mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-19 04:58:00 +00:00
Added the page handler code that pulls, the potentially saved
information.
This commit is contained in:
Cyrus
parent
3fb3cf7669
commit
7c14f821e1
@ -19,6 +19,7 @@ import hirs.data.persist.SwidResource;
|
||||
import hirs.data.persist.TPMMeasurementRecord;
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.persist.AppraiserManager;
|
||||
@ -787,6 +788,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
pc.setComponentFailures(result.getAdditionalInfo());
|
||||
pc.setComponentFailureMessage(result.getMessage());
|
||||
this.certificateManager.update(pc);
|
||||
for (ComponentResult componentResult
|
||||
: supplyChainCredentialValidator.getComponentResultList()) {
|
||||
this.componentResultManager.saveResult(componentResult);
|
||||
}
|
||||
}
|
||||
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
|
||||
result.getMessage(), pc, Level.WARN);
|
||||
|
||||
@ -1,31 +1,31 @@
|
||||
package hirs.attestationca.portal.util;
|
||||
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.IssuedAttestationCertificate;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.persist.ComponentResultManager;
|
||||
import hirs.utils.BouncyCastleUtils;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.List;
|
||||
import java.util.Comparator;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import hirs.data.persist.certificate.Certificate;
|
||||
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
import hirs.data.persist.certificate.IssuedAttestationCertificate;
|
||||
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.data.persist.certificate.attributes.PlatformConfiguration;
|
||||
import hirs.persist.CertificateManager;
|
||||
import hirs.utils.BouncyCastleUtils;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Utility class for mapping certificate information in to string maps. These are used to display
|
||||
@ -376,6 +376,14 @@ public final class CertificateStringMapBuilder {
|
||||
|
||||
if (!certificate.getComponentFailures().isEmpty()) {
|
||||
data.put("failures", certificate.getComponentFailures());
|
||||
HashMap<Integer, String> results = new HashMap<>();
|
||||
for (ComponentResult componentResult : componentResultManager
|
||||
.getComponentResultList()) {
|
||||
if (componentResult.getId().equals(certificate.getId())) {
|
||||
results.put(componentResult.getComponentHash(), componentResult.getExpected());
|
||||
}
|
||||
}
|
||||
data.put("componentResults", results);
|
||||
data.put("failureMessages", certificate.getComponentFailureMessage());
|
||||
}
|
||||
|
||||
|
||||
@ -614,13 +614,14 @@
|
||||
<div class="panel-body">
|
||||
<div id="componentIdentifier" class="row">
|
||||
<c:forEach items="${initialData.componentsIdentifier}" var="component">
|
||||
<c:set var="combined" value="${component.hashCode()}" scope="page"/>
|
||||
<c:set var="combined" value="${component.hashCode()}" scope="page" />
|
||||
<div class="component col col-md-4">
|
||||
<div class="panel panel-default">
|
||||
<c:choose>
|
||||
<c:when test="${fn:contains(initialData.failures, combined)}">
|
||||
<div class="tooltip" style="background-color: red; color: white">
|
||||
<span class="tooltiptext">
|
||||
<c:set var="expected" value="${initialData.componentResults[combined]}" scope="page" />
|
||||
<span class="tooltiptext" title="${expected}">
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<div class="panel-heading">
|
||||
|
||||
@ -3,10 +3,12 @@ package hirs.validation;
|
||||
import hirs.data.persist.AppraisalStatus;
|
||||
import hirs.data.persist.DeviceInfoReport;
|
||||
import hirs.data.persist.SupplyChainValidation;
|
||||
import hirs.data.persist.certificate.ComponentResult;
|
||||
import hirs.data.persist.certificate.EndorsementCredential;
|
||||
import hirs.data.persist.certificate.PlatformCredential;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
@ -14,6 +16,13 @@ import java.util.Map;
|
||||
* validation of credentials.
|
||||
*/
|
||||
public interface CredentialValidator {
|
||||
|
||||
/**
|
||||
* Getter for the list of the Component Results.
|
||||
* @return a list of results
|
||||
*/
|
||||
List<ComponentResult> getComponentResultList();
|
||||
|
||||
/**
|
||||
* Checks if the platform credential is valid.
|
||||
*
|
||||
|
||||
@ -98,6 +98,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
*/
|
||||
public static final String FIRMWARE_VALID = "Firmware validated";
|
||||
|
||||
private static List<ComponentResult> componentResultList;
|
||||
|
||||
/**
|
||||
* Ensure that BouncyCastle is configured as a javax.security.Security provider, as this
|
||||
* class expects it to be available.
|
||||
@ -110,7 +112,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* Default constructor, should only be instantiated for testing.
|
||||
*/
|
||||
public SupplyChainCredentialValidator() {
|
||||
|
||||
componentResultList = new LinkedList<>();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -185,6 +187,15 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Getter for the list of the Component Results.
|
||||
* @return a list of results
|
||||
*/
|
||||
@Override
|
||||
public List<ComponentResult> getComponentResultList() {
|
||||
return this.componentResultList;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the platform credential is valid.
|
||||
*
|
||||
@ -1069,39 +1080,50 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
static boolean isMatch(final UUID certificateId, final ComponentIdentifier pcComponent,
|
||||
final ComponentInfo potentialMatch) {
|
||||
boolean matchesSoFar = true;
|
||||
ComponentResult componentResult;
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer().getString());
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentManufacturer(),
|
||||
pcComponent.getComponentManufacturer().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel().getString());
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentModel(),
|
||||
pcComponent.getComponentModel().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial().getString());
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentSerial(),
|
||||
pcComponent.getComponentSerial().getString()));
|
||||
}
|
||||
|
||||
matchesSoFar &= isMatchOrEmptyInPlatformCert(
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision()
|
||||
);
|
||||
componentResult = new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision().getString());
|
||||
|
||||
if (matchesSoFar) {
|
||||
componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(),
|
||||
potentialMatch.getComponentRevision(),
|
||||
pcComponent.getComponentRevision().getString()));
|
||||
}
|
||||
|
||||
return matchesSoFar;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user