diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 1ead2286..aba6761a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -408,7 +408,14 @@ public abstract class AbstractAttestationCertificateAuthority RSAPublicKey ekPub = parsePublicKey(claim.getEkPublicArea().toByteArray()); AppraisalStatus.Status validationResult = AppraisalStatus.Status.FAIL; - validationResult = doSupplyChainValidation(claim, ekPub); + try { + validationResult = doSupplyChainValidation(claim, ekPub); + } catch (Exception ex) { + for (StackTraceElement ste : ex.getStackTrace()) { + LOG.error(ste.toString()); + } + } + if (validationResult == AppraisalStatus.Status.PASS) { RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray()); byte[] nonce = generateRandomBytes(NONCE_LENGTH); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java index 34f75bca..17908de8 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java @@ -303,6 +303,7 @@ public final class CertificateStringMapBuilder { .select(certificateManager) .byEntityId(uuid) .getCertificate(); + if (certificate != null) { data.putAll(getGeneralCertificateInfo(certificate, certificateManager)); data.put("credentialType", certificate.getCredentialType()); @@ -357,6 +358,7 @@ public final class CertificateStringMapBuilder { data.put("x509Version", certificate.getX509CredentialVersion()); //CPSuri data.put("CPSuri", certificate.getCPSuri()); + if (!certificate.getComponentFailures().isEmpty()) { data.put("failures", certificate.getComponentFailures()); } @@ -398,6 +400,17 @@ public final class CertificateStringMapBuilder { }); data.put("chainCertificates", chainCertificates); + + if (!certificate.isBase()) { + for (PlatformCredential pc : chainCertificates) { + if (pc.isBase()) { + if (!pc.getComponentFailures().isEmpty()) { + data.put("failures", pc.getComponentFailures()); + } + break; + } + } + } } } else { String notFoundMessage = "Unable to find Platform Certificate " diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp index 8240ad33..c9711c0b 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp @@ -614,7 +614,7 @@
- +
diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index d7302e46..907bfa09 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -656,6 +656,9 @@ public final class SupplyChainCredentialValidator implements CredentialValidator // just add the delta baseCompList.add(deltaCi); } + if (ciV2.isRemoved()) { + LOGGER.error("Made it to this!"); + } // if it is a remove // we do nothing because baseCompList doesn't have it } else { @@ -753,20 +756,21 @@ public final class SupplyChainCredentialValidator implements CredentialValidator if (!subCompIdList.isEmpty()) { for (ComponentIdentifier ci : subCompIdList) { ciV2 = (ComponentIdentifierV2) ci; - invalidPcIds.append(String.format("%s;", - ciV2.getComponentClass().getClassValueString())); + invalidPcIds.append(String.format("%d;", + ciV2.hashCode())); } } if (!subCompInfoList.isEmpty()) { for (ComponentInfo ci : subCompInfoList) { - invalidDeviceInfo.append(String.format("%s;", - ci.getComponentClass())); + LOGGER.error("For subComInfoList -> {}", ci.getComponentSerial()); + invalidDeviceInfo.append(String.format("%d;", + ci.hashCode())); } } return String.format("DEVICEINFO=%s?COMPID=%s%d", - invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompInfoList.size()); + invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompIdList.size()); } /** @@ -1422,12 +1426,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator // go through the leaf and check the changes against the valid components // forget modifying validOrigPcComponents for (PlatformCredential delta : chainCertificates) { + LOGGER.error(delta.getSerialNumber()); StringBuilder failureMsg = new StringBuilder(); certificateList = new ArrayList<>(); certificateList.add(delta); for (ComponentIdentifier ci : delta.getComponentIdentifiers()) { - LOGGER.error("This is the serial {}", ci.getComponentSerial().toString()); + LOGGER.error(ci.getComponentSerial()); if (!noneSerialValues.contains(ci.getComponentSerial().toString())) { if (ci.isVersion2()) { ciSerial = ci.getComponentSerial().toString(); @@ -1442,7 +1447,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator "%s attempted MODIFIED with no prior instance.%n", ciSerial)); scv = deltaMapping.get(delta); - if (scv.getResult() != AppraisalStatus.Status.PASS) { + if (scv != null + && scv.getResult() != AppraisalStatus.Status.PASS) { failureMsg.append(scv.getMessage()); } deltaMapping.put(delta, new SupplyChainValidation( @@ -1458,7 +1464,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator "%s attempted REMOVED with no prior instance.%n", ciSerial)); scv = deltaMapping.get(delta); - if (scv.getResult() != AppraisalStatus.Status.PASS) { + if (scv != null + && scv.getResult() != AppraisalStatus.Status.PASS) { failureMsg.append(scv.getMessage()); } deltaMapping.put(delta, new SupplyChainValidation( @@ -1477,7 +1484,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator "%s was ADDED, the serial already exists.%n", ciSerial)); scv = deltaMapping.get(delta); - if (scv.getResult() != AppraisalStatus.Status.PASS) { + if (scv != null + && scv.getResult() != AppraisalStatus.Status.PASS) { failureMsg.append(scv.getMessage()); } deltaMapping.put(delta, new SupplyChainValidation( @@ -1488,6 +1496,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator } else { // have to add in case later it is removed chainCiMapping.put(ciSerial, ci); + LOGGER.error("This should be what happens"); } } }