diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index e4c3c5ed..ba149fb4 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -321,21 +321,21 @@ public final class SupplyChainCredentialValidator implements CredentialValidator // this needs to be a loop for all deltas, link to issue #110 // check that they don't have the same serial number - for (PlatformCredential delta : deltaMapping.keySet()) { + for (PlatformCredential pc : deltaMapping.keySet()) { if (!basePlatformCredential.getPlatformSerial() - .equals(delta.getPlatformSerial())) { + .equals(pc.getPlatformSerial())) { message = String.format("Base and Delta platform serial " + "numbers do not match (%s != %s)", - delta.getPlatformSerial(), + pc.getPlatformSerial(), basePlatformCredential.getPlatformSerial()); LOGGER.error(message); return new AppraisalStatus(FAIL, message); } // none of the deltas should have the serial number of the base - if (basePlatformCredential.getSerialNumber() - .equals(delta.getSerialNumber())) { + if (!pc.isBase() && basePlatformCredential.getSerialNumber() + .equals(pc.getSerialNumber())) { message = String.format("Delta Certificate with same serial number as base. (%s)", - delta.getSerialNumber()); + pc.getSerialNumber()); LOGGER.error(message); return new AppraisalStatus(FAIL, message); } diff --git a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java index f4dc3ee0..49dd4c91 100644 --- a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java @@ -99,6 +99,7 @@ import static org.powermock.api.mockito.PowerMockito.when; "javax.security.auth.*" }) public class SupplyChainCredentialValidatorTest { + private static final String JSON_FILE = "/config/component-class.json"; private static final String SAMPLE_PACCOR_OUTPUT_TXT = "sample_paccor_output.txt"; private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT = "sample_paccor_output_not_specified_values.txt"; @@ -2028,29 +2029,41 @@ public class SupplyChainCredentialValidatorTest { PlatformCredential delta1 = mock(PlatformCredential.class); PlatformCredential delta2 = mock(PlatformCredential.class); - ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"), + ComponentIdentifierV2 compId1 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00010002"), + new DERUTF8String("Intel"), new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"), new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null, - ASN1Boolean.TRUE, new ArrayList<>(0)); - ComponentIdentifier compId2 = new ComponentIdentifier( + ASN1Boolean.TRUE, new ArrayList<>(0), null, null, + null); + ComponentIdentifierV2 compId2 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00050004"), new DERUTF8String("Intel Corporation"), new DERUTF8String("Ethernet Connection I217-V-faulty"), new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null, - ASN1Boolean.FALSE, new ArrayList<>(0)); - ComponentIdentifier compId3 = new ComponentIdentifier( + ASN1Boolean.FALSE, new ArrayList<>(0), null, null, + null); + ComponentIdentifierV2 compId3 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00090002"), new DERUTF8String("Intel Corporation"), new DERUTF8String("82580 Gigabit Network Connection-faulty"), new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null, - ASN1Boolean.FALSE, new ArrayList<>(0)); + ASN1Boolean.FALSE, new ArrayList<>(0), null, null, + null); ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2( - new ComponentClass(), + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00050004"), new DERUTF8String("Intel Corporation"), new DERUTF8String("Ethernet Connection I217-V"), new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null, ASN1Boolean.FALSE, new ArrayList<>(0), null, null, AttributeStatus.ADDED); ComponentIdentifierV2 deltaCompId3 = new ComponentIdentifierV2( - new ComponentClass(), + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00090002"), new DERUTF8String("Intel Corporation"), new DERUTF8String("82580 Gigabit Network Connection"), new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null, @@ -2060,6 +2073,7 @@ public class SupplyChainCredentialValidatorTest { ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2(); ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2(); ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer()); + ciV21Faulty.setComponentClass(compId2.getComponentClass()); ciV21Faulty.setComponentModel(compId2.getComponentModel()); ciV21Faulty.setComponentSerial(compId2.getComponentSerial()); ciV21Faulty.setComponentRevision(compId2.getComponentRevision()); @@ -2068,6 +2082,7 @@ public class SupplyChainCredentialValidatorTest { ciV21Faulty.setComponentAddress(compId2.getComponentAddress()); ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED); ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer()); + ciV22Faulty.setComponentClass(compId3.getComponentClass()); ciV22Faulty.setComponentModel(compId3.getComponentModel()); ciV22Faulty.setComponentSerial(compId3.getComponentSerial()); ciV22Faulty.setComponentRevision(compId3.getComponentRevision()); @@ -2094,17 +2109,17 @@ public class SupplyChainCredentialValidatorTest { when(base.getManufacturer()).thenReturn("innotek GmbH"); when(base.getModel()).thenReturn("VirtualBox"); when(base.getVersion()).thenReturn("1.2"); - when(base.getPlatformSerial()).thenReturn("0"); - when(delta1.getPlatformSerial()).thenReturn("0"); - when(delta2.getPlatformSerial()).thenReturn("0"); + when(base.getPlatformSerial()).thenReturn("62UIAE5"); + when(delta1.getPlatformSerial()).thenReturn("62UIAE5"); + when(delta2.getPlatformSerial()).thenReturn("62UIAE5"); when(base.getPlatformType()).thenReturn("base"); when(delta1.getPlatformType()).thenReturn("delta"); when(delta2.getPlatformType()).thenReturn("delta"); - when(base.getSerialNumber()).thenReturn(BigInteger.ZERO); - when(delta1.getSerialNumber()).thenReturn(BigInteger.ONE); - when(delta2.getSerialNumber()).thenReturn(BigInteger.TEN); - when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.ZERO); - when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.ONE); + when(base.getSerialNumber()).thenReturn(BigInteger.valueOf(01)); + when(delta1.getSerialNumber()).thenReturn(BigInteger.valueOf(39821)); + when(delta2.getSerialNumber()).thenReturn(BigInteger.valueOf(39822)); + when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(02)); + when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(39821)); when(base.getComponentIdentifiers()).thenReturn(compList); when(delta1.getComponentIdentifiers()).thenReturn(delta1List); when(delta2.getComponentIdentifiers()).thenReturn(delta2List); @@ -2129,9 +2144,9 @@ public class SupplyChainCredentialValidatorTest { AppraisalStatus result = supplyChainCredentialValidator .validateDeltaPlatformCredentialAttributes(delta2, deviceInfoReport, base, chainCredentials); - Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS); Assert.assertEquals(result.getMessage(), SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID); + Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS); } /** @@ -2149,22 +2164,33 @@ public class SupplyChainCredentialValidatorTest { PlatformCredential base = mock(PlatformCredential.class); PlatformCredential delta1 = mock(PlatformCredential.class); - ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"), + ComponentIdentifierV2 compId1 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00010002"), + new DERUTF8String("Intel"), new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"), new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null, - ASN1Boolean.TRUE, new ArrayList<>(0)); - ComponentIdentifier compId2 = new ComponentIdentifier( + ASN1Boolean.TRUE, new ArrayList<>(0), null, null, + null); + ComponentIdentifierV2 compId2 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00050004"), new DERUTF8String("Intel Corporation"), new DERUTF8String("Ethernet Connection I217-V-faulty"), new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null, - ASN1Boolean.FALSE, new ArrayList<>(0)); - ComponentIdentifier compId3 = new ComponentIdentifier( + ASN1Boolean.FALSE, new ArrayList<>(0), null, null, + null); + ComponentIdentifierV2 compId3 = new ComponentIdentifierV2( + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00090002"), new DERUTF8String("Intel Corporation"), new DERUTF8String("82580 Gigabit Network Connection-faulty"), new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null, - ASN1Boolean.FALSE, new ArrayList<>(0)); + ASN1Boolean.FALSE, new ArrayList<>(0), null, null, + null); ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2( - new ComponentClass(), + new ComponentClass(Paths.get(this.getClass() + .getResource(JSON_FILE).toURI()), "0x00050004"), new DERUTF8String("Intel Corporation"), new DERUTF8String("Ethernet Connection I217-V"), new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null, @@ -2231,12 +2257,8 @@ public class SupplyChainCredentialValidatorTest { deviceInfoReport, base, chainCredentials); Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL); Assert.assertEquals(result.getMessage(), - "Delta Certificate with same serial number as base. (0)"); -// Assert.assertEquals(result.getMessage(), -// "There are unmatched components:\n" -// + "Manufacturer=Intel Corporation, Model=82580 " -// + "Gigabit Network Connection-faulty, " -// + "Serial=90:e2:ba:31:83:10, Revision=;\n"); + "There are 1 unmatched components on the Platform Certificate:\n" + + "COMPID=370101885;1"); } /** diff --git a/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt b/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt index 92b5d9b2..d2a7d72c 100755 --- a/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt +++ b/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt @@ -5,13 +5,22 @@ }, "COMPONENTS": [ { - "MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz" + "COMPONENTCLASS": { + "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1", + "COMPONENTCLASSVALUE": "00010002" + },"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz" }, { - "MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00" + "COMPONENTCLASS": { + "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1", + "COMPONENTCLASSVALUE": "00050004" + },"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00" }, { - "MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": "" + "COMPONENTCLASS": { + "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1", + "COMPONENTCLASSVALUE": "00090002" + },"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": "" } ], "PROPERTIES": [