ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 04:58:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

[#168] Additional fields added to the Issued AC (#201)

Browse Source 
* Added additional code pulled from the original branch for these changes aik-field-additions.
* Updated code to include the TCG Credential Specification, which is a different version from the Platform specification.
This commit is contained in:
Cyrus 2019-11-13 10:46:00 -05:00 committed by GitHub
parent 00287725da
commit 09aafa8041
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 188 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java
View File

@ -413,7 +413,7 @@ public final class CertificateStringMapBuilder {
// Separate key and value and parse the key
for (String pair: data.split(",")) {
String[] keyValue = pair.split("=");
// Remove white space and change firt charater in the key to uppsercase
// Remove white space and change first character in the key to uppercase
keyValue[0] = Character.toUpperCase(
keyValue[0].trim().charAt(0)) + keyValue[0].trim().substring(1);
@ -441,15 +441,43 @@ public final class CertificateStringMapBuilder {
// add endorsement credential ID if not null
if (certificate.getEndorsementCredential() != null) {
data.put("endorsementID",
certificate.getEndorsementCredential().getId().toString());
EndorsementCredential ek = certificate.getEndorsementCredential();
data.put("endorsementID", ek.getId().toString());
// Add hashmap with TPM information if available
if (ek.getTpmSpecification() != null) {
data.putAll(
convertStringToHash(ek.getTpmSpecification().toString()));
}
if (ek.getTpmSecurityAssertions() != null) {
data.putAll(
convertStringToHash(ek.getTpmSecurityAssertions().toString()));
}
data.put("policyReference", ek.getPolicyReference());
data.put("crlPoints", ek.getCrlPoints());
data.put("credentialType", IssuedAttestationCertificate.AIC_TYPE_LABEL);
}
// add platform credential IDs if not empty
if (!certificate.getPlatformCredentials().isEmpty()) {
StringBuilder buf = new StringBuilder();
for (PlatformCredential pc: certificate.getPlatformCredentials()) {
for (PlatformCredential pc : certificate.getPlatformCredentials()) {
buf.append(pc.getId().toString());
buf.append(',');
data.put("manufacturer", pc.getManufacturer());
data.put("model", pc.getModel());
data.put("version", pc.getVersion());
data.put("majorVersion",
Integer.toString(pc.getMajorVersion()));
data.put("minorVersion",
Integer.toString(pc.getMinorVersion()));
data.put("revisionLevel",
Integer.toString(pc.getRevisionLevel()));
data.put("tcgMajorVersion",
Integer.toString(pc.getTcgCredentialMajorVersion()));
data.put("tcgMinorVersion",
Integer.toString(pc.getTcgCredentialMinorVersion()));
data.put("tcgRevisionLevel",
Integer.toString(pc.getTcgCredentialRevisionLevel()));
}
// remove last comma character
buf.deleteCharAt(buf.lastIndexOf(","));

89
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
View File

@ -103,7 +103,7 @@
</c:if>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Serial Number</span></div>
<div id="serialNumber" class="col col-md-8"></div>
<div id="serialNumber" class="col col-md-8 vertical"></div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Validity</span></div>
@ -192,7 +192,7 @@
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Credential Type</span></div>
<div id="credentialType" class="col col-md-8">${initialData.credentialType}</div>
<div id="credentialType" class="col col-md-8 vertical">${initialData.credentialType}</div>
</div>
<!-- Add the different fields based on the certificate type -->
<c:choose>
@ -242,7 +242,7 @@
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Policy Reference</span></div>
<div id="policyReference" class="col col-md-8">
<div id="policyReference" class="col col-md-8 vertical">
<c:choose>
<c:when test="${not empty initialData.policyReference}">
${initialData.policyReference}
@ -278,7 +278,6 @@
</div>
</c:when>
</c:choose>
<!-- Need to test this -->
<div class="row">
<div class="col-md-1 col-md-offset-1">
<span class="colHeader">
@ -320,11 +319,11 @@
<c:if test="${not empty initialData.platformType}">
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Platform Type</span></div>
<div id="platformType" class="col col-md-8">${initialData.platformType}</div>
<div id="platformType" class="col col-md-8 vertical">${initialData.platformType}</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Platform Chain</span></div>
<div id="platformType" class="col col-md-8">
<div id="platformType" class="col col-md-8 vertical">
<span>
<c:forEach items="${initialData.chainCertificates}" var="credential" varStatus="loop">
<c:choose>
@ -391,12 +390,12 @@
</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">TCG Credential Specification Version</span></div>
<div class="col-md-1 col-md-offset-1"><span class="colHeader">TCG Platform Specification Version</span></div>
<div id="majorVersion" class="col col-md-8 vertical">${initialData.majorVersion}.${initialData.minorVersion}.${initialData.revisionLevel}</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Platform Class</span></div>
<div id="platformClass" class="col col-md-8">${initialData.platformClass}</div>
<div id="platformClass" class="col col-md-8 vertical">${initialData.platformClass}</div>
</div>
<!-- TBB Security Assertion-->
<c:if test="${not empty initialData.tbbSecurityAssertion}">
@ -778,6 +777,34 @@
</c:if>
</c:when>
<c:when test="${param.type=='issued'}">
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">System Information</span></div>
<div id="subjectAltName" class="col col-md-8">
<div id="manufacturer">Manufacturer:&nbsp;<span>${initialData.manufacturer}</span></div>
<div id="model">Model:&nbsp;<span>${initialData.model}</span></div>
<div id="version">Version:&nbsp;<span>${initialData.version}</span></div>
<div id="serial">Serial Number:&nbsp;<span>${initialData.platformSerial}</span></div>
</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Policy Reference</span></div>
<div id="policyReference" class="col col-md-8 vertical">
<c:choose>
<c:when test="${not empty initialData.policyReference}">
${initialData.policyReference}
</c:when>
<c:otherwise>
Not Specified
</c:otherwise>
</c:choose>
</div>
</div>
<c:if test="${initialData.crlPoints}">
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Revocation Locator</span></div>
<div id="revocationLocator" class="col col-md-8"><a href="${initialData.crlPoints}">${initialData.crlPoints}</div>
</div>
</c:if>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Endorsement Credential</span></div>
<div id="endorsementID" class="col col-md-8">
@ -800,6 +827,50 @@
</c:if>
</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">TCG Platform Specification Version</span></div>
<div id="majorVersion" class="col col-md-8 vertical">${initialData.majorVersion}.${initialData.minorVersion}.${initialData.revisionLevel}</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">TCG Credential Specification Version</span></div>
<div id="majorVersion" class="col col-md-8 vertical">${initialData.tcgMajorVersion}.${initialData.tcgMinorVersion}.${initialData.tcgRevisionLevel}</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1">
<span class="colHeader">
<a role="button" data-toggle="collapse" class="collapsed" href="#tpmSpecificationInner"
aria-expanded="true" data-placement="top" aria-controls="tpmSpecificationInner">
TPM Specification
</a>
</span>
</div>
<div id="tpmSpecification" class="col col-md-8">
<div id="tpmSpecificationInner" class="panel-body collapse" role="tabpanel" aria-expanded="false">
<div>Family:&nbsp;<span>${initialData.TPMSpecificationFamily}</span></div>
<div>Level:&nbsp;<span>${initialData.TPMSpecificationLevel}</span></div>
<div>Revision:&nbsp;<span>${initialData.TPMSpecificationRevision}</span></div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1">
<span class="colHeader">
<a role="button" data-toggle="collapse" class="collapsed" href="#tpmSecurityAssertionInner"
aria-expanded="true" data-placement="top" aria-controls="tpmSecurityAssertionInner">
TPM Security Assertion
</a>
</span>
</div>
<div id="tpmSecurityAssertion" class="col col-md-8">
<div id="tpmSecurityAssertionInner" class="panel-body collapse" role="tabpanel" aria-expanded="false">
<div>Version:&nbsp;<span>${initialData.TPMSecurityAssertionsVersion}</span></div>
<div>Field Upgradeable:&nbsp;<span>${initialData.TPMSecurityAssertionsFieldUpgradeable}</span></div>
<div>ek Generation Type:&nbsp;<span>${initialData.TPMSecurityAssertionsEkGenType}</span></div>
<div>ek Generation Location:&nbsp;<span>${initialData.TPMSecurityAssertionsEkGenLoc}</span></div>
<div>ek Certificate Generation Location:&nbsp;<span>${initialData.TPMSecurityAssertionsEkCertGenLoc}</span></div>
</div>
</div>
</div>
</c:when>
</c:choose>
</div>
@ -858,7 +929,7 @@
}
</c:if>
//Initiliaze tooltips
//Initilize tooltips
$('[data-toggle="tooltip"]').tooltip();
//Vertical alignment on data columns

5
HIRS_Utils/src/main/java/hirs/data/persist/certificate/IssuedAttestationCertificate.java
View File

@ -20,6 +20,11 @@ import javax.persistence.ManyToOne;
@Entity
public class IssuedAttestationCertificate extends DeviceAssociatedCertificate {
/**
* AIC label that must be used.
*/
public static final String AIC_TYPE_LABEL = "TCPA Trusted Platform Identity";
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "ek_id")
private EndorsementCredential endorsementCredential;

71
HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
View File

@ -54,6 +54,7 @@ import org.bouncycastle.operator.ContentVerifierProvider;
@Entity
public class PlatformCredential extends DeviceAssociatedCertificate {
private static final Logger LOGGER = LogManager.getLogger(PlatformCredential.class);
private static final int TCG_SPECIFICATION_LENGTH = 3;
// These are Object Identifiers (OIDs) for sections in the credentials
private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1";
private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2";
@ -227,6 +228,15 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
@Column
private int revisionLevel = 0;
@Column
private int tcgCredentialMajorVersion = 0;
@Column
private int tcgCredentialMinorVersion = 0;
@Column
private int tcgCredentialRevisionLevel = 0;
@Column
private String platformClass = null;
@ -239,6 +249,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
private String platformChainType = Strings.EMPTY;
private boolean isDeltaChain = false;
/**
* Get a Selector for use in retrieving PlatformCredentials.
*
@ -465,6 +476,33 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
return revisionLevel;
}
/**
* Gets the TCG Credential major version.
*
* @return the TCG Credential Major Version
*/
public int getTcgCredentialMajorVersion() {
return tcgCredentialMajorVersion;
}
/**
* Gets the TCG Credential minor version.
*
* @return the TCG Credential minor version
*/
public int getTcgCredentialMinorVersion() {
return tcgCredentialMinorVersion;
}
/**
* Gets the TCG Credential revision level.
*
* @return the TCG Credential revision level
*/
public int getTcgCredentialRevisionLevel() {
return tcgCredentialRevisionLevel;
}
/**
* Gets the platform specification platform class.
*
@ -728,7 +766,10 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
new PlatformConfigurationV2(attributeSequence));
break;
case TCG_PLATFORM_SPECIFICATION:
// handled in parseFields
break;
case TCG_CREDENTIAL_SPECIFICATION:
getTCGCredentialSpecification(attributeSequence);
break;
default:
// No class defined for this attribute
@ -799,6 +840,36 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
return null;
}
/**
* This method sets the TCG Credential fields from a certificate, if provided.
*
* @param attributeSequence The sequence associated with 2.23.133.2.23
*/
private void getTCGCredentialSpecification(final ASN1Sequence attributeSequence) {
try {
this.tcgCredentialMajorVersion = Integer.parseInt(
attributeSequence.getObjectAt(0).toString());
this.tcgCredentialMinorVersion = Integer.parseInt(
attributeSequence.getObjectAt(1).toString());
this.tcgCredentialRevisionLevel = Integer.parseInt(
attributeSequence.getObjectAt(2).toString());
} catch (NumberFormatException nfEx) {
// ill-formed ASN1
String fieldContents = attributeSequence.toString();
if (fieldContents != null && fieldContents.contains(",")) {
fieldContents = fieldContents.replaceAll("[^a-zA-Z0-9,]", "");
String[] fields = fieldContents.split(",");
if (fields.length == TCG_SPECIFICATION_LENGTH) {
this.tcgCredentialMajorVersion = Integer.parseInt(fields[0]);
this.tcgCredentialMinorVersion = Integer.parseInt(fields[1]);
this.tcgCredentialRevisionLevel = Integer.parseInt(fields[2]);
}
}
}
}
/**
* Get the list of component identifiers if there are any.
* @return the list of component identifiers if there are any