mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-29 15:44:14 +00:00
Updated code to correct situations that were not linking up with properly for delta and platform certificate component validation.
This commit is contained in:
Cyrus
parent
677716fa08
commit
4999c96685
@ -408,7 +408,14 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
RSAPublicKey ekPub = parsePublicKey(claim.getEkPublicArea().toByteArray());
|
||||
AppraisalStatus.Status validationResult = AppraisalStatus.Status.FAIL;
|
||||
|
||||
validationResult = doSupplyChainValidation(claim, ekPub);
|
||||
try {
|
||||
validationResult = doSupplyChainValidation(claim, ekPub);
|
||||
} catch (Exception ex) {
|
||||
for (StackTraceElement ste : ex.getStackTrace()) {
|
||||
LOG.error(ste.toString());
|
||||
}
|
||||
}
|
||||
|
||||
if (validationResult == AppraisalStatus.Status.PASS) {
|
||||
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
|
||||
byte[] nonce = generateRandomBytes(NONCE_LENGTH);
|
||||
|
||||
@ -303,6 +303,7 @@ public final class CertificateStringMapBuilder {
|
||||
.select(certificateManager)
|
||||
.byEntityId(uuid)
|
||||
.getCertificate();
|
||||
|
||||
if (certificate != null) {
|
||||
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
|
||||
data.put("credentialType", certificate.getCredentialType());
|
||||
@ -357,6 +358,7 @@ public final class CertificateStringMapBuilder {
|
||||
data.put("x509Version", certificate.getX509CredentialVersion());
|
||||
//CPSuri
|
||||
data.put("CPSuri", certificate.getCPSuri());
|
||||
|
||||
if (!certificate.getComponentFailures().isEmpty()) {
|
||||
data.put("failures", certificate.getComponentFailures());
|
||||
}
|
||||
@ -398,6 +400,17 @@ public final class CertificateStringMapBuilder {
|
||||
});
|
||||
|
||||
data.put("chainCertificates", chainCertificates);
|
||||
|
||||
if (!certificate.isBase()) {
|
||||
for (PlatformCredential pc : chainCertificates) {
|
||||
if (pc.isBase()) {
|
||||
if (!pc.getComponentFailures().isEmpty()) {
|
||||
data.put("failures", pc.getComponentFailures());
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
String notFoundMessage = "Unable to find Platform Certificate "
|
||||
|
||||
@ -614,7 +614,7 @@
|
||||
<div class="panel-body">
|
||||
<div id="componentIdentifier" class="row">
|
||||
<c:forEach items="${initialData.componentsIdentifier}" var="component">
|
||||
<c:set var="combined" value="${component.getComponentClass().getClassValueString()}" scope="page"/>
|
||||
<c:set var="combined" value="${component.hashCode()}" scope="page"/>
|
||||
<div class="component col col-md-4">
|
||||
<div class="panel panel-default">
|
||||
<c:choose>
|
||||
|
||||
@ -656,6 +656,9 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
// just add the delta
|
||||
baseCompList.add(deltaCi);
|
||||
}
|
||||
if (ciV2.isRemoved()) {
|
||||
LOGGER.error("Made it to this!");
|
||||
}
|
||||
// if it is a remove
|
||||
// we do nothing because baseCompList doesn't have it
|
||||
} else {
|
||||
@ -753,20 +756,21 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
if (!subCompIdList.isEmpty()) {
|
||||
for (ComponentIdentifier ci : subCompIdList) {
|
||||
ciV2 = (ComponentIdentifierV2) ci;
|
||||
invalidPcIds.append(String.format("%s;",
|
||||
ciV2.getComponentClass().getClassValueString()));
|
||||
invalidPcIds.append(String.format("%d;",
|
||||
ciV2.hashCode()));
|
||||
}
|
||||
}
|
||||
|
||||
if (!subCompInfoList.isEmpty()) {
|
||||
for (ComponentInfo ci : subCompInfoList) {
|
||||
invalidDeviceInfo.append(String.format("%s;",
|
||||
ci.getComponentClass()));
|
||||
LOGGER.error("For subComInfoList -> {}", ci.getComponentSerial());
|
||||
invalidDeviceInfo.append(String.format("%d;",
|
||||
ci.hashCode()));
|
||||
}
|
||||
}
|
||||
|
||||
return String.format("DEVICEINFO=%s?COMPID=%s%d",
|
||||
invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompInfoList.size());
|
||||
invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompIdList.size());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1422,12 +1426,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
// go through the leaf and check the changes against the valid components
|
||||
// forget modifying validOrigPcComponents
|
||||
for (PlatformCredential delta : chainCertificates) {
|
||||
LOGGER.error(delta.getSerialNumber());
|
||||
StringBuilder failureMsg = new StringBuilder();
|
||||
certificateList = new ArrayList<>();
|
||||
certificateList.add(delta);
|
||||
|
||||
for (ComponentIdentifier ci : delta.getComponentIdentifiers()) {
|
||||
LOGGER.error("This is the serial {}", ci.getComponentSerial().toString());
|
||||
LOGGER.error(ci.getComponentSerial());
|
||||
if (!noneSerialValues.contains(ci.getComponentSerial().toString())) {
|
||||
if (ci.isVersion2()) {
|
||||
ciSerial = ci.getComponentSerial().toString();
|
||||
@ -1442,7 +1447,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
"%s attempted MODIFIED with no prior instance.%n",
|
||||
ciSerial));
|
||||
scv = deltaMapping.get(delta);
|
||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
if (scv != null
|
||||
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
failureMsg.append(scv.getMessage());
|
||||
}
|
||||
deltaMapping.put(delta, new SupplyChainValidation(
|
||||
@ -1458,7 +1464,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
"%s attempted REMOVED with no prior instance.%n",
|
||||
ciSerial));
|
||||
scv = deltaMapping.get(delta);
|
||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
if (scv != null
|
||||
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
failureMsg.append(scv.getMessage());
|
||||
}
|
||||
deltaMapping.put(delta, new SupplyChainValidation(
|
||||
@ -1477,7 +1484,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
"%s was ADDED, the serial already exists.%n",
|
||||
ciSerial));
|
||||
scv = deltaMapping.get(delta);
|
||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
if (scv != null
|
||||
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||
failureMsg.append(scv.getMessage());
|
||||
}
|
||||
deltaMapping.put(delta, new SupplyChainValidation(
|
||||
@ -1488,6 +1496,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
} else {
|
||||
// have to add in case later it is removed
|
||||
chainCiMapping.put(ciSerial, ci);
|
||||
LOGGER.error("This should be what happens");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user