Set signature validity so that the ACA can report accurately

2025-01-29 15:44:14 +00:00 · 2021-11-02 12:10:55 -04:00 · 2021-11-02 12:10:55 -04:00 · 0c233ae771
commit 0c233ae771
parent 3a6be133eb
2 changed files with 8 additions and 6 deletions
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
@ -305,7 +305,6 @@ public class ReferenceManifestDetailsPageController
            data.put("pcrList", support.getExpectedPCRList());
        }

-//        RIM_VALIDATOR.validateXmlSignature(new ByteArrayInputStream(baseRim.getRimBytes()));
        Set<CertificateAuthorityCredential> certificates =
                CertificateAuthorityCredential.select(certificateManager)
                        .getCertificates();
--- a/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/ReferenceManifestValidator.java
@ -187,7 +187,8 @@ public class ReferenceManifestValidator {
            }
            if (context != null) {
                publicKey = cert.getX509Certificate().getPublicKey();
-                return validateSignedXMLDocument(context);
+                signatureValid = validateSignedXMLDocument(context);
+                return signatureValid;
            }
        } catch (IOException e) {
            LOGGER.warn("Error while parsing certificate data: " + e.getMessage());
@ -207,8 +208,10 @@ public class ReferenceManifestValidator {
     */
    public void validateSupportRimHash(final byte[] input, final String expected) {
        String calculatedHash = getHashValue(input, SHA256);
-        LOGGER.info("Calculated hash: " + calculatedHash + ", actual: " + expected);
        supportRimValid = calculatedHash.equals(expected);
+        if (!supportRimValid) {
+            LOGGER.info("Unmatched support RIM hash! Expected: " + expected + ", actual: " + calculatedHash);
+        }
    }

    /**
@ -335,7 +338,7 @@ public class ReferenceManifestValidator {
     * @return an X509Certificate created from the string, or null
     * @throws Exception if certificate cannot be successfully parsed
     */
-    public X509Certificate parseCertFromPEMString(final String pemString) throws Exception {
+    private X509Certificate parseCertFromPEMString(final String pemString) throws Exception {
        String certificateHeader = "-----BEGIN CERTIFICATE-----";
        String certificateFooter = "-----END CERTIFICATE-----";
        try {
@ -350,9 +353,9 @@ public class ReferenceManifestValidator {
            LOGGER.warn("Error creating CertificateFactory instance: " + e.getMessage());
        } catch (UnsupportedEncodingException e) {
            LOGGER.warn("Error while parsing cert from PEM string: " + e.getMessage());
-        } finally {
-            throw new Exception("Error parsing certificate from PEM string!");
        }
+
+        return null;
    }

    /**