This commit has updated changes that save both a base64 and a hex dec value of the RIM file hash to the database. Depending on what is needed, they are used to pull either the base or support RIM. Also fixed the link for the rimlinkhash on the details page.

HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java

@@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport;
 import hirs.data.persist.EventLogMeasurements;
 import hirs.data.persist.ReferenceDigestRecord;
 import hirs.data.persist.ReferenceDigestValue;
-import hirs.data.persist.ReferenceManifest;
 import hirs.data.persist.SupplyChainPolicy;
 import hirs.data.persist.SupplyChainValidationSummary;
 import hirs.data.persist.SupportReferenceManifest;
@@ -776,7 +775,7 @@ public abstract class AbstractAttestationCertificateAuthority
                 dv.getHw().getManufacturer(),
                 dv.getHw().getProductName());
         BaseReferenceManifest dbBaseRim = null;
-        ReferenceManifest support;
+        SupportReferenceManifest support;
         EventLogMeasurements measurements;
         String tagId = "";
         String fileName = "";
@@ -788,9 +787,8 @@ public abstract class AbstractAttestationCertificateAuthority
             for (ByteString logFile : dv.getLogfileList()) {
                 try {
                     support = SupportReferenceManifest.select(referenceManifestManager)
-                            .includeArchived()
-                            .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest(
-                                    logFile.toByteArray())))
+                            .byHexDecHash(Hex.encodeHexString(messageDigest.digest(
+                                    logFile.toByteArray()))).includeArchived()
                             .getRIM();
                     if (support == null) {
                         support = new SupportReferenceManifest(
@@ -803,8 +801,8 @@ public abstract class AbstractAttestationCertificateAuthority
                         support.setPlatformManufacturer(dv.getHw().getManufacturer());
                         support.setPlatformModel(dv.getHw().getProductName());
                         support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
-                                support.getRimHash().substring(
-                                        support.getRimHash().length() - NUM_OF_VARIABLES)));
+                                support.getHexDecHash().substring(
+                                        support.getHexDecHash().length() - NUM_OF_VARIABLES)));
                         support.setDeviceName(dv.getNw().getHostname());
                         this.referenceManifestManager.save(support);
                     } else {
@@ -830,9 +828,10 @@ public abstract class AbstractAttestationCertificateAuthority
             for (ByteString swidFile : dv.getSwidfileList()) {
                 try {
                     dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
+                            .byBase64Hash(Base64.getEncoder()
+                                    .encodeToString(messageDigest
+                                            .digest(swidFile.toByteArray())))
                             .includeArchived()
-                            .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest(
-                                    swidFile.toByteArray())))
                             .getRIM();
                     if (dbBaseRim == null) {
                         dbBaseRim = new BaseReferenceManifest(
@@ -864,9 +863,8 @@ public abstract class AbstractAttestationCertificateAuthority
         //update Support RIMs and Base RIMs.
         for (ByteString swidFile : dv.getSwidfileList()) {
             dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
-                    .includeArchived()
-                    .byHashCode(Base64.getEncoder().encodeToString(messageDigest.digest(
-                            swidFile.toByteArray())))
+                    .byBase64Hash(Base64.getEncoder().encodeToString(messageDigest.digest(
+                            swidFile.toByteArray()))).includeArchived()
                     .getRIM();
 
             // get file name to use
@@ -883,7 +881,7 @@ public abstract class AbstractAttestationCertificateAuthority
                 // now update support rim
                 SupportReferenceManifest dbSupport = SupportReferenceManifest
                         .select(referenceManifestManager)
-                        .byRimHash(swid.getHashValue()).getRIM();
+                        .byHexDecHash(swid.getHashValue()).getRIM();
                 if (dbSupport != null) {
                     dbSupport.setFileName(swid.getName());
                     dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());

HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java

@@ -412,8 +412,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
 
             for (SwidResource swidRes : resources) {
                 supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager)
-                        .byRimHash(swidRes.getHashValue()).getRIM();
-                if (supportReferenceManifest !=null
+                        .byHexDecHash(swidRes.getHashValue()).getRIM();
+                if (supportReferenceManifest != null
                         && swidRes.getName().equals(supportReferenceManifest.getFileName())) {
                     referenceManifestValidator.validateSupportRimHash(
                             supportReferenceManifest.getRimBytes(), swidRes.getHashValue());

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java

@@ -252,8 +252,11 @@ public class ReferenceManifestDetailsPageController
         boolean hashLinked = false;
         if (baseRim.getRimLinkHash() != null) {
             ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager)
-                    .byHashCode(baseRim.getRimLinkHash()).getRIM();
+                    .byBase64Hash(baseRim.getRimLinkHash()).getRIM();
             hashLinked = (rim != null);
+            if (hashLinked) {
+                data.put("rimLinkId", rim.getId());
+            }
         }
         data.put("linkHashValid", hashLinked);
         data.put("rimType", baseRim.getRimType());

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java

@@ -1,40 +1,26 @@
 
 package hirs.attestationca.portal.page.controllers;
 
+import hirs.FilteredRecordsList;
 import hirs.attestationca.portal.datatables.DataTableInput;
 import hirs.attestationca.portal.datatables.DataTableResponse;
+import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
 import hirs.attestationca.portal.page.Page;
 import hirs.attestationca.portal.page.PageController;
-
-import hirs.FilteredRecordsList;
-import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter;
 import hirs.attestationca.portal.page.PageMessages;
 import hirs.attestationca.portal.page.params.NoPageParams;
 import hirs.data.persist.BaseReferenceManifest;
-import hirs.data.persist.SupportReferenceManifest;
-import hirs.persist.DBManagerException;
-import hirs.persist.ReferenceManifestManager;
-import hirs.persist.CriteriaModifier;
 import hirs.data.persist.ReferenceManifest;
+import hirs.data.persist.SupportReferenceManifest;
 import hirs.data.persist.SwidResource;
 import hirs.data.persist.certificate.Certificate;
-import java.io.IOException;
-import java.net.URISyntaxException;
-
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.http.HttpServletResponse;
-
+import hirs.persist.CriteriaModifier;
+import hirs.persist.DBManagerException;
+import hirs.persist.ReferenceManifestManager;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.binary.Hex;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-
 import org.hibernate.Criteria;
 import org.hibernate.criterion.Restrictions;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -50,6 +36,21 @@ import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import org.springframework.web.servlet.view.RedirectView;
 
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 /**
  * Controller for the Reference Manifest page.
  */
@@ -437,19 +438,34 @@ public class ReferenceManifestPageController
 
         ReferenceManifest existingManifest;
 
+        MessageDigest digest = null;
+        String rimHash = "";
+        try {
+            digest = MessageDigest.getInstance("SHA-256");
+        } catch (NoSuchAlgorithmException noSaEx) {
+            LOGGER.error(noSaEx);
+        }
+
         // look for existing manifest in the database
         try {
             if (supportRim) {
+                if (digest != null) {
+                    rimHash = Hex.encodeHexString(
+                            digest.digest(referenceManifest.getRimBytes()));
+                }
                 existingManifest = SupportReferenceManifest
                         .select(referenceManifestManager)
+                        .byHexDecHash(rimHash)
                         .includeArchived()
-                        .byHashCode(referenceManifest.getRimHash())
                         .getRIM();
             } else {
+                if (digest != null) {
+                    rimHash = Base64.encodeBase64String(
+                            digest.digest(referenceManifest.getRimBytes()));
+                }
                 existingManifest = BaseReferenceManifest
-                        .select(referenceManifestManager)
+                        .select(referenceManifestManager).byBase64Hash(rimHash)
                         .includeArchived()
-                        .byHashCode(referenceManifest.getRimHash())
                         .getRIM();
             }
         } catch (DBManagerException e) {

HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp

@@ -376,7 +376,14 @@
                         <c:if test="${not empty initialData.pcUriLocal}">
                             <div>PC URI Local:&nbsp;<span>${initialData.pcUriLocal}</span></div>
                         </c:if>
-                        <div>Rim Link Hash:&nbsp;<span>${initialData.rimLinkHash}</span>
+                        <c:choose>
+                            <c:when test="${not empty initialData.rimLinkId}">
+                                <div>Rim Link Hash:&nbsp;<span><a href="${portal}/rim-details?id=${initialData.rimLinkId}">${initialData.rimLinkHash}</a></span>
+                            </c:when>
+                            <c:otherwise>
+                                <div>Rim Link Hash:&nbsp;<span>${initialData.rimLinkHash}</span>
+                            </c:otherwise>
+                        </c:choose>
                         <c:if test="${not empty initialData.rimLinkHash}">
                             <span>
                                 <c:choose>

HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import hirs.persist.DBReferenceManifestManager;
 import hirs.persist.ReferenceManifestManager;
 import hirs.persist.ReferenceManifestSelector;
@@ -25,7 +26,10 @@ import javax.xml.validation.Schema;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.List;
 import java.util.Map;
 
@@ -35,9 +39,16 @@ import java.util.Map;
 @Entity
 public class BaseReferenceManifest extends ReferenceManifest {
     private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class);
+    /**
+     * Holds the name of the 'base64Hash' field.
+     */
+    public static final String BASE_64_HASH_FIELD = "base64Hash";
 
     private static JAXBContext jaxbContext;
 
+    @Column
+    @JsonIgnore
+    private String base64Hash = "";
     @Column
     private String swidName = null;
     @Column
@@ -109,6 +120,16 @@ public class BaseReferenceManifest extends ReferenceManifest {
             setFieldValue("deviceName", deviceName);
             return this;
         }
+
+        /**
+         * Specify the RIM hash associated with the base RIM.
+         * @param base64Hash the hash of the file associated with the rim
+         * @return this instance
+         */
+        public Selector byBase64Hash(final String base64Hash) {
+            setFieldValue(BASE_64_HASH_FIELD, base64Hash);
+            return this;
+        }
     }
 
     /**
@@ -137,6 +158,16 @@ public class BaseReferenceManifest extends ReferenceManifest {
         this.setFileName("");
         SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes));
 
+        MessageDigest digest = null;
+        this.base64Hash = "";
+        try {
+            digest = MessageDigest.getInstance("SHA-256");
+            this.base64Hash = Base64.getEncoder().encodeToString(
+                    digest.digest(rimBytes));
+        } catch (NoSuchAlgorithmException noSaEx) {
+            LOGGER.error(noSaEx);
+        }
+
         // begin parsing valid swid tag
         if (si != null) {
             setTagId(si.getTagId());
@@ -746,6 +777,15 @@ public class BaseReferenceManifest extends ReferenceManifest {
         this.pcURILocal = pcURILocal;
     }
 
+    /**
+     * Getter for the Reference Integrity Manifest hash value.
+     *
+     * @return int representation of the hash value
+     */
+    public String getBase64Hash() {
+        return base64Hash;
+    }
+
     @Override
     public String toString() {
         return String.format("ReferenceManifest{swidName=%s,"
@@ -753,6 +793,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
                         + " platformModel=%s,"
                         + "tagId=%s, rimHash=%s}",
                 swidName, this.getPlatformManufacturer(),
-                this.getPlatformModel(), getTagId(), this.getRimHash());
+                this.getPlatformModel(), getTagId(), this.getBase64Hash());
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java

@@ -15,10 +15,7 @@ import javax.xml.XMLConstants;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
-import java.util.Base64;
 import java.util.UUID;
 
 /**
@@ -64,13 +61,6 @@ public abstract class ReferenceManifest extends ArchivableEntity {
 
     private static final Logger LOGGER = LogManager.getLogger(ReferenceManifest.class);
 
-    /**
-     * Holds the name of the 'rimHash' field.
-     */
-    public static final String RIM_HASH_FIELD = "rimHash";
-    @Column(nullable = false)
-    @JsonIgnore
-    private final String rimHash;
     @Column(columnDefinition = "blob", nullable = false)
     @JsonIgnore
     private byte[] rimBytes;
@@ -107,7 +97,6 @@ public abstract class ReferenceManifest extends ArchivableEntity {
     protected ReferenceManifest() {
         super();
         this.rimBytes = null;
-        this.rimHash = "";
         this.rimType = null;
         this.platformManufacturer = null;
         this.platformManufacturerId = null;
@@ -129,19 +118,6 @@ public abstract class ReferenceManifest extends ArchivableEntity {
                 "Cannot construct a RIM from an empty byte array");
 
         this.rimBytes = rimBytes.clone();
-
-        MessageDigest digest = null;
-        try {
-            digest = MessageDigest.getInstance("SHA-256");
-        } catch (NoSuchAlgorithmException noSaEx) {
-            LOGGER.error(noSaEx);
-        }
-        if (digest == null) {
-            this.rimHash = "";
-        } else {
-            this.rimHash = Base64.getEncoder().encodeToString(
-                    digest.digest(rimBytes));
-        }
     }
 
     /**
@@ -367,15 +343,6 @@ public abstract class ReferenceManifest extends ArchivableEntity {
         return null;
     }
 
-    /**
-     * Getter for the Reference Integrity Manifest hash value.
-     *
-     * @return int representation of the hash value
-     */
-    public String getRimHash() {
-        return rimHash;
-    }
-
     @Override
     public int hashCode() {
         return Arrays.hashCode(this.rimBytes);
@@ -393,8 +360,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
             return false;
         }
         ReferenceManifest that = (ReferenceManifest) object;
-        return rimHash == that.rimHash
-                && Arrays.equals(rimBytes, that.rimBytes)
+        return Arrays.equals(rimBytes, that.rimBytes)
                 && rimType.equals(that.rimType)
                 && tagId.equals(that.tagId)
                 && platformManufacturer.equals(that.platformManufacturer)
@@ -406,8 +372,7 @@ public abstract class ReferenceManifest extends ArchivableEntity {
     @Override
     public String toString() {
         return String.format("Filename->%s%nPlatform Manufacturer->%s%n"
-                + "Platform Model->%s%nRIM Type->%s%nRIM Hash->%s", this.getFileName(),
-                this.platformManufacturer, this.platformModel, this.getRimType(),
-                this.getRimHash());
+                + "Platform Model->%s%nRIM Type->%s%nRIM", this.getFileName(),
+                this.platformManufacturer, this.platformModel, this.getRimType());
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java

@@ -5,12 +5,14 @@ import hirs.persist.ReferenceManifestManager;
 import hirs.persist.ReferenceManifestSelector;
 import hirs.tpm.eventlog.TCGEventLog;
 import hirs.tpm.eventlog.TpmPcrEvent;
+import org.apache.commons.codec.binary.Hex;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import java.io.IOException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
@@ -23,7 +25,14 @@ import java.util.Collection;
 @Entity
 public class SupportReferenceManifest extends ReferenceManifest {
     private static final Logger LOGGER = LogManager.getLogger(SupportReferenceManifest.class);
+    /**
+     * Holds the name of the 'hexDecHash' field.
+     */
+    public static final String HEX_DEC_HASH_FIELD = "hexDecHash";
 
+    @Column
+    @JsonIgnore
+    private String hexDecHash = "";
     @Column
     @JsonIgnore
     private int pcrHash = 0;
@@ -82,11 +91,11 @@ public class SupportReferenceManifest extends ReferenceManifest {
 
         /**
          * Specify the RIM hash associated with the support RIM.
-         * @param rimHash the hash of the file associated with the rim
+         * @param hexDecHash the hash of the file associated with the rim
          * @return this instance
          */
-        public Selector byRimHash(final String rimHash) {
-            setFieldValue(RIM_HASH_FIELD, rimHash);
+        public Selector byHexDecHash(final String hexDecHash) {
+            setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
             return this;
         }
     }
@@ -105,6 +114,15 @@ public class SupportReferenceManifest extends ReferenceManifest {
         this.setFileName(fileName);
         this.setRimType(SUPPORT_RIM);
         this.pcrHash = 0;
+        MessageDigest digest = null;
+        this.hexDecHash = "";
+        try {
+            digest = MessageDigest.getInstance("SHA-256");
+            this.hexDecHash = Hex.encodeHexString(
+                    digest.digest(rimBytes));
+        } catch (NoSuchAlgorithmException noSaEx) {
+            LOGGER.error(noSaEx);
+        }
     }
 
     /**
@@ -235,4 +253,13 @@ public class SupportReferenceManifest extends ReferenceManifest {
     public boolean isBaseSupport() {
         return !this.isSwidSupplemental() && !this.isSwidPatch();
     }
+
+    /**
+     * Getter for the Reference Integrity Manifest hash value.
+     *
+     * @return int representation of the hash value
+     */
+    public String getHexDecHash() {
+        return hexDecHash;
+    }
 }

HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java

@@ -97,17 +97,6 @@ public abstract class ReferenceManifestSelector<T extends ReferenceManifest> {
         return this;
     }
 
-    /**
-     * Specify the hash code of the bytes that rim must match.
-     *
-     * @param rimHash the hash code of the bytes to query for
-     * @return this instance (for chaining further calls)
-     */
-    public ReferenceManifestSelector<T> byHashCode(final String rimHash) {
-        setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash);
-        return this;
-    }
-
     /**
      * Specify the file name of the object to grab.
      * @param fileName the name of the file associated with the rim