mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-02-18 00:40:19 +00:00
Updated code to correct situations that were not linking up with properly for delta and platform certificate component validation.
This commit is contained in:
parent
677716fa08
commit
4999c96685
HIRS_AttestationCA/src/main/java/hirs/attestationca
HIRS_AttestationCAPortal/src/main
java/hirs/attestationca/portal/util
webapp/WEB-INF/jsp
HIRS_Utils/src/main/java/hirs/validation
@ -408,7 +408,14 @@ public abstract class AbstractAttestationCertificateAuthority
|
|||||||
RSAPublicKey ekPub = parsePublicKey(claim.getEkPublicArea().toByteArray());
|
RSAPublicKey ekPub = parsePublicKey(claim.getEkPublicArea().toByteArray());
|
||||||
AppraisalStatus.Status validationResult = AppraisalStatus.Status.FAIL;
|
AppraisalStatus.Status validationResult = AppraisalStatus.Status.FAIL;
|
||||||
|
|
||||||
validationResult = doSupplyChainValidation(claim, ekPub);
|
try {
|
||||||
|
validationResult = doSupplyChainValidation(claim, ekPub);
|
||||||
|
} catch (Exception ex) {
|
||||||
|
for (StackTraceElement ste : ex.getStackTrace()) {
|
||||||
|
LOG.error(ste.toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (validationResult == AppraisalStatus.Status.PASS) {
|
if (validationResult == AppraisalStatus.Status.PASS) {
|
||||||
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
|
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
|
||||||
byte[] nonce = generateRandomBytes(NONCE_LENGTH);
|
byte[] nonce = generateRandomBytes(NONCE_LENGTH);
|
||||||
|
@ -303,6 +303,7 @@ public final class CertificateStringMapBuilder {
|
|||||||
.select(certificateManager)
|
.select(certificateManager)
|
||||||
.byEntityId(uuid)
|
.byEntityId(uuid)
|
||||||
.getCertificate();
|
.getCertificate();
|
||||||
|
|
||||||
if (certificate != null) {
|
if (certificate != null) {
|
||||||
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
|
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
|
||||||
data.put("credentialType", certificate.getCredentialType());
|
data.put("credentialType", certificate.getCredentialType());
|
||||||
@ -357,6 +358,7 @@ public final class CertificateStringMapBuilder {
|
|||||||
data.put("x509Version", certificate.getX509CredentialVersion());
|
data.put("x509Version", certificate.getX509CredentialVersion());
|
||||||
//CPSuri
|
//CPSuri
|
||||||
data.put("CPSuri", certificate.getCPSuri());
|
data.put("CPSuri", certificate.getCPSuri());
|
||||||
|
|
||||||
if (!certificate.getComponentFailures().isEmpty()) {
|
if (!certificate.getComponentFailures().isEmpty()) {
|
||||||
data.put("failures", certificate.getComponentFailures());
|
data.put("failures", certificate.getComponentFailures());
|
||||||
}
|
}
|
||||||
@ -398,6 +400,17 @@ public final class CertificateStringMapBuilder {
|
|||||||
});
|
});
|
||||||
|
|
||||||
data.put("chainCertificates", chainCertificates);
|
data.put("chainCertificates", chainCertificates);
|
||||||
|
|
||||||
|
if (!certificate.isBase()) {
|
||||||
|
for (PlatformCredential pc : chainCertificates) {
|
||||||
|
if (pc.isBase()) {
|
||||||
|
if (!pc.getComponentFailures().isEmpty()) {
|
||||||
|
data.put("failures", pc.getComponentFailures());
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
String notFoundMessage = "Unable to find Platform Certificate "
|
String notFoundMessage = "Unable to find Platform Certificate "
|
||||||
|
@ -614,7 +614,7 @@
|
|||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<div id="componentIdentifier" class="row">
|
<div id="componentIdentifier" class="row">
|
||||||
<c:forEach items="${initialData.componentsIdentifier}" var="component">
|
<c:forEach items="${initialData.componentsIdentifier}" var="component">
|
||||||
<c:set var="combined" value="${component.getComponentClass().getClassValueString()}" scope="page"/>
|
<c:set var="combined" value="${component.hashCode()}" scope="page"/>
|
||||||
<div class="component col col-md-4">
|
<div class="component col col-md-4">
|
||||||
<div class="panel panel-default">
|
<div class="panel panel-default">
|
||||||
<c:choose>
|
<c:choose>
|
||||||
|
@ -656,6 +656,9 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
// just add the delta
|
// just add the delta
|
||||||
baseCompList.add(deltaCi);
|
baseCompList.add(deltaCi);
|
||||||
}
|
}
|
||||||
|
if (ciV2.isRemoved()) {
|
||||||
|
LOGGER.error("Made it to this!");
|
||||||
|
}
|
||||||
// if it is a remove
|
// if it is a remove
|
||||||
// we do nothing because baseCompList doesn't have it
|
// we do nothing because baseCompList doesn't have it
|
||||||
} else {
|
} else {
|
||||||
@ -753,20 +756,21 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
if (!subCompIdList.isEmpty()) {
|
if (!subCompIdList.isEmpty()) {
|
||||||
for (ComponentIdentifier ci : subCompIdList) {
|
for (ComponentIdentifier ci : subCompIdList) {
|
||||||
ciV2 = (ComponentIdentifierV2) ci;
|
ciV2 = (ComponentIdentifierV2) ci;
|
||||||
invalidPcIds.append(String.format("%s;",
|
invalidPcIds.append(String.format("%d;",
|
||||||
ciV2.getComponentClass().getClassValueString()));
|
ciV2.hashCode()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!subCompInfoList.isEmpty()) {
|
if (!subCompInfoList.isEmpty()) {
|
||||||
for (ComponentInfo ci : subCompInfoList) {
|
for (ComponentInfo ci : subCompInfoList) {
|
||||||
invalidDeviceInfo.append(String.format("%s;",
|
LOGGER.error("For subComInfoList -> {}", ci.getComponentSerial());
|
||||||
ci.getComponentClass()));
|
invalidDeviceInfo.append(String.format("%d;",
|
||||||
|
ci.hashCode()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return String.format("DEVICEINFO=%s?COMPID=%s%d",
|
return String.format("DEVICEINFO=%s?COMPID=%s%d",
|
||||||
invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompInfoList.size());
|
invalidDeviceInfo.toString(), invalidPcIds.toString(), subCompIdList.size());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -1422,12 +1426,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
// go through the leaf and check the changes against the valid components
|
// go through the leaf and check the changes against the valid components
|
||||||
// forget modifying validOrigPcComponents
|
// forget modifying validOrigPcComponents
|
||||||
for (PlatformCredential delta : chainCertificates) {
|
for (PlatformCredential delta : chainCertificates) {
|
||||||
|
LOGGER.error(delta.getSerialNumber());
|
||||||
StringBuilder failureMsg = new StringBuilder();
|
StringBuilder failureMsg = new StringBuilder();
|
||||||
certificateList = new ArrayList<>();
|
certificateList = new ArrayList<>();
|
||||||
certificateList.add(delta);
|
certificateList.add(delta);
|
||||||
|
|
||||||
for (ComponentIdentifier ci : delta.getComponentIdentifiers()) {
|
for (ComponentIdentifier ci : delta.getComponentIdentifiers()) {
|
||||||
LOGGER.error("This is the serial {}", ci.getComponentSerial().toString());
|
LOGGER.error(ci.getComponentSerial());
|
||||||
if (!noneSerialValues.contains(ci.getComponentSerial().toString())) {
|
if (!noneSerialValues.contains(ci.getComponentSerial().toString())) {
|
||||||
if (ci.isVersion2()) {
|
if (ci.isVersion2()) {
|
||||||
ciSerial = ci.getComponentSerial().toString();
|
ciSerial = ci.getComponentSerial().toString();
|
||||||
@ -1442,7 +1447,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
"%s attempted MODIFIED with no prior instance.%n",
|
"%s attempted MODIFIED with no prior instance.%n",
|
||||||
ciSerial));
|
ciSerial));
|
||||||
scv = deltaMapping.get(delta);
|
scv = deltaMapping.get(delta);
|
||||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
if (scv != null
|
||||||
|
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||||
failureMsg.append(scv.getMessage());
|
failureMsg.append(scv.getMessage());
|
||||||
}
|
}
|
||||||
deltaMapping.put(delta, new SupplyChainValidation(
|
deltaMapping.put(delta, new SupplyChainValidation(
|
||||||
@ -1458,7 +1464,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
"%s attempted REMOVED with no prior instance.%n",
|
"%s attempted REMOVED with no prior instance.%n",
|
||||||
ciSerial));
|
ciSerial));
|
||||||
scv = deltaMapping.get(delta);
|
scv = deltaMapping.get(delta);
|
||||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
if (scv != null
|
||||||
|
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||||
failureMsg.append(scv.getMessage());
|
failureMsg.append(scv.getMessage());
|
||||||
}
|
}
|
||||||
deltaMapping.put(delta, new SupplyChainValidation(
|
deltaMapping.put(delta, new SupplyChainValidation(
|
||||||
@ -1477,7 +1484,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
"%s was ADDED, the serial already exists.%n",
|
"%s was ADDED, the serial already exists.%n",
|
||||||
ciSerial));
|
ciSerial));
|
||||||
scv = deltaMapping.get(delta);
|
scv = deltaMapping.get(delta);
|
||||||
if (scv.getResult() != AppraisalStatus.Status.PASS) {
|
if (scv != null
|
||||||
|
&& scv.getResult() != AppraisalStatus.Status.PASS) {
|
||||||
failureMsg.append(scv.getMessage());
|
failureMsg.append(scv.getMessage());
|
||||||
}
|
}
|
||||||
deltaMapping.put(delta, new SupplyChainValidation(
|
deltaMapping.put(delta, new SupplyChainValidation(
|
||||||
@ -1488,6 +1496,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
|||||||
} else {
|
} else {
|
||||||
// have to add in case later it is removed
|
// have to add in case later it is removed
|
||||||
chainCiMapping.put(ciSerial, ci);
|
chainCiMapping.put(ciSerial, ci);
|
||||||
|
LOGGER.error("This should be what happens");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user