ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-20 17:52:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Some additional updates to fix visual changes on the screen. This one

Browse Source 
is mainly with deviceName
This commit is contained in:
Cyrus 2023-09-28 17:11:34 -04:00
parent c046851e07
commit 8be945035d
10 changed files with 26 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractRequestHandler.java
View File

@ -137,7 +137,8 @@ public class AbstractRequestHandler {
if (identityClaim.hasEndorsementCredential()) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
certificateRepository,
identityClaim.getEndorsementCredential().toByteArray());
identityClaim.getEndorsementCredential().toByteArray(),
identityClaim.getDv().getNw().getHostname());
} else if (ekPub != null) {
log.warn("Endorsement Cred was not in the identity claim from the client."
+ " Checking for uploads.");
@ -261,6 +262,7 @@ public class AbstractRequestHandler {
}
}
if (generateCertificate) {
attCert.setDeviceId(device.getId());
attCert.setDeviceName(device.getName());
certificateRepository.save(attCert);
}

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimHandler.java
View File

@ -105,7 +105,7 @@ public class IdentityClaimHandler extends AbstractRequestHandler {
* @return an identity claim response for the specified request containing a wrapped blob
*/
public byte[] processIdentityClaimTpm2(final byte[] identityClaim) {
log.error("Identity Claim received...");
log.info("Identity Claim received...");
if (ArrayUtils.isEmpty(identityClaim)) {
log.error("Identity claim empty throwing exception.");

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityRequestHandler.java
View File

@ -110,7 +110,7 @@ public class IdentityRequestHandler extends AbstractRequestHandler {
byte[] ecBytesFromIdentityRequest = proof.getEndorsementCredential();
if (ArrayUtils.isNotEmpty(ecBytesFromIdentityRequest)) {
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
this.certificateRepository, ecBytesFromIdentityRequest);
this.certificateRepository, ecBytesFromIdentityRequest, "");
try {
BigInteger publicKeyModulus = Certificate.getPublicKeyModulus(
endorsementCredential.getX509Certificate());

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelper.java
View File

@ -27,12 +27,13 @@ public final class CredentialManagementHelper {
* it is unarchived.
* @param certificateRepository the certificate manager used for storage
* @param endorsementBytes the raw EK bytes used for parsing
* @param deviceName the host name
* @return the parsed, valid EK
* @throws IllegalArgumentException if the provided bytes are not a valid EK.
*/
public static EndorsementCredential storeEndorsementCredential(
final CertificateRepository certificateRepository,
final byte[] endorsementBytes) throws IllegalArgumentException {
final byte[] endorsementBytes, final String deviceName) throws IllegalArgumentException {
if (certificateRepository == null) {
throw new IllegalArgumentException("null certificate manager");
@ -64,6 +65,7 @@ public final class CredentialManagementHelper {
.findByCertificateHash(certificateHash);
if (existingCredential == null) {
log.info("No Endorsement Credential found with hash: " + certificateHash);
endorsementCredential.setDeviceName(deviceName);
return (EndorsementCredential) certificateRepository.save(endorsementCredential);
} else if (existingCredential.isArchived()) {
// if the EK is stored in the DB and it's archived, unarchive.

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
View File

@ -109,13 +109,13 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
String message;
String certVerifyMsg;
if (pc == null) {
message = baseErrorMessage + "a platform credential\n";
message = baseErrorMessage + "a platform credential";
log.error(message);
return new AppraisalStatus(FAIL, message);
}
try {
if (trustStore == null || trustStore.size() == 0) {
message = baseErrorMessage + "an Issuer Cert in the Trust Store\n";
message = baseErrorMessage + "an Issuer Cert in the Trust Store";
log.error(message);
return new AppraisalStatus(FAIL, message);
}

21
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java
View File

@ -45,10 +45,9 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
boolean passed = true;
String[] baseline = new String[Integer.SIZE];
AppraisalStatus fwStatus = null;
String hostName = device.getDeviceInfo().getNetworkInfo().getHostname();
String manufacturer = device.getDeviceInfo()
.getHardwareInfo().getManufacturer();
String model = device.getDeviceInfo()
.getHardwareInfo().getProductName();
ReferenceManifest validationObject;
List<BaseReferenceManifest> baseReferenceManifests = null;
BaseReferenceManifest baseReferenceManifest = null;
@ -58,7 +57,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
baseReferenceManifests = referenceManifestRepository.findAllBaseRims();
for (BaseReferenceManifest bRim : baseReferenceManifests) {
if (bRim.getPlatformManufacturer().equals(manufacturer)
if (bRim.getDeviceName().equals(hostName)
&& !bRim.isSwidSupplemental() && !bRim.isSwidPatch()) {
baseReferenceManifest = bRim;
}
@ -73,8 +72,8 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
baseReferenceManifest.getEventLogHash());
if (measurement == null) {
measurement = referenceManifestRepository.getLogByModel(
baseReferenceManifest.getPlatformModel());
measurement = referenceManifestRepository.byMeasurementDeviceName(
baseReferenceManifest.getDeviceName());
}
}
@ -111,10 +110,10 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
"Firmware validation failed: invalid certificate path.");
validationObject = baseReferenceManifest;
}
} catch (IOException e) {
log.error("Error getting X509 cert from manager: " + e.getMessage());
} catch (SupplyChainValidatorException e) {
log.error("Error validating cert against keystore: " + e.getMessage());
} catch (IOException ioEx) {
log.error("Error getting X509 cert from manager: " + ioEx.getMessage());
} catch (SupplyChainValidatorException scvEx) {
log.error("Error validating cert against keystore: " + scvEx.getMessage());
fwStatus = new AppraisalStatus(FAIL,
"Firmware validation failed: invalid certificate path.");
}
@ -199,7 +198,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
List<ReferenceDigestValue> eventValue;
HashMap<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
try {
if (measurement.getPlatformManufacturer().equals(manufacturer)) {
if (measurement.getDeviceName().equals(hostName)) {
tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
eventValue = referenceDigestValueRepository
.findValuesByBaseRimId(baseReferenceManifest.getId());
@ -246,7 +245,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
referenceManifestRepository.save(eventLog);
} else {
fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: "
+ "%s for %s can not be found", failedString, manufacturer));
+ "%s for %s can not be found", failedString, hostName));
if (measurement != null) {
measurement.setOverallValidationResult(fwStatus.getAppStatus());
referenceManifestRepository.save(measurement);

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java
View File

@ -131,10 +131,11 @@ public class DevicePageController extends PageController<NoPageParams> {
issuedCertificateList.addAll(issuedCertificateRepository.findByDeviceId(id));
}
HashMap<String, List<Object>> certificatePropertyMap;
// loop all the devices
for (Device device : deviceList) {
// hashmap containing the list of certificates based on the certificate type
HashMap<String, List<Object>> certificatePropertyMap = new HashMap<>();
certificatePropertyMap = new HashMap<>();
deviceCertMap.put("device", device);
String deviceName;
@ -179,8 +180,7 @@ public class DevicePageController extends PageController<NoPageParams> {
}
for (IssuedAttestationCertificate ic : issuedCertificateList) {
deviceName = deviceRepository.findById(ic.getDeviceId()).get().getName();
deviceName = ic.getDeviceName();
// set the certificate if it's the same ID
if (device.getName().equals(deviceName)) {
String certificateId = IssuedAttestationCertificate.class.getSimpleName();

8
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/endorsement-key-credentials.jsp
View File

@ -52,13 +52,7 @@
data: 'deviceName',
render: function (data, type, full, meta) {
// if there's a device, display its name, otherwise
// display nothing
if (full.device) {
// TODO render a link to a device details page,
// passing the device.id
return full.deviceName;
}
return '';
return full.deviceName;
}
},
{data: 'issuer'},

7
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/issued-certificates.jsp
View File

@ -48,12 +48,7 @@
render: function (data, type, full, meta) {
// if there's a device, display its name, otherwise
// display nothing
if (full.device) {
// TODO render a link to a device details page,
// passing the device.id
return full.deviceName;
}
return '';
return full.deviceName;
}
},
{data: 'issuer'},

8
HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/platform-credentials.jsp
View File

@ -57,13 +57,7 @@
data: 'deviceName',
render: function (data, type, full, meta) {
// if there's a device, display its name, otherwise
// display nothing
if (full.device) {
// TODO render a link to a device details page,
// passing the device.id
return full.deviceName;
}
return '';
return full.deviceName;
}
},
{data: 'issuer'},