From 96970142cb40a7e9713889e6c84f6f5357b56c4e Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 19 Oct 2020 13:06:44 -0400 Subject: [PATCH 1/3] This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim. --- ...stractAttestationCertificateAuthority.java | 108 ++++++--- .../SupplyChainValidationServiceImpl.java | 213 +++++++++++------- ...eferenceManifestDetailsPageController.java | 54 ++--- .../ReferenceManifestPageController.java | 118 ++++++---- .../WEB-INF/jsp/reference-manifests.jsp | 2 +- .../src/main/webapp/common/common.js | 31 ++- .../ReferenceManifestPageControllerTest.java | 10 +- .../data/persist/BaseReferenceManifest.java | 63 ++++++ .../hirs/data/persist/BiosMeasurements.java | 185 +++++++++++++++ .../hirs/data/persist/ReferenceManifest.java | 37 +-- .../persist/SupportReferenceManifest.java | 100 +++++++- .../persist/DBReferenceManifestManager.java | 5 +- .../persist/ReferenceManifestManager.java | 3 +- .../persist/ReferenceManifestSelector.java | 92 ++++---- .../java/hirs/tpm/eventlog/TCGEventLog.java | 30 ++- .../java/hirs/tpm/eventlog/TpmPcrEvent.java | 32 +++ .../java/hirs/tpm/eventlog/TpmPcrEvent1.java | 42 ++-- .../java/hirs/tpm/eventlog/TpmPcrEvent2.java | 20 +- 18 files changed, 806 insertions(+), 339 deletions(-) create mode 100644 HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index ba8a54b5..769c7b3a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -9,10 +9,12 @@ import hirs.attestationca.exceptions.UnexpectedServerException; import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.persist.AppraisalStatus; import hirs.data.persist.BaseReferenceManifest; +import hirs.data.persist.BiosMeasurements; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupportReferenceManifest; +import hirs.data.persist.SwidResource; import hirs.data.persist.info.FirmwareInfo; import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.info.NetworkInfo; @@ -39,7 +41,6 @@ import hirs.structs.elements.tpm.IdentityProof; import hirs.structs.elements.tpm.IdentityRequest; import hirs.structs.elements.tpm.SymmetricKey; import hirs.structs.elements.tpm.SymmetricKeyParams; -import hirs.tpm.eventlog.TCGEventLog; import hirs.utils.HexUtils; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; @@ -86,10 +87,13 @@ import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.MGF1ParameterSpec; import java.security.spec.RSAPublicKeySpec; +import java.util.Arrays; import java.util.Calendar; import java.util.Date; import java.util.HashSet; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; /** * Provides base implementation of common tasks of an ACA that are required for attestation of an @@ -672,6 +676,7 @@ public abstract class AbstractAttestationCertificateAuthority * @param claim the protobuf serialized identity claim containing the device info * @return a HIRS Utils DeviceInfoReport representation of device info */ + @SuppressWarnings("methodlength") private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) { ProvisionerTpm2.DeviceInfo dv = claim.getDv(); @@ -728,49 +733,72 @@ public abstract class AbstractAttestationCertificateAuthority } // check for RIM Base and Support files, if they don't exists in the database, load them - String clientName; - if (dv.hasLogfile()) { + String clientName = String.format("%s_%s", + dv.getHw().getManufacturer(), + dv.getHw().getProductName()); + ReferenceManifest dbBaseRim; + ReferenceManifest support; + String tagId = ""; + String fileName = ""; + Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"); + Matcher matcher; + + if (dv.hasSwidfile()) { try { - ReferenceManifest support = ReferenceManifest.select(referenceManifestManager) + dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) .includeArchived() - .byHashCode(dv.getSwidfile().hashCode()) + .byHashCode(Arrays.hashCode(dv.getSwidfile().toByteArray())) .getRIM(); - if (support == null) { - clientName = String.format("%s_%s.rimel", - dv.getHw().getManufacturer(), - dv.getHw().getProductName()); - this.referenceManifestManager.save( - new SupportReferenceManifest(clientName, - dv.getLogfile().toByteArray())); + + if (dbBaseRim == null) { + dbBaseRim = new BaseReferenceManifest( + String.format("%s.swidtag", + clientName), + dv.getSwidfile().toByteArray()); + + BaseReferenceManifest base = (BaseReferenceManifest) dbBaseRim; + for (SwidResource swid : base.parseResource()) { + matcher = pattern.matcher(swid.getName()); + if (matcher.matches()) { + //found the file name + int dotIndex = swid.getName().lastIndexOf("."); + clientName = swid.getName().substring(0, dotIndex); + dbBaseRim = new BaseReferenceManifest( + String.format("%s.swidtag", + clientName), + dv.getSwidfile().toByteArray()); + break; + } + } + this.referenceManifestManager.save(dbBaseRim); } else { - LOG.info("Client provided Support RIM already loaded in database."); + LOG.info("Client provided Base RIM already loaded in database."); } - TCGEventLog tcgEventLog = new TCGEventLog(dv.getLogfile().toByteArray()); - LOG.error(tcgEventLog.toString(true, true, true)); - } catch (CertificateException cEx) { - LOG.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - LOG.error(noSaEx); + + tagId = dbBaseRim.getTagId(); } catch (IOException ioEx) { LOG.error(ioEx); } } - if (dv.hasSwidfile()) { + if (dv.hasLogfile()) { try { - ReferenceManifest baseRim = ReferenceManifest.select(referenceManifestManager) + support = SupportReferenceManifest.select(referenceManifestManager) .includeArchived() - .byHashCode(dv.getSwidfile().hashCode()) + .byHashCode(Arrays.hashCode(dv.getLogfile().toByteArray())) .getRIM(); - if (baseRim == null) { - clientName = String.format("%s_%s.swidtag", - dv.getHw().getManufacturer(), - dv.getHw().getProductName()); - this.referenceManifestManager.save( - new BaseReferenceManifest(clientName, - dv.getSwidfile().toByteArray())); + + if (support == null) { + support = new SupportReferenceManifest( + String.format("%s.rimel", + clientName), + dv.getLogfile().toByteArray()); + support.setPlatformManufacturer(dv.getHw().getManufacturer()); + support.setPlatformModel(dv.getHw().getProductName()); + support.setTagId(tagId); + this.referenceManifestManager.save(support); } else { - LOG.info("Client provided Base RIM already loaded in database."); + LOG.info("Client provided Support RIM already loaded in database."); } } catch (IOException ioEx) { LOG.error(ioEx); @@ -778,7 +806,25 @@ public abstract class AbstractAttestationCertificateAuthority } if (dv.hasLivelog()) { - LOG.error("Live Log Exists"); + fileName = String.format("%s.measurement", + clientName); + try { + // find previous version. If it exists, delete it + support = BiosMeasurements.select(referenceManifestManager) + .byManufacturer(dv.getHw().getManufacturer()) + .includeArchived().getRIM(); + if (support != null) { + this.referenceManifestManager.delete(support); + } + support = new BiosMeasurements(fileName, + dv.getLivelog().toByteArray()); + support.setPlatformManufacturer(dv.getHw().getManufacturer()); + support.setPlatformModel(dv.getHw().getProductName()); + support.setTagId(tagId); + this.referenceManifestManager.save(support); + } catch (IOException ioEx) { + LOG.error(ioEx); + } } // Get TPM info, currently unimplemented diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 18cc6c5a..202ca1d3 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -7,18 +7,20 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import hirs.data.persist.BaseReferenceManifest; +import hirs.data.persist.BiosMeasurements; import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.TPMMeasurementRecord; -import hirs.data.persist.SwidResource; import hirs.data.persist.PCRPolicy; import hirs.data.persist.ArchivableEntity; import hirs.tpm.eventlog.TCGEventLog; +import hirs.tpm.eventlog.TpmPcrEvent; import hirs.validation.SupplyChainCredentialValidator; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Import; import org.springframework.stereotype.Service; + import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -28,6 +30,7 @@ import java.util.Set; import java.util.LinkedList; import java.util.UUID; import java.util.stream.Collectors; + import org.apache.logging.log4j.Level; import hirs.appraiser.Appraiser; import hirs.appraiser.SupplyChainAppraiser; @@ -82,20 +85,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe /** * Constructor. * - * @param policyManager the policy manager - * @param appraiserManager the appraiser manager - * @param certificateManager the cert manager - * @param referenceManifestManager the RIM manager + * @param policyManager the policy manager + * @param appraiserManager the appraiser manager + * @param certificateManager the cert manager + * @param referenceManifestManager the RIM manager * @param supplyChainValidatorSummaryManager the summary manager - * @param supplyChainCredentialValidator the credential validator + * @param supplyChainCredentialValidator the credential validator */ @Autowired public SupplyChainValidationServiceImpl(final PolicyManager policyManager, - final AppraiserManager appraiserManager, - final CertificateManager certificateManager, - final ReferenceManifestManager referenceManifestManager, - final CrudManager supplyChainValidatorSummaryManager, - final CredentialValidator supplyChainCredentialValidator) { + final AppraiserManager appraiserManager, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, + final CrudManager supplyChainValidatorSummaryManager, + final CredentialValidator supplyChainCredentialValidator) { this.policyManager = policyManager; this.appraiserManager = appraiserManager; this.certificateManager = certificateManager; @@ -109,15 +111,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * an identity request and validates the supply chain in accordance to the * current supply chain policy. * - * @param ec The endorsement credential from the identity request. - * @param pcs The platform credentials from the identity request. + * @param ec The endorsement credential from the identity request. + * @param pcs The platform credentials from the identity request. * @param device The device to be validated. * @return A summary of the validation results. */ @Override + @SuppressWarnings("methodlength") public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec, - final Set pcs, - final Device device) { + final Set pcs, + final Device device) { final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( SupplyChainAppraiser.NAME); SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy( @@ -185,7 +188,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL, AppraisalStatus.Status.FAIL, "Platform credential(s) missing." - + " Cannot validate attributes", + + " Cannot validate attributes", null, Level.ERROR)); } else { Iterator it = pcs.iterator(); @@ -244,7 +247,14 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (policy.isFirmwareValidationEnabled()) { // may need to associated with device to pull the correct info // compare tpm quote with what is pulled from RIM associated file - validations.add(validateFirmware(device, policy.getPcrPolicy())); + try { + validations.add(validateFirmware(device, policy.getPcrPolicy())); + } catch (Exception ex) { + for (StackTraceElement ste : ex.getStackTrace()) { + LOGGER.error(ste.toString()); + } + LOGGER.error(ex.getMessage()); + } } // Generate validation summary, save it, and return it. @@ -268,7 +278,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * on the specific multibase validation check for a delta chain. This method * also includes the check for delta certificate CA validation as well. * - * @param pc The platform credential getting checked + * @param pc The platform credential getting checked * @param platformScv The validation record * @return The validation record */ @@ -319,58 +329,62 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return subPlatformScv; } + @SuppressWarnings("methodlength") private SupplyChainValidation validateFirmware(final Device device, - final PCRPolicy pcrPolicy) { + final PCRPolicy pcrPolicy) { + boolean passed = true; String[] baseline = new String[Integer.SIZE]; Level level = Level.ERROR; AppraisalStatus fwStatus = null; String manufacturer = device.getDeviceInfo() .getHardwareInfo().getManufacturer(); - String model = device.getDeviceInfo().getHardwareInfo().getProductName(); - ReferenceManifest baseRim = null; - Set rims = ReferenceManifest - .select(referenceManifestManager).getRIMs(); + ReferenceManifest baseReferenceManifest = null; + ReferenceManifest supportReferenceManifest = null; + ReferenceManifest measurement = null; - for (ReferenceManifest rim : rims) { - if (rim instanceof BaseReferenceManifest - && rim.getPlatformManufacturer().equals(manufacturer)) { - baseRim = rim; - } + baseReferenceManifest = BaseReferenceManifest.select(referenceManifestManager) + .byManufacturer(manufacturer).getRIM(); + supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) + .byManufacturer(manufacturer).getRIM(); + measurement = BiosMeasurements.select(referenceManifestManager) + .byManufacturer(manufacturer).includeArchived().getRIM(); + + String failedString = ""; + if (baseReferenceManifest == null) { + failedString = "Base Reference Integrity Manifest%n"; + passed = false; + } + if (supportReferenceManifest == null) { + failedString += "Support Reference Integrity Manifest%n"; + passed = false; + } + if (measurement == null) { + failedString += "Bios measurement"; + passed = false; } - fwStatus = new AppraisalStatus(PASS, - SupplyChainCredentialValidator.FIRMWARE_VALID); - if (baseRim != null) { - BaseReferenceManifest bRim = (BaseReferenceManifest) baseRim; - List swids = bRim.parseResource(); + if (passed) { + fwStatus = new AppraisalStatus(PASS, + SupplyChainCredentialValidator.FIRMWARE_VALID); TCGEventLog logProcessor; - for (SwidResource swid : swids) { - ReferenceManifest dbRim = ReferenceManifest.select( - referenceManifestManager).byFileName(swid.getName()).getRIM(); - - if (dbRim != null) { - try { - logProcessor = new TCGEventLog(dbRim.getRimBytes()); - baseline = logProcessor.getExpectedPCRValues(); - } catch (CertificateException cEx) { - LOGGER.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - LOGGER.error(noSaEx); - } catch (IOException ioEx) { - LOGGER.error(ioEx); - } - } + try { + logProcessor = new TCGEventLog(supportReferenceManifest.getRimBytes()); + baseline = logProcessor.getExpectedPCRValues(); + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); } + + // part 1 of firmware validation check: PCR baseline match pcrPolicy.setBaselinePcrs(baseline); - if (device != null) { + if (baseline.length > 0) { String pcrContent = ""; - try { - pcrContent = new String(device.getDeviceInfo().getTPMInfo().getPcrValues()); - } catch (NullPointerException npEx) { - LOGGER.error(npEx); - } + pcrContent = new String(device.getDeviceInfo().getTPMInfo().getPcrValues()); if (pcrContent.isEmpty()) { fwStatus = new AppraisalStatus(FAIL, @@ -400,20 +414,58 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe level = Level.INFO; } } + // part 2 of firmware validation check: bios measurements + // vs baseline tcg event log + // find the measurement + TCGEventLog tcgEventLog; + TCGEventLog tcgMeasurementLog; + LinkedList tpmPcrEvents = new LinkedList<>(); + try { + if (measurement.getPlatformManufacturer().equals(manufacturer)) { + tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes()); + tcgEventLog = new TCGEventLog( + supportReferenceManifest.getRimBytes()); + for (TpmPcrEvent tpe : tcgEventLog.getEventList()) { + if (!tpe.eventCompare( + tcgMeasurementLog.getEventByNumber( + tpe.getEventNumber()))) { + tpmPcrEvents.add(tpe); + } + } + } + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); + } + + if (!tpmPcrEvents.isEmpty()) { + StringBuilder sb = new StringBuilder(); + for (TpmPcrEvent tpe : tpmPcrEvents) { + sb.append(String.format("Event %s - %s%n", + tpe.getEventNumber(), + tpe.getEventTypeStr())); + } + if (fwStatus.getAppStatus().equals(FAIL)) { + fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s", + fwStatus.getMessage(), sb.toString())); + } else { + fwStatus = new AppraisalStatus(FAIL, sb.toString()); + } + } } } else { - fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation" - + " Certificate can not be found."); + fwStatus = new AppraisalStatus(FAIL, "The RIM baseline could not be found."); } } else { - fwStatus = new AppraisalStatus(FAIL, - String.format("Firmware validation failed: " - + "No associated RIM file could be found for %s:%s", - manufacturer, model)); + fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: " + + "%s for %s can not be found", failedString, manufacturer)); } return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE, - fwStatus.getAppStatus(), fwStatus.getMessage(), baseRim, level); + fwStatus.getAppStatus(), fwStatus.getMessage(), baseReferenceManifest, level); } /** @@ -442,15 +494,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe .getHardwareInfo().getManufacturer(); try { - // need to get pcrs - Set rims = ReferenceManifest.select( - this.referenceManifestManager).getRIMs(); - for (ReferenceManifest r : rims) { - if (r instanceof SupportReferenceManifest - && r.getPlatformManufacturer().equals(manufacturer)) { - sRim = (SupportReferenceManifest) r; - } - } + sRim = SupportReferenceManifest.select( + this.referenceManifestManager) + .byManufacturer(manufacturer).getRIM(); if (sRim == null) { fwStatus = new AppraisalStatus(FAIL, @@ -514,7 +560,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec, - final boolean acceptExpiredCerts) { + final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL; LOGGER.info("Validating endorsement credential"); @@ -543,8 +589,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc, - final KeyStore trustedCertificateAuthority, - final boolean acceptExpiredCerts) { + final KeyStore trustedCertificateAuthority, final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -570,8 +615,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } } - private SupplyChainValidation validatePlatformCredentialAttributes(final PlatformCredential pc, - final DeviceInfoReport deviceInfoReport, + private SupplyChainValidation validatePlatformCredentialAttributes( + final PlatformCredential pc, final DeviceInfoReport deviceInfoReport, final EndorsementCredential ec) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -635,12 +680,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * Creates a supply chain validation record and logs the validation message * at the specified log level. * - * @param validationType the type of validation - * @param result the appraisal status - * @param message the validation message to include in the summary and log + * @param validationType the type of validation + * @param result the appraisal status + * @param message the validation message to include in the summary and log * @param archivableEntity the archivableEntity associated with the - * validation - * @param logLevel the log level + * validation + * @param logLevel the log level * @return a SupplyChainValidation */ private SupplyChainValidation buildValidationRecord( @@ -691,7 +736,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * larger than the the single trust chain for the queried certificate, but * is guaranteed to include the trust chain if it exists in this class' * CertificateManager. - * + *

* Implementation notes: 1. Queries for CA certs with a subject org matching * the given (argument's) issuer org 2. Add that org to * queriedOrganizations, so we don't search for that organization again 3. @@ -700,9 +745,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe * already queried for that organization (which prevents infinite loops on * certs with an identical subject and issuer org) * - * @param credential the credential whose CA chain should be retrieved + * @param credential the credential whose CA chain should be retrieved * @param previouslyQueriedOrganizations a list of organizations to refrain - * from querying + * from querying * @return a Set containing all relevant CA credentials to the given * certificate's organization */ diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 0faf6738..19e0df39 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -4,6 +4,7 @@ import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.SwidResource; +import hirs.persist.DBManagerException; import hirs.persist.ReferenceManifestManager; import hirs.tpm.eventlog.TCGEventLog; import hirs.attestationca.portal.page.Page; @@ -18,7 +19,6 @@ import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.ArrayList; -import java.util.Set; import java.util.UUID; import org.apache.logging.log4j.LogManager; @@ -118,7 +118,7 @@ public class ReferenceManifestDetailsPageController CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); - ReferenceManifest rim = ReferenceManifest + ReferenceManifest rim = BaseReferenceManifest .select(referenceManifestManager) .byEntityId(uuid).getRIM(); @@ -171,24 +171,26 @@ public class ReferenceManifestDetailsPageController data.put("rimType", bRim.getRimType()); List resources = bRim.parseResource(); - String resourceFilename = null; - TCGEventLog logProcessor; + TCGEventLog logProcessor = null; + ReferenceManifest support = null; + if (bRim.getAssociatedRim() == null) { + support = SupportReferenceManifest.select(referenceManifestManager) + .byManufacturer(bRim.getPlatformManufacturer()) + .getRIM(); + if (support != null) { + bRim.setAssociatedRim(support.getId()); + logProcessor = new TCGEventLog(support.getRimBytes()); + } + } // going to have to pull the filename and grab that from the DB // to get the id to make the link for (SwidResource swidRes : resources) { - resourceFilename = swidRes.getName(); - ReferenceManifest dbRim = ReferenceManifest.select( - referenceManifestManager).byFileName(resourceFilename).getRIM(); - - if (dbRim != null) { - logProcessor = new TCGEventLog(dbRim.getRimBytes()); + if (support != null && swidRes.getName() + .equals(support.getFileName())) { swidRes.setPcrValues(Arrays.asList( logProcessor.getExpectedPCRValues())); - - if (bRim.getAssociatedRim() == null) { - bRim.setAssociatedRim(dbRim.getId()); - } + break; } else { swidRes.setPcrValues(new ArrayList<>()); } @@ -196,17 +198,20 @@ public class ReferenceManifestDetailsPageController data.put("associatedRim", bRim.getAssociatedRim()); data.put("swidFiles", resources); - } else if (rim instanceof SupportReferenceManifest) { - SupportReferenceManifest sRim = (SupportReferenceManifest) rim; + } else { + SupportReferenceManifest sRim = SupportReferenceManifest + .select(referenceManifestManager) + .byEntityId(uuid).getRIM(); if (sRim.getAssociatedRim() == null) { - Set rims = ReferenceManifest - .select(referenceManifestManager).getRIMs(); - for (ReferenceManifest dbRim : rims) { - if (dbRim instanceof BaseReferenceManifest - && dbRim.getTagId().equals(sRim.getTagId())) { - sRim.setAssociatedRim(dbRim.getId()); - break; + ReferenceManifest baseRim = BaseReferenceManifest.select(referenceManifestManager) + .byManufacturer(sRim.getPlatformManufacturer()).getRIM(); + if (baseRim != null) { + sRim.setAssociatedRim(baseRim.getId()); + try { + referenceManifestManager.update(sRim); + } catch (DBManagerException ex) { + LOGGER.error("Failed to update Support RIM", ex); } } } @@ -217,9 +222,6 @@ public class ReferenceManifestDetailsPageController TCGEventLog logProcessor = new TCGEventLog(sRim.getRimBytes()); data.put("events", logProcessor.getEventList()); - } else { - LOGGER.error(String.format("Unable to find Reference Integrity " - + "Manifest with ID: %s", uuid)); } return data; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 6bfd3632..eed18ab4 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -191,6 +191,8 @@ public class ReferenceManifestPageController Pattern pattern; Matcher matcher; boolean supportRIM = false; + BaseReferenceManifest base; + SupportReferenceManifest support; // loop through the files for (MultipartFile file : files) { @@ -201,45 +203,50 @@ public class ReferenceManifestPageController //Parse reference manifests ReferenceManifest rim = parseRIM(file, supportRIM, messages); - // look for associated base/support - Set rims = ReferenceManifest - .select(referenceManifestManager).getRIMs(); - // update information for associated support rims - for (ReferenceManifest element : rims) { - if (supportRIM) { - if (element instanceof BaseReferenceManifest) { - BaseReferenceManifest bRim = (BaseReferenceManifest) element; - for (SwidResource swid : bRim.parseResource()) { - if (swid.getName().equals(rim.getFileName())) { - rim.setSwidTagVersion(bRim.getSwidTagVersion()); - rim.setPlatformManufacturer(bRim.getPlatformManufacturer()); - rim.setPlatformModel(bRim.getPlatformModel()); - rim.setTagId(bRim.getTagId()); - rim.setAssociatedRim(bRim.getId()); - break; - } + if (supportRIM) { + // look for associated base/support + Set rims = BaseReferenceManifest + .select(referenceManifestManager).getRIMs(); + support = (SupportReferenceManifest) rim; + // update information for associated support rim + for (BaseReferenceManifest dbRim : rims) { + for (SwidResource swid : dbRim.parseResource()) { + if (swid.getName().equals(rim.getFileName())) { + support.setSwidTagVersion(dbRim.getSwidTagVersion()); + support.setPlatformManufacturer(dbRim.getPlatformManufacturer()); + support.setPlatformModel(dbRim.getPlatformModel()); + support.setTagId(dbRim.getTagId()); + support.setAssociatedRim(dbRim.getId()); + support.setUpdated(true); + break; } } - } else { - BaseReferenceManifest bRim = (BaseReferenceManifest) rim; - for (SwidResource swid : bRim.parseResource()) { - if (element instanceof SupportReferenceManifest) { - SupportReferenceManifest sRim = (SupportReferenceManifest) element; - if (swid.getName().equals(sRim.getFileName())) { - sRim.setPlatformManufacturer(bRim.getPlatformManufacturer()); - sRim.setPlatformModel(bRim.getPlatformModel()); - sRim.setSwidTagVersion(bRim.getSwidTagVersion()); - sRim.setTagId(bRim.getTagId()); - rim.setAssociatedRim(sRim.getId()); - try { - referenceManifestManager.update(sRim); - } catch (DBManagerException dbmEx) { - LOGGER.error(String.format("Couldn't update Support RIM " - + "%s with associated UUID %s", rim.getTagId(), - sRim.getId()), dbmEx); - } - break; + } + } else { + base = (BaseReferenceManifest) rim; + + for (SwidResource swid : base.parseResource()) { + support = SupportReferenceManifest.select(referenceManifestManager) + .byFileName(swid.getName()).getRIM(); + if (support != null) { + base.setAssociatedRim(support.getId()); + if (support.isUpdated()) { + // this is separate because I want to break if we found it + // instead of finding it, it is uptodate but still search + break; + } else { + support.setSwidTagVersion(base.getSwidTagVersion()); + support.setPlatformManufacturer(base.getPlatformManufacturer()); + support.setPlatformModel(base.getPlatformModel()); + support.setTagId(base.getTagId()); + support.setUpdated(true); + try { + referenceManifestManager.update(support); + } catch (DBManagerException dbmEx) { + LOGGER.error(String.format("Couldn't update Support RIM " + + "%s with associated UUID %s", rim.getTagId(), + support.getId()), dbmEx); } } } @@ -251,7 +258,7 @@ public class ReferenceManifestPageController storeManifest(file.getOriginalFilename(), messages, rim, - referenceManifestManager); + supportRIM); } } @@ -371,10 +378,15 @@ public class ReferenceManifestPageController */ private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException { UUID uuid = UUID.fromString(id); - - return ReferenceManifest - .select(referenceManifestManager) + ReferenceManifest rim = BaseReferenceManifest.select(referenceManifestManager) .byEntityId(uuid).getRIM(); + + if (rim == null) { + rim = SupportReferenceManifest.select(referenceManifestManager) + .byEntityId(uuid).getRIM(); + } + + return rim; } /** @@ -427,24 +439,32 @@ public class ReferenceManifestPageController * @param fileName name of the file given * @param messages message object for user display of statuses * @param referenceManifest the object to store - * @param referenceManifestManager the class that handles the storage + * @param supportRim boolean flag indicating if this is a support RIM * process. */ private void storeManifest( final String fileName, final PageMessages messages, final ReferenceManifest referenceManifest, - final ReferenceManifestManager referenceManifestManager) { + final boolean supportRim) { ReferenceManifest existingManifest; // look for existing manifest in the database try { - existingManifest = ReferenceManifest - .select(referenceManifestManager) - .includeArchived() - .byHashCode(referenceManifest.getRimHash()) - .getRIM(); + if (supportRim) { + existingManifest = SupportReferenceManifest + .select(referenceManifestManager) + .includeArchived() + .byHashCode(referenceManifest.getRimHash()) + .getRIM(); + } else { + existingManifest = BaseReferenceManifest + .select(referenceManifestManager) + .includeArchived() + .byHashCode(referenceManifest.getRimHash()) + .getRIM(); + } } catch (DBManagerException e) { final String failMessage = String.format("Querying for existing certificate " + "failed (%s): ", fileName); @@ -458,14 +478,14 @@ public class ReferenceManifestPageController if (existingManifest == null) { referenceManifestManager.save(referenceManifest); - final String successMsg = String.format("New RIM successfully uploaded (%s): ", + final String successMsg = String.format("RIM successfully uploaded (%s): ", fileName); messages.addSuccess(successMsg); LOGGER.info(successMsg); return; } } catch (DBManagerException dbmEx) { - final String failMessage = String.format("Storing new RIM failed (%s): ", fileName); + final String failMessage = String.format("Storing RIM failed (%s): ", fileName); messages.addError(failMessage + dbmEx.getMessage()); LOGGER.error(failMessage, dbmEx); return; diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/reference-manifests.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/reference-manifests.jsp index 2f85be97..c9837d13 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/reference-manifests.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/reference-manifests.jsp @@ -60,7 +60,7 @@ var html = ''; html += rimDetailsLink(full.id); html += rimDownloadLink(full.id, pagePath); - html += certificateDeleteLink(full.id, pagePath); + html += rimDeleteLink(full.id, pagePath); return html; } diff --git a/HIRS_AttestationCAPortal/src/main/webapp/common/common.js b/HIRS_AttestationCAPortal/src/main/webapp/common/common.js index 54ad5b3c..de543576 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/common/common.js +++ b/HIRS_AttestationCAPortal/src/main/webapp/common/common.js @@ -43,6 +43,17 @@ function handleDeleteRequest(id) { } } +/** +* Handles user request to delete a cert. Prompts user to confirm. +* Upon confirmation, submits the delete form which is required to make +* a POST call to delete the reference integrity manifest. +*/ +function handleRimDeleteRequest(id) { + if (confirm("Delete RIM?")) { + $('#deleteForm' + id).submit(); + } +} + /** * Set the data tables using the columns definition, the ajax URL and * the ID of the table. @@ -133,8 +144,24 @@ function rimDetailsLink(id){ function certificateDeleteLink(id, pagePath){ var icon = icons + '/ic_delete_black_24dp.png'; var formURL = pagePath + "/delete"; - - var html = '' + + var html = '' + + '' + + '

' + + '
'; + return html; +} + +/** +* Create a RIM delete link for the specified ID +* @param id of the RIM +* @param pagePath path to the link +*/ +function rimDeleteLink(id, pagePath){ + var icon = icons + '/ic_delete_black_24dp.png'; + var formURL = pagePath + "/delete"; + + var html = '' + '' + '
' + '
'; diff --git a/HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageControllerTest.java b/HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageControllerTest.java index 3e5b5250..16208c99 100644 --- a/HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageControllerTest.java +++ b/HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageControllerTest.java @@ -1,5 +1,6 @@ package hirs.attestationca.portal.page.controllers; +import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.ReferenceManifest; import hirs.persist.ReferenceManifestManager; import hirs.attestationca.portal.page.Page; @@ -65,7 +66,7 @@ public class ReferenceManifestPageControllerTest extends PageControllerTest { .andReturn(); Set records - = referenceManifestManager.get(ReferenceManifest + = referenceManifestManager.get(BaseReferenceManifest .select(referenceManifestManager).includeArchived()); Assert.assertEquals(records.size(), 1); @@ -135,7 +136,7 @@ public class ReferenceManifestPageControllerTest extends PageControllerTest { "Pre-existing RIM found and unarchived (generated_good.swidtag): "); // verify the cert was actually stored - Set records = referenceManifestManager.get(ReferenceManifest.select( + Set records = referenceManifestManager.get(BaseReferenceManifest.select( referenceManifestManager)); Assert.assertEquals(records.size(), 1); @@ -162,7 +163,8 @@ public class ReferenceManifestPageControllerTest extends PageControllerTest { // verify the cert was actually stored Set records - = referenceManifestManager.get(ReferenceManifest.select(referenceManifestManager)); + = referenceManifestManager.get(BaseReferenceManifest + .select(referenceManifestManager)); Assert.assertEquals(records.size(), 1); ReferenceManifest rim = records.iterator().next(); @@ -180,7 +182,7 @@ public class ReferenceManifestPageControllerTest extends PageControllerTest { .andReturn(); Set records - = referenceManifestManager.get(ReferenceManifest + = referenceManifestManager.get(BaseReferenceManifest .select(referenceManifestManager).includeArchived()); Assert.assertEquals(records.size(), 1); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index a48f5693..00a544f2 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -1,6 +1,8 @@ package hirs.data.persist; import hirs.persist.DBReferenceManifestManager; +import hirs.persist.ReferenceManifestManager; +import hirs.persist.ReferenceManifestSelector; import hirs.utils.xjc.BaseElement; import hirs.utils.xjc.Directory; import hirs.utils.xjc.FilesystemItem; @@ -76,6 +78,56 @@ public class BaseReferenceManifest extends ReferenceManifest { private String linkHref = null; private String linkRel = null; + /** + * This class enables the retrieval of BaseReferenceManifest by their attributes. + */ + public static class Selector extends ReferenceManifestSelector { + /** + * Construct a new ReferenceManifestSelector that will use + * the given (@link ReferenceManifestManager} + * to retrieve one or may BaseReferenceManifest. + * + * @param referenceManifestManager the reference manifest manager to be used to retrieve + * reference manifests. + */ + public Selector(final ReferenceManifestManager referenceManifestManager) { + super(referenceManifestManager, BaseReferenceManifest.class); + } + + /** + * Specify the platform manufacturer that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @return this instance + */ + public Selector byManufacturer(final String manufacturer) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + return this; + } + + /** + * Specify the platform manufacturer id that rims must have to be considered + * as matching. + * @param manufacturerId string for the id of the manufacturer + * @return this instance + */ + public Selector byManufacturerId(final String manufacturerId) { + setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + return this; + } + + /** + * Specify the platform model that rims must have to be considered + * as matching. + * @param model string for the model + * @return this instance + */ + public Selector byModel(final String model) { + setFieldValue(PLATFORM_MODEL, model); + return this; + } + } + /** * Support constructor for the RIM object. * @@ -162,6 +214,17 @@ public class BaseReferenceManifest extends ReferenceManifest { } + /** + * Get a Selector for use in retrieving ReferenceManifest. + * + * @param rimMan the ReferenceManifestManager to be used to retrieve + * persisted RIMs + * @return a Selector instance to use for retrieving RIMs + */ + public static Selector select(final ReferenceManifestManager rimMan) { + return new Selector(rimMan); + } + /** * This method and code is pulled and adopted from the TCG Tool. Since this * is taking in an file stored in memory through http, this was changed from diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java b/HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java new file mode 100644 index 00000000..f63835db --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java @@ -0,0 +1,185 @@ +package hirs.data.persist; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.persist.ReferenceManifestManager; +import hirs.persist.ReferenceManifestSelector; +import hirs.tpm.eventlog.TCGEventLog; +import hirs.tpm.eventlog.TpmPcrEvent; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import javax.persistence.Column; +import javax.persistence.Entity; +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; + +/** + * Sub class that will just focus on PCR Values and Events. + * Similar to {@link hirs.data.persist.SupportReferenceManifest} + * however this is the live log from the client. + */ +@Entity +public class BiosMeasurements extends ReferenceManifest { + private static final Logger LOGGER = LogManager.getLogger(BiosMeasurements.class); + + @Column + @JsonIgnore + private int pcrHash = 0; + + /** + * This class enables the retrieval of SupportReferenceManifest by their attributes. + */ + public static class Selector extends ReferenceManifestSelector { + /** + * Construct a new ReferenceManifestSelector that + * will use the given (@link ReferenceManifestManager} + * to retrieve one or may SupportReferenceManifest. + * + * @param referenceManifestManager the reference manifest manager to be used to retrieve + * reference manifests. + */ + public Selector(final ReferenceManifestManager referenceManifestManager) { + super(referenceManifestManager, BiosMeasurements.class, false); + } + + /** + * Specify the platform manufacturer that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @return this instance + */ + public Selector byManufacturer(final String manufacturer) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + return this; + } + + /** + * Specify the platform manufacturer id that rims must have to be considered + * as matching. + * @param manufacturerId string for the id of the manufacturer + * @return this instance + */ + public Selector byManufacturerId(final String manufacturerId) { + setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + return this; + } + + /** + * Specify the platform model that rims must have to be considered + * as matching. + * @param model string for the model + * @return this instance + */ + public Selector byModel(final String model) { + setFieldValue(PLATFORM_MODEL, model); + return this; + } + } + + /** + * Support constructor for the RIM object. + * + * @param rimBytes byte array representation of the RIM + * @throws java.io.IOException if unable to unmarshal the string + */ + public BiosMeasurements(final byte[] rimBytes) throws IOException { + this("blank.measurement", rimBytes); + } + /** + * Support constructor for the RIM object. + * + * @param fileName - string representation of the uploaded file. + * @param rimBytes byte array representation of the RIM + * @throws java.io.IOException if unable to unmarshal the string + */ + public BiosMeasurements(final String fileName, + final byte[] rimBytes + ) throws IOException { + super(rimBytes); + this.setFileName(fileName); + this.setRimType(MEASUREMENT_RIM); + this.archive("Measurement event log"); + this.pcrHash = 0; + } + + /** + * Default constructor necessary for Hibernate. + */ + protected BiosMeasurements() { + super(); + this.pcrHash = 0; + } + + /** + * Get a Selector for use in retrieving ReferenceManifest. + * + * @param rimMan the ReferenceManifestManager to be used to retrieve + * persisted RIMs + * @return a Selector instance to use for retrieving RIMs + */ + public static Selector select(final ReferenceManifestManager rimMan) { + return new Selector(rimMan); + } + + /** + * Getter method for the expected PCR values contained within the support + * RIM. + * @return a string array of the pcr values. + */ + public String[] getExpectedPCRList() { + try { + TCGEventLog logProcessor = new TCGEventLog(this.getRimBytes()); + this.pcrHash = Arrays.hashCode(logProcessor.getExpectedPCRValues()); + return logProcessor.getExpectedPCRValues(); + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); + } + + return new String[0]; + } + + /** + * Getter method for the event log that should be present in the support RIM. + * + * @return list of TPM PCR Events for display + */ + public Collection getEventLog() { + TCGEventLog logProcessor = null; + try { + logProcessor = new TCGEventLog(this.getRimBytes()); + return logProcessor.getEventList(); + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + LOGGER.error(noSaEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); + } + + return new ArrayList<>(); + } + + /** + * Getter for the PCR Hash contained in the support RIM. + * @return hash in int form + */ + public int getPcrHash() { + return pcrHash; + } + + /** + * Setter for the PCR Hash. + * @param pcrHash hash in int form + */ + public void setPcrHash(final int pcrHash) { + this.pcrHash = pcrHash; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 58f1a69b..98c05e0d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -9,8 +9,6 @@ import javax.persistence.Entity; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; -import hirs.persist.ReferenceManifestManager; -import hirs.persist.ReferenceManifestSelector; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.hibernate.annotations.Type; @@ -39,6 +37,10 @@ public abstract class ReferenceManifest extends ArchivableEntity { * String for display of a Support RIM. */ public static final String SUPPORT_RIM = "Support"; + /** + * String for display of a Support RIM. + */ + public static final String MEASUREMENT_RIM = "Measurement"; /** * String for the xml schema ios standard. @@ -60,26 +62,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { private static final Logger LOGGER = LogManager.getLogger(ReferenceManifest.class); - /** - * This class enables the retrieval of PlatformCredentials by their - * attributes. - */ - public static class Selector - extends ReferenceManifestSelector { - - /** - * Construct a new ReferenceManifestSelector that will use the given - * {@link ReferenceManifestManager} to retrieve one or many Reference - * Integrity Manifest. - * - * @param referenceManifestManager the RIM manager to be used to - * retrieve RIMs - */ - public Selector(final ReferenceManifestManager referenceManifestManager) { - super(referenceManifestManager); - } - } - /** * Holds the name of the 'rimHash' field. */ @@ -108,17 +90,6 @@ public abstract class ReferenceManifest extends ArchivableEntity { @Column private UUID associatedRim; - /** - * Get a Selector for use in retrieving ReferenceManifest. - * - * @param rimMan the ReferenceManifestManager to be used to retrieve - * persisted RIMs - * @return a ReferenceManifest.Selector instance to use for retrieving RIMs - */ - public static Selector select(final ReferenceManifestManager rimMan) { - return new Selector(rimMan); - } - /** * Default constructor necessary for Hibernate. */ diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index 4d8c2d44..51c663a2 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -1,6 +1,8 @@ package hirs.data.persist; import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.persist.ReferenceManifestManager; +import hirs.persist.ReferenceManifestSelector; import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TpmPcrEvent; import org.apache.logging.log4j.LogManager; @@ -13,8 +15,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; -import java.util.List; +import java.util.Collection; /** * Sub class that will just focus on PCR Values and Events. @@ -26,9 +27,62 @@ public class SupportReferenceManifest extends ReferenceManifest { @Column @JsonIgnore private int pcrHash = 0; + @Column + private boolean updated = false; /** - * Support constructor for the RIM object. + * This class enables the retrieval of SupportReferenceManifest by their attributes. + */ + public static class Selector extends ReferenceManifestSelector { + /** + * Construct a new ReferenceManifestSelector that will + * use the given (@link ReferenceManifestManager} + * to retrieve one or may SupportReferenceManifest. + * + * @param referenceManifestManager the reference manifest manager to be used to retrieve + * reference manifests. + */ + public Selector(final ReferenceManifestManager referenceManifestManager) { + super(referenceManifestManager, SupportReferenceManifest.class); + } + + /** + * Specify the platform manufacturer that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @return this instance + */ + public Selector byManufacturer(final String manufacturer) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + return this; + } + + /** + * Specify the platform manufacturer id that rims must have to be considered + * as matching. + * @param manufacturerId string for the id of the manufacturer + * @return this instance + */ + public Selector byManufacturerId(final String manufacturerId) { + setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + return this; + } + + /** + * Specify the platform model that rims must have to be considered + * as matching. + * @param model string for the model + * @return this instance + */ + public Selector byModel(final String model) { + setFieldValue(PLATFORM_MODEL, model); + return this; + } + } + + /** + * Main constructor for the RIM object. This takes in a byte array of a + * valid swidtag file and parses the information. * * @param fileName - string representation of the uploaded file. * @param rimBytes byte array representation of the RIM @@ -36,9 +90,10 @@ public class SupportReferenceManifest extends ReferenceManifest { */ public SupportReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException { - this(rimBytes); - this.setRimType(SUPPORT_RIM); + super(rimBytes); this.setFileName(fileName); + this.setRimType(SUPPORT_RIM); + this.pcrHash = 0; } /** @@ -49,9 +104,7 @@ public class SupportReferenceManifest extends ReferenceManifest { * @throws IOException if unable to unmarshal the string */ public SupportReferenceManifest(final byte[] rimBytes) throws IOException { - super(rimBytes); - this.setRimType(SUPPORT_RIM); - this.pcrHash = 0; + this("blank.rimel", rimBytes); } /** @@ -62,6 +115,17 @@ public class SupportReferenceManifest extends ReferenceManifest { this.pcrHash = 0; } + /** + * Get a Selector for use in retrieving ReferenceManifest. + * + * @param rimMan the ReferenceManifestManager to be used to retrieve + * persisted RIMs + * @return a Selector instance to use for retrieving RIMs + */ + public static Selector select(final ReferenceManifestManager rimMan) { + return new Selector(rimMan); + } + /** * Getter method for the expected PCR values contained within the support * RIM. @@ -88,11 +152,11 @@ public class SupportReferenceManifest extends ReferenceManifest { * * @return list of TPM PCR Events for display */ - public List getEventLog() { + public Collection getEventLog() { TCGEventLog logProcessor = null; try { logProcessor = new TCGEventLog(this.getRimBytes()); - return Collections.unmodifiableList(logProcessor.getEventList()); + return logProcessor.getEventList(); } catch (CertificateException cEx) { LOGGER.error(cEx); } catch (NoSuchAlgorithmException noSaEx) { @@ -119,4 +183,20 @@ public class SupportReferenceManifest extends ReferenceManifest { public void setPcrHash(final int pcrHash) { this.pcrHash = pcrHash; } + + /** + * Indicates if the support rim has updated information from the base. + * @return flag indicating that it is up to date + */ + public boolean isUpdated() { + return updated; + } + + /** + * Setter for the support RIM flag status. + * @param updated updated flag status + */ + public void setUpdated(final boolean updated) { + this.updated = updated; + } } diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceManifestManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceManifestManager.java index 01903dcf..80be5a15 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceManifestManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceManifestManager.java @@ -86,10 +86,11 @@ public class DBReferenceManifestManager extends DBManager */ @Override @SuppressWarnings("unchecked") - public Set get(final ReferenceManifestSelector referenceManifestSelector) { + public Set get( + final ReferenceManifestSelector referenceManifestSelector) { LOGGER.info("Getting the full set of Reference Manifest files."); return new HashSet<>( - (List) getWithCriteria( + (List) getWithCriteria( referenceManifestSelector.getReferenceManifestClass(), Collections.singleton(referenceManifestSelector.getCriterion()) ) diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java index 2e3db7ac..1d5e2e7e 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java @@ -28,10 +28,11 @@ public interface ReferenceManifestManager extends OrderedListQuerier the type of reference manifest that will be retrieved * @param referenceManifestSelector a {@link ReferenceManifestSelector} to use for querying * @return a Set of matching RIMs, which may be empty */ - Set get(ReferenceManifestSelector referenceManifestSelector); + Set get(ReferenceManifestSelector referenceManifestSelector); /** * Delete the given RIM. diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 344edc3c..4b6ae6dd 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -1,6 +1,7 @@ package hirs.persist; import com.google.common.base.Preconditions; +import hirs.data.persist.ReferenceManifest; import hirs.data.persist.certificate.Certificate; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; @@ -21,16 +22,26 @@ import java.util.UUID; * with a {@link ReferenceManifestManager}. To make use of this object, * use (some ReferenceManifest).select(ReferenceManifestManager). * - * @param the type of referenceManifest that will be retrieved + * @param the type of Reference Integrity Manifest that will be retrived. */ -public abstract class ReferenceManifestSelector { - private static final String PLATFORM_MANUFACTURER = "platformManufacturer"; - private static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId"; - private static final String PLATFORM_MODEL = "platformModel"; +public abstract class ReferenceManifestSelector { + /** + * String representing the database field for the manufacturer. + */ + public static final String PLATFORM_MANUFACTURER = "platformManufacturer"; + /** + * String representing the database field for the manufacturer id. + */ + public static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId"; + /** + * String representing the database field for the model. + */ + public static final String PLATFORM_MODEL = "platformModel"; private static final String RIM_TYPE_FIELD = "rimType"; private static final String RIM_FILENAME_FIELD = "fileName"; private final ReferenceManifestManager referenceManifestManager; + private final Class referenceTypeClass; private final Map fieldValueSelections; private boolean excludeArchivedRims; @@ -39,25 +50,35 @@ public abstract class ReferenceManifestSelector { * Default Constructor. * * @param referenceManifestManager the RIM manager to be used to retrieve RIMs + * @param referenceTypeClass the type of Reference Manifest to process. */ - public ReferenceManifestSelector(final ReferenceManifestManager referenceManifestManager) { - this(referenceManifestManager, true); + public ReferenceManifestSelector(final ReferenceManifestManager referenceManifestManager, + final Class referenceTypeClass) { + this(referenceManifestManager, referenceTypeClass, true); } /** * Standard Constructor for the Selector. * * @param referenceManifestManager the RIM manager to be used to retrieve RIMs + * @param referenceTypeClass the type of Reference Manifest to process. * @param excludeArchivedRims true if excluding archived RIMs */ public ReferenceManifestSelector(final ReferenceManifestManager referenceManifestManager, + final Class referenceTypeClass, final boolean excludeArchivedRims) { Preconditions.checkArgument( referenceManifestManager != null, "reference manifest manager cannot be null" ); + Preconditions.checkArgument( + referenceTypeClass != null, + "type cannot be null" + ); + this.referenceManifestManager = referenceManifestManager; + this.referenceTypeClass = referenceTypeClass; this.excludeArchivedRims = excludeArchivedRims; this.fieldValueSelections = new HashMap<>(); } @@ -68,51 +89,18 @@ public abstract class ReferenceManifestSelector { * @param uuid the UUID to query * @return this instance (for chaining further calls) */ - public ReferenceManifestSelector byEntityId(final UUID uuid) { + public ReferenceManifestSelector byEntityId(final UUID uuid) { setFieldValue(Certificate.ID_FIELD, uuid); return this; } - /** - * Specify the platform manufacturer that rims must have to be considered - * as matching. - * @param manufacturer string for the manufacturer - * @return this instance - */ - public ReferenceManifestSelector byManufacturer(final String manufacturer) { - setFieldValue(PLATFORM_MANUFACTURER, manufacturer); - return this; - } - - /** - * Specify the platform manufacturer id that rims must have to be considered - * as matching. - * @param manufacturerId string for the id of the manufacturer - * @return this instance - */ - public ReferenceManifestSelector byManufacturerId(final String manufacturerId) { - setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); - return this; - } - - /** - * Specify the platform model that rims must have to be considered - * as matching. - * @param model string for the model - * @return this instance - */ - public ReferenceManifestSelector byModel(final String model) { - setFieldValue(PLATFORM_MODEL, model); - return this; - } - /** * Specify the hash code of the bytes that rim must match. * * @param rimHash the hash code of the bytes to query for * @return this instance (for chaining further calls) */ - public ReferenceManifestSelector byHashCode(final int rimHash) { + public ReferenceManifestSelector byHashCode(final int rimHash) { setFieldValue(hirs.data.persist.ReferenceManifest.RIM_HASH_FIELD, rimHash); return this; } @@ -122,7 +110,7 @@ public abstract class ReferenceManifestSelector { * @param fileName the name of the file associated with the rim * @return instance of the manifest in relation to the filename. */ - public ReferenceManifestSelector byFileName(final String fileName) { + public ReferenceManifestSelector byFileName(final String fileName) { setFieldValue(RIM_FILENAME_FIELD, fileName); return this; } @@ -132,7 +120,7 @@ public abstract class ReferenceManifestSelector { * @param rimType the type of rim * @return this instance */ - public ReferenceManifestSelector byRimType(final String rimType) { + public ReferenceManifestSelector byRimType(final String rimType) { setFieldValue(RIM_TYPE_FIELD, rimType); return this; } @@ -181,8 +169,8 @@ public abstract class ReferenceManifestSelector { * * @return a matching RIM or null if none is found */ - public hirs.data.persist.ReferenceManifest getRIM() { - Set rims = execute(); + public T getRIM() { + Set rims = execute(); if (rims.isEmpty()) { return null; } @@ -198,7 +186,7 @@ public abstract class ReferenceManifestSelector { * * @return a Set of matching RIMs, possibly empty */ - public Set getRIMs() { + public Set getRIMs() { return Collections.unmodifiableSet(new HashSet<>(execute())); } @@ -226,13 +214,13 @@ public abstract class ReferenceManifestSelector { /** * @return the rim class that this instance will query */ - public Class getReferenceManifestClass() { - return hirs.data.persist.ReferenceManifest.class; + public Class getReferenceManifestClass() { + return this.referenceTypeClass; } // construct and execute query - private Set execute() { - Set results = this.referenceManifestManager.get(this); + private Set execute() { + Set results = this.referenceManifestManager.get(this); return results; } @@ -241,7 +229,7 @@ public abstract class ReferenceManifestSelector { * * @return the selector */ - public ReferenceManifestSelector includeArchived() { + public ReferenceManifestSelector includeArchived() { this.excludeArchivedRims = false; return this; } diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java index bd5a3b0a..e7dc7199 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java @@ -7,7 +7,8 @@ import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; -import java.util.ArrayList; +import java.util.Collection; +import java.util.LinkedHashMap; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; @@ -22,6 +23,7 @@ import hirs.tpm.eventlog.uefi.UefiConstants; import hirs.utils.HexUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; + /** * Class for handling different formats of TCG Event logs. */ @@ -60,7 +62,7 @@ public final class TCGEventLog { /** 2 dimensional array holding the PCR values. */ private byte[][] pcrList; /** List of parsed events within the log. */ - private ArrayList eventList = new ArrayList<>(); + private LinkedHashMap eventList = new LinkedHashMap<>(); /** Length of PCR. Indicates which hash algorithm is used. */ private int pcrLength; /** Name of hash algorithm. */ @@ -138,14 +140,14 @@ public final class TCGEventLog { bHexEvent = bHexEventFlag; ByteArrayInputStream is = new ByteArrayInputStream(rawlog); // Process the 1st entry as a SHA1 format (per the spec) - eventList.add(new TpmPcrEvent1(is, eventNumber++)); + eventList.put(eventNumber, new TpmPcrEvent1(is, eventNumber++)); // put all events into an event list for further processing while (is.available() > 0) { if (bCryptoAgile) { - eventList.add(new TpmPcrEvent2(is, eventNumber++)); + eventList.put(eventNumber, new TpmPcrEvent2(is, eventNumber++)); } else { - eventList.add(new TpmPcrEvent1(is, eventNumber++)); + eventList.put(eventNumber, new TpmPcrEvent1(is, eventNumber++)); } } calculatePcrValues(); @@ -204,7 +206,7 @@ public final class TCGEventLog { private void calculatePcrValues() { byte[] extendedPCR; initPcrList(); - for (TpmPcrEvent currentEvent : eventList) { + for (TpmPcrEvent currentEvent : eventList.values()) { if (currentEvent.getPcrIndex() >= 0) { // Ignore NO_EVENTS which can have a PCR=-1 try { if (currentEvent.getEventType() != NO_ACTION_EVENT) { @@ -271,8 +273,18 @@ public final class TCGEventLog { * Returns a list of event found in the Event Log. * @return an arraylist of event. */ - public ArrayList getEventList() { - return eventList; + public Collection getEventList() { + return eventList.values(); + } + + /** + * Returns a specific element of the Event Log that corresponds to the requested + * event number. + * @param eventNumber specific event to find in the list. + * @return TPM Event in the position of the list + */ + public TpmPcrEvent getEventByNumber(final int eventNumber) { + return eventList.get(eventNumber); } /** @@ -291,7 +303,7 @@ public final class TCGEventLog { */ public String toString() { StringBuilder sb = new StringBuilder(); - for (TpmPcrEvent event : eventList) { + for (TpmPcrEvent event : eventList.values()) { sb.append(event.toString(bEvent, bHexEvent, bContent)); } sb.append("Event Log processing completed.\n"); diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java index 3553decb..d7fe1539 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent.java @@ -55,6 +55,7 @@ public class TpmPcrEvent { private static final int INDENT_3 = 3; /** * Log format. SHA1=1, Crytpo agile=2. + * this can be refactored out */ private int logFormat = -1; /** @@ -102,6 +103,7 @@ public class TpmPcrEvent { */ private byte[] eventDataSha256hash; private EvPostCode evPostCode; + private int eventNumber; /** * Constructor. @@ -248,6 +250,22 @@ public class TpmPcrEvent { return java.util.Arrays.copyOf(event, event.length); } + /** + * Getter for the event number for this event. + * @return the # for this event + */ + public int getEventNumber() { + return eventNumber; + } + + /** + * Setter for the event number. + * @param eventNumber position in the list + */ + public final void setEventNumber(final int eventNumber) { + this.eventNumber = eventNumber; + } + /** * Sets the event content after processing. * @@ -450,6 +468,7 @@ public class TpmPcrEvent { public String processEvent(final byte[] event, final byte[] eventContent, final int eventNumber) throws CertificateException, NoSuchAlgorithmException, IOException { int eventID = (int) eventType; + this.eventNumber = eventNumber; description += "Event# " + eventNumber + ": "; description += "Index PCR[" + getPcrIndex() + "]\n"; description += "Event Type: 0x" + Long.toHexString(eventType) + " " + eventString(eventID); @@ -686,6 +705,19 @@ public class TpmPcrEvent { return result; } + /** + * This method takes in an event and compares the hashes to verify that they match. + * @param tpmPcrEvent an event to match. + * @return true if the event # matches and the hash is correct. + */ + public boolean eventCompare(final TpmPcrEvent tpmPcrEvent) { + if (tpmPcrEvent.getPcrIndex() != this.getPcrIndex()) { + return false; + } + + return Arrays.equals(this.digest, tpmPcrEvent.getEventDigest()); + } + /** * Checks a byte array for all zeros. * diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent1.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent1.java index 9db82b05..59a0aba4 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent1.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent1.java @@ -31,14 +31,14 @@ public class TpmPcrEvent1 extends TpmPcrEvent { /** * Constructor. * - * @param is ByteArrayInputStream holding the TCG Log event. + * @param is ByteArrayInputStream holding the TCG Log event. * @param eventNumber event position within the event log. - * @throws IOException if an error occurs in parsing the event. + * @throws IOException if an error occurs in parsing the event. * @throws NoSuchAlgorithmException if an undefined algorithm is encountered. - * @throws CertificateException If a certificate within an event can't be processed. + * @throws CertificateException If a certificate within an event can't be processed. */ public TpmPcrEvent1(final ByteArrayInputStream is, final int eventNumber) - throws IOException, CertificateException, NoSuchAlgorithmException { + throws IOException, CertificateException, NoSuchAlgorithmException { super(is); setDigestLength(EvConstants.SHA1_LENGTH); setLogFormat(1); @@ -63,22 +63,22 @@ public class TpmPcrEvent1 extends TpmPcrEvent { eventContent = new byte[eventSize]; is.read(eventContent); setEventContent(eventContent); - // copy entire event into a byte array for processing - int eventLength = rawIndex.length + rawType.length + eventDigest.length - + rawEventSize.length; - int offset = 0; - event = new byte[eventLength]; - System.arraycopy(rawIndex, 0, event, offset, rawIndex.length); - offset += rawIndex.length; - System.arraycopy(rawType, 0, event, offset, rawType.length); - offset += rawType.length; - System.arraycopy(eventDigest, 0, event, offset, eventDigest.length); - offset += eventDigest.length; - System.arraycopy(rawEventSize, 0, event, offset, rawEventSize.length); - offset += rawEventSize.length; - setEventData(event); - //System.arraycopy(eventContent, 0, event, offset, eventContent.length); - this.processEvent(event, eventContent, eventNumber); + // copy entire event into a byte array for processing + int eventLength = rawIndex.length + rawType.length + eventDigest.length + + rawEventSize.length; + int offset = 0; + event = new byte[eventLength]; + System.arraycopy(rawIndex, 0, event, offset, rawIndex.length); + offset += rawIndex.length; + System.arraycopy(rawType, 0, event, offset, rawType.length); + offset += rawType.length; + System.arraycopy(eventDigest, 0, event, offset, eventDigest.length); + offset += eventDigest.length; + System.arraycopy(rawEventSize, 0, event, offset, rawEventSize.length); + offset += rawEventSize.length; + setEventData(event); + //System.arraycopy(eventContent, 0, event, offset, eventContent.length); + this.processEvent(event, eventContent, eventNumber); } - } + } } diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent2.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent2.java index deafad26..14e1c609 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent2.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TpmPcrEvent2.java @@ -66,14 +66,14 @@ public class TpmPcrEvent2 extends TpmPcrEvent { /** * Constructor. * - * @param is ByteArrayInputStream holding the TCG Log event + * @param is ByteArrayInputStream holding the TCG Log event * @param eventNumber event position within the event log. - * @throws IOException if an error occurs in parsing the event + * @throws IOException if an error occurs in parsing the event * @throws NoSuchAlgorithmException if an undefined algorithm is encountered. - * @throws CertificateException If a certificate within an event can't be processed. + * @throws CertificateException If a certificate within an event can't be processed. */ public TpmPcrEvent2(final ByteArrayInputStream is, final int eventNumber) - throws IOException, CertificateException, NoSuchAlgorithmException { + throws IOException, CertificateException, NoSuchAlgorithmException { super(is); setDigestLength(EvConstants.SHA256_LENGTH); setLogFormat(2); @@ -110,9 +110,9 @@ public class TpmPcrEvent2 extends TpmPcrEvent { is.read(eventContent); setEventContent(eventContent); int eventLength = rawIndex.length + rawType.length + eventDigest.length - + rawEventSize.length; + + rawEventSize.length; int offset = 0; - for (TcgTpmtHa hash:hashlist) { + for (TcgTpmtHa hash : hashlist) { eventLength += hash.getBuffer().length; } event = new byte[eventLength]; @@ -129,12 +129,4 @@ public class TpmPcrEvent2 extends TpmPcrEvent { this.processEvent(event, eventContent, eventNumber); } } - - /** - * Returns a list of digests within this event. - * @return a list of digests. - */ - public ArrayList getHashList() { - return hashlist; - } } From 3df6eff549fe5e20c620ff57a158886dbe14b071 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 19 Oct 2020 13:20:27 -0400 Subject: [PATCH 2/3] Removed debug code --- .../service/SupplyChainValidationServiceImpl.java | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 202ca1d3..3d30cbe4 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -247,14 +247,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (policy.isFirmwareValidationEnabled()) { // may need to associated with device to pull the correct info // compare tpm quote with what is pulled from RIM associated file - try { - validations.add(validateFirmware(device, policy.getPcrPolicy())); - } catch (Exception ex) { - for (StackTraceElement ste : ex.getStackTrace()) { - LOGGER.error(ste.toString()); - } - LOGGER.error(ex.getMessage()); - } + validations.add(validateFirmware(device, policy.getPcrPolicy())); } // Generate validation summary, save it, and return it. From 24e460e0c4aeb792edecf779c757961a7521cee5 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 26 Oct 2020 11:09:26 -0400 Subject: [PATCH 3/3] This is a refactore that changes BiosMeasurements into EventLogMeasurements for evolving naming convention updates. --- .../AbstractAttestationCertificateAuthority.java | 6 +++--- .../SupplyChainValidationServiceImpl.java | 4 ++-- ...asurements.java => EventLogMeasurements.java} | 16 ++++++++-------- 3 files changed, 13 insertions(+), 13 deletions(-) rename HIRS_Utils/src/main/java/hirs/data/persist/{BiosMeasurements.java => EventLogMeasurements.java} (91%) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 769c7b3a..f990bd26 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -9,7 +9,7 @@ import hirs.attestationca.exceptions.UnexpectedServerException; import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.persist.AppraisalStatus; import hirs.data.persist.BaseReferenceManifest; -import hirs.data.persist.BiosMeasurements; +import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.ReferenceManifest; @@ -810,13 +810,13 @@ public abstract class AbstractAttestationCertificateAuthority clientName); try { // find previous version. If it exists, delete it - support = BiosMeasurements.select(referenceManifestManager) + support = EventLogMeasurements.select(referenceManifestManager) .byManufacturer(dv.getHw().getManufacturer()) .includeArchived().getRIM(); if (support != null) { this.referenceManifestManager.delete(support); } - support = new BiosMeasurements(fileName, + support = new EventLogMeasurements(fileName, dv.getLivelog().toByteArray()); support.setPlatformManufacturer(dv.getHw().getManufacturer()); support.setPlatformModel(dv.getHw().getProductName()); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 3d30cbe4..33769908 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -7,7 +7,7 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import hirs.data.persist.BaseReferenceManifest; -import hirs.data.persist.BiosMeasurements; +import hirs.data.persist.EventLogMeasurements; import hirs.data.persist.SupportReferenceManifest; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.PCRPolicy; @@ -340,7 +340,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe .byManufacturer(manufacturer).getRIM(); supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager) .byManufacturer(manufacturer).getRIM(); - measurement = BiosMeasurements.select(referenceManifestManager) + measurement = EventLogMeasurements.select(referenceManifestManager) .byManufacturer(manufacturer).includeArchived().getRIM(); String failedString = ""; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java similarity index 91% rename from HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java rename to HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java index f63835db..11f63d32 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BiosMeasurements.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java @@ -23,8 +23,8 @@ import java.util.Collection; * however this is the live log from the client. */ @Entity -public class BiosMeasurements extends ReferenceManifest { - private static final Logger LOGGER = LogManager.getLogger(BiosMeasurements.class); +public class EventLogMeasurements extends ReferenceManifest { + private static final Logger LOGGER = LogManager.getLogger(EventLogMeasurements.class); @Column @JsonIgnore @@ -33,7 +33,7 @@ public class BiosMeasurements extends ReferenceManifest { /** * This class enables the retrieval of SupportReferenceManifest by their attributes. */ - public static class Selector extends ReferenceManifestSelector { + public static class Selector extends ReferenceManifestSelector { /** * Construct a new ReferenceManifestSelector that * will use the given (@link ReferenceManifestManager} @@ -43,7 +43,7 @@ public class BiosMeasurements extends ReferenceManifest { * reference manifests. */ public Selector(final ReferenceManifestManager referenceManifestManager) { - super(referenceManifestManager, BiosMeasurements.class, false); + super(referenceManifestManager, EventLogMeasurements.class, false); } /** @@ -86,7 +86,7 @@ public class BiosMeasurements extends ReferenceManifest { * @param rimBytes byte array representation of the RIM * @throws java.io.IOException if unable to unmarshal the string */ - public BiosMeasurements(final byte[] rimBytes) throws IOException { + public EventLogMeasurements(final byte[] rimBytes) throws IOException { this("blank.measurement", rimBytes); } /** @@ -96,8 +96,8 @@ public class BiosMeasurements extends ReferenceManifest { * @param rimBytes byte array representation of the RIM * @throws java.io.IOException if unable to unmarshal the string */ - public BiosMeasurements(final String fileName, - final byte[] rimBytes + public EventLogMeasurements(final String fileName, + final byte[] rimBytes ) throws IOException { super(rimBytes); this.setFileName(fileName); @@ -109,7 +109,7 @@ public class BiosMeasurements extends ReferenceManifest { /** * Default constructor necessary for Hibernate. */ - protected BiosMeasurements() { + protected EventLogMeasurements() { super(); this.pcrHash = 0; }