Merge pull request #657 from nsacyber/issue-642-spotbugs-p2

[#642] HIRS_AttestationCA spotbug fixes
nsacyber · Jan 19, 2024 · f3b0be9 · f3b0be9
2 parents b750359 + 799a992
commit f3b0be9
Show file tree

Hide file tree

Showing 37 changed files with 357 additions and 128 deletions.
diff --git a/HIRS_AttestationCA/config/spotbugs/spotbugs-exclude.xml b/HIRS_AttestationCA/config/spotbugs/spotbugs-exclude.xml
@@ -2,17 +2,18 @@
 <!-- Docs at http://findbugs.sourceforge.net/manual/filter.html -->
 <FindBugsFilter>
     <Match>
-        <Package name="~hirs\.attestationca.*" />
+        <Package name="~hirs\.attestationca\.configuration.*" />
     </Match>
     <Match>
         <!-- https://github.com/spotbugs/spotbugs/pull/2748 -->
         <Bug pattern="CT_CONSTRUCTOR_THROW" />
     </Match>
-
-    <!--    <Match>-->
-    <!--        &lt;!&ndash; To suppress false warnings in unit-tests for lambdas not using return values. &ndash;&gt;-->
-    <!--        <Package name="~com\.company\.service\.interfaces\.types\.contacts"/>-->
-    <!--        <Bug pattern="RV_RETURN_VALUE_IGNORED"/>-->
-    <!--    </Match>-->
+    <!-- roughly 55 instances of this appear -->
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP" />
+    </Match>
+    <Match>
+        <Bug pattern="EI_EXPOSE_REP2" />
+    </Match>
 </FindBugsFilter>
 
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java
@@ -4,7 +4,6 @@
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.Id;
 import jakarta.persistence.MappedSuperclass;
-import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.ToString;
 import org.hibernate.annotations.UuidGenerator;
@@ -16,7 +15,6 @@
 /**
  * An abstract database entity.
  */
-@EqualsAndHashCode
 @ToString
 @MappedSuperclass
 public abstract class AbstractEntity implements Serializable {
@@ -75,4 +73,27 @@ public Date getCreateTime() {
     public void resetCreateTime() {
         createTime.setTime(new Date().getTime());
     }
+
+    @Override
+    public int hashCode() {
+        if (id != null) {
+            return id.hashCode();
+        }
+        return super.hashCode();
+    }
+
+    @Override
+    public boolean equals(final Object object) {
+        if (this == object) {
+            return true;
+        }
+        if (object == null) {
+            return false;
+        }
+        if (!(this.getClass().equals(object.getClass()))) {
+            return false;
+        }
+        return this.hashCode() == object.hashCode();
+    }
+
 }
diff --git a/...testationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java b/...testationCA/src/main/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerState.java
@@ -6,6 +6,7 @@
 import jakarta.persistence.Id;
 import jakarta.persistence.Lob;
 import lombok.NoArgsConstructor;
+import lombok.extern.log4j.Log4j2;
 import org.bouncycastle.util.Arrays;
 
 import java.io.ByteArrayInputStream;
@@ -17,6 +18,7 @@
  * This class is for saving the Identity Claim and the Nonce between the two passes of the
  * TPM 2.0 Provisioner.
  */
+@Log4j2
 @NoArgsConstructor
 @Entity
 public class TPM2ProvisionerState {
@@ -100,11 +102,13 @@ public static TPM2ProvisionerState getTPM2ProvisionerState(
         try (DataInputStream dis
                      = new DataInputStream(new ByteArrayInputStream(nonce))) {
             long firstPartOfNonce = dis.readLong();
-            TPM2ProvisionerState stateFound = tpm2ProvisionerStateRepository.findByFirstPartOfNonce(firstPartOfNonce);
-            if (Arrays.areEqual(stateFound.getNonce(), nonce)) {
+            TPM2ProvisionerState stateFound = tpm2ProvisionerStateRepository
+                    .findByFirstPartOfNonce(firstPartOfNonce);
+            if (stateFound != null && Arrays.areEqual(stateFound.getNonce(), nonce)) {
                 return stateFound;
             }
-        } catch (IOException | NullPointerException e) {
+        } catch (IOException ioEx) {
+            log.error(ioEx.getMessage());
             return null;
         }
         return null;

diff --git a/...ttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java b/...ttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java
@@ -44,12 +44,10 @@
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.util.encoders.Base64;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.math.BigInteger;
-import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -67,10 +65,8 @@
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Date;
 import java.util.List;
-import java.util.ListIterator;
 import java.util.Objects;
 
 /**
@@ -176,7 +172,6 @@ public enum CertificateType {
     @Column(length = CertificateVariables.MAX_PUB_KEY_MODULUS_HEX_LENGTH, nullable = true)
     private final String publicKeyModulusHexValue;
 
-    @Getter
     @Column(length = CertificateVariables.MAX_CERT_LENGTH_BYTES, nullable = false)
     private final byte[] signature;
 
@@ -593,8 +588,8 @@ public X509Certificate getX509Certificate() throws IOException {
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             parsedX509Cert = (X509Certificate) cf.generateCertificate(certInputStream);
             return parsedX509Cert;
-        } catch (CertificateException e) {
-            throw new IOException("Cannot construct X509Certificate from the input stream", e);
+        } catch (CertificateException cEx) {
+            throw new IOException("Cannot construct X509Certificate from the input stream", cEx);
         }
     }
 
@@ -754,6 +749,13 @@ public AttributeCertificate getAttributeCertificate() throws IOException {
                 .getInstance(ASN1Primitive.fromByteArray(certificateBytes));
     }
 
+    /**
+     * @return this certificate's signature
+     */
+    public byte[] getSignature() {
+        return signature.clone();
+    }
+
     /**
      * @return this certificate's validity start date
      */

diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java
@@ -19,26 +19,29 @@
 import lombok.Setter;
 
 import java.sql.Timestamp;
+import java.time.LocalDateTime;
 
 @Entity
 @Table(name = "Device")
-@Getter
 @Setter
 @NoArgsConstructor(access = AccessLevel.PROTECTED)
 @AllArgsConstructor
 public class Device extends AbstractEntity {
 
+    @Getter
     @Column(name = "name", unique = true)
     private String name;
 
     @OneToOne(cascade = CascadeType.ALL, fetch = FetchType.EAGER,
             optional = true, orphanRemoval = true)
     private DeviceInfoReport deviceInfo;
 
+    @Getter
     @Column
     @Enumerated(EnumType.ORDINAL)
     private HealthStatus healthStatus;
 
+    @Getter
     @Column
     @Enumerated(EnumType.ORDINAL)
     private AppraisalStatus.Status supplyChainValidationStatus;
@@ -49,12 +52,15 @@ public class Device extends AbstractEntity {
     @Column(name = "last_report_timestamp")
     private Timestamp lastReportTimestamp;
 
+    @Getter
     @Column(name = "is_state_overridden")
     private boolean isStateOverridden;
 
+    @Getter
     @Column(name = "state_override_reason")
     private String overrideReason;
 
+    @Getter
     @Column(name = "summary_id")
     private String summaryId;
 
@@ -68,6 +74,43 @@ public Device(final DeviceInfoReport deviceInfoReport) {
         }
     }
 
+    /**
+     * Returns a report with information about this device. This may return null
+     * if this property has not been set.
+     *
+     * @return device info report
+     */
+    public final DeviceInfoReport getDeviceInfo() {
+        if (deviceInfo != null) {
+            return new DeviceInfoReport(deviceInfo.getNetworkInfo(),
+                    deviceInfo.getOSInfo(), deviceInfo.getFirmwareInfo(),
+                    deviceInfo.getHardwareInfo(), deviceInfo.getTpmInfo(),
+                    deviceInfo.getClientApplicationVersion());
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Getter for the report time stamp.
+     * @return a cloned version
+     */
+    public Timestamp getLastReportTimestamp() {
+        if (lastReportTimestamp != null) {
+            return (Timestamp) lastReportTimestamp.clone();
+        } else {
+            return Timestamp.valueOf(LocalDateTime.MAX);
+        }
+    }
+
+    /**
+     * Setter for the report time stamp.
+     * @param lastReportTimestamp
+     */
+    public void setLastReportTimestamp(final Timestamp lastReportTimestamp) {
+        this.lastReportTimestamp = (Timestamp) lastReportTimestamp.clone();
+    }
+
     public String toString() {
         return String.format("Device Name: %s%nStatus: %s%nSummary: %s",
                 name, healthStatus.getStatus(),

diff --git a/...tionCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java b/...tionCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java
@@ -28,7 +28,7 @@
  * This class represents the Reference Integrity Manifest object that will be
  * loaded into the DB and displayed in the ACA.
  */
-@Getter @Setter @ToString
+@Getter @ToString
 @EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false)
 @Log4j2
 @Entity
@@ -75,36 +75,51 @@ public class ReferenceManifest  extends ArchivableEntity {
     @EqualsAndHashCode.Include
     @Column(columnDefinition = "mediumblob", nullable = false)
     private byte[] rimBytes;
+    @Setter
     @EqualsAndHashCode.Include
     @Column(nullable = false)
     private String rimType = "Base";
+    @Setter
     @Column
     private String tagId = null;
+    @Setter
     @Column
     private boolean swidPatch = false;
+    @Setter
     @Column
     private boolean swidSupplemental = false;
+    @Setter
     @Column
     private String platformManufacturer = null;
+    @Setter
     @Column
     private String platformManufacturerId = null;
+    @Setter
     @Column
     private String swidTagVersion = null;
+    @Setter
     @Column
     private String swidVersion = null;
+    @Setter
     @Column
     private String platformModel = null;
+    @Setter
     @Column(nullable = false)
     private String fileName = null;
+    @Setter
     @JdbcTypeCode(java.sql.Types.VARCHAR)
     @Column
     private UUID associatedRim;
+    @Setter
     @Column
     private String deviceName;
+    @Setter
     @Column
     private String hexDecHash = "";
+    @Setter
     @Column
     private String eventLogHash = "";
+    @Setter
     @Column
     @JsonIgnore
     private String base64Hash = "";

diff --git a/...main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java b/...main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java
@@ -40,7 +40,6 @@
 @Entity
 public class SupplyChainValidationSummary extends ArchivableEntity {
 
-    @Getter
     @ManyToOne
     @JoinColumn(name = "device_id")
     private final Device device;
@@ -204,6 +203,15 @@ public SupplyChainValidationSummary(final Device device,
         this.message = status.getMessage();
     }
 
+    /**
+     * This retrieves the device associated with the supply chain validation summaries.
+     *
+     * @return the validated device
+     */
+    public Device getDevice() {
+        return new Device(this.device.getDeviceInfo());
+    }
+
     /**
      * @return the overall appraisal result
      */

diff --git a/...rs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java b/...rs/attestationca/persist/entity/userdefined/certificate/IssuedAttestationCertificate.java
@@ -11,6 +11,7 @@
 
 import java.io.IOException;
 import java.nio.file.Path;
+import java.util.ArrayList;
 import java.util.List;
 
 /**
@@ -47,7 +48,7 @@ public IssuedAttestationCertificate(final byte[] certificateBytes,
             throws IOException {
         super(certificateBytes);
         this.endorsementCredential = endorsementCredential;
-        this.platformCredentials = platformCredentials;
+        this.platformCredentials = new ArrayList<>(platformCredentials);
     }
 
     /**
@@ -64,4 +65,7 @@ public IssuedAttestationCertificate(final Path certificatePath,
         this(readBytes(certificatePath), endorsementCredential, platformCredentials);
     }
 
+    public List<PlatformCredential> getPlatformCredentials() {
+        return new ArrayList<>(platformCredentials);
+    }
 }
diff --git a/...testationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java b/...testationca/persist/entity/userdefined/certificate/attributes/CommonCriteriaMeasures.java
@@ -173,8 +173,8 @@ public enum EvaluationAssuranceLevel {
     private ASN1Boolean plus;
     private StrengthOfFunction strengthOfFunction;
     private ASN1ObjectIdentifier profileOid;
-    private URIReference profileUri;
     private ASN1ObjectIdentifier targetOid;
+    private URIReference profileUri;
     private URIReference targetUri;
 
     /**
@@ -187,8 +187,8 @@ public CommonCriteriaMeasures() {
         this.plus = ASN1Boolean.FALSE;
         this.strengthOfFunction = null;
         this.profileOid = null;
-        this.profileUri = null;
         this.targetOid = null;
+        this.profileUri = null;
         this.targetUri = null;
     }
 
@@ -198,7 +198,6 @@ public CommonCriteriaMeasures() {
      * @throws IllegalArgumentException if there was an error on the parsing
      */
     public CommonCriteriaMeasures(final ASN1Sequence sequence) throws IllegalArgumentException {
-
         //Get all the mandatory values
         int index = 0;
         version = DERIA5String.getInstance(sequence.getObjectAt(index));