diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index 8d887c38a..6761bf797 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -1,5 +1,6 @@ package hirs.attestationca.persist.provision; +import com.fasterxml.jackson.databind.ser.Serializers; import com.google.protobuf.ByteString; import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2; import hirs.attestationca.persist.entity.manager.CertificateRepository; @@ -375,11 +376,20 @@ private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim cla support.getHexDecHash().length() - NUM_OF_VARIABLES))); support.setDeviceName(dv.getNw().getHostname()); this.referenceManifestRepository.save(support); - } else { - log.info("Client provided Support RIM already loaded in database."); + } else if (support.isArchived()) { + List rims = referenceManifestRepository.findByArchiveFlag(false); + for (ReferenceManifest rim : rims) { + if (rim.isSupport() && + rim.getTagId().equals(support.getTagId()) && + rim.getCreateTime().after(support.getCreateTime())) { + support.setDeviceName(null); + support = (SupportReferenceManifest) rim; + support.setDeviceName(dv.getNw().getHostname()); + } + } if (support.isArchived()) { - support.restore(); - support.resetCreateTime(); + throw new Exception("Unable to locate an unarchived support RIM."); + } else { this.referenceManifestRepository.save(support); } } @@ -408,21 +418,25 @@ private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim cla swidFile.toByteArray()); dbBaseRim.setDeviceName(dv.getNw().getHostname()); this.referenceManifestRepository.save(dbBaseRim); - } else { - log.info("Client provided Base RIM already loaded in database."); - /** - * Leaving this as is for now, however can there be a condition - * in which the provisioner sends swidtags without support rims? - */ + } else if (dbBaseRim.isArchived()) { + List rims = referenceManifestRepository.findByArchiveFlag(false); + for (ReferenceManifest rim : rims) { + if (rim.isBase() && rim.getTagId().equals(dbBaseRim.getTagId()) && + rim.getCreateTime().after(dbBaseRim.getCreateTime())) { + dbBaseRim.setDeviceName(null); + dbBaseRim = (BaseReferenceManifest) rim; + dbBaseRim.setDeviceName(dv.getNw().getHostname()); + } + } if (dbBaseRim.isArchived()) { - dbBaseRim.restore(); - dbBaseRim.resetCreateTime(); - this.referenceManifestRepository.save(dbBaseRim); + throw new Exception("Unable to locate an unarchived base RIM."); } } tagId = dbBaseRim.getTagId(); } catch (UnmarshalException e) { log.error(e); + } catch (Exception ex) { + log.error(String.format("Failed to load base rim: %s", ex.getMessage())); } } } else { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java index eb4502504..452115d6a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java @@ -66,7 +66,10 @@ public static AppraisalStatus validateFirmware( // In this case, try to look up the event log associated with the device, then get the base rim associated by event log hash List deviceRims = referenceManifestRepository.findByDeviceName(hostName); for (ReferenceManifest deviceRim : deviceRims) { - if (deviceRim instanceof BaseReferenceManifest && !deviceRim.isSwidSupplemental() && !deviceRim.isSwidPatch()) { + if (deviceRim instanceof BaseReferenceManifest && + !deviceRim.isSwidSupplemental() && + !deviceRim.isSwidPatch() && + !deviceRim.isArchived()) { baseReferenceManifest = (BaseReferenceManifest) deviceRim; } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index f05e2b27d..9722ab2d0 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -239,9 +239,7 @@ public RedirectView delete(@RequestParam final String id, messages.addError(notFoundMessage); log.warn(notFoundMessage); } else { - // if support rim, update associated events - referenceManifest.archive(); - referenceManifestRepository.save(referenceManifest); + referenceManifestRepository.delete(referenceManifest); String deleteCompletedMessage = "RIM successfully deleted"; messages.addInfo(deleteCompletedMessage); log.info(deleteCompletedMessage);