diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 767ba188..6eb1c254 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -14,7 +14,6 @@ import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.ReferenceDigestRecord; import hirs.data.persist.ReferenceDigestValue; -import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupplyChainPolicy; import hirs.data.persist.SupplyChainValidationSummary; import hirs.data.persist.SupportReferenceManifest; @@ -94,6 +93,7 @@ import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.MGF1ParameterSpec; import java.security.spec.RSAPublicKeySpec; +import java.util.Base64; import java.util.Calendar; import java.util.Date; import java.util.HashSet; @@ -680,7 +680,6 @@ public abstract class AbstractAttestationCertificateAuthority for (String line : lines) { if (!line.isEmpty() && !line.contains(TPM_SIGNATURE_ALG)) { - LOG.error(line); pcrs[counter++] = line.split(":")[1].trim(); } } @@ -776,7 +775,7 @@ public abstract class AbstractAttestationCertificateAuthority dv.getHw().getManufacturer(), dv.getHw().getProductName()); BaseReferenceManifest dbBaseRim = null; - ReferenceManifest support; + SupportReferenceManifest support; EventLogMeasurements measurements; String tagId = ""; String fileName = ""; @@ -788,11 +787,9 @@ public abstract class AbstractAttestationCertificateAuthority for (ByteString logFile : dv.getLogfileList()) { try { support = SupportReferenceManifest.select(referenceManifestManager) - .includeArchived() - .byHashCode(Hex.encodeHexString(messageDigest.digest( - logFile.toByteArray()))) + .byHexDecHash(Hex.encodeHexString(messageDigest.digest( + logFile.toByteArray()))).includeArchived() .getRIM(); - if (support == null) { support = new SupportReferenceManifest( String.format("%s.rimel", @@ -804,8 +801,9 @@ public abstract class AbstractAttestationCertificateAuthority support.setPlatformManufacturer(dv.getHw().getManufacturer()); support.setPlatformModel(dv.getHw().getProductName()); support.setFileName(String.format("%s_[%s].rimel", defaultClientName, - support.getRimHash().substring( - support.getRimHash().length() - NUM_OF_VARIABLES))); + support.getHexDecHash().substring( + support.getHexDecHash().length() - NUM_OF_VARIABLES))); + support.setDeviceName(dv.getNw().getHostname()); this.referenceManifestManager.save(support); } else { LOG.info("Client provided Support RIM already loaded in database."); @@ -828,53 +826,19 @@ public abstract class AbstractAttestationCertificateAuthority if (dv.getSwidfileCount() > 0) { for (ByteString swidFile : dv.getSwidfileList()) { - fileName = ""; try { dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) + .byBase64Hash(Base64.getEncoder() + .encodeToString(messageDigest + .digest(swidFile.toByteArray()))) .includeArchived() - .byHashCode(Hex.encodeHexString(messageDigest.digest( - swidFile.toByteArray()))) .getRIM(); - if (dbBaseRim == null) { dbBaseRim = new BaseReferenceManifest( String.format("%s.swidtag", defaultClientName), swidFile.toByteArray()); - - // get file name to use - for (SwidResource swid : dbBaseRim.parseResource()) { - matcher = pattern.matcher(swid.getName()); - if (matcher.matches()) { - //found the file name - int dotIndex = swid.getName().lastIndexOf("."); - fileName = swid.getName().substring(0, dotIndex); - dbBaseRim = new BaseReferenceManifest( - String.format("%s.swidtag", - fileName), - swidFile.toByteArray()); - } - - // now update support rim - SupportReferenceManifest dbSupport = SupportReferenceManifest - .select(referenceManifestManager) - .byRimHash(swid.getHashValue()).getRIM(); - if (dbSupport != null && !dbSupport.isUpdated()) { - dbSupport.setFileName(swid.getName()); - dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); - // I might create a get for the bytes of the swidtag file - // so that I can set that instead of the rim ID - dbSupport.setTagId(dbBaseRim.getTagId()); - dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); - dbSupport.setSwidVersion(dbBaseRim.getSwidVersion()); - dbSupport.setSwidPatch(dbBaseRim.isSwidPatch()); - dbSupport.setSwidSupplemental(dbBaseRim.isSwidSupplemental()); - dbBaseRim.setAssociatedRim(dbSupport.getId()); - dbSupport.setUpdated(true); - this.referenceManifestManager.update(dbSupport); - break; - } - } + dbBaseRim.setDeviceName(dv.getNw().getHostname()); this.referenceManifestManager.save(dbBaseRim); } else { LOG.info("Client provided Base RIM already loaded in database."); @@ -888,7 +852,6 @@ public abstract class AbstractAttestationCertificateAuthority this.referenceManifestManager.update(dbBaseRim); } } - } catch (IOException ioEx) { LOG.error(ioEx); } @@ -897,16 +860,56 @@ public abstract class AbstractAttestationCertificateAuthority LOG.warn("Device did not send swid tag file..."); } - generateDigestRecords(hw.getManufacturer(), hw.getProductName()); + //update Support RIMs and Base RIMs. + for (ByteString swidFile : dv.getSwidfileList()) { + dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) + .byBase64Hash(Base64.getEncoder().encodeToString(messageDigest.digest( + swidFile.toByteArray()))).includeArchived() + .getRIM(); + + // get file name to use + for (SwidResource swid : dbBaseRim.parseResource()) { + matcher = pattern.matcher(swid.getName()); + if (matcher.matches()) { + //found the file name + int dotIndex = swid.getName().lastIndexOf("."); + fileName = swid.getName().substring(0, dotIndex); + dbBaseRim.setFileName(String.format("%s.swidtag", + fileName)); + } + + // now update support rim + SupportReferenceManifest dbSupport = SupportReferenceManifest + .select(referenceManifestManager) + .byHexDecHash(swid.getHashValue()).getRIM(); + if (dbSupport != null) { + dbSupport.setFileName(swid.getName()); + dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); + dbSupport.setTagId(dbBaseRim.getTagId()); + dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); + dbSupport.setSwidVersion(dbBaseRim.getSwidVersion()); + dbSupport.setSwidPatch(dbBaseRim.isSwidPatch()); + dbSupport.setSwidSupplemental(dbBaseRim.isSwidSupplemental()); + dbBaseRim.setAssociatedRim(dbSupport.getId()); + dbSupport.setUpdated(true); + dbSupport.setAssociatedRim(dbBaseRim.getId()); + this.referenceManifestManager.update(dbSupport); + } + } + this.referenceManifestManager.update(dbBaseRim); + } + + generateDigestRecords(hw.getManufacturer(), hw.getProductName(), + dv.getNw().getHostname()); if (dv.hasLivelog()) { LOG.info("Device sent bios measurement log..."); fileName = String.format("%s.measurement", - defaultClientName); + dv.getNw().getHostname()); try { // find previous version. If it exists, delete it measurements = EventLogMeasurements.select(referenceManifestManager) - .byManufacturer(dv.getHw().getManufacturer()) + .byDeviceName(dv.getNw().getHostname()) .includeArchived().getRIM(); if (measurements != null) { LOG.info("Previous bios measurement log found and being replaced..."); @@ -917,6 +920,7 @@ public abstract class AbstractAttestationCertificateAuthority measurements.setPlatformManufacturer(dv.getHw().getManufacturer()); measurements.setPlatformModel(dv.getHw().getProductName()); measurements.setTagId(tagId); + measurements.setDeviceName(dv.getNw().getHostname()); this.referenceManifestManager.save(measurements); } catch (IOException ioEx) { LOG.error(ioEx); @@ -944,7 +948,8 @@ public abstract class AbstractAttestationCertificateAuthority return dvReport; } - private boolean generateDigestRecords(final String manufacturer, final String model) { + private boolean generateDigestRecords(final String manufacturer, final String model, + final String deviceName) { List rdValues; Set dbSupportRims = SupportReferenceManifest .select(referenceManifestManager).byManufacturer(manufacturer).getRIMs(); @@ -953,6 +958,7 @@ public abstract class AbstractAttestationCertificateAuthority if (dbSupport.getPlatformModel().equals(model)) { ReferenceDigestRecord dbObj = new ReferenceDigestRecord(dbSupport, manufacturer, model); + dbObj.setDeviceName(deviceName); // this is where we update or create the log ReferenceDigestRecord rdr = this.referenceDigestManager.getRecord(dbObj); if (dbSupport.isBaseSupport()) { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index af085ca6..64001df0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -370,28 +370,30 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe String model = device.getDeviceInfo() .getHardwareInfo().getProductName(); ReferenceManifest validationObject = null; - ReferenceManifest baseReferenceManifest = null; + Set baseReferenceManifests = null; + BaseReferenceManifest baseReferenceManifest = null; ReferenceManifest supportReferenceManifest = null; ReferenceManifest measurement = null; ReferenceDigestRecord digestRecord = null; - baseReferenceManifest = BaseReferenceManifest.select(referenceManifestManager) - .byManufacturer(manufacturer).getRIM(); - supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) - .byManufacturer(manufacturer).getRIM(); + baseReferenceManifests = BaseReferenceManifest.select(referenceManifestManager) + .byDeviceName(device.getDeviceInfo().getNetworkInfo().getHostname()).getRIMs(); + measurement = EventLogMeasurements.select(referenceManifestManager) .byManufacturer(manufacturer).includeArchived().getRIM(); + for (BaseReferenceManifest bRim : baseReferenceManifests) { + if (!bRim.isSwidSupplemental() && !bRim.isSwidPatch()) { + baseReferenceManifest = bRim; + } + } + validationObject = baseReferenceManifest; String failedString = ""; if (baseReferenceManifest == null) { failedString = "Base Reference Integrity Manifest\n"; passed = false; } - if (supportReferenceManifest == null) { - failedString += "Support Reference Integrity Manifest\n"; - passed = false; - } if (measurement == null) { failedString += "Bios measurement"; passed = false; @@ -409,13 +411,23 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe new ByteArrayInputStream(baseReferenceManifest.getRimBytes())); for (SwidResource swidRes : resources) { - if (swidRes.getName().equals(supportReferenceManifest.getFileName())) { + supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) + .byHexDecHash(swidRes.getHashValue()).getRIM(); + if (supportReferenceManifest != null + && swidRes.getName().equals(supportReferenceManifest.getFileName())) { referenceManifestValidator.validateSupportRimHash( supportReferenceManifest.getRimBytes(), swidRes.getHashValue()); + } else { + supportReferenceManifest = null; } } + if (supportReferenceManifest == null) { + fwStatus = new AppraisalStatus(FAIL, + "Support Reference Integrity Manifest can not be found\n"); + passed = false; + } - if (!referenceManifestValidator.isSignatureValid()) { + if (passed && !referenceManifestValidator.isSignatureValid()) { passed = false; fwStatus = new AppraisalStatus(FAIL, "Firmware validation failed: Signature validation " @@ -432,7 +444,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (passed) { TCGEventLog logProcessor; try { - logProcessor = new TCGEventLog(supportReferenceManifest.getRimBytes()); + logProcessor = new TCGEventLog(measurement.getRimBytes()); baseline = logProcessor.getExpectedPCRValues(); } catch (CertificateException cEx) { LOGGER.error(cEx); @@ -471,7 +483,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } else { StringBuilder sb = pcrPolicy.validatePcrs(storedPcrs); if (sb.length() > 0) { - validationObject = supportReferenceManifest; + validationObject = baseReferenceManifest; level = Level.ERROR; fwStatus = new AppraisalStatus(FAIL, sb.toString()); } else { @@ -512,9 +524,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (!tpmPcrEvents.isEmpty()) { StringBuilder sb = new StringBuilder(); validationObject = measurement; + sb.append(String.format("%d digest(s) were not found:%n", + tpmPcrEvents.size())); for (TpmPcrEvent tpe : tpmPcrEvents) { - sb.append(String.format("Event %s - %s%n", - tpe.getEventNumber(), + sb.append(String.format("PCR Index %d - %s%n", + tpe.getPcrIndex(), tpe.getEventTypeStr())); } if (fwStatus.getAppStatus().equals(FAIL)) { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index b57127ef..41a842fe 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -6,12 +6,16 @@ import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams; import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.EventLogMeasurements; +import hirs.data.persist.ReferenceDigestRecord; +import hirs.data.persist.ReferenceDigestValue; import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.SwidResource; import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.persist.CertificateManager; import hirs.persist.DBManagerException; +import hirs.persist.ReferenceDigestManager; +import hirs.persist.ReferenceEventManager; import hirs.persist.ReferenceManifestManager; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; @@ -28,10 +32,12 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.UUID; @@ -44,6 +50,8 @@ public class ReferenceManifestDetailsPageController extends PageController { private final ReferenceManifestManager referenceManifestManager; + private final ReferenceDigestManager referenceDigestManager; + private final ReferenceEventManager referenceEventManager; private final CertificateManager certificateManager; private static final ReferenceManifestValidator RIM_VALIDATOR = new ReferenceManifestValidator(); @@ -54,14 +62,20 @@ public class ReferenceManifestDetailsPageController * Constructor providing the Page's display and routing specification. * * @param referenceManifestManager the reference manifest manager. + * @param referenceDigestManager the reference digest manager. + * @param referenceEventManager the reference event manager. * @param certificateManager the certificate manager. */ @Autowired public ReferenceManifestDetailsPageController( final ReferenceManifestManager referenceManifestManager, + final ReferenceDigestManager referenceDigestManager, + final ReferenceEventManager referenceEventManager, final CertificateManager certificateManager) { super(Page.RIM_DETAILS); this.referenceManifestManager = referenceManifestManager; + this.referenceDigestManager = referenceDigestManager; + this.referenceEventManager = referenceEventManager; this.certificateManager = certificateManager; } @@ -87,12 +101,13 @@ public class ReferenceManifestDetailsPageController if (params.getId() == null) { String typeError = "ID was not provided"; messages.addError(typeError); - LOGGER.error(typeError); + LOGGER.debug(typeError); mav.addObject(MESSAGES_ATTRIBUTE, messages); } else { try { UUID uuid = UUID.fromString(params.getId()); - data.putAll(getRimDetailInfo(uuid, referenceManifestManager, certificateManager)); + data.putAll(getRimDetailInfo(uuid, referenceManifestManager, + referenceDigestManager, referenceEventManager, certificateManager)); } catch (IllegalArgumentException iaEx) { String uuidError = "Failed to parse ID from: " + params.getId(); messages.addError(uuidError); @@ -100,7 +115,7 @@ public class ReferenceManifestDetailsPageController } catch (Exception ioEx) { LOGGER.error(ioEx); for (StackTraceElement ste : ioEx.getStackTrace()) { - LOGGER.debug(ste.toString()); + LOGGER.error(ste.toString()); } } if (data.isEmpty()) { @@ -123,6 +138,8 @@ public class ReferenceManifestDetailsPageController * * @param uuid database reference for the requested RIM. * @param referenceManifestManager the reference manifest manager. + * @param referenceDigestManager the reference digest manager. + * @param referenceEventManager the reference event manager. * @param certificateManager the certificate manager. * @return mapping of the RIM information from the database. * @throws java.io.IOException error for reading file bytes. @@ -131,6 +148,8 @@ public class ReferenceManifestDetailsPageController */ public static HashMap getRimDetailInfo(final UUID uuid, final ReferenceManifestManager referenceManifestManager, + final ReferenceDigestManager referenceDigestManager, + final ReferenceEventManager referenceEventManager, final CertificateManager certificateManager) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); @@ -153,7 +172,8 @@ public class ReferenceManifestDetailsPageController .byEntityId(uuid).getRIM(); if (bios != null) { - data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager)); + data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager, + referenceDigestManager, referenceEventManager)); } return data; @@ -232,8 +252,11 @@ public class ReferenceManifestDetailsPageController boolean hashLinked = false; if (baseRim.getRimLinkHash() != null) { ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager) - .byHashCode(baseRim.getRimLinkHash()).getRIM(); + .byBase64Hash(baseRim.getRimLinkHash()).getRIM(); hashLinked = (rim != null); + if (hashLinked) { + data.put("rimLinkId", rim.getId()); + } } data.put("linkHashValid", hashLinked); data.put("rimType", baseRim.getRimType()); @@ -318,7 +341,8 @@ public class ReferenceManifestDetailsPageController .select(referenceManifestManager) .byRimType(ReferenceManifest.BASE_RIM).getRIMs(); for (BaseReferenceManifest baseRim : baseRims) { - if (baseRim != null && baseRim.getAssociatedRim().equals(support.getId())) { + if (baseRim != null && baseRim.getAssociatedRim() != null + && baseRim.getAssociatedRim().equals(support.getId())) { support.setAssociatedRim(baseRim.getId()); try { referenceManifestManager.update(support); @@ -457,6 +481,8 @@ public class ReferenceManifestDetailsPageController * * @param measurements established ReferenceManifest Type. * @param referenceManifestManager the reference manifest manager. + * @param referenceDigestManager the reference digest manager. + * @param referenceEventManager the reference event manager. * @return mapping of the RIM information from the database. * @throws java.io.IOException error for reading file bytes. * @throws NoSuchAlgorithmException If an unknown Algorithm is encountered. @@ -464,56 +490,102 @@ public class ReferenceManifestDetailsPageController */ private static HashMap getMeasurementsRimInfo( final EventLogMeasurements measurements, - final ReferenceManifestManager referenceManifestManager) + final ReferenceManifestManager referenceManifestManager, + final ReferenceDigestManager referenceDigestManager, + final ReferenceEventManager referenceEventManager) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); - LinkedList supportEvents = new LinkedList<>(); LinkedList livelogEvents = new LinkedList<>(); BaseReferenceManifest base = null; - SupportReferenceManifest support = null; - TCGEventLog supportLog = null; + List supports = new ArrayList<>(); + SupportReferenceManifest baseSupport = null; + List digestRecords = new LinkedList<>(); data.put("supportFilename", "Blank"); data.put("supportId", ""); - data.put("tagId", measurements.getTagId()); data.put("baseId", ""); data.put("rimType", measurements.getRimType()); + data.put("hostName", measurements.getDeviceName()); - if (measurements.getPlatformManufacturer() != null) { - support = SupportReferenceManifest + if (measurements.getDeviceName() != null) { + digestRecords = referenceDigestManager + .getRecordsByDeviceName(measurements.getDeviceName()); + supports.addAll(SupportReferenceManifest .select(referenceManifestManager) - .byManufacturer(measurements - .getPlatformManufacturer()).getRIM(); - - if (support != null) { - supportLog = new TCGEventLog(support.getRimBytes()); - data.put("supportFilename", support.getFileName()); - data.put("supportId", support.getId()); + .byDeviceName(measurements + .getDeviceName()).getRIMs()); + for (SupportReferenceManifest support : supports) { + if (support.isBaseSupport()) { + baseSupport = support; + } } - base = BaseReferenceManifest - .select(referenceManifestManager) - .byManufacturer(measurements - .getPlatformManufacturer()).getRIM(); + if (baseSupport != null) { + data.put("supportFilename", baseSupport.getFileName()); + data.put("supportId", baseSupport.getId()); - if (base != null) { - data.put("baseId", base.getId()); + base = BaseReferenceManifest + .select(referenceManifestManager) + .byEntityId(baseSupport.getAssociatedRim()) + .getRIM(); + data.put("tagId", baseSupport.getTagId()); + + if (base != null) { + data.put("baseId", base.getId()); + } } } TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes()); - if (supportLog != null) { - TpmPcrEvent measurementEvent; - for (TpmPcrEvent tpe : supportLog.getEventList()) { - measurementEvent = measurementLog.getEventByNumber(tpe.getEventNumber()); - if (!tpe.eventCompare(measurementEvent)) { - supportEvents.add(tpe); + List eventValue = new ArrayList<>(); + Map eventValueMap = new HashMap<>(); + if (!digestRecords.isEmpty()) { + for (ReferenceDigestRecord rdr : digestRecords) { + eventValue.addAll(referenceEventManager + .getValuesByRecordId(rdr)); + } + for (ReferenceDigestValue rdv : eventValue) { + eventValueMap.put(rdv.getDigestValue(), rdv); + } + for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) { + if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) { livelogEvents.add(measurementEvent); } } } - data.put("supportEvents", supportEvents); + if (!supports.isEmpty()) { + Map> baselineLogEvents = new HashMap<>(); + List matchedEvents = null; + List combinedBaselines = new LinkedList<>(); + for (SupportReferenceManifest support : supports) { + combinedBaselines.addAll(support.getEventLog()); + } + String bootVariable; + String variablePrefix = "Variable Name:"; + String variableSuffix = "UEFI_GUID"; + for (TpmPcrEvent tpe : livelogEvents) { + matchedEvents = new ArrayList<>(); + for (TpmPcrEvent tpmPcrEvent : combinedBaselines) { + if (tpmPcrEvent.getEventType() == tpe.getEventType()) { + if (tpe.getEventContentStr().contains(variablePrefix)) { + bootVariable = tpe.getEventContentStr().substring(( + tpe.getEventContentStr().indexOf(variablePrefix) + + variablePrefix.length()), + tpe.getEventContentStr().indexOf(variableSuffix)); + if (tpmPcrEvent.getEventContentStr().contains(bootVariable)) { + matchedEvents.add(tpmPcrEvent); + } + } else { + matchedEvents.add(tpmPcrEvent); + } + } + } + baselineLogEvents.put(tpe.getEventDigestStr(), matchedEvents); + } + data.put("eventTypeMap", baselineLogEvents); + } + data.put("livelogEvents", livelogEvents); return data; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 243d1d8b..f73d4c16 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -1,40 +1,26 @@ package hirs.attestationca.portal.page.controllers; +import hirs.FilteredRecordsList; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; +import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; - -import hirs.FilteredRecordsList; -import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.NoPageParams; import hirs.data.persist.BaseReferenceManifest; -import hirs.data.persist.SupportReferenceManifest; -import hirs.persist.DBManagerException; -import hirs.persist.ReferenceManifestManager; -import hirs.persist.CriteriaModifier; import hirs.data.persist.ReferenceManifest; +import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.SwidResource; import hirs.data.persist.certificate.Certificate; -import java.io.IOException; -import java.net.URISyntaxException; - -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.regex.Matcher; -import java.util.regex.Pattern; -import javax.servlet.http.HttpServletResponse; - +import hirs.persist.CriteriaModifier; +import hirs.persist.DBManagerException; +import hirs.persist.ReferenceManifestManager; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; - import org.hibernate.Criteria; import org.hibernate.criterion.Restrictions; import org.springframework.beans.factory.annotation.Autowired; @@ -50,6 +36,21 @@ import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.view.RedirectView; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * Controller for the Reference Manifest page. */ @@ -437,19 +438,34 @@ public class ReferenceManifestPageController ReferenceManifest existingManifest; + MessageDigest digest = null; + String rimHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // look for existing manifest in the database try { if (supportRim) { + if (digest != null) { + rimHash = Hex.encodeHexString( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = SupportReferenceManifest .select(referenceManifestManager) + .byHexDecHash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } else { + if (digest != null) { + rimHash = Base64.encodeBase64String( + digest.digest(referenceManifest.getRimBytes())); + } existingManifest = BaseReferenceManifest - .select(referenceManifestManager) + .select(referenceManifestManager).byBase64Hash(rimHash) .includeArchived() - .byHashCode(referenceManifest.getRimHash()) .getRIM(); } } catch (DBManagerException e) { diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp index b4cf5dc0..b9e0bad9 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp @@ -241,6 +241,10 @@
Base/Support
+ +
${initialData.hostName} +
+ @@ -253,60 +257,47 @@

-
-
Support
- - -
-
-
Event#:
-
${sEvent.getEventNumber()+1}
-
-
-
PCR Index:
-
${sEvent.getPcrIndex()}
-
-
-
Digest:
-
${sEvent.getEventDigestStr()}
-
-
-
Content:
-
${sEvent.getEventContentStr()}
-
-
- - -
Client Log
+ -
-
-
Event#:
-
${lEvent.getEventNumber()+1}
-
-
-
PCR Index:
-
${lEvent.getPcrIndex()}
-
-
-
Digest:
-
${lEvent.getEventDigestStr()}
-
-
-
Content:
-
${lEvent.getEventContentStr()}
+
+
+
Failed
Digest:
+
+ ${lEvent.getEventDigestStr()}
${lEvent.getEventContentStr()} +
+
+
+ Baseline Events of Type:
+ ${lEvent.getEventTypeString()} +
+
+ + + + +
+
PCR Index: ${event.getPcrIndex()}
+
Digest: ${event.getEventDigestStr()}
+
Event Content: ${event.getEventContentStr()}
+
+ + + +
+
+
- +
Software Identity
@@ -343,7 +334,17 @@
Link
+ +
diff --git a/HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css b/HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css index 9c49a253..55d68caa 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css +++ b/HIRS_AttestationCAPortal/src/main/webapp/common/rim_details.css @@ -81,4 +81,28 @@ .data-value { flex: 5 +} + +.mappedType { + display: flex 1; + padding: 1rem; + width: 20rem; + font-weight: bold +} + +.mappedOverhead { + display: flex; + flex-direction: column; + padding: 1rem; +} + +.mappedData { + font-weight: bold; +} + +.mappedButton { + display: flex 1; + padding: 1rem; + width: 20rem; + font-weight: bold; } \ No newline at end of file diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index b0b42ba5..0a260bdd 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.persist.DBReferenceManifestManager; import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; @@ -25,7 +26,10 @@ import javax.xml.validation.Schema; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Base64; import java.util.List; import java.util.Map; @@ -35,9 +39,16 @@ import java.util.Map; @Entity public class BaseReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(BaseReferenceManifest.class); + /** + * Holds the name of the 'base64Hash' field. + */ + public static final String BASE_64_HASH_FIELD = "base64Hash"; private static JAXBContext jaxbContext; + @Column + @JsonIgnore + private String base64Hash = ""; @Column private String swidName = null; @Column @@ -100,24 +111,23 @@ public class BaseReferenceManifest extends ReferenceManifest { } /** - * Specify the platform manufacturer id that rims must have to be considered + * Specify the device name that rims must have to be considered * as matching. - * @param manufacturerId string for the id of the manufacturer + * @param deviceName string for the deviceName * @return this instance */ - public Selector byManufacturerId(final String manufacturerId) { - setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + public Selector byDeviceName(final String deviceName) { + setFieldValue("deviceName", deviceName); return this; } /** - * Specify the platform model that rims must have to be considered - * as matching. - * @param model string for the model + * Specify the RIM hash associated with the base RIM. + * @param base64Hash the hash of the file associated with the rim * @return this instance */ - public Selector byModel(final String model) { - setFieldValue(PLATFORM_MODEL, model); + public Selector byBase64Hash(final String base64Hash) { + setFieldValue(BASE_64_HASH_FIELD, base64Hash); return this; } } @@ -148,6 +158,16 @@ public class BaseReferenceManifest extends ReferenceManifest { this.setFileName(""); SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes)); + MessageDigest digest = null; + this.base64Hash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.base64Hash = Base64.getEncoder().encodeToString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } + // begin parsing valid swid tag if (si != null) { setTagId(si.getTagId()); @@ -757,6 +777,15 @@ public class BaseReferenceManifest extends ReferenceManifest { this.pcURILocal = pcURILocal; } + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getBase64Hash() { + return base64Hash; + } + @Override public String toString() { return String.format("ReferenceManifest{swidName=%s," @@ -764,6 +793,6 @@ public class BaseReferenceManifest extends ReferenceManifest { + " platformModel=%s," + "tagId=%s, rimHash=%s}", swidName, this.getPlatformManufacturer(), - this.getPlatformModel(), getTagId(), this.getRimHash()); + this.getPlatformModel(), getTagId(), this.getBase64Hash()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java index 11f63d32..cf226377 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java @@ -58,24 +58,13 @@ public class EventLogMeasurements extends ReferenceManifest { } /** - * Specify the platform manufacturer id that rims must have to be considered + * Specify the device name that rims must have to be considered * as matching. - * @param manufacturerId string for the id of the manufacturer + * @param deviceName string for the deviceName * @return this instance */ - public Selector byManufacturerId(final String manufacturerId) { - setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); - return this; - } - - /** - * Specify the platform model that rims must have to be considered - * as matching. - * @param model string for the model - * @return this instance - */ - public Selector byModel(final String model) { - setFieldValue(PLATFORM_MODEL, model); + public Selector byDeviceName(final String deviceName) { + setFieldValue("deviceName", deviceName); return this; } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestRecord.java index ee24e340..43cec77d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestRecord.java @@ -28,6 +28,8 @@ public class ReferenceDigestRecord extends ArchivableEntity { private String manufacturer; @Column(nullable = false) private String model; + @Column(nullable = false) + private String deviceName; @Column(columnDefinition = "blob", nullable = true) private byte[] valueBlob; @@ -134,6 +136,22 @@ public class ReferenceDigestRecord extends ArchivableEntity { this.model = model; } + /** + * Getter for the deviceName associated. + * @return the string of the deviceName + */ + public String getDeviceName() { + return deviceName; + } + + /** + * Setter for the deviceName associated. + * @param deviceName the string of the model + */ + public void setDeviceName(final String deviceName) { + this.deviceName = deviceName; + } + /** * Getter for the byte array of event values. * @return a clone of the byte array @@ -158,7 +176,7 @@ public class ReferenceDigestRecord extends ArchivableEntity { */ @Override public String toString() { - return String.format("ReferenceDigestRecord: %s%n%s -> %s", - super.toString(), this.manufacturer, this.model); + return String.format("ReferenceDigestRecord: %s%n%s::%s::%s", + super.toString(), this.manufacturer, this.model, this.deviceName); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 1e107011..7724f87a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -2,7 +2,6 @@ package hirs.data.persist; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; -import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.hibernate.annotations.Type; @@ -16,8 +15,6 @@ import javax.xml.XMLConstants; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.UUID; @@ -64,13 +61,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { private static final Logger LOGGER = LogManager.getLogger(ReferenceManifest.class); - /** - * Holds the name of the 'rimHash' field. - */ - public static final String RIM_HASH_FIELD = "rimHash"; - @Column(nullable = false) - @JsonIgnore - private final String rimHash; @Column(columnDefinition = "blob", nullable = false) @JsonIgnore private byte[] rimBytes; @@ -97,6 +87,9 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Type(type = "uuid-char") @Column private UUID associatedRim; + @Column + @JsonIgnore + private String deviceName; /** * Default constructor necessary for Hibernate. @@ -104,7 +97,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { protected ReferenceManifest() { super(); this.rimBytes = null; - this.rimHash = ""; this.rimType = null; this.platformManufacturer = null; this.platformManufacturerId = null; @@ -126,19 +118,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { "Cannot construct a RIM from an empty byte array"); this.rimBytes = rimBytes.clone(); - - MessageDigest digest = null; - try { - digest = MessageDigest.getInstance("SHA-256"); - } catch (NoSuchAlgorithmException noSaEx) { - LOGGER.error(noSaEx); - } - if (digest == null) { - this.rimHash = ""; - } else { - this.rimHash = Hex.encodeHexString( - digest.digest(rimBytes)); - } } /** @@ -212,7 +191,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { } /** - * Getter for the RIM Type (Primary, Supplemental, Patch). + * Getter for the RIM Type (Base, Support, Measurement). * * @return string for the RIM Type */ @@ -335,6 +314,22 @@ public abstract class ReferenceManifest extends ArchivableEntity { this.associatedRim = associatedRim; } + /** + * Getter for the Device Name. + * @return string value of the device associated with this log. + */ + public String getDeviceName() { + return deviceName; + } + + /** + * Setter for the Device Name. + * @param deviceName new value to assign. + */ + public void setDeviceName(final String deviceName) { + this.deviceName = deviceName; + } + /** * Getter for the Reference Integrity Manifest as a byte array. * @@ -348,15 +343,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { return null; } - /** - * Getter for the Reference Integrity Manifest hash value. - * - * @return int representation of the hash value - */ - public String getRimHash() { - return rimHash; - } - @Override public int hashCode() { return Arrays.hashCode(this.rimBytes); @@ -374,8 +360,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { return false; } ReferenceManifest that = (ReferenceManifest) object; - return rimHash == that.rimHash - && Arrays.equals(rimBytes, that.rimBytes) + return Arrays.equals(rimBytes, that.rimBytes) && rimType.equals(that.rimType) && tagId.equals(that.tagId) && platformManufacturer.equals(that.platformManufacturer) @@ -387,8 +372,7 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Override public String toString() { return String.format("Filename->%s%nPlatform Manufacturer->%s%n" - + "Platform Model->%s%nRIM Type->%s%nRIM Hash->%s", this.getFileName(), - this.platformManufacturer, this.platformModel, this.getRimType(), - this.getRimHash()); + + "Platform Model->%s%nRIM Type->%s%nRIM", this.getFileName(), + this.platformManufacturer, this.platformModel, this.getRimType()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index e180ca64..f7b10238 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -5,12 +5,14 @@ import hirs.persist.ReferenceManifestManager; import hirs.persist.ReferenceManifestSelector; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; +import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.persistence.Column; import javax.persistence.Entity; import java.io.IOException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -23,7 +25,14 @@ import java.util.Collection; @Entity public class SupportReferenceManifest extends ReferenceManifest { private static final Logger LOGGER = LogManager.getLogger(SupportReferenceManifest.class); + /** + * Holds the name of the 'hexDecHash' field. + */ + public static final String HEX_DEC_HASH_FIELD = "hexDecHash"; + @Column + @JsonIgnore + private String hexDecHash = ""; @Column @JsonIgnore private int pcrHash = 0; @@ -60,24 +69,13 @@ public class SupportReferenceManifest extends ReferenceManifest { } /** - * Specify the platform manufacturer id that rims must have to be considered + * Specify the device name that rims must have to be considered * as matching. - * @param manufacturerId string for the id of the manufacturer + * @param deviceName string for the deviceName * @return this instance */ - public Selector byManufacturerId(final String manufacturerId) { - setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); - return this; - } - - /** - * Specify the platform model that rims must have to be considered - * as matching. - * @param model string for the model - * @return this instance - */ - public Selector byModel(final String model) { - setFieldValue(PLATFORM_MODEL, model); + public Selector byDeviceName(final String deviceName) { + setFieldValue("deviceName", deviceName); return this; } @@ -93,11 +91,11 @@ public class SupportReferenceManifest extends ReferenceManifest { /** * Specify the RIM hash associated with the support RIM. - * @param rimHash the hash of the file associated with the rim + * @param hexDecHash the hash of the file associated with the rim * @return this instance */ - public Selector byRimHash(final String rimHash) { - setFieldValue(RIM_HASH_FIELD, rimHash); + public Selector byHexDecHash(final String hexDecHash) { + setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash); return this; } } @@ -116,6 +114,15 @@ public class SupportReferenceManifest extends ReferenceManifest { this.setFileName(fileName); this.setRimType(SUPPORT_RIM); this.pcrHash = 0; + MessageDigest digest = null; + this.hexDecHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.hexDecHash = Hex.encodeHexString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } } /** @@ -246,4 +253,13 @@ public class SupportReferenceManifest extends ReferenceManifest { public boolean isBaseSupport() { return !this.isSwidSupplemental() && !this.isSwidPatch(); } + + /** + * Getter for the Reference Integrity Manifest hash value. + * + * @return int representation of the hash value + */ + public String getHexDecHash() { + return hexDecHash; + } } diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java index a7177511..31cb6c71 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java @@ -108,6 +108,28 @@ public class DBReferenceDigestManager extends DBManager return dbRecord; } + @Override + public List getRecordsByDeviceName(final String deviceName) { + LOGGER.debug("Getting record for {}", deviceName); + if (deviceName == null) { + LOGGER.error("No deviceName to get record from db"); + return null; + } + + List dbRecords = new ArrayList<>(); + try { + List dbTempList = super.getList(ReferenceDigestRecord.class); + for (ReferenceDigestRecord rdr : dbTempList) { + if (rdr.getDeviceName().equals(deviceName)) { + dbRecords.add(rdr); + } + } + } catch (DBManagerException dbMEx) { + throw new RuntimeException(dbMEx); + } + return dbRecords; + } + @Override public ReferenceDigestRecord getRecordById(final ReferenceDigestRecord referenceDigestRecord) { LOGGER.debug("Getting record for {}", referenceDigestRecord); diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java index b65cb4d8..83b4d67a 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java @@ -37,6 +37,14 @@ public interface ReferenceDigestManager { */ ReferenceDigestRecord getRecord(String manufacturer, String model); + /** + * Persists a new Reference Digest. + * + * @param deviceName the string of the network hostname + * @return the persisted ReferenceDigestRecord list + */ + List getRecordsByDeviceName(String deviceName); + /** * Persists a new Reference Digest. * diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 0ff4bcf9..67b1e274 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -97,17 +97,6 @@ public abstract class ReferenceManifestSelector { return this; } - /** - * Specify the hash code of the bytes that rim must match. - * - * @param rimHash the hash code of the bytes to query for - * @return this instance (for chaining further calls) - */ - public ReferenceManifestSelector byHashCode(final String rimHash) { - setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); - return this; - } - /** * Specify the file name of the object to grab. * @param fileName the name of the file associated with the rim diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java index ca2d5098..28996a62 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java @@ -1,17 +1,7 @@ package hirs.tpm.eventlog; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.math.BigInteger; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.util.Arrays; - -import hirs.tpm.eventlog.events.EvConstants; import hirs.tpm.eventlog.events.EvCompactHash; +import hirs.tpm.eventlog.events.EvConstants; import hirs.tpm.eventlog.events.EvEfiBootServicesApp; import hirs.tpm.eventlog.events.EvEfiGptPartition; import hirs.tpm.eventlog.events.EvEfiHandoffTable; @@ -30,6 +20,16 @@ import org.apache.commons.codec.binary.Hex; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.math.BigInteger; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.Arrays; + /** * Class to process a TCG_PCR_EVENT. * TCG_PCR_EVENT is used when the Event log uses the SHA1 Format as described in the @@ -211,6 +211,14 @@ public class TpmPcrEvent { return String.format("0x%s %s", Long.toHexString(eventType), eventString((int) eventType)); } + /** + * Returns a formatted string of the type for the event minus the byte code. + * @return a string formatted to be human readable + */ + public String getEventTypeString() { + return eventString((int) eventType); + } + /** * Returns the version of the TCG Log Event specification pertaining to the log. * only updated if the event is a TCG_EfiSpecIdEvent.