Updated and fixed the difference in the code from the master branch merge

2024-12-20 21:43:18 +00:00 · 2020-09-30 11:33:28 -04:00 · 2020-09-30 11:33:28 -04:00 · 35dcc226a6
commit 35dcc226a6
parent 89dd2084c2
3 changed files with 14 additions and 5 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -302,7 +302,6 @@ public abstract class AbstractAttestationCertificateAuthority
        // update the validation result in the device
        device.setSupplyChainStatus(summary.getOverallValidationResult());
        deviceManager.updateDevice(device);
-        LOG.error("This is the device id? {} ", device.getId());
        // check if supply chain validation succeeded.
        // If it did not, do not provide the IdentityResponseEnvelope
        if (summary.getOverallValidationResult() == AppraisalStatus.Status.PASS) {
@ -590,7 +589,9 @@ public abstract class AbstractAttestationCertificateAuthority
                LOG.error("Supply chain validation did not succeed. "
                        + "Firmware Quote Validation failed. Result is: "
                        + validationResult);
-                return new byte[]{};
+                ProvisionerTpm2.CertificateResponse response = ProvisionerTpm2.CertificateResponse
+                        .newBuilder().setCertificate(ByteString.EMPTY).build();
+                return response.toByteArray();
            }
        } else {
            LOG.error("Could not process credential request. Invalid nonce provided: "
@ -723,7 +724,7 @@ public abstract class AbstractAttestationCertificateAuthority
        }

        // Get TPM info, currently unimplemented
-        TPMInfo tpm = new TPMInfo();
+        TPMInfo tpm;
        try {
            tpm = new TPMInfo(DeviceInfoReport.NOT_SPECIFIED,
                    (short) 0,
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
@ -429,7 +429,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                                        + "No associated RIM file could be found for %s",
                                manufacturer));
            } else {
-                List<SwidResource> swids = rim.parseResource();
+                BaseReferenceManifest bRim = (BaseReferenceManifest) rim;
+                List<SwidResource> swids = bRim.parseResource();
                for (SwidResource swid : swids) {
                    baseline = swid.getPcrValues()
                            .toArray(new String[swid.getPcrValues().size()]);
@ -448,7 +449,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                    fwStatus.setMessage("Firmware validation of TPM Quote successful.");

                } else {
-                    fwStatus.setMessage("Firmware validation of TPM Quote failed.");
+                    fwStatus.setMessage("Firmware validation of TPM Quote failed." +
+                            "\nPCR hash and Quote hash do not match.");
                }
            }

--- a/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/PCRPolicy.java
@ -120,6 +120,12 @@ public final class PCRPolicy extends Policy {
                tpmQuote, pcrComposite);

        try {
+            /**
+             * The calculated string is being used in the contains method
+             * because the TPM Quote's hash isn't just for PCR values,
+             * it contains the calculated digest of the PCRs, along with
+             * other information.
+             */
            String calculatedString = Hex.encodeHexString(
                    pcrInfoShort.getCalculatedDigest());
            validated = quoteString.contains(calculatedString);