diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index c36dc763..6e1593c0 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -19,6 +19,7 @@ import hirs.data.persist.SwidResource; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.CertificateAuthorityCredential; +import hirs.data.persist.certificate.ComponentResult; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.persist.AppraiserManager; @@ -787,6 +788,10 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe pc.setComponentFailures(result.getAdditionalInfo()); pc.setComponentFailureMessage(result.getMessage()); this.certificateManager.update(pc); + for (ComponentResult componentResult + : supplyChainCredentialValidator.getComponentResultList()) { + this.componentResultManager.saveResult(componentResult); + } } return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java index 2c8c360a..031cc3ae 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java @@ -1,31 +1,31 @@ package hirs.attestationca.portal.util; +import hirs.data.persist.certificate.Certificate; +import hirs.data.persist.certificate.CertificateAuthorityCredential; +import hirs.data.persist.certificate.ComponentResult; +import hirs.data.persist.certificate.EndorsementCredential; +import hirs.data.persist.certificate.IssuedAttestationCertificate; +import hirs.data.persist.certificate.PlatformCredential; +import hirs.data.persist.certificate.attributes.ComponentIdentifier; +import hirs.data.persist.certificate.attributes.PlatformConfiguration; +import hirs.persist.CertificateManager; import hirs.persist.ComponentResultManager; +import hirs.utils.BouncyCastleUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.bouncycastle.util.encoders.Hex; import java.io.IOException; import java.math.BigInteger; import java.util.Arrays; +import java.util.Collections; +import java.util.Comparator; import java.util.HashMap; import java.util.HashSet; -import java.util.Set; import java.util.List; -import java.util.Comparator; -import java.util.stream.Collectors; +import java.util.Set; import java.util.UUID; -import hirs.data.persist.certificate.Certificate; -import hirs.data.persist.certificate.CertificateAuthorityCredential; -import hirs.data.persist.certificate.EndorsementCredential; -import hirs.data.persist.certificate.PlatformCredential; -import hirs.data.persist.certificate.IssuedAttestationCertificate; -import hirs.data.persist.certificate.attributes.ComponentIdentifier; -import hirs.data.persist.certificate.attributes.PlatformConfiguration; -import hirs.persist.CertificateManager; -import hirs.utils.BouncyCastleUtils; -import org.bouncycastle.util.encoders.Hex; - -import java.util.Collections; +import java.util.stream.Collectors; /** * Utility class for mapping certificate information in to string maps. These are used to display @@ -376,6 +376,14 @@ public final class CertificateStringMapBuilder { if (!certificate.getComponentFailures().isEmpty()) { data.put("failures", certificate.getComponentFailures()); + HashMap results = new HashMap<>(); + for (ComponentResult componentResult : componentResultManager + .getComponentResultList()) { + if (componentResult.getId().equals(certificate.getId())) { + results.put(componentResult.getComponentHash(), componentResult.getExpected()); + } + } + data.put("componentResults", results); data.put("failureMessages", certificate.getComponentFailureMessage()); } diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp index 2490af27..9a4954f1 100644 --- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp +++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp @@ -614,13 +614,14 @@
- +
- + +
diff --git a/HIRS_Utils/src/main/java/hirs/validation/CredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/CredentialValidator.java index df8048e7..37ddbcf5 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/CredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/CredentialValidator.java @@ -3,10 +3,12 @@ package hirs.validation; import hirs.data.persist.AppraisalStatus; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.SupplyChainValidation; +import hirs.data.persist.certificate.ComponentResult; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import java.security.KeyStore; +import java.util.List; import java.util.Map; /** @@ -14,6 +16,13 @@ import java.util.Map; * validation of credentials. */ public interface CredentialValidator { + + /** + * Getter for the list of the Component Results. + * @return a list of results + */ + List getComponentResultList(); + /** * Checks if the platform credential is valid. * diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index 7d259d5c..19b55d35 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -98,6 +98,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator */ public static final String FIRMWARE_VALID = "Firmware validated"; + private static List componentResultList; + /** * Ensure that BouncyCastle is configured as a javax.security.Security provider, as this * class expects it to be available. @@ -110,7 +112,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator * Default constructor, should only be instantiated for testing. */ public SupplyChainCredentialValidator() { - + componentResultList = new LinkedList<>(); } /** @@ -185,6 +187,15 @@ public final class SupplyChainCredentialValidator implements CredentialValidator return null; } + /** + * Getter for the list of the Component Results. + * @return a list of results + */ + @Override + public List getComponentResultList() { + return this.componentResultList; + } + /** * Checks if the platform credential is valid. * @@ -1069,39 +1080,50 @@ public final class SupplyChainCredentialValidator implements CredentialValidator static boolean isMatch(final UUID certificateId, final ComponentIdentifier pcComponent, final ComponentInfo potentialMatch) { boolean matchesSoFar = true; - ComponentResult componentResult; matchesSoFar &= isMatchOrEmptyInPlatformCert( potentialMatch.getComponentManufacturer(), pcComponent.getComponentManufacturer() ); - componentResult = new ComponentResult(certificateId, pcComponent.hashCode(), - potentialMatch.getComponentManufacturer(), - pcComponent.getComponentManufacturer().getString()); + + if (matchesSoFar) { + componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + potentialMatch.getComponentManufacturer(), + pcComponent.getComponentManufacturer().getString())); + } matchesSoFar &= isMatchOrEmptyInPlatformCert( potentialMatch.getComponentModel(), pcComponent.getComponentModel() ); - componentResult = new ComponentResult(certificateId, pcComponent.hashCode(), - potentialMatch.getComponentModel(), - pcComponent.getComponentModel().getString()); + + if (matchesSoFar) { + componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + potentialMatch.getComponentModel(), + pcComponent.getComponentModel().getString())); + } matchesSoFar &= isMatchOrEmptyInPlatformCert( potentialMatch.getComponentSerial(), pcComponent.getComponentSerial() ); - componentResult = new ComponentResult(certificateId, pcComponent.hashCode(), - potentialMatch.getComponentSerial(), - pcComponent.getComponentSerial().getString()); + + if (matchesSoFar) { + componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + potentialMatch.getComponentSerial(), + pcComponent.getComponentSerial().getString())); + } matchesSoFar &= isMatchOrEmptyInPlatformCert( potentialMatch.getComponentRevision(), pcComponent.getComponentRevision() ); - componentResult = new ComponentResult(certificateId, pcComponent.hashCode(), - potentialMatch.getComponentRevision(), - pcComponent.getComponentRevision().getString()); + + if (matchesSoFar) { + componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + potentialMatch.getComponentRevision(), + pcComponent.getComponentRevision().getString())); + } return matchesSoFar; }