ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-20 05:28:22 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

[#111] ACA UI updates for V2 platform certificates (#129)

Browse Source 
* This issue updates the UI for the newest V2 information for platform attribute certificates.  This first push has updates from #111 for items 1, 2 and 3a/b.

* Updated for additional changes.

* Updated example of numerated base to delta certificates linked on platform details page instead of using previous and next buttons.

* Updated code to unlink supply chain identifier number if that is the current page.

* A unit test was failing because of the next spec and how the certificate string mapper was being used.  I added a null check before sending it to a selector. In addition I updated the selector to print the actual variable name that of the field value failing for better clarity when it fails.

* Updated variable name to reflect changes in the issue around labeling certificates vs credentials.
This commit is contained in:
Cyrus 2019-05-03 06:53:17 -04:00 committed by GitHub
parent 86f2cddb22
commit 805b87ffb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 455 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/Page.java
View File

@ -20,12 +20,12 @@ public enum Page {
/** /**
* Page to display and manage endorsement key credentials. * Page to display and manage endorsement key credentials.
*/ */
ENDORSEMENT_KEY_CREDENTIALS("Endorsement Key Credentials", "ic_vpn_key", ENDORSEMENT_KEY_CREDENTIALS("Endorsement Key Certificates", "ic_vpn_key",
"first", "certificate-request/"), "first", "certificate-request/"),
/** /**
* Page to display and manage platform credentials. * Page to display and manage platform credentials.
*/ */
PLATFORM_CREDENTIALS("Platform Credentials", "ic_important_devices", PLATFORM_CREDENTIALS("Platform Certificates", "ic_important_devices",
null, "certificate-request/"), null, "certificate-request/"),
/** /**
* Page to display issued certificates. * Page to display issued certificates.

66
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java
View File

@ -8,15 +8,19 @@ import java.math.BigInteger;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Set; import java.util.Set;
import java.util.List;
import java.util.Comparator;
import java.util.stream.Collectors;
import java.util.UUID; import java.util.UUID;
import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.attributes.PlatformConfiguration; import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.persist.CertificateManager; import hirs.persist.CertificateManager;
import hirs.utils.BouncyCastleUtils; import hirs.utils.BouncyCastleUtils;
import java.util.Collections;
/** /**
* Utility class for mapping certificate information in to string maps. These are used to display * Utility class for mapping certificate information in to string maps. These are used to display
@ -50,6 +54,9 @@ public final class CertificateStringMapBuilder {
data.put("authSerialNumber", Long.toHexString(certificate data.put("authSerialNumber", Long.toHexString(certificate
.getAuthoritySerialNumber().longValue())); .getAuthoritySerialNumber().longValue()));
} }
if (certificate.getId() != null) {
data.put("certificateId", certificate.getId().toString());
}
data.put("authInfoAccess", certificate.getAuthInfoAccess()); data.put("authInfoAccess", certificate.getAuthInfoAccess());
data.put("beginValidity", certificate.getBeginValidity().toString()); data.put("beginValidity", certificate.getBeginValidity().toString());
data.put("endValidity", certificate.getEndValidity().toString()); data.put("endValidity", certificate.getEndValidity().toString());
@ -280,6 +287,7 @@ public final class CertificateStringMapBuilder {
if (certificate != null) { if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager)); data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.put("credentialType", certificate.getCredentialType()); data.put("credentialType", certificate.getCredentialType());
data.put("platformType", certificate.getPlatformType());
data.put("manufacturer", certificate.getManufacturer()); data.put("manufacturer", certificate.getManufacturer());
data.put("model", certificate.getModel()); data.put("model", certificate.getModel());
data.put("version", certificate.getVersion()); data.put("version", certificate.getVersion());
@ -296,12 +304,34 @@ public final class CertificateStringMapBuilder {
.toString(Certificate.HEX_BASE) .toString(Certificate.HEX_BASE)
.replaceAll("(?<=..)(..)", ":$1")); .replaceAll("(?<=..)(..)", ":$1"));
data.put("holderIssuer", certificate.getHolderIssuer()); data.put("holderIssuer", certificate.getHolderIssuer());
EndorsementCredential ekCertificate = EndorsementCredential if (certificate.isBase()) {
EndorsementCredential ekCertificate = EndorsementCredential
.select(certificateManager)
.bySerialNumber(certificate.getHolderSerialNumber())
.getCertificate();
if (ekCertificate != null) {
data.put("holderId", ekCertificate.getId().toString());
}
} else {
if (certificate.getPlatformType() != null
&& certificate.getPlatformType().equals("Delta")) {
PlatformCredential holderCertificate = PlatformCredential
.select(certificateManager)
.bySerialNumber(certificate.getHolderSerialNumber())
.getCertificate();
if (holderCertificate != null) {
data.put("holderId", holderCertificate.getId().toString());
}
}
}
PlatformCredential prevCertificate = PlatformCredential
.select(certificateManager) .select(certificateManager)
.bySerialNumber(certificate.getHolderSerialNumber()) .byHolderSerialNumber(certificate.getSerialNumber())
.getCertificate(); .getCertificate();
if (ekCertificate != null) {
data.put("ekId", ekCertificate.getId().toString()); if (prevCertificate != null) {
data.put("prevCertId", prevCertificate.getId().toString());
} }
//x509 credential version //x509 credential version
@ -314,6 +344,9 @@ public final class CertificateStringMapBuilder {
if (platformConfiguration != null) { if (platformConfiguration != null) {
//Component Identifier //Component Identifier
data.put("componentsIdentifier", platformConfiguration.getComponentIdentifier()); data.put("componentsIdentifier", platformConfiguration.getComponentIdentifier());
//Component Identifier URI
data.put("componentsIdentifierURI", platformConfiguration
.getComponentIdentifierUri());
//Platform Properties //Platform Properties
data.put("platformProperties", platformConfiguration.getPlatformProperties()); data.put("platformProperties", platformConfiguration.getPlatformProperties());
//Platform Properties URI //Platform Properties URI
@ -321,8 +354,27 @@ public final class CertificateStringMapBuilder {
} }
//TBB Security Assertion //TBB Security Assertion
data.put("tbbSecurityAssertion", certificate.getTBBSecurityAssertion()); data.put("tbbSecurityAssertion", certificate.getTBBSecurityAssertion());
if (certificate.getPlatformSerial() != null) {
// link certificate chain
List<PlatformCredential> chainCertificates = PlatformCredential
.select(certificateManager)
.byBoardSerialNumber(certificate.getPlatformSerial())
.getCertificates().stream().collect(Collectors.toList());
data.put("numInChain", chainCertificates.size());
Collections.sort(chainCertificates, new Comparator<PlatformCredential>() {
@Override
public int compare(final PlatformCredential obj1,
final PlatformCredential obj2) {
return obj1.getBeginValidity().compareTo(obj2.getBeginValidity());
}
});
data.put("chainCertificates", chainCertificates);
}
} else { } else {
String notFoundMessage = "Unable to find Platform Credential " String notFoundMessage = "Unable to find Platform Certificate "
+ "with ID: " + uuid; + "with ID: " + uuid;
LOGGER.error(notFoundMessage); LOGGER.error(notFoundMessage);
} }
@ -356,7 +408,7 @@ public final class CertificateStringMapBuilder {
return map; return map;
} }
/** /**
* Returns the Issued Attestation Certificate information. * Returns the Issued Attestation Certificate information.
* *
* @param uuid ID for the certificate. * @param uuid ID for the certificate.

112
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
View File

@ -1,14 +1,11 @@
<%@page contentType="text/html" pageEncoding="UTF-8"%> <%@ page contentType="text/html"%>
<%@ page pageEncoding="UTF-8"%>*/<%-- JSP TAGS
<%-- JSP TAGS --%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@taglib prefix="spring" uri="http://www.springframework.org/tags"%> <%@taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form"%> <%@taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@taglib prefix="fn" uri = "http://java.sun.com/jsp/jstl/functions" %> <%@taglib prefix="fn" uri = "http://java.sun.com/jsp/jstl/functions" %>
<%@taglib prefix="my" tagdir="/WEB-INF/tags"%> <%@taglib prefix="my" tagdir="/WEB-INF/tags"%>
<%@taglib prefix="fn" uri = "http://java.sun.com/jsp/jstl/functions"%> <%@taglib prefix="fn" uri = "http://java.sun.com/jsp/jstl/functions"%>--%>/**comment** CONTENT
<%-- CONTENT --%>
<my:page> <my:page>
<jsp:attribute name="style"> <jsp:attribute name="style">
<link type="text/css" rel="stylesheet" href="${common}/certificate_details.css"/> <link type="text/css" rel="stylesheet" href="${common}/certificate_details.css"/>
@ -102,7 +99,9 @@
<c:if test="${not empty initialData.subject}"> <c:if test="${not empty initialData.subject}">
<div class="row"> <div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Subject</span></div> <div class="col-md-1 col-md-offset-1"><span class="colHeader">Subject</span></div>
<div id="subject" class="col col-md-8">${initialData.subject}</div> <div id="subject"
<%!
class="col col-md-8">${initialData.subject}</div>
</div> </div>
</c:if> </c:if>
<div class="row"> <div class="row">
@ -321,6 +320,29 @@
</div> </div>
</c:when> </c:when>
<c:when test="${param.type=='platform'}"> <c:when test="${param.type=='platform'}">
<c:if test="${not empty initialData.platformType}">
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Platform Type</span></div>
<div id="platformType" class="col col-md-8">${initialData.platformType}</div>
</div>
<div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Platform Chain</span></div>
<div id="platformType" class="col col-md-8">
<span>
<c:forEach items="${initialData.chainCertificates}" var="credential" varStatus="loop">
<c:choose>
<c:when test="${initialData.certificateId==credential.getId().toString()}">
${loop.index}&nbsp;
</c:when>
<c:otherwise>
<a href="${portal}/certificate-details?id=${credential.getId()}&type=platform">${loop.index}</a>&nbsp;
</c:otherwise>
</c:choose>
</c:forEach>
</span>
</div>
</div>
</c:if>
<c:if test="${not empty initialData.CPSuri}"> <c:if test="${not empty initialData.CPSuri}">
<div class="row"> <div class="row">
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Certification Practice Statement URI</span></div> <div class="col-md-1 col-md-offset-1"><span class="colHeader">Certification Practice Statement URI</span></div>
@ -333,16 +355,25 @@
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Holder</span></div> <div class="col-md-1 col-md-offset-1"><span class="colHeader">Holder</span></div>
<div id="holder" class="col col-md-8"> <div id="holder" class="col col-md-8">
<c:if test="${not empty initialData.holderIssuer}"> <c:if test="${not empty initialData.holderIssuer}">
<div>EK Certificate:&nbsp;<span>${initialData.holderIssuer}</span></div> <div>Holder Certificate:&nbsp;<span>${initialData.holderIssuer}</span></div>
</c:if> </c:if>
<div id="certificateid"> <div id="certificateid">
<div>EK Identifier:&nbsp; <div>Holder Identifier:&nbsp;
<c:choose> <c:choose>
<c:when test="${not empty initialData.ekId}"> <c:when test="${not empty initialData.holderId}">
<span> <span>
<a href="${portal}/certificate-details?id=${initialData.ekId}&type=endorsement"> <c:choose>
${initialData.holderSerialNumber} <c:when test="${(not empty initialData.platformType) and (initialData.platformType=='Delta')}">
</a> <a href="${portal}/certificate-details?id=${initialData.holderId}&type=platform">
${initialData.holderSerialNumber}
</a>
</c:when>
<c:otherwise>
<a href="${portal}/certificate-details?id=${initialData.holderId}&type=endorsement">
${initialData.holderSerialNumber}
</a>
</c:otherwise>
</c:choose>
</span> </span>
</c:when> </c:when>
<c:otherwise> <c:otherwise>
@ -620,6 +651,22 @@
<span class="label label-danger">Irreplaceable</span><br/> <span class="label label-danger">Irreplaceable</span><br/>
</c:otherwise> </c:otherwise>
</c:choose> </c:choose>
<c:if test="${component.isVersion2()}">
<c:if test="${not empty component.getCertificateIdentifier()}">
<span class="fieldHeader">Platform Certificate Issuer:</span>
<span class="fieldValue">${component.getCertificateIdentifier().getIssuerDN()}</span><br />
<span class="fieldHeader">Platform Certificate Serial Number:</span>
<span class="fieldValue">${component.getCertificateIdentifier().getCertificateSerialNumber()}</span><br />
<span class="fieldHeader">Platform Certificate URI:</span>
</c:if>
<span class="fieldValue">
<a href="${component.getComponentPlatformUri().getUniformResourceIdentifier()}">
${component.getComponentPlatformUri().getUniformResourceIdentifier()}
</a>
</span><br />
<span class="fieldHeader">Status:</span>
<span class="fieldValue">${component.getAttributeStatus()}</span><br/>
</c:if>
</div> </div>
</div> </div>
</div> </div>
@ -629,10 +676,41 @@
</div> </div>
</div> </div>
</c:if> </c:if>
<c:if test="${not empty initialData.componentsIdentifierURI}">
<!-- Components Identifier URI -->
<div class="panel panel-default">
<div class="panel-heading" role="tab" id="headingTwo">
<h4 class="panel-title">
<a role="button" data-toggle="collapse" data-parent="#platformConfiguration" class="collapsed"
href="#componentIdentifierURIcollapse" aria-expanded="false" aria-controls="componentIdentifierURIcollapse">
Components Identifier URI
</a>
</h4>
</div>
<div id="componentIdentifierURIcollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingTwo">
<div class="panel-body">
<div id="componentIdentifierURI" class="row">
<span class="fieldHeader">URI:</span>
<a href="${initialData.componentsIdentifierURI.getUniformResourceIdentifier()}">
${initialData.componentsIdentifierURI.getUniformResourceIdentifier()}
</a>
<c:if test="${not empty initialData.componentsIdentifierURI.getHashAlgorithm()}">
<span class="fieldHeader">Hash Algorithm:</span>
<span>${initialData.componentsIdentifierURI.getHashAlgorithm()}</span>
</c:if>
<c:if test="${not empty initialData.componentsIdentifierURI.getHashValue()}">
<span class="fieldHeader">Hash Value:</span>
<span>${initialData.componentsIdentifierURI.getHashValue()}</span>
</c:if>
</div>
</div>
</div>
</div>
</c:if>
<c:if test="${not empty initialData.platformProperties}"> <c:if test="${not empty initialData.platformProperties}">
<!-- Platform Properties --> <!-- Platform Properties -->
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading" role="tab" id="headingTwo"> <div class="panel-heading" role="tab" id="headingThree">
<h4 class="panel-title"> <h4 class="panel-title">
<a role="button" data-toggle="collapse" data-parent="#platformConfiguration" class="collapsed" <a role="button" data-toggle="collapse" data-parent="#platformConfiguration" class="collapsed"
href="#platformPropertiescollapse" aria-expanded="false" aria-controls="platformPropertiescollapse"> href="#platformPropertiescollapse" aria-expanded="false" aria-controls="platformPropertiescollapse">
@ -640,7 +718,7 @@
</a> </a>
</h4> </h4>
</div> </div>
<div id="platformPropertiescollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingTwo"> <div id="platformPropertiescollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree">
<div class="panel-body"> <div class="panel-body">
<div id="platformProperties" class="row"> <div id="platformProperties" class="row">
<c:forEach items="${initialData.platformProperties}" var="property"> <c:forEach items="${initialData.platformProperties}" var="property">
@ -663,7 +741,7 @@
<c:if test="${not empty initialData.platformPropertiesURI}"> <c:if test="${not empty initialData.platformPropertiesURI}">
<!-- Platform Properties URI --> <!-- Platform Properties URI -->
<div class="panel panel-default"> <div class="panel panel-default">
<div class="panel-heading" role="tab" id="headingThree"> <div class="panel-heading" role="tab" id="headingFour">
<h4 class="panel-title"> <h4 class="panel-title">
<a role="button" data-toggle="collapse" data-parent="#platformConfiguration" class="collapsed" <a role="button" data-toggle="collapse" data-parent="#platformConfiguration" class="collapsed"
href="#platformPropertiesURIcollapse" aria-expanded="false" aria-controls="platformPropertiesURIcollapse"> href="#platformPropertiesURIcollapse" aria-expanded="false" aria-controls="platformPropertiesURIcollapse">
@ -671,7 +749,7 @@
</a> </a>
</h4> </h4>
</div> </div>
<div id="platformPropertiesURIcollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree"> <div id="platformPropertiesURIcollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingFour">
<div class="panel-body"> <div class="panel-body">
<div id="platformPropertiesURI" class="row"> <div id="platformPropertiesURI" class="row">
<span class="fieldHeader">URI:</span> <span class="fieldHeader">URI:</span>

4
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/index.jsp
View File

@ -30,13 +30,13 @@
<h4>Upload, view and manage CA certificates that complete trust chains for hardware credentials.</h4> <h4>Upload, view and manage CA certificates that complete trust chains for hardware credentials.</h4>
<h3> <h3>
<a href="${certificateRequest}/platform-credentials"> <a href="${certificateRequest}/platform-credentials">
<img src="${icons}/ic_important_devices_black_24dp.png" /> Platform Credentials <img src="${icons}/ic_important_devices_black_24dp.png" /> Platform Certificates
</a> </a>
</h3> </h3>
<h4>Upload, view and manage platform credentials.</h4> <h4>Upload, view and manage platform credentials.</h4>
<h3> <h3>
<a href="${certificateRequest}/endorsement-key-credentials"> <a href="${certificateRequest}/endorsement-key-credentials">
<img src="${icons}/ic_vpn_key_black_24dp.png" /> Endorsement Credentials <img src="${icons}/ic_vpn_key_black_24dp.png" /> Endorsement Certificates
</a> </a>
</h3> </h3>
<h4>Upload, view and manage endorsement credentials.</h4> <h4>Upload, view and manage endorsement credentials.</h4>

13
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/platform-credentials.jsp
View File

@ -12,7 +12,7 @@
<jsp:attribute name="script"> <jsp:attribute name="script">
<script type="text/javascript" src="${lib}/jquery.spring-friendly/jquery.spring-friendly.js"></script> <script type="text/javascript" src="${lib}/jquery.spring-friendly/jquery.spring-friendly.js"></script>
</jsp:attribute> </jsp:attribute>
<jsp:attribute name="pageHeaderTitle">Platform Credentials</jsp:attribute> <jsp:attribute name="pageHeaderTitle">Platform Certificates</jsp:attribute>
<jsp:body> <jsp:body>
<!-- text and icon resource variables --> <!-- text and icon resource variables -->
@ -64,7 +64,16 @@
} }
}, },
{data: 'issuer'}, {data: 'issuer'},
{data: 'credentialType'}, {
data: 'credentialType',
render: function (data, type, full, meta) {
if (full.platformType !== '') {
return full.platformType;
} else {
return full.credentialType;
}
}
},
{data: 'manufacturer'}, {data: 'manufacturer'},
{data: 'model'}, {data: 'model'},
{data: 'version'}, {data: 'version'},

14
HIRS_AttestationCAPortal/src/main/webapp/common/certificate_details.css
View File

@ -49,3 +49,17 @@
padding-top: 5px; padding-top: 5px;
padding-bottom: 5px; padding-bottom: 5px;
} }
.button {
background-color: #555555;
border: none;
color: white;
padding: 20px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
margin: 4px 2px;
cursor: pointer;
border-radius: 2px;
}

55
HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
View File

@ -23,7 +23,9 @@ import javax.persistence.Transient;
import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERNull;
@ -77,6 +79,9 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
private static final String PLATFORM_CONFIGURATION_URI = "2.23.133.5.1.3"; private static final String PLATFORM_CONFIGURATION_URI = "2.23.133.5.1.3";
private static final String PLATFORM_CONFIGURATION = "2.23.133.5.1.7.1"; private static final String PLATFORM_CONFIGURATION = "2.23.133.5.1.7.1";
private static final String PLATFORM_CONFIGURATION_V2 = "2.23.133.5.1.7.2"; private static final String PLATFORM_CONFIGURATION_V2 = "2.23.133.5.1.7.2";
private static final String PLATFORM_CREDENTIAL_TYPE = "2.23.133.2.25";
private static final String PLATFORM_BASE_CERT = "2.23.133.8.2";
private static final String PLATFORM_DELTA_CERT = "2.23.133.8.5";
/** /**
* TCG Platform Specification values * TCG Platform Specification values
@ -144,6 +149,16 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
return this; return this;
} }
/**
* Specify a serial number that certificates must have to be considered as matching.
* @param serialNumber the serial number to query, not empty or null
* @return this instance (for chaining further calls)
*/
public Selector bySerialNumber(final String serialNumber) {
setFieldValue(SERIAL_NUMBER_FIELD, serialNumber);
return this;
}
/** /**
* Specify a board serial number that certificates must have to be considered as matching. * Specify a board serial number that certificates must have to be considered as matching.
* @param boardSerialNumber the board serial number to query, not empty or null * @param boardSerialNumber the board serial number to query, not empty or null
@ -180,6 +195,9 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
@Column @Column
private String credentialType = null; private String credentialType = null;
@Column
private boolean platformBase = false;
private static final String MANUFACTURER_FIELD = "manufacturer"; private static final String MANUFACTURER_FIELD = "manufacturer";
@Column @Column
private String manufacturer = null; private String manufacturer = null;
@ -215,6 +233,8 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
@Transient @Transient
private EndorsementCredential endorsementCredential = null; private EndorsementCredential endorsementCredential = null;
private String platformChainType = Strings.EMPTY;
/** /**
* Get a Selector for use in retrieving PlatformCredentials. * Get a Selector for use in retrieving PlatformCredentials.
* *
@ -342,6 +362,24 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
return credentialType; return credentialType;
} }
/**
* Get the type of platform certificate.
*
* @return the TCG platform type { base | delta }
*/
public boolean isBase() {
return platformBase;
}
/**
* Getter for the string representation of the platform type.
*
* @return Delta or Base
*/
public String getPlatformType() {
return platformChainType;
}
/** /**
* Get the Platform Manufacturer. * Get the Platform Manufacturer.
* *
@ -459,9 +497,9 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
} }
// Get TCG Platform Specification Information // Get TCG Platform Specification Information
for (ASN1Encodable enc: certificate.getAttributes().toArray()) { for (ASN1Encodable enc : certificate.getAttributes().toArray()) {
Attribute attr = Attribute.getInstance(enc); Attribute attr = Attribute.getInstance(enc);
if (TCG_PLATFORM_SPECIFICATION.equals(attr.getAttrType().toString())) { if (attr.getAttrType().toString().equals(TCG_PLATFORM_SPECIFICATION)) {
ASN1Sequence tcgPlatformSpecification ASN1Sequence tcgPlatformSpecification
= ASN1Sequence.getInstance(attr.getAttrValues().getObjectAt(0)); = ASN1Sequence.getInstance(attr.getAttrValues().getObjectAt(0));
ASN1Sequence tcgSpecificationVersion ASN1Sequence tcgSpecificationVersion
@ -475,6 +513,19 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
tcgSpecificationVersion.getObjectAt(2).toString()); tcgSpecificationVersion.getObjectAt(2).toString());
this.platformClass = tcgPlatformSpecification.getObjectAt(1).toString(); this.platformClass = tcgPlatformSpecification.getObjectAt(1).toString();
} else if (attr.getAttrType().toString().equals(PLATFORM_CREDENTIAL_TYPE)) {
ASN1Sequence tcgPlatformType = ASN1Sequence.getInstance(
attr.getAttrValues().getObjectAt(0));
ASN1ObjectIdentifier platformOid = ASN1ObjectIdentifier.getInstance(
tcgPlatformType.getObjectAt(0));
if (platformOid.getId().equals(PLATFORM_BASE_CERT)) {
this.platformBase = true;
this.platformChainType = "Base";
} else if (platformOid.getId().equals(PLATFORM_DELTA_CERT)) {
this.platformBase = false;
this.platformChainType = "Delta";
}
} }
} }
} }

28
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformConfiguration.java
View File

@ -3,7 +3,6 @@ package hirs.data.persist.certificate.attributes;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.stream.Collectors;
/** /**
* Abstract class that provides base info for Platform Configuration of * Abstract class that provides base info for Platform Configuration of
@ -145,31 +144,4 @@ public abstract class PlatformConfiguration {
this.platformPropertiesUri = platformPropertiesUri; this.platformPropertiesUri = platformPropertiesUri;
} }
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PlatformConfiguration{");
sb.append("componentIdentifier=");
if (componentIdentifier.size() > 0) {
sb.append(componentIdentifier
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformProperties=");
if (platformProperties.size() > 0) {
sb.append(platformProperties
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformPropertiesUri=");
if (platformPropertiesUri != null) {
sb.append(platformPropertiesUri.toString());
}
sb.append("}");
return sb.toString();
}
} }

28
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformConfigurationV1.java
View File

@ -1,6 +1,7 @@
package hirs.data.persist.certificate.attributes; package hirs.data.persist.certificate.attributes;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.ASN1TaggedObject;
@ -73,4 +74,31 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
} }
} }
} }
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PlatformConfiguration{");
sb.append("componentIdentifier=");
if (getComponentIdentifier().size() > 0) {
sb.append(getComponentIdentifier()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformProperties=");
if (getPlatformProperties().size() > 0) {
sb.append(getPlatformProperties()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformPropertiesUri=");
if (getPlatformPropertiesUri() != null) {
sb.append(getPlatformPropertiesUri().toString());
}
sb.append("}");
return sb.toString();
}
} }

36
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformConfigurationV2.java
View File

@ -3,6 +3,7 @@ package hirs.data.persist.certificate.attributes.V2;
import hirs.data.persist.certificate.attributes.PlatformConfiguration; import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.data.persist.certificate.attributes.URIReference; import hirs.data.persist.certificate.attributes.URIReference;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.ASN1TaggedObject;
@ -57,9 +58,9 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
} }
break; break;
case COMPONENT_IDENTIFIER_URI: case COMPONENT_IDENTIFIER_URI:
//Get platformPropertiesURI //Get componentIdentifierURI
ASN1Sequence componentUri = ASN1Sequence.getInstance(taggedSequence, false); ASN1Sequence componentUri = ASN1Sequence.getInstance(taggedSequence, false);
//Save properties URI //Save Component Identifier URI
setComponentIdentifierUri(new URIReference(componentUri)); setComponentIdentifierUri(new URIReference(componentUri));
break; break;
case PLATFORM_PROPERTIES: case PLATFORM_PROPERTIES:
@ -84,4 +85,35 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
} }
} }
} }
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PlatformConfiguration{");
sb.append("componentIdentifier=");
if (getComponentIdentifier().size() > 0) {
sb.append(getComponentIdentifier()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", componentIdentifierUri=");
if (getComponentIdentifierUri() != null) {
sb.append(getComponentIdentifierUri().toString());
}
sb.append(", platformProperties=");
if (getPlatformProperties().size() > 0) {
sb.append(getPlatformProperties()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformPropertiesUri=");
if (getPlatformPropertiesUri() != null) {
sb.append(getPlatformPropertiesUri().toString());
}
sb.append("}");
return sb.toString();
}
} }

4
HIRS_Utils/src/main/java/hirs/persist/CertificateSelector.java
View File

@ -286,7 +286,7 @@ public abstract class CertificateSelector<T extends Certificate> {
Preconditions.checkArgument( Preconditions.checkArgument(
value != null, value != null,
"field value cannot be null." String.format("field value (%s) cannot be null.", name)
); );
if (value instanceof String) { if (value instanceof String) {
@ -301,7 +301,7 @@ public abstract class CertificateSelector<T extends Certificate> {
Preconditions.checkArgument( Preconditions.checkArgument(
ArrayUtils.isNotEmpty(valueBytes), ArrayUtils.isNotEmpty(valueBytes),
"field value cannot be empty." String.format("field value (%s) cannot be empty.", name)
); );
valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length); valueToAssign = Arrays.copyOf(valueBytes, valueBytes.length);

40
HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java
View File

@ -5,6 +5,7 @@ import hirs.data.persist.certificate.attributes.PlatformConfiguration;
import hirs.data.persist.certificate.attributes.PlatformProperty; import hirs.data.persist.certificate.attributes.PlatformProperty;
import hirs.data.persist.certificate.attributes.TBBSecurityAssertion; import hirs.data.persist.certificate.attributes.TBBSecurityAssertion;
import hirs.data.persist.certificate.attributes.URIReference; import hirs.data.persist.certificate.attributes.URIReference;
import hirs.data.persist.certificate.attributes.V2.PlatformConfigurationV2;
import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.binary.Hex;
import org.testng.Assert; import org.testng.Assert;
import org.testng.annotations.Test; import org.testng.annotations.Test;
@ -86,6 +87,18 @@ public class PlatformCredentialTest {
static final String TEST_PLATFORM_CERT2_3 = static final String TEST_PLATFORM_CERT2_3 =
"/validation/platform_credentials_2/medium_plat_cert.pem"; "/validation/platform_credentials_2/medium_plat_cert.pem";
/**
* words.
*/
static final String TEST_BASE_PLATFORM_CERT_1 =
"/validation/platform_credentials/plat_base_cert1.pem";
/**
* words.
*/
static final String TEST_DELTA_PLATFORM_CERT_1 =
"/validation/platform_credentials/plat_delta_cert1.pem";
/** /**
* Platform Certificate 2.0 with all the expected data. * Platform Certificate 2.0 with all the expected data.
*/ */
@ -712,6 +725,33 @@ public class PlatformCredentialTest {
Assert.assertTrue(property.getPropertyValue().getString().equals("false")); Assert.assertTrue(property.getPropertyValue().getString().equals("false"));
} }
/**
* Tests Platform Configuration Values. View platform Properties
*
* @throws IOException if an IO error occurs during processing
* @throws URISyntaxException if there is a problem constructing the cert's URI
*/
@Test
public final void testPlatformConfiguration6() throws IOException, URISyntaxException {
URL resource = this.getClass().getResource(TEST_BASE_PLATFORM_CERT_1);
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
Assert.assertTrue(platformConfig instanceof PlatformConfigurationV2);
Assert.assertEquals(platformConfig.getPlatformPropertiesUri()
.getUniformResourceIdentifier().toString(),
"https://www.intel.com/platformproperties.xml");
Assert.assertNotNull(platformConfig.getComponentIdentifierUri());
Assert.assertEquals(platformConfig.getComponentIdentifierUri()
.getUniformResourceIdentifier().toString(),
"https://www.intel.com/platformidentifiers.xml");
}
/** /**
* Tests Platform Configuration Values. View platform Properties * Tests Platform Configuration Values. View platform Properties
* *

54
HIRS_Utils/src/test/resources/validation/platform_credentials/plat_base_cert1.pem Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIJmDCCCIACAQEwgZaggZMwgYqkgYcwgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBv
cmF0aW9uMR4wHAYDVQQLDBVFSyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxFjAUBgNVBAMM
DXd3dy5pbnRlbC5jb20CBDdAg3SggZ0wgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVs
IENvcnBvcmF0aW9uMS4wLAYDVQQLDCVQbGF0Zm9ybSBBdHRyaWJ1dGUgQ2VydGlm
aWNhdGUgSXNzdWVyMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMA0GCSqGSIb3DQEB
CwUAAhRgKWfqeST97mzBULkeg3d9H0J5mTAiGA8yMDE3MDgyMDIxMDgxMFoYDzIw
MjAwODIwMjEwODEwWjCCBK4wHAYFZ4EFAhExEzARMAkCAQICAQACASsEBAAAAAEw
EgYFZ4EFAhkxCTAHBgVngQUIAjAUBgVngQUCFzELMAkCAQECAQECAQswgccGBWeB
BQITMYG9MIG6AgEAoHQWAzMuMQoBBwoBAgEBAIABAYEFKgMEBQaiLRYraHR0cHM6
Ly93d3cuaW50ZWwuY29tL3Byb3RlY3Rpb25wcm9maWxlLnBkZoMFUwQFBgekJBYi
aHR0cHM6Ly93d3cuaW50ZWwuY29tL2NjdGFyZ2V0LnBkZqENFgUxNDAtMgoBBAEB
AIIBAwEBABYqaHR0cHM6Ly93d3cuaW50ZWwuY29tL2lzb2NlcnRpZmljYXRpb24u
cGRmMIIDagYHZ4EFBQEHAjGCA10wggNZoIIC1zCCAXYwDgYGZ4EFEgMBBAQAAAAK
DAdBQkMgT0VNDAxXUjA2WDc4NzFGVEyACUE1NTU1LTk5OYEDMS4xggcrBgEEAYIs
gwH/pDIwFwYFZ4EFEQEMDkFGOjNBOjk0OjEwOkE1MBcGBWeBBRECDA5BRjozNzox
MDpEMjpBOKWBz6AxMA0GCysGAQQBgbAaAQIBBCBgA6M0Mv2RS2ADozQy/ZFLYAOj
NDL9kUtgA6M0Mv2RS6GBmTCBj6SBjDCBiTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AkZMMRcwFQYDVQQHDA5GdC4gTGF1ZGVyZGFsZTEYMBYGA1UECgwPQUJDIENvcnBv
cmF0aW9uMSQwIgYDVQQLDBtQbGF0Zm9ybSBDZXJ0aWZpY2F0ZSBJc3N1ZXIxFDAS
BgNVBAMMC3d3dy5hYmMuY29tAgUKNUzN26YrFilodHRwczovL3d3dy5hYmMuY29t
L2NlcnRzLzQzODQzODk4ODQzLmNlcjCCAVkwDgYGZ4EFEgMBBAQAAAAvDAdYWVog
T0VNDA5MTUJUMzkwNERXMVQxR4AJQzU1NTUtNTU1gQMzLjGCBysGAQQBgiyDAQCk
MjAXBgVngQURAQwOODI6ODk6RkE6RDM6NjEwFwYFZ4EFEQIMDkQ0OjgzOkI0OkYy
Ojc4pYG1oCUwDQYLKwYBBAGBsBoBAgEEFDQy4UFLYJc0NDI0MuFBS2CXNDQyoYGL
MIGDpIGAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJBWjEQMA4GA1UEBwwHUGhv
ZW5peDEUMBIGA1UECgwLWFlDIENvbXBhbnkxJDAiBgNVBAsMG1BsYXRmb3JtIENl
cnRpZmljYXRlIElzc3VlcjEUMBIGA1UEAwwLd3d3Lnh5ei5jb20CAw5TsKYmFiRo
dHRwczovL3d3dy54eXouY29tL2NlcnRzLzkzODkyOC5jZXKhLxYtaHR0cHM6Ly93
d3cuaW50ZWwuY29tL3BsYXRmb3JtaWRlbnRpZmllcnMueG1sohswDAwEdlBybwwE
dHJ1ZTALDANBTVQMBHRydWWjLhYsaHR0cHM6Ly93d3cuaW50ZWwuY29tL3BsYXRm
b3JtcHJvcGVydGllcy54bWwwLAYGZ4EFBQEDMSIwIBYeaHR0cHM6Ly93d3cuaW50
ZWwuY29tL1BDUnMueG1sMIICRTB8BgNVHSAEdTBzMHEGCiqGSIb4TQEFAgQwYzAx
BggrBgEFBQcCARYlaHR0cHM6Ly93d3cuaW50ZWwuY29tL3BsYXRjZXJ0Y3BzLnBk
ZjAuBggrBgEFBQcCAjAiDCBUQ0cgVHJ1c3RlZCBQbGF0Zm9ybSBFbmRvcnNlbWVu
dDB+BgNVHREEdzB1pHMwcTERMA8GBmeBBQUBAQwFSW50ZWwxFTATBgZngQUFAQIw
CQYHKwYBBAGCVzETMBEGBmeBBQUBBAwHUzI2MDBLUDEWMBQGBmeBBQUBBQwKSDc2
OTYyLTM1MDEYMBYGBmeBBQUBBgwMQlFLUDk5OTQwNjQzMIGyBgNVHTcBAf8Egacw
gaQwgaGggZ6kgZswgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UE
BwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMR4wHAYD
VQQLDBVFSyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxFjAUBgNVBAMMDXd3dy5pbnRlbC5j
b20xEjAQBgNVBAUTCTEyODk0Mzc4NzAfBgNVHSMEGDAWgBTUaZAmAoHVXoNLA5du
q4qfj4TJgzA2BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHBzOi8vd3d3
LmludGVsLmNvbS9vY3NwMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHBzOi8vd3d3Lmlu
dGVsLmNvbS9wbGF0Zm9ybWNlcnQuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBfbb0t
gb3flhGKbtQA6qSjO2L0+y20OfgmR4W6D4eIxaIHcF5ORjAt89ucyhIhfWd4uEh3
zwepC4q6RZZssXdI0qcTOAQVu0/T1O9DoP8AQVgQS/Lu+KAnlvaLWvxW+nv/NwMy
dh1mu/GrsZYc3Rodclcw1n/NKh+osvxq2/cGA9kJ3mdJsJ0WVBx3pbfmmWRAFa7D
Yoa/VQJTbPfbkO8fCCtlFwSUwN+u0ZsRen/dBzbfgFq/5yOB3zeoRiO1nPj4qs9r
nh24rEoHQfAoT5Caz4HSqQ9GoJ4L6glMlM0KAad29xaucIjxY3g8N2r1aEuJaXL2
N0NKMXmBpYWiInTX
-----END ATTRIBUTE CERTIFICATE-----

59
HIRS_Utils/src/test/resources/validation/platform_credentials/plat_delta_cert1.pem Normal file
View File

@ -0,0 +1,59 @@
-----BEGIN ATTRIBUTE CERTIFICATE-----
MIIKkzCCCXsCAQEwgbaggbMwgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQI
DAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBv
cmF0aW9uMS4wLAYDVQQLDCVQbGF0Zm9ybSBBdHRyaWJ1dGUgQ2VydGlmaWNhdGUg
SXNzdWVyMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tAhRgKWfqeST97mzBULkeg3d9
H0J5maCBpDCBoaSBnjCBmzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYD
VQQHDAZBdXN0aW4xFzAVBgNVBAoMDlhZWiBJbnRlZ3JhdG9yMTQwMgYDVQQLDCtE
ZWx0YSBQbGF0Zm9ybSBBdHRyaWJ1dGUgQ2VydGlmaWNhdGUgSXNzdWVyMR8wHQYD
VQQDDBZ3d3cueHl6aW50ZWdyYXRvcnMuY29tMA0GCSqGSIb3DQEBCwUAAgQCFPcE
MCIYDzIwMTgxMDE1MjEwODExWhgPMjAyMDA4MjAyMTA4MTFaMIIFeDASBgVngQUC
GTEJMAcGBWeBBQgFMBQGBWeBBQIXMQswCQIBAQIBAQIBDTCCBRAGB2eBBQUBBwIx
ggUDMIIE/6CCBF0wggF5MA4GBmeBBRIDAQQEAAAACgwHQUJDIE9FTQwMV1IwNlg3
ODcxRlRMgAlBNTU1NS05OTmBAzEuMYIHKwYBBAGCLIMB/6QyMBcGBWeBBREBDA5B
RjozQTo5NDoxMDpBNTAXBgVngQURAgwOQUY6Mzc6MTA6RDI6QTilgc+gMTANBgsr
BgEEAYGwGgECAQQgYAOjNDL9kUtgA6M0Mv2RS2ADozQy/ZFLYAOjNDL9kUuhgZkw
gY+kgYwwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJGTDEXMBUGA1UEBwwORnQu
IExhdWRlcmRhbGUxGDAWBgNVBAoMD0FCQyBDb3Jwb3JhdGlvbjEkMCIGA1UECwwb
UGxhdGZvcm0gQ2VydGlmaWNhdGUgSXNzdWVyMRQwEgYDVQQDDAt3d3cuYWJjLmNv
bQIFCjVMzdumKxYpaHR0cHM6Ly93d3cuYWJjLmNvbS9jZXJ0cy80Mzg0Mzg5ODg0
My5jZXKHAQIwggF8MA4GBmeBBRIDAQQEAAAAQQwOQ29tcG9uZW50IENvcnAMCVhU
OTgyODdMTIAHRjk4MS0wMYEDMi4xggcrBgEEAYNIgwH/pDIwFwYFZ4EFEQIMDjcz
OjlCOjkyOjQwOkZBMBcGBWeBBREDDA4xMzozRjo5ODpDNTo1OaWBzaAxMA0GCysG
AQQBgbAaAQIBBCCYqtWRg/qrkZiq1ZGD+quRmKrVkYP6q5GYqtWRg/qrkaGBlzCB
jqSBizCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhTYW4g
Sm9zZTEXMBUGA1UECgwOQ29tcG9uZW50IENvcnAxJDAiBgNVBAsMG1BsYXRmb3Jt
IENlcnRpZmljYXRlIElzc3VlcjEaMBgGA1UEAwwRd3d3LmNvbXBvbmVudC5jb20C
BAXek66mLhYsaHR0cHM6Ly93d3cuY29tcG9uZW50LmNvbS9jZXJ0cy85ODQ3Mjg3
OC5jZXKHAQAwggFcMA4GBmeBBRIDAQQEAAAALwwHWFlaIE9FTQwOTE1CVDM5MDRE
VzFUMUeACUM1NTU1LTU1NYEDNC4wggcrBgEEAYIsgwEApDIwFwYFZ4EFEQEMDjgy
Ojg5OkZBOkQzOjYxMBcGBWeBBRECDA5ENDo4MzpCNDpGMjo3OKWBtaAlMA0GCysG
AQQBgbAaAQIBBBQ0MuFBS2CXNDQyNDLhQUtglzQ0MqGBizCBg6SBgDB+MQswCQYD
VQQGEwJVUzELMAkGA1UECAwCQVoxEDAOBgNVBAcMB1Bob2VuaXgxFDASBgNVBAoM
C1hZQyBDb21wYW55MSQwIgYDVQQLDBtQbGF0Zm9ybSBDZXJ0aWZpY2F0ZSBJc3N1
ZXIxFDASBgNVBAMMC3d3dy54eXouY29tAgMOU7CmJhYkaHR0cHM6Ly93d3cueHl6
LmNvbS9jZXJ0cy85Mzg5MjguY2VyhwEBoTgWNmh0dHBzOi8vd3d3Lnh5emludGVn
cmF0b3JzLmNvbS9wbGF0Zm9ybWlkZW50aWZpZXJzLnhtbKIpMBYMC1RTQyBFbmFi
bGVkDAR0cnVlgAEAMA8MA0FNVAwFZmFsc2WAAQGjNxY1aHR0cHM6Ly93d3cueHl6
aW50ZWdyYXRvcnMuY29tL3BsYXRmb3JtcHJvcGVydGllcy54bWwwOAYGZ4EFBQED
MS4wLBYqaHR0cHM6Ly93d3cueHl6aW50ZWdyYXRvcnMuY29tL1BDUnNfVjIueG1s
MIICXzCBgwYDVR0gBHwwejB4BggqhkiXJwMBAjBsMDoGCCsGAQUFBwIBFi5odHRw
czovL3d3dy54eXppbnRlZ3JhdG9ycy5jb20vcGxhdGNlcnRjcHMucGRmMC4GCCsG
AQUFBwICMCIMIFRDRyBUcnVzdGVkIFBsYXRmb3JtIEVuZG9yc2VtZW50MH4GA1Ud
EQR3MHWkczBxMREwDwYGZ4EFBQEBDAVJbnRlbDEVMBMGBmeBBQUBAjAJBgcrBgEE
AYJXMRMwEQYGZ4EFBQEEDAdTMjYwMEtQMRYwFAYGZ4EFBQEFDApINzY5NjItMzUw
MRgwFgYGZ4EFBQEGDAxCUUtQOTk5NDA2NDMwgbIGA1UdNwEB/wSBpzCBpDCBoaCB
nqSBmzCBmDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlRYMQ8wDQYDVQQHDAZBdXN0
aW4xFzAVBgNVBAoMDlhZWiBJbnRlZ3JhdG9yMR4wHAYDVQQLDBVFSyBDZXJ0aWZp
Y2F0ZSBJc3N1ZXIxHzAdBgNVBAMMFnd3dy54eXppbnRlZ3JhdG9ycy5jb20xETAP
BgNVBAUTCDMyODczODcyMB8GA1UdIwQYMBaAFNRpkCYCgdVeg0sDl26rip+PhMmD
MD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cHM6Ly93d3cueHl6aW50
ZWdyYXRvcnMuY29tL29jc3AwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly93d3cu
eHl6aW50ZWdyYXRvcnMuY29tL3BsYXRmb3JtY2VydC5jcmwwDQYJKoZIhvcNAQEL
BQADggEBAGx3K17RCixE32TPB4u52TeoQxla9zROywTOAVDLa0Na4mfqmt3mTYuE
hkCbYnYX9sqa0KCYmBTTjjO7LndOO7UisQsx8vKTDDVQ6E3etxeeqdiY8g4Rv+t1
nC8Hna+UZ+Lv+rUze/FaOiXH4rn6kxK7jsGe2lVIC7qvIzWnjcF5kgxOQ3SqFmWJ
VFXj2FUqauP4WbDQEH/H+Fgr8QU5Qq/k6nPZXs1CG3cKZfcSOQerF7nWOgCdClbQ
pmfS+PWz10RWbvx6s9+EI+3Ky0GXQrfq3kmbM6Owmfgr9WMkoHJTiBRx8kK+bObd
7GjNOTGvbrHYTslWFF5aDB78md+jJ8A=
-----END ATTRIBUTE CERTIFICATE-----