[#72] Supply Chain Validator fix and update

HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java

@@ -142,6 +142,7 @@ private static String getJSONNodeValueAsText(final JsonNode node, final String f
      * @param acceptExpired whether or not to accept expired certificates as valid.
      * @return The result of the validation.
      */
+    @Override
     public AppraisalStatus validatePlatformCredential(final PlatformCredential pc,
                                                      final KeyStore trustStore,
                                                      final boolean acceptExpired) {
@@ -210,6 +211,7 @@ public AppraisalStatus validatePlatformCredential(final PlatformCredential pc,
      *          identity request as the platform credential.
      * @return The result of the validation.
      */
+    @Override
     public AppraisalStatus validatePlatformCredentialAttributes(
             final PlatformCredential platformCredential,
             final DeviceInfoReport deviceInfoReport,
@@ -397,12 +399,12 @@ static AppraisalStatus validatePlatformCredentialAttributesV2p0(
         // check PlatformSerial against both system-serial-number and baseboard-serial-number
         fieldValidation = (
                 (
-                requiredPlatformCredentialFieldIsNonEmptyAndMatches(
+                notRequiredPlatformCredentialFieldMatchesNotNullAndMatches(
                     "PlatformSerial",
                     platformCredential.getPlatformSerial(),
                     hardwareInfo.getSystemSerialNumber())
                 ) || (
-                requiredPlatformCredentialFieldIsNonEmptyAndMatches(
+                notRequiredPlatformCredentialFieldMatchesNotNullAndMatches(
                         "PlatformSerial",
                         platformCredential.getPlatformSerial(),
                         hardwareInfo.getBaseboardSerialNumber())
@@ -493,8 +495,8 @@ private static boolean validateV2p0PlatformCredentialComponentsExpectingExactMat
         // on the leftovers in the lists and the policy in place.
         final List<ComponentIdentifier> pcComponents = new ArrayList<>();
         for (ComponentIdentifier component : untrimmedPcComponents) {
-            DERUTF8String componentSerial = null;
-            DERUTF8String componentRevision = null;
+            DERUTF8String componentSerial = new DERUTF8String("");
+            DERUTF8String componentRevision = new DERUTF8String("");
             if (component.getComponentSerial() != null) {
                 componentSerial = new DERUTF8String(
                         component.getComponentSerial().getString().trim());
@@ -605,15 +607,15 @@ private static boolean validateV2p0PlatformCredentialComponentsExpectingExactMat
 
             // The remaining components from the manufacturer have only the 2 required fields so
             // just match them.
-            Iterator<ComponentIdentifier> pcComponentIter = pcComponentsFromManufacturer.iterator();
-            while (pcComponentIter.hasNext()) {
-                ComponentIdentifier pcComponent =  pcComponentIter.next();
+            List<ComponentIdentifier> templist = new ArrayList<>(pcComponentsFromManufacturer);
+            for (ComponentIdentifier ci : templist) {
+                ComponentIdentifier pcComponent = ci;
                 Iterator<ComponentInfo> diComponentIter
                         = deviceInfoComponentsFromManufacturer.iterator();
                 while (diComponentIter.hasNext()) {
                     ComponentInfo potentialMatch = diComponentIter.next();
                     if (isMatch(pcComponent, potentialMatch)) {
-                        pcComponentIter.remove();
+                        pcComponentsFromManufacturer.remove(ci);
                         diComponentIter.remove();
                     }
                 }
@@ -636,13 +638,12 @@ private static boolean validateV2p0PlatformCredentialComponentsExpectingExactMat
         return true;
     }
 
-
-/**
- * Returns true if fieldValue is null or empty.
- * @param description description of the value
- * @param fieldValue value of the field
- * @return true if fieldValue is null or empty; false otherwise
- */
+    /**
+     * Returns true if fieldValue is null or empty.
+     * @param description description of the value
+     * @param fieldValue value of the field
+     * @return true if fieldValue is null or empty; false otherwise
+     */
     private static boolean hasEmptyValueForRequiredField(final String description,
                                                   final String fieldValue) {
         if (StringUtils.isEmpty(fieldValue)) {
@@ -669,6 +670,15 @@ private static boolean hasEmptyValueForRequiredField(final String description,
         return false;
     }
 
+    /**
+     * Validates the information supplied for the Platform Credential.  This
+     * method checks if the field is required and therefore if the value is
+     * present then verifies that the values match.
+     * @param platformCredentialFieldName name of field to be compared
+     * @param platformCredentialFieldValue first value to compare
+     * @param otherValue second value to compare
+     * @return true if values match
+     */
     private static boolean requiredPlatformCredentialFieldIsNonEmptyAndMatches(
             final String platformCredentialFieldName,
             final String platformCredentialFieldValue,
@@ -678,6 +688,26 @@ private static boolean requiredPlatformCredentialFieldIsNonEmptyAndMatches(
             return false;
         }
 
+        return platformCredentialFieldMatches(platformCredentialFieldName,
+                platformCredentialFieldValue, otherValue);
+    }
+
+    private static boolean notRequiredPlatformCredentialFieldMatchesNotNullAndMatches(
+            final String platformCredentialFieldName,
+            final String platformCredentialFieldValue,
+            final String otherValue) {
+        if (platformCredentialFieldValue == null) {
+            return true;
+        }
+
+        return platformCredentialFieldMatches(platformCredentialFieldName,
+                platformCredentialFieldValue, otherValue);
+    }
+
+    private static boolean platformCredentialFieldMatches(
+            final String platformCredentialFieldName,
+            final String platformCredentialFieldValue,
+            final String otherValue) {
         String trimmedFieldValue = platformCredentialFieldValue.trim();
         String trimmedOtherValue = otherValue.trim();
 
@@ -692,6 +722,7 @@ private static boolean requiredPlatformCredentialFieldIsNonEmptyAndMatches(
                 + "a related field in the DeviceInfoReport (%s)",
                 platformCredentialFieldName, trimmedFieldValue)
         );
+
         return true;
     }
 
@@ -812,6 +843,7 @@ private static boolean deviceInfoContainsPlatformSerialNumber(
      *                      as valid.
      * @return the result of the validation.
      */
+    @Override
     public AppraisalStatus validateEndorsementCredential(final EndorsementCredential ec,
                                                        final KeyStore trustStore,
                                                        final boolean acceptExpired) {

HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java

@@ -1586,8 +1586,6 @@ public final void testvalidatePlatformCredentialAttributesV2p0RequiredFieldsNull
         result = SupplyChainCredentialValidator
                 .validatePlatformCredentialAttributesV2p0(platformCredential,
                         deviceInfoReport);
-        Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
-        Assert.assertEquals(result.getMessage(), "Platform serial did not match\n");
 
         platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
         result = SupplyChainCredentialValidator