I removed the tpm2provisionerstate without recognizing it wasn't

directly linked to the DeviceState object class structure.
2025-03-10 14:34:27 +00:00 · 2022-05-11 14:28:18 -04:00 · 2022-05-11 14:28:18 -04:00 · 364347b7bb
commit 364347b7bb
parent 116ed5b4aa
5 changed files with 227 additions and 2 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -34,6 +34,7 @@ import hirs.persist.DeviceManager;
 import hirs.persist.ReferenceDigestManager;
 import hirs.persist.ReferenceEventManager;
 import hirs.persist.ReferenceManifestManager;
+import hirs.persist.TPM2ProvisionerState;
 import hirs.structs.converters.SimpleStructBuilder;
 import hirs.structs.converters.StructConverter;
 import hirs.structs.elements.aca.IdentityRequestEnvelope;
--- a/HIRS_Utils/src/main/java/hirs/persist/CrudManager.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/CrudManager.java
@ -10,7 +10,7 @@ import java.util.List;
 * Interface defining database CRUD operations (Create, Read, Update, Delete).
 * @param <T> the object type, T.
 */
-public interface CrudManager<T> extends OrderedListQuerier<AbstractEntity> {
+public interface CrudManager<T> extends OrderedListQuerier<T> {

    /**
     * Deletes all instances of the associated class.
@ -79,7 +79,7 @@ public interface CrudManager<T> extends OrderedListQuerier<AbstractEntity> {
     * @throws DBManagerException if unable to search the database or recreate
     * the <code>Object</code>
     */
-    AbstractEntity get(Serializable id) throws DBManagerException;
+    T get(Serializable id) throws DBManagerException;

 //    /**
 //     * Retrieves the <code>Object</code> from the database. This searches the
--- a/HIRS_Utils/src/main/java/hirs/persist/TPM2ProvisionerState.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/TPM2ProvisionerState.java
@ -0,0 +1,117 @@
+package hirs.persist;
+
+
+import hirs.data.persist.ArchivableEntity;
+import org.bouncycastle.util.Arrays;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Lob;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.util.Date;
+
+/**
+ * This class is for saving the Identity Claim and the Nonce between the two passes of the
+ * TPM 2.0 Provisioner.
+ */
+@Entity
+public class TPM2ProvisionerState extends ArchivableEntity {
+    private static final int MAX_BLOB_SIZE = 65535;
+
+    @Id
+    private Long firstPartOfNonce;
+
+    @Column(nullable = false)
+    private byte[] nonce;
+
+    @Lob
+    @Column(nullable = false, length = MAX_BLOB_SIZE)
+    private byte[] identityClaim;
+
+    @Column(nullable = false)
+    private Date timestamp = new Date();
+
+    /**
+     * 0-argument constructor for Hibernate use.
+     */
+    protected TPM2ProvisionerState() {
+    }
+
+    /**
+     * Constructor.
+     *
+     * @param nonce the nonce
+     * @param identityClaim the identity claim
+     */
+    public TPM2ProvisionerState(final byte[] nonce, final byte[] identityClaim) {
+        if (nonce == null) {
+            throw new IllegalArgumentException("Nonce should not be null");
+        }
+
+        if (identityClaim == null) {
+            throw new IllegalArgumentException("Identity Claim should not be null");
+        }
+
+        if (nonce.length < Long.BYTES) {
+            throw new IllegalArgumentException(
+                    String.format("Nonce must be larger than 8 bytes. (Received %d.)",
+                            nonce.length));
+        }
+
+        this.nonce = Arrays.clone(nonce);
+        this.identityClaim = Arrays.clone(identityClaim);
+
+        try (DataInputStream dis = new DataInputStream(new ByteArrayInputStream(nonce))) {
+            firstPartOfNonce = dis.readLong();
+        } catch (IOException e) {
+            // This would only happen if there were not enough bytes; that is handled above.
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * Get the nonce.
+     *
+     * @return the nonce
+     */
+    public byte[] getNonce() {
+        return Arrays.clone(nonce);
+    }
+
+    /**
+     * Get the identity claim.
+     *
+     * @return the identity claim
+     */
+    public byte[] getIdentityClaim() {
+        return Arrays.clone(identityClaim);
+    }
+
+    /**
+     * Convenience method for finding the {@link TPM2ProvisionerState} associated with the nonce.
+     *
+     * @param crudManager the {@link CrudManager} to use when looking for the
+     * {@link TPM2ProvisionerState}
+     * @param nonce the nonce to use as the key for the {@link TPM2ProvisionerState}
+     * @return the {@link TPM2ProvisionerState} associated with the nonce;
+     *         null if a match is not found
+     */
+    public static TPM2ProvisionerState getTPM2ProvisionerState(
+            final CrudManager<TPM2ProvisionerState> crudManager,
+            final byte[] nonce) {
+        try (DataInputStream dis
+                     = new DataInputStream(new ByteArrayInputStream(nonce))) {
+            long firstPartOfNonce = dis.readLong();
+            TPM2ProvisionerState stateFound = crudManager.get(firstPartOfNonce);
+            if (Arrays.areEqual(stateFound.getNonce(), nonce)) {
+                return stateFound;
+            }
+        } catch (IOException | NullPointerException e) {
+            return null;
+        }
+        return null;
+    }
+}
--- a/HIRS_Utils/src/main/java/hirs/persist/TPMDeviceStateManager.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/TPMDeviceStateManager.java
@ -0,0 +1,61 @@
+package hirs.persist;
+
+import hirs.data.persist.Device;
+import hirs.data.persist.TPMDeviceState;
+
+/**
+ * Manages the device state for an TPM appraisal. See {@link TPMDeviceState} for more details.
+ *
+ * @see TPMDeviceState
+ */
+public interface TPMDeviceStateManager {
+
+    /**
+     * Stores a new <code>TPMDeviceState</code>. This stores a new <code>TPMDeviceState</code> to be
+     * managed by the <code>TPMDeviceStateManager</code>. If the <code>TPMDeviceState</code> is
+     * successfully saved then a reference to it is returned.
+     *
+     * @param state
+     *            state to save
+     * @return reference to saved <code>TPMDeviceState</code>
+     * @throws TPMDeviceStateManagerException
+     *             if the Policy has previously been saved or unexpected error occurs
+     */
+    TPMDeviceState saveState(TPMDeviceState state) throws TPMDeviceStateManagerException;
+
+    /**
+     * Returns the state associated with the <code>Device</code> or null if not found.
+     *
+     * @param device
+     *            device
+     * @return device state for <code>Device</code>
+     * @throws TPMDeviceStateManagerException
+     *             if any unexpected errors occur while trying to retrieve the state
+     */
+    TPMDeviceState getState(Device device) throws TPMDeviceStateManagerException;
+
+    /**
+     * Updates the state for the <code>Device</code>.
+     *
+     * @param state
+     *            new state for the <code>Device</code>
+     * @throws TPMDeviceStateManagerException
+     *             if any unexpected errors occur while trying to retrieve the state
+     */
+    void updateState(TPMDeviceState state) throws TPMDeviceStateManagerException;
+
+    /**
+     * Removes the saved state for the <code>Device</code>. If the device state was successfully
+     * found and removed then true is returned. If there was no device state currently being managed
+     * by this manager then false is returned. If device state is found but unable to be deleted
+     * because of unexpected errors then an <code>TPMDeviceStateManagerException</code> is thrown
+     *
+     * @param device
+     *            device whose state is to be removed
+     * @return true if successfully found state for device and deleted it, otherwise false
+     * @throws TPMDeviceStateManagerException
+     *             if any unexpected errors occur while trying to retrieve the state
+     */
+    boolean deleteState(Device device) throws TPMDeviceStateManagerException;
+
+}
--- a/HIRS_Utils/src/main/java/hirs/persist/TPMDeviceStateManagerException.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/TPMDeviceStateManagerException.java
@ -0,0 +1,46 @@
+package hirs.persist;
+
+/**
+ * This class represents an <code>Exception</code> generated by a
+ * <code>TPMDeviceStateManageer</code>.
+ */
+public class TPMDeviceStateManagerException extends RuntimeException {
+
+    private static final long serialVersionUID = 1266522688839309858L;
+
+    /**
+     * Creates a new <code>TPMDeviceStateManagerException</code> that has the
+     * message <code>msg</code>.
+     *
+     * @param msg
+     *            exception message
+     */
+    TPMDeviceStateManagerException(final String msg) {
+        super(msg);
+    }
+
+    /**
+     * Creates a new <code>TPMDeviceStateManagerException</code> that wraps the
+     * given <code>Throwable</code>.
+     *
+     * @param t
+     *            root cause
+     */
+    TPMDeviceStateManagerException(final Throwable t) {
+        super(t);
+    }
+
+    /**
+     * Creates a new <code>TPMDeviceStateManagerException</code> that has the
+     * message <code>msg</code> and wraps the root cause.
+     *
+     * @param msg
+     *            exception message
+     * @param t
+     *            root cause
+     */
+    TPMDeviceStateManagerException(final String msg, final Throwable t) {
+        super(msg, t);
+    }
+
+}