From 2e767994ff173fd34b84f7359aa1de5e3b82b268 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 8 Apr 2019 14:09:21 -0400 Subject: [PATCH] [#107] Additional component fields for version 2 (#121) * Updated CONTRIBUTING.md * Remove old CI Runner config * [#1] Add support for processing ECC certificates as part of the trust chain * [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly * [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly * Update Link to Build Instructions on main README * Fixed link to the Platform Credential Profile. * [#7] Support Building (Not Packaging) on Ubuntu 18.04 * [#10] Fix representation of zero-valued hashes Zero-value hashes, and hashes of no data, are now considered as matches to equal values instead of treating them as 'unknown'. * [#12] Setup basic Travis CI build * Update README to include Build Status * [#7] Setup Build/Package Support for Ubuntu (#9) * Updating the certificate details page to display the Holder information and include a link to the associated Endorsement Certificate. * Adding ability to delete Attestation Certificates on the ACA. * [#14] Parallelize Subproject CI Builds and Pull Pre-Built Image * Revise Docker to Always Pull Latest HIRS project * This change forces the supply chain validation service to verify that the Platform Credential has a status of PASS. If it does not, no matter the outcome of the Attributes validation, the status of the Attributes can not be PASS. Added an additional null check for a platform supply validation. Added a mapping object for platform credential to the associated attributes during validations. Added an additional null check for a platform supply validation. Added a mapping object for platform credential to the associated attributes during validations. Missed import statement. * Adding Tpm2-tss support for Deb packaging. Changes how tpm20.h, which contains the TPM2 SAPI, is imported to allow successful packaging of both debs and rpms. * [#23] Update HIRS Utils and ACA to handle certificate padding (#26) * [#27] Fix TPMSecurityAssertions Parsing in EndorsementCredential (#31) * [#28] ACA RPM modifies SELinux policy to allow Tomcat to use MySQL. The CentOS7 package selinux-policy-targeted does not allow Tomcat to use port 3306, which is the default MySQL port. This commit changes the ACA RPM to modify the SELinux policy to grant that permission on fresh installs. This makes the ACA RPM now require the policycoreutils package to be installed. * Print provisioner installation comments to console * [#25] Make ACA exception handling more descriptive * [#38] ACA checks uploaded EK Certs if one is not provided during provisioning * [#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries * [#33] IMA baselines can match measurements based solely on hashes (#34) ImaAcceptableRecordBaseline and its subclasses have been updated to include a containsHashes method to be able to match IMA measurement records based solely on their hashes. Supporting classes have been updated or created as necessary. Additionally, the set of path equivalencies as specified in the IMA policy have been updated to include additional entries. Closes #33. * Updated for release 1.0.2 * [#32] Add package stage to Travis Build * [#47] Prevent deletion of external dependencies for TPM 2.0 Provisioner (#48) * [#41] Provisioners use PACCOR for device info collection. (#45) The provisioners used to shell out using different tools to collect device info. Now they both use PACCOR instead. * [#49] Modify getPolicy behavior to reflect use DBPolicyManager's getPolicy(appraiser, device) has historically returned the default policy for an appraiser if none is defined in the device group that the given device belongs to. However, this behavior does not in fact support the current use of devices, groups, and policies; in the case where a group has no policy assigned for a type of appraiser, the system is in a state where that type of appraisal will not occur for devices in a given group. To better reflect desired behavior, the method now returns null if a policy is not explicitly set for the given (appraiser, device group) pair. Closes #49. * [#52] Make TPM2 Provisioner check for a running Resource Manager (#53) [#52] Make TPM2 Provisioner check for a running Resource Manager * [#55] Add displayTitle to Alert These changes simply add a field called 'displayTitle' to the Alert class to hold a human-readable title for each Alert instance. Closes #55. * Add changes for device deletion. Changes data structures to facilitate deletion of devices from the DB and all other entries with foreign key relationships. * TPMBaseline.isEmpty() method, activated tests Added unit test for TPMBaseline.isEmpty(). Change exception type thrown in generator class Added unit tests to account for both an empty and a non-empty baseline object Checkstyle changes * Replace Refs of yum localinstall with yum install There is no functional difference between `yum install` and `yum localinstall`, however the former is preferred for modern conventions' sake. * [#62] Cleaned up preprocessor file expansion. There were unnecessary references to file paths in the executable. * [#43] Additional certificate fields to display * This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access. * Made some fixes to the platform class print out. Needs to print out string representation of the value. * Additional changes for the certificate details page. Going over the spec determining what should be shown and what should be hidden if no information is specified. * This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access. Made some fixes to the platform class print out. Needs to print out string representation of the value. Additional changes for the certificate details page. Going over the spec determining what should be shown and what should be hidden if no information is specified. Small updates to code commits and statements * Stashing changes. * Correcting some unit test fail instances. The PC Test fails because the tested cert is not updated to new (constantly changing) specs. Not just on the value but also on the value type. * Fixing git merge meta data. * Updates to include the Authority Key information as a set rather than just one item. Using a bouncy castle defined class. * Reversed the type of variable the public key value returns so that the unit test for it doesn't have to change. The type wasn't important, it was a convenience decision. * Adding changes based on review comments from @apldev3. * Made changes based on github review comments. * Additional changes for github comments * Updated the code for the public key size on CA and EK certificates. There was a previous issue with 4 additional bytes being included in the size. * Some more changes for Github comments * Add selector for Endorsement Credential and Platform Credential Deletion (#66) Adds a selector method to retrieve ECs and PCs by their associated device so they can be deleted. * [#69] Add null checks to Component Identifier Serial/Revision Trimming (#70) * [#54] ACA Users guide (#57) * Added the ACA Users Guide * Updated the installation notes on the ACA portal help page * changed format of user guide from pdf to doc * [#54] Edit ACA Users Guide * Updated the ACA Install and User Guide * Added the ACA Users Guide. Updated the ACA install Notes and added the ACA User Guide. * [#46] Setup Travis for HIRS Integration Tests (#68) * [#46] Ensure Travis mounts repository rather than clones it in Docker * [#46] Containerize HIRS ACA and prep ACA container for Integration Tests * [#46] Containerize HIRS TPM2Provisioner and prep TPM2Provisioner container for Integration Tests * [#46] Replace localinstall with install * [#46] Prevent rebuilding of packages unnecessarily * [#46] Finish initial docker compose setup for integration tests * [#46] Allow for detection of complete Integration Environment Setup * [#46] Fix Travis CI to allow for detecting Integ Test Environ Stand-Up * [#46] Fix Initial Integration Test Script * [#46] Troubleshoot Integration Test script * #67 Add systems tests for HIRS Provisioner TPM 2.0 (#73) * Added System Tests. * Cleaned up scripts * Cleaned up system tests. * Cleaned up system tests. * Cleaned up system tests. * Updated system tests. * Code review updates. * Fix Style Issue in Build (#76) A couple of variables had conflicting names and the inner scope was shadowing the outer. Style checker was complaining. Deleted one inner definition and renamed another variable. * Incremented VERSION to 1.0.3 (#81) * [#78] hirs-provisioner-tpm2 on path after installation. (#84) There was a problem in the rpm-post-install.sh script that ran as part of the CentOS7 rpm installation where a link was being created called libcurl.so which pointed to libcurl.so.4. If the link could not be created because it already existed, the script would quit before finishing and never place hirs-provisioner-tpm2 in a directory on the PATH. The proper solution was to link hirs-provisioner against libcurl.so.4 so that it is clear which version of the API was compiled against. This was not happening because we were linking against a version of curl build by the CPR project which was not properly embedding the SONAME in the shared object file. By linking instead against the shared object file distributed in the development package of libcurl, hirs-provisioner-tpm2 now looks for libcurl.so.4 rather than the generic libcurl.so. This will prevent our executable from breaking if libcurl.so gets updated to point to a newer version of libcurl that uses a different API. Closes #78. * [#82] Systems Tests not Reporting Failure Correctly (#83) * Test failing system tests report correctly in Travis. * Test successful system tests report correctly in Travis. * Test failing system tests report correctly in Travis. * Test successful system tests report correctly in Travis. * Test failing system tests report correctly in Travis. * Test successful system tests report correctly in Travis. * [#71] Dockerize TPM 1.2 Provisioner and Integrate with Docker Compose (#77) * [#71] Initial Dockerization of TPM 1.2 Provisioner * Fix permissions on new script * Fix current bugs * [#71] Try a new direction for setting up TPM 1.2 Provisioner Testing * [#71] Attempt to the latest version of Trousers on Travis CI VM for 1.2 Provisioner support * [#71] Try IBM TPM 1.2 Emulator * [#71] Move towards cleaning up work * [#71] Update TPM1.2 Provisioner Docker to work with Docker Compose in Systems Test * [#71] Get TPM 1.2 Provisioner to provision successfully in Docker container * Update system tests script to include TPM 1.2 Provisioner container * [#71] Separate TPM 1.2 and 2.0 Provisioner System Tests * [#71] Pipe TPM Emulator log output to file to clear up system test output * [#87] Combine Packaging and System Tests into One Travis Test Phase (#89) * [#91] Add Authority Information Access to Issuer field of Attribute Certificates (#92) * Updated code base for Attribute Certificates. They are currently not showing Authority Information Access in the Issuer field on the certificate details page. The code was not written to handle this or to set it. * Updated unit tests to test Authority Info Access and Key Identifier. * Adding extra certificates to be used in the new tests. * Updated unit test, the new tests were missing the @Test parameter. * [#19] General Name/DN equals functionality (#93) * Adding new class GeneralNames, I will be changing it to adjust to the bc class as to not confuse the two. This class takes the subject string and parse out the information for comparsion. * Adding file I didn't have tracked in the previous commit. * Updating code to handle the instance of multiple organization units. * A null exception was being thrown from the unit tests for the organization unit variable. * Add some comments * continued testing and updates are needed. * Cleanup - removed excess commented code and debug lines. * Updating code base to use X500Name for name compares, removing GeneralNamesParser.java file as it is not necessary * Updated for final changes. * Modification to previous changes per request on github. Separated out compare method into its own class and created unit tests. * Added Users Guide to the Quick Links section * [#72] Supply Chain Validator fix and update (#94) * This fix correct an IllegalStateException for the SupplyChainValider when all policy settings are true. When trying to remove a value from the iterator in the validator, the item was null and caused this issue. This also takes out the Platform Serial as a required field. Closes #72 * checking in a small change that puts back in a line for checking the serial number. It has been changed from FAIL to PASS however. * Committing updated changes. * Committing test certs for changes. * Updated unit tests * Fixing travis checkstyle for URISyntaxException missing from UnitTests * [#96] Validation tooltip update (#98) * Updating code to list what specifically is unmatched for platform components on the validation page when there is a failure. * Updates include a small shift for the policy page, putting the correct order for setting them (top to bottom). Updated unit tests for the additional text that now appears on the tool tip for the validation failure icon. * Updates to allow for TPM 2.0 quote. * [#106] Platform Configuration v2 (#112) * These changes are the beginning stage for spec 2 changes to the platform configuration section of the attributes platform certificate. * Updated typos and corrected check style errors. * Updating Platform Credential Unit test from #24 * Added unit test resource * [#24] Implementation of Component Class field (#114) * This is new code that parses a new field in the upcoming TCG spec for the platform components fields. The new field indicates the type of hardware (ex Memory - DDR3). This information wasn't provided before so it wasn't always clear what the component was. The new information is provided in a json file. A unit test was created to test the different variations. This commit does not include hooks in the base code to use this class yet. This commit is mainly to include the added library and correct bug and checkstyle issues associated with the new code. Closes #24 * Removed duplicate CONSTANT variable. * Added newline * Added Newline * Updated variable names for json object. * Fixed line length style error. * This is an initial set up for the new tagged elements for the component identifier. * This is an initial set up for the new tagged elements for the component identifier. * Split out functionality for version 2 changes. Added a new class to handle newer component elements. * Split out functionality for version 2 changes. Added a new class to handle newer component elements. * Updated for how to display version 2 versus version 1. * Updated for how to display version 2 versus version 1. * Moved V2 versions of class files to V2 specific folder. * Moved V2 versions of class files to V2 specific folder. * Debugging a problem with the componentclass portion of the spec 2 certificate. Pushing up so that I can debug at a different location. * Debugging a problem with the componentclass portion of the spec 2 certificate. Pushing up so that I can debug at a different location. * Updated changes that fixed a bug. The V2 of component identifier wasn't actually being used, and causes the cert to not upload. * Updated changes that fixed a bug. The V2 of component identifier wasn't actually being used, and causes the cert to not upload. * Additional changes made to resovle unit test failures and changes made to the unit test to validate some of the additional changes. * Additional changes made to resovle unit test failures and changes made to the unit test to validate some of the additional changes. * Fixed checkstyle issue of unused import. * Fixed checkstyle issue of unused import. * Last minute changes to fix some elements that were missed as prep for pull request. * Last minute changes to fix some elements that were missed as prep for pull request. * Update CertificateIdentifier for the issuerDN field so that findbugs does not error on the line setting it only to null. * Update CertificateIdentifier for the issuerDN field so that findbugs does not error on the line setting it only to null. * Updates to the placeholder class to avoid findbug errors. * Updates to the placeholder class to avoid findbug errors. * Added instanceof object check for attribute status in platform property V2 as an additional safeguard against type mismatch. * Added instanceof object check for attribute status in platform property V2 as an additional safeguard against type mismatch. * Corrected logic on AttributeStatus isRemoved method. * Removed reference to ComponentClass in V1 of ComponentIdentifer. Updated CertificateIdentifer to deal with tagged objects being optional, therefore the check for required in constructor is unnecessary. * Updated the parsing statements for the CertificateIdentifier's elements. --- .../WEB-INF/jsp/certificate-details.jsp | 15 +- .../certificate/PlatformCredential.java | 2 +- .../attributes/ComponentClass.java | 7 + .../attributes/ComponentIdentifier.java | 106 +++---- .../attributes/PlatformProperty.java | 24 +- .../attributes/V2/AttributeStatus.java | 52 ++++ .../attributes/V2/CertificateIdentifier.java | 153 ++++++++++ .../attributes/V2/ComponentIdentifierV2.java | 287 ++++++++++++++++++ .../{ => V2}/PlatformConfigurationV2.java | 8 +- .../attributes/V2/PlatformPropertyV2.java | 112 +++++++ .../attributes/V2/package-info.java | 5 + .../persist/certificate/CertificateTest.java | 2 +- .../certificate/PlatformCredentialTest.java | 22 +- .../TPM_INTC_Platform_Cert_RSA.txt | Bin 0 -> 2144 bytes 14 files changed, 704 insertions(+), 91 deletions(-) create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/AttributeStatus.java create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/CertificateIdentifier.java create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java rename HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/{ => V2}/PlatformConfigurationV2.java (92%) create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/package-info.java create mode 100644 HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp index cbbf92a6..6e77cb8f 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp @@ -587,22 +587,19 @@
- + ${component.getComponentClass()} - ${component.getComponentManufacturer()} -  - ${component.getComponentModel()} + Platform Components
- - Manufacturer: - ${component.getComponentManufacturer()}
- Model - ${component.getComponentModel()}
- + Manufacturer: + ${component.getComponentManufacturer()}
+ Model: + ${component.getComponentModel()}
Serial Number: ${component.getComponentSerial()}
diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java index d343ba1e..6e6f9eb9 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java @@ -4,7 +4,7 @@ import com.google.common.base.Preconditions; import hirs.data.persist.certificate.attributes.ComponentIdentifier; import hirs.data.persist.certificate.attributes.PlatformConfiguration; import hirs.data.persist.certificate.attributes.PlatformConfigurationV1; -import hirs.data.persist.certificate.attributes.PlatformConfigurationV2; +import hirs.data.persist.certificate.attributes.V2.PlatformConfigurationV2; import hirs.data.persist.certificate.attributes.TBBSecurityAssertion; import hirs.data.persist.certificate.attributes.URIReference; import hirs.persist.CertificateManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java index cf7e9cce..77334635 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java @@ -57,6 +57,13 @@ public class ComponentClass { private String component; private int componentIdentifier; + /** + * Default class constructor. + */ + public ComponentClass() { + this(JSON_PATH, UNKNOWN); + } + /** * Class Constructor that takes a int representation of the component value. * diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java index b294ba56..9daa4a19 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java @@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERUTF8String; /** @@ -17,8 +16,6 @@ import org.bouncycastle.asn1.DERUTF8String; * Attribute. * 
  * ComponentIdentifier ::= SEQUENCE {
- *      componentClass
- *          SEQUENCE(SIZE(1..CONFIGMAX)),
  *      componentManufacturer UTF8String (SIZE (1..STRMAX)),
  *      componentModel UTF8String (SIZE (1..STRMAX)),
  *      componentSerial[0] IMPLICIT UTF8String (SIZE (1..STRMAX)) OPTIONAL,
@@ -26,26 +23,44 @@ import org.bouncycastle.asn1.DERUTF8String;
  *      componentManufacturerId [2] IMPLICIT PrivateEnterpriseNumber OPTIONAL,
  *      fieldReplaceable [3] IMPLICIT BOOLEAN OPTIONAL,
  *      componentAddress [4] IMPLICIT
- *          SEQUENCE(SIZE(1..CONFIGMAX)) OF ComponentAddress OPTIONAL }
+ *          SEQUENCE(SIZE(1..CONFIGMAX)) OF ComponentAddress OPTIONAL}
  * where STRMAX is 256, CONFIGMAX is 32
  *
*/ public class ComponentIdentifier { + /** + * Variable for components that aren't set. + */ + public static final String EMPTY_COMPONENT = " --- "; /** * Maximum number of configurations. */ public static final int CONFIGMAX = 32; - private static final int COMPONENT_IDENTIFIER = 1; + private static final int MANDATORY_ELEMENTS = 2; // optional sequence objects - private static final int COMPONENT_SERIAL = 0; - private static final int COMPONENT_REVISION = 1; - private static final int COMPONENT_MANUFACTURER_ID = 2; - private static final int FIELD_REPLACEABLE = 3; - private static final int COMPONENT_ADDRESS = 4; + /** + * Static variable indicated array position for the serial number. + */ + protected static final int COMPONENT_SERIAL = 0; + /** + * Static variable indicated array position for the revision info. + */ + protected static final int COMPONENT_REVISION = 1; + /** + * Static variable indicated array position for the manufacturer id. + */ + protected static final int COMPONENT_MANUFACTURER_ID = 2; + /** + * Static variable indicated array position for the field replaceable value. + */ + protected static final int FIELD_REPLACEABLE = 3; + /** + * Static variable indicated array position for the component address. + */ + protected static final int COMPONENT_ADDRESS = 4; - private String componentClass; private DERUTF8String componentManufacturer; private DERUTF8String componentModel; private DERUTF8String componentSerial; @@ -58,11 +73,10 @@ public class ComponentIdentifier { * Default constructor. */ public ComponentIdentifier() { - componentClass = null; - componentManufacturer = null; - componentModel = null; - componentSerial = null; - componentRevision = null; + componentManufacturer = new DERUTF8String(EMPTY_COMPONENT); + componentModel = new DERUTF8String(EMPTY_COMPONENT); + componentSerial = new DERUTF8String(EMPTY_COMPONENT); + componentRevision = new DERUTF8String(EMPTY_COMPONENT); componentManufacturerId = null; fieldReplaceable = null; componentAddress = new ArrayList<>(); @@ -101,36 +115,19 @@ public class ComponentIdentifier { * @throws IllegalArgumentException if there was an error on the parsing */ public ComponentIdentifier(final ASN1Sequence sequence) throws IllegalArgumentException { - //Check if it have a valid number of identifers - if (sequence.size() < ComponentAddress.IDENTIFIER_NUMBER) { + // set all optional values to default in case they aren't set. + this(); + //Check if it have a valid number of identifiers + if (sequence.size() < MANDATORY_ELEMENTS) { throw new IllegalArgumentException("Component identifier do not have required values."); } - ASN1Sequence componentIdSeq; - int tag = 0; - - if (sequence.getObjectAt(tag) instanceof ASN1Sequence) { - componentIdSeq = ASN1Sequence.getInstance(sequence.getObjectAt(tag++)); - componentClass = DEROctetString.getInstance(componentIdSeq - .getObjectAt(COMPONENT_IDENTIFIER)) - .toString(); - } else if (sequence.getObjectAt(tag) instanceof DEROctetString) { - componentClass = sequence.getObjectAt(tag++).toString(); - } - //Mandatory values - componentManufacturer = DERUTF8String.getInstance(sequence.getObjectAt(tag++)); - componentModel = DERUTF8String.getInstance(sequence.getObjectAt(tag++)); - - //Optional values (default to null or empty) - componentSerial = null; - componentRevision = null; - componentManufacturerId = null; - fieldReplaceable = null; - componentAddress = new ArrayList<>(); + componentManufacturer = DERUTF8String.getInstance(sequence.getObjectAt(0)); + componentModel = DERUTF8String.getInstance(sequence.getObjectAt(1)); //Continue reading the sequence if it does contain more than 2 values - for (int i = tag; i < sequence.size(); i++) { + for (int i = 2; i < sequence.size(); i++) { ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i)); switch (taggedObj.getTagNo()) { case COMPONENT_SERIAL: @@ -147,7 +144,7 @@ public class ComponentIdentifier { break; case COMPONENT_ADDRESS: ASN1Sequence addressesSequence = ASN1Sequence.getInstance(taggedObj, false); - componentAddress = retriveComponentAddress(addressesSequence); + componentAddress = retrieveComponentAddress(addressesSequence); break; default: throw new IllegalArgumentException("Component identifier contains " @@ -156,20 +153,6 @@ public class ComponentIdentifier { } } - /** - * @return the componentClass - */ - public String getComponentClass() { - return componentClass; - } - - /** - * @param componentClass the componentClass to set - */ - public void setComponentClass(final String componentClass) { - this.componentClass = componentClass; - } - /** * @return the componentManufacturer */ @@ -268,6 +251,13 @@ public class ComponentIdentifier { this.componentAddress = componentAddress; } + /** + * @return indicates the type of platform certificate + */ + public boolean isVersion2() { + return false; + } + /** * Get all the component addresses inside the sequence. * @@ -275,7 +265,7 @@ public class ComponentIdentifier { * @return list of component addresses inside the sequence * @throws IllegalArgumentException if there was an error on the parsing */ - public static List retriveComponentAddress(final ASN1Sequence sequence) + public static List retrieveComponentAddress(final ASN1Sequence sequence) throws IllegalArgumentException { List addresses; addresses = new ArrayList<>(); @@ -298,9 +288,6 @@ public class ComponentIdentifier { StringBuilder sb = new StringBuilder(); sb.append("ComponentIdentifier{"); sb.append("componentManufacturer=").append(componentManufacturer.getString()); - sb.append("componentClass=").append(componentClass); - sb.append(", componentManufacturer=") - .append(componentManufacturer.getString()); sb.append(", componentModel=").append(componentModel.getString()); //Optional not null values sb.append(", componentSerial="); @@ -326,6 +313,7 @@ public class ComponentIdentifier { .map(Object::toString) .collect(Collectors.joining(","))); } + sb.append(", certificateIdentifier="); sb.append("}"); return sb.toString(); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java index a658d03e..072cb7a8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java @@ -1,20 +1,26 @@ package hirs.data.persist.certificate.attributes; -import static hirs.data.persist.certificate.attributes.ComponentAddress.IDENTIFIER_NUMBER; +import hirs.data.persist.DeviceInfoReport; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERUTF8String; /** * - * Basic class that handle a single property for the platform configuration. + * Basic class that handles a single property for the platform configuration. * 
  * Properties ::= SEQUENCE {
  *      propertyName UTF8String (SIZE (1..STRMAX)),
- *      propertyValue UTF8String (SIZE (1..STRMAX))
- * }
-*
+ * propertyValue UTF8String (SIZE (1..STRMAX) } + * + * */ public class PlatformProperty { + + /** + * Number of identifiers for version 1. + */ + protected static final int IDENTIFIER_NUMBER = 2; + private DERUTF8String propertyName; private DERUTF8String propertyValue; @@ -22,8 +28,8 @@ public class PlatformProperty { * Default constructor. */ public PlatformProperty() { - this.propertyName = null; - this.propertyValue = null; + this.propertyName = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED); + this.propertyValue = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED); } /** @@ -45,14 +51,14 @@ public class PlatformProperty { * @throws IllegalArgumentException if there was an error on the parsing */ public PlatformProperty(final ASN1Sequence sequence) throws IllegalArgumentException { - //Check if the sequence contains the two values required + // Check if the sequence contains the two values required if (sequence.size() != IDENTIFIER_NUMBER) { throw new IllegalArgumentException("Platform properties does not contain all " + "the required fields."); } + this.propertyName = DERUTF8String.getInstance(sequence.getObjectAt(0)); this.propertyValue = DERUTF8String.getInstance(sequence.getObjectAt(1)); - } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/AttributeStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/AttributeStatus.java new file mode 100644 index 00000000..094f494f --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/AttributeStatus.java @@ -0,0 +1,52 @@ +package hirs.data.persist.certificate.attributes.V2; + +import hirs.data.persist.certificate.attributes.ComponentIdentifier; + +/** + * A type to handle the security Level used in the FIPS Level. + * Ordering of enum types is intentional and their ordinal values correspond to enum + * values in the TCG spec. + * + * 
+ * AttributeStatus ::= ENUMERATED {
+ *      added (0),
+ *      modified (1),
+ *      removed (2) }
+ *
+ */ +public enum AttributeStatus { + /** + * Attribute Status for ADDED. + */ + ADDED("added"), + /** + * Attribute Status for MODIFIED. + */ + MODIFIED("modified"), + /** + * Attribute Status for REMOVED. + */ + REMOVED("removed"), + /** + * Attribute Status for NOT_SPECIFIED. + */ + NOT_SPECIFIED(ComponentIdentifier.EMPTY_COMPONENT); + + private final String value; + + /** + * Basic constructor. + * @param value string containing the value. + */ + AttributeStatus(final String value) { + this.value = value; + } + + /** + * Getter for the string of attribute status value. + * @return the string containing the value. + */ + public String getValue() { + return this.value; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/CertificateIdentifier.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/CertificateIdentifier.java new file mode 100644 index 00000000..bfe7eade --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/CertificateIdentifier.java @@ -0,0 +1,153 @@ +package hirs.data.persist.certificate.attributes.V2; + +import hirs.data.persist.DeviceInfoReport; +import java.math.BigInteger; + +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.GeneralName; + +/** + * Basic class that handles a the attribute associate with a Certificate + * Identifier for the component. + * 
+ * CertificateIdentifier::= SEQUENCE {
+ *       attributeCertIdentifier [0] IMPLICIT AttributeCertificateIdentifier OPTIONAL
+ *       genericCertIdentifier   [1] IMPLICIT IssuerSerial OPTIONAL }
+ *
+ * AttributeCertificateIdentifier ::= SEQUENCE {
+ *       hashAlgorithm  AlgorithmIdentifier,
+ *       hashOverSignatureValue OCTET STRING }
+ *
+ * IssuerSerial ::= SEQUENCE {
+ *       issuer        GeneralNames,
+ *       serial        CertificateSerialNumber }
+ *
+ */ +public class CertificateIdentifier { + + private static final int SEQUENCE_NUMBER = 2; + private static final int ATTRIBUTE_ID_INDEX = 0; + private static final int GENERIC_ID_INDEX = 1; + + private String hashAlgorithm; + private String hashSigValue; + private GeneralName issuerDN; + private BigInteger certificateSerialNumber; + + /** + * Default constructor. + */ + public CertificateIdentifier() { + hashAlgorithm = DeviceInfoReport.NOT_SPECIFIED; + hashSigValue = null; + issuerDN = null; + certificateSerialNumber = BigInteger.ZERO; + } + + /** + * Primary constructor for the parsing of the sequence. + * @param sequence containing the name and value of the Certificate Identifier + */ + public CertificateIdentifier(final ASN1Sequence sequence) { + this(); + + ASN1TaggedObject taggedObj; + for (int i = 0; i < sequence.size(); i++) { + taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i)); + + switch (taggedObj.getTagNo()) { + case ATTRIBUTE_ID_INDEX: + // attributecertificateidentifier + parseAttributeCertId(ASN1Sequence.getInstance(taggedObj, false)); + break; + case GENERIC_ID_INDEX: + // issuerserial + parseGenericCertId(ASN1Sequence.getInstance(taggedObj, false)); + break; + default: + break; + } + } + } + + private void parseAttributeCertId(final ASN1Sequence attrCertSeq) { + //Check if it have a valid number of identifiers + if (attrCertSeq.size() != SEQUENCE_NUMBER) { + throw new IllegalArgumentException("CertificateIdentifier" + + ".AttributeCertificateIdentifier does not have required values."); + } + + hashAlgorithm = attrCertSeq.getObjectAt(0).toString(); + hashSigValue = attrCertSeq.getObjectAt(1).toString(); + } + + private void parseGenericCertId(final ASN1Sequence issuerSerialSeq) { + //Check if it have a valid number of identifiers + if (issuerSerialSeq.size() != SEQUENCE_NUMBER) { + throw new IllegalArgumentException("CertificateIdentifier" + + ".GenericCertificateIdentifier does not have required values."); + } + + ASN1Sequence derSequence = DERSequence.getInstance(issuerSerialSeq.getObjectAt(0)); + ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(derSequence.getObjectAt(0)); + + issuerDN = GeneralName.getInstance(taggedObj); + certificateSerialNumber = ASN1Integer.getInstance(issuerSerialSeq + .getObjectAt(1)).getValue(); + } + + /** + * @return the algorithm type + */ + public String getHashAlgorithm() { + return hashAlgorithm; + } + + /** + * @return the string representation of hash signature + */ + public String getHashSigValue() { + return hashSigValue; + } + + /** + * @return the distinguished name for the issuer serial + */ + public GeneralName getIssuerDN() { + return issuerDN; + } + + /** + * @return The serial number of the certificate. + */ + public BigInteger getCertificateSerialNumber() { + return certificateSerialNumber; + } + + /** + * String for the internal data stored. + * @return String representation of the data. + */ + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + + sb.append("CertificateIdentifier{"); + sb.append("hashAlgorithm=").append(hashAlgorithm); + sb.append(", hashSigValue").append(hashSigValue); + sb.append(", issuerDN="); + if (issuerDN != null) { + sb.append(issuerDN.toString()); + } + sb.append(", certificateSerialNumber="); + if (certificateSerialNumber != null) { + sb.append(certificateSerialNumber.toString()); + } + + sb.append("}"); + return sb.toString(); + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java new file mode 100644 index 00000000..179e3bac --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java @@ -0,0 +1,287 @@ +package hirs.data.persist.certificate.attributes.V2; + +import hirs.data.persist.certificate.attributes.ComponentAddress; +import hirs.data.persist.certificate.attributes.ComponentClass; +import hirs.data.persist.certificate.attributes.ComponentIdentifier; +import hirs.data.persist.certificate.attributes.URIReference; +import java.util.List; +import java.util.stream.Collectors; + +import org.bouncycastle.asn1.ASN1Boolean; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERUTF8String; + +/** + * Basic class that handle component identifiers from the Platform Configuration + * Attribute. + * 
+ * ComponentIdentifier ::= SEQUENCE {
+ *      componentManufacturer UTF8String (SIZE (1..STRMAX)),
+ *      componentModel UTF8String (SIZE (1..STRMAX)),
+ *      componentSerial[0] IMPLICIT UTF8String (SIZE (1..STRMAX)) OPTIONAL,
+ *      componentRevision [1] IMPLICIT UTF8String (SIZE (1..STRMAX)) OPTIONAL,
+ *      componentManufacturerId [2] IMPLICIT PrivateEnterpriseNumber OPTIONAL,
+ *      fieldReplaceable [3] IMPLICIT BOOLEAN OPTIONAL,
+ *      componentAddress [4] IMPLICIT
+ *          SEQUENCE(SIZE(1..CONFIGMAX)) OF ComponentAddress OPTIONAL
+ *      componentPlatformCert [5] IMPLICIT CertificateIdentifier OPTIONAL,
+ *      componentPlatformCertUri [6] IMPLICIT URIReference OPTIONAL,
+ *      status [7] IMPLICIT AttributeStatus OPTIONAL }
+ * where STRMAX is 256, CONFIGMAX is 32
+ *
+ */ +public class ComponentIdentifierV2 extends ComponentIdentifier { + + private static final int MANDATORY_ELEMENTS = 3; + // Additional optional identifiers for version 2 + private static final int COMPONENT_PLATFORM_CERT = 5; + private static final int COMPONENT_PLATFORM_URI = 6; + private static final int ATTRIBUTE_STATUS = 7; + + private ComponentClass componentClass; + private CertificateIdentifier certificateIdentifier; + private URIReference componentPlatformUri; + private AttributeStatus attributeStatus; + + /** + * Default constructor. + */ + public ComponentIdentifierV2() { + super(); + componentClass = new ComponentClass(); + certificateIdentifier = null; + componentPlatformUri = null; + attributeStatus = AttributeStatus.NOT_SPECIFIED; + } + + /** + * Constructor given the components values. + * + * @param componentClass represent the component type + * @param componentManufacturer represents the component manufacturer + * @param componentModel represents the component model + * @param componentSerial represents the component serial number + * @param componentRevision represents the component revision + * @param componentManufacturerId represents the component manufacturer ID + * @param fieldReplaceable represents if the component is replaceable + * @param componentAddress represents a list of addresses + * @param certificateIdentifier object representing certificate Id + * @param componentPlatformUri object containing the URI Reference + * @param attributeStatus object containing enumerated status + */ + @SuppressWarnings("checkstyle:parameternumber") + public ComponentIdentifierV2(final ComponentClass componentClass, + final DERUTF8String componentManufacturer, + final DERUTF8String componentModel, + final DERUTF8String componentSerial, + final DERUTF8String componentRevision, + final ASN1ObjectIdentifier componentManufacturerId, + final ASN1Boolean fieldReplaceable, + final List componentAddress, + final CertificateIdentifier certificateIdentifier, + final URIReference componentPlatformUri, + final AttributeStatus attributeStatus) { + super(componentManufacturer, componentModel, componentSerial, + componentRevision, componentManufacturerId, fieldReplaceable, + componentAddress); + this.componentClass = componentClass; + // additional optional component identifiers + this.certificateIdentifier = certificateIdentifier; + this.componentPlatformUri = componentPlatformUri; + this.attributeStatus = attributeStatus; + } + + /** + * Constructor given the SEQUENCE that contains Component Identifier. + * @param sequence containing the the component identifier + * @throws IllegalArgumentException if there was an error on the parsing + */ + public ComponentIdentifierV2(final ASN1Sequence sequence) + throws IllegalArgumentException { + super(); + // Check if it have a valid number of identifiers + if (sequence.size() < MANDATORY_ELEMENTS) { + throw new IllegalArgumentException("Component identifier do not have required values."); + } + + int tag = 0; + ASN1Sequence componentIdSeq = ASN1Sequence.getInstance(sequence.getObjectAt(tag++)); + componentClass = new ComponentClass(DEROctetString.getInstance(componentIdSeq + .getObjectAt(tag)).toString()); + + // Mandatory values + this.setComponentManufacturer(DERUTF8String.getInstance(sequence.getObjectAt(tag++))); + this.setComponentModel(DERUTF8String.getInstance(sequence.getObjectAt(tag++))); + + // Continue reading the sequence if it does contain more than 2 values + for (int i = tag; i < sequence.size(); i++) { + ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i)); + switch (taggedObj.getTagNo()) { + case COMPONENT_SERIAL: + this.setComponentSerial(DERUTF8String.getInstance(taggedObj, false)); + break; + case COMPONENT_REVISION: + this.setComponentRevision(DERUTF8String.getInstance(taggedObj, false)); + break; + case COMPONENT_MANUFACTURER_ID: + this.setComponentManufacturerId(ASN1ObjectIdentifier + .getInstance(taggedObj, false)); + break; + case FIELD_REPLACEABLE: + this.setFieldReplaceable(ASN1Boolean.getInstance(taggedObj, false)); + break; + case COMPONENT_ADDRESS: + ASN1Sequence addressesSequence = ASN1Sequence.getInstance(taggedObj, false); + this.setComponentAddress(retrieveComponentAddress(addressesSequence)); + break; + case COMPONENT_PLATFORM_CERT: + ASN1Sequence ciSequence = ASN1Sequence.getInstance(taggedObj, false); + certificateIdentifier = new CertificateIdentifier(ciSequence); + break; + case COMPONENT_PLATFORM_URI: + ASN1Sequence uriSequence = ASN1Sequence.getInstance(taggedObj, false); + this.componentPlatformUri = new URIReference(uriSequence); + break; + case ATTRIBUTE_STATUS: + ASN1Enumerated enumerated = ASN1Enumerated.getInstance(taggedObj, false); + this.attributeStatus = AttributeStatus.values()[ + enumerated.getValue().intValue()]; + break; + default: + throw new IllegalArgumentException("Component identifier contains " + + "invalid tagged object."); + } + } + } + + /** + * @return string for the type of component. + */ + public ComponentClass getComponentClass() { + return componentClass; + } + + /** + * @param componentClass the type of component to set + */ + public void setComponentClass(final ComponentClass componentClass) { + this.componentClass = componentClass; + } + + /** + * @return string for the certificate identifier + */ + public CertificateIdentifier getCertificateIdentifier() { + return certificateIdentifier; + } + + /** + * @param certificateIdentifier the certificate id to set + */ + public void setCertificateIdentifier(final CertificateIdentifier certificateIdentifier) { + this.certificateIdentifier = certificateIdentifier; + } + + /** + * @return the componentPlatformUri. + */ + public URIReference getComponentPlatformUri() { + return componentPlatformUri; + } + + /** + * @param componentPlatformUri the componentPlatformUri to set. + */ + public void setComponentPlatformUri(final URIReference componentPlatformUri) { + this.componentPlatformUri = componentPlatformUri; + } + + /** + * @return the attribute enumerated status. + */ + public AttributeStatus getAttributeStatus() { + return attributeStatus; + } + + /** + * @param attributeStatus the attributeState to set. + */ + public void setAttributeStatus(final AttributeStatus attributeStatus) { + this.attributeStatus = attributeStatus; + } + + /** + * @return true if the component has been modified. + */ + public final boolean isModified() { + return getAttributeStatus() == AttributeStatus.MODIFIED; + } + + /** + * @return true if the component has been removed. + */ + public final boolean isRemoved() { + return getAttributeStatus() == AttributeStatus.REMOVED; + } + + /** + * @return indicates the type of platform certificate. + */ + @Override + public boolean isVersion2() { + return true; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("ComponentIdentifierV2{"); + sb.append("componentClass=").append(componentClass); + sb.append(", componentManufacturer=").append(getComponentManufacturer() + .getString()); + sb.append(", componentModel=").append(getComponentModel().getString()); + // Optional not null values + sb.append(", componentSerial="); + if (getComponentSerial() != null) { + sb.append(getComponentSerial().getString()); + } + sb.append(", componentRevision="); + if (getComponentRevision() != null) { + sb.append(getComponentRevision().getString()); + } + sb.append(", componentManufacturerId="); + if (getComponentManufacturerId() != null) { + sb.append(getComponentManufacturerId().getId()); + } + sb.append(", fieldReplaceable="); + if (getFieldReplaceable() != null) { + sb.append(getFieldReplaceable().toString()); + } + sb.append(", componentAddress="); + if (getComponentAddress().size() > 0) { + sb.append(getComponentAddress() + .stream() + .map(Object::toString) + .collect(Collectors.joining(","))); + } + sb.append(", certificateIdentifier="); + if (certificateIdentifier != null) { + sb.append(certificateIdentifier.toString()); + } + sb.append(", componentPlatformUri="); + if (componentPlatformUri != null) { + sb.append(componentPlatformUri.toString()); + } + sb.append(", status="); + if (attributeStatus != null) { + sb.append(attributeStatus.getValue()); + } + sb.append("}"); + + return sb.toString(); + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformConfigurationV2.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformConfigurationV2.java similarity index 92% rename from HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformConfigurationV2.java rename to HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformConfigurationV2.java index c84acc34..ec8c4936 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformConfigurationV2.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformConfigurationV2.java @@ -1,5 +1,7 @@ -package hirs.data.persist.certificate.attributes; +package hirs.data.persist.certificate.attributes.V2; +import hirs.data.persist.certificate.attributes.PlatformConfiguration; +import hirs.data.persist.certificate.attributes.URIReference; import java.util.ArrayList; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; @@ -51,7 +53,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration { //DERSequence with the components ASN1Sequence component = ASN1Sequence.getInstance(componentConfiguration.getObjectAt(j)); - add(new ComponentIdentifier(component)); + add(new ComponentIdentifierV2(component)); } break; case COMPONENT_IDENTIFIER_URI: @@ -68,7 +70,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration { for (int j = 0; j < properties.size(); j++) { //DERSequence with the components ASN1Sequence property = ASN1Sequence.getInstance(properties.getObjectAt(j)); - add(new PlatformProperty(property)); + add(new PlatformPropertyV2(property)); } break; case PLATFORM_PROPERTIES_URI: diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java new file mode 100644 index 00000000..ad188633 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java @@ -0,0 +1,112 @@ +package hirs.data.persist.certificate.attributes.V2; + +import hirs.data.persist.certificate.attributes.PlatformProperty; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERUTF8String; + +/** + * + * Basic class that handles a single property for the platform configuration. + * 
+ * Properties ::= SEQUENCE {
+ *      propertyName UTF8String (SIZE (1..STRMAX)),
+ *      propertyValue UTF8String (SIZE (1..STRMAX),
+ *      status [0] IMPLICIT AttributeStatus OPTIONAL }
+ *
+ *
+ */ +public class PlatformPropertyV2 extends PlatformProperty { + + private AttributeStatus attributeStatus; + + /** + * Default constructor. + */ + public PlatformPropertyV2() { + super(); + this.attributeStatus = AttributeStatus.NOT_SPECIFIED; + } + + /** + * Constructor given the name and value for the platform property. + * + * @param propertyName string containing the property name + * @param propertyValue string containing the property value + * @param attributeStatus enumerated object with the status of the property + */ + public PlatformPropertyV2(final DERUTF8String propertyName, final DERUTF8String propertyValue, + final AttributeStatus attributeStatus) { + super(propertyName, propertyValue); + this.attributeStatus = attributeStatus; + } + + /** + * Constructor given the SEQUENCE that contains the name and value for the + * platform property. + * + * @param sequence containing the name and value of the platform property + * @throws IllegalArgumentException if there was an error on the parsing + */ + public PlatformPropertyV2(final ASN1Sequence sequence) throws IllegalArgumentException { + // Check if the sequence contains the two values required + if (sequence.size() < IDENTIFIER_NUMBER) { + throw new IllegalArgumentException("Platform properties does not contain all " + + "the required fields."); + } + + setPropertyName(DERUTF8String.getInstance(sequence.getObjectAt(0))); + setPropertyValue(DERUTF8String.getInstance(sequence.getObjectAt(1))); + + // optional value which is a placeholder for now + if (sequence.size() > IDENTIFIER_NUMBER + && sequence.getObjectAt(2) instanceof ASN1Enumerated) { + ASN1Enumerated enumerated = ASN1Enumerated.getInstance(sequence.getObjectAt(2)); + this.attributeStatus = AttributeStatus.values()[enumerated.getValue().intValue()]; + } + } + + /** + * Getter for the enumerated status. + * @return added, modified, removed status + */ + public AttributeStatus getAttributeStatus() { + return attributeStatus; + } + + /** + * Setter for the enumerated status. + * @param attributeStatus enumerated object with the status of the property + */ + public void setAttributeStatus(final AttributeStatus attributeStatus) { + this.attributeStatus = attributeStatus; + } + + /** + * @return true if the property has been modified. + */ + public final boolean isModified() { + return getAttributeStatus() == AttributeStatus.MODIFIED; + } + + /** + * @return true if the property has been removed. + */ + public final boolean isRemoved() { + return getAttributeStatus() != AttributeStatus.REMOVED; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("PlatformPropertyV2{"); + sb.append("PropertyName=").append(getPropertyName().getString()); + sb.append(", propertyValue=").append(getPropertyValue().getString()); + if (attributeStatus != null) { + sb.append(", attributeStatus=").append(attributeStatus.toString()); + } + sb.append("}"); + + return sb.toString(); + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/package-info.java new file mode 100644 index 00000000..b5a58e60 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/package-info.java @@ -0,0 +1,5 @@ +/** + * A package to house component structures to support fields in larger + * certificate types for Version 2. + */ +package hirs.data.persist.certificate.attributes.V2; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/certificate/CertificateTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/certificate/CertificateTest.java index 7b9b8770..68452a0a 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/certificate/CertificateTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/certificate/CertificateTest.java @@ -311,7 +311,7 @@ public class CertificateTest { "https://trustedservices.intel.com/" + "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n"); Assert.assertEquals(platformCert.getAuthKeyId(), - "3c06b9fb63a53ca57c6b87433339f1dca807fba4"); + "a5ecc6c07da02c6af8764d4e5c16483610a0b040"); } /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java index 888758e6..7698c5d8 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java @@ -60,7 +60,7 @@ public class PlatformCredentialTest { * Location of another, slightly different platform attribute cert. */ static final String TEST_PLATFORM_CERT_6 = - "/validation/platform_credentials/Intel_nuc1.cer"; + "/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt"; /** * Platform Certificate 2.0 with all the expected data. @@ -142,7 +142,7 @@ public class PlatformCredentialTest { + "D1098B0EB8C7E750D16FC99DADB0B32DF27B74F7BA1560DA56C3635" + "47E84124E560B71D40B729326FC5"; - private static final String EXPECTED_CERT_SIGANTURE_FOR_CERT2_1 = + private static final String EXPECTED_CERT_SIGNATURE_FOR_CERT2_1 = "MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVUzEUMBI" + "GA1UECgwLRXhhbXBsZS5vcmcxDTALBgNVBAsMBHRlc3QxIDAeBgNVBAMMF1BsYXRmb" + "3JtIENlcnRpZmljYXRlIENBMB4XDTE4MDQwNDE2NDUyMloXDTI4MDQwMzE2NDUyMlow" @@ -389,7 +389,7 @@ public class PlatformCredentialTest { PlatformCredential platformCert = new PlatformCredential(certPath); Certificate issuer = new CertificateAuthorityCredential( - Base64.decode(EXPECTED_CERT_SIGANTURE_FOR_CERT2_1)); + Base64.decode(EXPECTED_CERT_SIGNATURE_FOR_CERT2_1)); //Check if issuer certificate issued the platform credential Assert.assertTrue(platformCert.isIssuer(issuer)); @@ -402,7 +402,7 @@ public class PlatformCredentialTest { * @throws URISyntaxException if there is a problem constructing the cert's URI */ @Test - public final void testPlatformConfiguarion() throws IOException, URISyntaxException { + public final void testPlatformConfiguration() throws IOException, URISyntaxException { URL resource = this.getClass().getResource(TEST_PLATFORM_CERT2_1); Path certPath = Paths.get(resource.toURI()); @@ -490,7 +490,7 @@ public class PlatformCredentialTest { * @throws URISyntaxException if there is a problem constructing the cert's URI */ @Test - public final void testPlatformConfiguarion2() throws IOException, URISyntaxException { + public final void testPlatformConfiguration2() throws IOException, URISyntaxException { URL resource = this.getClass().getResource(TEST_PLATFORM_CERT2_2); Path certPath = Paths.get(resource.toURI()); @@ -528,7 +528,7 @@ public class PlatformCredentialTest { * @throws URISyntaxException if there is a problem constructing the cert's URI */ @Test - public final void testPlatformConfiguarion3() throws IOException, URISyntaxException { + public final void testPlatformConfiguration3() throws IOException, URISyntaxException { URL resource = this.getClass().getResource(TEST_PLATFORM_CERT2_3); Path certPath = Paths.get(resource.toURI()); @@ -559,7 +559,9 @@ public class PlatformCredentialTest { Assert.assertTrue(component.getComponentModel() .getString() .equals("BIOS")); - Assert.assertNull(component.getComponentSerial()); + Assert.assertTrue(component.getComponentSerial() + .getString() + .equals(" --- ")); Assert.assertTrue(component.getComponentRevision() .getString() .equals("DNKBLi5v.86A.0019.2017.0804.1146")); @@ -599,7 +601,7 @@ public class PlatformCredentialTest { * @throws URISyntaxException if there is a problem constructing the cert's URI */ @Test - public final void testPlatformConfiguarion4() throws IOException, URISyntaxException { + public final void testPlatformConfiguration4() throws IOException, URISyntaxException { URL resource = this.getClass().getResource(TEST_PLATFORM_CERT2_4); Path certPath = Paths.get(resource.toURI()); @@ -672,7 +674,7 @@ public class PlatformCredentialTest { * @throws URISyntaxException if there is a problem constructing the cert's URI */ @Test - public final void testPlatformConfiguarion5() throws IOException, URISyntaxException { + public final void testPlatformConfiguration5() throws IOException, URISyntaxException { URL resource = this.getClass().getResource(TEST_PLATFORM_CERT2_SPEC2); Path certPath = Paths.get(resource.toURI()); @@ -683,6 +685,8 @@ public class PlatformCredentialTest { //Check component identifier List allComponents = platformConfig.getComponentIdentifier(); Assert.assertFalse(allComponents.isEmpty()); + ComponentIdentifier component = allComponents.get(5); + Assert.assertTrue(component.isVersion2()); List platformProperties = platformConfig.getPlatformProperties(); if (platformProperties.isEmpty()) { diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt b/HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt new file mode 100644 index 0000000000000000000000000000000000000000..f99f228125ff7c86484d5f25c79ac388041fe47a GIT binary patch literal 2144 zcmbVNX>b!|7|w349$RQ>DTPv4L7*Jnyt_Fz4QH;lp(K~JcG45ADa3L~h9Acw~=Drl7%h5;RQ1VNyH3JmrKNCy~nH*JBT{BWGvAK&+W@AW<3 z`#cNrq)LcuzD5xQ#7)iO8z8RQB{qS$oJ@sejj}?e$wVDa@&yVTl0PHk+`qSO%XsEK`);vu`!RspK>bqT5-3Z zs|)%ALS2;Qs&Ts&2Z};fOSH9Do5kHA?%XAA2XX6DO;vciH%S<3w~|@VM=qhoQoVjo z@Zz`b>mNT>m~*Z5fu zcg13LUH!O9i;L#^oL(Q94OyL+Nn5yZA;HRdi2xslG)?lTrjn+6X$X?4R-jqPh!x7* zpRZ19-8(sL^UB}vmM5p5haow=DIg1hA`K)>8T2qqHs~oZ>PZqPJy5eCu3QQOHR@_n zjb@OUkO9dkf})5*dL)%fp->>wRTHQE$z;$bmPsgNciQ@qX&^nFJ#J%OjY45a*4RZQ)-*S8tVzO$x48P2O)t%6JQ1dL6Qa&l=Mi` z^8vABPlcUkjSi3PnLbh`8)*||Dlh;E3wmVAN;H&TKJw{lz_ik6FgR;$%=YoPjlql9 zP>89*Z4LNT!b!LZG5_f>CNbTtv4GYCRN(fq3Vaey5hf@uSq#P=CAD6EI9A71W9e=K zO!M#=kfLGs` zZUmrAHkzi*V5DfUi7FFV3!$z@s^`F$>lA93D8~pA4jjh>WK!TRiYzRc;%>|^2P_b@ zn1U9XvII<)fKfy#a@Rl@kQk>71ncRsa{{DdN~_z4sf1`916deWUl!$YC+D9hVcBKv zkEJ`Je8gMBMjoH2gZ@yAX&IkAwnh*lF^f(oQ!5hk3qd{_4hO4cg6X>U5haNo_evbk z!&TxA5VwK&jwVIsc842Lqbd;B!YobFXbqxPYf&WI(_KlrbxdHYVobE24KT4M+Mtu_ z2$H(!d|taQAT=M8SMs8a53zv;uizJ$u;f5Qs)9f~&W*wl4ENcKabIUy|xPzGQ-{5fzrw&7cxzLe@I%YAj_kP15>8 znLuPN^zZW5V7(pFCD{anq*xMbNl5$^@`kE%AiFVZ_pR11UuhmQzoXvmsmv}hr8j>x z3Fdd-MbfT0Q27KmK%4$AZgab2*=~I-%7ldFGXkuPBckH7yE_gyoL_V8BD=BgFU-Mh zx=XjB7js+Qf2jR?_ASpKI`6$JFN%Ar!e=+l&OJ3`kmcB-`yKVAqtoMt`;)$1ygjq7 zwl$~yI(O%_9pG~RB=Q$5`B z)6w?REvk1@Kiv3WTIC{P`nj9K6(>)7l142XaOCX%2U|xiZ@Y14Z`FafEb9k`;m=L& zu8Wmhg%QJt|F*9q|FzmNH;I?`+&*L-zwyY~{;o`7Xzb)4v4_Q%50a`k@6?Xn(Qm|e z7ut@sHk8l3x_@Tg`U^|>q)6%Al`TcX94>3$8SYcM4c@gQ+dF1XKk?PR!#8HPoL-$W zY4fTK^^kkla+~_)pBr^__v+HC=5vnE?E~846ITx%w&a`dXB|+i+%V5LTl~P=YuzX4 zoFBHgO+LBh$6HH(9en1|Kc1Z2WB0b!kIg!GnU83vtXZ+oReon(tTkn6&BBHSGX{3_ fE;k2-2OY=T*UVgeccNuk@12!R*M&nX59a&}jckdr literal 0 HcmV?d00001