ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 05:28:22 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #733 from nsacyber/v3_issue-ignore-revision

Browse Source 
[#707 #705] Delta Component compare part 2 and Policy Addition
This commit is contained in:
Cyrus 2024-03-15 19:41:38 -04:00 committed by GitHub
commit 35ccce2e68
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 1076 additions and 878 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java
View File

@ -17,6 +17,14 @@ public interface ComponentResultRepository extends JpaRepository<ComponentResult
*/ */
List<ComponentResult> findByBoardSerialNumber(String boardSerialNumber); List<ComponentResult> findByBoardSerialNumber(String boardSerialNumber);
/**
* Query based on the device serial number.
* @param boardSerialNumber variable holding the device serial number
* @param delta flag indicating if the component is associated with a delta certificate
* @return a list of component result.
*/
List<ComponentResult> findByBoardSerialNumberAndDelta(String boardSerialNumber, boolean delta);
/** /**
* Query based on certificate serial number and device serial number. * Query based on certificate serial number and device serial number.
* @param certificateSerialNumber certificate specific serial number * @param certificateSerialNumber certificate specific serial number

3
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/PolicySettings.java
View File

@ -41,6 +41,9 @@ public class PolicySettings extends UserDefinedEntity {
@Column(nullable = false, columnDefinition = "boolean default false") @Column(nullable = false, columnDefinition = "boolean default false")
private boolean pcAttributeValidationEnabled = false; private boolean pcAttributeValidationEnabled = false;
@Column(nullable = false, columnDefinition = "boolean default false")
private boolean ignoreRevisionEnabled = false;
@Column(nullable = false, columnDefinition = "boolean default false") @Column(nullable = false, columnDefinition = "boolean default false")
private boolean firmwareValidationEnabled = false; private boolean firmwareValidationEnabled = false;

12
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
View File

@ -26,12 +26,22 @@ import java.util.Objects;
@NoArgsConstructor(access = AccessLevel.PROTECTED) @NoArgsConstructor(access = AccessLevel.PROTECTED)
public class ComponentResult extends ArchivableEntity { public class ComponentResult extends ArchivableEntity {
// String value for the Manufacturer title
public static final String ATTRIBUTE_MANUFACTURER = "Manufacturer";
// String value for the Model title
public static final String ATTRIBUTE_MODEL = "Model";
// String value for the Serial title
public static final String ATTRIBUTE_SERIAL = "Serial";
// String value for the revision title
public static final String ATTRIBUTE_REVISION = "Revision";
// embedded component info // embedded component info
@Setter @Setter
private String manufacturer; private String manufacturer;
@Setter @Setter
private String model; private String model;
@Setter
private String serialNumber; private String serialNumber;
@Setter
private String revisionNumber; private String revisionNumber;
private boolean fieldReplaceable = false; private boolean fieldReplaceable = false;
// this is a string because component class doesn't inherit serializable. // this is a string because component class doesn't inherit serializable.
@ -43,6 +53,8 @@ public class ComponentResult extends ArchivableEntity {
private String componentAddress; private String componentAddress;
private boolean version2 = false; private boolean version2 = false;
@Setter @Setter
private boolean delta = false;
@Setter
private boolean failedValidation; private boolean failedValidation;
private String certificateType; private String certificateType;

35
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java
View File

@ -6,6 +6,7 @@ import lombok.AccessLevel;
import lombok.Getter; import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import org.apache.commons.lang3.StringUtils;
import java.util.UUID; import java.util.UUID;
@ -13,6 +14,9 @@ import java.util.UUID;
* This is tied to the ComponentResult class. If a component has a mismatched * This is tied to the ComponentResult class. If a component has a mismatched
* value from what the device has listed, this class represents which attribute * value from what the device has listed, this class represents which attribute
* of that component mismatched. * of that component mismatched.
*
* If this is a delta issue, the component ID would be set to null if the
* remove or modified don't exist.
*/ */
@Entity @Entity
@Getter @Getter
@ -22,6 +26,9 @@ public class ComponentAttributeResult extends ArchivableEntity {
private UUID componentId; private UUID componentId;
@Setter @Setter
private UUID provisionSessionId; private UUID provisionSessionId;
// this is used to identify Revision for the ignore policy
@Setter
private String attribute;
private String expectedValue; private String expectedValue;
private String actualValue; private String actualValue;
@ -39,6 +46,22 @@ public class ComponentAttributeResult extends ArchivableEntity {
this.actualValue = actualValue; this.actualValue = actualValue;
} }
/**
* Default constructor that populates the expected and actual values.
* @param componentId id associated with component result
* @param provisionSessionId an id for the associated provision
* @param expectedValue platform certificate value
* @param actualValue paccor value from the device
*/
public ComponentAttributeResult(final UUID componentId,
final UUID provisionSessionId,
final String expectedValue,
final String actualValue) {
this.componentId = componentId;
this.expectedValue = expectedValue;
this.actualValue = actualValue;
}
/** /**
* This method is used to check the mismatched status flag for * This method is used to check the mismatched status flag for
* displaying red if there is a failure. * displaying red if there is a failure.
@ -46,4 +69,16 @@ public class ComponentAttributeResult extends ArchivableEntity {
public boolean checkMatchedStatus() { public boolean checkMatchedStatus() {
return this.actualValue.equals(this.expectedValue); return this.actualValue.equals(this.expectedValue);
} }
/**
* For the state of the object, this shouldn't be negative.
* @return the string value of the attribute name
*/
public String getAttribute() {
if (attribute == null) {
attribute = "";
}
return attribute;
}
} }

14
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
View File

@ -225,7 +225,13 @@ public class IdentityClaimProcessor extends AbstractProcessor {
platformCredential.getSerialNumber().toString(), platformCredential.getSerialNumber().toString(),
platformCredential.getPlatformSerial()); platformCredential.getPlatformSerial());
if (componentResults.isEmpty()) { if (componentResults.isEmpty()) {
handlePlatformComponents(platformCredential); savePlatformComponents(platformCredential);
} else {
componentResults.stream().forEach((componentResult) -> {
componentResult.restore();
componentResult.resetCreateTime();
componentResultRepository.save(componentResult);
});
} }
} }
@ -628,9 +634,8 @@ public class IdentityClaimProcessor extends AbstractProcessor {
return true; return true;
} }
private int handlePlatformComponents(final Certificate certificate) { private void savePlatformComponents(final Certificate certificate) {
PlatformCredential platformCredential; PlatformCredential platformCredential;
int componentResults = 0;
if (certificate instanceof PlatformCredential) { if (certificate instanceof PlatformCredential) {
platformCredential = (PlatformCredential) certificate; platformCredential = (PlatformCredential) certificate;
ComponentResult componentResult; ComponentResult componentResult;
@ -642,11 +647,10 @@ public class IdentityClaimProcessor extends AbstractProcessor {
platformCredential.getPlatformChainType(), platformCredential.getPlatformChainType(),
componentIdentifier); componentIdentifier);
componentResult.setFailedValidation(false); componentResult.setFailedValidation(false);
componentResult.setDelta(!platformCredential.isPlatformBase());
componentResultRepository.save(componentResult); componentResultRepository.save(componentResult);
componentResults++;
} }
} }
return componentResults;
} }
private int handleDeviceComponents(final String hostName, final String paccorString) { private int handleDeviceComponents(final String hostName, final String paccorString) {

33
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
View File

@ -124,7 +124,9 @@ public class SupplyChainValidationService {
// Validate the Endorsement Credential // Validate the Endorsement Credential
if (getPolicySettings().isEcValidationEnabled()) { if (getPolicySettings().isEcValidationEnabled()) {
log.info("Beginning Endorsement Credential Validation..."); log.info("Beginning Endorsement Credential Validation...");
validations.add(ValidationService.evaluateEndorsementCredentialStatus(ec, this.caCredentialRepository, acceptExpiredCerts)); validations.add(ValidationService
.evaluateEndorsementCredentialStatus(ec,
this.caCredentialRepository, acceptExpiredCerts));
// store the device with the credential // store the device with the credential
if (ec != null) { if (ec != null) {
ec.setDeviceId(device.getId()); ec.setDeviceId(device.getId());
@ -219,18 +221,17 @@ public class SupplyChainValidationService {
// There are delta certificates, so the code need to build a new list of // There are delta certificates, so the code need to build a new list of
// certificate components to then compare against the device component list // certificate components to then compare against the device component list
aes.addAll(basePlatformScv.getCertificatesUsed()); aes.addAll(basePlatformScv.getCertificatesUsed());
Iterator<PlatformCredential> it = pcs.iterator();
while (it.hasNext()) { attributeScv = ValidationService.evaluateDeltaAttributesStatus(
PlatformCredential pc = it.next(); device.getDeviceInfo(),
if (pc != null && !pc.isPlatformBase()) { baseCredential, deltaMapping, certificateRepository,
attributeScv = ValidationService.evaluateDeltaAttributesStatus( componentResultRepository,
pc, device.getDeviceInfo(), componentAttributeRepository,
baseCredential, deltaMapping, certificateRepository); componentInfos, provisionSessionId,
if (attributeScv.getValidationResult() == AppraisalStatus.Status.FAIL) { getPolicySettings().isIgnoreRevisionEnabled());
attrErrorMessage = String.format("%s%s%n", attrErrorMessage, if (attributeScv.getValidationResult() == AppraisalStatus.Status.FAIL) {
attributeScv.getMessage()); attrErrorMessage = String.format("%s%s%n", attrErrorMessage,
} attributeScv.getMessage());
}
} }
} else { } else {
// validate attributes for a single base platform certificate // validate attributes for a single base platform certificate
@ -240,7 +241,8 @@ public class SupplyChainValidationService {
platformScv = ValidationService.evaluatePCAttributesStatus( platformScv = ValidationService.evaluatePCAttributesStatus(
baseCredential, device.getDeviceInfo(), ec, baseCredential, device.getDeviceInfo(), ec,
certificateRepository, componentResultRepository, certificateRepository, componentResultRepository,
componentAttributeRepository, componentInfos, provisionSessionId); componentAttributeRepository, componentInfos, provisionSessionId,
getPolicySettings().isIgnoreRevisionEnabled());
validations.add(new SupplyChainValidation( validations.add(new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL, SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
platformScv.getValidationResult(), aes, platformScv.getMessage())); platformScv.getValidationResult(), aes, platformScv.getMessage()));
@ -390,7 +392,8 @@ public class SupplyChainValidationService {
PolicySettings defaultSettings = this.policyRepository.findByName("Default"); PolicySettings defaultSettings = this.policyRepository.findByName("Default");
if (defaultSettings == null) { if (defaultSettings == null) {
defaultSettings = new PolicySettings("Default", "Settings are configured for no validation flags set."); defaultSettings = new PolicySettings("Default",
"Settings are configured for no validation flags set.");
} }
return defaultSettings; return defaultSettings;
} }

33
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
View File

@ -109,7 +109,7 @@ public class ValidationService {
final ComponentResultRepository componentResultRepository, final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository, final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos, final List<ComponentInfo> componentInfos,
final UUID provisionSessionId) { final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final SupplyChainValidation.ValidationType validationType final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES; = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES;
@ -123,7 +123,7 @@ public class ValidationService {
AppraisalStatus result = CredentialValidator. AppraisalStatus result = CredentialValidator.
validatePlatformCredentialAttributes(pc, deviceInfoReport, ec, validatePlatformCredentialAttributes(pc, deviceInfoReport, ec,
componentResultRepository, componentAttributeRepository, componentResultRepository, componentAttributeRepository,
componentInfos, provisionSessionId); componentInfos, provisionSessionId, ignoreRevisionAttribute);
switch (result.getAppStatus()) { switch (result.getAppStatus()) {
case PASS: case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
@ -144,28 +144,27 @@ public class ValidationService {
} }
public static SupplyChainValidation evaluateDeltaAttributesStatus( public static SupplyChainValidation evaluateDeltaAttributesStatus(
final PlatformCredential delta,
final DeviceInfoReport deviceInfoReport, final DeviceInfoReport deviceInfoReport,
final PlatformCredential base, final PlatformCredential base,
final Map<PlatformCredential, SupplyChainValidation> deltaMapping, final Map<PlatformCredential, SupplyChainValidation> deltaMapping,
final CertificateRepository certificateRepository) { final CertificateRepository certificateRepository,
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos,
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final SupplyChainValidation.ValidationType validationType final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES; = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES;
if (delta == null) {
log.error("No delta certificate to validate");
return buildValidationRecord(validationType,
AppraisalStatus.Status.FAIL, "Delta platform certificate is missing",
null, Level.ERROR);
}
log.info("Validating delta platform certificate attributes"); log.info("Validating delta platform certificate attributes");
AppraisalStatus result = CertificateAttributeScvValidator. AppraisalStatus result = CredentialValidator.
validateDeltaPlatformCredentialAttributes(delta, deviceInfoReport, validateDeltaPlatformCredentialAttributes(deviceInfoReport,
base, deltaMapping); base, deltaMapping, componentInfos,
componentResultRepository, componentAttributeRepository,
provisionSessionId, ignoreRevisionAttribute);
switch (result.getAppStatus()) { switch (result.getAppStatus()) {
case PASS: case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
result.getMessage(), delta, Level.INFO); result.getMessage(), base, Level.INFO);
case FAIL: case FAIL:
if (!result.getAdditionalInfo().isEmpty()) { if (!result.getAdditionalInfo().isEmpty()) {
base.setComponentFailures(result.getAdditionalInfo()); base.setComponentFailures(result.getAdditionalInfo());
@ -173,13 +172,13 @@ public class ValidationService {
certificateRepository.save(base); certificateRepository.save(base);
} }
// we are adding things to componentFailures // we are adding things to componentFailures
certificateRepository.save(delta); // certificateRepository.save(delta);
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), delta, Level.WARN); result.getMessage(), base, Level.WARN);
case ERROR: case ERROR:
default: default:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), delta, Level.ERROR); result.getMessage(), base, Level.ERROR);
} }
} }

24
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java
View File

@ -13,14 +13,23 @@ import java.util.List;
import java.util.ListIterator; import java.util.ListIterator;
@Log4j2 @Log4j2
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class CredentialHelper { public final class CredentialHelper {
/**
* Small method to check if the certificate is a PEM.
* @param possiblePEM header information
* @return true if it is.
*/
public static boolean isPEM(final String possiblePEM) { public static boolean isPEM(final String possiblePEM) {
return possiblePEM.contains(CertificateVariables.PEM_HEADER) return possiblePEM.contains(CertificateVariables.PEM_HEADER)
|| possiblePEM.contains(CertificateVariables.PEM_ATTRIBUTE_HEADER); || possiblePEM.contains(CertificateVariables.PEM_ATTRIBUTE_HEADER);
} }
/**
* Small method to check if there are multi pem files
* @param possiblePEM header information
* @return true if it is.
*/
public static boolean isMultiPEM(final String possiblePEM) { public static boolean isMultiPEM(final String possiblePEM) {
boolean multiPem = false; boolean multiPem = false;
int iniIndex = possiblePEM.indexOf(CertificateVariables.PEM_HEADER); int iniIndex = possiblePEM.indexOf(CertificateVariables.PEM_HEADER);
@ -34,6 +43,11 @@ public final class CredentialHelper {
return multiPem; return multiPem;
} }
/**
* Method to remove header footer information from PEM
* @param pemFile string representation of the file
* @return a cleaned up raw byte object
*/
public static byte[] stripPemHeaderFooter(final String pemFile) { public static byte[] stripPemHeaderFooter(final String pemFile) {
String strippedFile; String strippedFile;
strippedFile = pemFile.replace(CertificateVariables.PEM_HEADER, ""); strippedFile = pemFile.replace(CertificateVariables.PEM_HEADER, "");
@ -43,13 +57,19 @@ public final class CredentialHelper {
return Base64.decode(strippedFile); return Base64.decode(strippedFile);
} }
/**
* The method is used to remove unwanted spaces and other artifacts from the certificate.
* @param certificateBytes raw byte form
* @return a cleaned up byte form
*/
@SuppressWarnings("magicnumber") @SuppressWarnings("magicnumber")
public static byte[] trimCertificate(final byte[] certificateBytes) { public static byte[] trimCertificate(final byte[] certificateBytes) {
int certificateStart = 0; int certificateStart = 0;
int certificateLength = 0; int certificateLength = 0;
ByteBuffer certificateByteBuffer = ByteBuffer.wrap(certificateBytes); ByteBuffer certificateByteBuffer = ByteBuffer.wrap(certificateBytes);
StringBuilder malformedCertStringBuilder = new StringBuilder(CertificateVariables.MALFORMED_CERT_MESSAGE); StringBuilder malformedCertStringBuilder = new StringBuilder(
CertificateVariables.MALFORMED_CERT_MESSAGE);
while (certificateByteBuffer.hasRemaining()) { while (certificateByteBuffer.hasRemaining()) {
// Check if there isn't an ASN.1 structure in the provided bytes // Check if there isn't an ASN.1 structure in the provided bytes
if (certificateByteBuffer.remaining() <= 2) { if (certificateByteBuffer.remaining() <= 2) {

10
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/PciIds.java
View File

@ -5,11 +5,8 @@ import com.github.marandus.pciid.model.Vendor;
import com.github.marandus.pciid.service.PciIdsDatabase; import com.github.marandus.pciid.service.PciIdsDatabase;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.ASN1UTF8String;
@ -27,7 +24,6 @@ import java.util.List;
* Provide Java access to PCI IDs. * Provide Java access to PCI IDs.
*/ */
@Log4j2 @Log4j2
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public final class PciIds { public final class PciIds {
/** /**
* This pci ids file can be in different places on different distributions. * This pci ids file can be in different places on different distributions.
@ -150,8 +146,10 @@ public final class PciIds {
final String compClassValue = component.getComponentClass().getCategory(); final String compClassValue = component.getComponentClass().getCategory();
if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC) if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC)
|| compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) { || compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) {
DERUTF8String manufacturer = (DERUTF8String) translateVendor(component.getComponentManufacturer()); DERUTF8String manufacturer = (DERUTF8String) translateVendor(
DERUTF8String model = (DERUTF8String) translateDevice(component.getComponentManufacturer(), component.getComponentManufacturer());
DERUTF8String model = (DERUTF8String) translateDevice(
component.getComponentManufacturer(),
component.getComponentModel()); component.getComponentModel());
newComponent = new ComponentIdentifierV2(component.getComponentClass(), newComponent = new ComponentIdentifierV2(component.getComponentClass(),

981
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
View File

File diff suppressed because it is too large Load Diff

74
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
View File

@ -2,6 +2,8 @@ package hirs.attestationca.persist.validation;
import hirs.attestationca.persist.entity.manager.ComponentAttributeRepository; import hirs.attestationca.persist.entity.manager.ComponentAttributeRepository;
import hirs.attestationca.persist.entity.manager.ComponentResultRepository; import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo; import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
@ -18,6 +20,7 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.UUID; import java.util.UUID;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.ERROR; import static hirs.attestationca.persist.enums.AppraisalStatus.Status.ERROR;
@ -168,6 +171,8 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
* @param componentResultRepository db access to component result of mismatching * @param componentResultRepository db access to component result of mismatching
* @param componentAttributeRepository db access to component attribute match status * @param componentAttributeRepository db access to component attribute match status
* @param componentInfos list of device components * @param componentInfos list of device components
* @param provisionSessionId UUID associated with this run of the provision
* @param ignoreRevisionAttribute policy flag to ignore the revision attribute
* @return The result of the validation. * @return The result of the validation.
*/ */
public static AppraisalStatus validatePlatformCredentialAttributes( public static AppraisalStatus validatePlatformCredentialAttributes(
@ -177,7 +182,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
final ComponentResultRepository componentResultRepository, final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository, final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos, final List<ComponentInfo> componentInfos,
final UUID provisionSessionId) { final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final String baseErrorMessage = "Can't validate platform credential attributes without "; final String baseErrorMessage = "Can't validate platform credential attributes without ";
String message; String message;
if (platformCredential == null) { if (platformCredential == null) {
@ -209,9 +214,74 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
if (PlatformCredential.CERTIFICATE_TYPE_2_0.equals(credentialType)) { if (PlatformCredential.CERTIFICATE_TYPE_2_0.equals(credentialType)) {
return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV2p0( return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV2p0(
platformCredential, deviceInfoReport, componentResultRepository, platformCredential, deviceInfoReport, componentResultRepository,
componentAttributeRepository, componentInfos, provisionSessionId); componentAttributeRepository, componentInfos, provisionSessionId,
ignoreRevisionAttribute);
} }
return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV1p2( return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV1p2(
platformCredential, deviceInfoReport); platformCredential, deviceInfoReport);
} }
/**
* Checks if the delta credential's attributes are valid.
* @param deviceInfoReport The device info report containing
* serial number of the platform to be validated.
* @param basePlatformCredential the base credential from the same identity request
* * as the delta credential.
* @param deltaMapping delta certificates associated with the
* * delta supply validation.
* @param componentInfos list of device components
* @param componentResultRepository repository for component results
* @param componentAttributeRepository repository for the attribute status
* @param provisionSessionId the session id to share
* @return the result of the validation.
*/
public static AppraisalStatus validateDeltaPlatformCredentialAttributes(
final DeviceInfoReport deviceInfoReport,
final PlatformCredential basePlatformCredential,
final Map<PlatformCredential, SupplyChainValidation> deltaMapping,
final List<ComponentInfo> componentInfos,
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final String baseErrorMessage = "Can't validate platform credential attributes without ";
String message;
// this needs to be a loop for all deltas, link to issue #110
// check that they don't have the same serial number
for (PlatformCredential pc : deltaMapping.keySet()) {
if (!basePlatformCredential.getPlatformSerial()
.equals(pc.getPlatformSerial())) {
message = String.format("Base and Delta platform serial "
+ "numbers do not match (%s != %s)",
pc.getPlatformSerial(),
basePlatformCredential.getPlatformSerial());
log.error(message);
return new AppraisalStatus(FAIL, message);
}
// none of the deltas should have the serial number of the base
if (!pc.isPlatformBase() && basePlatformCredential.getSerialNumber()
.equals(pc.getSerialNumber())) {
message = String.format("Delta Certificate with same serial number as base. (%s)",
pc.getSerialNumber());
log.error(message);
return new AppraisalStatus(FAIL, message);
}
}
if (componentInfos.isEmpty()) {
message = baseErrorMessage + "a list of device components";
return new AppraisalStatus(FAIL, message);
}
// parse out the provided delta and its specific chain.
List<ComponentResult> origPcComponents = componentResultRepository
.findByCertificateSerialNumberAndBoardSerialNumber(
basePlatformCredential.getSerialNumber().toString(),
basePlatformCredential.getPlatformSerial());
return CertificateAttributeScvValidator.validateDeltaAttributesChainV2p0(
deviceInfoReport, deltaMapping, origPcComponents, componentInfos,
componentResultRepository,
componentAttributeRepository, provisionSessionId, ignoreRevisionAttribute);
}
} }

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java
View File

@ -35,6 +35,15 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
private static PcrValidator pcrValidator; private static PcrValidator pcrValidator;
/**
*
* @param device
* @param policySettings
* @param referenceManifestRepository
* @param referenceDigestValueRepository
* @param caCredentialRepository
* @return
*/
@SuppressWarnings("methodlength") @SuppressWarnings("methodlength")
public static AppraisalStatus validateFirmware( public static AppraisalStatus validateFirmware(
final Device device, final PolicySettings policySettings, final Device device, final PolicySettings policySettings,

17
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
View File

@ -149,10 +149,12 @@ public class PcrValidator {
} else { } else {
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) { if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
log.info(String.format("GPT Ignored -> %s", tpe)); log.info(String.format("GPT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getEventTypeStr().contains(EVT_EFI_BOOT) } else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) { || tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
log.info(String.format("OS Evt Ignored -> %s", tpe)); log.info(String.format("OS Evt Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getEventTypeStr().contains(EVT_EFI_CFG) } else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
&& tpe.getEventContentStr().contains("SecureBoot"))) { && tpe.getEventContentStr().contains("SecureBoot"))) {
log.info(String.format("OS Evt Config Ignored -> %s", tpe)); log.info(String.format("OS Evt Config Ignored -> %s", tpe));
} else { } else {
@ -208,12 +210,11 @@ public class PcrValidator {
tpmQuote, pcrComposite); tpmQuote, pcrComposite);
try { try {
/**
* The calculated string is being used in the contains method // The calculated string is being used in the contains method
* because the TPM Quote's hash isn't just for PCR values, // because the TPM Quote's hash isn't just for PCR values,
* it contains the calculated digest of the PCRs, along with // it contains the calculated digest of the PCRs, along with
* other information. // other information.
*/
String calculatedString = Hex.encodeHexString( String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest()); pcrInfoShort.getCalculatedDigest());
validated = quoteString.contains(calculatedString); validated = quoteString.contains(calculatedString);

21
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java
View File

@ -38,6 +38,9 @@ import java.util.Set;
@NoArgsConstructor @NoArgsConstructor
public class SupplyChainCredentialValidator { public class SupplyChainCredentialValidator {
/**
* used to identify and clear a nuc
*/
public static final int NUC_VARIABLE_BIT = 159; public static final int NUC_VARIABLE_BIT = 159;
/** /**
* AppraisalStatus message for a valid endorsement credential appraisal. * AppraisalStatus message for a valid endorsement credential appraisal.
@ -233,7 +236,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static String validateCertChain(final X509Certificate cert, public static String validateCertChain(final X509Certificate cert,
final Set<X509Certificate> additionalCerts) throws SupplyChainValidatorException { final Set<X509Certificate> additionalCerts)
throws SupplyChainValidatorException {
if (cert == null || additionalCerts == null) { if (cert == null || additionalCerts == null) {
throw new SupplyChainValidatorException( throw new SupplyChainValidatorException(
"Certificate or validation certificates are null"); "Certificate or validation certificates are null");
@ -337,7 +341,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static boolean issuerMatchesSubjectDN(final X509AttributeCertificateHolder cert, public static boolean issuerMatchesSubjectDN(final X509AttributeCertificateHolder cert,
final X509Certificate signingCert) throws SupplyChainValidatorException { final X509Certificate signingCert)
throws SupplyChainValidatorException {
if (cert == null || signingCert == null) { if (cert == null || signingCert == null) {
throw new SupplyChainValidatorException("Certificate or signing certificate is null"); throw new SupplyChainValidatorException("Certificate or signing certificate is null");
} }
@ -362,7 +367,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static boolean issuerMatchesSubjectDN(final X509Certificate cert, public static boolean issuerMatchesSubjectDN(final X509Certificate cert,
final X509Certificate signingCert) throws SupplyChainValidatorException { final X509Certificate signingCert)
throws SupplyChainValidatorException {
if (cert == null || signingCert == null) { if (cert == null || signingCert == null) {
throw new SupplyChainValidatorException("Certificate or signing certificate is null"); throw new SupplyChainValidatorException("Certificate or signing certificate is null");
} }
@ -389,7 +395,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static boolean signatureMatchesPublicKey(final X509Certificate cert, public static boolean signatureMatchesPublicKey(final X509Certificate cert,
final X509Certificate signingCert) throws SupplyChainValidatorException { final X509Certificate signingCert)
throws SupplyChainValidatorException {
if (cert == null || signingCert == null) { if (cert == null || signingCert == null) {
throw new SupplyChainValidatorException("Certificate or signing certificate is null"); throw new SupplyChainValidatorException("Certificate or signing certificate is null");
} }
@ -424,7 +431,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static boolean signatureMatchesPublicKey(final X509AttributeCertificateHolder cert, public static boolean signatureMatchesPublicKey(final X509AttributeCertificateHolder cert,
final X509Certificate signingCert) throws SupplyChainValidatorException { final X509Certificate signingCert)
throws SupplyChainValidatorException {
if (signingCert == null) { if (signingCert == null) {
throw new SupplyChainValidatorException("Signing certificate is null"); throw new SupplyChainValidatorException("Signing certificate is null");
} }
@ -442,7 +450,8 @@ public class SupplyChainCredentialValidator {
* @throws SupplyChainValidatorException tried to validate using null certificates * @throws SupplyChainValidatorException tried to validate using null certificates
*/ */
public static boolean signatureMatchesPublicKey(final X509AttributeCertificateHolder cert, public static boolean signatureMatchesPublicKey(final X509AttributeCertificateHolder cert,
final PublicKey signingKey) throws SupplyChainValidatorException { final PublicKey signingKey)
throws SupplyChainValidatorException {
if (cert == null || signingKey == null) { if (cert == null || signingKey == null) {
throw new SupplyChainValidatorException("Certificate or signing certificate is null"); throw new SupplyChainValidatorException("Certificate or signing certificate is null");
} }

544
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
View File

@ -345,7 +345,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -377,7 +377,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -408,7 +408,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -441,7 +441,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -473,7 +473,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -504,7 +504,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -535,7 +535,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, CredentialValidator.validatePlatformCredentialAttributes(pc,
deviceInfoReport, ec, null, null, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -570,7 +570,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes( CredentialValidator.validatePlatformCredentialAttributes(
pc, deviceInfoReport, ec, null, null, pc, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals(expectedMessage, result.getMessage()); assertEquals(expectedMessage, result.getMessage());
} }
@ -603,7 +603,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes( CredentialValidator.validatePlatformCredentialAttributes(
pc, deviceInfoReport, ec, null, null, pc, deviceInfoReport, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals(expectedMessage, result.getMessage()); assertEquals(expectedMessage, result.getMessage());
} }
@ -984,7 +984,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc, null, ec, null, null, CredentialValidator.validatePlatformCredentialAttributes(pc, null, ec, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals(expectedMessage, result.getMessage()); assertEquals(expectedMessage, result.getMessage());
} }
@ -1241,7 +1241,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null, .validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, assertEquals(AppraisalStatus.Status.PASS,
appraisalStatus.getAppStatus()); appraisalStatus.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
@ -1261,7 +1261,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null, .validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, appraisalStatus.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, appraisalStatus.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
appraisalStatus.getMessage()); appraisalStatus.getMessage());
@ -1283,7 +1283,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null, .validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, appraisalStatus.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, appraisalStatus.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
appraisalStatus.getMessage()); appraisalStatus.getMessage());
@ -1307,7 +1307,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null, .validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, appraisalStatus.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, appraisalStatus.getAppStatus());
} }
@ -1324,7 +1324,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1332,7 +1332,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Platform manufacturer did not match\n", result.getMessage()); assertEquals("Platform manufacturer did not match\n", result.getMessage());
@ -1340,7 +1340,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1348,7 +1348,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL); assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
assertEquals(result.getMessage(), "Platform model did not match\n"); assertEquals(result.getMessage(), "Platform model did not match\n");
@ -1356,7 +1356,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1364,13 +1364,13 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
platformCredential = setupMatchingPlatformCredential(deviceInfoReport); platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1378,7 +1378,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1387,7 +1387,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1398,7 +1398,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component manufacturer is empty\n", result.getMessage()); assertEquals("Component manufacturer is empty\n", result.getMessage());
@ -1406,7 +1406,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1416,7 +1416,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component model is empty\n", result.getMessage()); assertEquals("Component model is empty\n", result.getMessage());
@ -1436,7 +1436,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1444,7 +1444,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Platform manufacturer did not match\n", result.getMessage()); assertEquals("Platform manufacturer did not match\n", result.getMessage());
@ -1452,7 +1452,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1460,7 +1460,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Platform model did not match\n", result.getMessage()); assertEquals("Platform model did not match\n", result.getMessage());
@ -1468,7 +1468,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1476,7 +1476,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Platform serial did not match\n", result.getMessage()); assertEquals("Platform serial did not match\n", result.getMessage());
@ -1484,7 +1484,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1492,7 +1492,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Platform version did not match\n", result.getMessage()); assertEquals("Platform version did not match\n", result.getMessage());
@ -1500,7 +1500,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1511,7 +1511,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component manufacturer is empty\n" assertEquals("Component manufacturer is empty\n"
+ "There are unmatched components:\n" + "There are unmatched components:\n"
@ -1523,7 +1523,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1533,7 +1533,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component model is empty\n", result.getMessage()); assertEquals("Component model is empty\n", result.getMessage());
} }
@ -1552,7 +1552,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1574,7 +1574,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("There are unmatched components:\n" assertEquals("There are unmatched components:\n"
+ "Manufacturer=ACME, Model=TNT, Serial=2, Revision=1.1;\n", + "Manufacturer=ACME, Model=TNT, Serial=2, Revision=1.1;\n",
@ -1600,7 +1600,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1608,7 +1608,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1628,7 +1628,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1641,7 +1641,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component manufacturer is empty\n" assertEquals("Component manufacturer is empty\n"
+ "There are unmatched components:\n" + "There are unmatched components:\n"
@ -1653,7 +1653,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1665,7 +1665,7 @@ public class SupplyChainCredentialValidatorTest {
result = CertificateAttributeScvValidator result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus()); assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("Component model is empty\n", result.getMessage()); assertEquals("Component model is empty\n", result.getMessage());
} }
@ -1695,7 +1695,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1726,7 +1726,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1759,7 +1759,7 @@ public class SupplyChainCredentialValidatorTest {
AppraisalStatus result = CertificateAttributeScvValidator AppraisalStatus result = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, .validatePlatformCredentialAttributesV2p0(platformCredential,
deviceInfoReport, null, null, deviceInfoReport, null, null,
Collections.emptyList(), UUID.randomUUID()); Collections.emptyList(), UUID.randomUUID(), false);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus()); assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID, assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage()); result.getMessage());
@ -1774,131 +1774,131 @@ public class SupplyChainCredentialValidatorTest {
// @Test // @Test
public final void testValidateDeltaPlatformCredentialAttributes() public final void testValidateDeltaPlatformCredentialAttributes()
throws IOException, URISyntaxException { throws IOException, URISyntaxException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents( // DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents(
SAMPLE_PACCOR_OUTPUT_TXT); // SAMPLE_PACCOR_OUTPUT_TXT);
PlatformCredential base = mock(PlatformCredential.class); // PlatformCredential base = mock(PlatformCredential.class);
PlatformCredential delta1 = mock(PlatformCredential.class); // PlatformCredential delta1 = mock(PlatformCredential.class);
PlatformCredential delta2 = mock(PlatformCredential.class); // PlatformCredential delta2 = mock(PlatformCredential.class);
//
// ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00010002"),
// new DERUTF8String("Intel"),
// new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
// new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
// ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00050004"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("Ethernet Connection I217-V-faulty"),
// new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00090002"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("82580 Gigabit Network Connection-faulty"),
// new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00050004"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("Ethernet Connection I217-V"),
// new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// AttributeStatus.ADDED);
// ComponentIdentifierV2 deltaCompId3 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00090002"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("82580 Gigabit Network Connection"),
// new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// AttributeStatus.ADDED);
//
// ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
// ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
// ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
// ciV21Faulty.setComponentClass(compId2.getComponentClass());
// ciV21Faulty.setComponentModel(compId2.getComponentModel());
// ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
// ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
// ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
// ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
// ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
// ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
// ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
// ciV22Faulty.setComponentClass(compId3.getComponentClass());
// ciV22Faulty.setComponentModel(compId3.getComponentModel());
// ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
// ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
// ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
// ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
// ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
// ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
//
// List<ComponentIdentifier> compList = new ArrayList<>(3);
// compList.add(compId1);
// compList.add(compId2);
// compList.add(compId3);
//
// List<ComponentIdentifier> delta1List = new ArrayList<>(2);
// delta1List.add(ciV21Faulty);
// delta1List.add(deltaCompId2);
// List<ComponentIdentifier> delta2List = new ArrayList<>(2);
// delta1List.add(ciV22Faulty);
// delta1List.add(deltaCompId3);
//
// when(base.isPlatformBase()).thenReturn(true);
// when(delta1.isPlatformBase()).thenReturn(false);
// when(delta2.isPlatformBase()).thenReturn(false);
// when(base.getManufacturer()).thenReturn("innotek GmbH");
// when(base.getModel()).thenReturn("VirtualBox");
// when(base.getVersion()).thenReturn("1.2");
// when(base.getPlatformSerial()).thenReturn("62UIAE5");
// when(delta1.getPlatformSerial()).thenReturn("62UIAE5");
// when(delta2.getPlatformSerial()).thenReturn("62UIAE5");
// when(base.getPlatformChainType()).thenReturn("base");
// when(delta1.getPlatformChainType()).thenReturn("delta");
// when(delta2.getPlatformChainType()).thenReturn("delta");
// when(base.getSerialNumber()).thenReturn(BigInteger.valueOf(01));
// when(delta1.getSerialNumber()).thenReturn(BigInteger.valueOf(39821));
// when(delta2.getSerialNumber()).thenReturn(BigInteger.valueOf(39822));
// when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(02));
// when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(39821));
// when(base.getComponentIdentifiers()).thenReturn(compList);
// when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
// when(delta2.getComponentIdentifiers()).thenReturn(delta2List);
//
// Map<PlatformCredential, SupplyChainValidation> chainCredentials = new HashMap<>(0);
// List<ArchivableEntity> certsUsed = new ArrayList<>();
// certsUsed.add(base);
// chainCredentials.put(base, new SupplyChainValidation(
// SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
// AppraisalStatus.Status.PASS, certsUsed, ""));
// certsUsed.clear();
// certsUsed.add(delta1);
// chainCredentials.put(delta1, new SupplyChainValidation(
// SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
// AppraisalStatus.Status.PASS, certsUsed, ""));
// certsUsed.clear();
// certsUsed.add(delta2);
// chainCredentials.put(delta2, new SupplyChainValidation(
// SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
// AppraisalStatus.Status.PASS, certsUsed, ""));
ComponentIdentifierV2 compId1 = new ComponentIdentifierV2( // AppraisalStatus result = CredentialValidator
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass() // .validateDeltaPlatformCredentialAttributes(delta2,
.getResource(JSON_FILE)).toURI()), "0x00010002"), // deviceInfoReport, base, chainCredentials);
new DERUTF8String("Intel"), // assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"), // assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null, // result.getMessage());
ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V-faulty"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection-faulty"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
AttributeStatus.ADDED);
ComponentIdentifierV2 deltaCompId3 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
AttributeStatus.ADDED);
ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
ciV21Faulty.setComponentClass(compId2.getComponentClass());
ciV21Faulty.setComponentModel(compId2.getComponentModel());
ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
ciV22Faulty.setComponentClass(compId3.getComponentClass());
ciV22Faulty.setComponentModel(compId3.getComponentModel());
ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
List<ComponentIdentifier> compList = new ArrayList<>(3);
compList.add(compId1);
compList.add(compId2);
compList.add(compId3);
List<ComponentIdentifier> delta1List = new ArrayList<>(2);
delta1List.add(ciV21Faulty);
delta1List.add(deltaCompId2);
List<ComponentIdentifier> delta2List = new ArrayList<>(2);
delta1List.add(ciV22Faulty);
delta1List.add(deltaCompId3);
when(base.isPlatformBase()).thenReturn(true);
when(delta1.isPlatformBase()).thenReturn(false);
when(delta2.isPlatformBase()).thenReturn(false);
when(base.getManufacturer()).thenReturn("innotek GmbH");
when(base.getModel()).thenReturn("VirtualBox");
when(base.getVersion()).thenReturn("1.2");
when(base.getPlatformSerial()).thenReturn("62UIAE5");
when(delta1.getPlatformSerial()).thenReturn("62UIAE5");
when(delta2.getPlatformSerial()).thenReturn("62UIAE5");
when(base.getPlatformChainType()).thenReturn("base");
when(delta1.getPlatformChainType()).thenReturn("delta");
when(delta2.getPlatformChainType()).thenReturn("delta");
when(base.getSerialNumber()).thenReturn(BigInteger.valueOf(01));
when(delta1.getSerialNumber()).thenReturn(BigInteger.valueOf(39821));
when(delta2.getSerialNumber()).thenReturn(BigInteger.valueOf(39822));
when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(02));
when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(39821));
when(base.getComponentIdentifiers()).thenReturn(compList);
when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
when(delta2.getComponentIdentifiers()).thenReturn(delta2List);
Map<PlatformCredential, SupplyChainValidation> chainCredentials = new HashMap<>(0);
List<ArchivableEntity> certsUsed = new ArrayList<>();
certsUsed.add(base);
chainCredentials.put(base, new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.PASS, certsUsed, ""));
certsUsed.clear();
certsUsed.add(delta1);
chainCredentials.put(delta1, new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.PASS, certsUsed, ""));
certsUsed.clear();
certsUsed.add(delta2);
chainCredentials.put(delta2, new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.PASS, certsUsed, ""));
AppraisalStatus result = CertificateAttributeScvValidator
.validateDeltaPlatformCredentialAttributes(delta2,
deviceInfoReport, base, chainCredentials);
assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
result.getMessage());
} }
/** /**
@ -1910,108 +1910,108 @@ public class SupplyChainCredentialValidatorTest {
// @Test // @Test
public final void testValidateChainFailure() public final void testValidateChainFailure()
throws IOException, URISyntaxException { throws IOException, URISyntaxException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents( // DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithComponents(
SAMPLE_PACCOR_OUTPUT_TXT); // SAMPLE_PACCOR_OUTPUT_TXT);
PlatformCredential base = mock(PlatformCredential.class); // PlatformCredential base = mock(PlatformCredential.class);
PlatformCredential delta1 = mock(PlatformCredential.class); // PlatformCredential delta1 = mock(PlatformCredential.class);
//
// ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00010002"),
// new DERUTF8String("Intel"),
// new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
// new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
// ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00050004"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("Ethernet Connection I217-V-faulty"),
// new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00090002"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("82580 Gigabit Network Connection-faulty"),
// new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// null);
// ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
// new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
// .getResource(JSON_FILE)).toURI()), "0x00050004"),
// new DERUTF8String("Intel Corporation"),
// new DERUTF8String("Ethernet Connection I217-V"),
// new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
// ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
// AttributeStatus.ADDED);
//
// ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
// ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
// ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
// ciV21Faulty.setComponentModel(compId2.getComponentModel());
// ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
// ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
// ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
// ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
// ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
// ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
// ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
// ciV22Faulty.setComponentModel(compId3.getComponentModel());
// ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
// ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
// ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
// ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
// ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
// ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
//
// List<ComponentIdentifier> compList = new ArrayList<>(3);
// compList.add(compId1);
// compList.add(compId2);
// compList.add(compId3);
//
// List<ComponentIdentifier> delta1List = new ArrayList<>(2);
// delta1List.add(ciV21Faulty);
// delta1List.add(deltaCompId2);
//
// when(base.isPlatformBase()).thenReturn(true);
// when(delta1.isPlatformBase()).thenReturn(false);
// when(base.getManufacturer()).thenReturn("innotek GmbH");
// when(base.getModel()).thenReturn("VirtualBox");
// when(base.getVersion()).thenReturn("1.2");
// when(base.getPlatformSerial()).thenReturn("0");
// when(delta1.getPlatformSerial()).thenReturn("0");
// when(base.getPlatformChainType()).thenReturn("base");
// when(delta1.getPlatformChainType()).thenReturn("delta");
// when(base.getSerialNumber()).thenReturn(BigInteger.ZERO);
// when(delta1.getSerialNumber()).thenReturn(BigInteger.ONE);
// when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.ZERO);
// when(base.getComponentIdentifiers()).thenReturn(compList);
// when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
//
// Map<PlatformCredential, SupplyChainValidation> chainCredentials = new HashMap<>(0);
// List<ArchivableEntity> certsUsed = new ArrayList<>();
// certsUsed.add(base);
// chainCredentials.put(base, new SupplyChainValidation(
// SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
// AppraisalStatus.Status.PASS, certsUsed, ""));
// certsUsed.clear();
// certsUsed.add(delta1);
// chainCredentials.put(delta1, new SupplyChainValidation(
// SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
// AppraisalStatus.Status.PASS, certsUsed, ""));
ComponentIdentifierV2 compId1 = new ComponentIdentifierV2( // AppraisalStatus result = CredentialValidator
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass() // .validateDeltaPlatformCredentialAttributes(delta1,
.getResource(JSON_FILE)).toURI()), "0x00010002"), // deviceInfoReport, base, chainCredentials);
new DERUTF8String("Intel"), // assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"), // assertEquals("There are unmatched components:\n"
new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null, // + "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
ASN1Boolean.TRUE, new ArrayList<>(0), null, null, // + "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
null); // result.getMessage());
ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V-faulty"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection-faulty"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(Objects.requireNonNull(this.getClass()
.getResource(JSON_FILE)).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
AttributeStatus.ADDED);
ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
ciV21Faulty.setComponentModel(compId2.getComponentModel());
ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
ciV22Faulty.setComponentModel(compId3.getComponentModel());
ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
List<ComponentIdentifier> compList = new ArrayList<>(3);
compList.add(compId1);
compList.add(compId2);
compList.add(compId3);
List<ComponentIdentifier> delta1List = new ArrayList<>(2);
delta1List.add(ciV21Faulty);
delta1List.add(deltaCompId2);
when(base.isPlatformBase()).thenReturn(true);
when(delta1.isPlatformBase()).thenReturn(false);
when(base.getManufacturer()).thenReturn("innotek GmbH");
when(base.getModel()).thenReturn("VirtualBox");
when(base.getVersion()).thenReturn("1.2");
when(base.getPlatformSerial()).thenReturn("0");
when(delta1.getPlatformSerial()).thenReturn("0");
when(base.getPlatformChainType()).thenReturn("base");
when(delta1.getPlatformChainType()).thenReturn("delta");
when(base.getSerialNumber()).thenReturn(BigInteger.ZERO);
when(delta1.getSerialNumber()).thenReturn(BigInteger.ONE);
when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.ZERO);
when(base.getComponentIdentifiers()).thenReturn(compList);
when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
Map<PlatformCredential, SupplyChainValidation> chainCredentials = new HashMap<>(0);
List<ArchivableEntity> certsUsed = new ArrayList<>();
certsUsed.add(base);
chainCredentials.put(base, new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.PASS, certsUsed, ""));
certsUsed.clear();
certsUsed.add(delta1);
chainCredentials.put(delta1, new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.PASS, certsUsed, ""));
AppraisalStatus result = CertificateAttributeScvValidator
.validateDeltaPlatformCredentialAttributes(delta1,
deviceInfoReport, base, chainCredentials);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("There are unmatched components:\n"
+ "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
+ "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
result.getMessage());
} }
/** /**

5
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PolicyPageModel.java
View File

@ -8,7 +8,7 @@ import lombok.ToString;
/** /**
* PolicyPage model object to demonstrate data exchange between policy.jsp page * PolicyPage model object to demonstrate data exchange between policy.jsp page
* form form and controller. * form and controller.
*/ */
@Setter @Setter
@Getter @Getter
@ -19,6 +19,7 @@ public class PolicyPageModel {
private boolean enableEcValidation; private boolean enableEcValidation;
private boolean enablePcCertificateValidation; private boolean enablePcCertificateValidation;
private boolean enablePcCertificateAttributeValidation; private boolean enablePcCertificateAttributeValidation;
private boolean enableIgnoreRevisionAttribute;
private boolean enableFirmwareValidation; private boolean enableFirmwareValidation;
private boolean issueAttestationCertificate; private boolean issueAttestationCertificate;
private boolean issueDevIdCertificate; private boolean issueDevIdCertificate;
@ -32,6 +33,7 @@ public class PolicyPageModel {
// Variables to get policy settings from page // Variables to get policy settings from page
private String pcValidate; private String pcValidate;
private String pcAttributeValidate; private String pcAttributeValidate;
private String ignoreRevisionAttribute;
private String ecValidate; private String ecValidate;
private String fmValidate; private String fmValidate;
private String attestationCertificateIssued; private String attestationCertificateIssued;
@ -59,6 +61,7 @@ public class PolicyPageModel {
this.enableEcValidation = policy.isEcValidationEnabled(); this.enableEcValidation = policy.isEcValidationEnabled();
this.enablePcCertificateValidation = policy.isPcValidationEnabled(); this.enablePcCertificateValidation = policy.isPcValidationEnabled();
this.enablePcCertificateAttributeValidation = policy.isPcAttributeValidationEnabled(); this.enablePcCertificateAttributeValidation = policy.isPcAttributeValidationEnabled();
this.enableIgnoreRevisionAttribute = policy.isIgnoreRevisionEnabled();
this.enableFirmwareValidation = policy.isFirmwareValidationEnabled(); this.enableFirmwareValidation = policy.isFirmwareValidationEnabled();
this.issueAttestationCertificate = policy.isIssueAttestationCertificate(); this.issueAttestationCertificate = policy.isIssueAttestationCertificate();
this.issueDevIdCertificate = policy.isIssueDevIdCertificate(); this.issueDevIdCertificate = policy.isIssueDevIdCertificate();

37
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
View File

@ -973,24 +973,35 @@ public class CertificatePageController extends PageController<NoPageParams> {
log.error(failMessage); log.error(failMessage);
} }
private int handlePlatformComponents(final Certificate certificate) { private void handlePlatformComponents(final Certificate certificate) {
PlatformCredential platformCredential; PlatformCredential platformCredential;
int componentResults = 0;
if (certificate instanceof PlatformCredential) { if (certificate instanceof PlatformCredential) {
platformCredential = (PlatformCredential) certificate; platformCredential = (PlatformCredential) certificate;
ComponentResult componentResult; List<ComponentResult> componentResults = componentResultRepository
for (ComponentIdentifier componentIdentifier : platformCredential .findByCertificateSerialNumberAndBoardSerialNumber(
.getComponentIdentifiers()) { platformCredential.getSerialNumber().toString(),
platformCredential.getPlatformSerial());
componentResult = new ComponentResult(platformCredential.getPlatformSerial(), if (componentResults.isEmpty()) {
platformCredential.getSerialNumber().toString(), ComponentResult componentResult;
platformCredential.getPlatformChainType(), for (ComponentIdentifier componentIdentifier : platformCredential
componentIdentifier); .getComponentIdentifiers()) {
componentResultRepository.save(componentResult); componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
componentResults++; platformCredential.getSerialNumber().toString(),
platformCredential.getPlatformChainType(),
componentIdentifier);
componentResult.setFailedValidation(false);
componentResult.setDelta(!platformCredential.isPlatformBase());
componentResultRepository.save(componentResult);
}
} else {
for (ComponentResult componentResult : componentResults) {
componentResult.restore();
componentResult.resetCreateTime();
componentResultRepository.save(componentResult);
}
} }
} }
return componentResults;
} }
private void deleteComponentResults(final String platformSerial) { private void deleteComponentResults(final String platformSerial) {

3
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/IndexPageController.java
View File

@ -14,7 +14,8 @@ import org.springframework.web.servlet.ModelAndView;
*/ */
@Controller @Controller
@Log4j2 @Log4j2
@RequestMapping(value={"/", "/HIRS_AttestationCAPortal", "/HIRS_AttestationCAPortal/", "/HIRS_AttestationCAPortal/portal/index"}) @RequestMapping(value = {"/", "/HIRS_AttestationCAPortal",
"/HIRS_AttestationCAPortal/", "/HIRS_AttestationCAPortal/portal/index"})
public class IndexPageController extends PageController<NoPageParams> { public class IndexPageController extends PageController<NoPageParams> {
/** /**

57
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
View File

@ -64,7 +64,8 @@ public class PolicyPageController extends PageController<NoPageParams> {
this.policyRepository = policyRepository; this.policyRepository = policyRepository;
if (this.policyRepository.findByName("Default") == null) { if (this.policyRepository.findByName("Default") == null) {
this.policyRepository.saveAndFlush(new PolicySettings("Default", "Settings are configured for no validation flags set.")); this.policyRepository.saveAndFlush(new PolicySettings("Default",
"Settings are configured for no validation flags set."));
} }
} }
@ -193,6 +194,57 @@ public class PolicyPageController extends PageController<NoPageParams> {
return redirectToSelf(new NoPageParams(), model, attr); return redirectToSelf(new NoPageParams(), model, attr);
} }
/**
* Updates the ignore component revision attribute setting and
* redirects back to the original page.
*
* @param ppModel The data posted by the form mapped into an object.
* @param attr RedirectAttributes used to forward data back to the original
* page.
* @return View containing the url and parameters
* @throws URISyntaxException if malformed URI
*/
@RequestMapping(value = "update-revision-ignore", method = RequestMethod.POST)
public RedirectView updateIgnoreRevisionAttribute(@ModelAttribute final PolicyPageModel ppModel,
final RedirectAttributes attr) throws URISyntaxException {
// set the data received to be populated back into the form
Map<String, Object> model = new HashMap<>();
PageMessages messages = new PageMessages();
String successMessage;
boolean ignoreRevisionAttributeOptionEnabled = ppModel.getIgnoreRevisionAttribute()
.equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
try {
PolicySettings policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If Ignore Revision is enabled without PC Attributes, disallow change
if (ignoreRevisionAttributeOptionEnabled && !policy.isPcAttributeValidationEnabled()) {
handleUserError(model, messages,
"Ignore Component Revision Attribute can not be "
+ "enabled without PC Attribute validation policy enabled.");
return redirectToSelf(new NoPageParams(), model, attr);
}
// set the policy option and create success message
if (ignoreRevisionAttributeOptionEnabled) {
policy.setIgnoreRevisionEnabled(true);
successMessage = "Ignore Component Revision enabled";
} else {
policy.setIgnoreRevisionEnabled(false);
successMessage = "Ignore Component Revision disabled";
}
savePolicyAndApplySuccessMessage(ppModel, model, messages, successMessage, policy);
} catch (PolicyManagerException pmEx) {
handlePolicyManagerUpdateError(model, messages, pmEx,
"Error changing ACA Component Revision Attribute policy",
"Error updating policy. \n" + pmEx.getMessage());
}
// return the redirect
return redirectToSelf(new NoPageParams(), model, attr);
}
/** /**
* Updates the Attestation Certificate generation policy setting and redirects * Updates the Attestation Certificate generation policy setting and redirects
* back to the original page. * back to the original page.
@ -922,7 +974,8 @@ public class PolicyPageController extends PageController<NoPageParams> {
PolicySettings defaultSettings = this.policyRepository.findByName("Default"); PolicySettings defaultSettings = this.policyRepository.findByName("Default");
if (defaultSettings == null) { if (defaultSettings == null) {
defaultSettings = new PolicySettings("Default", "Settings are configured for no validation flags set."); defaultSettings = new PolicySettings("Default",
"Settings are configured for no validation flags set.");
} }
return defaultSettings; return defaultSettings;
} }

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
View File

@ -366,7 +366,9 @@ public final class CertificateStringMapBuilder {
data.put("CPSuri", certificate.getCPSuri()); data.put("CPSuri", certificate.getCPSuri());
//Component Identifier - attempt to translate hardware IDs //Component Identifier - attempt to translate hardware IDs
List<ComponentResult> compResults = componentResultRepository List<ComponentResult> compResults = componentResultRepository
.findByBoardSerialNumber(certificate.getPlatformSerial()); .findByCertificateSerialNumberAndBoardSerialNumber(
certificate.getSerialNumber().toString(),
certificate.getPlatformSerial());
if (PciIds.DB.isReady()) { if (PciIds.DB.isReady()) {
compResults = PciIds.translateResults(compResults); compResults = PciIds.translateResults(compResults);
} }

12
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
View File

@ -653,12 +653,12 @@
<span class="fieldValue">${address.getAddressValueString()}</span><br/> <span class="fieldValue">${address.getAddressValueString()}</span><br/>
</c:forEach> </c:forEach>
<c:choose> <c:choose>
<c:when test="${component.isFieldReplaceable()=='TRUE'}"> <c:when test="${component.isFieldReplaceable()=='TRUE'}">
<span class="label label-success">Replaceable</span><br/> <span class="label label-success">Replaceable</span><br/>
</c:when> </c:when>
<c:otherwise> <c:otherwise>
<span class="label label-danger">Irreplaceable</span><br/> <span class="label label-danger">Irreplaceable</span><br/>
</c:otherwise> </c:otherwise>
</c:choose> </c:choose>
<c:if test="${component.isVersion2()}"> <c:if test="${component.isVersion2()}">
<c:if test="${not empty component.getIssuerDN()}"> <c:if test="${not empty component.getIssuerDN()}">

16
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp
View File

@ -58,8 +58,22 @@
</div> </div>
</my:editor> </my:editor>
</li> </li>
</ul>
</form:form> </form:form>
<form:form method="POST" modelAttribute="initialData" action="policy/update-revision-ignore">
<ul>
<li>Ignore Component Revision Attribute: ${initialData.enableIgnoreRevisionAttribute ? 'Enabled' : 'Disabled'}
<my:editor id="ignoreRevisionPolicyEditor" label="Edit Settings">
<div class="radio">
<label><input id="revisionTop" type="radio" name="ignoreRevisionAttribute" ${initialData.enableIgnoreRevisionAttribute ? 'checked' : ''} value="checked"/> Ignore Component Revision Attribute enabled</label>
</div>
<div class="radio">
<label><input id="revisionBot" type="radio" name="ignoreRevisionAttribute" ${initialData.enableIgnoreRevisionAttribute ? '' : 'checked'} value="unchecked"/> Ignore Component Revision Attribute disabled</label>
</div>
</my:editor>
</li>
</ul>
</form:form>
</ul>
</div> </div>
<%-- Firmware validation --%> <%-- Firmware validation --%>