ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 04:58:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Please enter the message for your changes.ssociated event values to the

Browse Source 
support rim and delete them properly and to not also upload duplicate
issues. [no ci]
This commit is contained in:
Cyrus 2023-07-11 07:07:13 -04:00
parent 210c48dada
commit 6e96c32a5e
6 changed files with 50 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceDigestValueRepository.java
View File

@ -13,12 +13,11 @@ public interface ReferenceDigestValueRepository extends JpaRepository<ReferenceD
@Query(value = "SELECT * FROM ReferenceDigestValue", nativeQuery = true)
List<ReferenceDigestValue> listAll();
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE model = ?1", nativeQuery = true)
List<ReferenceDigestValue> listByModel(String model);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE manufacturer = ?1", nativeQuery = true)
List<ReferenceDigestValue> listByManufacturer(String manufacturer);
List<ReferenceDigestValue> findByModel(String model);
List<ReferenceDigestValue> findByManufacturer(String manufacturer);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE baseRimId = '?1' OR supportRimId = '?1'", nativeQuery = true)
List<ReferenceDigestValue> getValuesByRimId(UUID associatedRimId);
@Query(value = "SELECT * FROM ReferenceDigestValue WHERE supportRimId = '?1'", nativeQuery = true)
List<ReferenceDigestValue> getValuesBySupportRimId(UUID supportRimId);
List<ReferenceDigestValue> findBySupportRimId(UUID supportRimId);
List<ReferenceDigestValue> findBySupportRimHash(String supportRimHash);
}

8
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java
View File

@ -14,14 +14,12 @@ import java.util.UUID;
@Repository
public interface ReferenceManifestRepository extends JpaRepository<ReferenceManifest, UUID> {
@Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1", nativeQuery = true)
ReferenceManifest findByHash(String rimHash);
@Query(value = "SELECT * FROM ReferenceManifest WHERE hexDecHash = ?1 AND rimType = ?2", nativeQuery = true)
ReferenceManifest findByHash(String rimHash, String rimType);
ReferenceManifest findByHexDecHash(String hexDecHash);
ReferenceManifest findByHexDecHashAndRimType(String hexDecHash, String rimType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true)
List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true)
List<ReferenceManifest> getByManufacturer(String manufacturer, String dType);
ReferenceManifest getByManufacturer(String manufacturer, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true)
ReferenceManifest getByModel(String model, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true)

73
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java
View File

@ -3,8 +3,6 @@ package hirs.attestationca.persist.entity.userdefined.rim;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.tpm.eventlog.TCGEventLog;
import hirs.utils.tpm.eventlog.TpmPcrEvent;
import jakarta.persistence.Column;
@ -41,66 +39,6 @@ public class EventLogMeasurements extends ReferenceManifest {
@Getter @Setter
private AppraisalStatus.Status overallValidationResult = AppraisalStatus.Status.FAIL;
/**
* This class enables the retrieval of SupportReferenceManifest by their attributes.
*/
public static class Selector extends ReferenceManifestSelector<EventLogMeasurements> {
/**
* Construct a new ReferenceManifestSelector that
* will use the given (@link ReferenceManifestService}
* to retrieve one or may SupportReferenceManifest.
*
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, EventLogMeasurements.class, false);
}
/**
* Specify the platform manufacturer that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @return this instance
*/
public Selector byManufacturer(final String manufacturer) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
return this;
}
/**
* Specify the platform model that rims must have to be considered
* as matching.
* @param model string for the model
* @return this instance
*/
public Selector byModel(final String model) {
setFieldValue(PLATFORM_MODEL, model);
return this;
}
/**
* Specify the device name that rims must have to be considered
* as matching.
* @param deviceName string for the deviceName
* @return this instance
*/
public Selector byDeviceName(final String deviceName) {
setFieldValue("deviceName", deviceName);
return this;
}
/**
* Specify the RIM hash associated with the Event Log.
* @param hexDecHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byHexDecHash(final String hexDecHash) {
setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
return this;
}
}
/**
* Support constructor for the RIM object.
*
@ -135,17 +73,6 @@ public class EventLogMeasurements extends ReferenceManifest {
this.pcrHash = 0;
}
/**
* Get a Selector for use in retrieving ReferenceManifest.
*
* @param rimMan the ReferenceManifestService to be used to retrieve
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/
public static Selector select(final ReferenceManifestServiceImpl rimMan) {
return new Selector(rimMan);
}
/**
* Getter method for the expected PCR values contained within the support
* RIM.

10
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/ReferenceDigestValue.java
View File

@ -1,6 +1,6 @@
package hirs.attestationca.persist.entity.userdefined.rim;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.AbstractEntity;
import jakarta.persistence.Access;
import jakarta.persistence.AccessType;
import jakarta.persistence.Column;
@ -26,7 +26,7 @@ import java.util.UUID;
@EqualsAndHashCode(callSuper=false)
@Table(name = "ReferenceDigestValue")
@Access(AccessType.FIELD)
public class ReferenceDigestValue extends ArchivableEntity {
public class ReferenceDigestValue extends AbstractEntity {
@JdbcTypeCode(java.sql.Types.VARCHAR)
@Column
@ -43,6 +43,8 @@ public class ReferenceDigestValue extends ArchivableEntity {
@Column(nullable = false)
private String digestValue;
@Column(nullable = false)
private String supportRimHash;
@Column(nullable = false)
private String eventType;
@Column(columnDefinition = "blob", nullable = true)
private byte[] contentBlob;
@ -64,6 +66,7 @@ public class ReferenceDigestValue extends ArchivableEntity {
this.model = "";
this.pcrIndex = -1;
this.digestValue = "";
this.supportRimHash = "";
this.eventType = "";
this.matchFail = false;
this.patched = false;
@ -79,6 +82,7 @@ public class ReferenceDigestValue extends ArchivableEntity {
* @param model the specific device type
* @param pcrIndex the event number
* @param digestValue the key digest value
* @param supportRimHash the support file's hash value
* @param eventType the event type to store
* @param matchFail the status of the baseline check
* @param patched the status of the value being updated to patch
@ -88,6 +92,7 @@ public class ReferenceDigestValue extends ArchivableEntity {
public ReferenceDigestValue(final UUID baseRimId, final UUID supportRimId,
final String manufacturer, final String model,
final int pcrIndex, final String digestValue,
final String supportRimHash,
final String eventType, final boolean matchFail,
final boolean patched, final boolean updated,
final byte[] contentBlob) {
@ -97,6 +102,7 @@ public class ReferenceDigestValue extends ArchivableEntity {
this.model = model;
this.pcrIndex = pcrIndex;
this.digestValue = digestValue;
this.supportRimHash = supportRimHash;
this.eventType = eventType;
this.matchFail = matchFail;
this.patched = patched;

36
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -29,7 +29,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
@ -234,8 +233,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("pcUriLocal", baseRim.getPcURILocal());
data.put("rimLinkHash", baseRim.getRimLinkHash());
if (baseRim.getRimLinkHash() != null) {
ReferenceManifest rim = referenceManifestRepository.findByHash(baseRim.getRimLinkHash(),
"BaseReferenceManifest");
ReferenceManifest rim = referenceManifestRepository.findByHexDecHashAndRimType(
baseRim.getRimLinkHash(), ReferenceManifest.BASE_RIM);
if (rim != null) {
data.put("rimLinkId", rim.getId());
data.put("linkHashValid", true);
@ -247,27 +246,12 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
List<SwidResource> resources = baseRim.getFileResources();
TCGEventLog logProcessor = null;
List<ReferenceManifest> subManifests;
SupportReferenceManifest support = null;
if (baseRim.getAssociatedRim() == null) {
/**
* Need to have parsing implemented
*/
// referenceManifestRepository.findByHash("hexDecHash", "Support");
subManifests = referenceManifestRepository
support = (SupportReferenceManifest) referenceManifestRepository
.getByManufacturer(baseRim.getPlatformManufacturer(),
"SupportReferenceManifest");
String fileString = new String(baseRim.getRimBytes(), StandardCharsets.UTF_8);
for (ReferenceManifest rim : subManifests) {
if (rim instanceof SupportReferenceManifest) {
support = (SupportReferenceManifest) rim;
if (fileString.contains(rim.getHexDecHash())) {
break;
}
}
}
if (support != null) {
baseRim.setAssociatedRim(support.getId());
}
@ -314,8 +298,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.replace("signatureValid", true);
break;
}
} catch (SupplyChainValidatorException scvEx) {
log.warn("Error verifying cert chain: " + scvEx.getMessage());
} catch (SupplyChainValidatorException e) {
log.error("Error verifying cert chain: " + e.getMessage());
}
}
}
@ -329,8 +313,6 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
}
} catch (NullPointerException e) {
log.error("Unable to link signing certificate: " + e.getMessage());
} catch (Exception ex) {
log.warn(ex.getMessage());
}
return data;
}
@ -373,8 +355,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
// testing this independent of the above if statement because the above
// starts off checking if associated rim is null; that is irrelevant for
// this statement.
measurements = (EventLogMeasurements) referenceManifestRepository.findByHash(support.getHexDecHash(),
"EventLogMeasurements");
measurements = (EventLogMeasurements) referenceManifestRepository.findByHexDecHashAndRimType(support.getHexDecHash(),
ReferenceManifest.MEASUREMENT_RIM);
if (support.isSwidPatch()) {
data.put("swidPatch", "True");
@ -525,7 +507,7 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("validationResult", measurements.getOverallValidationResult());
data.put("swidBase", true);
List<ReferenceDigestValue> eventValues = new ArrayList<>();
List<ReferenceDigestValue> eventValues = new LinkedList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
@ -545,7 +527,7 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.put("associatedRim", base.getId());
}
eventValues.addAll(referenceDigestValueRepository.getValuesByRimId(base.getId()));
eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
}
}

41
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -221,26 +221,25 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
try {
ReferenceManifest referenceManifest = getRimFromDb(id);
List<ReferenceDigestValue> values = new LinkedList<>();
if (referenceManifest == null) {
String notFoundMessage = "Unable to locate RIM with ID: " + id;
messages.addError(notFoundMessage);
log.warn(notFoundMessage);
} else {
// if support rim, update associated events
values = referenceDigestValueRepository.findBySupportRimHash(
referenceManifest.getHexDecHash());
for (ReferenceDigestValue value : values) {
referenceDigestValueRepository.delete(value);
}
referenceManifestRepository.delete(referenceManifest);
String deleteCompletedMessage = "RIM successfully deleted";
messages.addInfo(deleteCompletedMessage);
log.info(deleteCompletedMessage);
// if support rim, update associated events
if (referenceManifest instanceof SupportReferenceManifest) {
List<ReferenceDigestValue> values = referenceDigestValueRepository
.getValuesByRimId(referenceManifest.getId());
for (ReferenceDigestValue value : values) {
referenceDigestValueRepository.delete(value);
}
}
}
} catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + id;
@ -396,6 +395,8 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
byte[] fileBytes = new byte[0];
String fileName = file.getOriginalFilename();
BaseReferenceManifest baseRim;
SupportReferenceManifest supportRim;
// build the manifest from the uploaded bytes
try {
@ -409,9 +410,18 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
try {
if (supportRIM) {
supportRims.add(new SupportReferenceManifest(fileName, fileBytes));
supportRim = new SupportReferenceManifest(fileName, fileBytes);
if (referenceManifestRepository.findByHexDecHashAndRimType(supportRim.getHexDecHash(),
supportRim.getRimType()) == null) {
supportRims.add(supportRim);
messages.addInfo("Saved Reference Manifest " + fileName);
}
} else {
baseRims.add(new BaseReferenceManifest(fileName, fileBytes));
baseRim = new BaseReferenceManifest(fileName, fileBytes);
if (referenceManifestRepository.findByHexDecHashAndRimType(baseRim.getHexDecHash(),
baseRim.getRimType()) == null) {
baseRims.add(baseRim);
}
}
} catch (IOException ioEx) {
final String failMessage
@ -489,7 +499,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
// So first we'll have to pull values based on support rim
// get by support rim id NEXT
if (dbSupport.getPlatformManufacturer() != null) {
tpmEvents = referenceDigestValueRepository.getValuesBySupportRimId(dbSupport.getAssociatedRim());
tpmEvents = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
baseRim = findBaseRim(dbSupport);
if (tpmEvents.isEmpty()) {
try {
@ -498,8 +508,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
newRdv = new ReferenceDigestValue(baseRim.getId(),
dbSupport.getId(), dbSupport.getPlatformManufacturer(),
dbSupport.getPlatformModel(), tpe.getPcrIndex(),
tpe.getEventDigestStr(), tpe.getEventTypeStr(),
false, false, true, tpe.getEventContent());
tpe.getEventDigestStr(), dbSupport.getHexDecHash(),
tpe.getEventTypeStr(),false, false,
true, tpe.getEventContent());
this.referenceDigestValueRepository.save(newRdv);
}