ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

WIP: migrate RIM classes from ACA to rimtool

Browse Source
This commit is contained in:
chubtub 2023-09-12 11:30:05 -04:00
parent afee8019af
commit 38894e7ce5
8 changed files with 909 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/tcg_rim_tool/build.gradle
View File

@ -25,10 +25,21 @@ dependencies {
implementation libs.glassfish.json
implementation libs.glassfish.jaxb.runtime
implementation libs.jcommander
implementation libs.jakarta.api
implementation libs.jakarta.xml
implementation libs.commons.codec
implementation libs.hibernate.core
implementation libs.jackson.databind
implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
implementation libs.guava
// implementation libs.javax.json
// implementation libs.javax.jaxb
// implementation libs.javax.annotation
compileOnly libs.lombok
implementation libs.lombok
annotationProcessor libs.lombok
testImplementation libs.testng
}

2
tools/tcg_rim_tool/gradle/wrapper/gradle-wrapper.properties vendored
View File

@ -3,4 +3,4 @@ distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=gradle-4.5.1-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip

360
tools/tcg_rim_tool/src/main/java/hirs/swid/BaseReferenceManifest.java Normal file
View File

@ -0,0 +1,360 @@
package hirs.swid;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.swid.ReferenceManifest;
import hirs.swid.SwidResource;
import hirs.swid.SwidTagConstants;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.UnmarshalException;
import jakarta.xml.bind.Unmarshaller;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.extern.log4j.Log4j2;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
/**
*
*/
@Log4j2
@Getter
@Setter
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Entity
public class BaseReferenceManifest extends ReferenceManifest {
/**
* Holds the name of the 'base64Hash' field.
*/
public static final String BASE_64_HASH_FIELD = "base64Hash";
private static JAXBContext jaxbContext;
@Column
@JsonIgnore
private String base64Hash = "";
@Column
private String swidName = null;
@Column
private int swidCorpus = 0;
@Column
private String colloquialVersion = null;
@Column
private String product = null;
@Column
private String revision = null;
@Column
private String edition = null;
@Column
private String rimLinkHash = null;
@Column
private String bindingSpec = null;
@Column
private String bindingSpecVersion = null;
@Column
private String platformVersion = null;
@Column
private String payloadType = null;
@Column
private String pcURIGlobal = null;
@Column
private String pcURILocal = null;
private String entityName = null;
private String entityRegId = null;
private String entityRole = null;
private String entityThumbprint = null;
private String linkHref = null;
private String linkRel = null;
/**
* Support constructor for the RIM object.
*
* @param rimBytes - the file content of the uploaded file.
* @throws IOException - thrown if the file is invalid.
*/
public BaseReferenceManifest(final byte[] rimBytes) throws IOException {
this("", rimBytes);
}
/**
* Main constructor for the RIM object. This takes in a byte array of a
* valid swidtag file and parses the information.
*
* @param fileName - string representation of the uploaded file.
* @param rimBytes byte array representation of the RIM
* @throws IOException if unable to unmarshal the string
*/
@SuppressWarnings("checkstyle:AvoidInlineConditionals")
public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException {
super(rimBytes);
this.setRimType(BASE_RIM);
this.setFileName(fileName);
Document document = unmarshallSwidTag(new ByteArrayInputStream(rimBytes));
Element softwareIdentity;
Element meta;
Element entity;
Element link;
MessageDigest digest = null;
this.base64Hash = "";
try {
digest = MessageDigest.getInstance("SHA-256");
this.base64Hash = Base64.getEncoder().encodeToString(
digest.digest(rimBytes));
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
}
// begin parsing valid swid tag
if (document != null) {
softwareIdentity = (Element) document.getElementsByTagName(SwidTagConstants.SOFTWARE_IDENTITY).item(0);
entity = (Element) document.getElementsByTagName(SwidTagConstants.ENTITY).item(0);
link = (Element) document.getElementsByTagName(SwidTagConstants.LINK).item(0);
meta = (Element) document.getElementsByTagName(SwidTagConstants.META).item(0);
setTagId(softwareIdentity.getAttribute(SwidTagConstants.TAGID));
this.swidName = softwareIdentity.getAttribute(SwidTagConstants.NAME);
this.swidCorpus = Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.CORPUS)) ? 1 : 0;
this.setSwidPatch(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.PATCH)));
this.setSwidSupplemental(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.SUPPLEMENTAL)));
this.setSwidVersion(softwareIdentity.getAttribute(SwidTagConstants.VERSION));
this.setSwidTagVersion(softwareIdentity.getAttribute(SwidTagConstants.TAGVERSION));
parseSoftwareMeta(meta);
parseEntity(entity);
parseLink(link);
}
}
/**
* This is a helper method that parses the SoftwareMeta tag and stores the
* information in the class fields.
*
* @param softwareMeta The object to parse.
*/
private void parseSoftwareMeta(final Element softwareMeta) {
if (softwareMeta != null) {
this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants.COLLOQUIAL_VERSION);
this.product = softwareMeta.getAttribute(SwidTagConstants.PRODUCT);
this.revision = softwareMeta.getAttribute(SwidTagConstants.REVISION);
this.edition = softwareMeta.getAttribute(SwidTagConstants.EDITION);
this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants.RIM_LINK_HASH);
this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC);
this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants.BINDING_SPEC_VERSION);
this.setPlatformManufacturerId(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_ID));
this.setPlatformManufacturer(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MANUFACTURER_STR));
this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants.PLATFORM_MODEL));
this.platformVersion = softwareMeta.getAttribute(SwidTagConstants.PLATFORM_VERSION);
this.payloadType = softwareMeta.getAttribute(SwidTagConstants.PAYLOAD_TYPE);
this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_GLOBAL);
this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants.PC_URI_LOCAL);
} else {
log.warn("SoftwareMeta Tag not found.");
}
}
/**
* This is a helper method that parses the Entity tag and stores the
* information in the class fields.
*
* @param entity The object to parse.
*/
private void parseEntity(final Element entity) {
if (entity != null) {
this.entityName = entity.getAttribute(SwidTagConstants.NAME);
this.entityRegId = entity.getAttribute(SwidTagConstants.REGID);
this.entityRole = entity.getAttribute(SwidTagConstants.ROLE);
this.entityThumbprint = entity.getAttribute(SwidTagConstants.THUMBPRINT);
} else {
log.warn("Entity Tag not found.");
}
}
/**
* This is a helper method that parses the Link tag and stores the
* information in the class fields.
*
* @param link The object to parse.
*/
private void parseLink(final Element link) {
if (link != null) {
this.linkHref = link.getAttribute(SwidTagConstants.HREF);
this.linkRel = link.getAttribute(SwidTagConstants.REL);
} else {
log.warn("Link Tag not found.");
}
}
/**
* This method validates the .swidtag file at the given filepath against the
* schema. A successful validation results in the output of the tag's name
* and tagId attributes, otherwise a generic error message is printed.
*
*/
private Element getDirectoryTag() {
return getDirectoryTag(new ByteArrayInputStream(getRimBytes()));
}
/**
* This method validates the .swidtag file at the given filepath against the
* schema. A successful validation results in the output of the tag's name
* and tagId attributes, otherwise a generic error message is printed.
*
* @param byteArrayInputStream the location of the file to be validated
*/
private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) {
Document document = unmarshallSwidTag(byteArrayInputStream);
Element softwareIdentity =
(Element) document.getElementsByTagName("SoftwareIdentity").item(0);
if (softwareIdentity != null) {
Element directory = (Element) document.getElementsByTagName("Directory").item(0);
return directory;
} else {
log.error("Invalid xml for validation, please verify ");
}
return null;
}
/**
* This method iterates over the list of File elements under the directory. *
*/
public List<SwidResource> getFileResources() {
return getFileResources(getRimBytes());
}
/**
* This method iterates over the list of File elements under the directory.
*
* @param rimBytes the bytes to find the files
*
*/
public List<SwidResource> getFileResources(final byte[] rimBytes) {
Element directoryTag = getDirectoryTag(new ByteArrayInputStream(rimBytes));
List<SwidResource> validHashes = new ArrayList<>();
NodeList fileNodeList = directoryTag.getChildNodes();
Element file = null;
SwidResource swidResource = null;
for (int i = 0; i < fileNodeList.getLength(); i++) {
file = (Element) fileNodeList.item(i);
swidResource = new SwidResource();
swidResource.setName(file.getAttribute(SwidTagConstants.NAME));
swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE));
swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":"
+ SwidTagConstants._SHA256_HASH.getLocalPart()));
validHashes.add(swidResource);
}
return validHashes;
}
/**
* This method unmarshalls the swidtag found at [path] into a Document object
* and validates it according to the schema.
*
* @param byteArrayInputStream to the input swidtag
* @return the Document element at the root of the swidtag
*/
private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) {
InputStream is = null;
Document document = null;
Unmarshaller unmarshaller = null;
try {
document = removeXMLWhitespace(byteArrayInputStream);
SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE);
is = getClass().getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL);
Schema schema = schemaFactory.newSchema(new StreamSource(is));
if (jaxbContext == null) {
jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE);
}
unmarshaller = jaxbContext.createUnmarshaller();
unmarshaller.setSchema(schema);
unmarshaller.unmarshal(document);
} catch (IOException e) {
log.error(e.getMessage());
} catch (SAXException e) {
log.error("Error setting schema for validation!");
} catch (UnmarshalException e) {
log.error("Error validating swidtag file!");
} catch (IllegalArgumentException e) {
log.error("Input file empty.");
} catch (JAXBException e) {
e.printStackTrace();
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
System.out.println("Error closing input stream");
}
}
}
return document;
}
/**
* This method strips all whitespace from an xml file, including indents and spaces
* added for human-readability.
*
* @param byteArrayInputStream to the xml file
* @return Document object without whitespace
*/
private Document removeXMLWhitespace(final ByteArrayInputStream byteArrayInputStream) throws IOException {
TransformerFactory tf = TransformerFactory.newInstance();
Source source = new StreamSource(
getClass().getClassLoader().getResourceAsStream("identity_transform.xslt"));
Document document = null;
if (byteArrayInputStream.available() > 0) {
try {
Transformer transformer = tf.newTransformer(source);
DOMResult result = new DOMResult();
transformer.transform(new StreamSource(byteArrayInputStream), result);
document = (Document) result.getNode();
} catch (TransformerConfigurationException tcEx) {
log.error("Error configuring transformer!");
} catch (TransformerException tEx) {
log.error("Error transforming input!");
}
} else {
throw new IOException("Input file is empty!");
}
return document;
}
@Override
public String toString() {
return String.format("ReferenceManifest{swidName=%s,"
+ "platformManufacturer=%s,"
+ " platformModel=%s,"
+ "tagId=%s, base64Hash=%s}",
swidName, this.getPlatformManufacturer(),
this.getPlatformModel(), getTagId(), this.getBase64Hash());
}
}

66
tools/tcg_rim_tool/src/main/java/hirs/swid/DigestAlgorithm.java Normal file
View File

@ -0,0 +1,66 @@
package hirs.swid;
import lombok.AllArgsConstructor;
import lombok.Getter;
/**
* Enum of digest algorithms. The enum values also provide a standardized
* algorithm name. The standardized algorithm name is a String of the algorithm
* name as defined by Java.
*/
@Getter
@AllArgsConstructor
public enum DigestAlgorithm {
/**
* MD2 digest algorithm.
*/
MD2("MD2", 16),
/**
* MD5 digest algorithm.
*/
MD5("MD5", 16),
/**
* SHA-1 digest algorithm.
*/
SHA1("SHA-1", 20),
/**
* SHA-256 digest algorithm.
*/
SHA256("SHA-256", 32),
/**
* SHA-384 digest algorithm.
*/
SHA384("SHA-384", 48),
/**
* SHA-512 digest algorithm.
*/
SHA512("SHA-512", 64),
/**
* Condition used when an algorithm is not specified and
* the size doesn't match known digests.
*/
UNSPECIFIED("NOT SPECIFIED", Integer.BYTES);
private final String standardAlgorithmName;
private final int lengthInBytes;
/**
* Returns a DigestAlgorithm object given a String. The String is expected to be one of the
* options for standardAlgorithmName. Throws an IllegalArgumentException if no Enum exists with
* that value.
*
* @param standardAlgorithmName
* String value of the Enum
* @return DigestAlgorithm object
*/
public static DigestAlgorithm findByString(final String standardAlgorithmName) {
for (DigestAlgorithm algorithm: DigestAlgorithm.values()) {
if (algorithm.getStandardAlgorithmName().equals(standardAlgorithmName)) {
return algorithm;
}
}
throw new IllegalArgumentException(String.format("No constant with text \"%s\" found",
standardAlgorithmName));
}
}

165
tools/tcg_rim_tool/src/main/java/hirs/swid/ReferenceManifest.java Normal file
View File

@ -0,0 +1,165 @@
package hirs.swid;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions;
import jakarta.persistence.Access;
import jakarta.persistence.AccessType;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.Inheritance;
import jakarta.persistence.InheritanceType;
import jakarta.persistence.Table;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.codec.binary.Hex;
import org.hibernate.annotations.JdbcTypeCode;
import javax.xml.XMLConstants;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
/**
* This class represents the Reference Integrity Manifest object that will be
* loaded into the DB and displayed in the ACA.
*/
@Getter @Setter @ToString
@EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false)
@Log4j2
@Entity
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
@Table(name = "ReferenceManifest")
@Access(AccessType.FIELD)
public class ReferenceManifest {
/**
* Holds the name of the 'hexDecHash' field.
*/
public static final String HEX_DEC_HASH_FIELD = "hexDecHash";
/**
* String for display of a Base RIM.
*/
public static final String BASE_RIM = "Base";
/**
* String for display of a Support RIM.
*/
public static final String SUPPORT_RIM = "Support";
/**
* String for display of a Support RIM.
*/
public static final String MEASUREMENT_RIM = "Measurement";
/**
* String for the xml schema ios standard.
*/
public static final String SCHEMA_STATEMENT = "ISO/IEC 19770-2:2015 Schema (XSD 1.0) "
+ "- September 2015, see http://standards.iso.org/iso/19770/-2/2015/schema.xsd";
/**
* String for the xml schema URL file name.
*/
public static final String SCHEMA_URL = "swid_schema.xsd";
/**
* String for the language type for the xml schema.
*/
public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI;
/**
* String for the package location of the xml generated java files.
*/
public static final String SCHEMA_PACKAGE = "hirs.utils.xjc";
@EqualsAndHashCode.Include
@Column(columnDefinition = "mediumblob", nullable = false)
private byte[] rimBytes;
@EqualsAndHashCode.Include
@Column(nullable = false)
private String rimType = "Base";
@Column
private String tagId = null;
@Column
private boolean swidPatch = false;
@Column
private boolean swidSupplemental = false;
@Column
private String platformManufacturer = null;
@Column
private String platformManufacturerId = null;
@Column
private String swidTagVersion = null;
@Column
private String swidVersion = null;
@Column
private String platformModel = null;
@Column(nullable = false)
private String fileName = null;
@JdbcTypeCode(java.sql.Types.VARCHAR)
@Column
private UUID associatedRim;
@Column
private String deviceName;
@Column
private String hexDecHash = "";
@Column
private String eventLogHash = "";
/**
* Default constructor necessary for Hibernate.
*/
protected ReferenceManifest() {
super();
this.rimBytes = null;
this.rimType = null;
this.platformManufacturer = null;
this.platformManufacturerId = null;
this.platformModel = null;
this.fileName = BASE_RIM;
this.tagId = null;
this.associatedRim = null;
}
/**
* Default constructor for ingesting the bytes of the file content.
* @param rimBytes - file contents.
*/
public ReferenceManifest(final byte[] rimBytes) {
Preconditions.checkArgument(rimBytes != null,
"Cannot construct a RIM from a null byte array");
Preconditions.checkArgument(rimBytes.length > 0,
"Cannot construct a RIM from an empty byte array");
this.rimBytes = rimBytes.clone();
MessageDigest digest = null;
this.hexDecHash = "";
try {
digest = MessageDigest.getInstance("SHA-256");
this.hexDecHash = Hex.encodeHexString(
digest.digest(rimBytes));
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
}
}
/**
* Getter for the Reference Integrity Manifest as a byte array.
*
* @return array of bytes
*/
@JsonIgnore
public byte[] getRimBytes() {
if (this.rimBytes != null) {
return this.rimBytes.clone();
}
return null;
}
public boolean isBase() {
return rimType.equals(BASE_RIM);
}
public boolean isSupport() {
return rimType.equals(SUPPORT_RIM);
}
}

207
tools/tcg_rim_tool/src/main/java/hirs/swid/SupportReferenceManifest.java Normal file
View File

@ -0,0 +1,207 @@
package hirs.swid;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.swid.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.log4j.Log4j2;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
/**
* Sub class that will just focus on PCR Values and Events.
*/
@Log4j2
@Getter
@Setter
@Entity
public class SupportReferenceManifest extends ReferenceManifest {
@Column
@JsonIgnore
private int pcrHash = 0;
@Column
private boolean updated = false;
@Column
private boolean processed = false;
/**
* This class enables the retrieval of SupportReferenceManifest by their attributes.
*/
public static class Selector extends ReferenceManifestSelector<SupportReferenceManifest> {
/**
* Construct a new ReferenceManifestSelector that will
* use the given (@link ReferenceManifestService}
* to retrieve one or may SupportReferenceManifest.
*
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, SupportReferenceManifest.class);
}
/**
* Specify the platform manufacturer that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @return this instance
*/
public Selector byManufacturer(final String manufacturer) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
return this;
}
/**
* Specify the platform model that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @param model string for the model
* @return this instance
*/
public Selector byManufacturerModel(final String manufacturer, final String model) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
setFieldValue(PLATFORM_MODEL, model);
return this;
}
/**
* Specify the device name that rims must have to be considered
* as matching.
* @param deviceName string for the deviceName
* @return this instance
*/
public Selector byDeviceName(final String deviceName) {
setFieldValue("deviceName", deviceName);
return this;
}
/**
* Specify the file name that rims should have.
* @param fileName the name of the file associated with the rim
* @return this instance
*/
public Selector byFileName(final String fileName) {
setFieldValue(RIM_FILENAME_FIELD, fileName);
return this;
}
/**
* Specify the RIM hash associated with the support RIM.
* @param hexDecHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byHexDecHash(final String hexDecHash) {
setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
return this;
}
}
/**
* Main constructor for the RIM object. This takes in a byte array of a
* valid swidtag file and parses the information.
*
* @param fileName - string representation of the uploaded file.
* @param rimBytes byte array representation of the RIM
* @throws IOException if unable to unmarshal the string
*/
public SupportReferenceManifest(final String fileName,
final byte[] rimBytes) throws IOException {
super(rimBytes);
this.setFileName(fileName);
this.setRimType(SUPPORT_RIM);
this.pcrHash = 0;
}
/**
* Main constructor for the RIM object. This takes in a byte array of a
* valid swidtag file and parses the information.
*
* @param rimBytes byte array representation of the RIM
* @throws IOException if unable to unmarshal the string
*/
public SupportReferenceManifest(final byte[] rimBytes) throws IOException {
this("blank.rimel", rimBytes);
}
/**
* Default constructor necessary for Hibernate.
*/
protected SupportReferenceManifest() {
super();
this.pcrHash = 0;
}
/**
* Get a Selector for use in retrieving ReferenceManifest.
*
* @param rimMan the ReferenceManifestService to be used to retrieve
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/
public static Selector select(final ReferenceManifestServiceImpl rimMan) {
return new Selector(rimMan);
}
/**
* Getter method for the expected PCR values contained within the support
* RIM.
* @return a string array of the pcr values.
*/
public String[] getExpectedPCRList() {
try {
TCGEventLog logProcessor = new TCGEventLog(this.getRimBytes());
this.pcrHash = Arrays.hashCode(logProcessor.getExpectedPCRValues());
return logProcessor.getExpectedPCRValues();
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
} catch (IOException ioEx) {
log.error(ioEx);
}
return new String[0];
}
/**
* Getter method for the event log that should be present in the support RIM.
*
* @return list of TPM PCR Events for display
*/
public Collection<TpmPcrEvent> getEventLog() {
TCGEventLog logProcessor = null;
try {
logProcessor = new TCGEventLog(this.getRimBytes());
return logProcessor.getEventList();
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
log.error(noSaEx);
} catch (IOException ioEx) {
log.error(ioEx);
}
return new ArrayList<>();
}
/**
* This is a method to indicate whether or not this support
* rim is a base log file.
* @return flag for base.
*/
public boolean isBaseSupport() {
return !this.isSwidSupplemental() && !this.isSwidPatch();
}
}

83
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidResource.java Normal file
View File

@ -0,0 +1,83 @@
package hirs.swid;
import com.google.common.base.Preconditions;
import hirs.swid.DigestAlgorithm;
import hirs.swid.xjc.File;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import javax.xml.namespace.QName;
import java.math.BigInteger;
import java.util.Map;
/**
* This object is used to represent the content of a Swid Tags Directory
* section.
*/
@ToString
public class SwidResource {
@Getter
@Setter
private String name, size, hashValue;
@Getter
private String rimFormat, rimType, rimUriGlobal;
private DigestAlgorithm digest = DigestAlgorithm.SHA1;
@Getter
private boolean validFileSize = false;
/**
* Default constructor.
*/
public SwidResource() {
name = null;
size = null;
rimFormat = null;
rimType = null;
rimUriGlobal = null;
hashValue = null;
}
/**
* The main constructor that processes a {@code hirs.utils.xjc.File}.
*
* @param file {@link File}
* @param digest algorithm associated with pcr values
*/
public SwidResource(final File file, final DigestAlgorithm digest) {
Preconditions.checkArgument(file != null,
"Cannot construct a RIM Resource from a null File object");
this.name = file.getName();
// at this time, there is a possibility to get an object with
// no size even though it is required.
if (file.getSize() != null) {
this.size = file.getSize().toString();
} else {
this.size = BigInteger.ZERO.toString();
}
for (Map.Entry<QName, String> entry
: file.getOtherAttributes().entrySet()) {
switch (entry.getKey().getLocalPart()) {
case "supportRIMFormat":
this.rimFormat = entry.getValue();
break;
case "supportRIMType":
this.rimType = entry.getValue();
break;
case "supportRIMURIGlobal":
this.rimUriGlobal = entry.getValue();
break;
case "hash":
this.hashValue = entry.getValue();
break;
default:
}
}
this.digest = digest;
// tpmWhiteList = new TpmWhiteListBaseline(this.name);
}
}

16
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
View File

@ -88,6 +88,22 @@ public class SwidTagValidator {
this.trustStoreFile = trustStoreFile;
}
/**
* Setter for the RIM to be validated. The ReferenceManifest object is converted into a
* Document for processing.
*
* @param rim ReferenceManifest object
*/
public void setRim(final ReferenceManifest rim) {
try {
Document doc = validateSwidtagSchema(removeXMLWhitespace(new StreamSource(
new ByteArrayInputStream(rim.getRimBytes()))));
this.rim = doc;
} catch (IOException e) {
log.error("Error while unmarshalling rim bytes: " + e.getMessage());
}
}
public SwidTagValidator() {
try {
JAXBContext jaxbContext = JAXBContext.newInstance(SwidTagConstants.SCHEMA_PACKAGE);