mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-02-22 10:20:54 +00:00
This set up code begins the setup of adding information to the component
result. However this is thought to putting this stuff in a report or separate page like the RIM event log page does. [no ci]
This commit is contained in:
Cyrus
parent
fe5a509f9a
commit
3fb3cf7669
@ -29,6 +29,7 @@ import hirs.data.persist.info.OSInfo;
|
||||
import hirs.data.persist.info.TPMInfo;
|
||||
import hirs.data.service.DeviceRegister;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.DBManager;
|
||||
import hirs.persist.DeviceManager;
|
||||
import hirs.persist.ReferenceDigestManager;
|
||||
@ -176,6 +177,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
*/
|
||||
private Integer validDays = 1;
|
||||
|
||||
private final ComponentResultManager componentResultManager;
|
||||
private final CertificateManager certificateManager;
|
||||
private final ReferenceManifestManager referenceManifestManager;
|
||||
private final DeviceRegister deviceRegister;
|
||||
@ -192,6 +194,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
* @param privateKey the ACA private key
|
||||
* @param acaCertificate the ACA certificate
|
||||
* @param structConverter the struct converter
|
||||
* @param componentResultManager the component result manager
|
||||
* @param certificateManager the certificate manager
|
||||
* @param referenceManifestManager the Reference Manifest manager
|
||||
* @param deviceRegister the device register
|
||||
@ -206,6 +209,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
final SupplyChainValidationService supplyChainValidationService,
|
||||
final PrivateKey privateKey, final X509Certificate acaCertificate,
|
||||
final StructConverter structConverter,
|
||||
final ComponentResultManager componentResultManager,
|
||||
final CertificateManager certificateManager,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final DeviceRegister deviceRegister, final int validDays,
|
||||
@ -217,6 +221,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
this.privateKey = privateKey;
|
||||
this.acaCertificate = acaCertificate;
|
||||
this.structConverter = structConverter;
|
||||
this.componentResultManager = componentResultManager;
|
||||
this.certificateManager = certificateManager;
|
||||
this.referenceManifestManager = referenceManifestManager;
|
||||
this.deviceRegister = deviceRegister;
|
||||
|
||||
@ -23,6 +23,7 @@ import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.persist.AppraiserManager;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.CrudManager;
|
||||
import hirs.persist.DBManagerException;
|
||||
import hirs.persist.PersistenceConfiguration;
|
||||
@ -82,6 +83,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
private ReferenceDigestManager referenceDigestManager;
|
||||
private ReferenceEventManager referenceEventManager;
|
||||
private CertificateManager certificateManager;
|
||||
private ComponentResultManager componentResultManager;
|
||||
private CredentialValidator supplyChainCredentialValidator;
|
||||
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
|
||||
|
||||
@ -115,6 +117,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
public SupplyChainValidationServiceImpl(
|
||||
final PolicyManager policyManager, final AppraiserManager appraiserManager,
|
||||
final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
|
||||
final CredentialValidator supplyChainCredentialValidator,
|
||||
@ -123,6 +126,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
this.policyManager = policyManager;
|
||||
this.appraiserManager = appraiserManager;
|
||||
this.certificateManager = certificateManager;
|
||||
this.componentResultManager = componentResultManager;
|
||||
this.referenceManifestManager = referenceManifestManager;
|
||||
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
|
||||
this.supplyChainCredentialValidator = supplyChainCredentialValidator;
|
||||
|
||||
@ -131,7 +131,7 @@ public class AbstractAttestationCertificateAuthorityTest {
|
||||
@BeforeTest
|
||||
public void setup() {
|
||||
aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(),
|
||||
null, null, null, null, null, 1,
|
||||
null, null, null, null, null, null, 1,
|
||||
null, null, null, null) {
|
||||
};
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.persist.AppraiserManager;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.CrudManager;
|
||||
import hirs.persist.DBCertificateManager;
|
||||
import hirs.persist.DBDeviceGroupManager;
|
||||
@ -85,6 +86,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
@Mock
|
||||
private CertificateManager certificateManager;
|
||||
|
||||
@Mock
|
||||
private ComponentResultManager componentResultManager;
|
||||
|
||||
@Mock
|
||||
private CredentialValidator supplyChainCredentialValidator;
|
||||
|
||||
@ -449,6 +453,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -511,6 +516,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -559,6 +565,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -597,6 +604,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -659,6 +667,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -707,6 +716,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -760,6 +770,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
new SupplyChainCredentialValidator(),
|
||||
|
||||
@ -5,6 +5,7 @@ import hirs.attestationca.portal.page.PageMessages;
|
||||
import hirs.attestationca.portal.page.params.CertificateDetailsPageParams;
|
||||
import hirs.attestationca.portal.util.CertificateStringMapBuilder;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -32,16 +33,20 @@ public class CertificateDetailsPageController extends PageController<Certificate
|
||||
static final String INITIAL_DATA = "initialData";
|
||||
|
||||
private final CertificateManager certificateManager;
|
||||
private final ComponentResultManager componentResultManager;
|
||||
private static final Logger LOGGER =
|
||||
LogManager.getLogger(CertificateDetailsPageController.class);
|
||||
/**
|
||||
* Constructor providing the Page's display and routing specification.
|
||||
* @param certificateManager the certificate manager
|
||||
* @param componentResultManager the component result manager
|
||||
*/
|
||||
@Autowired
|
||||
public CertificateDetailsPageController(final CertificateManager certificateManager) {
|
||||
public CertificateDetailsPageController(final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager) {
|
||||
super(CERTIFICATE_DETAILS);
|
||||
this.certificateManager = certificateManager;
|
||||
this.componentResultManager = componentResultManager;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -87,7 +92,7 @@ public class CertificateDetailsPageController extends PageController<Certificate
|
||||
break;
|
||||
case "platform":
|
||||
data.putAll(CertificateStringMapBuilder.getPlatformInformation(uuid,
|
||||
certificateManager));
|
||||
certificateManager, componentResultManager));
|
||||
break;
|
||||
case "issued":
|
||||
data.putAll(CertificateStringMapBuilder.getIssuedInformation(uuid,
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package hirs.attestationca.portal.util;
|
||||
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
|
||||
@ -303,12 +304,14 @@ public final class CertificateStringMapBuilder {
|
||||
*
|
||||
* @param uuid ID for the certificate.
|
||||
* @param certificateManager the certificate manager for retrieving certs.
|
||||
* @param componentResultManager the component result manager for component mismatches.
|
||||
* @return a hash map with the endorsement certificate information.
|
||||
* @throws IOException when parsing the certificate
|
||||
* @throws IllegalArgumentException invalid argument on parsing the certificate
|
||||
*/
|
||||
public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
|
||||
final CertificateManager certificateManager)
|
||||
final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager)
|
||||
throws IllegalArgumentException, IOException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
PlatformCredential certificate = PlatformCredential
|
||||
|
||||
@ -161,10 +161,10 @@
|
||||
<ul>
|
||||
<c:choose>
|
||||
<c:when test="${initialData.rimType=='Support'}">
|
||||
<li>This Support RIM file does NOT covers the following critical items:</li>
|
||||
<li>This Support RIM file does NOT cover the following critical items:</li>
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<li>This Event Log file does NOT covers the following critical items:</li>
|
||||
<li>This Event Log file does NOT cover the following critical items:</li>
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
<ul>
|
||||
|
||||
@ -0,0 +1,111 @@
|
||||
package hirs.data.persist.certificate;
|
||||
|
||||
import hirs.data.persist.AbstractEntity;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import java.util.Objects;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@Entity
|
||||
public class ComponentResult extends AbstractEntity {
|
||||
|
||||
private UUID certificateId;
|
||||
private int componentHash;
|
||||
private String expected;
|
||||
private String actual;
|
||||
private boolean mismatched;
|
||||
|
||||
/**
|
||||
* Hibernate default constructor
|
||||
*/
|
||||
protected ComponentResult() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Default constructor that initializes the parameters and mismatched flag
|
||||
* is set based on expected vs actual.
|
||||
* @param certificateId associated certificate
|
||||
* @param componentHash int value of the component hash
|
||||
* @param expected the string for the expected
|
||||
* @param actual the string for the actual
|
||||
*/
|
||||
public ComponentResult(final UUID certificateId, final int componentHash,
|
||||
final String expected, final String actual) {
|
||||
this.certificateId = certificateId;
|
||||
this.componentHash = componentHash;
|
||||
this.expected = expected;
|
||||
this.actual = actual;
|
||||
this.mismatched = Objects.equals(expected, actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the associated certificate UUID.
|
||||
* @return the UUID idea value
|
||||
*/
|
||||
public UUID getCertificateId() {
|
||||
return certificateId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the component hash.
|
||||
* @return int value hash
|
||||
*/
|
||||
public int getComponentHash() {
|
||||
return componentHash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the expected string.
|
||||
* @return the expected value
|
||||
*/
|
||||
public String getExpected() {
|
||||
return expected;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the actual string.
|
||||
* @return the actual value
|
||||
*/
|
||||
public String getActual() {
|
||||
return actual;
|
||||
}
|
||||
|
||||
/**
|
||||
* The flag for the actual and expected matching vs or not.
|
||||
* @return the flag for the values
|
||||
*/
|
||||
public boolean isMismatched() {
|
||||
return mismatched;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null || getClass() != o.getClass()) return false;
|
||||
if (!super.equals(o)) return false;
|
||||
ComponentResult that = (ComponentResult) o;
|
||||
return componentHash == that.componentHash
|
||||
&& mismatched == that.mismatched
|
||||
&& Objects.equals(certificateId, that.certificateId)
|
||||
&& Objects.equals(expected, that.expected)
|
||||
&& Objects.equals(actual, that.actual);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(super.hashCode(), certificateId, componentHash,
|
||||
expected, actual, mismatched);
|
||||
}
|
||||
|
||||
/**
|
||||
* A string format of the expected and actual.
|
||||
* @return a formatted string
|
||||
*/
|
||||
public String toString() {
|
||||
return String.format("ComponentResult[%d]: expected=[%s] actual=[%s]",
|
||||
componentHash, expected, actual);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,61 @@
|
||||
package hirs.persist;
|
||||
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class facilitates the persistence of {@link hirs.data.persist.certificate.ComponentResult}s
|
||||
* including storage, retrieval, and deletion.
|
||||
*/
|
||||
public interface ComponentResultManager extends OrderedListQuerier<ComponentResult> {
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentResult the ComponentResult
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult saveResult(ComponentResult componentResult);
|
||||
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentResult the ComponentResult
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult getResult(ComponentResult componentResult);
|
||||
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentId the component id
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult getResultById(UUID componentId);
|
||||
|
||||
/**
|
||||
* Returns a list of all <code>ComponentResult</code>s that are ordered by a column
|
||||
* and direction (ASC, DESC) that is provided by the user. This method
|
||||
* helps support the server-side processing in the JQuery DataTables.
|
||||
*
|
||||
* @return FilteredRecordsList object with fields for DataTables
|
||||
*/
|
||||
Set<ComponentResult> getComponentResultList();
|
||||
|
||||
/**
|
||||
* Returns a list of all <code>ComponentResult</code>s that are
|
||||
* associated with the certificate
|
||||
*
|
||||
* @return FilteredRecordsList object with fields for DataTables
|
||||
*/
|
||||
Set<ComponentResult> getComponentResultsByCertificate(UUID certificateId);
|
||||
|
||||
/**
|
||||
* Delete the given value.
|
||||
*
|
||||
* @param componentResult the component result delete
|
||||
* @return true if the deletion succeeded, false otherwise.
|
||||
*/
|
||||
boolean deleteResult(ComponentResult componentResult);
|
||||
}
|
||||
@ -0,0 +1,163 @@
|
||||
package hirs.persist;
|
||||
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.hibernate.Session;
|
||||
import org.hibernate.SessionFactory;
|
||||
import org.hibernate.Transaction;
|
||||
import org.hibernate.criterion.Restrictions;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class is used to persist and retrieve {@link hirs.data.persist.certificate.ComponentResult}s into
|
||||
* and from the database.
|
||||
*/
|
||||
public class DBComponentResultManager extends DBManager<ComponentResult>
|
||||
implements ComponentResultManager {
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DBComponentResultManager.class);
|
||||
|
||||
/**
|
||||
* Default Constructor.
|
||||
*
|
||||
* @param sessionFactory session factory used to access database connections
|
||||
*/
|
||||
public DBComponentResultManager(final SessionFactory sessionFactory) {
|
||||
super(ComponentResult.class, sessionFactory);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult saveResult(final ComponentResult componentResult) {
|
||||
LOGGER.debug("saving event digest value: {}", componentResult);
|
||||
|
||||
try {
|
||||
return save(componentResult);
|
||||
} catch (DBManagerException dbMEx) {
|
||||
throw new RuntimeException(dbMEx);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult getResult(final ComponentResult componentResult) {
|
||||
LOGGER.debug("Getting record for {}", componentResult);
|
||||
if (componentResult == null) {
|
||||
LOGGER.error("null componentResult argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
ComponentResult dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = (ComponentResult) session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("componentHash",
|
||||
componentResult.getComponentHash()))
|
||||
.add(Restrictions.eq("certificateId",
|
||||
componentResult.getCertificateId()))
|
||||
.uniqueResult();
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult getResultById(final UUID certificateId) {
|
||||
LOGGER.debug("Getting record associated with {}", certificateId);
|
||||
if (certificateId == null) {
|
||||
LOGGER.error("null certificateId argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
ComponentResult dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = (ComponentResult) session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("certificateId",
|
||||
certificateId))
|
||||
.uniqueResult();
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<ComponentResult> getComponentResultList() {
|
||||
LOGGER.debug("getting ComponentResult list");
|
||||
|
||||
try {
|
||||
final List<ComponentResult> results = super.getList(ComponentResult.class);
|
||||
return new HashSet<>(results);
|
||||
} catch (DBManagerException e) {
|
||||
throw new DeviceManagerException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<ComponentResult> getComponentResultsByCertificate(final UUID certificateId) {
|
||||
LOGGER.debug("Getting record associated with {}", certificateId);
|
||||
if (certificateId == null) {
|
||||
LOGGER.error("null certificateId argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
Set<ComponentResult> dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = new HashSet<ComponentResult>(session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("certificateId",
|
||||
certificateId)).list());
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteResult(ComponentResult componentResult) {
|
||||
boolean result;
|
||||
LOGGER.info(String.format("Deleting component result to %s",
|
||||
componentResult.getId()));
|
||||
try {
|
||||
result = super.delete(componentResult);
|
||||
} catch (DBManagerException dbMEx) {
|
||||
throw new RuntimeException(dbMEx);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@ -22,7 +22,7 @@ import java.util.UUID;
|
||||
* This class is used to persist and retrieve {@link hirs.data.persist.ReferenceDigestValue}s into
|
||||
* and from the database.
|
||||
*/
|
||||
public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
|
||||
public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
|
||||
implements ReferenceEventManager {
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DBReferenceDigestManager.class);
|
||||
|
||||
@ -141,6 +141,18 @@ public class PersistenceConfiguration {
|
||||
return manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link ComponentResultManager} ready to use.
|
||||
*
|
||||
* @return {@link ComponentResultManager}
|
||||
*/
|
||||
@Bean
|
||||
public ComponentResultManager componentResultManager() {
|
||||
DBComponentResultManager manager = new DBComponentResultManager(sessionFactory.getObject());
|
||||
setDbManagerRetrySettings(manager);
|
||||
return manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link ReferenceManifestManager} ready to use.
|
||||
*
|
||||
|
||||
@ -7,6 +7,7 @@ import hirs.data.persist.AppraisalStatus;
|
||||
import hirs.data.persist.ArchivableEntity;
|
||||
import hirs.data.persist.DeviceInfoReport;
|
||||
import hirs.data.persist.SupplyChainValidation;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
@ -58,6 +59,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static hirs.data.persist.AppraisalStatus.Status.ERROR;
|
||||
@ -346,7 +348,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentIdentifier> origPcComponents
|
||||
= new LinkedList<>(basePlatformCredential.getComponentIdentifiers());
|
||||
|
||||
return validateDeltaAttributesChainV2p0(deviceInfoReport,
|
||||
return validateDeltaAttributesChainV2p0(basePlatformCredential.getId(), deviceInfoReport,
|
||||
deltaMapping, origPcComponents);
|
||||
}
|
||||
|
||||
@ -439,7 +441,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
+ " did not match the Certificate's Serial Number";
|
||||
LOGGER.error(message);
|
||||
status = new AppraisalStatus(FAIL, message);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -458,7 +459,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
final DeviceInfoReport deviceInfoReport) {
|
||||
boolean passesValidation = true;
|
||||
StringBuilder resultMessage = new StringBuilder();
|
||||
|
||||
HardwareInfo hardwareInfo = deviceInfoReport.getHardwareInfo();
|
||||
|
||||
boolean fieldValidation;
|
||||
@ -550,7 +550,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentInfo> componentInfoList
|
||||
= getComponentInfoFromPaccorOutput(paccorOutputString);
|
||||
unmatchedComponents = validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
validPcComponents, componentInfoList);
|
||||
platformCredential.getId(), validPcComponents, componentInfoList);
|
||||
fieldValidation &= unmatchedComponents.isEmpty();
|
||||
} catch (IOException e) {
|
||||
final String baseErrorMessage = "Error parsing JSON output from PACCOR: ";
|
||||
@ -597,7 +597,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @return Appraisal Status of delta being validated.
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
static AppraisalStatus validateDeltaAttributesChainV2p0(
|
||||
static AppraisalStatus validateDeltaAttributesChainV2p0(final UUID certificateId,
|
||||
final DeviceInfoReport deviceInfoReport,
|
||||
final Map<PlatformCredential, SupplyChainValidation> deltaMapping,
|
||||
final List<ComponentIdentifier> origPcComponents) {
|
||||
@ -715,6 +715,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentInfo> componentInfoList = getV2PaccorOutput(paccorOutputString);
|
||||
// this is what I want to rewrite
|
||||
unmatchedComponents = validateV2PlatformCredentialAttributes(
|
||||
certificateId,
|
||||
baseCompList,
|
||||
componentInfoList);
|
||||
fieldValidation &= unmatchedComponents.isEmpty();
|
||||
@ -750,6 +751,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
}
|
||||
|
||||
private static String validateV2PlatformCredentialAttributes(
|
||||
final UUID certificateId,
|
||||
final List<ComponentIdentifier> fullDeltaChainComponents,
|
||||
final List<ComponentInfo> allDeviceInfoComponents) {
|
||||
ComponentIdentifierV2 ciV2;
|
||||
@ -765,11 +767,11 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
ciV2 = (ComponentIdentifierV2) cId;
|
||||
if (cInfo.getComponentClass().contains(
|
||||
ciV2.getComponentClass().getValue())
|
||||
&& isMatch(cId, cInfo)) {
|
||||
subCompIdList.remove(cId);
|
||||
subCompInfoList.remove(cInfo);
|
||||
&& isMatch(certificateId, cId, cInfo)) {
|
||||
subCompIdList.remove(cId);
|
||||
subCompInfoList.remove(cInfo);
|
||||
}
|
||||
}
|
||||
} // I have to get the unmatched from here, maybe create a list of component result and use that TDM
|
||||
}
|
||||
|
||||
if (subCompIdList.isEmpty()) {
|
||||
@ -810,6 +812,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @return true if validation passes
|
||||
*/
|
||||
private static String validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
final UUID certificateId,
|
||||
final List<ComponentIdentifier> untrimmedPcComponents,
|
||||
final List<ComponentInfo> allDeviceInfoComponents) {
|
||||
// For each manufacturer listed in the platform credential, create two lists:
|
||||
@ -881,7 +884,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
|
||||
if (first.isPresent()) {
|
||||
ComponentInfo potentialMatch = first.get();
|
||||
if (isMatch(pcComponent, potentialMatch)) {
|
||||
if (isMatch(certificateId, pcComponent, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(pcComponent);
|
||||
deviceInfoComponentsFromManufacturer.remove(potentialMatch);
|
||||
}
|
||||
@ -909,7 +912,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
|
||||
if (first.isPresent()) {
|
||||
ComponentInfo potentialMatch = first.get();
|
||||
if (isMatch(pcComponent, potentialMatch)) {
|
||||
if (isMatch(certificateId, pcComponent, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(pcComponent);
|
||||
deviceInfoComponentsFromManufacturer.remove(potentialMatch);
|
||||
}
|
||||
@ -923,7 +926,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
= deviceInfoComponentsFromManufacturer.iterator();
|
||||
while (diComponentIter.hasNext()) {
|
||||
ComponentInfo potentialMatch = diComponentIter.next();
|
||||
if (isMatch(ci, potentialMatch)) {
|
||||
if (isMatch(certificateId, ci, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(ci);
|
||||
diComponentIter.remove();
|
||||
}
|
||||
@ -1063,29 +1066,42 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @param potentialMatch the component info from a device info report
|
||||
* @return true if the fields match exactly (null is considered the same as an empty string)
|
||||
*/
|
||||
static boolean isMatch(final ComponentIdentifier pcComponent,
|
||||
static boolean isMatch(final UUID certificateId, final ComponentIdentifier pcComponent,
|
||||
final ComponentInfo potentialMatch) {
|
||||
boolean matchesSoFar = true;
|
||||
ComponentResult componentResult;
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer().getString());
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel().getString());
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial().getString());
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision().getString());
|
||||
|
||||
return matchesSoFar;
|
||||
}
|
||||
|
||||
@ -1444,7 +1444,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
);
|
||||
|
||||
Assert.assertTrue(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
SupplyChainCredentialValidator.isMatch(null, pcComponentIdentifier,
|
||||
nicComponentInfo)
|
||||
);
|
||||
|
||||
pcComponentIdentifier = new ComponentIdentifier(
|
||||
@ -1458,7 +1459,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
);
|
||||
|
||||
Assert.assertFalse(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
SupplyChainCredentialValidator.isMatch(null, pcComponentIdentifier,
|
||||
nicComponentInfo)
|
||||
);
|
||||
|
||||
pcComponentIdentifier = new ComponentIdentifier(
|
||||
@ -1472,7 +1474,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
);
|
||||
|
||||
Assert.assertTrue(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
SupplyChainCredentialValidator.isMatch(null, pcComponentIdentifier,
|
||||
nicComponentInfo)
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user