issue_896: first cut (again) at trying to introduce the new component…

… registries.

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/RestfulAttestationCertificateAuthority.java

@@ -108,7 +108,7 @@ public byte[] processIdentityClaimTpm2(@RequestBody final byte[] identityClaim)
      * the client's desired attestation key, if the correct nonce is supplied.
      *
      * @param certificateRequest request containing nonce from earlier identity
-     *                           *                           claim handshake
+     *                           claim handshake
      * @return The response to the client provisioner.
      */
     @Override

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java

@@ -33,6 +33,10 @@
 
     private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
 
+    private static final String PCIE_BASED_COMPONENT_REGISTRY = "2.23.133.18.3.4";
+
+    private static final String STORAGE_COMPONENT_REGISTRY = "2.23.133.18.3.5";
+
     private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath(
             "C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json");
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java

@@ -89,16 +89,14 @@ public static AppraisalStatus validatePlatformCredentialAttributesV1p2(
             log.error("Failed to retrieve device chassis serial number");
         } else {
             deviceInfoSerialNumbers.put("chassis serial number", deviceChassisSerialNumber);
-            log.info("Using device chassis serial number for validation: "
-                    + deviceChassisSerialNumber);
+            log.info("Using device chassis serial number for validation: {}", deviceChassisSerialNumber);
         }
         if (StringUtils.isEmpty(deviceSystemSerialNumber)
                 || DeviceInfoEnums.NOT_SPECIFIED.equalsIgnoreCase(deviceSystemSerialNumber)) {
             log.error("Failed to retrieve device system serial number");
         } else {
             deviceInfoSerialNumbers.put("system serial number", deviceSystemSerialNumber);
-            log.info("Using device system serial number for validation: "
-                    + deviceSystemSerialNumber);
+            log.info("Using device system serial number for validation: {}", deviceSystemSerialNumber);
         }
 
         AppraisalStatus status;
@@ -455,7 +453,7 @@ && isMatch(cId, cInfo)) {
                 if (ci.isVersion2() && PciIds.DB.isReady()) {
                     ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
                 }
-                log.error("Unmatched component: " + ci);
+                log.error("Unmatched component: {}", ci);
                 fullDeltaChainComponents.add(ci);
                 invalidPcIds.append(String.format(
                         "Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
@@ -608,17 +606,15 @@ private static String validateV2p0PlatformCredentialComponentsExpectingExactMatc
         if (!pcUnmatchedComponents.isEmpty()) {
             untrimmedPcComponents.clear();
             StringBuilder sb = new StringBuilder();
-            log.error(String.format("Platform Credential contained %d unmatched components:",
-                    pcUnmatchedComponents.size()));
+            log.error("Platform Credential contained {} unmatched components:", pcUnmatchedComponents.size());
 
             int unmatchedComponentCounter = 1;
             for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
                 if (unmatchedComponent.isVersion2() && PciIds.DB.isReady()) {
                     unmatchedComponent =
                             AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
                 }
-                log.error("Unmatched component " + unmatchedComponentCounter++ + ": "
-                        + unmatchedComponent);
+                log.error("Unmatched component {}: {}", unmatchedComponentCounter++, unmatchedComponent);
                 sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
                         unmatchedComponent.getComponentManufacturer(),
                         unmatchedComponent.getComponentModel(),
@@ -797,8 +793,7 @@ private static boolean optionalPlatformCredentialFieldNullOrMatches(
     private static boolean hasEmptyValueForRequiredField(final String description,
                                                          final String fieldValue) {
         if (StringUtils.isEmpty(fieldValue)) {
-            log.error("Required field was empty or null in Platform Credential: "
-                    + description);
+            log.error("Required field was empty or null in Platform Credential: {}", description);
             return true;
         }
         return false;
@@ -871,7 +866,7 @@ private static List<ComponentResult> checkDeviceHashMap(
             final List<ComponentInfo> componentInfos,
             final List<ComponentResult> compiledComponentList) {
         Map<Integer, List<ComponentInfo>> deviceHashMap = new HashMap<>();
-        componentInfos.stream().forEach((componentInfo) -> {
+        componentInfos.forEach((componentInfo) -> {
             List<ComponentInfo> innerList;
             Integer compInfoHash = componentInfo.hashCommonElements();
             if (deviceHashMap.containsKey(compInfoHash)) {
@@ -910,7 +905,7 @@ private static List<ComponentAttributeResult> checkComponentClassMap(
         // continue down the options, move to a different method.
         // create component class mapping to component info
         Map<String, List<ComponentInfo>> componentDeviceMap = new HashMap<>();
-        componentInfos.stream().forEach((componentInfo) -> {
+        componentInfos.forEach((componentInfo) -> {
             List<ComponentInfo> innerList;
             String componentClass = componentInfo.getComponentClass();
             if (componentDeviceMap.containsKey(componentClass)) {
@@ -1002,7 +997,7 @@ private static List<ComponentAttributeResult> findMismatchedValues(
             final ComponentResult componentResult) {
         // this list only has those of the same class type
         Map<String, ComponentInfo> componentSerialMap = new HashMap<>();
-        componentClassInfo.stream().forEach((componentInfo) -> {
+        componentClassInfo.forEach((componentInfo) -> {
             componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo);
         });
         // see if the serial exists

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java

@@ -35,7 +35,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
      *
      * @param ec            the endorsement credential to verify.
      * @param trustStore    trust store holding trusted certificates.
-     * @param acceptExpired whether or not to accept expired and not yet valid certificates
+     * @param acceptExpired whether to accept expired and not yet valid certificates
      *                      as valid.
      * @return the result of the validation.
      */

HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java

@@ -415,14 +415,13 @@ private static InetAddress getTestIpAddress() {
      * Checks if the ST Micro Endorsement Credential can be validated against the
      * ST/GlobalSIgn Certificate Chain.
      *
-     * @throws IOException          if error occurs while reading files
-     * @throws URISyntaxException   if error occurs while reading files
-     * @throws CertificateException if error occurs while processing X509 Certs
-     * @throws KeyStoreException    if error occurs while processing Keystore
+     * @throws IOException        if error occurs while reading files
+     * @throws URISyntaxException if error occurs while reading files
+     * @throws KeyStoreException  if error occurs while processing Keystore
      */
     @Test
     public final void testValidateEndorsementCredential()
-            throws URISyntaxException, IOException, CertificateException, KeyStoreException {
+            throws URISyntaxException, IOException, KeyStoreException {
 
         EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
                 Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
@@ -455,14 +454,13 @@ public final void testValidateEndorsementCredential()
      * Validates a generated cert chain pretending to be from Intel. Credential was generated
      * with an intermediate CA. This tests the entire chain of validation back to the root CA.
      *
-     * @throws IOException          if error occurs while reading files
-     * @throws KeyStoreException    if there's an issue string certs to the keystore
-     * @throws CertificateException if error occurs while ingesting a certificate
-     * @throws URISyntaxException   if a URI can't be processed
+     * @throws IOException        if error occurs while reading files
+     * @throws KeyStoreException  if there's an issue string certs to the keystore
+     * @throws URISyntaxException if a URI can't be processed
      */
     @Test
     public final void validateIntelPlatformCredentials()
-            throws URISyntaxException, IOException, CertificateException, KeyStoreException {
+            throws URISyntaxException, IOException, KeyStoreException {
 
         Certificate intermediatecacert =
                 new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
@@ -855,7 +853,7 @@ public final void verifyX509AttributeCertificateAgainstIntermediate()
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -899,7 +897,7 @@ public final void verifyX509AttributeCertificateFailsIfSigningCertNotInList()
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -938,7 +936,7 @@ public final void verifyX509AttributeCertificateAgainstCA()
             throws SupplyChainValidatorException {
         KeyPair caKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate targetCert =
@@ -977,7 +975,7 @@ public final void verifyX509CertificateAgainstIntermediate()
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -1017,7 +1015,7 @@ public final void verifyX509CertificateFailsIfSigningCertNotInList()
         KeyPair caKeyPair = createKeyPair();
         KeyPair intermediateKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate intermediateCert =
@@ -1051,7 +1049,7 @@ public final void verifyX509CertificateFailsIfSigningCertNotInList()
     public final void verifyX509CertificateAgainstCA() throws SupplyChainValidatorException {
         KeyPair caKeyPair = createKeyPair();
         KeyPair targetKeyPair = createKeyPair();
-        Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
+        Set<X509Certificate> trustedCerts = new HashSet<>();
 
         X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
         X509Certificate targetCert =
@@ -1175,13 +1173,12 @@ public final void verifyPlatformCredentialNullDeviceInfoReport()
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
 
     @Test
     public final void testPlatformDnEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
@@ -1207,12 +1204,11 @@ public final void testPlatformDnEquals() throws URISyntaxException, IOException,
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
@@ -1237,12 +1233,11 @@ public final void testPlatformDnNotEquals() throws URISyntaxException, IOExcepti
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
@@ -1268,12 +1263,11 @@ public final void testEndorsementDnEquals() throws URISyntaxException, IOExcepti
      *
      * @throws URISyntaxException            failed to read certificate
      * @throws IOException                   failed to read certificate
-     * @throws KeyStoreException             failed to read key store
      * @throws SupplyChainValidatorException missing credential
      */
     @Test
     public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
-            KeyStoreException, SupplyChainValidatorException {
+            SupplyChainValidatorException {
         Certificate signingCert;
         signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
                 Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))