From 3fb05d7470ef1d7edfe5555f1668f30e114a4cd5 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 1 Mar 2024 07:52:02 -0500 Subject: [PATCH] This is a final push that marks what was mismatched for the component results and should display red properly on the details page. --- .../certificate/ComponentResult.java | 2 +- .../attributes/ComponentIdentifier.java | 2 +- .../service/SupplyChainValidationService.java | 17 +++++ .../CertificateAttributeScvValidator.java | 68 ++++++++----------- .../utils/CertificateStringMapBuilder.java | 12 +--- .../WEB-INF/jsp/certificate-details.jsp | 2 +- 6 files changed, 50 insertions(+), 53 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index a9beff48..667fea69 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -42,7 +42,7 @@ public class ComponentResult extends ArchivableEntity { private String componentAddress; private boolean version2 = false; @Setter - private boolean mismatched; + private boolean failedValidation; private String certificateType; private String issuerDN; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java index cb7394ad..a980bfd8 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java @@ -123,7 +123,7 @@ public class ComponentIdentifier { /** * Constructor given the SEQUENCE that contains Component Identifier. - * @param sequence containing the the component identifier + * @param sequence containing the component identifier * @throws IllegalArgumentException if there was an error on the parsing */ public ComponentIdentifier(final ASN1Sequence sequence) throws IllegalArgumentException { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java index bdf23c46..eebf99de 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java @@ -15,8 +15,10 @@ import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.PolicySettings; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary; +import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentAttributeResult; import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; @@ -387,4 +389,19 @@ public class SupplyChainValidationService { } return defaultSettings; } + + /** + * If the platform attributes policy is enabled, this method updates the matched + * status for the component result. This is done so that the details page for the + * platform certificate highlights the title card red. + * @param componentResults list of associated component results + */ + private void updateComponentStatus(final List componentResults) { + List componentAttributeResults; + for (ComponentResult componentResult : componentResults) { + componentAttributeResults = componentAttributeRepository.findByComponentId(componentResult.getId()); + componentResult.setFailedValidation(!componentAttributeResults.isEmpty()); + componentResultRepository.save(componentResult); + } + } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index 32bf1193..758c4c9e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -321,6 +321,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid // Look for hash code in device mapping // if it exists, don't save the component List remainingComponentResults = new ArrayList<>(); + int numOfAttributes = 0; for (ComponentResult componentResult : componentResults) { if (!deviceHashMap.containsKey(componentResult.hashCommonElements())) { // didn't find the component result in the hashed mapping @@ -353,7 +354,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid if (componentClassInfo.size() == 1) { attributeResults.addAll(generateComponentResults(componentClassInfo.get(0), componentResult)); } else { - attributeResults.addAll(matchBasedOnAttributes(componentClassInfo, componentResult)); + attributeResults.addAll(findMismatchedValues(componentClassInfo, componentResult)); } } @@ -362,26 +363,15 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid componentAttributeRepository.save(componentAttributeResult); fieldValidation &= componentAttributeResult.checkMatchedStatus(); } + numOfAttributes = attributeResults.size(); } - -// try { -// List componentInfoList -// = getComponentInfoFromPaccorOutput(deviceInfoReport.getNetworkInfo().getHostname(), -// paccorOutputString); -// unmatchedComponents = validateV2p0PlatformCredentialComponentsExpectingExactMatch( -// validPcComponents, componentInfoList); -// fieldValidation &= unmatchedComponents.isEmpty(); -// } catch (IOException ioEx) { -// final String baseErrorMessage = "Error parsing JSON output from PACCOR: "; -// log.error(baseErrorMessage + ioEx); -// return new AppraisalStatus(ERROR, baseErrorMessage + ioEx.getMessage()); -// } -// -// // WIP clean this up StringBuilder additionalInfo = new StringBuilder(); - if (!fieldValidation) { - resultMessage.append("There are unmatched components...\n"); + if (!remainingComponentResults.isEmpty()) { + resultMessage.append(String.format("There are %d components not matched\n", + remainingComponentResults.size())); + resultMessage.append(String.format("\twith %d total attributes mismatched.", + numOfAttributes)); } passesValidation &= fieldValidation; @@ -428,11 +418,18 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid return attributeResults; } - private static List matchBasedOnAttributes( + /** + * This method is called when there are multiple components on the device that match + * the certificate component's component class type and there is either a mismatch or + * a status of not found to be assigned. + * @param componentClassInfo list of device components with the same class type + * @param componentResult the certificate component that is mismatched + * @return a list of attribute results, if all 4 attributes are never matched, it is not found + */ + private static List findMismatchedValues( final List componentClassInfo, final ComponentResult componentResult) { // this list only has those of the same class type - List attributeResults = new ArrayList<>(); Map componentSerialMap = new HashMap<>(); componentClassInfo.stream().forEach((componentInfo) -> { componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo); @@ -440,33 +437,22 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid // see if the serial exists ComponentInfo componentInfo = componentSerialMap.get(componentResult.getSerialNumber()); - if (componentInfo != null) { - // if the serial, create attribute result and move on - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getManufacturer(), componentInfo.getComponentManufacturer())); - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getModel(), componentInfo.getComponentModel())); - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getSerialNumber(), componentInfo.getComponentSerial())); - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getRevisionNumber(), componentInfo.getComponentRevision())); + if (componentInfo != null && componentInfo.getComponentManufacturer() + .equals(componentResult.getManufacturer())) { + // the serial matched and the manufacturer, create attribute result and move on + return generateComponentResults(componentInfo, componentResult); } else { // didn't find based on serial // look for highest match; otherwise ignore // I already know serial doesn't match - componentClassInfo.stream().forEach((ci) -> { - boolean manufacturerMatch, modelMatch, revisionMatch; - manufacturerMatch = ci.getComponentManufacturer().equals(componentResult.getManufacturer()); - modelMatch = ci.getComponentModel().equals(componentResult.getModel()); - revisionMatch = ci.getComponentRevision().equals(componentResult.getRevisionNumber()); - if (manufacturerMatch && modelMatch && revisionMatch) { - attributeResults.add(new ComponentAttributeResult(componentResult.getId(), - componentResult.getSerialNumber(), ci.getComponentSerial())); + for (ComponentInfo ci : componentClassInfo) { + if (ci.getComponentManufacturer().equals(componentResult.getManufacturer()) + && ci.getComponentModel().equals(componentResult.getModel())) { + return generateComponentResults(ci, componentResult); } - }); + } } - - return attributeResults; + return Collections.emptyList(); } /** diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java index 728cd965..8444ee63 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java @@ -364,23 +364,17 @@ public final class CertificateStringMapBuilder { data.put("x509Version", certificate.getX509CredentialVersion()); //CPSuri data.put("CPSuri", certificate.getCPSuri()); + //Component Identifier - attempt to translate hardware IDs List compResults = componentResultRepository .findByBoardSerialNumber(certificate.getPlatformSerial()); if (PciIds.DB.isReady()) { - data.put("componentResults", PciIds.translateResults(compResults)); - } else { - data.put("componentResults", compResults); + compResults = PciIds.translateResults(compResults); } + data.put("componentResults", compResults); //Get platform Configuration values and set map with it PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration(); if (platformConfiguration != null) { - //Component Identifier - attempt to translate hardware IDs - List comps = platformConfiguration.getComponentIdentifier(); - if (PciIds.DB.isReady()) { - comps = PciIds.translate(comps); - } - data.put("componentsIdentifier", comps); //Component Identifier URI data.put("componentsIdentifierURI", platformConfiguration .getComponentIdentifierUri()); diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp index 5a45d1c5..6f25b54e 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp @@ -619,7 +619,7 @@
- +