mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
add pciids to utils and update classes that use it
This commit is contained in:
parent
e9c0c8c3a1
commit
31715b5ac4
@ -2,7 +2,6 @@ package hirs.attestationca.persist.util;
|
|||||||
|
|
||||||
import com.github.marandus.pciid.model.Device;
|
import com.github.marandus.pciid.model.Device;
|
||||||
import com.github.marandus.pciid.model.Vendor;
|
import com.github.marandus.pciid.model.Vendor;
|
||||||
import com.github.marandus.pciid.service.PciIdsDatabase;
|
|
||||||
import com.google.common.base.Strings;
|
import com.google.common.base.Strings;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
|
||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||||
@ -12,71 +11,16 @@ import lombok.extern.log4j.Log4j2;
|
|||||||
import org.bouncycastle.asn1.ASN1UTF8String;
|
import org.bouncycastle.asn1.ASN1UTF8String;
|
||||||
import org.bouncycastle.asn1.DERUTF8String;
|
import org.bouncycastle.asn1.DERUTF8String;
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import static hirs.utils.PciIds.DB;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Provide Java access to PCI IDs.
|
* Provide Java access to PCI IDs.
|
||||||
*/
|
*/
|
||||||
@Log4j2
|
@Log4j2
|
||||||
public final class AcaPciIds {
|
public final class AcaPciIds {
|
||||||
/**
|
|
||||||
* This pci ids file can be in different places on different distributions.
|
|
||||||
*/
|
|
||||||
public static final List<String> PCI_IDS_PATH =
|
|
||||||
Collections.unmodifiableList(new ArrayList<>() {
|
|
||||||
private static final long serialVersionUID = 1L;
|
|
||||||
{
|
|
||||||
add("/usr/share/hwdata/pci.ids");
|
|
||||||
add("/usr/share/misc/pci.ids");
|
|
||||||
add("/tmp/pci.ids");
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The PCI IDs Database object.
|
|
||||||
*
|
|
||||||
* This only needs to be loaded one time.
|
|
||||||
*
|
|
||||||
* The pci ids library protects the data inside the object by making it immutable.
|
|
||||||
*/
|
|
||||||
public static final PciIdsDatabase DB = new PciIdsDatabase();
|
|
||||||
|
|
||||||
static {
|
|
||||||
if (!DB.isReady()) {
|
|
||||||
String dbFile = null;
|
|
||||||
for (final String path : PCI_IDS_PATH) {
|
|
||||||
if ((new File(path)).exists()) {
|
|
||||||
log.info("PCI IDs file was found {}", path);
|
|
||||||
dbFile = path;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (dbFile != null) {
|
|
||||||
InputStream is = null;
|
|
||||||
try {
|
|
||||||
is = new FileInputStream(new File(dbFile));
|
|
||||||
DB.loadStream(is);
|
|
||||||
} catch (IOException e) {
|
|
||||||
// DB will not be ready, hardware IDs will not be translated
|
|
||||||
dbFile = null;
|
|
||||||
} finally {
|
|
||||||
if (is != null) {
|
|
||||||
try {
|
|
||||||
is.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
dbFile = null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The Component Class TCG Registry OID.
|
* The Component Class TCG Registry OID.
|
||||||
|
@ -14,6 +14,7 @@ import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
|||||||
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
|
||||||
import hirs.attestationca.persist.enums.AppraisalStatus;
|
import hirs.attestationca.persist.enums.AppraisalStatus;
|
||||||
import hirs.attestationca.persist.util.AcaPciIds;
|
import hirs.attestationca.persist.util.AcaPciIds;
|
||||||
|
import hirs.utils.PciIds;
|
||||||
import hirs.utils.enums.DeviceInfoEnums;
|
import hirs.utils.enums.DeviceInfoEnums;
|
||||||
import lombok.extern.log4j.Log4j2;
|
import lombok.extern.log4j.Log4j2;
|
||||||
import org.apache.commons.codec.digest.DigestUtils;
|
import org.apache.commons.codec.digest.DigestUtils;
|
||||||
@ -445,7 +446,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
|||||||
// is to be displayed as the failure
|
// is to be displayed as the failure
|
||||||
fullDeltaChainComponents.clear();
|
fullDeltaChainComponents.clear();
|
||||||
for (ComponentIdentifier ci : subCompIdList) {
|
for (ComponentIdentifier ci : subCompIdList) {
|
||||||
if (ci.isVersion2() && AcaPciIds.DB.isReady()) {
|
if (ci.isVersion2() && PciIds.DB.isReady()) {
|
||||||
ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
|
ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
|
||||||
}
|
}
|
||||||
log.error("Unmatched component: " + ci);
|
log.error("Unmatched component: " + ci);
|
||||||
@ -606,7 +607,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
|||||||
|
|
||||||
int unmatchedComponentCounter = 1;
|
int unmatchedComponentCounter = 1;
|
||||||
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
|
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
|
||||||
if (unmatchedComponent.isVersion2() && AcaPciIds.DB.isReady()) {
|
if (unmatchedComponent.isVersion2() && PciIds.DB.isReady()) {
|
||||||
unmatchedComponent =
|
unmatchedComponent =
|
||||||
AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
|
AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Comp
|
|||||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
|
||||||
import hirs.attestationca.persist.util.AcaPciIds;
|
import hirs.attestationca.persist.util.AcaPciIds;
|
||||||
import hirs.utils.BouncyCastleUtils;
|
import hirs.utils.BouncyCastleUtils;
|
||||||
|
import hirs.utils.PciIds;
|
||||||
import lombok.AccessLevel;
|
import lombok.AccessLevel;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
import lombok.extern.log4j.Log4j2;
|
import lombok.extern.log4j.Log4j2;
|
||||||
@ -371,7 +372,7 @@ public final class CertificateStringMapBuilder {
|
|||||||
.findByCertificateSerialNumberAndBoardSerialNumber(
|
.findByCertificateSerialNumberAndBoardSerialNumber(
|
||||||
certificate.getSerialNumber().toString(),
|
certificate.getSerialNumber().toString(),
|
||||||
certificate.getPlatformSerial());
|
certificate.getPlatformSerial());
|
||||||
if (AcaPciIds.DB.isReady()) {
|
if (PciIds.DB.isReady()) {
|
||||||
compResults = AcaPciIds.translateResults(compResults);
|
compResults = AcaPciIds.translateResults(compResults);
|
||||||
}
|
}
|
||||||
data.put("componentResults", compResults);
|
data.put("componentResults", compResults);
|
||||||
@ -381,7 +382,7 @@ public final class CertificateStringMapBuilder {
|
|||||||
if (platformConfiguration != null) {
|
if (platformConfiguration != null) {
|
||||||
//Component Identifier - attempt to translate hardware IDs
|
//Component Identifier - attempt to translate hardware IDs
|
||||||
List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier();
|
List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier();
|
||||||
if (AcaPciIds.DB.isReady()) {
|
if (PciIds.DB.isReady()) {
|
||||||
comps = AcaPciIds.translate(comps);
|
comps = AcaPciIds.translate(comps);
|
||||||
}
|
}
|
||||||
data.put("componentsIdentifier", comps);
|
data.put("componentsIdentifier", comps);
|
||||||
|
@ -38,6 +38,7 @@ dependencies {
|
|||||||
implementation libs.commons.lang3
|
implementation libs.commons.lang3
|
||||||
implementation libs.commons.io
|
implementation libs.commons.io
|
||||||
implementation libs.minimal.json
|
implementation libs.minimal.json
|
||||||
|
implementation libs.pci
|
||||||
|
|
||||||
implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
|
implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
|
||||||
implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
|
implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
|
||||||
|
@ -1,4 +1,73 @@
|
|||||||
package hirs.utils;
|
package hirs.utils;
|
||||||
|
|
||||||
public class PciIds {
|
import com.github.marandus.pciid.service.PciIdsDatabase;
|
||||||
|
import lombok.extern.log4j.Log4j2;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Provide Java access to PCI IDs.
|
||||||
|
*/
|
||||||
|
@Log4j2
|
||||||
|
public final class PciIds {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This pci ids file can be in different places on different distributions.
|
||||||
|
*/
|
||||||
|
public static final List<String> PCI_IDS_PATH =
|
||||||
|
Collections.unmodifiableList(new ArrayList<>() {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
{
|
||||||
|
add("/usr/share/hwdata/pci.ids");
|
||||||
|
add("/usr/share/misc/pci.ids");
|
||||||
|
add("/tmp/pci.ids");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The PCI IDs Database object.
|
||||||
|
*
|
||||||
|
* This only needs to be loaded one time.
|
||||||
|
*
|
||||||
|
* The pci ids library protects the data inside the object by making it immutable.
|
||||||
|
*/
|
||||||
|
public static final PciIdsDatabase DB = new PciIdsDatabase();
|
||||||
|
|
||||||
|
static {
|
||||||
|
if (!DB.isReady()) {
|
||||||
|
String dbFile = null;
|
||||||
|
for (final String path : PCI_IDS_PATH) {
|
||||||
|
if ((new File(path)).exists()) {
|
||||||
|
log.info("PCI IDs file was found {}", path);
|
||||||
|
dbFile = path;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (dbFile != null) {
|
||||||
|
InputStream is = null;
|
||||||
|
try {
|
||||||
|
is = new FileInputStream(new File(dbFile));
|
||||||
|
DB.loadStream(is);
|
||||||
|
} catch (IOException e) {
|
||||||
|
// DB will not be ready, hardware IDs will not be translated
|
||||||
|
dbFile = null;
|
||||||
|
} finally {
|
||||||
|
if (is != null) {
|
||||||
|
try {
|
||||||
|
is.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
dbFile = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user