ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Attribute Validation Match Update (#128)

Browse Source 
* Updated the default values of the component identifier and component info classes.  The provisioner side of the process was updated to populate with Empty, the current ACA is using ---.

* Updated unit tests.  For the supply chain validation, I updated the validation fail message to include additional information.

* Updated code for the component identifier classes to correct the default values that can be seen from either paccor or devices when data isn't specified.

* Removed unused variable and change package for the EMPTY variable.
This commit is contained in:
Cyrus 2019-05-06 13:54:16 -04:00 committed by GitHub
parent 805b87ffb6
commit 3bebec1154
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 36 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java
View File

@ -15,6 +15,7 @@ import javax.xml.bind.annotation.XmlElement;
import java.io.Serializable;
import java.util.Objects;
/**
* ComponentInfo is a class to hold Hardware component information
* such as manufacturer, model, serial number and version.
@ -194,9 +195,13 @@ public class ComponentInfo implements Serializable {
this.componentModel = componentModel.trim();
if (componentSerial != null) {
this.componentSerial = componentSerial.trim();
} else {
this.componentSerial = StringUtils.EMPTY;
}
if (componentRevision != null) {
this.componentRevision = componentRevision.trim();
} else {
this.componentRevision = StringUtils.EMPTY;
}
}

15
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java
View File

@ -4,6 +4,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@ -32,7 +33,11 @@ public class ComponentIdentifier {
/**
* Variable for components that aren't set.
*/
public static final String EMPTY_COMPONENT = " --- ";
public static final String EMPTY_COMPONENT = "[Empty]";
/**
* Variable for components that aren't set.
*/
public static final String NOT_SPECFIED_COMPONENT = "Not Specified";
/**
* Maximum number of configurations.
*/
@ -73,10 +78,10 @@ public class ComponentIdentifier {
* Default constructor.
*/
public ComponentIdentifier() {
componentManufacturer = new DERUTF8String(EMPTY_COMPONENT);
componentModel = new DERUTF8String(EMPTY_COMPONENT);
componentSerial = new DERUTF8String(EMPTY_COMPONENT);
componentRevision = new DERUTF8String(EMPTY_COMPONENT);
componentManufacturer = new DERUTF8String(NOT_SPECFIED_COMPONENT);
componentModel = new DERUTF8String(NOT_SPECFIED_COMPONENT);
componentSerial = new DERUTF8String(StringUtils.EMPTY);
componentRevision = new DERUTF8String(StringUtils.EMPTY);
componentManufacturerId = null;
fieldReplaceable = null;
componentAddress = new ArrayList<>();

7
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/AttributeStatus.java
View File

@ -1,6 +1,7 @@
package hirs.data.persist.certificate.attributes.V2;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import org.apache.commons.lang3.StringUtils;
/**
* A type to handle the security Level used in the FIPS Level.
@ -28,9 +29,9 @@ public enum AttributeStatus {
*/
REMOVED("removed"),
/**
* Attribute Status for NOT_SPECIFIED.
* Attribute Status for EMPTY.
*/
NOT_SPECIFIED(ComponentIdentifier.EMPTY_COMPONENT);
EMPTY_STATUS(StringUtils.EMPTY);
private final String value;

2
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java
View File

@ -55,7 +55,7 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
componentClass = new ComponentClass();
certificateIdentifier = null;
componentPlatformUri = null;
attributeStatus = AttributeStatus.NOT_SPECIFIED;
attributeStatus = AttributeStatus.EMPTY_STATUS;
}
/**

2
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java
View File

@ -25,7 +25,7 @@ public class PlatformPropertyV2 extends PlatformProperty {
*/
public PlatformPropertyV2() {
super();
this.attributeStatus = AttributeStatus.NOT_SPECIFIED;
this.attributeStatus = AttributeStatus.EMPTY_STATUS;
}
/**

15
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -534,8 +534,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
new ComponentIdentifier(
new DERUTF8String(component.getComponentManufacturer().getString().trim()),
new DERUTF8String(component.getComponentModel().getString().trim()),
componentSerial,
componentRevision,
componentSerial, componentRevision,
component.getComponentManufacturerId(),
component.getFieldReplaceable(),
component.getComponentAddress()
@ -578,8 +577,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
// Now match up the components from the device info that are from the same
// manufacturer and have a serial number. As matches are found, remove them from
// both lists.
for (ComponentIdentifier pcComponent
: pcComponentsFromManufacturerWithSerialNumber) {
for (ComponentIdentifier pcComponent : pcComponentsFromManufacturerWithSerialNumber) {
Optional<ComponentInfo> first
= deviceInfoComponentsFromManufacturer.stream()
.filter(componentInfo
@ -609,8 +607,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
// Now match up the components from the device info that are from the same
// manufacturer and specify a value for the revision field. As matches are found,
// remove them from both lists.
for (ComponentIdentifier pcComponent
: pcComponentsFromManufacturerWithRevision) {
for (ComponentIdentifier pcComponent : pcComponentsFromManufacturerWithRevision) {
Optional<ComponentInfo> first
= deviceInfoComponentsFromManufacturer.stream()
.filter(info -> StringUtils.isNotEmpty(info.getComponentRevision()))
@ -654,9 +651,11 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
LOGGER.error("Unmatched component " + umatchedComponentCounter++ + ": "
+ unmatchedComponent);
sb.append(String.format("Manufacturer=%s, Model=%s%n",
sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s%n",
unmatchedComponent.getComponentManufacturer(),
unmatchedComponent.getComponentModel()));
unmatchedComponent.getComponentModel(),
unmatchedComponent.getComponentSerial(),
unmatchedComponent.getComponentRevision()));
}
return sb.toString();
}

2
HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java
View File

@ -574,7 +574,7 @@ public class PlatformCredentialTest {
.equals("BIOS"));
Assert.assertTrue(component.getComponentSerial()
.getString()
.equals(" --- "));
.equals(""));
Assert.assertTrue(component.getComponentRevision()
.getString()
.equals("DNKBLi5v.86A.0019.2017.0804.1146"));

11
HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java
View File

@ -1113,7 +1113,8 @@ public class SupplyChainCredentialValidatorTest {
+ "Platform version did not match\n"
+ "Platform serial did not match\n"
+ "There are unmatched components:\n"
+ "Manufacturer=Intel, Model=platform2018\n";
+ "Manufacturer=Intel, Model=platform2018,"
+ " Serial=BQKP52840678, Revision=1.0\n";
AppraisalStatus result =
supplyChainCredentialValidator.validatePlatformCredentialAttributes(
@ -1757,7 +1758,8 @@ public class SupplyChainCredentialValidatorTest {
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(), "Component manufacturer is empty\n"
+ "There are unmatched components:\n"
+ "Manufacturer=, Model=Core i7\n");
+ "Manufacturer=, Model=Core i7, Serial=Not Specified,"
+ " Revision=Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz\n");
platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
result = SupplyChainCredentialValidator
@ -1813,7 +1815,7 @@ public class SupplyChainCredentialValidatorTest {
deviceInfoReport);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(), "There are unmatched components:\n"
+ "Manufacturer=ACME, Model=TNT\n");
+ "Manufacturer=ACME, Model=TNT, Serial=2, Revision=1.1\n");
}
/**
@ -1876,7 +1878,8 @@ public class SupplyChainCredentialValidatorTest {
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(), "Component manufacturer is empty\n"
+ "There are unmatched components:\n"
+ "Manufacturer=, Model=Core i7\n");
+ "Manufacturer=, Model=Core i7, Serial=Not Specified,"
+ " Revision=Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz\n");
platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
result = SupplyChainCredentialValidator