From 0a215d797399b586fec712b101c437dc23bc3be0 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 27 Nov 2023 16:10:51 -0500 Subject: [PATCH] Minor changes the main one is adding deviceName so that it is associated with the platform certificate. Added code for the componentInfo using asText which isn't pulling the field value, to textValue --- .../persist/entity/ArchivableEntity.java | 1 - .../persist/provision/AbstractProcessor.java | 3 ++- .../persist/provision/IdentityClaimProcessor.java | 12 +++++++----- .../provision/helper/CredentialManagementHelper.java | 4 +++- .../validation/SupplyChainCredentialValidator.java | 2 +- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index db758042..c209df3e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -60,7 +60,6 @@ public abstract class ArchivableEntity extends AbstractEntity { * false is archived time is already set, signifying the entity has been archived. */ public final boolean archive() { - this.archiveFlag = false; if (this.archivedTime == null) { this.archivedTime = new Date(); archiveFlag = true; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java index cca14eca..1bd22292 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java @@ -170,7 +170,8 @@ public class AbstractProcessor { for (ByteString platformCredential : identityClaim.getPlatformCredentialList()) { if (!platformCredential.isEmpty()) { platformCredentials.add(CredentialManagementHelper.storePlatformCredential( - certificateRepository, platformCredential.toByteArray())); + certificateRepository, platformCredential.toByteArray(), + identityClaim.getDv().getNw().getHostname())); } } } else if (endorsementCredential != null) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index dfa63607..320e23ec 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -187,6 +187,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { // Parse and save device info Device device = processDeviceInfo(claim); + device.getDeviceInfo().setPaccorOutputString(claim.getPaccorOutput()); // There are situations in which the claim is sent with no PCs // or a PC from the tpm which will be deprecated // this is to check what is in the platform object and pull @@ -318,8 +319,9 @@ public class IdentityClaimProcessor extends AbstractProcessor { if (dv.getLogfileCount() > 0) { for (ByteString logFile : dv.getLogfileList()) { try { - support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHash( - Hex.encodeHexString(messageDigest.digest(logFile.toByteArray()))); + support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType( + Hex.encodeHexString(messageDigest.digest(logFile.toByteArray())), + ReferenceManifest.SUPPORT_RIM); if (support == null) { support = new SupportReferenceManifest( String.format("%s.rimel", @@ -346,8 +348,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { } catch (IOException ioEx) { log.error(ioEx); } catch (Exception ex) { - log.error(String.format("Failed to load support rim: %s", messageDigest.digest( - logFile.toByteArray()).toString())); + log.error(String.format("Failed to load support rim: %s", ex.getMessage())); } } } else { @@ -381,6 +382,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { this.referenceManifestRepository.save(dbBaseRim); } } + tagId = dbBaseRim.getTagId(); } catch (IOException ioEx) { log.error(ioEx); } @@ -409,7 +411,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { // now update support rim SupportReferenceManifest dbSupport = (SupportReferenceManifest) referenceManifestRepository - .findByHexDecHash(swid.getHashValue()); + .findByHexDecHashAndRimType(swid.getHashValue(), ReferenceManifest.SUPPORT_RIM); if (dbSupport != null) { dbSupport.setFileName(swid.getName()); dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelper.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelper.java index 4d684665..fed1411b 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelper.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelper.java @@ -82,11 +82,12 @@ public final class CredentialManagementHelper { * it is unarchived. * @param certificateRepository the certificate manager used for storage * @param platformBytes the raw PC bytes used for parsing + * @param deviceName the host name of the associated machine * @return the parsed, valid PC, or null if the provided bytes are not a valid EK. */ public static PlatformCredential storePlatformCredential( final CertificateRepository certificateRepository, - final byte[] platformBytes) { + final byte[] platformBytes, final String deviceName) { if (certificateRepository == null) { throw new IllegalArgumentException("null certificate manager"); @@ -130,6 +131,7 @@ public final class CredentialManagementHelper { } } } + platformCredential.setDeviceName(deviceName); return (PlatformCredential) certificateRepository.save(platformCredential); } else if (existingCredential.isArchived()) { // if the PC is stored in the DB and it's archived, unarchive. diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java index d951fe54..ed32b0f7 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java @@ -342,7 +342,7 @@ public class SupplyChainCredentialValidator { private static String getJSONNodeValueAsText(final JsonNode node, final String fieldName) { if (node.hasNonNull(fieldName)) { - return node.findValue(fieldName).asText(); + return node.findValue(fieldName).textValue(); } return null; }