mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-02-21 02:01:24 +00:00
Merge pull request #606 from nsacyber/v3_issue-596
[#596] Migrate RIM classes to HIRS_Utils
This commit is contained in:
chubtub
GitHub
commit
071e89a44f
@ -1,5 +1,6 @@
|
||||
package hirs.attestationca.persist.entity;
|
||||
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.MappedSuperclass;
|
||||
import lombok.AllArgsConstructor;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.manager;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.manager;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.manager;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.utils.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.utils.AbstractEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.enums.HealthStatus;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.utils.AbstractEntity;
|
||||
import jakarta.persistence.Access;
|
||||
import jakarta.persistence.AccessType;
|
||||
import jakarta.persistence.Entity;
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Column;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.utils.AbstractEntity;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.EqualsAndHashCode;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.MappedSuperclass;
|
||||
import lombok.AccessLevel;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.report;
|
||||
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.utils.AbstractEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.rim;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.utils.tpm.eventlog.TCGEventLog;
|
||||
import hirs.utils.tpm.eventlog.TpmPcrEvent;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.rim;
|
||||
|
||||
import hirs.attestationca.persist.entity.AbstractEntity;
|
||||
import hirs.utils.AbstractEntity;
|
||||
import jakarta.persistence.Access;
|
||||
import jakarta.persistence.AccessType;
|
||||
import jakarta.persistence.Column;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.rim;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.utils.tpm.eventlog.TCGEventLog;
|
||||
import hirs.utils.tpm.eventlog.TpmPcrEvent;
|
||||
import jakarta.persistence.Column;
|
||||
|
||||
@ -4,7 +4,7 @@ import com.google.protobuf.ByteString;
|
||||
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.PolicyRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
|
||||
@ -11,7 +11,7 @@ import hirs.attestationca.persist.entity.manager.TPM2ProvisionerStateRepository;
|
||||
import hirs.attestationca.persist.entity.tpm.TPM2ProvisionerState;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
@ -21,7 +21,7 @@ import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.utils.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
package hirs.attestationca.persist.service;
|
||||
|
||||
import hirs.attestationca.persist.DBManagerException;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.manager.CACredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
|
||||
@ -21,6 +20,7 @@ import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifes
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.validation.PcrValidator;
|
||||
import hirs.attestationca.persist.validation.SupplyChainCredentialValidator;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@ -1,16 +1,13 @@
|
||||
package hirs.attestationca.persist.service;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.manager.CACredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
|
||||
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
@ -19,7 +16,10 @@ import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.validation.CertificateAttributeScvValidator;
|
||||
import hirs.attestationca.persist.validation.CredentialValidator;
|
||||
import hirs.attestationca.persist.validation.FirmwareScvValidator;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import hirs.utils.BouncyCastleUtils;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.apache.logging.log4j.Level;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package hirs.attestationca.persist.service.selector;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import jakarta.persistence.criteria.CriteriaBuilder;
|
||||
import jakarta.persistence.criteria.CriteriaQuery;
|
||||
import jakarta.persistence.criteria.Predicate;
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package hirs.attestationca.persist.service.selector;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import jakarta.persistence.criteria.CriteriaBuilder;
|
||||
import jakarta.persistence.criteria.CriteriaQuery;
|
||||
import jakarta.persistence.criteria.Predicate;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package hirs.attestationca.persist.validation;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
|
||||
@ -5,14 +5,15 @@ import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.PolicySettings;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import hirs.attestationca.persist.service.ValidationService;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.utils.SwidResource;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifestValidator;
|
||||
import hirs.utils.rim.BaseReferenceManifest;
|
||||
import hirs.utils.tpm.eventlog.TCGEventLog;
|
||||
import hirs.utils.tpm.eventlog.TpmPcrEvent;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
|
||||
@ -3,11 +3,16 @@ package hirs.attestationca.persist.entity.userdefined;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URISyntaxException;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@ -17,6 +22,40 @@ import java.util.List;
|
||||
class SupplyChainValidationTest {
|
||||
private static final String MESSAGE = "Some message.";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) root CA certificate.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) Intel intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_INTEL_INT_CA_FILE =
|
||||
"/certificates/fakeIntelIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) SGI intermediate CA certificate.
|
||||
*/
|
||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||
private static final List<ArchivableEntity> allTestCertificates =
|
||||
new ArrayList<ArchivableEntity>(3);
|
||||
|
||||
@BeforeAll
|
||||
private static void setAllTestCertificates() throws URISyntaxException, IOException {
|
||||
allTestCertificates.add(
|
||||
new CertificateAuthorityCredential(
|
||||
Paths.get(SupplyChainValidationTest.class.getResource(
|
||||
FAKE_SGI_INT_CA_FILE).toURI())));
|
||||
allTestCertificates.add(
|
||||
new CertificateAuthorityCredential(
|
||||
Paths.get(SupplyChainValidationTest.class.getResource(
|
||||
FAKE_INTEL_INT_CA_FILE).toURI())));
|
||||
allTestCertificates.add(
|
||||
new CertificateAuthorityCredential(
|
||||
Paths.get(SupplyChainValidationTest.class.getResource(
|
||||
FAKE_ROOT_CA_FILE).toURI())));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that this class' getter methods work properly.
|
||||
*
|
||||
@ -31,7 +70,7 @@ class SupplyChainValidationTest {
|
||||
);
|
||||
assertEquals(
|
||||
validation.getCertificatesUsed(),
|
||||
CertificateTest.getAllTestCertificates()
|
||||
allTestCertificates
|
||||
);
|
||||
assertEquals(validation.getMessage(), MESSAGE);
|
||||
}
|
||||
@ -47,7 +86,7 @@ class SupplyChainValidationTest {
|
||||
new SupplyChainValidation(
|
||||
null,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates(),
|
||||
allTestCertificates,
|
||||
MESSAGE
|
||||
));
|
||||
}
|
||||
@ -78,7 +117,7 @@ class SupplyChainValidationTest {
|
||||
new SupplyChainValidation(
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates(),
|
||||
allTestCertificates,
|
||||
MESSAGE
|
||||
);
|
||||
}
|
||||
@ -95,7 +134,7 @@ class SupplyChainValidationTest {
|
||||
return getTestSupplyChainValidation(
|
||||
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
|
||||
AppraisalStatus.Status.PASS,
|
||||
CertificateTest.getAllTestCertificates()
|
||||
allTestCertificates
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformProperty;
|
||||
|
||||
@ -9,12 +9,12 @@ import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.EndorsementCredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.IssuedCertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.PlatformCertificateRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import hirs.attestationca.persist.util.CredentialHelper;
|
||||
import hirs.utils.CredentialHelper;
|
||||
import hirs.attestationca.portal.datatables.DataTableInput;
|
||||
import hirs.attestationca.portal.datatables.DataTableResponse;
|
||||
import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
|
||||
|
||||
@ -6,7 +6,7 @@ import hirs.attestationca.persist.entity.manager.DeviceRepository;
|
||||
import hirs.attestationca.persist.entity.manager.EndorsementCredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.IssuedCertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.PlatformCertificateRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.Device;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.DeviceAssociatedCertificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
|
||||
@ -5,14 +5,14 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.utils.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifestValidator;
|
||||
import hirs.attestationca.persist.service.ValidationService;
|
||||
import hirs.attestationca.persist.validation.ReferenceManifestValidator;
|
||||
import hirs.attestationca.persist.validation.SupplyChainCredentialValidator;
|
||||
import hirs.attestationca.persist.validation.SupplyChainValidatorException;
|
||||
import hirs.attestationca.portal.page.Page;
|
||||
|
||||
@ -4,8 +4,8 @@ import hirs.attestationca.persist.DBManagerException;
|
||||
import hirs.attestationca.persist.FilteredRecordsList;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest;
|
||||
import hirs.utils.rim.ReferenceManifest;
|
||||
import hirs.utils.rim.BaseReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
|
||||
import hirs.attestationca.portal.datatables.DataTableInput;
|
||||
|
||||
@ -5,7 +5,7 @@ import hirs.attestationca.persist.DBManagerException;
|
||||
import hirs.attestationca.persist.FilteredRecordsList;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue;
|
||||
import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest;
|
||||
import hirs.attestationca.portal.datatables.DataTableInput;
|
||||
|
||||
@ -3,8 +3,8 @@ package hirs.attestationca.portal.page.utils;
|
||||
import hirs.attestationca.persist.entity.manager.CACredentialRepository;
|
||||
import hirs.attestationca.persist.entity.manager.CertificateRepository;
|
||||
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.utils.Certificate;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||
|
||||
@ -37,6 +37,7 @@ dependencies {
|
||||
implementation libs.commons.lang3
|
||||
implementation libs.commons.io
|
||||
implementation libs.minimal.json
|
||||
implementation libs.hibernate.core
|
||||
|
||||
implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
|
||||
implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
|
||||
@ -72,4 +73,4 @@ jar {
|
||||
//
|
||||
// commandLine './genXjcLibrary.sh'
|
||||
//}
|
||||
//compileJava.dependsOn generateXjcLibrary
|
||||
//compileJava.dependsOn generateXjcLibrary
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package hirs.attestationca.persist.entity;
|
||||
package hirs.utils;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
@ -1,4 +1,4 @@
|
||||
package hirs.attestationca.persist.entity;
|
||||
package hirs.utils;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.MappedSuperclass;
|
||||
@ -1,11 +1,7 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
package hirs.utils;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVariables;
|
||||
import hirs.attestationca.persist.util.CredentialHelper;
|
||||
import hirs.utils.HexUtils;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Inheritance;
|
||||
@ -1,6 +1,5 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
package hirs.utils;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.Certificate;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import lombok.Getter;
|
||||
@ -1,4 +1,4 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.certificate;
|
||||
package hirs.utils;
|
||||
|
||||
public class CertificateVariables {
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
package hirs.attestationca.persist.util;
|
||||
package hirs.utils;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVariables;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
@ -1,6 +1,5 @@
|
||||
package hirs.attestationca.persist.entity.userdefined.rim;
|
||||
package hirs.utils.rim;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.utils.SwidResource;
|
||||
import hirs.utils.swid.SwidTagConstants;
|
||||
import jakarta.persistence.Column;
|
||||
@ -1,8 +1,8 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
package hirs.utils.rim;
|
||||
|
||||
import hirs.utils.ArchivableEntity;
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
import jakarta.persistence.Access;
|
||||
import jakarta.persistence.AccessType;
|
||||
import jakarta.persistence.Column;
|
||||
@ -1,7 +1,6 @@
|
||||
package hirs.attestationca.persist.validation;
|
||||
package hirs.utils.rim;
|
||||
|
||||
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
|
||||
import hirs.utils.CertificateAuthorityCredential;
|
||||
import jakarta.xml.bind.JAXBContext;
|
||||
import jakarta.xml.bind.JAXBException;
|
||||
import jakarta.xml.bind.UnmarshalException;
|
||||
@ -1,6 +1,4 @@
|
||||
package hirs.attestationca.persist.entity.userdefined;
|
||||
|
||||
import hirs.attestationca.persist.entity.ArchivableEntity;
|
||||
package hirs.utils;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
@ -29,6 +27,30 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
* This class tests functionality of the {@link Certificate} class.
|
||||
*/
|
||||
public class CertificateTest {
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_3 =
|
||||
"/validation/platform_credentials/Intel_pc3.cer";
|
||||
|
||||
/**
|
||||
* Platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_4 =
|
||||
"/validation/platform_credentials/Intel_pc4.pem";
|
||||
|
||||
/**
|
||||
* Another platform cert with comma separated baseboard and chassis serial number.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_5 =
|
||||
"/validation/platform_credentials/Intel_pc5.pem";
|
||||
|
||||
/**
|
||||
* Location of another, slightly different platform attribute cert.
|
||||
*/
|
||||
public static final String TEST_PLATFORM_CERT_6 =
|
||||
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
|
||||
|
||||
/**
|
||||
* Location of a test (fake) root CA certificate.
|
||||
*/
|
||||
@ -51,59 +73,8 @@ public class CertificateTest {
|
||||
*/
|
||||
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
|
||||
|
||||
/**
|
||||
* Location of another test self-signed certificate.
|
||||
*/
|
||||
public static final String ANOTHER_SELF_SIGNED_FILE =
|
||||
"/certificates/fakeSelfSigned.cer";
|
||||
|
||||
/**
|
||||
* Location of the NUC EC.
|
||||
*/
|
||||
public static final String STM_NUC1_EC = "/certificates/nuc-1/tpmcert.pem";
|
||||
|
||||
/**
|
||||
* Location of the ST Micro Intermediate 02 CA certificate.
|
||||
*/
|
||||
public static final String STM_INT_02_CA = "/certificates/stMicroCaCerts/stmtpmekint02.crt";
|
||||
|
||||
/**
|
||||
* Location of the ST Micro Root CA certificate.
|
||||
*/
|
||||
public static final String STM_ROOT_CA = "/certificates/stMicroCaCerts/stmtpmekroot.crt";
|
||||
|
||||
/**
|
||||
* Location of the GlobalSign Root CA certificate.
|
||||
*/
|
||||
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
|
||||
|
||||
/**
|
||||
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
|
||||
*/
|
||||
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
|
||||
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
|
||||
|
||||
/**
|
||||
* Location of a test STM endorsement credential.
|
||||
*/
|
||||
public static final String TEST_EC = "/certificates/ab21ccf2-tpmcert.pem";
|
||||
|
||||
/**
|
||||
* Location of a test client cert.
|
||||
*/
|
||||
public static final String ISSUED_CLIENT_CERT =
|
||||
"/tpm/sample_identity_cert.cer";
|
||||
|
||||
private static final String INT_CA_CERT02 = "/certificates/fakestmtpmekint02.pem";
|
||||
|
||||
private static final String RDN_COMMA_SEPARATED =
|
||||
"CN=STM TPM EK Intermediate CA 02, O=STMicroelectronics NV, C=CH";
|
||||
private static final String RDN_MULTIVALUE =
|
||||
"CN=Nuvoton TPM Root CA 2010+O=Nuvoton Technology Corporation+C=TW";
|
||||
|
||||
private static final String RDN_COMMA_SEPARATED_ORGANIZATION = "STMicroelectronics NV";
|
||||
private static final String RDN_MULTIVALUE_ORGANIZATION = "Nuvoton Technology Corporation";
|
||||
|
||||
private static final String EK_CERT_WITH_PADDED_BYTES =
|
||||
"/certificates/ek_cert_with_padded_bytes.cer";
|
||||
|
||||
@ -197,11 +168,11 @@ public class CertificateTest {
|
||||
|
||||
assertNotEquals(getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType(),
|
||||
TEST_PLATFORM_CERT_3).getCertificateType(),
|
||||
Certificate.CertificateType.X509_CERTIFICATE);
|
||||
assertEquals(getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType(),
|
||||
TEST_PLATFORM_CERT_3).getCertificateType(),
|
||||
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE);
|
||||
|
||||
}
|
||||
@ -215,7 +186,7 @@ public class CertificateTest {
|
||||
@Test
|
||||
public void testImportPem() throws IOException {
|
||||
Certificate platformCredential = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_4
|
||||
);
|
||||
|
||||
assertEquals(platformCredential.getCertificateType(),
|
||||
@ -226,7 +197,7 @@ public class CertificateTest {
|
||||
);
|
||||
|
||||
platformCredential = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_5
|
||||
);
|
||||
|
||||
assertEquals(platformCredential.getCertificateType(),
|
||||
@ -286,12 +257,12 @@ public class CertificateTest {
|
||||
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
|
||||
Certificate platformCert = getTestCertificate(
|
||||
PlatformCredential.class,
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
||||
TEST_PLATFORM_CERT_3
|
||||
);
|
||||
|
||||
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
|
||||
Files.readAllBytes(Paths.get(this.getClass().getResource(
|
||||
PlatformCredentialTest.TEST_PLATFORM_CERT_3
|
||||
TEST_PLATFORM_CERT_3
|
||||
).toURI()))
|
||||
);
|
||||
|
||||
@ -321,7 +292,7 @@ public class CertificateTest {
|
||||
public void testX509AttributeCertificateParsingExtended()
|
||||
throws IOException, URISyntaxException {
|
||||
Certificate platformCert = getTestCertificate(
|
||||
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6);
|
||||
PlatformCredential.class, TEST_PLATFORM_CERT_6);
|
||||
|
||||
assertEquals(platformCert.getAuthorityInfoAccess(),
|
||||
"https://trustedservices.intel.com/"
|
||||
Binary file not shown.
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDGDCCAgKgAwIBAgIBAjALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS
|
||||
b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTI3MDEyNDE1MjU0MVowJzElMCMGA1UE
|
||||
AwwcRmFrZSBJbnRlbCBJbnRlcm1lZGlhdGUgQ0EgMTCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAKOwrvGN7liqE0Fv0Z5jSRuYdz5WHbxNgb9HNvllM9AK
|
||||
a61TKVL2yWjaDMeO3r/QmL6MbiVNLfSYzJtotbujpelZSucgFqq/6skr5K8ik1Lk
|
||||
se7DrZGsheC6g9ei5UyAJlIQtCmm26xIraQWtQbSrMvMoRo25vm2LNA9fY46hx/a
|
||||
zk9yPI9OLXOWuK/OnT7gmV/ESU1fLWXedVCxYZfu9KyMD2PxHG5eZc8e/Or/cVt1
|
||||
5wuP16ZbzCV8NsJFKPBvfKsngznb4WuGOPTbMJaslB5wJZPp+GyBe3L0g4vr2+GE
|
||||
WldoObtit9vdHj1HDcsxk2IHaQZ7zkJZ2vyGdDYn10ECAwEAAaNjMGEwDwYDVR0T
|
||||
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCEFgTDtdHY0MnCE
|
||||
8CeV32cOi9dzMB8GA1UdIwQYMBaAFFjsMToWmflMHIxOLGQSQCsljwF3MAsGCSqG
|
||||
SIb3DQEBCwOCAQEAb9OPfUQSOZG5JLNJTMJtBUXWPAAhR7xXvWtG17B3c8UrU4kN
|
||||
bfqAQnVkya+7vUPpaxVP5KJjzud8hBg5xqgaf7MO5mq/P+3RmtudB/AunTiBApSL
|
||||
f0nXEMl3UbGdfseWnrEC0QMetsBDgPyhUAJ+P+KwEWWndpaeZRV1pfvPc2OMqG3J
|
||||
or8hmfEVk2k9Di3GThsA5PnKehYE+FGHtT2+YO5Tpn75PdhN8r2N6MU7kXVPN9yi
|
||||
5RT5HKpee8ZmkzYdOhWe7+7W23j3Klh3yyVHW1Yk426PRuRym9RrPOZO8dSJY0n5
|
||||
abPM8+BCy4GpK/wdUuZhKBo1BX/Mq7fMfR07kQ==
|
||||
-----END CERTIFICATE-----
|
||||
18
HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer
Normal file
18
HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC5zCCAdGgAwIBAgIBATALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS
|
||||
b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTQ3MDEyNDE1MjU0MVowFzEVMBMGA1UE
|
||||
AwwMRmFrZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
geIXUAtrlc+FY8FC/bAGC6Vg1lbok+kILT/ZmG/4vdigZ2hzFR3dVjmgWd4hp3uP
|
||||
dY7E/JUEouBq24qDpPUWrHIxSCqGp9Rn+whGq6Yy7d1d0FGyskIJJ2aFr1QC+/jA
|
||||
4CptLbQGhqmyALrmXFai3scUmNciuTbEb3Ap9829IdsD4F9hT557zRSocaelVCUw
|
||||
6sNLU78fJfG7K3dKmKemvtprqlDlfM3nya5P6IzkRKiPpXN6Q1sL7FDkKQ3HuyBM
|
||||
WqPU+AWhqhCR9hRenuTpwTxEPVPA8FRV78wkV3VLzXCG7lHPZ8xCDKAZzdbwymjU
|
||||
wfm9Wr5KperE83suIcIHxQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
|
||||
DwEB/wQEAwIBBjAdBgNVHQ4EFgQUWOwxOhaZ+UwcjE4sZBJAKyWPAXcwCwYJKoZI
|
||||
hvcNAQELA4IBAQA2qgdehg53y1ehnq9KKdV5JllGgPon1GigMrMJ8VMGo+zs7h2q
|
||||
CYlqCyuCI5hYWzZTRzwX6OAfZkIVEgY0O2lYJgTzsC+kz4EFArzq5eLqw2/hsn8c
|
||||
KveCz+6mIL9AoyAMx9NZB1IytkDWIOtIElxOoAojluEDp3L1gzr9PVHJkI9KMeVV
|
||||
eaH6Hg+Wg6I0jS1546oJnheEmcrwYaLJ0pHZR9NGpkICxDNMpNTLW9yy8e/kK+iB
|
||||
xzT6vc3p791ktO1UD5kfK0QW8oRyMX0eHdRlDK2so+VWA5pEka+ZPc9dPB5JSudm
|
||||
HBfbguS1HVpYAfJslzj31UpSnxr7ZA4OWiLf
|
||||
-----END CERTIFICATE-----
|
||||
@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFjCCAgCgAwIBAgIBAzALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS
|
||||
b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTI3MDEyNDE1MjU0MVowJTEjMCEGA1UE
|
||||
AwwaRmFrZSBTR0kgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQC7tS739kM5cCJBVXGJtTgiV30AKtnDXeF5uw40DYfiXf1H
|
||||
H5QAHNdiLqiZpsYJPiTnS7drsdvlzT1zjkfu11cI0jdUjMqDfSP+2MfAvrcjpdSN
|
||||
R2YlcIJSNTeJyydvkxl6l0keXKdaoUkrMoJ+O0BWbSy7jXbicmndh4aoscq0Qp6s
|
||||
99n4bPwrKqV/GkuTRjaUqGoEx/h9gM05kUcO5kw9xwO21ogY1H+j3NNstmTAjko+
|
||||
PNEhVEp5Ax6XpqTZOqbFpiWQdA7oXJsXar0tXi0DWBWcVz0EXqoOSxhH4cpnBmSZ
|
||||
ioioIOCzcxitdcWIQS+phm/B+vhK4+YUKHCF2ds1AgMBAAGjYzBhMA8GA1UdEwEB
|
||||
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQynzPkAJcEtxU2u0uy
|
||||
YG2QqJ+U/zAfBgNVHSMEGDAWgBRY7DE6Fpn5TByMTixkEkArJY8BdzALBgkqhkiG
|
||||
9w0BAQsDggEBAGs9uq0DKACdcgoNyJcHzyb11EhMe8+l/D+j8JjsRp3w6rXpw60U
|
||||
ptZVMh7/SpRte7NjUBJ7wk76IIhntu6rcf/ik4ptyOgSUxDzGDffQzPRHRmXmjj0
|
||||
eir+cVQP34O7gByj/n92S9GP4/0RYGt7X7PGGiNArSroeS83fUQMVHhN8PbFzcrk
|
||||
y9NHNR/In90Le/tPsFwGdTYzirgnjmcaVZFgCQfKuU3xr9vjANc2i5+QzzApjZ1i
|
||||
K3o3z1eLOz6x25C03J8MF6GRiSV9AjrP8P0vQc25zpsjKH/rvdwmLIC6IjprF3Wk
|
||||
nqakIzC7ABXdKhS8pOLkbmcoPlyt1rP9RgA=
|
||||
-----END CERTIFICATE-----
|
||||
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjzCCAnmgAwIBAgIBBTALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS
|
||||
b290IENBMB4XDTExMDEyMTAwMDAwMFoXDTI5MTIzMTAwMDAwMFowVTELMAkGA1UE
|
||||
BhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBOVjEmMCQGA1UEAxMd
|
||||
U1RNIFRQTSBFSyBJbnRlcm1lZGlhdGUgQ0EgMDIwggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQCTt4oZ/7h4Fdx65T2ab/PtfsYPXHC396VVyaE+Z/Dxx4sT
|
||||
emUQZn/zYPOfzg2c8Z6LQuuFg/BhzC8kNAp2tzCRfjBiWeUeSZLiUQeArYEz8HE1
|
||||
WSLArrqdGg1pz82Kh8L32og9hQ9GmsQp0yiI1lPTs7Uw9iOtcVtiyhGOFXXvltwu
|
||||
1mYEuU6apG4Sc8tjSY+qEjAypJXyN1/I1X+254DHAkd19zXCKN+PSA7da9Rn8Afq
|
||||
Fq4aIGVZzBSSgKEmD/GkKyw1Ze0kDgIE189iAw+m6NY4Gv/Cm+9nQ4fA9qq5Kloe
|
||||
x8HWrN46qm2/boqujtnSSWPOhY3341z6N4xpRY07AgMBAAGjgaswgagwDwYDVR0T
|
||||
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwRQYDVR0gAQH/BDswOTA3BgRVHSAA
|
||||
MC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5
|
||||
LzAdBgNVHQ4EFgQUVx+Aa0fM55v6NZR87Yi40QBa4J4wHwYDVR0jBBgwFoAUWOwx
|
||||
OhaZ+UwcjE4sZBJAKyWPAXcwCwYJKoZIhvcNAQELA4IBAQB8IaDIWicxm7m2qyDv
|
||||
v4L253D3qRcx+sdM2GM0IpvK3u9z3BQraAhF6PPLlgFGP6slZdDY6ryrP8PEkvsH
|
||||
tHoapB1MWe+eMrxw7dXQLnpzm/P++8AWMtY8roziiO7x3AYTbRb9lB2HjOWc2aGZ
|
||||
1xW+su+aTnr9U4uYO1+HrDDKYgkypIcousRwUMW6c6szAZY2UtWS2e4346V3LVLz
|
||||
sv22n4rqWWRzJ2tl+jIqLepChqOdgscDL+aO2iowmzTSWV/WLJRaTs0AsOYJkdlG
|
||||
8wWRzygRbfGdIL7A/hKK42o0b7v3R/NI0nemwAzVN/QOYjTbkOCIUBg/6mT8CkYx
|
||||
pmiq
|
||||
-----END CERTIFICATE-----
|
||||
BIN
HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc3.cer
Executable file
BIN
HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc3.cer
Executable file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -25,21 +25,10 @@ dependencies {
|
||||
implementation libs.glassfish.json
|
||||
implementation libs.glassfish.jaxb.runtime
|
||||
implementation libs.jcommander
|
||||
implementation libs.jakarta.api
|
||||
implementation libs.jakarta.xml
|
||||
implementation libs.commons.codec
|
||||
implementation libs.hibernate.core
|
||||
implementation libs.jackson.databind
|
||||
implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
|
||||
implementation libs.guava
|
||||
// implementation libs.javax.json
|
||||
// implementation libs.javax.jaxb
|
||||
// implementation libs.javax.annotation
|
||||
|
||||
compileOnly libs.lombok
|
||||
implementation libs.lombok
|
||||
annotationProcessor libs.lombok
|
||||
|
||||
testImplementation libs.testng
|
||||
}
|
||||
|
||||
|
||||
@ -1,360 +0,0 @@
|
||||
package hirs.swid;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import hirs.swid.ReferenceManifest;
|
||||
import hirs.swid.SwidResource;
|
||||
import hirs.swid.SwidTagConstants;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.xml.bind.JAXBContext;
|
||||
import jakarta.xml.bind.JAXBException;
|
||||
import jakarta.xml.bind.UnmarshalException;
|
||||
import jakarta.xml.bind.Unmarshaller;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NodeList;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
import javax.xml.transform.Source;
|
||||
import javax.xml.transform.Transformer;
|
||||
import javax.xml.transform.TransformerConfigurationException;
|
||||
import javax.xml.transform.TransformerException;
|
||||
import javax.xml.transform.TransformerFactory;
|
||||
import javax.xml.transform.dom.DOMResult;
|
||||
import javax.xml.transform.stream.StreamSource;
|
||||
import javax.xml.validation.Schema;
|
||||
import javax.xml.validation.SchemaFactory;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Base64;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@Log4j2
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@Entity
|
||||
public class BaseReferenceManifest extends ReferenceManifest {
|
||||
/**
|
||||
* Holds the name of the 'base64Hash' field.
|
||||
*/
|
||||
public static final String BASE_64_HASH_FIELD = "base64Hash";
|
||||
|
||||
private static JAXBContext jaxbContext;
|
||||
|
||||
@Column
|
||||
@JsonIgnore
|
||||
private String base64Hash = "";
|
||||
@Column
|
||||
private String swidName = null;
|
||||
@Column
|
||||
private int swidCorpus = 0;
|
||||
@Column
|
||||
private String colloquialVersion = null;
|
||||
@Column
|
||||
private String product = null;
|
||||
@Column
|
||||
private String revision = null;
|
||||
@Column
|
||||
private String edition = null;
|
||||
@Column
|
||||
private String rimLinkHash = null;
|
||||
@Column
|
||||
private String bindingSpec = null;
|
||||
@Column
|
||||
private String bindingSpecVersion = null;
|
||||
@Column
|
||||
private String platformVersion = null;
|
||||
@Column
|
||||
private String payloadType = null;
|
||||
@Column
|
||||
private String pcURIGlobal = null;
|
||||
@Column
|
||||
private String pcURILocal = null;
|
||||
|
||||
private String entityName = null;
|
||||
private String entityRegId = null;
|
||||
private String entityRole = null;
|
||||
private String entityThumbprint = null;
|
||||
private String linkHref = null;
|
||||
private String linkRel = null;
|
||||
|
||||
/**
|
||||
* Support constructor for the RIM object.
|
||||
*
|
||||
* @param rimBytes - the file content of the uploaded file.
|
||||
* @throws IOException - thrown if the file is invalid.
|
||||
*/
|
||||
public BaseReferenceManifest(final byte[] rimBytes) throws IOException {
|
||||
this("", rimBytes);
|
||||
}
|
||||
|
||||
/**
|
||||
* Main constructor for the RIM object. This takes in a byte array of a
|
||||
* valid swidtag file and parses the information.
|
||||
*
|
||||
* @param fileName - string representation of the uploaded file.
|
||||
* @param rimBytes byte array representation of the RIM
|
||||
* @throws IOException if unable to unmarshal the string
|
||||
*/
|
||||
@SuppressWarnings("checkstyle:AvoidInlineConditionals")
|
||||
public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException {
|
||||
super(rimBytes);
|
||||
this.setRimType(BASE_RIM);
|
||||
this.setFileName(fileName);
|
||||
Document document = unmarshallSwidTag(new ByteArrayInputStream(rimBytes));
|
||||
Element softwareIdentity;
|
||||
Element meta;
|
||||
Element entity;
|
||||
Element link;
|
||||
|
||||
MessageDigest digest = null;
|
||||
this.base64Hash = "";
|
||||
try {
|
||||
digest = MessageDigest.getInstance("SHA-256");
|
||||
this.base64Hash = Base64.getEncoder().encodeToString(
|
||||
digest.digest(rimBytes));
|
||||
} catch (NoSuchAlgorithmException noSaEx) {
|
||||
log.error(noSaEx);
|
||||
}
|
||||
|
||||
// begin parsing valid swid tag
|
||||
if (document != null) {
|
||||
softwareIdentity = (Element) document.getElementsByTagName(SwidTagConstants.SOFTWARE_IDENTITY).item(0);
|
||||
entity = (Element) document.getElementsByTagName(SwidTagConstants.ENTITY).item(0);
|
||||
link = (Element) document.getElementsByTagName(SwidTagConstants.LINK).item(0);
|
||||
meta = (Element) document.getElementsByTagName(SwidTagConstants.META).item(0);
|
||||
setTagId(softwareIdentity.getAttribute(SwidTagConstants.TAGID));
|
||||
this.swidName = softwareIdentity.getAttribute(SwidTagConstants.NAME);
|
||||
this.swidCorpus = Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.CORPUS)) ? 1 : 0;
|
||||
this.setSwidPatch(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.PATCH)));
|
||||
this.setSwidSupplemental(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.SUPPLEMENTAL)));
|
||||
this.setSwidVersion(softwareIdentity.getAttribute(SwidTagConstants.VERSION));
|
||||
this.setSwidTagVersion(softwareIdentity.getAttribute(SwidTagConstants.TAGVERSION));
|
||||
|
||||
parseSoftwareMeta(meta);
|
||||
parseEntity(entity);
|
||||
parseLink(link);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a helper method that parses the SoftwareMeta tag and stores the
|
||||
* information in the class fields.
|
||||
*
|
||||
* @param softwareMeta The object to parse.
|
||||
*/
|
||||
private void parseSoftwareMeta(final Element softwareMeta) {
|
||||
if (softwareMeta != null) {
|
||||
this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants.COLLOQUIAL_VERSION);
|
||||
this.product = softwareMeta.getAttribute(SwidTagConstants.PRODUCT);
|
||||
this.revision = softwareMeta.getAttribute(SwidTagConstants.REVISION);
|
||||
this.edition = softwareMeta.getAttribute(SwidTagConstants.EDITION);
|
||||
this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants.RIM_LINK_HASH);
|
||||
this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC);
|
||||
this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC_VERSION);
|
||||
this.setPlatformManufacturerId(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_ID));
|
||||
this.setPlatformManufacturer(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_STR));
|
||||
this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MODEL));
|
||||
this.platformVersion = softwareMeta.getAttribute(SwidTagConstants.PLATFORM_VERSION);
|
||||
this.payloadType = softwareMeta.getAttribute(SwidTagConstants.PAYLOAD_TYPE);
|
||||
this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_GLOBAL);
|
||||
this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_LOCAL);
|
||||
} else {
|
||||
log.warn("SoftwareMeta Tag not found.");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a helper method that parses the Entity tag and stores the
|
||||
* information in the class fields.
|
||||
*
|
||||
* @param entity The object to parse.
|
||||
*/
|
||||
private void parseEntity(final Element entity) {
|
||||
if (entity != null) {
|
||||
this.entityName = entity.getAttribute(SwidTagConstants.NAME);
|
||||
this.entityRegId = entity.getAttribute(SwidTagConstants.REGID);
|
||||
this.entityRole = entity.getAttribute(SwidTagConstants.ROLE);
|
||||
this.entityThumbprint = entity.getAttribute(SwidTagConstants.THUMBPRINT);
|
||||
} else {
|
||||
log.warn("Entity Tag not found.");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a helper method that parses the Link tag and stores the
|
||||
* information in the class fields.
|
||||
*
|
||||
* @param link The object to parse.
|
||||
*/
|
||||
private void parseLink(final Element link) {
|
||||
if (link != null) {
|
||||
this.linkHref = link.getAttribute(SwidTagConstants.HREF);
|
||||
this.linkRel = link.getAttribute(SwidTagConstants.REL);
|
||||
} else {
|
||||
log.warn("Link Tag not found.");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This method validates the .swidtag file at the given filepath against the
|
||||
* schema. A successful validation results in the output of the tag's name
|
||||
* and tagId attributes, otherwise a generic error message is printed.
|
||||
*
|
||||
*/
|
||||
private Element getDirectoryTag() {
|
||||
return getDirectoryTag(new ByteArrayInputStream(getRimBytes()));
|
||||
}
|
||||
|
||||
/**
|
||||
* This method validates the .swidtag file at the given filepath against the
|
||||
* schema. A successful validation results in the output of the tag's name
|
||||
* and tagId attributes, otherwise a generic error message is printed.
|
||||
*
|
||||
* @param byteArrayInputStream the location of the file to be validated
|
||||
*/
|
||||
private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) {
|
||||
Document document = unmarshallSwidTag(byteArrayInputStream);
|
||||
Element softwareIdentity =
|
||||
(Element) document.getElementsByTagName("SoftwareIdentity").item(0);
|
||||
if (softwareIdentity != null) {
|
||||
Element directory = (Element) document.getElementsByTagName("Directory").item(0);
|
||||
|
||||
return directory;
|
||||
} else {
|
||||
log.error("Invalid xml for validation, please verify ");
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method iterates over the list of File elements under the directory. *
|
||||
*/
|
||||
public List<SwidResource> getFileResources() {
|
||||
return getFileResources(getRimBytes());
|
||||
}
|
||||
|
||||
/**
|
||||
* This method iterates over the list of File elements under the directory.
|
||||
*
|
||||
* @param rimBytes the bytes to find the files
|
||||
*
|
||||
*/
|
||||
public List<SwidResource> getFileResources(final byte[] rimBytes) {
|
||||
Element directoryTag = getDirectoryTag(new ByteArrayInputStream(rimBytes));
|
||||
List<SwidResource> validHashes = new ArrayList<>();
|
||||
NodeList fileNodeList = directoryTag.getChildNodes();
|
||||
Element file = null;
|
||||
SwidResource swidResource = null;
|
||||
for (int i = 0; i < fileNodeList.getLength(); i++) {
|
||||
file = (Element) fileNodeList.item(i);
|
||||
swidResource = new SwidResource();
|
||||
swidResource.setName(file.getAttribute(SwidTagConstants.NAME));
|
||||
swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE));
|
||||
swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":"
|
||||
+ SwidTagConstants._SHA256_HASH.getLocalPart()));
|
||||
validHashes.add(swidResource);
|
||||
}
|
||||
|
||||
return validHashes;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method unmarshalls the swidtag found at [path] into a Document object
|
||||
* and validates it according to the schema.
|
||||
*
|
||||
* @param byteArrayInputStream to the input swidtag
|
||||
* @return the Document element at the root of the swidtag
|
||||
*/
|
||||
private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) {
|
||||
InputStream is = null;
|
||||
Document document = null;
|
||||
Unmarshaller unmarshaller = null;
|
||||
try {
|
||||
document = removeXMLWhitespace(byteArrayInputStream);
|
||||
SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE);
|
||||
is = getClass().getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL);
|
||||
Schema schema = schemaFactory.newSchema(new StreamSource(is));
|
||||
if (jaxbContext == null) {
|
||||
jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE);
|
||||
}
|
||||
unmarshaller = jaxbContext.createUnmarshaller();
|
||||
unmarshaller.setSchema(schema);
|
||||
unmarshaller.unmarshal(document);
|
||||
} catch (IOException e) {
|
||||
log.error(e.getMessage());
|
||||
} catch (SAXException e) {
|
||||
log.error("Error setting schema for validation!");
|
||||
} catch (UnmarshalException e) {
|
||||
log.error("Error validating swidtag file!");
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.error("Input file empty.");
|
||||
} catch (JAXBException e) {
|
||||
e.printStackTrace();
|
||||
} finally {
|
||||
if (is != null) {
|
||||
try {
|
||||
is.close();
|
||||
} catch (IOException e) {
|
||||
System.out.println("Error closing input stream");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return document;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method strips all whitespace from an xml file, including indents and spaces
|
||||
* added for human-readability.
|
||||
*
|
||||
* @param byteArrayInputStream to the xml file
|
||||
* @return Document object without whitespace
|
||||
*/
|
||||
private Document removeXMLWhitespace(final ByteArrayInputStream byteArrayInputStream) throws IOException {
|
||||
TransformerFactory tf = TransformerFactory.newInstance();
|
||||
Source source = new StreamSource(
|
||||
getClass().getClassLoader().getResourceAsStream("identity_transform.xslt"));
|
||||
Document document = null;
|
||||
if (byteArrayInputStream.available() > 0) {
|
||||
try {
|
||||
Transformer transformer = tf.newTransformer(source);
|
||||
DOMResult result = new DOMResult();
|
||||
transformer.transform(new StreamSource(byteArrayInputStream), result);
|
||||
document = (Document) result.getNode();
|
||||
} catch (TransformerConfigurationException tcEx) {
|
||||
log.error("Error configuring transformer!");
|
||||
} catch (TransformerException tEx) {
|
||||
log.error("Error transforming input!");
|
||||
}
|
||||
} else {
|
||||
throw new IOException("Input file is empty!");
|
||||
}
|
||||
|
||||
return document;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("ReferenceManifest{swidName=%s,"
|
||||
+ "platformManufacturer=%s,"
|
||||
+ " platformModel=%s,"
|
||||
+ "tagId=%s, base64Hash=%s}",
|
||||
swidName, this.getPlatformManufacturer(),
|
||||
this.getPlatformModel(), getTagId(), this.getBase64Hash());
|
||||
}
|
||||
}
|
||||
@ -1,66 +0,0 @@
|
||||
package hirs.swid;
|
||||
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
/**
|
||||
* Enum of digest algorithms. The enum values also provide a standardized
|
||||
* algorithm name. The standardized algorithm name is a String of the algorithm
|
||||
* name as defined by Java.
|
||||
*/
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public enum DigestAlgorithm {
|
||||
/**
|
||||
* MD2 digest algorithm.
|
||||
*/
|
||||
MD2("MD2", 16),
|
||||
/**
|
||||
* MD5 digest algorithm.
|
||||
*/
|
||||
MD5("MD5", 16),
|
||||
/**
|
||||
* SHA-1 digest algorithm.
|
||||
*/
|
||||
SHA1("SHA-1", 20),
|
||||
/**
|
||||
* SHA-256 digest algorithm.
|
||||
*/
|
||||
SHA256("SHA-256", 32),
|
||||
/**
|
||||
* SHA-384 digest algorithm.
|
||||
*/
|
||||
SHA384("SHA-384", 48),
|
||||
/**
|
||||
* SHA-512 digest algorithm.
|
||||
*/
|
||||
SHA512("SHA-512", 64),
|
||||
/**
|
||||
* Condition used when an algorithm is not specified and
|
||||
* the size doesn't match known digests.
|
||||
*/
|
||||
UNSPECIFIED("NOT SPECIFIED", Integer.BYTES);
|
||||
|
||||
private final String standardAlgorithmName;
|
||||
private final int lengthInBytes;
|
||||
|
||||
/**
|
||||
* Returns a DigestAlgorithm object given a String. The String is expected to be one of the
|
||||
* options for standardAlgorithmName. Throws an IllegalArgumentException if no Enum exists with
|
||||
* that value.
|
||||
*
|
||||
* @param standardAlgorithmName
|
||||
* String value of the Enum
|
||||
* @return DigestAlgorithm object
|
||||
*/
|
||||
public static DigestAlgorithm findByString(final String standardAlgorithmName) {
|
||||
for (DigestAlgorithm algorithm: DigestAlgorithm.values()) {
|
||||
if (algorithm.getStandardAlgorithmName().equals(standardAlgorithmName)) {
|
||||
return algorithm;
|
||||
}
|
||||
}
|
||||
throw new IllegalArgumentException(String.format("No constant with text \"%s\" found",
|
||||
standardAlgorithmName));
|
||||
}
|
||||
}
|
||||
@ -1,165 +0,0 @@
|
||||
package hirs.swid;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import com.google.common.base.Preconditions;
|
||||
import jakarta.persistence.Access;
|
||||
import jakarta.persistence.AccessType;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Inheritance;
|
||||
import jakarta.persistence.InheritanceType;
|
||||
import jakarta.persistence.Table;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import org.hibernate.annotations.JdbcTypeCode;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class represents the Reference Integrity Manifest object that will be
|
||||
* loaded into the DB and displayed in the ACA.
|
||||
*/
|
||||
@Getter @Setter @ToString
|
||||
@EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false)
|
||||
@Log4j2
|
||||
@Entity
|
||||
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
|
||||
@Table(name = "ReferenceManifest")
|
||||
@Access(AccessType.FIELD)
|
||||
public class ReferenceManifest {
|
||||
|
||||
/**
|
||||
* Holds the name of the 'hexDecHash' field.
|
||||
*/
|
||||
public static final String HEX_DEC_HASH_FIELD = "hexDecHash";
|
||||
/**
|
||||
* String for display of a Base RIM.
|
||||
*/
|
||||
public static final String BASE_RIM = "Base";
|
||||
/**
|
||||
* String for display of a Support RIM.
|
||||
*/
|
||||
public static final String SUPPORT_RIM = "Support";
|
||||
/**
|
||||
* String for display of a Support RIM.
|
||||
*/
|
||||
public static final String MEASUREMENT_RIM = "Measurement";
|
||||
|
||||
/**
|
||||
* String for the xml schema ios standard.
|
||||
*/
|
||||
public static final String SCHEMA_STATEMENT = "ISO/IEC 19770-2:2015 Schema (XSD 1.0) "
|
||||
+ "- September 2015, see http://standards.iso.org/iso/19770/-2/2015/schema.xsd";
|
||||
/**
|
||||
* String for the xml schema URL file name.
|
||||
*/
|
||||
public static final String SCHEMA_URL = "swid_schema.xsd";
|
||||
/**
|
||||
* String for the language type for the xml schema.
|
||||
*/
|
||||
public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI;
|
||||
/**
|
||||
* String for the package location of the xml generated java files.
|
||||
*/
|
||||
public static final String SCHEMA_PACKAGE = "hirs.utils.xjc";
|
||||
|
||||
@EqualsAndHashCode.Include
|
||||
@Column(columnDefinition = "mediumblob", nullable = false)
|
||||
private byte[] rimBytes;
|
||||
@EqualsAndHashCode.Include
|
||||
@Column(nullable = false)
|
||||
private String rimType = "Base";
|
||||
@Column
|
||||
private String tagId = null;
|
||||
@Column
|
||||
private boolean swidPatch = false;
|
||||
@Column
|
||||
private boolean swidSupplemental = false;
|
||||
@Column
|
||||
private String platformManufacturer = null;
|
||||
@Column
|
||||
private String platformManufacturerId = null;
|
||||
@Column
|
||||
private String swidTagVersion = null;
|
||||
@Column
|
||||
private String swidVersion = null;
|
||||
@Column
|
||||
private String platformModel = null;
|
||||
@Column(nullable = false)
|
||||
private String fileName = null;
|
||||
@JdbcTypeCode(java.sql.Types.VARCHAR)
|
||||
@Column
|
||||
private UUID associatedRim;
|
||||
@Column
|
||||
private String deviceName;
|
||||
@Column
|
||||
private String hexDecHash = "";
|
||||
@Column
|
||||
private String eventLogHash = "";
|
||||
|
||||
/**
|
||||
* Default constructor necessary for Hibernate.
|
||||
*/
|
||||
protected ReferenceManifest() {
|
||||
super();
|
||||
this.rimBytes = null;
|
||||
this.rimType = null;
|
||||
this.platformManufacturer = null;
|
||||
this.platformManufacturerId = null;
|
||||
this.platformModel = null;
|
||||
this.fileName = BASE_RIM;
|
||||
this.tagId = null;
|
||||
this.associatedRim = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default constructor for ingesting the bytes of the file content.
|
||||
* @param rimBytes - file contents.
|
||||
*/
|
||||
public ReferenceManifest(final byte[] rimBytes) {
|
||||
Preconditions.checkArgument(rimBytes != null,
|
||||
"Cannot construct a RIM from a null byte array");
|
||||
|
||||
Preconditions.checkArgument(rimBytes.length > 0,
|
||||
"Cannot construct a RIM from an empty byte array");
|
||||
|
||||
this.rimBytes = rimBytes.clone();
|
||||
MessageDigest digest = null;
|
||||
this.hexDecHash = "";
|
||||
try {
|
||||
digest = MessageDigest.getInstance("SHA-256");
|
||||
this.hexDecHash = Hex.encodeHexString(
|
||||
digest.digest(rimBytes));
|
||||
} catch (NoSuchAlgorithmException noSaEx) {
|
||||
log.error(noSaEx);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the Reference Integrity Manifest as a byte array.
|
||||
*
|
||||
* @return array of bytes
|
||||
*/
|
||||
@JsonIgnore
|
||||
public byte[] getRimBytes() {
|
||||
if (this.rimBytes != null) {
|
||||
return this.rimBytes.clone();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean isBase() {
|
||||
return rimType.equals(BASE_RIM);
|
||||
}
|
||||
|
||||
public boolean isSupport() {
|
||||
return rimType.equals(SUPPORT_RIM);
|
||||
}
|
||||
}
|
||||
@ -1,83 +0,0 @@
|
||||
package hirs.swid;
|
||||
|
||||
import com.google.common.base.Preconditions;
|
||||
import hirs.swid.DigestAlgorithm;
|
||||
import hirs.swid.xjc.File;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
|
||||
import javax.xml.namespace.QName;
|
||||
import java.math.BigInteger;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* This object is used to represent the content of a Swid Tags Directory
|
||||
* section.
|
||||
*/
|
||||
@ToString
|
||||
public class SwidResource {
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private String name, size, hashValue;
|
||||
@Getter
|
||||
private String rimFormat, rimType, rimUriGlobal;
|
||||
private DigestAlgorithm digest = DigestAlgorithm.SHA1;
|
||||
@Getter
|
||||
private boolean validFileSize = false;
|
||||
|
||||
/**
|
||||
* Default constructor.
|
||||
*/
|
||||
public SwidResource() {
|
||||
name = null;
|
||||
size = null;
|
||||
rimFormat = null;
|
||||
rimType = null;
|
||||
rimUriGlobal = null;
|
||||
hashValue = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* The main constructor that processes a {@code hirs.utils.xjc.File}.
|
||||
*
|
||||
* @param file {@link File}
|
||||
* @param digest algorithm associated with pcr values
|
||||
*/
|
||||
public SwidResource(final File file, final DigestAlgorithm digest) {
|
||||
Preconditions.checkArgument(file != null,
|
||||
"Cannot construct a RIM Resource from a null File object");
|
||||
|
||||
this.name = file.getName();
|
||||
// at this time, there is a possibility to get an object with
|
||||
// no size even though it is required.
|
||||
if (file.getSize() != null) {
|
||||
this.size = file.getSize().toString();
|
||||
} else {
|
||||
this.size = BigInteger.ZERO.toString();
|
||||
}
|
||||
|
||||
for (Map.Entry<QName, String> entry
|
||||
: file.getOtherAttributes().entrySet()) {
|
||||
switch (entry.getKey().getLocalPart()) {
|
||||
case "supportRIMFormat":
|
||||
this.rimFormat = entry.getValue();
|
||||
break;
|
||||
case "supportRIMType":
|
||||
this.rimType = entry.getValue();
|
||||
break;
|
||||
case "supportRIMURIGlobal":
|
||||
this.rimUriGlobal = entry.getValue();
|
||||
break;
|
||||
case "hash":
|
||||
this.hashValue = entry.getValue();
|
||||
break;
|
||||
default:
|
||||
}
|
||||
}
|
||||
|
||||
this.digest = digest;
|
||||
// tpmWhiteList = new TpmWhiteListBaseline(this.name);
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user