Credential contained %d unmatched components:", - pcUnmatchedComponents.size())); + log.error("Platform Credential contained {} unmatched components:", pcUnmatchedComponents.size()); int unmatchedComponentCounter = 1; for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) { @@ -617,8 +630,7 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc unmatchedComponent = AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent); } - log.error("Unmatched component " + unmatchedComponentCounter++ + ": " - + unmatchedComponent); + log.error("Unmatched component {}: {}", unmatchedComponentCounter++, unmatchedComponent); sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n", unmatchedComponent.getComponentManufacturer(), unmatchedComponent.getComponentModel(), @@ -797,8 +809,7 @@ private static boolean optionalPlatformCredentialFieldNullOrMatches( private static boolean hasEmptyValueForRequiredField(final String description, final String fieldValue) { if (StringUtils.isEmpty(fieldValue)) { - log.error("Required field was empty or null in Platform Credential: " - + description); + log.error("Required field was empty or null in Platform Credential: {}", description); return true; } return false; @@ -829,15 +840,15 @@ private static boolean platformCredentialFieldMatches( String trimmedOtherValue = otherValue.trim(); if (!trimmedFieldValue.equals(trimmedOtherValue)) { - log.debug(String.format("%s field in Platform Credential (%s) does not match " - + "a related field in the DeviceInfoReport (%s)", - platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue)); + log.debug("{} field in Platform Credential ({}) does not match " + + "a related field in the DeviceInfoReport ({})", + platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue); return false; } - log.debug(String.format("%s field in Platform Credential matches " - + "a related field in the DeviceInfoReport (%s)", - platformCredentialFieldName, trimmedFieldValue) + log.debug("{} field in Platform Credential matches " + + "a related field in the DeviceInfoReport {}", + platformCredentialFieldName, trimmedFieldValue ); return true; @@ -853,8 +864,7 @@ private static boolean platformCredentialFieldMatches( private static boolean hasEmptyValueForRequiredField(final String description, final ASN1UTF8String fieldValue) { if (fieldValue == null || StringUtils.isEmpty(fieldValue.getString().trim())) { - log.error("Required field was empty or null in Platform Credential: " - + description); + log.error("Required field was empty or null in Platform Credential: {}", description); return true; } return false; @@ -871,7 +881,7 @@ private static List checkDeviceHashMap( final List componentInfos, final List compiledComponentList) { Map> deviceHashMap = new HashMap<>(); - componentInfos.stream().forEach((componentInfo) -> { + componentInfos.forEach((componentInfo) -> { List innerList; Integer compInfoHash = componentInfo.hashCommonElements(); if (deviceHashMap.containsKey(compInfoHash)) { @@ -910,7 +920,7 @@ private static List checkComponentClassMap( // continue down the options, move to a different method. // create component class mapping to component info Map> componentDeviceMap = new HashMap<>(); - componentInfos.stream().forEach((componentInfo) -> { + componentInfos.forEach((componentInfo) -> { List innerList; String componentClass = componentInfo.getComponentClass(); if (componentDeviceMap.containsKey(componentClass)) { @@ -1000,11 +1010,13 @@ private static List generateComponentAttributeResults( private static List findMismatchedValues( final List componentClassInfo, final ComponentResult componentResult) { + // this list only has those of the same class type Map componentSerialMap = new HashMap<>(); - componentClassInfo.stream().forEach((componentInfo) -> { + componentClassInfo.forEach((componentInfo) -> { componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo); }); + // see if the serial exists ComponentInfo componentInfo = componentSerialMap.get(componentResult.getSerialNumber()); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java index 722f9b486..64f35ca4f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java @@ -35,7 +35,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator { * * @param ec the endorsement credential to verify. * @param trustStore trust store holding trusted certificates. - * @param acceptExpired whether or not to accept expired and not yet valid certificates + * @param acceptExpired whether to accept expired and not yet valid certificates * as valid. * @return the result of the validation. */ diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java index 7384e4b5f..278d2a8e2 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java @@ -415,14 +415,13 @@ private static InetAddress getTestIpAddress() { * Checks if the ST Micro Endorsement Credential can be validated against the * ST/GlobalSIgn Certificate Chain. * - * @throws IOException if error occurs while reading files - * @throws URISyntaxException if error occurs while reading files - * @throws CertificateException if error occurs while processing X509 Certs - * @throws KeyStoreException if error occurs while processing Keystore + * @throws IOException if error occurs while reading files + * @throws URISyntaxException if error occurs while reading files + * @throws KeyStoreException if error occurs while processing Keystore */ @Test public final void testValidateEndorsementCredential() - throws URISyntaxException, IOException, CertificateException, KeyStoreException { + throws URISyntaxException, IOException, KeyStoreException { EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes( Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())) @@ -455,14 +454,13 @@ public final void testValidateEndorsementCredential() * Validates a generated cert chain pretending to be from Intel. Credential was generated * with an intermediate CA. This tests the entire chain of validation back to the root CA. * - * @throws IOException if error occurs while reading files - * @throws KeyStoreException if there's an issue string certs to the keystore - * @throws CertificateException if error occurs while ingesting a certificate - * @throws URISyntaxException if a URI can't be processed + * @throws IOException if error occurs while reading files + * @throws KeyStoreException if there's an issue string certs to the keystore + * @throws URISyntaxException if a URI can't be processed */ @Test public final void validateIntelPlatformCredentials() - throws URISyntaxException, IOException, CertificateException, KeyStoreException { + throws URISyntaxException, IOException, KeyStoreException { Certificate intermediatecacert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get( @@ -855,7 +853,7 @@ public final void verifyX509AttributeCertificateAgainstIntermediate() KeyPair caKeyPair = createKeyPair(); KeyPair intermediateKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate intermediateCert = @@ -899,7 +897,7 @@ public final void verifyX509AttributeCertificateFailsIfSigningCertNotInList() KeyPair caKeyPair = createKeyPair(); KeyPair intermediateKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate intermediateCert = @@ -938,7 +936,7 @@ public final void verifyX509AttributeCertificateAgainstCA() throws SupplyChainValidatorException { KeyPair caKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate targetCert = @@ -977,7 +975,7 @@ public final void verifyX509CertificateAgainstIntermediate() KeyPair caKeyPair = createKeyPair(); KeyPair intermediateKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate intermediateCert = @@ -1017,7 +1015,7 @@ public final void verifyX509CertificateFailsIfSigningCertNotInList() KeyPair caKeyPair = createKeyPair(); KeyPair intermediateKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate intermediateCert = @@ -1051,7 +1049,7 @@ public final void verifyX509CertificateFailsIfSigningCertNotInList() public final void verifyX509CertificateAgainstCA() throws SupplyChainValidatorException { KeyPair caKeyPair = createKeyPair(); KeyPair targetKeyPair = createKeyPair(); - Set trustedCerts = new HashSet(); + Set trustedCerts = new HashSet<>(); X509Certificate caCert = createSelfSignedCertificate(caKeyPair); X509Certificate targetCert = @@ -1175,13 +1173,12 @@ public final void verifyPlatformCredentialNullDeviceInfoReport() * * @throws URISyntaxException failed to read certificate * @throws IOException failed to read certificate - * @throws KeyStoreException failed to read key store * @throws SupplyChainValidatorException missing credential */ @Test public final void testPlatformDnEquals() throws URISyntaxException, IOException, - KeyStoreException, SupplyChainValidatorException { + SupplyChainValidatorException { Certificate signingCert; signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get( Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI())) @@ -1207,12 +1204,11 @@ public final void testPlatformDnEquals() throws URISyntaxException, IOException, * * @throws URISyntaxException failed to read certificate * @throws IOException failed to read certificate - * @throws KeyStoreException failed to read key store * @throws SupplyChainValidatorException missing credential */ @Test public final void testPlatformDnNotEquals() throws URISyntaxException, IOException, - KeyStoreException, SupplyChainValidatorException { + SupplyChainValidatorException { Certificate signingCert; signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get( Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI())) @@ -1237,12 +1233,11 @@ public final void testPlatformDnNotEquals() throws URISyntaxException, IOExcepti * * @throws URISyntaxException failed to read certificate * @throws IOException failed to read certificate - * @throws KeyStoreException failed to read key store * @throws SupplyChainValidatorException missing credential */ @Test public final void testEndorsementDnEquals() throws URISyntaxException, IOException, - KeyStoreException, SupplyChainValidatorException { + SupplyChainValidatorException { Certificate signingCert; signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get( Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI())) @@ -1268,12 +1263,11 @@ public final void testEndorsementDnEquals() throws URISyntaxException, IOExcepti * * @throws URISyntaxException failed to read certificate * @throws IOException failed to read certificate - * @throws KeyStoreException failed to read key store * @throws SupplyChainValidatorException missing credential */ @Test public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException, - KeyStoreException, SupplyChainValidatorException { + SupplyChainValidatorException { Certificate signingCert; signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get( Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))