ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-04-14 14:36:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[] Provisioners use PACCOR for device info collection. ()

Browse Source 
The provisioners used to shell out using different tools
to collect device info. Now they both use PACCOR instead.
This commit is contained in:
apldev4 2018-11-07 14:54:48 -05:00 committed by GitHub
parent f8b9dfe582
commit 0586afb9d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 699 additions and 1128 deletions

106
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java

@ -1,29 +1,41 @@
package hirs.attestationca;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.exceptions.CertificateProcessingException;
import hirs.attestationca.exceptions.IdentityProcessingException;
import hirs.attestationca.exceptions.UnexpectedServerException;
import hirs.attestationca.service.SupplyChainValidationService;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.BIOSComponentInfo;
import hirs.data.persist.BaseboardComponentInfo;
import hirs.data.persist.ChassisComponentInfo;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardDriveComponentInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.MemoryComponentInfo;
import hirs.data.persist.NICComponentInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.OSInfo;
import hirs.data.persist.ProcessorComponentInfo;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.DBManager;
import hirs.persist.DeviceManager;
import hirs.persist.TPM2ProvisionerState;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
import hirs.structs.elements.aca.IdentityResponseEnvelope;
import hirs.structs.elements.aca.SymmetricAttestation;
import hirs.structs.elements.tpm.EncryptionScheme;
import hirs.structs.elements.tpm.IdentityProof;
import hirs.structs.elements.tpm.IdentityRequest;
import hirs.structs.elements.tpm.SymmetricKey;
import hirs.structs.elements.tpm.SymmetricKeyParams;
import hirs.utils.HexUtils;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
@ -73,28 +85,6 @@ import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.service.SupplyChainValidationService;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.DeviceManager;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;
import hirs.structs.elements.aca.IdentityResponseEnvelope;
import hirs.structs.elements.aca.SymmetricAttestation;
import hirs.structs.elements.tpm.EncryptionScheme;
import hirs.structs.elements.tpm.IdentityProof;
import hirs.structs.elements.tpm.IdentityRequest;
import hirs.structs.elements.tpm.SymmetricKey;
import hirs.structs.elements.tpm.SymmetricKeyParams;
import hirs.utils.HexUtils;
/**
* Provides base implementation of common tasks of an ACA that are required for attestation of an
* Identity Request.
@ -612,61 +602,7 @@ public abstract class AbstractAttestationCertificateAuthority
// Create final report
DeviceInfoReport dvReport = new DeviceInfoReport(nw, os, fw, hw, tpm,
claim.getClientVersion());
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getChassisInfoList()) {
dvReport.getChassisInfo().add(new ChassisComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getBaseboardInfoList()) {
dvReport.getBaseboardInfo().add(new BaseboardComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getProcessorInfoList()) {
dvReport.getProcessorInfo().add(new ProcessorComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getBiosOrUefiInfoList()) {
dvReport.getBiosInfo().add(new BIOSComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getNicInfoList()) {
dvReport.getNicInfo().add(new NICComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getHardDriveInfoList()) {
dvReport.getHardDriveInfo().add(new HardDriveComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
for (ProvisionerTpm2.ComponentInfo pbCompInfo : hwProto.getMemoryInfoList()) {
dvReport.getMemoryInfo().add(new MemoryComponentInfo(
pbCompInfo.getManufacturer(),
pbCompInfo.getModel(),
pbCompInfo.getSerialNumber(),
pbCompInfo.getRevision()));
}
dvReport.setPaccorOutputString(claim.getPaccorOutput());
return dvReport;
}

376
HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java Normal file

@ -0,0 +1,376 @@
package hirs.client.collector;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.testng.PowerMockTestCase;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.powermock.api.mockito.PowerMockito.when;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.util.Enumeration;
import hirs.DeviceInfoReportRequest;
import hirs.collector.CollectorException;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.OSName;
/**
* Unit tests for <code>DeviceInfoCollector</code>.
*/
@PrepareForTest(DeviceInfoCollector.class)
public class DeviceInfoCollectorTest extends PowerMockTestCase {
private DeviceInfoCollector collector;
/**
* Prepares a test environment for each individual test.
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@BeforeMethod
public void beforeMethod() throws CollectorException {
collector = spy(new DeviceInfoCollector());
PowerMockito.mockStatic(DeviceInfoCollector.class);
// mock out serial number collection as it requires root
when(DeviceInfoCollector.collectDmiDecodeValue(
any(OSName.class), anyString())).thenReturn("some string");
doReturn("Linux").when(collector).getSystemProperty(eq("os.name"));
}
/**
* Tests that a DeviceInfoCollector will generate a DeviceInfoReport.
*
* @throws Exception if an error occurs creating mocked output
*/
@Test
public final void testCollect() throws Exception {
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
final DeviceInfoReport report =
(DeviceInfoReport) collector.collect(request);
final int numberOfDmiDecodeCalls = 9;
// the following two lines assert that collectDmiDecodeValue was called 9 times
PowerMockito.verifyStatic(times(numberOfDmiDecodeCalls));
DeviceInfoCollector.collectDmiDecodeValue(any(OSName.class), anyString());
Assert.assertNotNull(report.getNetworkInfo());
Assert.assertNotNull(report.getOSInfo());
// Test the IP address in the report against the system that created it
Enumeration<NetworkInterface> interfaces =
NetworkInterface.getNetworkInterfaces();
boolean equivalenceFound = false;
while (interfaces.hasMoreElements()) {
NetworkInterface netInt = interfaces.nextElement();
Enumeration<InetAddress> addresses = netInt.getInetAddresses();
while (addresses.hasMoreElements()) {
InetAddress address = addresses.nextElement();
if (address.getHostAddress().equals(
report.getNetworkInfo().getIpAddress().
getHostAddress())) {
equivalenceFound = true;
}
}
}
Assert.assertTrue(equivalenceFound);
}
/**
* Tests that hardware and firmware info is set correctly.
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectProperInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn("Manufacturer");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn("Product name");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn("Serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn("Chassis serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn("Baseboard serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn("Version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn("Bios vendor");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn("Bios version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn("Bios release date");
doReturn("Linux").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getHardwareInfo().getManufacturer(),
"Manufacturer");
Assert.assertEquals(report.getHardwareInfo().getProductName(),
"Product name");
Assert.assertEquals(report.getHardwareInfo().getSystemSerialNumber(),
"Serial number");
Assert.assertEquals(report.getHardwareInfo().getChassisSerialNumber(),
"Chassis serial number");
Assert.assertEquals(report.getHardwareInfo().getBaseboardSerialNumber(),
"Baseboard serial number");
Assert.assertEquals(report.getHardwareInfo().getVersion(),
"Version");
Assert.assertEquals(report.getFirmwareInfo().getBiosVendor(),
"Bios vendor");
Assert.assertEquals(report.getFirmwareInfo().getBiosVersion(),
"Bios version");
Assert.assertEquals(report.getFirmwareInfo().getBiosReleaseDate(),
"Bios release date");
}
/**
* Tests that null hardware info is set to "Not specified".
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectNullHardwareInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn("Bios vendor");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn("Bios version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn("Bios release date");
doReturn("Linux").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getHardwareInfo().getManufacturer(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getProductName(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getSystemSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getChassisSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getBaseboardSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getVersion(),
DeviceInfoCollector.NOT_SPECIFIED);
}
/**
* Tests that empty hardware info is set to "Not specified".
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectEmptyHardwareInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn("Bios vendor");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn("Bios version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn("Bios release date");
doReturn("Linux").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getHardwareInfo().getManufacturer(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getProductName(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getSystemSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getChassisSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getBaseboardSerialNumber(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getHardwareInfo().getVersion(),
DeviceInfoCollector.NOT_SPECIFIED);
}
/**
* Tests that null firmware info is set to "Not specified".
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectNullFirmwareInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn("Manufacturer");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn("Product name");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn("Serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn("Chassis serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn("Baseboard serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn("Version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn(null);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn(null);
doReturn("Linux").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getFirmwareInfo().getBiosVendor(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getFirmwareInfo().getBiosVersion(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getFirmwareInfo().getBiosReleaseDate(),
DeviceInfoCollector.NOT_SPECIFIED);
}
/**
* Tests that empty firmware info is set to "Not specified".
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectEmptyFirmwareInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn("Manufacturer");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn("Product name");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn("Serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn("Chassis serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn("Baseboard serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn("Version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn("");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn("");
doReturn("Linux").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getFirmwareInfo().getBiosVendor(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getFirmwareInfo().getBiosVersion(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getFirmwareInfo().getBiosReleaseDate(),
DeviceInfoCollector.NOT_SPECIFIED);
}
/**
* Tests that null OS info is set to "Not specified".
*
* @throws CollectorException should not be thrown here as all collection is mocked
*/
@Test
public final void testCollectNullOSInfo() throws CollectorException {
DeviceInfoCollector mockedCollector = spy(DeviceInfoCollector.class);
PowerMockito.mockStatic(DeviceInfoCollector.class);
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer")).thenReturn("Manufacturer");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-product-name")).thenReturn("Product name");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-serial-number")).thenReturn("Serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number")).thenReturn("Chassis serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number")).thenReturn("Baseboard serial number");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "system-version")).thenReturn("Version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-vendor")).thenReturn("Bios vendor");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-version")).thenReturn("Bios version");
when(DeviceInfoCollector.collectDmiDecodeValue(
OSName.LINUX, "bios-release-date")).thenReturn("Bios release date");
doReturn("Unknown").when(mockedCollector).getSystemProperty("os.name");
final DeviceInfoReportRequest request = new DeviceInfoReportRequest();
DeviceInfoReport report = (DeviceInfoReport) mockedCollector.doCollect(request);
Assert.assertEquals(report.getOSInfo().getDistribution(),
DeviceInfoCollector.NOT_SPECIFIED);
Assert.assertEquals(report.getOSInfo().getDistributionRelease(),
DeviceInfoCollector.NOT_SPECIFIED);
}
/**
* Tests that isReportRequestSupported() will return DeviceInfoReportRequest.
*/
@Test
public final void testReportRequestSupported() {
Assert.assertEquals(collector.reportRequestTypeSupported(), DeviceInfoReportRequest.class);
}
}

20
HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java

@ -1,6 +1,6 @@
package hirs.provisioner.client;
import hirs.client.collector.DeviceInfoCollectorHelper;
import hirs.client.collector.DeviceInfoCollector;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardwareInfo;
@ -56,7 +56,7 @@ import static org.testng.Assert.assertTrue;
/**
* Test suite for the {@link RestfulClientProvisioner}.
*/
@PrepareForTest(DeviceInfoCollectorHelper.class)
@PrepareForTest(DeviceInfoCollector.class)
public class RestfulClientProvisionerTest extends PowerMockTestCase {
/**
@ -158,11 +158,11 @@ public class RestfulClientProvisionerTest extends PowerMockTestCase {
* Tests {@link RestfulClientProvisioner#createIdentityRequest(AsymmetricPublicKey,
* String, DeviceInfoReport)}.
* @throws Exception if there is a problem encountered when mocking
* DeviceInfoCollectorHelper
* DeviceInfoCollector
*/
@Test
public void createIdentityCredential() throws Exception {
PowerMockito.spy(DeviceInfoCollectorHelper.class);
PowerMockito.spy(DeviceInfoCollector.class);
final InetAddress ipAddress = getTestIpAddress();
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
@ -188,10 +188,10 @@ public class RestfulClientProvisionerTest extends PowerMockTestCase {
when(mockTpm.getEndorsementCredential()).thenReturn(ek);
PowerMockito.doReturn("AB12345").when(DeviceInfoCollectorHelper.class,
PowerMockito.doReturn("AB12345").when(DeviceInfoCollector.class,
"collectDmiDecodeValue", OSName.LINUX, "system-serial-number");
PowerMockito.doReturn("AB12346").when(DeviceInfoCollectorHelper.class,
PowerMockito.doReturn("AB12346").when(DeviceInfoCollector.class,
"collectDmiDecodeValue", OSName.LINUX, "chassis-serial-number");
// perform test
@ -228,11 +228,11 @@ public class RestfulClientProvisionerTest extends PowerMockTestCase {
* Tests {@link RestfulClientProvisioner#createIdentityRequest(AsymmetricPublicKey,
* String, DeviceInfoReport)}.
* @throws Exception if there is a problem encountered when mocking
* DeviceInfoCollectorHelper
* DeviceInfoCollector
*/
@Test
public void createIdentityCredentialEkNotFound() throws Exception {
PowerMockito.spy(DeviceInfoCollectorHelper.class);
PowerMockito.spy(DeviceInfoCollector.class);
final InetAddress ipAddress = getTestIpAddress();
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
@ -258,10 +258,10 @@ public class RestfulClientProvisionerTest extends PowerMockTestCase {
new CommandResult("EK not found", -1)));
PowerMockito.doReturn("AB12345").when(DeviceInfoCollectorHelper.class,
PowerMockito.doReturn("AB12345").when(DeviceInfoCollector.class,
"collectDmiDecodeValue", OSName.LINUX, "system-serial-number");
PowerMockito.doReturn("AB12346").when(DeviceInfoCollectorHelper.class,
PowerMockito.doReturn("AB12346").when(DeviceInfoCollector.class,
"collectDmiDecodeValue", OSName.LINUX, "chassis-serial-number");
// perform test

4
HIRS_ProvisionerTPM2/CMakeLists.txt

@ -257,7 +257,7 @@ if (${DISTRIBUTION} STREQUAL "Ubuntu")
set(CPACK_GENERATOR "DEB")
set(CPACK_DEBIAN_PACKAGE_NAME "HIRSProvisionerTPM2.0")
set(CPACK_DEBIAN_PACKAGE_SECTION "admin")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libcurlpp0(>=0.7), lshw")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "liblog4cplus-1.1-9(>=1.1.2), libcurlpp0(>=0.7), paccor")
# Set variables specific to Ubuntu release version
if (${DISTRIBUTION_VERSION} STREQUAL "16.04")
set(CPACK_DEBIAN_PACKAGE_DEPENDS "${CPACK_DEBIAN_PACKAGE_DEPENDS}, libre2-1v5(>=20160201), libprotobuf9v5(>=2.4.1)")
@ -279,7 +279,7 @@ elseif (${DISTRIBUTION} STREQUAL "CentOS Linux")
set(CPACK_RPM_PACKAGE_RELEASE_DIST "el7")
set(CPACK_RPM_PACKAGE_LICENSE "Apache License, Version 2.0")
set(CPACK_RPM_PACKAGE_GROUP "System Environment/Base")
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, libcurl >= 7.0.0, lshw")
set(CPACK_RPM_PACKAGE_REQUIRES "log4cplus >= 1.1.2, tpm2-tss >= 1.0, tpm2-tools >= 1.1.0, protobuf >= 2.4.1, re2 >= 20160401, libcurl >= 7.0.0, paccor")
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/package/rpm-post-install.sh)
set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/local /usr/local/bin /usr/local/include /usr/local/lib)
set(CPACK_PACKAGE_FILE_NAME "${CPACK_RPM_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CPACK_RPM_PACKAGE_RELEASE_DIST}.${CMAKE_SYSTEM_PROCESSOR}")

2
HIRS_ProvisionerTPM2/docs/dependencies-centos.md

@ -13,5 +13,5 @@ Please look up their respective names in the CentOS repositories.
| protobuf | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
| re2 | 20160401 | 20160201 | CentOS 7 epel-release | https://github.com/google/re2 |
| tpm2-tss | 1.2.0 | 1.0.0 | CentOS 7 base | https://github.com/intel/tpm2-tss |
| lshw | B.02.18-12 | B.02.18-12 | CentOS 7 base | https://github.com/lyonel/lshw |
| tpm2-tools | 1.1.0 | 1.1.0 | CentOS 7 base | https://github.com/tpm2-software/tpm2-tools |
| paccor | 1.0.6 | none | | https://github.com/nsacyber/paccor |

22
HIRS_ProvisionerTPM2/include/DeviceInfoCollector.h

@ -21,28 +21,6 @@ class DeviceInfoCollector {
static const hirs::log::Logger LOGGER;
static void addBaseboardInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addBiosInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addChassisInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addHardDriveInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addMemoryInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addNicInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static void addProcessorInfoIfAvailable(hirs::pb::HardwareInfo* hwInfo);
static int getLshwDeviceCount(std::string className,
std::string deviceType = "");
static std::string getLshwDeviceField(int deviceNumber,
std::string fieldName,
std::string className,
std::string deviceType);
static std::vector<std::pair<std::string, std::string>> getNetworks();
static hirs::pb::FirmwareInfo collectFirmwareInfo();

428
HIRS_ProvisionerTPM2/src/DeviceInfoCollector.cpp

@ -16,7 +16,6 @@
#include <string>
#include <utility>
#include <vector>
#include <Process.h>
#include <HirsRuntimeException.h>
# define NOT_SPECIFIED "Not Specified"
@ -79,88 +78,6 @@ hirs::pb::HardwareInfo DeviceInfoCollector::collectHardwareInfo() {
LOGGER.info("Product Version: " + hw.productversion());
LOGGER.info("System Serial Number: " + hw.systemserialnumber());
addChassisInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> chassisInfo
= hw.chassisinfo();
for (int i = 0; i < chassisInfo.size(); i++) {
LOGGER.info("Chassis Manufacturer: "
+ chassisInfo.Get(i).manufacturer());
LOGGER.info("Chassis Model: " + chassisInfo.Get(i).model());
LOGGER.info(
"Chassis Serial Number: " + chassisInfo.Get(i).serialnumber());
LOGGER.info("Chassis Version: " + chassisInfo.Get(i).revision());
}
addBaseboardInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> baseboardInfo
= hw.baseboardinfo();
for (int i = 0; i < baseboardInfo.size(); i++) {
LOGGER.info(
"Baseboard Manufacturer: " + baseboardInfo.Get(i).manufacturer
());
LOGGER.info("Baseboard Model: " + baseboardInfo.Get(i).model());
LOGGER.info("Baseboard Serial Number: " +
baseboardInfo.Get(i).serialnumber());
LOGGER.info("Baseboard Version: " + baseboardInfo.Get(i).revision());
}
addProcessorInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> processorInfo
= hw.processorinfo();
for (int i = 0; i < processorInfo.size(); i++) {
LOGGER.info("Processor Manufacturer: "
+ processorInfo.Get(i).manufacturer());
LOGGER.info("Processor Model: " + processorInfo.Get(i).model());
LOGGER.info("Processor Serial Number: " +
processorInfo.Get(i).serialnumber());
LOGGER.info("Processor Version: " + processorInfo.Get(i).revision());
}
addBiosInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> biosInfo
= hw.biosoruefiinfo();
for (int i = 0; i < biosInfo.size(); i++) {
LOGGER.info("BIOS Manufacturer: " + biosInfo.Get(i).manufacturer());
LOGGER.info("BIOS Model: " + biosInfo.Get(i).model());
LOGGER.info("BIOS Version: " + biosInfo.Get(i).revision());
}
addNicInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> nicInfo
= hw.nicinfo();
for (int i = 0; i < nicInfo.size(); i++) {
LOGGER.info("NIC Manufacturer: " + nicInfo.Get(i).manufacturer());
LOGGER.info("NIC Model: " + nicInfo.Get(i).model());
LOGGER.info("NIC Serial Number: " + nicInfo.Get(i).serialnumber());
LOGGER.info("NIC Version: " + nicInfo.Get(i).revision());
}
addHardDriveInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> hdInfo
= hw.harddriveinfo();
for (int i = 0; i < hdInfo.size(); i++) {
LOGGER.info("Hard Drive " + std::to_string(i) + " Manufacturer: "
+ hdInfo.Get(i).manufacturer());
LOGGER.info("Hard Drive " + std::to_string(i) + " Model: "
+ hdInfo.Get(i).model());
LOGGER.info("Hard Drive " + std::to_string(i) + " Serial Number: "
+ hdInfo.Get(i).serialnumber());
LOGGER.info("Hard Drive " + std::to_string(i) + " Version: "
+ hdInfo.Get(i).revision());
}
addMemoryInfoIfAvailable(&hw);
google::protobuf::RepeatedPtrField<hirs::pb::ComponentInfo> memInfo
= hw.memoryinfo();
for (int i = 0; i < memInfo.size(); i++) {
LOGGER.info("Memory Unit " + std::to_string(i) + " Manufacturer: "
+ memInfo.Get(i).manufacturer());
LOGGER.info("Memory Unit " + std::to_string(i) + " Model: "
+ memInfo.Get(i).model());
LOGGER.info("Memory Unit " + std::to_string(i) + " Serial Number: "
+ memInfo.Get(i).serialnumber());
}
return hw;
}
@ -327,348 +244,3 @@ hirs::pb::OsInfo DeviceInfoCollector::collectOsInfo() {
return info;
}
void DeviceInfoCollector::addChassisInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numChassis = atoi(RUN_PROCESS_OR_THROW("dmidecode", "-t 3 "
"| grep 'Manufacturer:' | wc -l").c_str());
for (int chassisNumber = 1; chassisNumber <= numChassis; chassisNumber++) {
// Manufacturer and Model are required if Chassis is to
// be included at all.
try {
hirs::pb::ComponentInfo chassisInfo;
chassisInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("dmidecode", "-t 3 | "
"grep 'Manufacturer:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(chassisNumber) + "p"));
chassisInfo.set_model(
RUN_PROCESS_OR_THROW("dmidecode", "-t 3 | "
"grep 'Type:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(chassisNumber) + "p"));
// Serial number is optional
try {
chassisInfo.set_serialnumber(
RUN_PROCESS_OR_THROW("dmidecode", "-t 3 | "
"grep 'Serial Number:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(chassisNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
// Chassis version is optional
try {
chassisInfo.set_revision(
RUN_PROCESS_OR_THROW("dmidecode", "-t 3 | "
"grep 'Version:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(chassisNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_chassisinfo();
hwInfo->mutable_chassisinfo(chassisNumber - 1)
->CopyFrom(chassisInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
void DeviceInfoCollector::addBaseboardInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numBaseboards = atoi(RUN_PROCESS_OR_THROW("dmidecode", "-t 2 "
"| grep 'Manufacturer:' | wc -l").c_str());
for (int baseboardNumber = 1; baseboardNumber <= numBaseboards;
baseboardNumber++) {
hirs::pb::ComponentInfo baseboardInfo;
// Manufacturer and Model required if Baseboard is to be
// included at all.
try {
baseboardInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("dmidecode", "-t 2 | "
"grep 'Manufacturer:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(baseboardNumber) + "p"));
baseboardInfo.set_model(
RUN_PROCESS_OR_THROW("dmidecode", "-t 2 | "
"grep 'Product Name:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(baseboardNumber) + "p"));
// Serial number is optional
try {
baseboardInfo.set_serialnumber(
RUN_PROCESS_OR_THROW("dmidecode", "-t 2 | "
"grep 'Serial Number:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(baseboardNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
// Baseboard version is optional
try {
baseboardInfo.set_revision(
RUN_PROCESS_OR_THROW("dmidecode", "-t 2 | "
"grep 'Version:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(baseboardNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_baseboardinfo();
hwInfo->mutable_baseboardinfo(baseboardNumber - 1)
->CopyFrom(baseboardInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
void DeviceInfoCollector::addProcessorInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numProcessors = atoi(RUN_PROCESS_OR_THROW("dmidecode", "-t 4 "
"| grep 'Manufacturer:' | wc -l").c_str());
for (int processorNumber = 1; processorNumber <= numProcessors;
processorNumber++) {
hirs::pb::ComponentInfo processorInfo;
// Manufacturer and Model required if Processor is to be
// included at all.
try {
processorInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("dmidecode", "-t 4 | "
"grep 'Manufacturer:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(processorNumber) + "p"));
processorInfo.set_model(
RUN_PROCESS_OR_THROW("dmidecode", "-t 4 | "
"grep 'Family:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(processorNumber) + "p"));
// Serial number is optional
try {
processorInfo.set_serialnumber(
RUN_PROCESS_OR_THROW("dmidecode", "-t 4 | "
"grep 'Serial Number:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(processorNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
// Processor version is optional
try {
processorInfo.set_revision(
RUN_PROCESS_OR_THROW("dmidecode", "-t 4 | "
"grep 'Version:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(processorNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_processorinfo();
hwInfo->mutable_processorinfo(processorNumber - 1)
->CopyFrom(processorInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
void DeviceInfoCollector::addBiosInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numBios = atoi(RUN_PROCESS_OR_THROW("dmidecode", "-t bios "
"| grep Vendor | wc -l").c_str());
for (int biosNumber = 1; biosNumber <= numBios; biosNumber++) {
hirs::pb::ComponentInfo biosOrUefiInfo;
// Manufacturer and Model are required if BIOS is to be included at all.
try {
biosOrUefiInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("dmidecode",
"-t bios| grep 'Vendor:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(biosNumber) + "p"));
// TODO(apl.dev4): don't know how to know BIOS vs. UEFI
biosOrUefiInfo.set_model("BIOS");
// BIOS version is optional
try {
biosOrUefiInfo.set_revision(
RUN_PROCESS_OR_THROW("dmidecode", "-t bios"
"| grep 'Version:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(biosNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_biosoruefiinfo();
hwInfo->mutable_biosoruefiinfo(biosNumber - 1)
->CopyFrom(biosOrUefiInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
void DeviceInfoCollector::addNicInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numNICs = atoi(RUN_PROCESS_OR_THROW("lshw", "-class network "
"| grep vendor | wc -l").c_str());
for (int nicNumber = 1; nicNumber <= numNICs; nicNumber++) {
hirs::pb::ComponentInfo nicInfo;
// Manufacturer and Model are required if NIC info is to be
// included at all.
try {
nicInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("lshw", "-class network "
"| grep vendor | sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(nicNumber) + "p"));
nicInfo.set_model(
RUN_PROCESS_OR_THROW("lshw", "-class network "
"| grep product | sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(nicNumber) + "p"));
// Serial number is optional
try {
nicInfo.set_serialnumber(
RUN_PROCESS_OR_THROW("lshw", "-class network "
"| grep 'serial:' | sed -e 's/[^:]*: //' -n -e "
+ std::to_string(nicNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
// NIC version is optional
try {
nicInfo.set_revision(
RUN_PROCESS_OR_THROW("lshw", "-class network "
"| grep version: | sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(nicNumber) + "p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_nicinfo();
hwInfo->mutable_nicinfo(nicNumber - 1)->CopyFrom(nicInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
int DeviceInfoCollector::getLshwDeviceCount(string className,
string deviceType) {
stringstream argStream;
argStream << "-class " << className
<< " | awk"
<< " -vdev_type=" << deviceType
<< " \'match($0, \"^ \\\\*-\" dev_type) {++count}"
<< " END {print count}\'";
return atoi(RUN_PROCESS_OR_THROW("lshw", argStream.str()).c_str());
}
string DeviceInfoCollector::getLshwDeviceField(int deviceNumber,
string fieldName,
string className,
string deviceType) {
stringstream argStream;
argStream << "-class " << className
<< " | awk"
<< " -vdev_type=" << deviceType
<< " -vdevice_idx=" << deviceNumber
<< " -vfield=" << fieldName
<< " \'"
<< " match($0, \"^[ ]+\\\\*-\"){show=0}"
<< " match($0, \"^ \\\\*-\" dev_type){++dev;show=1}"
<< " field \":\" == $1"
<< " && show==1 && device_idx==dev{$1=\"\";print }\'";
string value = RUN_PROCESS_OR_THROW("lshw", argStream.str());
if (value.empty()) {
return NOT_SPECIFIED;
}
return value;
}
void DeviceInfoCollector::addHardDriveInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numHardDrives = getLshwDeviceCount("disk", "disk");
for (int hdNumber = 1; hdNumber <= numHardDrives; hdNumber++) {
try {
hirs::pb::ComponentInfo hardDriveInfo;
hardDriveInfo.set_manufacturer(
getLshwDeviceField(hdNumber, "vendor", "disk", "disk"));
hardDriveInfo.set_model(
getLshwDeviceField(hdNumber, "product", "disk", "disk"));
hardDriveInfo.set_serialnumber(
getLshwDeviceField(hdNumber, "serial", "disk", "disk"));
hardDriveInfo.set_revision(
getLshwDeviceField(hdNumber, "version", "disk", "disk"));
hwInfo->add_harddriveinfo();
hwInfo->mutable_harddriveinfo(hdNumber - 1)->CopyFrom(
hardDriveInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}
void DeviceInfoCollector::addMemoryInfoIfAvailable(
hirs::pb::HardwareInfo* hwInfo) {
int numDimms = atoi(RUN_PROCESS_OR_THROW("dmidecode", "-t 17 "
"| grep Manufacturer | wc -l").c_str());
for (int dimmNumber = 1; dimmNumber <= numDimms; dimmNumber++) {
try {
hirs::pb::ComponentInfo memoryInfo;
memoryInfo.set_manufacturer(
RUN_PROCESS_OR_THROW("dmidecode",
"-t 17 | grep 'Manufacturer:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(dimmNumber) + "p"));
memoryInfo.set_model(
RUN_PROCESS_OR_THROW("dmidecode",
"-t 17 | grep 'Part Number:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(dimmNumber) + "p"));
try {
memoryInfo.set_serialnumber(
RUN_PROCESS_OR_THROW("dmidecode",
"-t 17 | grep 'Serial Number:' "
"| sed -e 's/[^:]*:[ ]*//' -n -e "
+ std::to_string(dimmNumber) +
"p"));
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
hwInfo->add_memoryinfo();
hwInfo->mutable_memoryinfo(dimmNumber - 1)->CopyFrom(memoryInfo);
} catch (const HirsRuntimeException& e) {
LOGGER.warn(e.what());
}
}
}

2
HIRS_ProvisionerTPM2/src/ProvisionerTpm2.proto

@ -58,6 +58,8 @@ message IdentityClaim {
optional bytes endorsement_credential = 4;
repeated bytes platform_credential = 5;
optional string client_version = 6;
optional string paccorOutput = 7;
}
message IdentityClaimResponse {

4
HIRS_ProvisionerTPM2/src/TPM2_Provisioner.cpp

@ -12,6 +12,7 @@
#include <sstream>
#include <string>
#include <vector>
#include <Process.h>
#include "log4cplus/configurator.h"
@ -70,6 +71,9 @@ int provision() {
endorsementCredential,
platformCredentials);
identityClaim.set_client_version(CLIENT_VERSION);
string paccorOutputString =
RUN_PROCESS_OR_THROW("/opt/paccor/scripts/allcomponents.sh", "");
identityClaim.set_paccoroutput(paccorOutputString);
RestfulClientProvisioner provisioner;
string nonceBlob = provisioner.sendIdentityClaim(identityClaim);
if (nonceBlob == "") {

86
HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java

@ -11,6 +11,8 @@ import hirs.data.persist.OSInfo;
import hirs.data.persist.OSName;
import hirs.data.persist.Report;
import hirs.data.persist.TPMInfo;
import hirs.utils.exec.ExecBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -66,6 +68,9 @@ public class DeviceInfoCollector extends AbstractCollector {
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoCollector.class);
private static final String OPT_PACCOR_SCRIPTS_ALLCOMPONENTS_SH
= "/opt/paccor/scripts/allcomponents.sh";
private X509Certificate clientCredential;
private final String credentialFilePath;
@ -100,6 +105,66 @@ public class DeviceInfoCollector extends AbstractCollector {
LOGGER.warn("default constructor called! Should only be done in test");
}
private static String callPaccor() throws CollectorException {
String[] command = {OPT_PACCOR_SCRIPTS_ALLCOMPONENTS_SH};
ProcessBuilder processBuilder = new ProcessBuilder(command);
String errorAsString;
try {
// issue the command
Process process = processBuilder.start();
// block and wait for the process to be complete
int returnCode = process.waitFor();
try (InputStream processInputStream = process.getInputStream();
InputStream processErrorStream = process.getErrorStream()) {
if (returnCode == 0) {
return IOUtils.toString(processInputStream);
}
errorAsString = IOUtils.toString(processErrorStream);
}
} catch (IOException | InterruptedException e) {
errorAsString = e.getMessage();
LOGGER.error(e.toString());
}
String errorMessage = "Failed to collect component info: " + errorAsString;
LOGGER.error(errorMessage);
throw new CollectorException(errorMessage);
}
/**
* Retrieves dmidecode for the device. Only supports Linux.
*
* @param osName name of OS (Linux, Windows, etc.)
* @param command dmidecode string keyword command
* @return String of the result
* @throws CollectorException if there is a problem encountered while performing collection
*/
public static String collectDmiDecodeValue(final OSName osName, final String command)
throws CollectorException {
ExecBuilder execBuilder = null;
try {
switch (osName) {
case LINUX:
execBuilder = new ExecBuilder("dmidecode").args("-s", command);
break;
default:
throw new CollectorException(String.format(
"Unsupported operating system detected: %s.", osName));
}
return execBuilder.exec().getStdOutResult().trim();
} catch (IOException e) {
String msg = String.format("Could not call dmidecode using command: %s", execBuilder);
throw new CollectorException(msg, e);
}
}
/**
* Takes a DeviceInfoReportRequest and returns a DeviceInfoReport. The
* DeviceInfo report contains the following: <ul> <li>OSInfo</li> <ul>
@ -140,7 +205,8 @@ public class DeviceInfoCollector extends AbstractCollector {
tpmInfo
);
DeviceInfoCollectorHelper.collectAndStoreComponentInfo(report);
report.setPaccorOutputString(callPaccor());
return report;
}
@ -366,19 +432,19 @@ public class DeviceInfoCollector extends AbstractCollector {
switch (osName) {
case LINUX:
biosVendor = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "bios-vendor"
),
NOT_SPECIFIED
);
biosVersion = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "bios-version"
),
NOT_SPECIFIED
);
biosReleaseDate = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "bios-release-date"
),
NOT_SPECIFIED
@ -402,42 +468,42 @@ public class DeviceInfoCollector extends AbstractCollector {
switch (osName) {
case LINUX:
manufacturer = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "system-manufacturer"
),
NOT_SPECIFIED
);
productName = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "system-product-name"
),
NOT_SPECIFIED
);
version = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "system-version"
),
NOT_SPECIFIED
);
serialNumber = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "system-serial-number"
),
NOT_SPECIFIED
);
chassisSerialNumber = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "chassis-serial-number"
),
NOT_SPECIFIED
);
baseboardSerialNumber = StringUtils.defaultIfEmpty(
DeviceInfoCollectorHelper.collectDmiDecodeValue(
collectDmiDecodeValue(
OSName.LINUX, "baseboard-serial-number"
),
NOT_SPECIFIED

344
HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollectorHelper.java

@ -1,344 +0,0 @@
package hirs.client.collector;
import hirs.collector.CollectorException;
import hirs.data.persist.BIOSComponentInfo;
import hirs.data.persist.BaseboardComponentInfo;
import hirs.data.persist.ChassisComponentInfo;
import hirs.data.persist.ComponentInfo;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.HardDriveComponentInfo;
import hirs.data.persist.MemoryComponentInfo;
import hirs.data.persist.NICComponentInfo;
import hirs.data.persist.OSName;
import hirs.data.persist.ProcessorComponentInfo;
import hirs.utils.exec.AsynchronousExecResult;
import hirs.utils.exec.ExecBuilder;
import hirs.utils.exec.ExecPipe;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/**
* This is a utility class which supports collecting additional
* information for the DeviceInfoCollector.
*/
@SuppressWarnings("checkstyle:linelength")
public final class DeviceInfoCollectorHelper {
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoCollectorHelper.class);
// commands
private static final String DMIDECODE = "dmidecode";
private static final String LSHW = "lshw";
private static final String GREP = "grep";
private static final String SED = "sed";
private static final String WC = "wc";
private static final String AWK = "awk";
// DMI component enumerations
private static final int DMI_BIOS = 0;
private static final int DMI_BASEBOARD = 2;
private static final int DMI_CHASSIS = 3;
private static final int DMI_PROCESSOR = 4;
private static final int DMI_MEMORY = 17;
// lshw hardware categories
private static final String LSHW_NETWORK = "network";
private static final String LSHW_DISK = "disk";
private static final String AWK_COUNT_COMPONENTS =
"BEGIN { num=0 } { if ($0 ~ /^ \\*-.+/) { num++ } } END { print num }";
private static final String AWK_GET_LSHW_HEADER =
"BEGIN { device_idx=0 } { if ($0 ~ /^ \\*-.+/) { device_idx++ } if (device_idx == dev && $0 ~ /^ \\*-.+/) { print } }";
private static final String AWK_GET_LSHW_FIELD =
"BEGIN { device_idx=0 } { if ($0 ~ /^ \\*-.+/) { device_idx++ } if (device_idx == dev && $0 ~ field) { print } }";
/**
* Default constructor to prevent construction.
*/
private DeviceInfoCollectorHelper() {
}
/**
* Collect all possible ComponentInfo information from the
* local machine and store it in the given DeviceInfoReport.
*
* @param report the DeviceInfoReport that will hold the ComponentInfo
* @throws CollectorException if an error is encountered during collection
*/
public static void collectAndStoreComponentInfo(final DeviceInfoReport report)
throws CollectorException {
try {
report.setChassisInfo(getChassisInfo());
report.setBaseboardInfo(getBaseboardInfo());
report.setProcessorInfo(getProcessorInfo());
report.setBiosInfo(getBiosInfo());
report.setNicInfo(getNicInfo());
report.setHardDriveInfo(getHardDriveInfo());
report.setMemoryInfo(getMemoryInfo());
} catch (IOException e) {
throw new CollectorException("Failed to collect component info", e);
}
}
private static List<ChassisComponentInfo> getChassisInfo() throws IOException {
LOGGER.debug("Collecting ChassisComponentInfo...");
List<ChassisComponentInfo> components = new ArrayList<>();
int compCount = getDmiCompCount(DMI_CHASSIS, "Manufacturer");
for (int i = 1; i <= compCount; i++) {
String manufacturer = getDmiCompAttr(DMI_CHASSIS, "Manufacturer", getSedDmiLshwVal(i));
String model = getDmiCompAttr(DMI_CHASSIS, "Type", getSedDmiLshwVal(i));
String serial = getDmiCompAttr(DMI_CHASSIS, "Serial Number", getSedDmiLshwVal(i));
String revision = getDmiCompAttr(DMI_CHASSIS, "Version", getSedDmiLshwVal(i));
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
ChassisComponentInfo component =
new ChassisComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<BaseboardComponentInfo> getBaseboardInfo() throws IOException {
LOGGER.debug("Collecting BaseboardComponentInfo...");
List<BaseboardComponentInfo> components = new ArrayList<>();
int compCount = getDmiCompCount(DMI_BASEBOARD, "Manufacturer");
for (int i = 1; i <= compCount; i++) {
String manufacturer =
getDmiCompAttr(DMI_BASEBOARD, "Manufacturer", getSedDmiLshwVal(i));
String model = getDmiCompAttr(DMI_BASEBOARD, "Product Name", getSedDmiLshwVal(i));
String serial = getDmiCompAttr(DMI_BASEBOARD, "Serial Number", getSedDmiLshwVal(i));
String revision = getDmiCompAttr(DMI_BASEBOARD, "Version", getSedDmiLshwVal(i));
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
BaseboardComponentInfo component =
new BaseboardComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<ProcessorComponentInfo> getProcessorInfo() throws IOException {
LOGGER.debug("Collecting ProcessorComponentInfo...");
List<ProcessorComponentInfo> components = new ArrayList<>();
int compCount = getDmiCompCount(DMI_PROCESSOR, "Manufacturer");
for (int i = 1; i <= compCount; i++) {
String manufacturer =
getDmiCompAttr(DMI_PROCESSOR, "Manufacturer", getSedDmiLshwVal(i));
String model = getDmiCompAttr(DMI_PROCESSOR, "Family", getSedDmiLshwVal(i));
String serial = getDmiCompAttr(DMI_PROCESSOR, "Serial Number", getSedDmiLshwVal(i));
String revision = getDmiCompAttr(DMI_PROCESSOR, "Version", getSedDmiLshwVal(i));
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
ProcessorComponentInfo component =
new ProcessorComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<BIOSComponentInfo> getBiosInfo() throws IOException {
LOGGER.debug("Collecting BIOSComponentInfo...");
List<BIOSComponentInfo> components = new ArrayList<>();
int compCount = getDmiCompCount(DMI_BIOS, "Vendor");
for (int i = 1; i <= compCount; i++) {
String manufacturer = getDmiCompAttr(DMI_BIOS, "Vendor", getSedDmiLshwVal(i));
String model = "BIOS";
String revision = getDmiCompAttr(DMI_BIOS, "Version", getSedDmiLshwVal(i));
if (ComponentInfo.isComplete(manufacturer, model, null, revision)) {
BIOSComponentInfo component = new BIOSComponentInfo(manufacturer, model, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<NICComponentInfo> getNicInfo() throws IOException {
LOGGER.debug("Collecting NICComponentInfo...");
List<NICComponentInfo> components = new ArrayList<>();
int compCount = getLshwCompCount(LSHW_NETWORK);
for (int i = 1; i <= compCount; i++) {
String manufacturer = getLshwCompAttr(LSHW_NETWORK, i, "vendor");
String model = getLshwCompAttr(LSHW_NETWORK, i, "product");
String serial =
getLshwCompAttr(LSHW_NETWORK, i, "serial");
String revision = getLshwCompAttr(LSHW_NETWORK, i, "version");
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
NICComponentInfo component =
new NICComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<HardDriveComponentInfo> getHardDriveInfo() throws IOException {
LOGGER.debug("Collecting HardDriveComponentInfo...");
List<HardDriveComponentInfo> components = new ArrayList<>();
int compCount = getLshwCompCount(LSHW_DISK);
for (int i = 1; i <= compCount; i++) {
// known values: disk, cdrom
String diskDeviceType = getLshwHeader(LSHW_DISK, i);
if (!diskDeviceType.startsWith("*-disk")) {
LOGGER.debug(String.format("%s did not match *-disk prefix; skipping.", diskDeviceType));
continue;
}
String manufacturer = getLshwCompAttr(LSHW_DISK, i, "vendor");
String model = getLshwCompAttr(LSHW_DISK, i, "product");
String serial =
getLshwCompAttr(LSHW_DISK, i, "serial");
String revision = getLshwCompAttr(LSHW_DISK, i, "version");
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
HardDriveComponentInfo component =
new HardDriveComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static List<MemoryComponentInfo> getMemoryInfo() throws IOException {
LOGGER.debug("Collecting MemoryComponentInfo...");
List<MemoryComponentInfo> components = new ArrayList<>();
int compCount = getDmiCompCount(DMI_MEMORY, "Manufacturer");
for (int i = 1; i <= compCount; i++) {
String manufacturer = getDmiCompAttr(DMI_MEMORY, "Manufacturer", getSedDmiLshwVal(i));
String model = getDmiCompAttr(DMI_MEMORY, "Part Number", getSedDmiLshwVal(i));
String serial = getDmiCompAttr(DMI_MEMORY, "Serial Number", getSedDmiLshwVal(i));
String revision = null;
if (ComponentInfo.isComplete(manufacturer, model, serial, revision)) {
MemoryComponentInfo component =
new MemoryComponentInfo(manufacturer, model, serial, revision);
LOGGER.debug(String.format("Collected: %s", component.toString()));
components.add(component);
}
}
return components;
}
private static int getDmiCompCount(final int dmidecodeComponentType, final String termToCount)
throws IOException {
return Integer.parseInt(waitForAndGetOutput(ExecPipe.pipeOf(false, new String[][]{
{DMIDECODE, "-t", Integer.toString(dmidecodeComponentType)},
{GREP, termToCount + ":"},
{WC, "-l"}
}).exec()));
}
private static String getDmiCompAttr(
final int dmidecodeComponentType,
final String attr,
final String[] sedCleanFormat
) throws IOException {
return waitForAndGetOutput(ExecPipe.pipeOf(false, new String[][]{
{DMIDECODE, "-t", Integer.toString(dmidecodeComponentType)},
{GREP, attr + ":"},
sedCleanFormat
}).exec());
}
private static String getLshwHeader(
final String lshwComponentName,
final int lshwComponentIndex
) throws IOException {
return waitForAndGetOutput(ExecPipe.pipeOf(false, new String[][]{
{LSHW, "-class", lshwComponentName},
{AWK, "-vdev=" + lshwComponentIndex, AWK_GET_LSHW_HEADER}
}).exec());
}
private static int getLshwCompCount(final String componentType)
throws IOException {
return Integer.parseInt(waitForAndGetOutput(ExecPipe.pipeOf(false, new String[][]{
{LSHW, "-class", componentType},
{AWK, AWK_COUNT_COMPONENTS}
}).exec()));
}
private static String getLshwCompAttr(
final String lshwComponentName,
final int lshwComponentIndex,
final String attr
) throws IOException {
String attrToSearch = " " + attr + ":";
String lshwFieldVal = waitForAndGetOutput(ExecPipe.pipeOf(false, new String[][]{
{LSHW, "-class", lshwComponentName},
{AWK, "-vdev=" + lshwComponentIndex, "-vfield=" + attrToSearch, AWK_GET_LSHW_FIELD}
}).exec());
if (!lshwFieldVal.isEmpty()) {
// remove the field and the following ': ' to just leave the value
return lshwFieldVal.substring(lshwFieldVal.indexOf(":") + 2);
} else {
return DeviceInfoCollector.NOT_SPECIFIED;
}
}
private static String[] getSedDmiLshwVal(final int componentNumber) {
return new String[]{
SED, "-e", "s/[^:]*:[ ]*//", "-n", "-e", String.format("%dp", componentNumber)
};
}
private static String waitForAndGetOutput(final AsynchronousExecResult execResult)
throws IOException {
return waitFor(execResult).getStdOutResult().trim();
}
private static AsynchronousExecResult waitFor(final AsynchronousExecResult execResult)
throws IOException {
try {
execResult.waitFor();
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
execResult.throwExceptionIfFailed();
return execResult;
}
/**
* Retrieves dmidecode for the device. Only supports Linux.
*
* @param osName name of OS (Linux, Windows, etc.)
* @param command dmidecode string keyword command
* @return String of the result
* @throws CollectorException if there is a problem encountered while performing collection
*/
public static String collectDmiDecodeValue(final OSName osName, final String command)
throws CollectorException {
ExecBuilder execBuilder = null;
try {
switch (osName) {
case LINUX:
execBuilder = new ExecBuilder("dmidecode").args("-s", command);
break;
default:
throw new CollectorException(String.format(
"Unsupported operating system detected: %s.", osName));
}
return execBuilder.exec().getStdOutResult().trim();
} catch (IOException e) {
String msg = String.format("Could not call dmidecode using command: %s", execBuilder);
throw new CollectorException(msg, e);
}
}
}

145
HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java

@ -2,12 +2,10 @@ package hirs.data.persist;
import static org.apache.logging.log4j.LogManager.getLogger;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Embedded;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.OneToMany;
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
@ -16,13 +14,8 @@ import javax.xml.bind.annotation.XmlSeeAlso;
import hirs.utils.VersionHelper;
import org.apache.logging.log4j.Logger;
import org.hibernate.annotations.LazyCollection;
import org.hibernate.annotations.LazyCollectionOption;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/**
* A <code>DeficeInfoReport</code> is a <code>Report</code> used to transfer the
@ -67,48 +60,8 @@ public class DeviceInfoReport extends Report implements Serializable {
private String clientApplicationVersion;
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<ChassisComponentInfo> chassisInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<BaseboardComponentInfo> baseboardInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<ProcessorComponentInfo> processorInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<BIOSComponentInfo> biosInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<NICComponentInfo> nicInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<HardDriveComponentInfo> hardDriveInfo = new ArrayList<>();
@XmlElement
@OneToMany(cascade = CascadeType.ALL)
@JoinColumn(name = "deviceInfoReport_id")
@LazyCollection(LazyCollectionOption.FALSE)
private List<MemoryComponentInfo> memoryInfo = new ArrayList<>();
@Transient
private String paccorOutputString;
/**
* Default constructor necessary for marshalling/unmarshalling.
@ -258,62 +211,6 @@ public class DeviceInfoReport extends Report implements Serializable {
return tpmInfo;
}
/**
* Get list of ChassisComponentInfo obects, each representing a chassis.
* @return list of ChassisComponentInfo obects, each representing a chassis
*/
public List<ChassisComponentInfo> getChassisInfo() {
return chassisInfo;
}
/**
* Get list of BaseboardComponentInfo obects, each representing a baseboard.
* @return list of BaseboardComponentInfo obects, each representing a baseboard
*/
public List<BaseboardComponentInfo> getBaseboardInfo() {
return baseboardInfo;
}
/**
* Get list of ProcessorComponentInfo obects, each representing a processor.
* @return list of ProcessorComponentInfo obects, each representing a processor
*/
public List<ProcessorComponentInfo> getProcessorInfo() {
return processorInfo;
}
/**
* Get list of BIOSComponentInfo obects, each representing a BIOS.
* @return list of BIOSComponentInfo obects, each representing a BIOS
*/
public List<BIOSComponentInfo> getBiosInfo() {
return biosInfo;
}
/**
* Get list of NICComponentInfo obects, each representing a NIC.
* @return list of NICComponentInfo obects, each representing a NIC
*/
public List<NICComponentInfo> getNicInfo() {
return nicInfo;
}
/**
* Get list of HardDriveComponentInfo obects, each representing a hard drive.
* @return list of HardDriveComponentInfo obects, each representing a hard drive
*/
public List<HardDriveComponentInfo> getHardDriveInfo() {
return hardDriveInfo;
}
/**
* Get list of MemoryComponentInfo obects, each representing a memory DIMM.
* @return list of MemoryComponentInfo obects, each representing a memory DIMM
*/
public List<MemoryComponentInfo> getMemoryInfo() {
return memoryInfo;
}
/**
* Gets the client application version.
* @return the client application version
@ -391,31 +288,19 @@ public class DeviceInfoReport extends Report implements Serializable {
this.tpmInfo = tpmInfo;
}
public void setChassisInfo(List<ChassisComponentInfo> chassisInfo) {
this.chassisInfo = Collections.unmodifiableList(chassisInfo);
/**
* Get the string returned from PACCOR's allcomponents.sh script.
* @return the string returned from PACCOR's allcomponents.sh script
*/
public String getPaccorOutputString() {
return paccorOutputString;
}
public void setBaseboardInfo(List<BaseboardComponentInfo> baseboardInfo) {
this.baseboardInfo = Collections.unmodifiableList(baseboardInfo);
}
public void setProcessorInfo(List<ProcessorComponentInfo> processorInfo) {
this.processorInfo = Collections.unmodifiableList(processorInfo);
}
public void setBiosInfo(List<BIOSComponentInfo> biosInfo) {
this.biosInfo = Collections.unmodifiableList(biosInfo);
}
public void setNicInfo(List<NICComponentInfo> nicInfo) {
this.nicInfo = Collections.unmodifiableList(nicInfo);
}
public void setHardDriveInfo(List<HardDriveComponentInfo> hardDriveInfo) {
this.hardDriveInfo = Collections.unmodifiableList(hardDriveInfo);
}
public void setMemoryInfo(List<MemoryComponentInfo> memoryInfo) {
this.memoryInfo = Collections.unmodifiableList(memoryInfo);
/**
* Set the string returned from PACCOR's allcomponents.sh script.
* @param paccorOutputString the string returned from PACCOR's allcomponents.sh script
*/
public void setPaccorOutputString(String paccorOutputString) {
this.paccorOutputString = paccorOutputString;
}
}

18
HIRS_Utils/src/main/java/hirs/data/service/DeviceRegisterImpl.java

@ -51,17 +51,19 @@ public class DeviceRegisterImpl implements DeviceRegister {
private Device registerDeviceToManager(final String deviceName, final DeviceInfoReport report) {
Device savedDevice = deviceManager.getDevice(deviceName);
if (savedDevice == null) {
LOGGER.debug("device not found, saving new device");
Device newDevice = new Device(deviceName, report);
DeviceGroup group = deviceGroupManager.getDeviceGroup(DeviceGroup.DEFAULT_GROUP);
newDevice.setDeviceGroup(group);
deviceManager.saveDevice(newDevice);
} else {
if (savedDevice != null) {
LOGGER.debug("device found, updating device");
savedDevice.setDeviceInfo(report);
deviceManager.updateDevice(savedDevice);
return savedDevice;
}
return deviceManager.getDevice(deviceName);
LOGGER.debug("device not found, saving new device");
Device newDevice = new Device(deviceName, report);
DeviceGroup group = deviceGroupManager.getDeviceGroup(DeviceGroup.DEFAULT_GROUP);
newDevice.setDeviceGroup(group);
deviceManager.saveDevice(newDevice);
return newDevice;
}
}

62
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java

@ -1,5 +1,8 @@
package hirs.validation;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.ComponentInfo;
import hirs.data.persist.DeviceInfoReport;
@ -95,6 +98,42 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
}
/**
* Parses the output from PACCOR's allcomponents.sh script into ComponentInfo objects.
* @param paccorOutput the output from PACCOR's allcomoponents.sh
* @return a list of ComponentInfo objects built from paccorOutput
* @throws IOException if something goes wrong parsing the JSON
*/
public static List<ComponentInfo> getComponentInfoFromPaccorOutput(final String paccorOutput)
throws IOException {
List<ComponentInfo> componentInfoList = new ArrayList<>();
if (StringUtils.isNotEmpty(paccorOutput)) {
ObjectMapper objectMapper = new ObjectMapper(new JsonFactory());
JsonNode rootNode = objectMapper.readTree(paccorOutput);
Iterator<JsonNode> jsonComponentNodes
= rootNode.findValue("COMPONENTS").elements();
while (jsonComponentNodes.hasNext()) {
JsonNode next = jsonComponentNodes.next();
componentInfoList.add(new ComponentInfo(
getJSONNodeValueAsText(next, "MANUFACTURER"),
getJSONNodeValueAsText(next, "MODEL"),
getJSONNodeValueAsText(next, "SERIAL"),
getJSONNodeValueAsText(next, "REVISION")));
}
}
return componentInfoList;
}
private static String getJSONNodeValueAsText(final JsonNode node, final String fieldName) {
if (node.hasNonNull(fieldName)) {
return node.findValue(fieldName).asText();
}
return null;
}
/**
* Checks if the platform credential is valid.
*
@ -408,17 +447,18 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
&& identifier.getComponentModel() != null)
.collect(Collectors.toList());
List<ComponentInfo> allDeviceInfoComponents = new ArrayList<>();
allDeviceInfoComponents.addAll(deviceInfoReport.getChassisInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getBaseboardInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getBiosInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getHardDriveInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getNicInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getMemoryInfo());
allDeviceInfoComponents.addAll(deviceInfoReport.getProcessorInfo());
fieldValidation &= validateV2p0PlatformCredentialComponentsExpectingExactMatch(
validPcComponents, allDeviceInfoComponents);
String paccorOutputString = deviceInfoReport.getPaccorOutputString();
try {
List<ComponentInfo> componentInfoList
= getComponentInfoFromPaccorOutput(paccorOutputString);
fieldValidation &= validateV2p0PlatformCredentialComponentsExpectingExactMatch(
validPcComponents, componentInfoList);
} catch (IOException e) {
final String baseErrorMessage = "Error parsing JSON output from PACCOR: ";
LOGGER.error(baseErrorMessage + e.toString());
LOGGER.error("PACCOR output string:\n" + paccorOutputString);
return new AppraisalStatus(ERROR, baseErrorMessage + e.getMessage());
}
if (!fieldValidation) {
resultMessage.append("There are unmatched components\n");

147
HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java

@ -1,25 +1,22 @@
package hirs.validation;
import hirs.client.collector.DeviceInfoCollectorHelper;
import hirs.client.collector.DeviceInfoCollector;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.BaseboardComponentInfo;
import hirs.data.persist.ChassisComponentInfo;
import hirs.data.persist.ComponentInfo;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardDriveComponentInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.NICComponentInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.OSInfo;
import hirs.data.persist.ProcessorComponentInfo;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.CertificateTest;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.X500Name;
@ -46,22 +43,21 @@ import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.ObjectFactory;
import org.testng.annotations.Test;
import hirs.data.persist.certificate.CertificateTest;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
@ -90,12 +86,17 @@ import static org.powermock.api.mockito.PowerMockito.when;
/**
* Tests the SupplyChainValidator class.
*/
@PrepareForTest({SupplyChainCredentialValidator.class, DeviceInfoCollectorHelper.class,
@PrepareForTest({SupplyChainCredentialValidator.class, DeviceInfoCollector.class,
PlatformCredential.class, EndorsementCredential.class })
@PowerMockIgnore({"javax.xml.parsers.*", "org.apache.xerces.jaxp.*", "org.apache.logging.log4j.*",
"javax.security.auth.*" })
public class SupplyChainCredentialValidatorTest {
private static final String SAMPLE_PACCOR_OUTPUT_TXT = "sample_paccor_output.txt";
private static final String SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT
= "sample_paccor_output_with_extra_component.txt";
private static HardwareInfo hardwareInfo;
private SupplyChainCredentialValidator supplyChainCredentialValidator =
new SupplyChainCredentialValidator();
@ -395,11 +396,10 @@ public class SupplyChainCredentialValidatorTest {
TEST_SERIAL_NUMBER, TEST_SERIAL_NUMBER));
deviceInfoReport = PowerMockito.spy(deviceInfoReport);
ChassisComponentInfo chassis = new ChassisComponentInfo(TEST_COMPONENT_MANUFACTURER,
TEST_COMPONENT_MODEL, TEST_SERIAL_NUMBER, TEST_COMPONENT_REVISION);
ArrayList<ChassisComponentInfo> chassisSerial = new ArrayList<>();
chassisSerial.add(chassis);
PowerMockito.when(deviceInfoReport.getChassisInfo()).thenReturn(chassisSerial);
URL url = SupplyChainCredentialValidator.class.getResource(
SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT);
String paccorOutputString = IOUtils.toString(url);
when(deviceInfoReport.getPaccorOutputString()).thenReturn(paccorOutputString);
byte[] certBytes = Files.readAllBytes(Paths.get(CertificateTest.class.
getResource(TEST_PLATFORM_CRED).toURI()));
@ -436,11 +436,10 @@ public class SupplyChainCredentialValidatorTest {
deviceInfoReport = PowerMockito.spy(deviceInfoReport);
BaseboardComponentInfo base = new BaseboardComponentInfo(TEST_COMPONENT_MANUFACTURER,
TEST_COMPONENT_MODEL, TEST_SERIAL_NUMBER, TEST_COMPONENT_REVISION);
ArrayList<BaseboardComponentInfo> baseSerial = new ArrayList<>();
baseSerial.add(base);
PowerMockito.when(deviceInfoReport.getBaseboardInfo()).thenReturn(baseSerial);
URL url = SupplyChainCredentialValidator.class.getResource(
SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT);
String paccorOutputString = IOUtils.toString(url);
when(deviceInfoReport.getPaccorOutputString()).thenReturn(paccorOutputString);
byte[] certBytes = Files.readAllBytes(Paths.get(CertificateTest.class.
getResource(TEST_PLATFORM_CRED).toURI()));
@ -1101,12 +1100,6 @@ public class SupplyChainCredentialValidatorTest {
deviceInfoReport = PowerMockito.spy(deviceInfoReport);
BaseboardComponentInfo base = new BaseboardComponentInfo(TEST_COMPONENT_MANUFACTURER,
TEST_COMPONENT_MODEL, BAD_SERIAL, TEST_COMPONENT_REVISION);
ArrayList<BaseboardComponentInfo> baseSerial = new ArrayList<>();
baseSerial.add(base);
PowerMockito.when(deviceInfoReport.getBaseboardInfo()).thenReturn(baseSerial);
EndorsementCredential ec = PowerMockito.spy(new EndorsementCredential(
Files.readAllBytes(Paths.get(getClass().getResource(EK_CERT).toURI()))));
PowerMockito.when(ec, "getSerialNumber").thenReturn(pc.getHolderSerialNumber());
@ -1385,25 +1378,16 @@ public class SupplyChainCredentialValidatorTest {
return deviceInfoReport;
}
private static DeviceInfoReport setupDeviceInfoReportWithComponents() {
private static DeviceInfoReport setupDeviceInfoReportWithComponents() throws IOException {
return setupDeviceInfoReportWithComponents(SAMPLE_PACCOR_OUTPUT_TXT);
}
private static DeviceInfoReport setupDeviceInfoReportWithComponents(
final String paccorOutputResource) throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReport();
when(deviceInfoReport.getProcessorInfo()).thenReturn(
Collections.singletonList(new ProcessorComponentInfo("Intel",
"Core i7",
"Not Specified",
"Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz")));
List<NICComponentInfo> nicInfo = deviceInfoReport.getNicInfo();
nicInfo.add(
new NICComponentInfo("Intel Corporation",
"Ethernet Connection I217-V",
"23:94:17:ba:86:5e",
"00"));
nicInfo.add(
new NICComponentInfo("Intel Corporation",
"82580 Gigabit Network Connection",
"90:e2:ba:31:83:10",
""));
when(deviceInfoReport.getNicInfo()).thenReturn(nicInfo);
URL url = SupplyChainCredentialValidator.class.getResource(paccorOutputResource);
String paccorOutputString = IOUtils.toString(url);
when(deviceInfoReport.getPaccorOutputString()).thenReturn(paccorOutputString);
return deviceInfoReport;
}
@ -1461,7 +1445,7 @@ public class SupplyChainCredentialValidatorTest {
}
private PlatformCredential setupMatchingPlatformCredential(
final DeviceInfoReport deviceInfoReport) {
final DeviceInfoReport deviceInfoReport) throws IOException {
PlatformCredential platformCredential = mock(PlatformCredential.class);
when(platformCredential.getCredentialType()).thenReturn(
@ -1475,14 +1459,9 @@ public class SupplyChainCredentialValidatorTest {
when(platformCredential.getVersion())
.thenReturn(hardwareInfo.getVersion());
List<ComponentInfo> deviceInfoComponents = new ArrayList<>();
deviceInfoComponents.addAll(deviceInfoReport.getBaseboardInfo());
deviceInfoComponents.addAll(deviceInfoReport.getBiosInfo());
deviceInfoComponents.addAll(deviceInfoReport.getChassisInfo());
deviceInfoComponents.addAll(deviceInfoReport.getHardDriveInfo());
deviceInfoComponents.addAll(deviceInfoReport.getMemoryInfo());
deviceInfoComponents.addAll(deviceInfoReport.getNicInfo());
deviceInfoComponents.addAll(deviceInfoReport.getProcessorInfo());
List<ComponentInfo> deviceInfoComponents
= SupplyChainCredentialValidator.getComponentInfoFromPaccorOutput(
deviceInfoReport.getPaccorOutputString());
List<ComponentIdentifier> componentIdentifierList = new ArrayList<>();
for (ComponentInfo deviceInfoComponent : deviceInfoComponents) {
componentIdentifierList.add(new ComponentIdentifier(
@ -1505,9 +1484,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that TPM 2.0 Platform Credentials validate correctly against the device info report
* when there are no components.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0NoComponentsPass() {
public final void testvalidatePlatformCredentialAttributesV2p0NoComponentsPass()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReport();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1521,9 +1502,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that TPM 2.0 Platform Credentials validate correctly against the device info report
* when there are components present.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0WithComponentsPass() {
public final void testvalidatePlatformCredentialAttributesV2p0WithComponentsPass()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1538,9 +1521,11 @@ public class SupplyChainCredentialValidatorTest {
* Tests that TPM 2.0 Platform Credentials validate correctly against the device info report
* when there are components present, and when the PlatformSerial field holds the system's
* serial number instead of the baseboard serial number.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testValPCAttributesV2p0WithComponentsPassPlatformSerialWithSystemSerial() {
public final void testValPCAttributesV2p0WithComponentsPassPlatformSerialWithSystemSerial()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
when(platformCredential.getPlatformSerial())
@ -1555,9 +1540,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that the SupplyChainCredentialValidator fails when required fields are null.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0RequiredFieldsNull() {
public final void testvalidatePlatformCredentialAttributesV2p0RequiredFieldsNull()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1654,9 +1641,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that the SupplyChainCredentialValidator fails when required fields contain only empty
* strings.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0RequiredFieldsEmpty() {
public final void testvalidatePlatformCredentialAttributesV2p0RequiredFieldsEmpty()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1753,9 +1742,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that {@link SupplyChainCredentialValidator} failes when a component exists in the
* platform credential, but not in the device info report.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0MissingComponentInDeviceInfo() {
public final void testvalidatePlatformCredentialAttributesV2p0MissingComponentInDeviceInfo()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1791,12 +1782,18 @@ public class SupplyChainCredentialValidatorTest {
* Tests that SupplyChainCredentialValidator passes when everything matches but there are
* extra components in the device info report that are not represented in the platform
* credential.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0ExtraComponentInDeviceInfo() {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
public final void testvalidatePlatformCredentialAttributesV2p0ExtraComponentInDeviceInfo()
throws IOException {
PlatformCredential platformCredential = setupMatchingPlatformCredential(
setupDeviceInfoReportWithComponents(SAMPLE_PACCOR_OUTPUT_TXT));
// The device info report will contain one extra component.
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents(
SAMPLE_PACCOR_OUTPUT_WITH_EXTRA_COMPONENT_TXT);
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
AppraisalStatus result = SupplyChainCredentialValidator
.validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport);
@ -1804,14 +1801,6 @@ public class SupplyChainCredentialValidatorTest {
Assert.assertEquals(result.getMessage(),
SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID);
List<HardDriveComponentInfo> hardDriveInfoList = new ArrayList<>();
hardDriveInfoList.add(new HardDriveComponentInfo(
"ACME",
"Fancy Hard Drive",
"12345",
"2000"
));
when(deviceInfoReport.getHardDriveInfo()).thenReturn(hardDriveInfoList);
result = SupplyChainCredentialValidator
.validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport);
@ -1823,9 +1812,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that SupplyChainCredentialValidator fails when a component is found in the platform
* credential without a manufacturer or model.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testvalidatePlatformCredentialAttributesV2p0RequiredComponentFieldEmpty() {
public final void testvalidatePlatformCredentialAttributesV2p0RequiredComponentFieldEmpty()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1870,9 +1861,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that SupplyChainCredentialValidator passes when a component on the system has a
* matching component in the platform certificate, except the serial value is missing.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testValidatePlatformCredentialAttributesV2p0RequiredComponentNoSerial() {
public final void testValidatePlatformCredentialAttributesV2p0RequiredComponentNoSerial()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1898,9 +1891,11 @@ public class SupplyChainCredentialValidatorTest {
/**
* Tests that SupplyChainCredentialValidator passes when a component on the system has a
* matching component in the platform certificate, except the revision value is missing.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testValidatePlatformCredentialAttributesV2p0RequiredComponentNoRevision() {
public final void testValidatePlatformCredentialAttributesV2p0RequiredComponentNoRevision()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
@ -1927,9 +1922,11 @@ public class SupplyChainCredentialValidatorTest {
* Tests that SupplyChainCredentialValidator passes when a component on the system has a
* matching component in the platform certificate, except the serial and revision values
* are missing.
* @throws IOException if unable to set up DeviceInfoReport from resource file
*/
@Test
public final void testValPlatCredentialAttributesV2p0RequiredComponentNoSerialOrRevision() {
public final void testValPlatCredentialAttributesV2p0RequiredComponentNoSerialOrRevision()
throws IOException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents();
PlatformCredential platformCredential = setupMatchingPlatformCredential(deviceInfoReport);

27
HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt Executable file

@ -0,0 +1,27 @@
{
"PLATFORM": {
"PLATFORMMANUFACTURERSTR": "innotek GmbH","PLATFORMMODEL": "VirtualBox","PLATFORMVERSION": "1.2","PLATFORMSERIAL": "0"
},
"COMPONENTS": [
{
"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
}
],
"PROPERTIES": [
{
"NAME": "uname -r",
"VALUE": "3.10.0-862.11.6.el7.x86_64"
},
{
"NAME": "cat /etc/centos-release",
"VALUE": "CentOS Linux release 7.5.1804 (Core) "
}
]
}

30
HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output_with_extra_component.txt Executable file

@ -0,0 +1,30 @@
{
"PLATFORM": {
"PLATFORMMANUFACTURERSTR": "innotek GmbH","PLATFORMMODEL": "VirtualBox","PLATFORMVERSION": "1.2","PLATFORMSERIAL": "0"
},
"COMPONENTS": [
{
"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
},
{
"MANUFACTURER": "Intel","MODEL": "platform2018", "FIELDREPLACEABLE": "false", "SERIAL": "BQKP52840678", "REVISION": "1.0"
}
],
"PROPERTIES": [
{
"NAME": "uname -r",
"VALUE": "3.10.0-862.11.6.el7.x86_64"
},
{
"NAME": "cat /etc/centos-release",
"VALUE": "CentOS Linux release 7.5.1804 (Core) "
}
]
}

4
package/rpm/HIRS.spec

@ -36,11 +36,11 @@ Summary : Host Integrity at Runtime and Startup (HIRS) Provisioner
Group : System Environment/Base
%if 0%{?build6}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, initscripts, coreutils, dmidecode, lshw, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, initscripts, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
%endif
%if 0%{?build7}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, systemd, coreutils, dmidecode, lshw, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, systemd, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
%endif
%description -n %{provisioner_package_name}