add pciids to utils and update classes that use it

This commit is contained in:
iadgovuser58 2024-07-01 12:34:22 -04:00
parent e9c0c8c3a1
commit 31715b5ac4
5 changed files with 79 additions and 63 deletions

View File

@ -2,7 +2,6 @@ package hirs.attestationca.persist.util;
import com.github.marandus.pciid.model.Device; import com.github.marandus.pciid.model.Device;
import com.github.marandus.pciid.model.Vendor; import com.github.marandus.pciid.model.Vendor;
import com.github.marandus.pciid.service.PciIdsDatabase;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
@ -12,71 +11,16 @@ import lombok.extern.log4j.Log4j2;
import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.DERUTF8String;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.List; import java.util.List;
import static hirs.utils.PciIds.DB;
/** /**
* Provide Java access to PCI IDs. * Provide Java access to PCI IDs.
*/ */
@Log4j2 @Log4j2
public final class AcaPciIds { public final class AcaPciIds {
/**
* This pci ids file can be in different places on different distributions.
*/
public static final List<String> PCI_IDS_PATH =
Collections.unmodifiableList(new ArrayList<>() {
private static final long serialVersionUID = 1L;
{
add("/usr/share/hwdata/pci.ids");
add("/usr/share/misc/pci.ids");
add("/tmp/pci.ids");
}
});
/**
* The PCI IDs Database object.
*
* This only needs to be loaded one time.
*
* The pci ids library protects the data inside the object by making it immutable.
*/
public static final PciIdsDatabase DB = new PciIdsDatabase();
static {
if (!DB.isReady()) {
String dbFile = null;
for (final String path : PCI_IDS_PATH) {
if ((new File(path)).exists()) {
log.info("PCI IDs file was found {}", path);
dbFile = path;
break;
}
}
if (dbFile != null) {
InputStream is = null;
try {
is = new FileInputStream(new File(dbFile));
DB.loadStream(is);
} catch (IOException e) {
// DB will not be ready, hardware IDs will not be translated
dbFile = null;
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
dbFile = null;
}
}
}
}
}
}
/** /**
* The Component Class TCG Registry OID. * The Component Class TCG Registry OID.

View File

@ -14,6 +14,7 @@ import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport; import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.util.AcaPciIds; import hirs.attestationca.persist.util.AcaPciIds;
import hirs.utils.PciIds;
import hirs.utils.enums.DeviceInfoEnums; import hirs.utils.enums.DeviceInfoEnums;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.codec.digest.DigestUtils;
@ -445,7 +446,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
// is to be displayed as the failure // is to be displayed as the failure
fullDeltaChainComponents.clear(); fullDeltaChainComponents.clear();
for (ComponentIdentifier ci : subCompIdList) { for (ComponentIdentifier ci : subCompIdList) {
if (ci.isVersion2() && AcaPciIds.DB.isReady()) { if (ci.isVersion2() && PciIds.DB.isReady()) {
ci = AcaPciIds.translate((ComponentIdentifierV2) ci); ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
} }
log.error("Unmatched component: " + ci); log.error("Unmatched component: " + ci);
@ -606,7 +607,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
int unmatchedComponentCounter = 1; int unmatchedComponentCounter = 1;
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) { for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
if (unmatchedComponent.isVersion2() && AcaPciIds.DB.isReady()) { if (unmatchedComponent.isVersion2() && PciIds.DB.isReady()) {
unmatchedComponent = unmatchedComponent =
AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent); AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
} }

View File

@ -14,6 +14,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Comp
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.attestationca.persist.util.AcaPciIds; import hirs.attestationca.persist.util.AcaPciIds;
import hirs.utils.BouncyCastleUtils; import hirs.utils.BouncyCastleUtils;
import hirs.utils.PciIds;
import lombok.AccessLevel; import lombok.AccessLevel;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
@ -371,7 +372,7 @@ public final class CertificateStringMapBuilder {
.findByCertificateSerialNumberAndBoardSerialNumber( .findByCertificateSerialNumberAndBoardSerialNumber(
certificate.getSerialNumber().toString(), certificate.getSerialNumber().toString(),
certificate.getPlatformSerial()); certificate.getPlatformSerial());
if (AcaPciIds.DB.isReady()) { if (PciIds.DB.isReady()) {
compResults = AcaPciIds.translateResults(compResults); compResults = AcaPciIds.translateResults(compResults);
} }
data.put("componentResults", compResults); data.put("componentResults", compResults);
@ -381,7 +382,7 @@ public final class CertificateStringMapBuilder {
if (platformConfiguration != null) { if (platformConfiguration != null) {
//Component Identifier - attempt to translate hardware IDs //Component Identifier - attempt to translate hardware IDs
List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier(); List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier();
if (AcaPciIds.DB.isReady()) { if (PciIds.DB.isReady()) {
comps = AcaPciIds.translate(comps); comps = AcaPciIds.translate(comps);
} }
data.put("componentsIdentifier", comps); data.put("componentsIdentifier", comps);

View File

@ -38,6 +38,7 @@ dependencies {
implementation libs.commons.lang3 implementation libs.commons.lang3
implementation libs.commons.io implementation libs.commons.io
implementation libs.minimal.json implementation libs.minimal.json
implementation libs.pci
implementation 'org.apache.logging.log4j:log4j-core:2.19.0' implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
implementation 'org.apache.logging.log4j:log4j-api:2.19.0' implementation 'org.apache.logging.log4j:log4j-api:2.19.0'

View File

@ -1,4 +1,73 @@
package hirs.utils; package hirs.utils;
public class PciIds { import com.github.marandus.pciid.service.PciIdsDatabase;
import lombok.extern.log4j.Log4j2;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/**
* Provide Java access to PCI IDs.
*/
@Log4j2
public final class PciIds {
/**
* This pci ids file can be in different places on different distributions.
*/
public static final List<String> PCI_IDS_PATH =
Collections.unmodifiableList(new ArrayList<>() {
private static final long serialVersionUID = 1L;
{
add("/usr/share/hwdata/pci.ids");
add("/usr/share/misc/pci.ids");
add("/tmp/pci.ids");
}
});
/**
* The PCI IDs Database object.
*
* This only needs to be loaded one time.
*
* The pci ids library protects the data inside the object by making it immutable.
*/
public static final PciIdsDatabase DB = new PciIdsDatabase();
static {
if (!DB.isReady()) {
String dbFile = null;
for (final String path : PCI_IDS_PATH) {
if ((new File(path)).exists()) {
log.info("PCI IDs file was found {}", path);
dbFile = path;
break;
}
}
if (dbFile != null) {
InputStream is = null;
try {
is = new FileInputStream(new File(dbFile));
DB.loadStream(is);
} catch (IOException e) {
// DB will not be ready, hardware IDs will not be translated
dbFile = null;
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
dbFile = null;
}
}
}
}
}
}
} }