From c0a056b9874383ee287f6a0856e0dd45e04016dd Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Thu, 4 Mar 2021 14:55:51 -0500 Subject: [PATCH 1/4] Script to download the validation report(s) from the ACAPortal from the command line. --- .../ValidationReportsPageController.java | 6 ++++-- scripts/download_validation_reports.sh | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 scripts/download_validation_reports.sh diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java index b0cf463e..cad21395 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java @@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletResponse; import java.io.BufferedWriter; import java.io.IOException; import java.io.OutputStreamWriter; +import java.nio.charset.StandardCharsets; import java.time.LocalDate; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; @@ -138,6 +139,7 @@ public class ValidationReportsPageController extends PageController Date: Tue, 16 Feb 2021 14:24:18 -0500 Subject: [PATCH 2/4] Add column in csv file for platform cert issuer for each component identifier --- .../ValidationReportsPageController.java | 34 +++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java index cad21395..a3217722 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java @@ -42,9 +42,11 @@ import java.time.format.DateTimeFormatter; import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; +import java.util.List; import java.util.UUID; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; /** * Controller for the Validation Reports page. @@ -60,7 +62,7 @@ public class ValidationReportsPageController extends PageController> parseComponents(final PlatformCredential pc) { ArrayList> parsedComponents = new ArrayList>(); + ArrayList> chainComponents = new ArrayList<>(); if (pc.getComponentIdentifiers() != null && pc.getComponentIdentifiers().size() > 0) { LOGGER.info("Component failures: " + pc.getComponentFailures()); + // get all the certificates associated with the platform serial + List chainCertificates = PlatformCredential + .select(certificateManager) + .byBoardSerialNumber(pc.getPlatformSerial()) + .getCertificates().stream().collect(Collectors.toList()); + // combine all components in each certificate + for (ComponentIdentifier ci : pc.getComponentIdentifiers()) { + ArrayList issuerAndComponent = new ArrayList(); + issuerAndComponent.add(pc.getIssuer()); + issuerAndComponent.add(ci); + chainComponents.add(issuerAndComponent); + } + + for (PlatformCredential delta : chainCertificates) { + if (!delta.isBase()) { + for (ComponentIdentifier ci : delta.getComponentIdentifiers()) { + ArrayList issuerAndComponent = new ArrayList(); + issuerAndComponent.add(delta.getIssuer()); + issuerAndComponent.add(ci); + chainComponents.add(issuerAndComponent); + } + } + } ArrayList componentFailures = new ArrayList(Arrays.asList(pc.getComponentFailures().split(";"))); - for (ComponentIdentifier ci : pc.getComponentIdentifiers()) { + for (ArrayList issuerAndComponent : chainComponents) { ArrayList componentData = new ArrayList(); + String issuer = (String) issuerAndComponent.get(0); + issuer = issuer.replaceAll(",", " "); + ComponentIdentifier ci = (ComponentIdentifier) issuerAndComponent.get(1); if (ci instanceof ComponentIdentifierV2) { componentData.add(((ComponentIdentifierV2) ci).getComponentClass().toString()); } else { @@ -276,6 +305,7 @@ public class ValidationReportsPageController extends PageController Date: Tue, 23 Feb 2021 12:00:55 -0500 Subject: [PATCH 3/4] Detect component failures in delta certs for validation reports --- .../ValidationReportsPageController.java | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java index a3217722..1aa7a68d 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java @@ -40,7 +40,6 @@ import java.time.LocalDate; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; import java.util.ArrayList; -import java.util.Arrays; import java.util.Enumeration; import java.util.List; import java.util.UUID; @@ -264,9 +263,11 @@ public class ValidationReportsPageController extends PageController> parseComponents(final PlatformCredential pc) { ArrayList> parsedComponents = new ArrayList>(); ArrayList> chainComponents = new ArrayList<>(); + + StringBuilder componentFailureString = new StringBuilder(); if (pc.getComponentIdentifiers() != null && pc.getComponentIdentifiers().size() > 0) { - LOGGER.info("Component failures: " + pc.getComponentFailures()); + componentFailureString.append(pc.getComponentFailures()); // get all the certificates associated with the platform serial List chainCertificates = PlatformCredential .select(certificateManager) @@ -280,18 +281,18 @@ public class ValidationReportsPageController extends PageController issuerAndComponent = new ArrayList(); - issuerAndComponent.add(delta.getIssuer()); + issuerAndComponent.add(cert.getIssuer()); issuerAndComponent.add(ci); chainComponents.add(issuerAndComponent); } } } - ArrayList componentFailures = - new ArrayList(Arrays.asList(pc.getComponentFailures().split(";"))); + LOGGER.info("Component failures: " + componentFailureString.toString()); for (ArrayList issuerAndComponent : chainComponents) { ArrayList componentData = new ArrayList(); String issuer = (String) issuerAndComponent.get(0); @@ -306,8 +307,8 @@ public class ValidationReportsPageController extends PageController Date: Tue, 16 Mar 2021 10:16:17 -0400 Subject: [PATCH 4/4] Add ACA address as option 3rd commandline parameter. Handle case where no reports are available or selected for download. --- .../controllers/ValidationReportsPageController.java | 10 +++++++--- scripts/download_validation_reports.sh | 9 ++++++++- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java index 1aa7a68d..7b84263b 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java @@ -193,7 +193,8 @@ public class ValidationReportsPageController extends PageController 4) { + reportData.delete(reportData.lastIndexOf(",") - 4, reportData.length()); + } } - reportData.delete(reportData.lastIndexOf(",") - 4, reportData.length()); } bufferedWriter.append(columnHeaders + "\n"); bufferedWriter.append(reportData.toString() + "\n"); diff --git a/scripts/download_validation_reports.sh b/scripts/download_validation_reports.sh index 0356197f..c67fdac3 100644 --- a/scripts/download_validation_reports.sh +++ b/scripts/download_validation_reports.sh @@ -3,8 +3,15 @@ #User input parameters: #$1 filter start date 'yyyy-mm-dd' #$2 filter end date 'yyyy-mm-dd' +#$3 ACA address, default is localhost if not given -endpoint="https://localhost:8443/HIRS_AttestationCAPortal/portal/validation-reports" +if [ -z "$3" ] + then + endpoint="https://localhost:8443/HIRS_AttestationCAPortal/portal/validation-reports" + else + endpoint="https://$3:8443/HIRS_AttestationCAPortal/portal/validation-reports" +fi +echo "$endpoint" content=$(curl --insecure $endpoint/list) rawTimes=$(jq -r '.data | map(.createTime | tostring) | join(",")' <<< "$content") createTimes=""