ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 17:52:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

PCR policy matching wasn't propertly failing because the baseline from the support RIM was not properly populating.

Browse Source
This commit is contained in:
Cyrus 2020-10-05 10:44:18 -04:00
parent 653acd270e
commit 89fbaa0517
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -12,6 +12,7 @@ import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.SwidResource;
import hirs.data.persist.PCRPolicy;
import hirs.data.persist.ArchivableEntity;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.validation.SupplyChainCredentialValidator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -19,6 +20,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Import;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
@ -337,9 +339,23 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (rim instanceof BaseReferenceManifest) {
BaseReferenceManifest bRim = (BaseReferenceManifest) rim;
List<SwidResource> swids = bRim.parseResource();
TCGEventLog logProcessor;
for (SwidResource swid : swids) {
baseline = swid.getPcrValues()
.toArray(new String[swid.getPcrValues().size()]);
ReferenceManifest dbRim = ReferenceManifest.select(
referenceManifestManager).byFileName(swid.getName()).getRIM();
if (dbRim != null) {
try {
logProcessor = new TCGEventLog(dbRim.getRimBytes());
baseline = logProcessor.getExpectedPCRValues();
} catch (CertificateException cEx) {
LOGGER.error(cEx);
} catch (NoSuchAlgorithmException noSaEx) {
LOGGER.error(noSaEx);
} catch (IOException ioEx) {
LOGGER.error(ioEx);
}
}
}
pcrPolicy.setBaselinePcrs(baseline);