mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-20 21:43:18 +00:00
This commit adds several changes that updates how the RIM files are accessed and made accessible from the DB as well as what is shown visually when there is a validation failure and the measurement log is shown.
This commit is contained in:
Cyrus
parent
c7fb94d7b4
commit
5acc393541
@ -99,6 +99,7 @@ import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
@ -806,6 +807,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
|
||||
support.getRimHash().substring(
|
||||
support.getRimHash().length() - NUM_OF_VARIABLES)));
|
||||
support.setDeviceName(dv.getNw().getHostname());
|
||||
this.referenceManifestManager.save(support);
|
||||
} else {
|
||||
LOG.info("Client provided Support RIM already loaded in database.");
|
||||
@ -828,6 +830,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
|
||||
if (dv.getSwidfileCount() > 0) {
|
||||
for (ByteString swidFile : dv.getSwidfileList()) {
|
||||
UUID baseId = null;
|
||||
fileName = "";
|
||||
try {
|
||||
dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
|
||||
@ -841,6 +844,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
String.format("%s.swidtag",
|
||||
defaultClientName),
|
||||
swidFile.toByteArray());
|
||||
dbBaseRim.setDeviceName(dv.getNw().getHostname());
|
||||
|
||||
// get file name to use
|
||||
for (SwidResource swid : dbBaseRim.parseResource()) {
|
||||
@ -849,10 +853,8 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
//found the file name
|
||||
int dotIndex = swid.getName().lastIndexOf(".");
|
||||
fileName = swid.getName().substring(0, dotIndex);
|
||||
dbBaseRim = new BaseReferenceManifest(
|
||||
String.format("%s.swidtag",
|
||||
fileName),
|
||||
swidFile.toByteArray());
|
||||
dbBaseRim.setFileName(String.format("%s.swidtag",
|
||||
fileName));
|
||||
}
|
||||
|
||||
// now update support rim
|
||||
@ -862,8 +864,6 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
if (dbSupport != null && !dbSupport.isUpdated()) {
|
||||
dbSupport.setFileName(swid.getName());
|
||||
dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
|
||||
// I might create a get for the bytes of the swidtag file
|
||||
// so that I can set that instead of the rim ID
|
||||
dbSupport.setTagId(dbBaseRim.getTagId());
|
||||
dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
|
||||
dbSupport.setSwidVersion(dbBaseRim.getSwidVersion());
|
||||
@ -875,7 +875,8 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
break;
|
||||
}
|
||||
}
|
||||
this.referenceManifestManager.save(dbBaseRim);
|
||||
baseId = this.referenceManifestManager.save(dbBaseRim).getId();
|
||||
LOG.error(baseId);
|
||||
} else {
|
||||
LOG.info("Client provided Base RIM already loaded in database.");
|
||||
/**
|
||||
@ -889,6 +890,17 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
}
|
||||
}
|
||||
|
||||
// sync up associated IDs
|
||||
if (dbBaseRim.getAssociatedRim() != null) {
|
||||
SupportReferenceManifest dbSupport = SupportReferenceManifest
|
||||
.select(referenceManifestManager)
|
||||
.byEntityId(dbBaseRim.getAssociatedRim()).getRIM();
|
||||
|
||||
if (dbSupport != null && dbSupport.getAssociatedRim() == null) {
|
||||
dbSupport.setAssociatedRim(baseId);
|
||||
this.referenceManifestManager.update(dbSupport);
|
||||
}
|
||||
}
|
||||
} catch (IOException ioEx) {
|
||||
LOG.error(ioEx);
|
||||
}
|
||||
@ -906,7 +918,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
try {
|
||||
// find previous version. If it exists, delete it
|
||||
measurements = EventLogMeasurements.select(referenceManifestManager)
|
||||
.byManufacturer(dv.getHw().getManufacturer())
|
||||
.byDeviceName(dv.getNw().getHostname())
|
||||
.includeArchived().getRIM();
|
||||
if (measurements != null) {
|
||||
LOG.info("Previous bios measurement log found and being replaced...");
|
||||
@ -917,6 +929,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
|
||||
measurements.setPlatformModel(dv.getHw().getProductName());
|
||||
measurements.setTagId(tagId);
|
||||
measurements.setDeviceName(dv.getNw().getHostname());
|
||||
this.referenceManifestManager.save(measurements);
|
||||
} catch (IOException ioEx) {
|
||||
LOG.error(ioEx);
|
||||
|
||||
@ -512,9 +512,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
if (!tpmPcrEvents.isEmpty()) {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
validationObject = measurement;
|
||||
sb.append(String.format("%d digest(s) were not found:%n",
|
||||
tpmPcrEvents.size()));
|
||||
for (TpmPcrEvent tpe : tpmPcrEvents) {
|
||||
sb.append(String.format("Event %s - %s%n",
|
||||
tpe.getEventNumber(),
|
||||
sb.append(String.format("PCR Index %d - %s%n",
|
||||
tpe.getPcrIndex(),
|
||||
tpe.getEventTypeStr()));
|
||||
}
|
||||
if (fwStatus.getAppStatus().equals(FAIL)) {
|
||||
|
||||
@ -6,12 +6,16 @@ import hirs.attestationca.portal.page.PageMessages;
|
||||
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
|
||||
import hirs.data.persist.BaseReferenceManifest;
|
||||
import hirs.data.persist.EventLogMeasurements;
|
||||
import hirs.data.persist.ReferenceDigestRecord;
|
||||
import hirs.data.persist.ReferenceDigestValue;
|
||||
import hirs.data.persist.ReferenceManifest;
|
||||
import hirs.data.persist.SupportReferenceManifest;
|
||||
import hirs.data.persist.SwidResource;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.DBManagerException;
|
||||
import hirs.persist.ReferenceDigestManager;
|
||||
import hirs.persist.ReferenceEventManager;
|
||||
import hirs.persist.ReferenceManifestManager;
|
||||
import hirs.tpm.eventlog.TCGEventLog;
|
||||
import hirs.tpm.eventlog.TpmPcrEvent;
|
||||
@ -32,6 +36,7 @@ import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
@ -44,6 +49,8 @@ public class ReferenceManifestDetailsPageController
|
||||
extends PageController<ReferenceManifestDetailsPageParams> {
|
||||
|
||||
private final ReferenceManifestManager referenceManifestManager;
|
||||
private final ReferenceDigestManager referenceDigestManager;
|
||||
private final ReferenceEventManager referenceEventManager;
|
||||
private final CertificateManager certificateManager;
|
||||
private static final ReferenceManifestValidator RIM_VALIDATOR
|
||||
= new ReferenceManifestValidator();
|
||||
@ -54,14 +61,20 @@ public class ReferenceManifestDetailsPageController
|
||||
* Constructor providing the Page's display and routing specification.
|
||||
*
|
||||
* @param referenceManifestManager the reference manifest manager.
|
||||
* @param referenceDigestManager the reference digest manager.
|
||||
* @param referenceEventManager the reference event manager.
|
||||
* @param certificateManager the certificate manager.
|
||||
*/
|
||||
@Autowired
|
||||
public ReferenceManifestDetailsPageController(
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final ReferenceDigestManager referenceDigestManager,
|
||||
final ReferenceEventManager referenceEventManager,
|
||||
final CertificateManager certificateManager) {
|
||||
super(Page.RIM_DETAILS);
|
||||
this.referenceManifestManager = referenceManifestManager;
|
||||
this.referenceDigestManager = referenceDigestManager;
|
||||
this.referenceEventManager = referenceEventManager;
|
||||
this.certificateManager = certificateManager;
|
||||
}
|
||||
|
||||
@ -92,7 +105,8 @@ public class ReferenceManifestDetailsPageController
|
||||
} else {
|
||||
try {
|
||||
UUID uuid = UUID.fromString(params.getId());
|
||||
data.putAll(getRimDetailInfo(uuid, referenceManifestManager, certificateManager));
|
||||
data.putAll(getRimDetailInfo(uuid, referenceManifestManager,
|
||||
referenceDigestManager, referenceEventManager, certificateManager));
|
||||
} catch (IllegalArgumentException iaEx) {
|
||||
String uuidError = "Failed to parse ID from: " + params.getId();
|
||||
messages.addError(uuidError);
|
||||
@ -123,6 +137,8 @@ public class ReferenceManifestDetailsPageController
|
||||
*
|
||||
* @param uuid database reference for the requested RIM.
|
||||
* @param referenceManifestManager the reference manifest manager.
|
||||
* @param referenceDigestManager the reference digest manager.
|
||||
* @param referenceEventManager the reference event manager.
|
||||
* @param certificateManager the certificate manager.
|
||||
* @return mapping of the RIM information from the database.
|
||||
* @throws java.io.IOException error for reading file bytes.
|
||||
@ -131,6 +147,8 @@ public class ReferenceManifestDetailsPageController
|
||||
*/
|
||||
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final ReferenceDigestManager referenceDigestManager,
|
||||
final ReferenceEventManager referenceEventManager,
|
||||
final CertificateManager certificateManager) throws IOException,
|
||||
CertificateException, NoSuchAlgorithmException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
@ -153,7 +171,8 @@ public class ReferenceManifestDetailsPageController
|
||||
.byEntityId(uuid).getRIM();
|
||||
|
||||
if (bios != null) {
|
||||
data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager));
|
||||
data.putAll(getMeasurementsRimInfo(bios, referenceManifestManager,
|
||||
referenceDigestManager, referenceEventManager));
|
||||
}
|
||||
|
||||
return data;
|
||||
@ -457,6 +476,8 @@ public class ReferenceManifestDetailsPageController
|
||||
*
|
||||
* @param measurements established ReferenceManifest Type.
|
||||
* @param referenceManifestManager the reference manifest manager.
|
||||
* @param referenceDigestManager the reference digest manager.
|
||||
* @param referenceEventManager the reference event manager.
|
||||
* @return mapping of the RIM information from the database.
|
||||
* @throws java.io.IOException error for reading file bytes.
|
||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||
@ -464,56 +485,65 @@ public class ReferenceManifestDetailsPageController
|
||||
*/
|
||||
private static HashMap<String, Object> getMeasurementsRimInfo(
|
||||
final EventLogMeasurements measurements,
|
||||
final ReferenceManifestManager referenceManifestManager)
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final ReferenceDigestManager referenceDigestManager,
|
||||
final ReferenceEventManager referenceEventManager)
|
||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
LinkedList<TpmPcrEvent> supportEvents = new LinkedList<>();
|
||||
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
|
||||
BaseReferenceManifest base = null;
|
||||
SupportReferenceManifest support = null;
|
||||
TCGEventLog supportLog = null;
|
||||
ReferenceDigestRecord digestRecord = null;
|
||||
|
||||
data.put("supportFilename", "Blank");
|
||||
data.put("supportId", "");
|
||||
data.put("tagId", measurements.getTagId());
|
||||
data.put("baseId", "");
|
||||
data.put("rimType", measurements.getRimType());
|
||||
data.put("hostName", measurements.getDeviceName());
|
||||
|
||||
if (measurements.getPlatformManufacturer() != null) {
|
||||
digestRecord = referenceDigestManager.getRecord(measurements
|
||||
.getPlatformManufacturer(),
|
||||
measurements.getPlatformModel());
|
||||
support = SupportReferenceManifest
|
||||
.select(referenceManifestManager)
|
||||
.byManufacturer(measurements
|
||||
.getPlatformManufacturer()).getRIM();
|
||||
|
||||
if (support != null) {
|
||||
supportLog = new TCGEventLog(support.getRimBytes());
|
||||
data.put("supportFilename", support.getFileName());
|
||||
data.put("supportId", support.getId());
|
||||
}
|
||||
|
||||
base = BaseReferenceManifest
|
||||
.select(referenceManifestManager)
|
||||
.byManufacturer(measurements
|
||||
.getPlatformManufacturer()).getRIM();
|
||||
|
||||
if (base != null) {
|
||||
data.put("baseId", base.getId());
|
||||
base = BaseReferenceManifest
|
||||
.select(referenceManifestManager)
|
||||
.byEntityId(support.getAssociatedRim())
|
||||
.getRIM();
|
||||
data.put("tagId", support.getTagId());
|
||||
|
||||
if (base != null) {
|
||||
data.put("baseId", base.getId());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
|
||||
if (supportLog != null) {
|
||||
TpmPcrEvent measurementEvent;
|
||||
for (TpmPcrEvent tpe : supportLog.getEventList()) {
|
||||
measurementEvent = measurementLog.getEventByNumber(tpe.getEventNumber());
|
||||
if (!tpe.eventCompare(measurementEvent)) {
|
||||
supportEvents.add(tpe);
|
||||
List<ReferenceDigestValue> eventValue;
|
||||
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
|
||||
if (digestRecord != null) {
|
||||
eventValue = referenceEventManager
|
||||
.getValuesByRecordId(digestRecord);
|
||||
for (ReferenceDigestValue rdv : eventValue) {
|
||||
eventValueMap.put(rdv.getDigestValue(), rdv);
|
||||
}
|
||||
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
|
||||
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
|
||||
livelogEvents.add(measurementEvent);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
data.put("supportEvents", supportEvents);
|
||||
data.put("livelogEvents", livelogEvents);
|
||||
|
||||
return data;
|
||||
|
||||
@ -241,6 +241,10 @@
|
||||
<div class="row">
|
||||
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Base/Support</span></div>
|
||||
<div id="measurements" class="col col-md-8">
|
||||
<c:if test="${not empty initialData.hostName}">
|
||||
<div><span>${initialData.hostName}</span>
|
||||
</div>
|
||||
</c:if>
|
||||
<c:if test="${not empty initialData.tagId}">
|
||||
<div>Base: <span><a href="${portal}/rim-details?id=${initialData.baseId}">${initialData.tagId}</a></span>
|
||||
</div>
|
||||
@ -253,31 +257,6 @@
|
||||
</div>
|
||||
<br />
|
||||
<div class="row" style="margin: auto 260px auto 125px">
|
||||
<div class="panel panel-default" style="flex: 1">
|
||||
<div class="panel-heading">Support</div>
|
||||
<c:if test="${not empty initialData.supportEvents}">
|
||||
<c:forEach items="${initialData.supportEvents}" var="sEvent">
|
||||
<div class="event-element">
|
||||
<div class="event-data">
|
||||
<div class="data-label">Event#:</div>
|
||||
<div class="data-value">${sEvent.getEventNumber()+1}</div>
|
||||
</div>
|
||||
<div class="event-data">
|
||||
<div class="data-label">PCR Index:</div>
|
||||
<div class="data-value">${sEvent.getPcrIndex()}</div>
|
||||
</div>
|
||||
<div class="event-data">
|
||||
<div class="data-label">Digest:</div>
|
||||
<div class="data-value">${sEvent.getEventDigestStr()}</div>
|
||||
</div>
|
||||
<div class="event-data">
|
||||
<div class="data-label">Content:</div>
|
||||
<div class="data-value">${sEvent.getEventContentStr()}</div>
|
||||
</div>
|
||||
</div>
|
||||
</c:forEach>
|
||||
</c:if>
|
||||
</div>
|
||||
<div class="panel panel-default" style="flex: 1">
|
||||
<div class="panel-heading">Client Log</div>
|
||||
<c:if test="${not empty initialData.livelogEvents}">
|
||||
|
||||
@ -100,24 +100,13 @@ public class BaseReferenceManifest extends ReferenceManifest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform manufacturer id that rims must have to be considered
|
||||
* Specify the device name that rims must have to be considered
|
||||
* as matching.
|
||||
* @param manufacturerId string for the id of the manufacturer
|
||||
* @param deviceName string for the deviceName
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byManufacturerId(final String manufacturerId) {
|
||||
setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform model that rims must have to be considered
|
||||
* as matching.
|
||||
* @param model string for the model
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byModel(final String model) {
|
||||
setFieldValue(PLATFORM_MODEL, model);
|
||||
public Selector byDeviceName(final String deviceName) {
|
||||
setFieldValue("deviceName", deviceName);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,24 +58,13 @@ public class EventLogMeasurements extends ReferenceManifest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform manufacturer id that rims must have to be considered
|
||||
* Specify the device name that rims must have to be considered
|
||||
* as matching.
|
||||
* @param manufacturerId string for the id of the manufacturer
|
||||
* @param deviceName string for the deviceName
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byManufacturerId(final String manufacturerId) {
|
||||
setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform model that rims must have to be considered
|
||||
* as matching.
|
||||
* @param model string for the model
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byModel(final String model) {
|
||||
setFieldValue(PLATFORM_MODEL, model);
|
||||
public Selector byDeviceName(final String deviceName) {
|
||||
setFieldValue("deviceName", deviceName);
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
@ -97,6 +97,9 @@ public abstract class ReferenceManifest extends ArchivableEntity {
|
||||
@Type(type = "uuid-char")
|
||||
@Column
|
||||
private UUID associatedRim;
|
||||
@Column
|
||||
@JsonIgnore
|
||||
private String deviceName;
|
||||
|
||||
/**
|
||||
* Default constructor necessary for Hibernate.
|
||||
@ -335,6 +338,22 @@ public abstract class ReferenceManifest extends ArchivableEntity {
|
||||
this.associatedRim = associatedRim;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the Device Name.
|
||||
* @return string value of the device associated with this log.
|
||||
*/
|
||||
public String getDeviceName() {
|
||||
return deviceName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter for the Device Name.
|
||||
* @param deviceName new value to assign.
|
||||
*/
|
||||
public void setDeviceName(final String deviceName) {
|
||||
this.deviceName = deviceName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the Reference Integrity Manifest as a byte array.
|
||||
*
|
||||
|
||||
@ -60,24 +60,13 @@ public class SupportReferenceManifest extends ReferenceManifest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform manufacturer id that rims must have to be considered
|
||||
* Specify the device name that rims must have to be considered
|
||||
* as matching.
|
||||
* @param manufacturerId string for the id of the manufacturer
|
||||
* @param deviceName string for the deviceName
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byManufacturerId(final String manufacturerId) {
|
||||
setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify the platform model that rims must have to be considered
|
||||
* as matching.
|
||||
* @param model string for the model
|
||||
* @return this instance
|
||||
*/
|
||||
public Selector byModel(final String model) {
|
||||
setFieldValue(PLATFORM_MODEL, model);
|
||||
public Selector byDeviceName(final String deviceName) {
|
||||
setFieldValue("deviceName", deviceName);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user