mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-03-10 22:44:26 +00:00
issue_896: first cut at changing the logic on the validator
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
This commit is contained in:
TheSilentCoder
parent
03c6bbc3cc
commit
50098de266
@ -6,6 +6,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.attributes.Plat
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
@ -64,25 +65,30 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
* TCPA Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement";
|
||||
|
||||
/**
|
||||
* TCG Trusted Platform Endorsement.
|
||||
*/
|
||||
public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement";
|
||||
private static final int TCG_SPECIFICATION_LENGTH = 3;
|
||||
|
||||
// These are Object Identifiers (OIDs) for sections in the credentials
|
||||
private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1";
|
||||
private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2";
|
||||
|
||||
// OID for TCG Attributes
|
||||
private static final String PLATFORM_MANUFACTURER = "2.23.133.2.4";
|
||||
private static final String PLATFORM_MODEL = "2.23.133.2.5";
|
||||
private static final String PLATFORM_VERSION = "2.23.133.2.6";
|
||||
private static final String PLATFORM_SERIAL = "2.23.133.2.23";
|
||||
private static final String PLATFORM_BASEBOARD_CHASSIS_COMBINED = "2.23.133.5.1.6";
|
||||
|
||||
// OID for TCG Platform Class Common Attributes
|
||||
private static final String PLATFORM_MANUFACTURER_2_0 = "2.23.133.5.1.1";
|
||||
private static final String PLATFORM_MODEL_2_0 = "2.23.133.5.1.4";
|
||||
private static final String PLATFORM_VERSION_2_0 = "2.23.133.5.1.5";
|
||||
private static final String PLATFORM_SERIAL_2_0 = "2.23.133.5.1.6";
|
||||
|
||||
// OID for Certificate Attributes
|
||||
private static final String TCG_PLATFORM_SPECIFICATION = "2.23.133.2.17";
|
||||
private static final String TPM_SECURITY_ASSERTION = "2.23.133.2.18";
|
||||
@ -582,8 +588,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
break;
|
||||
default:
|
||||
// No class defined for this attribute
|
||||
log.warn("No class defined for attribute with OID: "
|
||||
+ attr.getAttrType().getId());
|
||||
log.warn("No class defined for attribute with OID: {}", attr.getAttrType().getId());
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -621,6 +626,24 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the Version 2 Platform Configuration Attribute from the Platform Certificate.
|
||||
*
|
||||
* @return a map with the Version 2 Platform Configuration information.
|
||||
* @throws IllegalArgumentException when there is a parsing error
|
||||
* @throws IOException when reading the certificate.
|
||||
*/
|
||||
public PlatformConfigurationV2 getPlatformConfigurationV2()
|
||||
throws IllegalArgumentException, IOException {
|
||||
|
||||
if (getAttribute("platformConfiguration") != null
|
||||
&& getAttribute("platformConfiguration") instanceof PlatformConfigurationV2) {
|
||||
return (PlatformConfigurationV2) getAttribute("platformConfiguration");
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the Platform Configuration URI Attribute from the Platform Certificate.
|
||||
*
|
||||
@ -695,9 +718,27 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
return platformConfig.getComponentIdentifier();
|
||||
}
|
||||
} catch (IOException e) {
|
||||
log.error("Unable to parse Platform Configuration from Credential or find"
|
||||
log.error("Unable to parse Platform Configuration from Platform Credential or find"
|
||||
+ "component identifiers");
|
||||
}
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the list of version 2 component identifiers if there are any.
|
||||
*
|
||||
* @return the list of version 2 component identifiers if there are any
|
||||
*/
|
||||
public List<ComponentIdentifierV2> getComponentIdentifiersV2() {
|
||||
try {
|
||||
PlatformConfigurationV2 platformConfigV2 = getPlatformConfigurationV2();
|
||||
if (platformConfigV2 != null) {
|
||||
return platformConfigV2.getComponentIdentifierV2();
|
||||
}
|
||||
} catch (IOException e) {
|
||||
log.error("Unable to parse Platform Configuration Version 2 from Platform Credential or find"
|
||||
+ "version 2 component identifiers");
|
||||
}
|
||||
return Collections.emptyList();
|
||||
}
|
||||
}
|
||||
|
||||
@ -33,6 +33,10 @@ ComponentClass {
|
||||
|
||||
private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
|
||||
|
||||
private static final String PCIE_BASED_COMPONENT_REGISTRY = "2.23.133.18.3.4";
|
||||
|
||||
private static final String STORAGE_COMPONENT_REGISTRY = "2.23.133.18.3.5";
|
||||
|
||||
private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath(
|
||||
"C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json");
|
||||
|
||||
@ -122,6 +126,8 @@ ComponentClass {
|
||||
this.registryType = switch (registryOid) {
|
||||
case TCG_COMPONENT_REGISTRY -> "TCG";
|
||||
case SMBIOS_COMPONENT_REGISTRY -> "SMBIOS";
|
||||
case PCIE_BASED_COMPONENT_REGISTRY -> "PCIE";
|
||||
case STORAGE_COMPONENT_REGISTRY -> "STORAGE";
|
||||
default -> UNKNOWN_STRING;
|
||||
};
|
||||
|
||||
|
||||
@ -14,11 +14,15 @@ import java.util.List;
|
||||
*/
|
||||
@AllArgsConstructor
|
||||
public abstract class PlatformConfiguration {
|
||||
private ArrayList<ComponentIdentifier> componentIdentifier = new ArrayList<>();
|
||||
|
||||
private List<ComponentIdentifier> componentIdentifier;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private URIReference componentIdentifierUri;
|
||||
private ArrayList<PlatformProperty> platformProperties = new ArrayList<>();
|
||||
|
||||
private List<PlatformProperty> platformProperties;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
private URIReference platformPropertiesUri;
|
||||
|
||||
@ -6,6 +6,8 @@ import org.bouncycastle.asn1.ASN1Sequence;
|
||||
import org.bouncycastle.asn1.ASN1TaggedObject;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
@ -26,9 +28,10 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
private static final int COMPONENT_IDENTIFIER_URI = 1;
|
||||
private static final int PLATFORM_PROPERTIES = 2;
|
||||
private static final int PLATFORM_PROPERTIES_URI = 3;
|
||||
private List<ComponentIdentifierV2> componentIdentifierV2;
|
||||
|
||||
/**
|
||||
* Constructor given the SEQUENCE that contains Platform Configuration.
|
||||
* Constructor given the SEQUENCE that contains version 2 Platform Configuration.
|
||||
*
|
||||
* @param sequence containing the the Platform Configuration.
|
||||
* @throws IllegalArgumentException if there was an error on the parsing
|
||||
@ -87,6 +90,21 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return a collection of version 2 component identifiers.
|
||||
*/
|
||||
public List<ComponentIdentifierV2> getComponentIdentifierV2() {
|
||||
return Collections.unmodifiableList(componentIdentifierV2);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param componentIdentifierV2 list of version 2 component identifiers
|
||||
*/
|
||||
public void setComponentIdentifierV2(
|
||||
final List<ComponentIdentifierV2> componentIdentifierV2) {
|
||||
this.componentIdentifierV2 = new ArrayList<>(componentIdentifierV2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a string representation of the Platform Configuration V2 object.
|
||||
*
|
||||
@ -96,9 +114,9 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
public String toString() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("PlatformConfiguration{");
|
||||
sb.append("componentIdentifier=");
|
||||
if (getComponentIdentifier().size() > 0) {
|
||||
sb.append(getComponentIdentifier()
|
||||
sb.append("componentIdentifierV2=");
|
||||
if (!getComponentIdentifierV2().isEmpty()) {
|
||||
sb.append(getComponentIdentifierV2()
|
||||
.stream()
|
||||
.map(Object::toString)
|
||||
.collect(Collectors.joining(",")));
|
||||
@ -108,7 +126,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
sb.append(getComponentIdentifierUri());
|
||||
}
|
||||
sb.append(", platformProperties=");
|
||||
if (getPlatformProperties().size() > 0) {
|
||||
if (!getPlatformProperties().isEmpty()) {
|
||||
sb.append(getPlatformProperties()
|
||||
.stream()
|
||||
.map(Object::toString)
|
||||
|
||||
@ -80,8 +80,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
deviceBaseboardSerialNumber = null;
|
||||
} else {
|
||||
deviceInfoSerialNumbers.put("board serial number", deviceBaseboardSerialNumber);
|
||||
log.info("Using device board serial number for validation: "
|
||||
+ deviceBaseboardSerialNumber);
|
||||
log.info("Using device board serial number for validation: {}", deviceBaseboardSerialNumber);
|
||||
}
|
||||
|
||||
if (StringUtils.isEmpty(deviceChassisSerialNumber)
|
||||
@ -89,16 +88,15 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
log.error("Failed to retrieve device chassis serial number");
|
||||
} else {
|
||||
deviceInfoSerialNumbers.put("chassis serial number", deviceChassisSerialNumber);
|
||||
log.info("Using device chassis serial number for validation: "
|
||||
+ deviceChassisSerialNumber);
|
||||
log.info("Using device chassis serial number for validation: {}", deviceChassisSerialNumber);
|
||||
}
|
||||
|
||||
if (StringUtils.isEmpty(deviceSystemSerialNumber)
|
||||
|| DeviceInfoEnums.NOT_SPECIFIED.equalsIgnoreCase(deviceSystemSerialNumber)) {
|
||||
log.error("Failed to retrieve device system serial number");
|
||||
} else {
|
||||
deviceInfoSerialNumbers.put("system serial number", deviceSystemSerialNumber);
|
||||
log.info("Using device system serial number for validation: "
|
||||
+ deviceSystemSerialNumber);
|
||||
log.info("Using device system serial number for validation: {}", deviceSystemSerialNumber);
|
||||
}
|
||||
|
||||
AppraisalStatus status;
|
||||
@ -233,12 +231,19 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
|
||||
passesValidation &= fieldValidation;
|
||||
|
||||
// Retrieve the list of all components from the Platform Credential
|
||||
List<ComponentIdentifier> allPcComponents
|
||||
= new ArrayList<>(platformCredential.getComponentIdentifiers());
|
||||
// Retrieve the list of all version 2 component identifiers from the Platform Credential
|
||||
List<ComponentIdentifierV2> allPcComponents
|
||||
= new ArrayList<>(platformCredential.getComponentIdentifiersV2());
|
||||
|
||||
// All components listed in the Platform Credential must have a manufacturer and model
|
||||
for (ComponentIdentifier pcComponent : allPcComponents) {
|
||||
for (ComponentIdentifierV2 pcComponent : allPcComponents) {
|
||||
|
||||
fieldValidation = pcComponent.getComponentClass() != null;
|
||||
|
||||
if (!fieldValidation) {
|
||||
resultMessage.append("Component class is null\n");
|
||||
}
|
||||
|
||||
fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer",
|
||||
pcComponent.getComponentManufacturer());
|
||||
|
||||
@ -263,18 +268,24 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
.findByCertificateSerialNumberAndBoardSerialNumber(
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformSerial());
|
||||
|
||||
// first create hash map based on hashCode
|
||||
List<ComponentResult> remainingComponentResults = checkDeviceHashMap(
|
||||
componentInfos, componentResults);
|
||||
|
||||
//this is used to get a unique count
|
||||
List<UUID> componentIdList = new ArrayList<>();
|
||||
|
||||
int numOfAttributes = 0;
|
||||
|
||||
if (!remainingComponentResults.isEmpty()) {
|
||||
List<ComponentAttributeResult> attributeResults = checkComponentClassMap(
|
||||
componentInfos, remainingComponentResults);
|
||||
|
||||
numOfAttributes = attributeResults.size();
|
||||
|
||||
boolean saveAttributeResult;
|
||||
|
||||
for (ComponentAttributeResult componentAttributeResult : attributeResults) {
|
||||
saveAttributeResult = true;
|
||||
if (ignoreRevisionAttribute) {
|
||||
@ -293,6 +304,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
}
|
||||
|
||||
StringBuilder additionalInfo = new StringBuilder();
|
||||
|
||||
if (numOfAttributes > 0) {
|
||||
resultMessage.append(String.format("There are %d component(s) not matched%n "
|
||||
+ "with %d total attributes mismatched.",
|
||||
@ -455,7 +467,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
if (ci.isVersion2() && PciIds.DB.isReady()) {
|
||||
ci = AcaPciIds.translate((ComponentIdentifierV2) ci);
|
||||
}
|
||||
log.error("Unmatched component: " + ci);
|
||||
log.error("Unmatched component: {}", ci);
|
||||
fullDeltaChainComponents.add(ci);
|
||||
invalidPcIds.append(String.format(
|
||||
"Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
|
||||
@ -532,6 +544,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
= allDeviceInfoComponents.stream().filter(componentInfo
|
||||
-> componentInfo.getComponentManufacturer().equals(pcManufacturer))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
// For each component listed in the platform credential from this manufacturer
|
||||
// find the ones that specify a serial number so we can match the most specific ones
|
||||
// first.
|
||||
@ -539,7 +552,8 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
= pcComponentsFromManufacturer.stream().filter(compIdentifier
|
||||
-> compIdentifier.getComponentSerial() != null
|
||||
&& StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString()))
|
||||
.collect(Collectors.toList());
|
||||
.toList();
|
||||
|
||||
// Now match up the components from the device info that are from the same
|
||||
// manufacturer and have a serial number. As matches are found, remove them from
|
||||
// both lists.
|
||||
@ -567,7 +581,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
= pcComponentsFromManufacturer.stream().filter(compIdentifier
|
||||
-> compIdentifier.getComponentRevision() != null
|
||||
&& StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString()))
|
||||
.collect(Collectors.toList());
|
||||
.toList();
|
||||
// Now match up the components from the device info that are from the same
|
||||
// manufacturer and specify a value for the revision field. As matches are found,
|
||||
// remove them from both lists.
|
||||
@ -608,8 +622,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
if (!pcUnmatchedComponents.isEmpty()) {
|
||||
untrimmedPcComponents.clear();
|
||||
StringBuilder sb = new StringBuilder();
|
||||
log.error(String.format("Platform Credential contained %d unmatched components:",
|
||||
pcUnmatchedComponents.size()));
|
||||
log.error("Platform Credential contained {} unmatched components:", pcUnmatchedComponents.size());
|
||||
|
||||
int unmatchedComponentCounter = 1;
|
||||
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
|
||||
@ -617,8 +630,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
unmatchedComponent =
|
||||
AcaPciIds.translate((ComponentIdentifierV2) unmatchedComponent);
|
||||
}
|
||||
log.error("Unmatched component " + unmatchedComponentCounter++ + ": "
|
||||
+ unmatchedComponent);
|
||||
log.error("Unmatched component {}: {}", unmatchedComponentCounter++, unmatchedComponent);
|
||||
sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
|
||||
unmatchedComponent.getComponentManufacturer(),
|
||||
unmatchedComponent.getComponentModel(),
|
||||
@ -797,8 +809,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
private static boolean hasEmptyValueForRequiredField(final String description,
|
||||
final String fieldValue) {
|
||||
if (StringUtils.isEmpty(fieldValue)) {
|
||||
log.error("Required field was empty or null in Platform Credential: "
|
||||
+ description);
|
||||
log.error("Required field was empty or null in Platform Credential: {}", description);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
@ -829,15 +840,15 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
String trimmedOtherValue = otherValue.trim();
|
||||
|
||||
if (!trimmedFieldValue.equals(trimmedOtherValue)) {
|
||||
log.debug(String.format("%s field in Platform Credential (%s) does not match "
|
||||
+ "a related field in the DeviceInfoReport (%s)",
|
||||
platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue));
|
||||
log.debug("{} field in Platform Credential ({}) does not match "
|
||||
+ "a related field in the DeviceInfoReport ({})",
|
||||
platformCredentialFieldName, trimmedFieldValue, trimmedOtherValue);
|
||||
return false;
|
||||
}
|
||||
|
||||
log.debug(String.format("%s field in Platform Credential matches "
|
||||
+ "a related field in the DeviceInfoReport (%s)",
|
||||
platformCredentialFieldName, trimmedFieldValue)
|
||||
log.debug("{} field in Platform Credential matches "
|
||||
+ "a related field in the DeviceInfoReport {}",
|
||||
platformCredentialFieldName, trimmedFieldValue
|
||||
);
|
||||
|
||||
return true;
|
||||
@ -853,8 +864,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
private static boolean hasEmptyValueForRequiredField(final String description,
|
||||
final ASN1UTF8String fieldValue) {
|
||||
if (fieldValue == null || StringUtils.isEmpty(fieldValue.getString().trim())) {
|
||||
log.error("Required field was empty or null in Platform Credential: "
|
||||
+ description);
|
||||
log.error("Required field was empty or null in Platform Credential: {}", description);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
@ -871,7 +881,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
final List<ComponentInfo> componentInfos,
|
||||
final List<ComponentResult> compiledComponentList) {
|
||||
Map<Integer, List<ComponentInfo>> deviceHashMap = new HashMap<>();
|
||||
componentInfos.stream().forEach((componentInfo) -> {
|
||||
componentInfos.forEach((componentInfo) -> {
|
||||
List<ComponentInfo> innerList;
|
||||
Integer compInfoHash = componentInfo.hashCommonElements();
|
||||
if (deviceHashMap.containsKey(compInfoHash)) {
|
||||
@ -910,7 +920,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
// continue down the options, move to a different method.
|
||||
// create component class mapping to component info
|
||||
Map<String, List<ComponentInfo>> componentDeviceMap = new HashMap<>();
|
||||
componentInfos.stream().forEach((componentInfo) -> {
|
||||
componentInfos.forEach((componentInfo) -> {
|
||||
List<ComponentInfo> innerList;
|
||||
String componentClass = componentInfo.getComponentClass();
|
||||
if (componentDeviceMap.containsKey(componentClass)) {
|
||||
@ -1000,11 +1010,13 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
private static List<ComponentAttributeResult> findMismatchedValues(
|
||||
final List<ComponentInfo> componentClassInfo,
|
||||
final ComponentResult componentResult) {
|
||||
|
||||
// this list only has those of the same class type
|
||||
Map<String, ComponentInfo> componentSerialMap = new HashMap<>();
|
||||
componentClassInfo.stream().forEach((componentInfo) -> {
|
||||
componentClassInfo.forEach((componentInfo) -> {
|
||||
componentSerialMap.put(componentInfo.getComponentSerial(), componentInfo);
|
||||
});
|
||||
|
||||
// see if the serial exists
|
||||
ComponentInfo componentInfo = componentSerialMap.get(componentResult.getSerialNumber());
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
|
||||
*
|
||||
* @param ec the endorsement credential to verify.
|
||||
* @param trustStore trust store holding trusted certificates.
|
||||
* @param acceptExpired whether or not to accept expired and not yet valid certificates
|
||||
* @param acceptExpired whether to accept expired and not yet valid certificates
|
||||
* as valid.
|
||||
* @return the result of the validation.
|
||||
*/
|
||||
|
||||
@ -415,14 +415,13 @@ public class SupplyChainCredentialValidatorTest {
|
||||
* Checks if the ST Micro Endorsement Credential can be validated against the
|
||||
* ST/GlobalSIgn Certificate Chain.
|
||||
*
|
||||
* @throws IOException if error occurs while reading files
|
||||
* @throws URISyntaxException if error occurs while reading files
|
||||
* @throws CertificateException if error occurs while processing X509 Certs
|
||||
* @throws KeyStoreException if error occurs while processing Keystore
|
||||
* @throws IOException if error occurs while reading files
|
||||
* @throws URISyntaxException if error occurs while reading files
|
||||
* @throws KeyStoreException if error occurs while processing Keystore
|
||||
*/
|
||||
@Test
|
||||
public final void testValidateEndorsementCredential()
|
||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||
throws URISyntaxException, IOException, KeyStoreException {
|
||||
|
||||
EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
|
||||
Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
|
||||
@ -455,14 +454,13 @@ public class SupplyChainCredentialValidatorTest {
|
||||
* Validates a generated cert chain pretending to be from Intel. Credential was generated
|
||||
* with an intermediate CA. This tests the entire chain of validation back to the root CA.
|
||||
*
|
||||
* @throws IOException if error occurs while reading files
|
||||
* @throws KeyStoreException if there's an issue string certs to the keystore
|
||||
* @throws CertificateException if error occurs while ingesting a certificate
|
||||
* @throws URISyntaxException if a URI can't be processed
|
||||
* @throws IOException if error occurs while reading files
|
||||
* @throws KeyStoreException if there's an issue string certs to the keystore
|
||||
* @throws URISyntaxException if a URI can't be processed
|
||||
*/
|
||||
@Test
|
||||
public final void validateIntelPlatformCredentials()
|
||||
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
|
||||
throws URISyntaxException, IOException, KeyStoreException {
|
||||
|
||||
Certificate intermediatecacert =
|
||||
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
@ -855,7 +853,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair intermediateKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate intermediateCert =
|
||||
@ -899,7 +897,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair intermediateKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate intermediateCert =
|
||||
@ -938,7 +936,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
throws SupplyChainValidatorException {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate targetCert =
|
||||
@ -977,7 +975,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair intermediateKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate intermediateCert =
|
||||
@ -1017,7 +1015,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair intermediateKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate intermediateCert =
|
||||
@ -1051,7 +1049,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
public final void verifyX509CertificateAgainstCA() throws SupplyChainValidatorException {
|
||||
KeyPair caKeyPair = createKeyPair();
|
||||
KeyPair targetKeyPair = createKeyPair();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<X509Certificate>();
|
||||
Set<X509Certificate> trustedCerts = new HashSet<>();
|
||||
|
||||
X509Certificate caCert = createSelfSignedCertificate(caKeyPair);
|
||||
X509Certificate targetCert =
|
||||
@ -1175,13 +1173,12 @@ public class SupplyChainCredentialValidatorTest {
|
||||
*
|
||||
* @throws URISyntaxException failed to read certificate
|
||||
* @throws IOException failed to read certificate
|
||||
* @throws KeyStoreException failed to read key store
|
||||
* @throws SupplyChainValidatorException missing credential
|
||||
*/
|
||||
|
||||
@Test
|
||||
public final void testPlatformDnEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
|
||||
@ -1207,12 +1204,11 @@ public class SupplyChainCredentialValidatorTest {
|
||||
*
|
||||
* @throws URISyntaxException failed to read certificate
|
||||
* @throws IOException failed to read certificate
|
||||
* @throws KeyStoreException failed to read key store
|
||||
* @throws SupplyChainValidatorException missing credential
|
||||
*/
|
||||
@Test
|
||||
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
@ -1237,12 +1233,11 @@ public class SupplyChainCredentialValidatorTest {
|
||||
*
|
||||
* @throws URISyntaxException failed to read certificate
|
||||
* @throws IOException failed to read certificate
|
||||
* @throws KeyStoreException failed to read key store
|
||||
* @throws SupplyChainValidatorException missing credential
|
||||
*/
|
||||
@Test
|
||||
public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
|
||||
@ -1268,12 +1263,11 @@ public class SupplyChainCredentialValidatorTest {
|
||||
*
|
||||
* @throws URISyntaxException failed to read certificate
|
||||
* @throws IOException failed to read certificate
|
||||
* @throws KeyStoreException failed to read key store
|
||||
* @throws SupplyChainValidatorException missing credential
|
||||
*/
|
||||
@Test
|
||||
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
|
||||
KeyStoreException, SupplyChainValidatorException {
|
||||
SupplyChainValidatorException {
|
||||
Certificate signingCert;
|
||||
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
|
||||
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user