From d4c35e09ab98f910bb1ede6ab7e72e4cd852323d Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 16 Mar 2022 09:06:04 -0400 Subject: [PATCH 1/5] Updated the code to correctly include the supplemental digestvalues in the firmware validation. --- HIRS_AttestationCA/build.gradle | 2 +- ...stractAttestationCertificateAuthority.java | 164 ++++++++++-------- .../SupplyChainValidationServiceImpl.java | 2 +- HIRS_AttestationCAPortal/build.gradle | 2 +- .../portal/page/PageController.java | 2 +- .../CertificateDetailsPageController.java | 6 +- .../ReferenceManifestPageController.java | 8 +- .../RimDatabasePageController.java | 4 +- .../attestationca/portal/util/PciIds.java | 3 +- .../hirs/data/persist/ArchivableEntity.java | 4 +- .../hirs/persist/DBReferenceEventManager.java | 33 +++- .../hirs/persist/ReferenceEventManager.java | 12 +- 12 files changed, 151 insertions(+), 91 deletions(-) diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index 1c9dcc89..cbed0273 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -43,7 +43,7 @@ war.dependsOn copyVersion ext.configDir = new File(projectDir, 'config') ext.checkstyleConfigDir = "$configDir/checkstyle" checkstyle { - toolVersion = '5.7' + toolVersion = '8.10.1' configFile = checkstyleConfigFile configProperties.put('basedir', checkstyleConfigDir) ignoreFailures = false diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 72a5f823..c95e7282 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -12,7 +12,6 @@ import hirs.data.persist.BaseReferenceManifest; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.EventLogMeasurements; -import hirs.data.persist.ReferenceDigestRecord; import hirs.data.persist.ReferenceDigestValue; import hirs.data.persist.ReferenceManifest; import hirs.data.persist.SupplyChainPolicy; @@ -94,12 +93,15 @@ import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.MGF1ParameterSpec; import java.security.spec.RSAPublicKeySpec; +import java.util.ArrayList; import java.util.Base64; import java.util.Calendar; import java.util.Date; +import java.util.HashMap; import java.util.HashSet; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -992,82 +994,104 @@ public abstract class AbstractAttestationCertificateAuthority private boolean generateDigestRecords(final String manufacturer, final String model, final String deviceName) { - List rdValues; + List rdValues = new LinkedList<>(); + SupportReferenceManifest baseSupportRim = null; + List supplementalRims = new ArrayList<>(); + List patchRims = new ArrayList<>(); Set dbSupportRims = SupportReferenceManifest .select(referenceManifestManager).byManufacturer(manufacturer).getRIMs(); + List sourcedValues = referenceEventManager + .getValueByManufacturerModel(manufacturer, model); + + Map digestValueMap = new HashMap<>(); + sourcedValues.stream().forEach((rdv) -> { + digestValueMap.put(rdv.getDigestValue(), rdv); + }); for (SupportReferenceManifest dbSupport : dbSupportRims) { - if (dbSupport.getPlatformModel().equals(model)) { - ReferenceDigestRecord dbObj = new ReferenceDigestRecord(dbSupport, - manufacturer, model); - dbObj.setDeviceName(deviceName); - // this is where we update or create the log - ReferenceDigestRecord rdr = this.referenceDigestManager.getRecord(dbObj); - if (dbSupport.isBaseSupport()) { - // Handle baseline digest records - if (rdr == null) { - // doesn't exist, store - rdr = referenceDigestManager.saveRecord(dbObj); - } // right now this will not deal with updating + if (dbSupport.getPlatformModel().equals(model)) { // need to verify model is good enough + if (dbSupport.isSwidPatch()) { + patchRims.add(dbSupport); + } else if (dbSupport.isSwidSupplemental()) { + supplementalRims.add(dbSupport); + } else { + // we have a base support rim (verify this is getting set) + baseSupportRim = dbSupport; + } + } + } - if (this.referenceEventManager.getValuesByRimId(dbSupport).isEmpty()) { - try { - TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes()); - ReferenceDigestValue rdv; - for (TpmPcrEvent tpe : logProcessor.getEventList()) { - rdv = new ReferenceDigestValue(dbSupport.getAssociatedRim(), - dbSupport.getId(), manufacturer, model, tpe.getPcrIndex(), - tpe.getEventDigestStr(), tpe.getEventTypeStr(), - false, false, tpe.getEventContent()); - this.referenceEventManager.saveValue(rdv); - } - } catch (CertificateException cEx) { - LOG.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - LOG.error(noSaEx); - } catch (IOException ioEx) { - LOG.error(ioEx); - } - } - } else if (dbSupport.isSwidPatch()) { - if (rdr != null) { - // have to have something to patch - try { - rdValues = this.referenceEventManager.getValuesByRecordId(rdr); - TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes()); - for (TpmPcrEvent tpe : logProcessor.getEventList()) { - LOG.error(tpe); - } - for (ReferenceDigestValue rdv : rdValues) { - LOG.error(rdv); - } - } catch (CertificateException cEx) { - LOG.error(cEx); - } catch (NoSuchAlgorithmException noSaEx) { - LOG.error(noSaEx); - } catch (IOException ioEx) { - LOG.error(ioEx); - } - } - } else if (dbSupport.isSwidSupplemental() && !dbSupport.isProcessed()) { - try { - TCGEventLog logProcessor = new TCGEventLog(dbSupport.getRimBytes()); - ReferenceDigestValue rdv; - for (TpmPcrEvent tpe : logProcessor.getEventList()) { - rdv = new ReferenceDigestValue(dbSupport.getAssociatedRim(), - dbSupport.getId(), manufacturer, model, tpe.getPcrIndex(), - tpe.getEventDigestStr(), tpe.getEventTypeStr(), - false, false, tpe.getEventContent()); - this.referenceEventManager.saveValue(rdv); - } - } catch (CertificateException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (IOException e) { - e.printStackTrace(); + if (referenceEventManager.getValuesByRimId(baseSupportRim).isEmpty() + && baseSupportRim != null) { + try { + TCGEventLog logProcessor = new TCGEventLog(baseSupportRim.getRimBytes()); + ReferenceDigestValue rdv; + for (TpmPcrEvent tpe : logProcessor.getEventList()) { + rdv = new ReferenceDigestValue(baseSupportRim.getAssociatedRim(), + baseSupportRim.getId(), manufacturer, model, tpe.getPcrIndex(), + tpe.getEventDigestStr(), tpe.getEventTypeStr(), + false, false, tpe.getEventContent()); + rdValues.add(rdv); + } + + // since I have the base already I don't have to care about the backward + // linkage + + for (SupportReferenceManifest supplemental : supplementalRims) { + logProcessor = new TCGEventLog(supplemental.getRimBytes()); + for (TpmPcrEvent tpe : logProcessor.getEventList()) { + // all RDVs will have the same base rim + rdv = new ReferenceDigestValue(baseSupportRim.getAssociatedRim(), + supplemental.getId(), manufacturer, model, tpe.getPcrIndex(), + tpe.getEventDigestStr(), tpe.getEventTypeStr(), + false, false, tpe.getEventContent()); + rdValues.add(rdv); } } + + // Save all supplemental values + ReferenceDigestValue tempRdv; + for (ReferenceDigestValue subRdv : rdValues) { + // check if the value already exists + if (digestValueMap.containsKey(subRdv.getDigestValue())) { + tempRdv = digestValueMap.get(subRdv.getDigestValue()); + if (tempRdv.getPcrIndex() != subRdv.getPcrIndex() + && !tempRdv.getEventType().equals(subRdv.getEventType())) { + referenceEventManager.saveValue(subRdv); + } else { + // will this be a problem down the line? + referenceEventManager.updateEvent(subRdv); + } + } else { + referenceEventManager.saveValue(subRdv); + } + digestValueMap.put(subRdv.getDigestValue(), subRdv); + } + + // if a patch value doesn't exist, error? + ReferenceDigestValue dbRdv; + String patchedValue; + for (SupportReferenceManifest patch : patchRims) { + logProcessor = new TCGEventLog(patch.getRimBytes()); + for (TpmPcrEvent tpe : logProcessor.getEventList()) { + patchedValue = tpe.getEventDigestStr(); + dbRdv = digestValueMap.get(patchedValue); + + if (dbRdv == null) { + LOG.error(String.format("Patching value does not exist (%s)", + patchedValue)); + } else { + // I need to know what is being patched before I can finish this + dbRdv.setPatched(true); + } + } + } + } catch (CertificateException cEx) { + LOG.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + LOG.error(noSaEx); + } catch (IOException ioEx) { + LOG.error(ioEx); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 8cd0f816..6ddef617 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -537,7 +537,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (measurement.getPlatformManufacturer().equals(manufacturer)) { tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes()); eventValue = this.referenceEventManager - .getValuesByRimId(supportReferenceManifest); + .getValuesByRimId(baseReferenceManifest); for (ReferenceDigestValue rdv : eventValue) { eventValueMap.put(rdv.getDigestValue(), rdv); } diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 23250d6c..005221d1 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -77,7 +77,7 @@ ext.configDir = new File(projectDir, 'config') ext.checkstyleConfigDir = "$configDir/checkstyle" checkstyle { - toolVersion = '5.7' + toolVersion = '8.10.1' configFile = checkstyleConfigFile configProperties.put('basedir', checkstyleConfigDir) ignoreFailures = false diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java index 6c6a2c1d..8ed65e9c 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/PageController.java @@ -71,7 +71,7 @@ public abstract class PageController

{ * @return the path for the view and data model for the page. */ @RequestMapping - public abstract ModelAndView initPage(@ModelAttribute final P params, final Model model); + public abstract ModelAndView initPage(@ModelAttribute P params, Model model); /** * Creates a generic ModelAndView containing this page's configuration and diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java index 5e00d2e7..26a66611 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateDetailsPageController.java @@ -4,6 +4,7 @@ import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.CertificateDetailsPageParams; import hirs.attestationca.portal.util.CertificateStringMapBuilder; +import hirs.persist.CertificateManager; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; @@ -12,12 +13,11 @@ import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; +import java.io.IOException; import java.util.HashMap; import java.util.UUID; import static hirs.attestationca.portal.page.Page.CERTIFICATE_DETAILS; -import hirs.persist.CertificateManager; -import java.io.IOException; /** * Controller for the Certificate Details page. @@ -76,7 +76,7 @@ public class CertificateDetailsPageController extends PageController PCI_IDS_PATH = - Collections.unmodifiableList(new Vector() - { + Collections.unmodifiableList(new Vector() { private static final long serialVersionUID = 1L; { add("/usr/share/hwdata/pci.ids"); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ArchivableEntity.java b/HIRS_Utils/src/main/java/hirs/data/persist/ArchivableEntity.java index be583e45..ec0a11b2 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ArchivableEntity.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ArchivableEntity.java @@ -1,8 +1,8 @@ package hirs.data.persist; -import java.util.Date; import javax.persistence.Column; import javax.persistence.MappedSuperclass; +import java.util.Date; /** * An abstract archivable entity that can be deleted. @@ -13,7 +13,7 @@ public abstract class ArchivableEntity extends AbstractEntity { /** * Defining the size of a message field for error display. */ - public static final int MAX_MESSAGE_LENGTH = 1200; + public static final int MAX_MESSAGE_LENGTH = 2400; @Column(name = "archived_time") private Date archivedTime; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java index 21cfa0ae..09d08d6a 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceEventManager.java @@ -135,6 +135,35 @@ public class DBReferenceEventManager extends DBManager return dbRecord; } + @Override + public ReferenceDigestValue getValueByDigest(final String eventDigest) { + if (eventDigest == null) { + LOGGER.error("null event digest argument"); + throw new NullPointerException("null event digest argument"); + } + + ReferenceDigestValue dbRecord; + Transaction tx = null; + Session session = getFactory().getCurrentSession(); + try { + LOGGER.debug("retrieving referenceDigestValue from db"); + tx = session.beginTransaction(); + dbRecord = (ReferenceDigestValue) session.createCriteria(ReferenceDigestValue.class) + .add(Restrictions.eq("digestValue", + eventDigest)).uniqueResult(); + tx.commit(); + } catch (Exception ex) { + final String msg = "unable to retrieve object"; + LOGGER.error(msg, ex); + if (tx != null) { + LOGGER.debug("rolling back transaction"); + tx.rollback(); + } + throw new DBManagerException(msg, ex); + } + return dbRecord; + } + @Override public List getValueByManufacturer(final String manufacturer) { if (manufacturer == null) { @@ -271,7 +300,7 @@ public class DBReferenceEventManager extends DBManager } @Override - public void updateRecord(final ReferenceDigestValue referenceDigestValue) { + public void updateEvent(final ReferenceDigestValue referenceDigestValue) { try { super.update(referenceDigestValue); } catch (DBManagerException dbMEx) { @@ -280,7 +309,7 @@ public class DBReferenceEventManager extends DBManager } @Override - public boolean deleteRecord(final ReferenceDigestValue referenceDigestValue) { + public boolean deleteEvent(final ReferenceDigestValue referenceDigestValue) { boolean result; LOGGER.info(String.format("Deleting reference to %s", referenceDigestValue.getId())); diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceEventManager.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceEventManager.java index 93c8534e..277f387a 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceEventManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceEventManager.java @@ -36,6 +36,14 @@ public interface ReferenceEventManager extends OrderedListQuerier Date: Mon, 21 Mar 2022 09:51:32 -0400 Subject: [PATCH 2/5] Did some testing on manual/curl uploading. This produced an error because device name was being used to pull objects in the validation quote part of the provision. This was changed. The event log is deleted each time so that only one event log per device is maintained. --- ...stractAttestationCertificateAuthority.java | 57 +-- .../SupplyChainValidationServiceImpl.java | 5 +- .../ReferenceManifestPageController.java | 342 ++++++++++-------- .../data/persist/BaseReferenceManifest.java | 38 ++ .../data/persist/ReferenceDigestValue.java | 46 ++- .../persist/SupportReferenceManifest.java | 13 + .../persist/ReferenceManifestManager.java | 8 + 7 files changed, 318 insertions(+), 191 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index c95e7282..c9b2c715 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -940,31 +940,38 @@ public abstract class AbstractAttestationCertificateAuthority dv.getLivelog().toByteArray()); // find previous version. measurements = EventLogMeasurements.select(referenceManifestManager) - .byHexDecHash(temp.getHexDecHash()).includeArchived().getRIM(); - if (measurements == null) { - measurements = temp; - measurements.setPlatformManufacturer(dv.getHw().getManufacturer()); - measurements.setPlatformModel(dv.getHw().getProductName()); - measurements.setTagId(tagId); - measurements.setDeviceName(dv.getNw().getHostname()); - this.referenceManifestManager.save(measurements); - } - // now save the hash to the base and support rims associated - for (ReferenceManifest rim : listOfSavedRims) { - if (rim != null) { - rim.setEventLogHash(temp.getHexDecHash()); - this.referenceManifestManager.update(rim); - } + .byDeviceName(dv.getNw().getHostname()) + .includeArchived() + .getRIM(); + + if (measurements != null) { + // Find previous log and delete it + referenceManifestManager.deleteReferenceManifest(measurements); } - for (BaseReferenceManifest baseRim : BaseReferenceManifest - .select(referenceManifestManager).getRIMs()) { - if (baseRim.getPlatformManufacturer().equals(dv.getHw().getManufacturer()) - && baseRim.getPlatformModel().equals(dv.getHw().getProductName())) { - baseRim.setEventLogHash(temp.getHexDecHash()); - this.referenceManifestManager.update(baseRim); - } - } + BaseReferenceManifest baseRim = BaseReferenceManifest + .select(referenceManifestManager) + .byManufacturerModelBase(dv.getHw().getManufacturer(), + dv.getHw().getProductName()) + .getRIM(); + measurements = temp; + measurements.setPlatformManufacturer(dv.getHw().getManufacturer()); + measurements.setPlatformModel(dv.getHw().getProductName()); + measurements.setTagId(tagId); + measurements.setDeviceName(dv.getNw().getHostname()); + measurements.setAssociatedRim(baseRim.getAssociatedRim()); + this.referenceManifestManager.save(measurements); + + // pull the base versions of the swidtag and rimel and set the + // event log hash for use during provision + SupportReferenceManifest sBaseRim = SupportReferenceManifest + .select(referenceManifestManager) + .byEntityId(baseRim.getAssociatedRim()) + .getRIM(); + baseRim.setEventLogHash(temp.getHexDecHash()); + sBaseRim.setEventLogHash(temp.getHexDecHash()); + referenceManifestManager.update(baseRim); + referenceManifestManager.update(sBaseRim); } catch (IOException ioEx) { LOG.error(ioEx); } @@ -1030,7 +1037,7 @@ public abstract class AbstractAttestationCertificateAuthority rdv = new ReferenceDigestValue(baseSupportRim.getAssociatedRim(), baseSupportRim.getId(), manufacturer, model, tpe.getPcrIndex(), tpe.getEventDigestStr(), tpe.getEventTypeStr(), - false, false, tpe.getEventContent()); + false, false, true, tpe.getEventContent()); rdValues.add(rdv); } @@ -1044,7 +1051,7 @@ public abstract class AbstractAttestationCertificateAuthority rdv = new ReferenceDigestValue(baseSupportRim.getAssociatedRim(), supplemental.getId(), manufacturer, model, tpe.getPcrIndex(), tpe.getEventDigestStr(), tpe.getEventTypeStr(), - false, false, tpe.getEventContent()); + false, false, true, tpe.getEventContent()); rdValues.add(rdv); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 6ddef617..76ad5bcd 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -621,7 +621,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe try { Set supportRims = SupportReferenceManifest .select(this.referenceManifestManager) - .byDeviceName(deviceName).getRIMs(); + .byManufacturerModel( + device.getDeviceInfo().getHardwareInfo().getManufacturer(), + device.getDeviceInfo().getHardwareInfo().getProductName()) + .getRIMs(); for (SupportReferenceManifest support : supportRims) { if (support.isBaseSupport()) { sRim = support; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 6c48954c..3d1fc179 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -50,6 +50,7 @@ import java.security.cert.CertificateException; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -228,8 +229,8 @@ public class ReferenceManifestPageController Pattern logPattern = Pattern.compile(LOG_FILE_PATTERN); Matcher matcher; boolean supportRIM = false; - BaseReferenceManifest base; - SupportReferenceManifest support; + List baseRims = new ArrayList<>(); + List supportRims = new ArrayList<>(); // loop through the files for (MultipartFile file : files) { @@ -238,64 +239,62 @@ public class ReferenceManifestPageController supportRIM = matcher.matches(); //Parse reference manifests - ReferenceManifest rim = parseRIM(file, supportRIM, messages); + parseRIM(file, supportRIM, messages, baseRims, supportRims); + } + baseRims.stream().forEach((rim) -> { + LOGGER.info(String.format("Storing swidtag %s", rim.getFileName())); + storeManifest(messages, rim, false); + }); + supportRims.stream().forEach((rim) -> { + LOGGER.info(String.format("Storing event log %s", rim.getFileName())); + storeManifest(messages, rim, false); + }); + for (ReferenceManifest rim : baseRims) { // store first then update - ReferenceManifest referenceManifest = storeManifest(file.getOriginalFilename(), - messages, - rim, - supportRIM); - //Store only if it was parsed - if (rim != null) { - if (supportRIM) { - // look for associated base/support - // if I am the support rim, my hash is in the meta data of the swidtag - Set rims = BaseReferenceManifest - .select(referenceManifestManager).getRIMs(); - support = (SupportReferenceManifest) rim; - // update information for associated support rim - for (BaseReferenceManifest bRim : rims) { - for (SwidResource swid : bRim.parseResource()) { - if (support.getHexDecHash().equals(swid.getHashValue())) { - updateSupportRimInfo(bRim, support); - referenceManifestManager.update(support); - } - } - if (support.isUpdated()) { - for (ReferenceDigestValue rdv : referenceEventManager - .getValuesByRimId(support)) { - rdv.updateInfo(support); - referenceEventManager.updateEvent(rdv); - } - break; - } - } - } else { - base = (BaseReferenceManifest) referenceManifest; - // the base can find the support rim by the meta data hash - for (SwidResource swid : base.parseResource()) { - support = SupportReferenceManifest.select(referenceManifestManager) - .byHexDecHash(swid.getHashValue()).getRIM(); - if (support != null) { - base.setAssociatedRim(support.getId()); - if (support.isUpdated()) { - // this is separate because I want to break if we found it - // instead of finding it, it is uptodate but still search - break; - } else { - updateSupportRimInfo(base, support); - updateTpmEvents(support); - try { - referenceManifestManager.update(support); - } catch (DBManagerException dbmEx) { - LOGGER.warn("Failed to update Support RIM"); - } - } - } - } - } + storeManifest(messages, rim, false); + + + /** + * Ok so another redo. phased like the provision section + * filter through, find base vs support + * Maybe process base first, create a map of the support digest + * to the base + * go through support and pull the associated base + * save those. Save the digests + * re pull digests support from the DB and then do the events + */ + + } + + for (ReferenceManifest rim : supportRims) { + // store the rimels + storeManifest(messages, rim, true); + } + + // Prep a map to associated the swidtag payload hash to the swidtag. + // pass it in to update support rims that either were uploaded + // or already exist + // create a map of the supports rims in case an uploaded swidtag + // isn't one to one with the uploaded support rims. + Map updatedSupportRims + = updateSupportRimInfo(generatePayloadHashMap(baseRims)); + + // look for missing uploaded support rims + for (SupportReferenceManifest support : supportRims) { + if (!updatedSupportRims.containsKey(support.getHexDecHash())) { + // Make sure we are getting the db version of the file + updatedSupportRims.put(support.getHexDecHash(), + SupportReferenceManifest + .select(referenceManifestManager) + .byHexDecHash(support.getHexDecHash()) + .getRIM()); } } + // pass in the updated support rims + // and either update or add the events + processTpmEvents(new ArrayList(updatedSupportRims.values())); + //Add messages to the model model.put(MESSAGES_ATTRIBUTE, messages); @@ -479,15 +478,19 @@ public class ReferenceManifestPageController * object. * * @param file the provide user file via browser. + * @param supportRIM matcher result * @param messages the object that handles displaying information to the * user. + * @param baseRims object to store multiple files + * @param supportRims object to store multiple files * @return a single or collection of reference manifest files. */ - private ReferenceManifest parseRIM( + private void parseRIM( final MultipartFile file, final boolean supportRIM, - final PageMessages messages) { + final PageMessages messages, final List baseRims, + final List supportRims) { - byte[] fileBytes; + byte[] fileBytes = new byte[0]; String fileName = file.getOriginalFilename(); // build the manifest from the uploaded bytes @@ -498,43 +501,39 @@ public class ReferenceManifestPageController = String.format("Failed to read uploaded file (%s): ", fileName); LOGGER.error(failMessage, e); messages.addError(failMessage + e.getMessage()); - return null; +// return null; } try { if (supportRIM) { - return new SupportReferenceManifest(fileName, fileBytes); + supportRims.add(new SupportReferenceManifest(fileName, fileBytes)); } else { - return new BaseReferenceManifest(fileName, fileBytes); + baseRims.add(new BaseReferenceManifest(fileName, fileBytes)); } - // the this is a List is object is a JaxBElement that can - // be matched up to the QName } catch (IOException ioEx) { final String failMessage = String.format("Failed to parse uploaded file (%s): ", fileName); LOGGER.error(failMessage, ioEx); messages.addError(failMessage + ioEx.getMessage()); - return null; +// return null; } } /** * Stores the {@link ReferenceManifest} objects. * - * @param fileName name of the file given * @param messages message object for user display of statuses * @param referenceManifest the object to store * @param supportRim boolean flag indicating if this is a support RIM * process. */ - private ReferenceManifest storeManifest( - final String fileName, + private void storeManifest( final PageMessages messages, final ReferenceManifest referenceManifest, final boolean supportRim) { - ReferenceManifest existingManifest; - + ReferenceManifest existingManifest = null; + String fileName = referenceManifest.getFileName(); MessageDigest digest = null; String rimHash = ""; try { @@ -570,32 +569,31 @@ public class ReferenceManifestPageController + "failed (%s): ", fileName); messages.addError(failMessage + e.getMessage()); LOGGER.error(failMessage, e); - return null; +// return null; } try { // save the new certificate if no match is found if (existingManifest == null) { - saveTpmEvents(referenceManifestManager.save(referenceManifest)); + referenceManifestManager.save(referenceManifest); final String successMsg = String.format("RIM successfully uploaded (%s): ", fileName); messages.addSuccess(successMsg); LOGGER.info(successMsg); - - return referenceManifest; } } catch (DBManagerException dbmEx) { - final String failMessage = String.format("Storing RIM failed (%s): ", fileName); + final String failMessage = String.format("Storing RIM failed (%s): ", + fileName); messages.addError(failMessage + dbmEx.getMessage()); LOGGER.error(failMessage, dbmEx); - return null; +// return null; } try { // if an identical RIM is archived, update the existing RIM to // unarchive it and change the creation date - if (existingManifest.isArchived()) { + if (existingManifest != null && existingManifest.isArchived()) { existingManifest.restore(); existingManifest.resetCreateTime(); referenceManifestManager.update(existingManifest); @@ -604,7 +602,6 @@ public class ReferenceManifestPageController = String.format("Pre-existing RIM found and unarchived (%s): ", fileName); messages.addSuccess(successMsg); LOGGER.info(successMsg); - return existingManifest; } } catch (DBManagerException dbmEx) { final String failMessage = String.format("Found an identical pre-existing RIM in the " @@ -612,90 +609,121 @@ public class ReferenceManifestPageController messages.addError(failMessage + dbmEx.getMessage()); LOGGER.error(failMessage, dbmEx); - return null; +// return null; } - return referenceManifest; +// return referenceManifest; } - private void updateSupportRimInfo(final BaseReferenceManifest dbBaseRim, - final SupportReferenceManifest supportRim) { - // I have to assume the baseRim is from the database - // Updating the id values, manufacturer, model - if (supportRim != null) { - supportRim.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); - supportRim.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer()); - supportRim.setPlatformModel(dbBaseRim.getPlatformModel()); - supportRim.setTagId(dbBaseRim.getTagId()); - supportRim.setAssociatedRim(dbBaseRim.getId()); - supportRim.setUpdated(true); - } - } - - private void updateTpmEvents(final ReferenceManifest referenceManifest) { - String manufacturer; - String model; - if (referenceManifest.getPlatformManufacturer() == null) { - manufacturer = ""; - } else { - manufacturer = referenceManifest.getPlatformManufacturer(); - } - - if (referenceManifest.getPlatformModel() == null) { - model = ""; - } else { - model = referenceManifest.getPlatformModel(); - } - - List rdvs = referenceEventManager - .getValuesByRimId(referenceManifest); - - for (ReferenceDigestValue rdv : rdvs) { - rdv.setModel(model); - rdv.setManufacturer(manufacturer); - rdv.setBaseRimId(referenceManifest.getAssociatedRim()); - referenceEventManager.updateEvent(rdv); - } - } - - private void saveTpmEvents(final ReferenceManifest referenceManifest) { - SupportReferenceManifest dbSupport; - String manufacturer; - String model; - if (referenceManifest instanceof SupportReferenceManifest) { - dbSupport = (SupportReferenceManifest) referenceManifest; - } else { - return; - } - TCGEventLog logProcessor = null; - if (dbSupport.getPlatformManufacturer() == null) { - manufacturer = ""; - } else { - manufacturer = dbSupport.getPlatformManufacturer(); - } - - if (dbSupport.getPlatformModel() == null) { - model = ""; - } else { - model = dbSupport.getPlatformModel(); - } - try { - logProcessor = new TCGEventLog(dbSupport.getRimBytes()); - ReferenceDigestValue rdv; - for (TpmPcrEvent tpe : logProcessor.getEventList()) { - rdv = new ReferenceDigestValue(dbSupport.getAssociatedRim(), - dbSupport.getId(), manufacturer, - model, tpe.getPcrIndex(), - tpe.getEventDigestStr(), tpe.getEventTypeStr(), - false, false, tpe.getEventContent()); - this.referenceEventManager.saveValue(rdv); + private Map generatePayloadHashMap( + final List uploadedBaseRims) { + BaseReferenceManifest dbBaseRim; + HashMap tempMap = new HashMap<>(); + for (BaseReferenceManifest base : uploadedBaseRims) { + // this is done to make sure we have the version with the UUID + dbBaseRim = BaseReferenceManifest.select(referenceManifestManager) + .byBase64Hash(base.getBase64Hash()).getRIM(); + if (dbBaseRim != null) { + for (SwidResource swid : dbBaseRim.parseResource()) { + tempMap.put(swid.getHashValue(), dbBaseRim); + } + } + } + + return tempMap; + } + + private Map updateSupportRimInfo( + final Map dbBaseRims) { + BaseReferenceManifest dbBaseRim; + SupportReferenceManifest supportRim; + Map updatedSupportRims = new HashMap<>(); + List hashValues = new LinkedList<>(dbBaseRims.keySet()); + for (String supportHash : hashValues) { + supportRim = SupportReferenceManifest.select(referenceManifestManager) + .byHexDecHash(supportHash).getRIM(); + // I have to assume the baseRim is from the database + // Updating the id values, manufacturer, model + if (supportRim != null && !supportRim.isUpdated()) { + dbBaseRim = dbBaseRims.get(supportHash); + supportRim.setSwidTagVersion(dbBaseRim.getSwidTagVersion()); + supportRim.setPlatformManufacturer(dbBaseRim.getPlatformManufacturer()); + supportRim.setPlatformModel(dbBaseRim.getPlatformModel()); + supportRim.setTagId(dbBaseRim.getTagId()); + supportRim.setAssociatedRim(dbBaseRim.getId()); + supportRim.setUpdated(true); + referenceManifestManager.update(supportRim); + updatedSupportRims.put(supportHash, supportRim); + } + } + + return updatedSupportRims; + } + + /** + * If the support rim is a supplemental or base, this method looks for the + * original oem base rim to associate with each event. + * @param supportRim assumed db object + * @return reference to the base rim + */ + private ReferenceManifest findBaseRim(final SupportReferenceManifest supportRim) { + if (supportRim != null && (supportRim.getId() != null + && !supportRim.getId().toString().equals(""))) { + Set baseRims = BaseReferenceManifest + .select(referenceManifestManager) + .byManufacturerModel(supportRim.getPlatformManufacturer(), + supportRim.getPlatformModel()).getRIMs(); + + for (BaseReferenceManifest base : baseRims) { + if (base.isBase()) { + // there should be only one + return base; + } + } + } + return null; + } + + private void processTpmEvents(final List dbSupportRims) { + boolean updated = true; + List tpmEvents; + TCGEventLog logProcessor = null; + ReferenceManifest baseRim; + + for (SupportReferenceManifest dbSupport : dbSupportRims) { + // So first we'll have to pull values based on support rim + // get by support rim id NEXT + + tpmEvents = referenceEventManager.getValuesByRimId(dbSupport); + baseRim = findBaseRim(dbSupport); + if (tpmEvents.isEmpty()) { + ReferenceDigestValue rdv; + try { + logProcessor = new TCGEventLog(dbSupport.getRimBytes()); + for (TpmPcrEvent tpe : logProcessor.getEventList()) { + rdv = new ReferenceDigestValue(baseRim.getId(), + dbSupport.getId(), dbSupport.getPlatformManufacturer(), + dbSupport.getPlatformModel(), tpe.getPcrIndex(), + tpe.getEventDigestStr(), tpe.getEventTypeStr(), + false, false, updated, tpe.getEventContent()); + + this.referenceEventManager.saveValue(rdv); + } + } catch (CertificateException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } catch (IOException e) { + e.printStackTrace(); + } + } else { + for (ReferenceDigestValue rdv : tpmEvents) { + if (!rdv.isUpdated()) { + rdv.updateInfo(dbSupport, baseRim.getId()); + this.referenceEventManager.updateEvent(rdv); + } + } } - } catch (CertificateException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (IOException e) { - e.printStackTrace(); } } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java index aea0d04d..a693374c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java @@ -121,6 +121,35 @@ public class BaseReferenceManifest extends ReferenceManifest { return this; } + /** + * Specify the platform manufacturer/model that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @param model string for the model + * @return this instance + */ + public Selector byManufacturerModel(final String manufacturer, final String model) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + setFieldValue(PLATFORM_MODEL, model); + return this; + } + + /** + * Specify the platform manufacturer/model/base flag that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @param model string for the model + * @return this instance + */ + public Selector byManufacturerModelBase(final String manufacturer, final String model) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + setFieldValue(PLATFORM_MODEL, model); + setFieldValue("swidPatch", false); + setFieldValue("swidSupplemental", false); + //setFieldValue("", false); //corpus? + return this; + } + /** * Specify the device name that rims must have to be considered * as matching. @@ -492,6 +521,15 @@ public class BaseReferenceManifest extends ReferenceManifest { this.swidCorpus = swidCorpus; } + /** + * The assumed requirement for being the initial swidtag. + * @return flag for the status + */ + public boolean isBase() { + return !this.isSwidPatch() && !this.isSwidSupplemental() + && (this.isSwidCorpus() == 0); + } + /** * Getter for the Entity Name. * diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestValue.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestValue.java index 9eb217c2..6aea80ba 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestValue.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceDigestValue.java @@ -47,6 +47,8 @@ public class ReferenceDigestValue extends ArchivableEntity { private boolean matchFail; @Column(nullable = false) private boolean patched = false; + @Column(nullable = false) + private boolean updated = false; /** * Default constructor necessary for Hibernate. @@ -62,6 +64,7 @@ public class ReferenceDigestValue extends ArchivableEntity { this.eventType = ""; this.matchFail = false; this.patched = false; + this.updated = false; this.contentBlob = null; } @@ -75,14 +78,16 @@ public class ReferenceDigestValue extends ArchivableEntity { * @param digestValue the key digest value * @param eventType the event type to store * @param matchFail the status of the baseline check - * @param patched the status of the value being updated to to patch + * @param patched the status of the value being updated to patch + * @param updated the status of the value being updated with info * @param contentBlob the data value of the content */ public ReferenceDigestValue(final UUID baseRimId, final UUID supportRimId, final String manufacturer, final String model, final int pcrIndex, final String digestValue, final String eventType, final boolean matchFail, - final boolean patched, final byte[] contentBlob) { + final boolean patched, final boolean updated, + final byte[] contentBlob) { this.baseRimId = baseRimId; this.supportRimId = supportRimId; this.manufacturer = manufacturer; @@ -92,6 +97,7 @@ public class ReferenceDigestValue extends ArchivableEntity { this.eventType = eventType; this.matchFail = matchFail; this.patched = patched; + this.updated = updated; this.contentBlob = Arrays.clone(contentBlob); } @@ -239,6 +245,22 @@ public class ReferenceDigestValue extends ArchivableEntity { this.patched = patched; } + /** + * Getter for the status of the updated state. + * @return updated flag + */ + public boolean isUpdated() { + return updated; + } + + /** + * Setter for the status of the updated state. + * @param updated the flag to set + */ + public void setUpdated(final boolean updated) { + this.updated = updated; + } + /** * Getter for the byte array of event values. * @return a clone of the byte array @@ -260,12 +282,19 @@ public class ReferenceDigestValue extends ArchivableEntity { /** * Helper method to update the attributes of this object. * @param support the associated RIM. + * @param baseRimId the main id to update */ - public void updateInfo(final SupportReferenceManifest support) { - if (support != null && support.getId().equals(getSupportRimId())) { - setBaseRimId(support.getAssociatedRim()); + public void updateInfo(final SupportReferenceManifest support, final UUID baseRimId) { + if (support != null) { + setBaseRimId(baseRimId); setManufacturer(support.getPlatformManufacturer()); setModel(support.getPlatformModel()); + setUpdated(true); + if (support.isSwidPatch()) { + // come back to this later, how does this get + // identified to be patched + setPatched(true); + } } } @@ -288,7 +317,7 @@ public class ReferenceDigestValue extends ArchivableEntity { @Override public int hashCode() { int result = Objects.hash(pcrIndex, digestValue, manufacturer, model, - eventType, matchFail, patched); + eventType, matchFail, patched, updated); return result; } @@ -297,7 +326,8 @@ public class ReferenceDigestValue extends ArchivableEntity { * @return a string */ public String toString() { - return String.format("ReferenceDigestValue: {%s, %d, %s, %s, %b}", - model, pcrIndex, digestValue, eventType, matchFail); + return String.format("ReferenceDigestValue: {%s, %d, %s, %s, " + + "matchFail - %b, updated - %b, patched - %b}", + model, pcrIndex, digestValue, eventType, matchFail, updated, patched); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java index 712bbf7f..fcee4586 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupportReferenceManifest.java @@ -58,6 +58,19 @@ public class SupportReferenceManifest extends ReferenceManifest { return this; } + /** + * Specify the platform model that rims must have to be considered + * as matching. + * @param manufacturer string for the manufacturer + * @param model string for the model + * @return this instance + */ + public Selector byManufacturerModel(final String manufacturer, final String model) { + setFieldValue(PLATFORM_MANUFACTURER, manufacturer); + setFieldValue(PLATFORM_MODEL, model); + return this; + } + /** * Specify the device name that rims must have to be considered * as matching. diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java index 1d5e2e7e..79d08989 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestManager.java @@ -41,4 +41,12 @@ public interface ReferenceManifestManager extends OrderedListQuerier Date: Mon, 21 Mar 2022 10:11:23 -0400 Subject: [PATCH 3/5] Removed comments and updated notes for Patching values --- ...stractAttestationCertificateAuthority.java | 4 +- .../ReferenceManifestPageController.java | 43 ------------------- 2 files changed, 3 insertions(+), 44 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index c9b2c715..75fbad47 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -1088,7 +1088,9 @@ public abstract class AbstractAttestationCertificateAuthority LOG.error(String.format("Patching value does not exist (%s)", patchedValue)); } else { - // I need to know what is being patched before I can finish this + /** + * Until we get patch examples, this is WIP + */ dbRdv.setPatched(true); } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 3d1fc179..9a8b3caa 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -183,29 +183,6 @@ public class ReferenceManifestPageController referenceManifestManager, input, orderColumnName, criteriaModifier); - SupportReferenceManifest support; -// List events; -// for (ReferenceManifest rim : records) { -// if (rim instanceof SupportReferenceManifest) { -// support = (SupportReferenceManifest) rim; -// events = referenceEventManager.getValuesByRimId(support); -// -// for (ReferenceDigestValue rdv : events) { -// // the selector isn't giving me what I want -// if (support.getPlatformManufacturer() != null) { -// rdv.setManufacturer(support.getPlatformManufacturer()); -// } -// if (support.getPlatformModel() != null) { -// rdv.setModel(support.getPlatformModel()); -// } -// if (support.getAssociatedRim() != null) { -// rdv.setBaseRimId(support.getAssociatedRim()); -// } -// referenceEventManager.updateRecord(rdv); -// } -// } -// } - LOGGER.debug("Returning list of size: " + records.size()); return new DataTableResponse<>(records, input); } @@ -252,18 +229,6 @@ public class ReferenceManifestPageController for (ReferenceManifest rim : baseRims) { // store first then update storeManifest(messages, rim, false); - - - /** - * Ok so another redo. phased like the provision section - * filter through, find base vs support - * Maybe process base first, create a map of the support digest - * to the base - * go through support and pull the associated base - * save those. Save the digests - * re pull digests support from the DB and then do the events - */ - } for (ReferenceManifest rim : supportRims) { @@ -501,7 +466,6 @@ public class ReferenceManifestPageController = String.format("Failed to read uploaded file (%s): ", fileName); LOGGER.error(failMessage, e); messages.addError(failMessage + e.getMessage()); -// return null; } try { @@ -515,7 +479,6 @@ public class ReferenceManifestPageController = String.format("Failed to parse uploaded file (%s): ", fileName); LOGGER.error(failMessage, ioEx); messages.addError(failMessage + ioEx.getMessage()); -// return null; } } @@ -569,7 +532,6 @@ public class ReferenceManifestPageController + "failed (%s): ", fileName); messages.addError(failMessage + e.getMessage()); LOGGER.error(failMessage, e); -// return null; } try { @@ -587,7 +549,6 @@ public class ReferenceManifestPageController fileName); messages.addError(failMessage + dbmEx.getMessage()); LOGGER.error(failMessage, dbmEx); -// return null; } try { @@ -608,11 +569,7 @@ public class ReferenceManifestPageController + "archive, but failed to unarchive it (%s): ", fileName); messages.addError(failMessage + dbmEx.getMessage()); LOGGER.error(failMessage, dbmEx); - -// return null; } - -// return referenceManifest; } private Map generatePayloadHashMap( From 308064089c0c315c65fc77bdf7b7562733f22586 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 21 Mar 2022 14:29:48 -0400 Subject: [PATCH 4/5] Checking git hub action error --- ...stractAttestationCertificateAuthority.java | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 75fbad47..4d877f83 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -928,8 +928,7 @@ public abstract class AbstractAttestationCertificateAuthority listOfSavedRims.add(dbBaseRim); } - generateDigestRecords(hw.getManufacturer(), hw.getProductName(), - dv.getNw().getHostname()); + generateDigestRecords(hw.getManufacturer(), hw.getProductName()); if (dv.hasLivelog()) { LOG.info("Device sent bios measurement log..."); @@ -999,14 +998,15 @@ public abstract class AbstractAttestationCertificateAuthority return dvReport; } - private boolean generateDigestRecords(final String manufacturer, final String model, - final String deviceName) { + private boolean generateDigestRecords(final String manufacturer, final String model) { + LOG.error("Manufacturer " + manufacturer + " Model " + model); List rdValues = new LinkedList<>(); SupportReferenceManifest baseSupportRim = null; List supplementalRims = new ArrayList<>(); List patchRims = new ArrayList<>(); Set dbSupportRims = SupportReferenceManifest - .select(referenceManifestManager).byManufacturer(manufacturer).getRIMs(); + .select(referenceManifestManager) + .byManufacturerModel(manufacturer, model).getRIMs(); List sourcedValues = referenceEventManager .getValueByManufacturerModel(manufacturer, model); @@ -1015,21 +1015,22 @@ public abstract class AbstractAttestationCertificateAuthority digestValueMap.put(rdv.getDigestValue(), rdv); }); + LOG.error("# of rims - " + dbSupportRims.size()); + LOG.error("# of RDVs - " + sourcedValues.size()); for (SupportReferenceManifest dbSupport : dbSupportRims) { - if (dbSupport.getPlatformModel().equals(model)) { // need to verify model is good enough - if (dbSupport.isSwidPatch()) { - patchRims.add(dbSupport); - } else if (dbSupport.isSwidSupplemental()) { - supplementalRims.add(dbSupport); - } else { - // we have a base support rim (verify this is getting set) - baseSupportRim = dbSupport; - } + if (dbSupport.isSwidPatch()) { + patchRims.add(dbSupport); + } else if (dbSupport.isSwidSupplemental()) { + supplementalRims.add(dbSupport); + } else { + // we have a base support rim (verify this is getting set) + baseSupportRim = dbSupport; } } - if (referenceEventManager.getValuesByRimId(baseSupportRim).isEmpty() - && baseSupportRim != null) { + LOG.error("baseSupportRim (" + baseSupportRim + ")"); + if (baseSupportRim != null + && referenceEventManager.getValuesByRimId(baseSupportRim).isEmpty()) { try { TCGEventLog logProcessor = new TCGEventLog(baseSupportRim.getRimBytes()); ReferenceDigestValue rdv; @@ -1043,7 +1044,6 @@ public abstract class AbstractAttestationCertificateAuthority // since I have the base already I don't have to care about the backward // linkage - for (SupportReferenceManifest supplemental : supplementalRims) { logProcessor = new TCGEventLog(supplemental.getRimBytes()); for (TpmPcrEvent tpe : logProcessor.getEventList()) { From dea58b1f0783b14fc03a5ccdd7adb5eeca50fee2 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Mon, 21 Mar 2022 14:43:52 -0400 Subject: [PATCH 5/5] The issue was resolved with the code changes. Removing comments --- .../AbstractAttestationCertificateAuthority.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 4d877f83..afc09246 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -999,7 +999,6 @@ public abstract class AbstractAttestationCertificateAuthority } private boolean generateDigestRecords(final String manufacturer, final String model) { - LOG.error("Manufacturer " + manufacturer + " Model " + model); List rdValues = new LinkedList<>(); SupportReferenceManifest baseSupportRim = null; List supplementalRims = new ArrayList<>(); @@ -1015,8 +1014,6 @@ public abstract class AbstractAttestationCertificateAuthority digestValueMap.put(rdv.getDigestValue(), rdv); }); - LOG.error("# of rims - " + dbSupportRims.size()); - LOG.error("# of RDVs - " + sourcedValues.size()); for (SupportReferenceManifest dbSupport : dbSupportRims) { if (dbSupport.isSwidPatch()) { patchRims.add(dbSupport); @@ -1028,7 +1025,6 @@ public abstract class AbstractAttestationCertificateAuthority } } - LOG.error("baseSupportRim (" + baseSupportRim + ")"); if (baseSupportRim != null && referenceEventManager.getValuesByRimId(baseSupportRim).isEmpty()) { try {