Finished issue. Ready for PR

HIRS_Utils/src/main/java/hirs/utils/SwidResource.java

@@ -19,7 +19,7 @@
 public class SwidResource {
 
     @Getter
-    private final boolean validFileSize = false;
+    private static final boolean VALID_FILE_SIZE = false;
 
     @Getter
     @Setter

HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java

@@ -8,7 +8,7 @@
  * class. It is expected that member properties of this class will expand as
  * more functionality is added to SwidTagGateway.
  */
-public class SwidTagConstants {
+public final class SwidTagConstants {
 
     public static final String DEFAULT_KEYSTORE_FILE = "keystore.jks"; //"/opt/hirs/rimtool/keystore.jks";
     public static final String DEFAULT_KEYSTORE_PASSWORD = "password";

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader.java

@@ -13,18 +13,18 @@
  * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER.
  * DEVICE_SECURITY_EVENT_DATA_HEADER contains the measurement(s) and hash algorithm identifier
  * returned by the SPDM "GET_MEASUREMENTS" function.
- *
+ * <p>
  * HEADERS defined by PFP v1.06 Rev 52:
  * <p>
  * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER {
- *      UINT8                           Signature[16];
- *      UINT16                          Version;
- *      UINT16                          Length;
- *      UINT32                          SpdmHashAlg;
- *      UINT32                          DeviceType;
- *      SPDM_MEASUREMENT_BLOCK          SpdmMeasurementBlock;
- *      UINT64                          DevicePathLength;
- *      UNIT8                           DevicePath[DevicePathLength]
+ * UINT8                           Signature[16];
+ * UINT16                          Version;
+ * UINT16                          Length;
+ * UINT32                          SpdmHashAlg;
+ * UINT32                          DeviceType;
+ * SPDM_MEASUREMENT_BLOCK          SpdmMeasurementBlock;
+ * UINT64                          DevicePathLength;
+ * UNIT8                           DevicePath[DevicePathLength]
  * } DEVICE_SECURITY_EVENT_DATA_HEADER;
  * <p>
  * Assumption: there is only 1 SpdmMeasurementBlock per event. Need more test patterns to verify.
@@ -62,8 +62,9 @@ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) {
 
         super(dsedBytes);
 
+        final int dsedBytesSrcIndex1 = 18;
         byte[] lengthBytes = new byte[UefiConstants.SIZE_2];
-        System.arraycopy(dsedBytes, 18, lengthBytes, 0,
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex1, lengthBytes, 0,
                 UefiConstants.SIZE_2);
         length = HexUtils.leReverseInt(lengthBytes);
 
@@ -72,18 +73,22 @@ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) {
                 UefiConstants.SIZE_4);
         spdmHashAlgo = HexUtils.leReverseInt(spdmHashAlgoBytes);
 
-        extractDeviceType(dsedBytes, 24);
+        final int dsedBytesStartByte = 24;
+        extractDeviceType(dsedBytes, dsedBytesStartByte);
 
         // get the size of the SPDM Measurement Block
+        final int dsedBytesSrcIndex2 = 30;
         byte[] sizeOfSpdmMeasBlockBytes = new byte[UefiConstants.SIZE_2];
-        System.arraycopy(dsedBytes, 30, sizeOfSpdmMeasBlockBytes, 0,
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex2, sizeOfSpdmMeasBlockBytes, 0,
                 UefiConstants.SIZE_2);
-        int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
-        int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + 4;   // header is 4 bytes
+        final int sizeOfSpdmMeas = HexUtils.leReverseInt(sizeOfSpdmMeasBlockBytes);
+        final int offSetBytesForSpdm = 4;
+        final int sizeOfSpdmMeasBlock = sizeOfSpdmMeas + offSetBytesForSpdm;   // header is 4 bytes
 
         // extract the bytes that comprise the SPDM Measurement Block
+        final int dsedBytesSrcIndex3 = 28;
         byte[] spdmMeasBlockBytes = new byte[sizeOfSpdmMeasBlock];
-        System.arraycopy(dsedBytes, 28, spdmMeasBlockBytes, 0,
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex3, spdmMeasBlockBytes, 0,
                 sizeOfSpdmMeasBlock);
 
         ByteArrayInputStream spdmMeasurementBlockData =
@@ -96,7 +101,8 @@ public DeviceSecurityEventDataHeader(final byte[] dsedBytes) {
             spdmMeasurementBlockInfo = "      Error reading SPDM Measurement Block";
         }
 
-        int devPathLenStartByte = 28 + sizeOfSpdmMeasBlock;
+        final int offSetBytesForDevPath = 28;
+        final int devPathLenStartByte = offSetBytesForDevPath + sizeOfSpdmMeasBlock;
         extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
     }
 

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataHeader2.java

@@ -7,26 +7,52 @@
  * Class to process the DEVICE_SECURITY_EVENT_DATA_HEADER2.
  * DEVICE_SECURITY_EVENT_DATA_HEADER2 contains the measurement(s) and hash algorithm identifier
  * returned by the SPDM "GET_MEASUREMENTS" function.
- *
+ * <p>
  * HEADERS defined by PFP v1.06 Rev 52:
  * <p>
  * typedef struct tdDEVICE_SECURITY_EVENT_DATA_HEADER2 {
- *      UINT8                           Signature[16];
- *      UINT16                          Version;
- *      UINT8                           AuthState;
- *      UINT8                           Reserved
- *      UINT32                          Length;
- *      UINT32                          DeviceType;
- *      UINT32                          SubHeaderType;
- *      UINT32                          SubHeaderLength;
- *      UINT64                          SubHeaderUID;
- *      UINT64                          DevicePathLength;
- *      UNIT8                           DevicePath[DevicePathLength]
+ * UINT8                           Signature[16];
+ * UINT16                          Version;
+ * UINT8                           AuthState;
+ * UINT8                           Reserved
+ * UINT32                          Length;
+ * UINT32                          DeviceType;
+ * UINT32                          SubHeaderType;
+ * UINT32                          SubHeaderLength;
+ * UINT64                          SubHeaderUID;
+ * UINT64                          DevicePathLength;
+ * UNIT8                           DevicePath[DevicePathLength]
  * } DEVICE_SECURITY_EVENT_DATA_HEADER2;
  * <p>
  */
 public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
 
+    /**
+     * Auth state - success.
+     */
+    public static final int AUTH_SUCCESS = 0;
+    /**
+     * Auth state - digital signature of the data is valid, but the public key certificate chain is not
+     * validated with the entry in the UEFI device signature variable.
+     */
+    public static final int AUTH_NO_AUTHORITY = 1;
+    /**
+     * Auth state - digital signature of the measurement data is valid, but the reported device capabilities,
+     * negotiated parameters or certificate chains were not validated by a transcript.
+     */
+    public static final int AUTH_NO_BINDING = 2;
+    /**
+     * Auth state - data has no digital signature.
+     */
+    public static final int AUTH_FAIL_NO_SIG = 3;
+    /**
+     * Auth state - data is invalid.
+     */
+    public static final int AUTH_FAIL_INVALID = 4;
+    /**
+     * Auth state - device is not an SPDM-capable device.
+     */
+    public static final int AUTH_NO_SPDM = 0xFF;
     /**
      * Event auth state.
      */
@@ -55,33 +81,6 @@ public class DeviceSecurityEventDataHeader2 extends DeviceSecurityEventHeader {
     @Getter
     private String subHeaderUid = "";
 
-    /**
-     * Auth state - success.
-     */
-    public static final int AUTH_SUCCESS = 0;
-    /**
-     * Auth state - digital signature of the data is valid, but the public key certificate chain is not
-     *              validated with the entry in the UEFI device signature variable.
-     */
-    public static final int AUTH_NO_AUTHORITY = 1;
-    /**
-     * Auth state - digital signature of the measurement data is valid, but the reported device capabilities,
-     *              negotiated parameters or certificate chains were not validated by a transcript.
-     */
-    public static final int AUTH_NO_BINDING = 2;
-    /**
-     * Auth state - data has no digital signature.
-     */
-    public static final int AUTH_FAIL_NO_SIG = 3;
-    /**
-     * Auth state - data is invalid.
-     */
-    public static final int AUTH_FAIL_INVALID = 4;
-    /**
-     * Auth state - device is not an SPDM-capable device.
-     */
-    public static final int AUTH_NO_SPDM = 0xFF;
-
     /**
      * DeviceSecurityEventDataHeader2 Constructor.
      *
@@ -91,33 +90,43 @@ public DeviceSecurityEventDataHeader2(final byte[] dsedBytes) {
 
         super(dsedBytes);
 
+        final int dsedBytesSrcIndex = 18;
         byte[] authStateBytes = new byte[1];
-        System.arraycopy(dsedBytes, 18, authStateBytes, 0, 1);
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex, authStateBytes, 0, 1);
         authState = HexUtils.leReverseInt(authStateBytes);
 
         // byte[] reserved[Bytes]: 1 byte
 
-        byte[] lengthBytes = new byte[4];
-        System.arraycopy(dsedBytes, 20, lengthBytes, 0, 4);
+        final int dsedBytesSrcIndex2 = 20;
+        final int lengthBytesSize = 4;
+        byte[] lengthBytes = new byte[lengthBytesSize];
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex2, lengthBytes, 0, lengthBytesSize);
         length = HexUtils.leReverseInt(lengthBytes);
 
-        extractDeviceType(dsedBytes, 24);
+        final int dsedBytesStartByte1 = 24;
+        extractDeviceType(dsedBytes, dsedBytesStartByte1);
 
-        byte[] subHeaderTypeBytes = new byte[4];
-        System.arraycopy(dsedBytes, 28, subHeaderTypeBytes, 0, 4);
+        final int dsedBytesSrcIndex3 = 28;
+        final int subHeaderTypeBytesSize = 4;
+        byte[] subHeaderTypeBytes = new byte[subHeaderTypeBytesSize];
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex3, subHeaderTypeBytes, 0, subHeaderTypeBytesSize);
         subHeaderType = HexUtils.leReverseInt(subHeaderTypeBytes);
 
-        byte[] subHeaderLengthBytes = new byte[4];
-        System.arraycopy(dsedBytes, 32, subHeaderLengthBytes, 0, 4);
+        final int dsedBytesSrcIndex4 = 32;
+        final int subHeaderLengthBytesSize = 4;
+        byte[] subHeaderLengthBytes = new byte[subHeaderLengthBytesSize];
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex4, subHeaderLengthBytes, 0, subHeaderLengthBytesSize);
         subHeaderLength = HexUtils.leReverseInt(subHeaderLengthBytes);
 
-        byte[] subHeaderUidBytes = new byte[8];
-        System.arraycopy(dsedBytes, 36, subHeaderUidBytes, 0, 8);
+        final int dsedBytesSrcIndex5 = 36;
+        final int subHeaderUidBytesSize = 8;
+        byte[] subHeaderUidBytes = new byte[subHeaderUidBytesSize];
+        System.arraycopy(dsedBytes, dsedBytesSrcIndex5, subHeaderUidBytes, 0, subHeaderUidBytesSize);
         subHeaderUidBytes = HexUtils.leReverseByte(subHeaderUidBytes);
         subHeaderUid = HexUtils.byteArrayToHexString(subHeaderUidBytes);
 
-        int devPathLenStartByte = 44;
-        extractDevicePathAndFinalSize(dsedBytes, devPathLenStartByte);
+        final int dsedBytesStartByte2 = 44;
+        extractDevicePathAndFinalSize(dsedBytes, dsedBytesStartByte2);
     }
 
     /**
@@ -139,22 +148,14 @@ public String toString() {
      * @return a description of the auth state.
      */
     public String getAuthStateString() {
-
-        switch (authState) {
-            case AUTH_SUCCESS:
-                return ("AUTH_SUCCESS");
-            case AUTH_NO_AUTHORITY:
-                return ("AUTH_NO_AUTHORITY");
-            case AUTH_NO_BINDING:
-                return ("AUTH_NO_BINDING");
-            case AUTH_FAIL_NO_SIG:
-                return ("AUTH_FAIL_NO_SIG");
-            case AUTH_FAIL_INVALID:
-                return ("AUTH_FAIL_INVALID");
-            case AUTH_NO_SPDM:
-                return ("AUTH_NO_SPDM");
-            default:
-                return ("Auth State unknown");
-        }
+        return switch (authState) {
+            case AUTH_SUCCESS -> ("AUTH_SUCCESS");
+            case AUTH_NO_AUTHORITY -> ("AUTH_NO_AUTHORITY");
+            case AUTH_NO_BINDING -> ("AUTH_NO_BINDING");
+            case AUTH_FAIL_NO_SIG -> ("AUTH_FAIL_NO_SIG");
+            case AUTH_FAIL_INVALID -> ("AUTH_FAIL_INVALID");
+            case AUTH_NO_SPDM -> ("AUTH_NO_SPDM");
+            default -> ("Auth State unknown");
+        };
     }
 }

HIRS_Utils/src/main/java/hirs/utils/tpm/eventlog/events/DeviceSecurityEventDataPciContext.java

@@ -13,27 +13,27 @@
  * Class to process the DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT event per PFP.
  * <p>
  * typedef struct tdDEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT {
- *      UINT16       Version;
- *      UINT16       Length;
- *      UINT16       VendorId;
- *      UINT16       DeviceId;
- *      UINT16       RevisionId;
- *      UINT16       ClassCode[3];
- *      UINT16       SubsystemVendorId;
- *      UINT16       SubsystemId;
+ * UINT16       Version;
+ * UINT16       Length;
+ * UINT16       VendorId;
+ * UINT16       DeviceId;
+ * UINT16       RevisionId;
+ * UINT16       ClassCode[3];
+ * UINT16       SubsystemVendorId;
+ * UINT16       SubsystemId;
  * <p>
  * The following fields are defined by the PCI Express Base Specification rev4.0 v1.0.
- *    VendorId
- *    DeviceId
- *    RevisionId
- *    ClassCode
- *    SubsystemVendorId
- *    SubsystemId
+ * VendorId
+ * DeviceId
+ * RevisionId
+ * ClassCode
+ * SubsystemVendorId
+ * SubsystemId
  * Vendor id and device id are registered to specific manufacturers.
- *    https://admin.pci-ids.ucw.cz/read/PC/
- *    Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
+ * https://admin.pci-ids.ucw.cz/read/PC/
+ * Ex. vendor id 8086 and device id 0b60: https://admin.pci-ids.ucw.cz/read/PC/8086/0b60
  * Class code can be looked up on the web.
- *    https://admin.pci-ids.ucw.cz/read/PD/
+ * https://admin.pci-ids.ucw.cz/read/PD/
  * The revision ID is controlled by the vendor and cannot be looked up.
  */
 public class DeviceSecurityEventDataPciContext extends DeviceSecurityEventDataDeviceContext {
@@ -78,28 +78,36 @@ public DeviceSecurityEventDataPciContext(final byte[] dSEDpciContextBytes) {
 
         super(dSEDpciContextBytes);
 
+        final int dSEDpciContextBytesSrcIndex1 = 4;
         byte[] pciVendorIdBytes = new byte[2];
-        System.arraycopy(dSEDpciContextBytes, 4, pciVendorIdBytes, 0, 2);
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex1, pciVendorIdBytes, 0, 2);
         vendorId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciVendorIdBytes));
 
+        final int dSEDpciContextBytesSrcIndex2 = 6;
         byte[] pciDeviceIdBytes = new byte[2];
-        System.arraycopy(dSEDpciContextBytes, 6, pciDeviceIdBytes, 0, 2);
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex2, pciDeviceIdBytes, 0, 2);
         deviceId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciDeviceIdBytes));
 
+        final int dSEDpciContextBytesSrcIndex3 = 8;
         byte[] pciRevisionIdBytes = new byte[1];
-        System.arraycopy(dSEDpciContextBytes, 8, pciRevisionIdBytes, 0, 1);
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex3, pciRevisionIdBytes, 0, 1);
         revisionId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciRevisionIdBytes));
 
-        byte[] pciClassCodeBytes = new byte[3];
-        System.arraycopy(dSEDpciContextBytes, 9, pciClassCodeBytes, 0, 3);
+        final int dSEDpciContextBytesSrcIndex4 = 9;
+        final int pciClassCodeBytesSize = 3;
+        byte[] pciClassCodeBytes = new byte[pciClassCodeBytesSize];
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex4, pciClassCodeBytes, 0,
+                pciClassCodeBytesSize);
         classCode = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciClassCodeBytes));
 
+        final int dSEDpciContextBytesSrcIndex5 = 12;
         byte[] pciSubsystemVendorIdBytes = new byte[2];
-        System.arraycopy(dSEDpciContextBytes, 12, pciSubsystemVendorIdBytes, 0, 2);
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex5, pciSubsystemVendorIdBytes, 0, 2);
         subsystemVendorId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciSubsystemVendorIdBytes));
 
+        final int dSEDpciContextBytesSrcIndex6 = 14;
         byte[] pciSubsystemIdBytes = new byte[2];
-        System.arraycopy(dSEDpciContextBytes, 14, pciSubsystemIdBytes, 0, 2);
+        System.arraycopy(dSEDpciContextBytes, dSEDpciContextBytesSrcIndex6, pciSubsystemIdBytes, 0, 2);
         subsystemId = HexUtils.byteArrayToHexString(HexUtils.leReverseByte(pciSubsystemIdBytes));
     }
 
@@ -118,8 +126,9 @@ public String toString() {
         dSEDpciContextInfo += "      RevisionID = " + revisionId + "\n";
 
         List<String> classCodeList = translateDeviceClass(classCode);
+        final int validClassCodeListSize = 3;
         dSEDpciContextInfo += "      Device Class: \n";
-        if (classCodeList.size() == 3) {
+        if (classCodeList.size() == validClassCodeListSize) {
             dSEDpciContextInfo += "        Class = " + classCodeList.get(0) + "\n";
             dSEDpciContextInfo += "        Subclass = " + classCodeList.get(1) + "\n";
             dSEDpciContextInfo += "        Programming Interface = " + classCodeList.get(2) + "\n";