Skip to content

Commit

Permalink
split long lists of SQL values across lines
Browse files Browse the repository at this point in the history
  • Loading branch information
@thestinger
thestinger committed Sep 27, 2024
1 parent e4bfe4e commit 967728a
Show file tree
Hide file tree
Showing 2 changed files with 133 additions and 40 deletions.
94 changes: 72 additions & 22 deletions src/main/java/app/attestation/server/AttestationProtocol.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1285,9 +1285,17 @@ private static void verify(final byte[] fingerprint,
int pinnedSecurityLevel = 1;
if (hasPersistentKey) {
final SQLiteStatement st = conn.prepare("""
SELECT pinnedCertificates, pinnedVerifiedBootKey, pinnedOsVersion,
pinnedOsPatchLevel, pinnedVendorPatchLevel, pinnedBootPatchLevel,
pinnedAppVersion, pinnedAppVariant, pinnedSecurityLevel, userId
SELECT
pinnedCertificates,
pinnedVerifiedBootKey,
pinnedOsVersion,
pinnedOsPatchLevel,
pinnedVendorPatchLevel,
pinnedBootPatchLevel,
pinnedAppVersion,
pinnedAppVariant,
pinnedSecurityLevel,
userId
FROM Devices WHERE fingerprint = ?""");
try {
st.bind(1, fingerprint);
Expand Down Expand Up @@ -1375,12 +1383,23 @@ private static void verify(final byte[] fingerprint,
}

final SQLiteStatement update = conn.prepare("""
UPDATE Devices SET verifiedBootHash = ?, pinnedOsVersion = ?,
pinnedOsPatchLevel = ?, pinnedVendorPatchLevel = ?,
pinnedBootPatchLevel = ?, pinnedAppVersion = ?, pinnedSecurityLevel = ?,
userProfileSecure = ?, enrolledBiometrics = ?, accessibility = ?,
deviceAdmin = ?, adbEnabled = ?, addUsersWhenLocked = ?,
oemUnlockAllowed = ?, systemUser = ?, verifiedTimeLast = ?
UPDATE Devices SET
verifiedBootHash = ?,
pinnedOsVersion = ?,
pinnedOsPatchLevel = ?,
pinnedVendorPatchLevel = ?,
pinnedBootPatchLevel = ?,
pinnedAppVersion = ?,
pinnedSecurityLevel = ?,
userProfileSecure = ?,
enrolledBiometrics = ?,
accessibility = ?,
deviceAdmin = ?,
adbEnabled = ?,
addUsersWhenLocked = ?,
oemUnlockAllowed = ?,
systemUser = ?,
verifiedTimeLast = ?
WHERE fingerprint = ?""");
try {
update.bind(1, verified.verifiedBootHash);
Expand Down Expand Up @@ -1412,14 +1431,31 @@ private static void verify(final byte[] fingerprint,
verifySignature(attestationCertificates[0].getPublicKey(), signedMessage, signature);

final SQLiteStatement insert = conn.prepare("""
INSERT INTO Devices (fingerprint, pinnedCertificates, attestKey,
pinnedVerifiedBootKey, verifiedBootHash, pinnedOsVersion,
pinnedOsPatchLevel, pinnedVendorPatchLevel, pinnedBootPatchLevel,
pinnedAppVersion, pinnedAppVariant, pinnedSecurityLevel, userProfileSecure,
enrolledBiometrics, accessibility, deviceAdmin, adbEnabled,
addUsersWhenLocked, oemUnlockAllowed, systemUser,
verifiedTimeFirst, verifiedTimeLast, userId)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""");
INSERT INTO Devices (
fingerprint,
pinnedCertificates,
attestKey,
pinnedVerifiedBootKey,
verifiedBootHash,
pinnedOsVersion,
pinnedOsPatchLevel,
pinnedVendorPatchLevel,
pinnedBootPatchLevel,
pinnedAppVersion,
pinnedAppVariant,
pinnedSecurityLevel,
userProfileSecure,
enrolledBiometrics,
accessibility,
deviceAdmin,
adbEnabled,
addUsersWhenLocked,
oemUnlockAllowed,
systemUser,
verifiedTimeFirst,
verifiedTimeLast,
userId
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""");
try {
insert.bind(1, fingerprint);
insert.bind(2, encodeChain(DEFLATE_DICTIONARY_2, attestationCertificates));
Expand Down Expand Up @@ -1455,11 +1491,25 @@ INSERT INTO Devices (fingerprint, pinnedCertificates, attestKey,
}

final SQLiteStatement insert = conn.prepare("""
INSERT INTO Attestations (fingerprint, time, strong, osVersion, osPatchLevel,
vendorPatchLevel, bootPatchLevel, verifiedBootHash, appVersion,
userProfileSecure, enrolledBiometrics, accessibility, deviceAdmin, adbEnabled,
addUsersWhenLocked, oemUnlockAllowed, systemUser)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""");
INSERT INTO Attestations (
fingerprint,
time,
strong,
osVersion,
osPatchLevel,
vendorPatchLevel,
bootPatchLevel,
verifiedBootHash,
appVersion,
userProfileSecure,
enrolledBiometrics,
accessibility,
deviceAdmin,
adbEnabled,
addUsersWhenLocked,
oemUnlockAllowed,
systemUser
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)""");
try {
insert.bind(1, fingerprint);
insert.bind(2, now);
Expand Down
79 changes: 61 additions & 18 deletions src/main/java/app/attestation/server/AttestationServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -608,9 +608,16 @@ private static void createAccount(final String username, final String password)
final SQLiteConnection conn = getLocalAttestationConn();
try {
final SQLiteStatement insert = conn.prepare("""
INSERT INTO Accounts
(username, passwordHash, passwordSalt, subscribeKey, creationTime, loginTime, verifyInterval, alertDelay)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)""");
INSERT INTO Accounts (
username,
passwordHash,
passwordSalt,
subscribeKey,
creationTime,
loginTime,
verifyInterval,
alertDelay
) VALUES (?, ?, ?, ?, ?, ?, ?, ?)""");
try {
insert.bind(1, username);
insert.bind(2, passwordHash);
Expand Down Expand Up @@ -949,7 +956,14 @@ private static Account verifySession(final HttpExchange exchange, final boolean

final SQLiteConnection conn = getLocalAttestationConn();
final SQLiteStatement select = conn.prepare("""
SELECT token, expiryTime, username, subscribeKey, Accounts.userId, verifyInterval, alertDelay
SELECT
token,
expiryTime,
username,
subscribeKey,
Accounts.userId,
verifyInterval,
alertDelay
FROM Sessions
INNER JOIN Accounts on Accounts.userId = Sessions.userId
WHERE sessionId = ?""");
Expand Down Expand Up @@ -1191,14 +1205,31 @@ private static void writeDevicesJson(final HttpExchange exchange, final long use
final JsonArrayBuilder devices = Json.createArrayBuilder();
final SQLiteConnection conn = getLocalAttestationConn();
final SQLiteStatement select = conn.prepare("""
SELECT fingerprint, pinnedCertificates, attestKey, hex(pinnedVerifiedBootKey),
(SELECT hex(verifiedBootHash) WHERE verifiedBootHash IS NOT NULL),
pinnedOsVersion, pinnedOsPatchLevel, pinnedVendorPatchLevel, pinnedBootPatchLevel,
pinnedAppVersion, pinnedAppVariant, pinnedSecurityLevel, userProfileSecure,
enrolledBiometrics, accessibility, deviceAdmin, adbEnabled, addUsersWhenLocked,
oemUnlockAllowed, systemUser, verifiedTimeFirst, verifiedTimeLast,
(SELECT min(id) FROM Attestations WHERE Attestations.fingerprint = Devices.fingerprint),
(SELECT max(id) FROM Attestations WHERE Attestations.fingerprint = Devices.fingerprint)
SELECT
fingerprint,
pinnedCertificates,
attestKey,
hex(pinnedVerifiedBootKey),
(SELECT hex(verifiedBootHash) WHERE verifiedBootHash IS NOT NULL),
pinnedOsVersion,
pinnedOsPatchLevel,
pinnedVendorPatchLevel,
pinnedBootPatchLevel,
pinnedAppVersion,
pinnedAppVariant,
pinnedSecurityLevel,
userProfileSecure,
enrolledBiometrics,
accessibility,
deviceAdmin,
adbEnabled,
addUsersWhenLocked,
oemUnlockAllowed,
systemUser,
verifiedTimeFirst,
verifiedTimeLast,
(SELECT min(id) FROM Attestations WHERE Attestations.fingerprint = Devices.fingerprint),
(SELECT max(id) FROM Attestations WHERE Attestations.fingerprint = Devices.fingerprint)
FROM Devices WHERE userId is ? AND deletionTime IS NULL
ORDER BY verifiedTimeFirst""");
try {
Expand Down Expand Up @@ -1319,12 +1350,24 @@ private static void writeAttestationHistoryJson(final HttpExchange exchange, fin
final byte[] fingerprint = BaseEncoding.base16().decode(deviceFingerprint);
final SQLiteConnection conn = getLocalAttestationConn();
final SQLiteStatement history = conn.prepare("""
SELECT id, time, strong, osVersion, osPatchLevel,
vendorPatchLevel, bootPatchLevel, Attestations.verifiedBootHash, appVersion,
Attestations.userProfileSecure, Attestations.enrolledBiometrics,
Attestations.accessibility, Attestations.deviceAdmin, Attestations.adbEnabled,
Attestations.addUsersWhenLocked, Attestations.oemUnlockAllowed,
Attestations.systemUser
SELECT
id,
time,
strong,
osVersion,
osPatchLevel,
vendorPatchLevel,
bootPatchLevel,
Attestations.verifiedBootHash,
appVersion,
Attestations.userProfileSecure,
Attestations.enrolledBiometrics,
Attestations.accessibility,
Attestations.deviceAdmin,
Attestations.adbEnabled,
Attestations.addUsersWhenLocked,
Attestations.oemUnlockAllowed,
Attestations.systemUser
FROM Attestations INNER JOIN Devices ON
Attestations.fingerprint = Devices.fingerprint
WHERE Devices.fingerprint = ? AND userid = ?
Expand Down

0 comments on commit 967728a

Please sign in to comment.