mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-04-07 19:34:27 +00:00
* Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag.
This commit is contained in:
Cyrus
GitHub
commit
86dfc89dbd
@ -320,7 +320,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
Level level = Level.ERROR;
|
||||
AppraisalStatus fwStatus = null;
|
||||
String manufacturer = device.getDeviceInfo()
|
||||
.getHardwareInfo().getManufacturer();
|
||||
.getHardwareInfo().getManufacturer();
|
||||
|
||||
IssuedAttestationCertificate attCert = IssuedAttestationCertificate
|
||||
.select(this.certificateManager)
|
||||
@ -342,47 +342,48 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
.toArray(new String[swid.getPcrValues().size()]);
|
||||
}
|
||||
pcrPolicy.setBaselinePcrs(baseline);
|
||||
}
|
||||
|
||||
if (attCert != null && fwStatus == null) {
|
||||
String[] pcrsSet = attCert.getPcrValues().split("\\+");
|
||||
String[] pcrs1 = pcrsSet[0].split("\\n");
|
||||
String[] pcrs256 = pcrsSet[1].split("\\n");
|
||||
String[] quote = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
|
||||
int offset = 0;
|
||||
if (attCert != null) {
|
||||
String[] pcrsSet = attCert.getPcrValues().split("\\+");
|
||||
String[] pcrs1 = pcrsSet[0].split("\\n");
|
||||
String[] pcrs256 = pcrsSet[1].split("\\n");
|
||||
String[] quote = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
|
||||
int offset = 0;
|
||||
|
||||
fwStatus = new AppraisalStatus(PASS,
|
||||
SupplyChainCredentialValidator.FIRMWARE_VALID);
|
||||
fwStatus = new AppraisalStatus(PASS,
|
||||
SupplyChainCredentialValidator.FIRMWARE_VALID);
|
||||
|
||||
if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) {
|
||||
// quote from provisioner is formated to indicate the encryption
|
||||
if (pcrs1[0].split(":")[0].contains("sha")) {
|
||||
offset = 1;
|
||||
if (baseline[0].length() == TPMMeasurementRecord.SHA_BYTE_LENGTH) {
|
||||
// quote from provisioner is formated to indicate the encryption
|
||||
if (pcrs1[0].split(":")[0].contains("sha")) {
|
||||
offset = 1;
|
||||
}
|
||||
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
|
||||
//update quote with the pcr only, based on offset
|
||||
quote[i] = pcrs1[i + offset].split(":")[1].trim();
|
||||
}
|
||||
} else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) {
|
||||
// quote from provisioner is formated to indicate the encryption
|
||||
if (pcrs256[0].split(":")[0].contains("sha")) {
|
||||
offset = 1;
|
||||
}
|
||||
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
|
||||
//update quote with the pcr only, based on offset
|
||||
quote[i] = pcrs256[i + offset].split(":")[1].trim();
|
||||
}
|
||||
}
|
||||
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
|
||||
//update quote with the pcr only, based on offset
|
||||
quote[i] = pcrs1[i + offset].split(":")[1].trim();
|
||||
}
|
||||
} else if (baseline[0].length() == TPMMeasurementRecord.SHA_256_BYTE_LENGTH) {
|
||||
// quote from provisioner is formated to indicate the encryption
|
||||
if (pcrs256[0].split(":")[0].contains("sha")) {
|
||||
offset = 1;
|
||||
}
|
||||
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
|
||||
//update quote with the pcr only, based on offset
|
||||
quote[i] = pcrs256[i + offset].split(":")[1].trim();
|
||||
|
||||
StringBuilder sb = pcrPolicy.validatePcrs(quote);
|
||||
if (sb.length() > 0) {
|
||||
level = Level.ERROR;
|
||||
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
||||
} else {
|
||||
level = Level.INFO;
|
||||
}
|
||||
} else if (fwStatus != null) {
|
||||
fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation"
|
||||
+ " Certificate can not be found.");
|
||||
}
|
||||
StringBuilder sb = pcrPolicy.validatePcrs(quote);
|
||||
if (sb.length() > 0) {
|
||||
level = Level.ERROR;
|
||||
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
||||
} else {
|
||||
level = Level.INFO;
|
||||
}
|
||||
} else {
|
||||
fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation"
|
||||
+ " Certificate can not be found.");
|
||||
}
|
||||
|
||||
return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE,
|
||||
@ -514,7 +515,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
||||
* @param validationType the type of validation
|
||||
* @param result the appraisal status
|
||||
* @param message the validation message to include in the summary and log
|
||||
* @param archivableEntity the archivableEntity associated with the validation
|
||||
* @param archivableEntity the archivableEntity associated with the
|
||||
* validation
|
||||
* @param logLevel the log level
|
||||
* @return a SupplyChainValidation
|
||||
*/
|
||||
|
||||
@ -18,6 +18,7 @@ import java.security.cert.CertificateException;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.ArrayList;
|
||||
import java.util.UUID;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
@ -157,7 +158,7 @@ public class ReferenceManifestDetailsPageController
|
||||
data.put("rimType", rim.getRimType());
|
||||
List<SwidResource> resources = rim.parseResource();
|
||||
String resourceFilename = null;
|
||||
TCGEventLog logProcessor = new TCGEventLog();
|
||||
TCGEventLog logProcessor;
|
||||
|
||||
try {
|
||||
for (SwidResource swidRes : resources) {
|
||||
@ -171,8 +172,7 @@ public class ReferenceManifestDetailsPageController
|
||||
swidRes.setPcrValues(Arrays.asList(
|
||||
logProcessor.getExpectedPCRValues()));
|
||||
} else {
|
||||
swidRes.setPcrValues(Arrays.asList(
|
||||
logProcessor.getExpectedPCRValues()));
|
||||
swidRes.setPcrValues(new ArrayList<>());
|
||||
}
|
||||
}
|
||||
} catch (NoSuchFileException nsfEx) {
|
||||
|
||||
@ -94,7 +94,7 @@
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Support RIM(s)</span></div>
|
||||
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Payload/Support RIM(s)</span></div>
|
||||
<div id="platformConfiguration" class="col col-md-8">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading" role="tab" id="headingOne">
|
||||
@ -107,7 +107,6 @@
|
||||
</div>
|
||||
<div id="directorycollapse" class="panel-collapse collapse in" role="tabpanel" aria-labelledby="headingOne" aria-expanded="true">
|
||||
<div class="panel-body">
|
||||
|
||||
<div class="panel-heading" role="tab" id="headingThree">
|
||||
<h3 class="panel-title">
|
||||
<a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed"
|
||||
@ -116,7 +115,6 @@
|
||||
</a>
|
||||
</h3>
|
||||
</div>
|
||||
|
||||
<div id="filescollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true">
|
||||
<c:if test="${not empty initialData.swidFiles}">
|
||||
<div id="componentIdentifier" class="row">
|
||||
@ -124,49 +122,57 @@
|
||||
<div class="component col col-md-10" style="padding-left: 20px">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<span data-toggle="tooltip" data-placement="top" title="Resource File">${resource.getName()}
|
||||
<span data-toggle="tooltip" data-placement="top" title="Resource File">
|
||||
${resource.getName()}
|
||||
</span>
|
||||
</div>
|
||||
<div class="component col col-md-10">
|
||||
<span class="fieldHeader">File Size:</span>
|
||||
<span class="fieldValue">${resource.getSize()}</span><br/>
|
||||
<span class="fieldHeader">Hash:</span>
|
||||
<span class="fieldValue" style="overflow-wrap: break-word">${resource.getHashValue()}</span><br/>
|
||||
<c:if test="${not empty resource.getRimFormat()}">
|
||||
<span class="fieldHeader">RIM Format:</span>
|
||||
<span class="fieldValue">${resource.getRimFormat()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getRimType()}">
|
||||
<span class="fieldHeader">RIM Type:</span>
|
||||
<span class="fieldValue">${resource.getRimType()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getRimUriGlobal()}">
|
||||
<span class="fieldHeader">URI Global:</span>
|
||||
<span class="fieldValue">${resource.getRimUriGlobal()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getPcrValues()}">
|
||||
<div class="panel-body">
|
||||
<div class="component" role="tab" id="pcrValues">
|
||||
<a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed"
|
||||
href="#pcrscollapse" aria-expanded="false" aria-controls="pcrscollapse">
|
||||
Expected PCR Values
|
||||
</a>
|
||||
</div>
|
||||
<div id="pcrscollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true">
|
||||
<div>
|
||||
<c:forEach items="${resource.getPcrMap()}" var="pcrValue">
|
||||
<div id="componentIdentifier" class="row">
|
||||
<div>
|
||||
<span>${pcrValue.key}</span>
|
||||
<span style="overflow-wrap: break-word">${pcrValue.value}</span>
|
||||
</div>
|
||||
<c:choose>
|
||||
<c:when test="${not empty resource.getPcrValues()}">
|
||||
<div class="component col col-md-10">
|
||||
<span class="fieldHeader">File Size:</span>
|
||||
<span class="fieldValue">${resource.getSize()}</span><br/>
|
||||
<span class="fieldHeader">Hash:</span>
|
||||
<span class="fieldValue" style="overflow-wrap: break-word">${resource.getHashValue()}</span><br/>
|
||||
<c:if test="${not empty resource.getRimFormat()}">
|
||||
<span class="fieldHeader">RIM Format:</span>
|
||||
<span class="fieldValue">${resource.getRimFormat()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getRimType()}">
|
||||
<span class="fieldHeader">RIM Type:</span>
|
||||
<span class="fieldValue">${resource.getRimType()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getRimUriGlobal()}">
|
||||
<span class="fieldHeader">URI Global:</span>
|
||||
<span class="fieldValue">${resource.getRimUriGlobal()}</span><br/>
|
||||
</c:if>
|
||||
<c:if test="${not empty resource.getPcrValues()}">
|
||||
<div class="panel-body">
|
||||
<div class="component" role="tab" id="pcrValues">
|
||||
<a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed"
|
||||
href="#pcrscollapse" aria-expanded="false" aria-controls="pcrscollapse">
|
||||
Expected PCR Values
|
||||
</a>
|
||||
</div>
|
||||
<div id="pcrscollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true">
|
||||
<div>
|
||||
<c:forEach items="${resource.getPcrMap()}" var="pcrValue">
|
||||
<div id="componentIdentifier" class="row">
|
||||
<div>
|
||||
<span>${pcrValue.key}</span>
|
||||
<span style="overflow-wrap: break-word">${pcrValue.value}</span>
|
||||
</div>
|
||||
</div>
|
||||
</c:forEach>
|
||||
</div>
|
||||
</c:forEach>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</c:if>
|
||||
</div>
|
||||
</c:if>
|
||||
</div>
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
<div class="component col col-md-10" style="color: red; padding-left: 20px">Support RIM file named ${resource.getName()} was not imported via the Reference Integrity Manifest page.</div>
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
</div>
|
||||
</div>
|
||||
</c:forEach>
|
||||
|
||||
@ -213,9 +213,6 @@ public class SwidResource {
|
||||
return innerMap;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private void parsePcrValues() {
|
||||
TCGEventLog logProcessor = new TCGEventLog();
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user