mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-02-20 17:52:47 +00:00
Merge pull request #513 from nsacyber/issue-511
[#511] Minor appearance update fixes
This commit is contained in:
iadgovuser26
GitHub
commit
75178a07f0
@ -29,6 +29,7 @@ import hirs.data.persist.info.OSInfo;
|
||||
import hirs.data.persist.info.TPMInfo;
|
||||
import hirs.data.service.DeviceRegister;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.DBManager;
|
||||
import hirs.persist.DeviceManager;
|
||||
import hirs.persist.ReferenceDigestManager;
|
||||
@ -176,6 +177,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
*/
|
||||
private Integer validDays = 1;
|
||||
|
||||
private final ComponentResultManager componentResultManager;
|
||||
private final CertificateManager certificateManager;
|
||||
private final ReferenceManifestManager referenceManifestManager;
|
||||
private final DeviceRegister deviceRegister;
|
||||
@ -192,6 +194,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
* @param privateKey the ACA private key
|
||||
* @param acaCertificate the ACA certificate
|
||||
* @param structConverter the struct converter
|
||||
* @param componentResultManager the component result manager
|
||||
* @param certificateManager the certificate manager
|
||||
* @param referenceManifestManager the Reference Manifest manager
|
||||
* @param deviceRegister the device register
|
||||
@ -206,6 +209,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
final SupplyChainValidationService supplyChainValidationService,
|
||||
final PrivateKey privateKey, final X509Certificate acaCertificate,
|
||||
final StructConverter structConverter,
|
||||
final ComponentResultManager componentResultManager,
|
||||
final CertificateManager certificateManager,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final DeviceRegister deviceRegister, final int validDays,
|
||||
@ -217,6 +221,7 @@ public abstract class AbstractAttestationCertificateAuthority
|
||||
this.privateKey = privateKey;
|
||||
this.acaCertificate = acaCertificate;
|
||||
this.structConverter = structConverter;
|
||||
this.componentResultManager = componentResultManager;
|
||||
this.certificateManager = certificateManager;
|
||||
this.referenceManifestManager = referenceManifestManager;
|
||||
this.deviceRegister = deviceRegister;
|
||||
|
||||
@ -4,6 +4,7 @@ import hirs.attestationca.AbstractAttestationCertificateAuthority;
|
||||
import hirs.attestationca.service.SupplyChainValidationService;
|
||||
import hirs.data.service.DeviceRegister;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.DBManager;
|
||||
import hirs.persist.DeviceManager;
|
||||
import hirs.persist.ReferenceDigestManager;
|
||||
@ -38,6 +39,7 @@ public class RestfulAttestationCertificateAuthority
|
||||
* @param privateKey the ACA private key
|
||||
* @param acaCertificate the ACA certificate
|
||||
* @param structConverter the struct converter
|
||||
* @param componentResultManager the component result manager
|
||||
* @param certificateManager the certificate manager
|
||||
* @param referenceManifestManager the referenceManifestManager
|
||||
* @param deviceRegister the device register
|
||||
@ -53,6 +55,7 @@ public class RestfulAttestationCertificateAuthority
|
||||
final SupplyChainValidationService supplyChainValidationService,
|
||||
final PrivateKey privateKey, final X509Certificate acaCertificate,
|
||||
final StructConverter structConverter,
|
||||
final ComponentResultManager componentResultManager,
|
||||
final CertificateManager certificateManager,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final DeviceRegister deviceRegister,
|
||||
@ -62,7 +65,7 @@ public class RestfulAttestationCertificateAuthority
|
||||
final ReferenceEventManager referenceEventManager,
|
||||
@Value("${aca.certificates.validity}") final int validDays) {
|
||||
super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
|
||||
certificateManager, referenceManifestManager,
|
||||
componentResultManager, certificateManager, referenceManifestManager,
|
||||
deviceRegister, validDays, deviceManager,
|
||||
tpm2ProvisionerStateDBManager, referenceDigestManager, referenceEventManager);
|
||||
}
|
||||
|
||||
@ -19,10 +19,12 @@ import hirs.data.persist.SwidResource;
|
||||
import hirs.data.persist.TPMMeasurementRecord;
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.persist.AppraiserManager;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.CrudManager;
|
||||
import hirs.persist.DBManagerException;
|
||||
import hirs.persist.PersistenceConfiguration;
|
||||
@ -82,6 +84,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
private ReferenceDigestManager referenceDigestManager;
|
||||
private ReferenceEventManager referenceEventManager;
|
||||
private CertificateManager certificateManager;
|
||||
private ComponentResultManager componentResultManager;
|
||||
private CredentialValidator supplyChainCredentialValidator;
|
||||
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
|
||||
|
||||
@ -104,6 +107,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
* @param policyManager the policy manager
|
||||
* @param appraiserManager the appraiser manager
|
||||
* @param certificateManager the cert manager
|
||||
* @param componentResultManager the comp result manager
|
||||
* @param referenceManifestManager the RIM manager
|
||||
* @param supplyChainValidatorSummaryManager the summary manager
|
||||
* @param supplyChainCredentialValidator the credential validator
|
||||
@ -115,6 +119,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
public SupplyChainValidationServiceImpl(
|
||||
final PolicyManager policyManager, final AppraiserManager appraiserManager,
|
||||
final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager,
|
||||
final ReferenceManifestManager referenceManifestManager,
|
||||
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
|
||||
final CredentialValidator supplyChainCredentialValidator,
|
||||
@ -123,6 +128,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
this.policyManager = policyManager;
|
||||
this.appraiserManager = appraiserManager;
|
||||
this.certificateManager = certificateManager;
|
||||
this.componentResultManager = componentResultManager;
|
||||
this.referenceManifestManager = referenceManifestManager;
|
||||
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
|
||||
this.supplyChainCredentialValidator = supplyChainCredentialValidator;
|
||||
@ -781,7 +787,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
case FAIL:
|
||||
if (!result.getAdditionalInfo().isEmpty()) {
|
||||
pc.setComponentFailures(result.getAdditionalInfo());
|
||||
pc.setComponentFailureMessage(result.getMessage());
|
||||
this.certificateManager.update(pc);
|
||||
for (ComponentResult componentResult
|
||||
: supplyChainCredentialValidator.getComponentResultList()) {
|
||||
this.componentResultManager.saveResult(componentResult);
|
||||
}
|
||||
}
|
||||
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
|
||||
result.getMessage(), pc, Level.WARN);
|
||||
@ -817,6 +828,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
case FAIL:
|
||||
if (!result.getAdditionalInfo().isEmpty()) {
|
||||
base.setComponentFailures(result.getAdditionalInfo());
|
||||
base.setComponentFailureMessage(result.getMessage());
|
||||
this.certificateManager.update(base);
|
||||
}
|
||||
// we are adding things to componentFailures
|
||||
|
||||
@ -131,7 +131,7 @@ public class AbstractAttestationCertificateAuthorityTest {
|
||||
@BeforeTest
|
||||
public void setup() {
|
||||
aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(),
|
||||
null, null, null, null, null, 1,
|
||||
null, null, null, null, null, null, 1,
|
||||
null, null, null, null) {
|
||||
};
|
||||
}
|
||||
|
||||
@ -16,6 +16,7 @@ import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.persist.AppraiserManager;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.persist.CrudManager;
|
||||
import hirs.persist.DBCertificateManager;
|
||||
import hirs.persist.DBDeviceGroupManager;
|
||||
@ -85,6 +86,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
@Mock
|
||||
private CertificateManager certificateManager;
|
||||
|
||||
@Mock
|
||||
private ComponentResultManager componentResultManager;
|
||||
|
||||
@Mock
|
||||
private CredentialValidator supplyChainCredentialValidator;
|
||||
|
||||
@ -449,6 +453,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -511,6 +516,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -559,6 +565,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -597,6 +604,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -659,6 +667,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -707,6 +716,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
supplyChainCredentialValidator,
|
||||
@ -760,6 +770,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
|
||||
policyManager,
|
||||
appraiserManager,
|
||||
realCertMan,
|
||||
componentResultManager,
|
||||
null,
|
||||
supplyChainValidationSummaryDBManager,
|
||||
new SupplyChainCredentialValidator(),
|
||||
|
||||
@ -5,6 +5,7 @@ import hirs.attestationca.portal.page.PageMessages;
|
||||
import hirs.attestationca.portal.page.params.CertificateDetailsPageParams;
|
||||
import hirs.attestationca.portal.util.CertificateStringMapBuilder;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -32,16 +33,20 @@ public class CertificateDetailsPageController extends PageController<Certificate
|
||||
static final String INITIAL_DATA = "initialData";
|
||||
|
||||
private final CertificateManager certificateManager;
|
||||
private final ComponentResultManager componentResultManager;
|
||||
private static final Logger LOGGER =
|
||||
LogManager.getLogger(CertificateDetailsPageController.class);
|
||||
/**
|
||||
* Constructor providing the Page's display and routing specification.
|
||||
* @param certificateManager the certificate manager
|
||||
* @param componentResultManager the component result manager
|
||||
*/
|
||||
@Autowired
|
||||
public CertificateDetailsPageController(final CertificateManager certificateManager) {
|
||||
public CertificateDetailsPageController(final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager) {
|
||||
super(CERTIFICATE_DETAILS);
|
||||
this.certificateManager = certificateManager;
|
||||
this.componentResultManager = componentResultManager;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -87,7 +92,7 @@ public class CertificateDetailsPageController extends PageController<Certificate
|
||||
break;
|
||||
case "platform":
|
||||
data.putAll(CertificateStringMapBuilder.getPlatformInformation(uuid,
|
||||
certificateManager));
|
||||
certificateManager, componentResultManager));
|
||||
break;
|
||||
case "issued":
|
||||
data.putAll(CertificateStringMapBuilder.getIssuedInformation(uuid,
|
||||
|
||||
@ -442,7 +442,8 @@ public class ReferenceManifestDetailsPageController
|
||||
for (TpmPcrEvent tpe : eventList) {
|
||||
contentStr = tpe.getEventContentStr();
|
||||
// check for specific events
|
||||
if (contentStr.contains("CRTM")) {
|
||||
if (contentStr.contains("CRTM")
|
||||
|| tpe.getEventTypeStr().contains("EV_EFI_PLATFORM_FIRMWARE_BLOB")) {
|
||||
crtm = true;
|
||||
} else if (contentStr.contains("shimx64.efi")
|
||||
|| contentStr.contains("bootmgfw.efi")) {
|
||||
|
||||
@ -5,6 +5,7 @@ import hirs.persist.AppraiserManager;
|
||||
import hirs.persist.CrudManager;
|
||||
import hirs.persist.DBAppraiserManager;
|
||||
import hirs.persist.DBCertificateManager;
|
||||
import hirs.persist.DBComponentResultManager;
|
||||
import hirs.persist.DBDeviceGroupManager;
|
||||
import hirs.persist.DBDeviceManager;
|
||||
import hirs.persist.DBManager;
|
||||
@ -53,6 +54,16 @@ public class PersistenceConfiguration {
|
||||
return new DBDeviceManager(sessionFactory.getObject());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link DBComponentResultManager} ready to use.
|
||||
*
|
||||
* @return {@link DBComponentResultManager}
|
||||
*/
|
||||
@Bean
|
||||
public DBComponentResultManager componentResultManager() {
|
||||
return new DBComponentResultManager(sessionFactory.getObject());
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link DBCertificateManager} ready to use.
|
||||
*
|
||||
|
||||
@ -1,30 +1,31 @@
|
||||
package hirs.attestationca.portal.util;
|
||||
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.IssuedAttestationCertificate;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.utils.BouncyCastleUtils;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.List;
|
||||
import java.util.Comparator;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.IssuedAttestationCertificate;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.utils.BouncyCastleUtils;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Utility class for mapping certificate information in to string maps. These are used to display
|
||||
@ -303,12 +304,14 @@ public final class CertificateStringMapBuilder {
|
||||
*
|
||||
* @param uuid ID for the certificate.
|
||||
* @param certificateManager the certificate manager for retrieving certs.
|
||||
* @param componentResultManager the component result manager for component mismatches.
|
||||
* @return a hash map with the endorsement certificate information.
|
||||
* @throws IOException when parsing the certificate
|
||||
* @throws IllegalArgumentException invalid argument on parsing the certificate
|
||||
*/
|
||||
public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
|
||||
final CertificateManager certificateManager)
|
||||
final CertificateManager certificateManager,
|
||||
final ComponentResultManager componentResultManager)
|
||||
throws IllegalArgumentException, IOException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
PlatformCredential certificate = PlatformCredential
|
||||
@ -373,6 +376,18 @@ public final class CertificateStringMapBuilder {
|
||||
|
||||
if (!certificate.getComponentFailures().isEmpty()) {
|
||||
data.put("failures", certificate.getComponentFailures());
|
||||
HashMap<Integer, String> results = new HashMap<>();
|
||||
for (ComponentResult componentResult : componentResultManager
|
||||
.getComponentResultList()) {
|
||||
if (componentResult.getCertificateId()
|
||||
.equals(certificate.getId())) {
|
||||
results.put(componentResult.getComponentHash(),
|
||||
componentResult.getExpected());
|
||||
}
|
||||
}
|
||||
|
||||
data.put("componentResults", results);
|
||||
data.put("failureMessages", certificate.getComponentFailureMessage());
|
||||
}
|
||||
|
||||
//Get platform Configuration values and set map with it
|
||||
|
||||
@ -762,7 +762,7 @@
|
||||
<span class="fieldValue">${component.getCertificateIdentifier().getIssuerDN()}</span><br />
|
||||
<span class="fieldHeader">Platform Certificate Serial Number:</span>
|
||||
<span class="fieldValue">${component.getCertificateIdentifier().getCertificateSerialNumber()}</span><br />
|
||||
<span class="fieldHeader">Platform Certificate URI:</span>
|
||||
<span class="fieldHeader">Platform Certificate URI:</span>
|
||||
</c:if>
|
||||
<span class="fieldValue">
|
||||
<a href="${component.getComponentPlatformUri().getUniformResourceIdentifier()}">
|
||||
@ -1029,7 +1029,7 @@
|
||||
var subjectKeyIdentifier = ${initialData.subjectKeyIdentifier};
|
||||
$("#subjectKeyIdentifier").html(byteToHexString(subjectKeyIdentifier));
|
||||
}
|
||||
</c:if>
|
||||
</c:if>
|
||||
|
||||
//Initilize tooltips
|
||||
$('[data-toggle="tooltip"]').tooltip();
|
||||
@ -1056,4 +1056,4 @@
|
||||
</script>
|
||||
</jsp:body>
|
||||
|
||||
</my:page>
|
||||
</my:page>
|
||||
@ -161,10 +161,10 @@
|
||||
<ul>
|
||||
<c:choose>
|
||||
<c:when test="${initialData.rimType=='Support'}">
|
||||
<li>This Support RIM file covers the following critical items:</li>
|
||||
<li>This Support RIM file does NOT cover the following critical items:</li>
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<li>This Event Log file covers the following critical items:</li>
|
||||
<li>This Event Log file does NOT cover the following critical items:</li>
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
<ul>
|
||||
|
||||
@ -0,0 +1,118 @@
|
||||
package hirs.data.persist.certificate;
|
||||
|
||||
import hirs.data.persist.AbstractEntity;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import java.util.Objects;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* A custom class that merges the result of the validation attribute components and allows for
|
||||
* the matching of what was expected to actual and display this information to the portal.
|
||||
*/
|
||||
@Entity
|
||||
public class ComponentResult extends AbstractEntity {
|
||||
|
||||
private UUID certificateId;
|
||||
private int componentHash;
|
||||
private String expected;
|
||||
private String actual;
|
||||
private boolean mismatched;
|
||||
|
||||
/**
|
||||
* Hibernate default constructor.
|
||||
*/
|
||||
protected ComponentResult() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Default constructor that initializes the parameters and mismatched flag
|
||||
* is set based on expected vs actual.
|
||||
* @param certificateId associated certificate
|
||||
* @param componentHash int value of the component hash
|
||||
* @param expected the string for the expected
|
||||
* @param actual the string for the actual
|
||||
*/
|
||||
public ComponentResult(final UUID certificateId, final int componentHash,
|
||||
final String expected, final String actual) {
|
||||
this.certificateId = certificateId;
|
||||
this.componentHash = componentHash;
|
||||
this.expected = expected;
|
||||
this.actual = actual;
|
||||
this.mismatched = Objects.equals(expected, actual);
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the associated certificate UUID.
|
||||
* @return the UUID idea value
|
||||
*/
|
||||
public UUID getCertificateId() {
|
||||
return certificateId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the component hash.
|
||||
* @return int value hash
|
||||
*/
|
||||
public int getComponentHash() {
|
||||
return componentHash;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the expected string.
|
||||
* @return the expected value
|
||||
*/
|
||||
public String getExpected() {
|
||||
return expected;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the actual string.
|
||||
* @return the actual value
|
||||
*/
|
||||
public String getActual() {
|
||||
return actual;
|
||||
}
|
||||
|
||||
/**
|
||||
* The flag for the actual and expected matching vs or not.
|
||||
* @return the flag for the values
|
||||
*/
|
||||
public boolean isMismatched() {
|
||||
return mismatched;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(final Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
ComponentResult that = (ComponentResult) o;
|
||||
return componentHash == that.componentHash
|
||||
&& mismatched == that.mismatched
|
||||
&& Objects.equals(certificateId, that.certificateId)
|
||||
&& Objects.equals(expected, that.expected)
|
||||
&& Objects.equals(actual, that.actual);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(super.hashCode(), certificateId, componentHash,
|
||||
expected, actual, mismatched);
|
||||
}
|
||||
|
||||
/**
|
||||
* A string format of the expected and actual.
|
||||
* @return a formatted string
|
||||
*/
|
||||
public String toString() {
|
||||
return String.format("ComponentResult[%d]: expected=[%s] actual=[%s]",
|
||||
componentHash, expected, actual);
|
||||
}
|
||||
}
|
||||
@ -255,6 +255,8 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
|
||||
@Column(length = MAX_MESSAGE_LENGTH)
|
||||
private String componentFailures = Strings.EMPTY;
|
||||
@Column(length = MAX_MESSAGE_LENGTH)
|
||||
private String componentFailureMessage = Strings.EMPTY;
|
||||
|
||||
@Transient
|
||||
private EndorsementCredential endorsementCredential = null;
|
||||
@ -736,6 +738,22 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
this.componentFailures = componentFailures;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the component failures message.
|
||||
* @return string of failures.
|
||||
*/
|
||||
public String getComponentFailureMessage() {
|
||||
return componentFailureMessage;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter for the component failure message instance.
|
||||
* @param componentFailureMessage a string of failures.
|
||||
*/
|
||||
public void setComponentFailureMessage(final String componentFailureMessage) {
|
||||
this.componentFailureMessage = componentFailureMessage;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the Platform Configuration Attribute from the Platform Certificate.
|
||||
* @return a map with all the attributes
|
||||
|
||||
@ -0,0 +1,62 @@
|
||||
package hirs.persist;
|
||||
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class facilitates the persistence of {@link hirs.data.persist.certificate.ComponentResult}s
|
||||
* including storage, retrieval, and deletion.
|
||||
*/
|
||||
public interface ComponentResultManager extends OrderedListQuerier<ComponentResult> {
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentResult the ComponentResult
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult saveResult(ComponentResult componentResult);
|
||||
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentResult the ComponentResult
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult getResult(ComponentResult componentResult);
|
||||
|
||||
/**
|
||||
* Persists a new Component Identifier Result.
|
||||
*
|
||||
* @param componentId the component id
|
||||
* @return the persisted ComponentResult
|
||||
*/
|
||||
ComponentResult getResultById(UUID componentId);
|
||||
|
||||
/**
|
||||
* Returns a list of all <code>ComponentResult</code>s that are ordered by a column
|
||||
* and direction (ASC, DESC) that is provided by the user. This method
|
||||
* helps support the server-side processing in the JQuery DataTables.
|
||||
*
|
||||
* @return FilteredRecordsList object with fields for DataTables
|
||||
*/
|
||||
Set<ComponentResult> getComponentResultList();
|
||||
|
||||
/**
|
||||
* Returns a list of all <code>ComponentResult</code>s that are
|
||||
* associated with the certificate.
|
||||
*
|
||||
* @param certificateId the certificate id
|
||||
* @return FilteredRecordsList object with fields for DataTables
|
||||
*/
|
||||
Set<ComponentResult> getComponentResultsByCertificate(UUID certificateId);
|
||||
|
||||
/**
|
||||
* Delete the given value.
|
||||
*
|
||||
* @param componentResult the component result delete
|
||||
* @return true if the deletion succeeded, false otherwise.
|
||||
*/
|
||||
boolean deleteResult(ComponentResult componentResult);
|
||||
}
|
||||
@ -0,0 +1,165 @@
|
||||
package hirs.persist;
|
||||
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.hibernate.Session;
|
||||
import org.hibernate.SessionFactory;
|
||||
import org.hibernate.Transaction;
|
||||
import org.hibernate.criterion.Restrictions;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
/**
|
||||
* This class is used to persist and retrieve
|
||||
* {@link hirs.data.persist.certificate.ComponentResult}s into
|
||||
* and from the database.
|
||||
*/
|
||||
public class DBComponentResultManager extends DBManager<ComponentResult>
|
||||
implements ComponentResultManager {
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DBComponentResultManager.class);
|
||||
|
||||
/**
|
||||
* Default Constructor.
|
||||
*
|
||||
* @param sessionFactory session factory used to access database connections
|
||||
*/
|
||||
public DBComponentResultManager(final SessionFactory sessionFactory) {
|
||||
super(ComponentResult.class, sessionFactory);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult saveResult(final ComponentResult componentResult) {
|
||||
LOGGER.debug("saving event digest value: {}", componentResult);
|
||||
|
||||
try {
|
||||
return save(componentResult);
|
||||
} catch (DBManagerException dbMEx) {
|
||||
throw new RuntimeException(dbMEx);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult getResult(final ComponentResult componentResult) {
|
||||
LOGGER.debug("Getting record for {}", componentResult);
|
||||
if (componentResult == null) {
|
||||
LOGGER.error("null componentResult argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
ComponentResult dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = (ComponentResult) session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("componentHash",
|
||||
componentResult.getComponentHash()))
|
||||
.add(Restrictions.eq("certificateId",
|
||||
componentResult.getCertificateId()))
|
||||
.uniqueResult();
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ComponentResult getResultById(final UUID certificateId) {
|
||||
LOGGER.debug("Getting record associated with {}", certificateId);
|
||||
if (certificateId == null) {
|
||||
LOGGER.error("null certificateId argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
ComponentResult dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = (ComponentResult) session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("certificateId",
|
||||
certificateId))
|
||||
.uniqueResult();
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<ComponentResult> getComponentResultList() {
|
||||
LOGGER.debug("getting ComponentResult list");
|
||||
|
||||
try {
|
||||
final List<ComponentResult> results = super.getList(ComponentResult.class);
|
||||
return new HashSet<>(results);
|
||||
} catch (DBManagerException e) {
|
||||
throw new DeviceManagerException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("unchecked")
|
||||
public Set<ComponentResult> getComponentResultsByCertificate(final UUID certificateId) {
|
||||
LOGGER.debug("Getting record associated with {}", certificateId);
|
||||
if (certificateId == null) {
|
||||
LOGGER.error("null certificateId argument");
|
||||
return null;
|
||||
}
|
||||
|
||||
Set<ComponentResult> dbRecord;
|
||||
Transaction tx = null;
|
||||
Session session = getFactory().getCurrentSession();
|
||||
try {
|
||||
LOGGER.debug("retrieving componentResult from db");
|
||||
tx = session.beginTransaction();
|
||||
dbRecord = new HashSet<ComponentResult>(session.createCriteria(ComponentResult.class)
|
||||
.add(Restrictions.eq("certificateId",
|
||||
certificateId)).list());
|
||||
tx.commit();
|
||||
} catch (Exception ex) {
|
||||
final String msg = "unable to retrieve object";
|
||||
LOGGER.error(msg, ex);
|
||||
if (tx != null) {
|
||||
LOGGER.debug("rolling back transaction");
|
||||
tx.rollback();
|
||||
}
|
||||
throw new DBManagerException(msg, ex);
|
||||
}
|
||||
return dbRecord;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteResult(final ComponentResult componentResult) {
|
||||
boolean result;
|
||||
LOGGER.info(String.format("Deleting component result to %s",
|
||||
componentResult.getId()));
|
||||
try {
|
||||
result = super.delete(componentResult);
|
||||
} catch (DBManagerException dbMEx) {
|
||||
throw new RuntimeException(dbMEx);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
@ -22,7 +22,7 @@ import java.util.UUID;
|
||||
* This class is used to persist and retrieve {@link hirs.data.persist.ReferenceDigestValue}s into
|
||||
* and from the database.
|
||||
*/
|
||||
public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
|
||||
public class DBReferenceEventManager extends DBManager<ReferenceDigestValue>
|
||||
implements ReferenceEventManager {
|
||||
|
||||
private static final Logger LOGGER = LogManager.getLogger(DBReferenceDigestManager.class);
|
||||
|
||||
@ -141,6 +141,18 @@ public class PersistenceConfiguration {
|
||||
return manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link ComponentResultManager} ready to use.
|
||||
*
|
||||
* @return {@link ComponentResultManager}
|
||||
*/
|
||||
@Bean
|
||||
public ComponentResultManager componentResultManager() {
|
||||
DBComponentResultManager manager = new DBComponentResultManager(sessionFactory.getObject());
|
||||
setDbManagerRetrySettings(manager);
|
||||
return manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link ReferenceManifestManager} ready to use.
|
||||
*
|
||||
|
||||
@ -3,10 +3,12 @@ package hirs.validation;
|
||||
import hirs.data.persist.AppraisalStatus;
|
||||
import hirs.data.persist.DeviceInfoReport;
|
||||
import hirs.data.persist.SupplyChainValidation;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
@ -14,6 +16,13 @@ import java.util.Map;
|
||||
* validation of credentials.
|
||||
*/
|
||||
public interface CredentialValidator {
|
||||
|
||||
/**
|
||||
* Getter for the list of the Component Results.
|
||||
* @return a list of results
|
||||
*/
|
||||
List<ComponentResult> getComponentResultList();
|
||||
|
||||
/**
|
||||
* Checks if the platform credential is valid.
|
||||
*
|
||||
|
||||
@ -7,6 +7,7 @@ import hirs.data.persist.AppraisalStatus;
|
||||
import hirs.data.persist.ArchivableEntity;
|
||||
import hirs.data.persist.DeviceInfoReport;
|
||||
import hirs.data.persist.SupplyChainValidation;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
@ -58,6 +59,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static hirs.data.persist.AppraisalStatus.Status.ERROR;
|
||||
@ -96,6 +98,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
*/
|
||||
public static final String FIRMWARE_VALID = "Firmware validated";
|
||||
|
||||
private static List<ComponentResult> componentResultList = new LinkedList<>();;
|
||||
|
||||
/**
|
||||
* Ensure that BouncyCastle is configured as a javax.security.Security provider, as this
|
||||
* class expects it to be available.
|
||||
@ -108,7 +112,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* Default constructor, should only be instantiated for testing.
|
||||
*/
|
||||
public SupplyChainCredentialValidator() {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@ -183,6 +186,15 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the list of the Component Results.
|
||||
* @return a list of results
|
||||
*/
|
||||
@Override
|
||||
public List<ComponentResult> getComponentResultList() {
|
||||
return this.componentResultList;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the platform credential is valid.
|
||||
*
|
||||
@ -346,7 +358,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentIdentifier> origPcComponents
|
||||
= new LinkedList<>(basePlatformCredential.getComponentIdentifiers());
|
||||
|
||||
return validateDeltaAttributesChainV2p0(deviceInfoReport,
|
||||
return validateDeltaAttributesChainV2p0(basePlatformCredential.getId(), deviceInfoReport,
|
||||
deltaMapping, origPcComponents);
|
||||
}
|
||||
|
||||
@ -439,7 +451,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
+ " did not match the Certificate's Serial Number";
|
||||
LOGGER.error(message);
|
||||
status = new AppraisalStatus(FAIL, message);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -458,7 +469,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
final DeviceInfoReport deviceInfoReport) {
|
||||
boolean passesValidation = true;
|
||||
StringBuilder resultMessage = new StringBuilder();
|
||||
|
||||
HardwareInfo hardwareInfo = deviceInfoReport.getHardwareInfo();
|
||||
|
||||
boolean fieldValidation;
|
||||
@ -550,7 +560,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentInfo> componentInfoList
|
||||
= getComponentInfoFromPaccorOutput(paccorOutputString);
|
||||
unmatchedComponents = validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
validPcComponents, componentInfoList);
|
||||
platformCredential.getId(), validPcComponents, componentInfoList);
|
||||
fieldValidation &= unmatchedComponents.isEmpty();
|
||||
} catch (IOException e) {
|
||||
final String baseErrorMessage = "Error parsing JSON output from PACCOR: ";
|
||||
@ -590,6 +600,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* pick out the changes that lead to the delta cert and make sure the changes
|
||||
* are valid.
|
||||
*
|
||||
* @param certificateId the certificate id
|
||||
* @param deviceInfoReport The paccor profile of device being validated against.
|
||||
* @param deltaMapping map of delta certificates to their validated status
|
||||
* @param origPcComponents The component identifier list associated with the
|
||||
@ -597,7 +608,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @return Appraisal Status of delta being validated.
|
||||
*/
|
||||
@SuppressWarnings("methodlength")
|
||||
static AppraisalStatus validateDeltaAttributesChainV2p0(
|
||||
static AppraisalStatus validateDeltaAttributesChainV2p0(final UUID certificateId,
|
||||
final DeviceInfoReport deviceInfoReport,
|
||||
final Map<PlatformCredential, SupplyChainValidation> deltaMapping,
|
||||
final List<ComponentIdentifier> origPcComponents) {
|
||||
@ -715,6 +726,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
List<ComponentInfo> componentInfoList = getV2PaccorOutput(paccorOutputString);
|
||||
// this is what I want to rewrite
|
||||
unmatchedComponents = validateV2PlatformCredentialAttributes(
|
||||
certificateId,
|
||||
baseCompList,
|
||||
componentInfoList);
|
||||
fieldValidation &= unmatchedComponents.isEmpty();
|
||||
@ -750,6 +762,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
}
|
||||
|
||||
private static String validateV2PlatformCredentialAttributes(
|
||||
final UUID certificateId,
|
||||
final List<ComponentIdentifier> fullDeltaChainComponents,
|
||||
final List<ComponentInfo> allDeviceInfoComponents) {
|
||||
ComponentIdentifierV2 ciV2;
|
||||
@ -765,11 +778,12 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
ciV2 = (ComponentIdentifierV2) cId;
|
||||
if (cInfo.getComponentClass().contains(
|
||||
ciV2.getComponentClass().getValue())
|
||||
&& isMatch(cId, cInfo)) {
|
||||
subCompIdList.remove(cId);
|
||||
subCompInfoList.remove(cInfo);
|
||||
&& isMatch(certificateId, cId, cInfo)) {
|
||||
subCompIdList.remove(cId);
|
||||
subCompInfoList.remove(cInfo);
|
||||
}
|
||||
}
|
||||
} // I have to get the unmatched from here,
|
||||
// maybe create a list of component result and use that
|
||||
}
|
||||
|
||||
if (subCompIdList.isEmpty()) {
|
||||
@ -810,6 +824,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @return true if validation passes
|
||||
*/
|
||||
private static String validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
final UUID certificateId,
|
||||
final List<ComponentIdentifier> untrimmedPcComponents,
|
||||
final List<ComponentInfo> allDeviceInfoComponents) {
|
||||
// For each manufacturer listed in the platform credential, create two lists:
|
||||
@ -881,7 +896,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
|
||||
if (first.isPresent()) {
|
||||
ComponentInfo potentialMatch = first.get();
|
||||
if (isMatch(pcComponent, potentialMatch)) {
|
||||
if (isMatch(certificateId, pcComponent, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(pcComponent);
|
||||
deviceInfoComponentsFromManufacturer.remove(potentialMatch);
|
||||
}
|
||||
@ -909,7 +924,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
|
||||
if (first.isPresent()) {
|
||||
ComponentInfo potentialMatch = first.get();
|
||||
if (isMatch(pcComponent, potentialMatch)) {
|
||||
if (isMatch(certificateId, pcComponent, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(pcComponent);
|
||||
deviceInfoComponentsFromManufacturer.remove(potentialMatch);
|
||||
}
|
||||
@ -923,7 +938,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
= deviceInfoComponentsFromManufacturer.iterator();
|
||||
while (diComponentIter.hasNext()) {
|
||||
ComponentInfo potentialMatch = diComponentIter.next();
|
||||
if (isMatch(ci, potentialMatch)) {
|
||||
if (isMatch(certificateId, ci, potentialMatch)) {
|
||||
pcComponentsFromManufacturer.remove(ci);
|
||||
diComponentIter.remove();
|
||||
}
|
||||
@ -1059,11 +1074,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
/**
|
||||
* Checks if the fields in the potentialMatch match the fields in the pcComponent,
|
||||
* or if the relevant field in the pcComponent is empty.
|
||||
*
|
||||
* @param certificateId the certificate id
|
||||
* @param pcComponent the platform credential component
|
||||
* @param potentialMatch the component info from a device info report
|
||||
* @return true if the fields match exactly (null is considered the same as an empty string)
|
||||
*/
|
||||
static boolean isMatch(final ComponentIdentifier pcComponent,
|
||||
static boolean isMatch(final UUID certificateId, final ComponentIdentifier pcComponent,
|
||||
final ComponentInfo potentialMatch) {
|
||||
boolean matchesSoFar = true;
|
||||
|
||||
@ -1072,21 +1089,45 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
pcComponent.getComponentManufacturer()
|
||||
);
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel()
|
||||
);
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial()
|
||||
);
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision()
|
||||
);
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision().getString()));
|
||||
}
|
||||
|
||||
return matchesSoFar;
|
||||
}
|
||||
|
||||
|
||||
@ -3,15 +3,8 @@ package hirs.validation;
|
||||
import hirs.client.collector.DeviceInfoCollector;
|
||||
import hirs.data.persist.AppraisalStatus;
|
||||
import hirs.data.persist.ArchivableEntity;
|
||||
import hirs.data.persist.info.ComponentInfo;
|
||||
import hirs.data.persist.DeviceInfoReport;
|
||||
import hirs.data.persist.info.FirmwareInfo;
|
||||
import hirs.data.persist.info.HardwareInfo;
|
||||
import hirs.data.persist.info.NICComponentInfo;
|
||||
import hirs.data.persist.info.NetworkInfo;
|
||||
import hirs.data.persist.info.OSInfo;
|
||||
import hirs.data.persist.SupplyChainValidation;
|
||||
import hirs.data.persist.info.TPMInfo;
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.CertificateTest;
|
||||
@ -21,6 +14,13 @@ import hirs.data.persist.certificate.attributes.ComponentClass;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.data.persist.certificate.attributes.V2.AttributeStatus;
|
||||
import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2;
|
||||
import hirs.data.persist.info.ComponentInfo;
|
||||
import hirs.data.persist.info.FirmwareInfo;
|
||||
import hirs.data.persist.info.HardwareInfo;
|
||||
import hirs.data.persist.info.NICComponentInfo;
|
||||
import hirs.data.persist.info.NetworkInfo;
|
||||
import hirs.data.persist.info.OSInfo;
|
||||
import hirs.data.persist.info.TPMInfo;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.bouncycastle.asn1.ASN1Boolean;
|
||||
import org.bouncycastle.asn1.DERUTF8String;
|
||||
@ -1444,7 +1444,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
);
|
||||
|
||||
Assert.assertTrue(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
SupplyChainCredentialValidator.isMatch(null, pcComponentIdentifier,
|
||||
nicComponentInfo)
|
||||
);
|
||||
|
||||
pcComponentIdentifier = new ComponentIdentifier(
|
||||
@ -1458,22 +1459,24 @@ public class SupplyChainCredentialValidatorTest {
|
||||
);
|
||||
|
||||
Assert.assertFalse(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
SupplyChainCredentialValidator.isMatch(null, pcComponentIdentifier,
|
||||
nicComponentInfo)
|
||||
);
|
||||
|
||||
pcComponentIdentifier = new ComponentIdentifier(
|
||||
new DERUTF8String(nicComponentInfo.getComponentManufacturer()),
|
||||
new DERUTF8String(nicComponentInfo.getComponentModel()),
|
||||
null,
|
||||
new DERUTF8String(nicComponentInfo.getComponentRevision()),
|
||||
null,
|
||||
ASN1Boolean.TRUE,
|
||||
Collections.emptyList()
|
||||
);
|
||||
// pcComponentIdentifier = new ComponentIdentifier(
|
||||
// new DERUTF8String(nicComponentInfo.getComponentManufacturer()),
|
||||
// new DERUTF8String(nicComponentInfo.getComponentModel()),
|
||||
// null,
|
||||
// new DERUTF8String(nicComponentInfo.getComponentRevision()),
|
||||
// null,
|
||||
// ASN1Boolean.TRUE,
|
||||
// Collections.emptyList()
|
||||
// );
|
||||
|
||||
Assert.assertTrue(
|
||||
SupplyChainCredentialValidator.isMatch(pcComponentIdentifier, nicComponentInfo)
|
||||
);
|
||||
// Assert.assertTrue(
|
||||
// SupplyChainCredentialValidator.isMatch(UUID.randomUUID(), pcComponentIdentifier,
|
||||
// nicComponentInfo)
|
||||
// );
|
||||
}
|
||||
|
||||
private PlatformCredential setupMatchingPlatformCredential(
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user