From 55936806d73d74ba9c11be6ef46246866ea0526c Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Wed, 1 Nov 2023 10:03:34 -0400 Subject: [PATCH 1/2] Revert "Merge pull request #606 from nsacyber/v3_issue-596" This reverts commit 071e89a44f31e005c5e73f233b7c55643521d9e3, reversing changes made to 45d550729f38dea75290d53b7439dfbc0795bd17. --- .../persist/entity}/AbstractEntity.java | 2 +- .../persist/entity}/ArchivableEntity.java | 2 +- .../persist/entity/UserDefinedEntity.java | 1 - .../manager/CACredentialRepository.java | 2 +- .../entity/manager/CertificateRepository.java | 2 +- .../manager/ReferenceManifestRepository.java | 4 +- .../entity/userdefined}/Certificate.java | 6 +- .../persist/entity/userdefined/Device.java | 2 +- .../userdefined}/ReferenceManifest.java | 4 +- .../persist/entity/userdefined/Report.java | 2 +- .../userdefined/SupplyChainValidation.java | 4 +- .../SupplyChainValidationSummary.java | 2 +- .../CertificateAuthorityCredential.java | 3 +- .../certificate}/CertificateVariables.java | 2 +- .../certificate/ComponentResult.java | 2 +- .../certificate/ConformanceCredential.java | 2 +- .../DeviceAssociatedCertificate.java | 2 +- .../userdefined/report/DeviceInfoReport.java | 2 +- .../rim/BaseReferenceManifest.java | 3 +- .../userdefined/rim/EventLogMeasurements.java | 2 +- .../userdefined/rim/ReferenceDigestValue.java | 2 +- .../rim/SupportReferenceManifest.java | 2 +- .../persist/provision/AbstractProcessor.java | 2 +- .../provision/IdentityClaimProcessor.java | 4 +- .../service/SupplyChainValidationService.java | 2 +- .../persist/service/ValidationService.java | 6 +- .../service/selector/CertificateSelector.java | 2 +- .../selector/ReferenceManifestSelector.java | 4 +- .../persist/util}/CredentialHelper.java | 3 +- .../CertificateAttributeScvValidator.java | 2 +- .../validation/FirmwareScvValidator.java | 7 +- .../ReferenceManifestValidator.java | 2 +- .../entity/userdefined}/CertificateTest.java | 93 +++-- .../SupplyChainValidationTest.java | 49 +-- .../certificate/PlatformCredentialTest.java | 3 +- .../CertificatePageController.java | 6 +- .../controllers/DevicePageController.java | 2 +- ...eferenceManifestDetailsPageController.java | 8 +- .../ReferenceManifestPageController.java | 4 +- .../RimDatabasePageController.java | 2 +- .../utils/CertificateStringMapBuilder.java | 4 +- HIRS_Utils/build.gradle | 3 +- .../ek_cert_with_padded_bytes.cer | Bin 1100 -> 0 bytes .../certificates/fakeIntelIntermediateCA.cer | 19 - .../resources/certificates/fakeRootCA.cer | 18 - .../certificates/fakeSGIIntermediateCA.cer | 19 - .../certificates/fakestmtpmekint02.pem | 22 -- .../platform_credentials/Intel_pc3.cer | Bin 772 -> 0 bytes .../platform_credentials/Intel_pc4.pem | Bin 914 -> 0 bytes .../platform_credentials/Intel_pc5.pem | Bin 914 -> 0 bytes .../TPM_INTC_Platform_Cert_RSA.txt | Bin 2144 -> 0 bytes .../intel_chain/root/intermediate2.cer | Bin 1645 -> 0 bytes tools/tcg_rim_tool/build.gradle | 11 + .../java/hirs/swid/BaseReferenceManifest.java | 360 ++++++++++++++++++ .../main/java/hirs/swid/DigestAlgorithm.java | 66 ++++ .../java/hirs/swid/ReferenceManifest.java | 165 ++++++++ .../src/main/java/hirs/swid/SwidResource.java | 83 ++++ 57 files changed, 812 insertions(+), 214 deletions(-) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity}/AbstractEntity.java (97%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity}/ArchivableEntity.java (98%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined}/Certificate.java (99%) rename {HIRS_Utils/src/main/java/hirs/utils/rim => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined}/ReferenceManifest.java (97%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate}/CertificateAuthorityCredential.java (97%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate}/CertificateVariables.java (97%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined}/rim/BaseReferenceManifest.java (99%) rename {HIRS_Utils/src/main/java/hirs/utils => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util}/CredentialHelper.java (98%) rename {HIRS_Utils/src/main/java/hirs/utils/rim => HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation}/ReferenceManifestValidator.java (99%) rename {HIRS_Utils/src/test/java/hirs/utils => HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined}/CertificateTest.java (90%) delete mode 100644 HIRS_Utils/src/test/resources/certificates/ek_cert_with_padded_bytes.cer delete mode 100644 HIRS_Utils/src/test/resources/certificates/fakeIntelIntermediateCA.cer delete mode 100644 HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer delete mode 100644 HIRS_Utils/src/test/resources/certificates/fakeSGIIntermediateCA.cer delete mode 100644 HIRS_Utils/src/test/resources/certificates/fakestmtpmekint02.pem delete mode 100755 HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc3.cer delete mode 100644 HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc4.pem delete mode 100644 HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc5.pem delete mode 100644 HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt delete mode 100644 HIRS_Utils/src/test/resources/validation/platform_credentials/intel_chain/root/intermediate2.cer create mode 100644 tools/tcg_rim_tool/src/main/java/hirs/swid/BaseReferenceManifest.java create mode 100644 tools/tcg_rim_tool/src/main/java/hirs/swid/DigestAlgorithm.java create mode 100644 tools/tcg_rim_tool/src/main/java/hirs/swid/ReferenceManifest.java create mode 100644 tools/tcg_rim_tool/src/main/java/hirs/swid/SwidResource.java diff --git a/HIRS_Utils/src/main/java/hirs/utils/AbstractEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/utils/AbstractEntity.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java index 2d699e87..e89249c6 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/AbstractEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java @@ -1,4 +1,4 @@ -package hirs.utils; +package hirs.attestationca.persist.entity; import jakarta.persistence.Column; import jakarta.persistence.GeneratedValue; diff --git a/HIRS_Utils/src/main/java/hirs/utils/ArchivableEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java similarity index 98% rename from HIRS_Utils/src/main/java/hirs/utils/ArchivableEntity.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java index fbb32bd0..a39ec842 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/ArchivableEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/ArchivableEntity.java @@ -1,4 +1,4 @@ -package hirs.utils; +package hirs.attestationca.persist.entity; import jakarta.persistence.Column; import jakarta.persistence.MappedSuperclass; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java index 730378f4..ca38680d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java @@ -1,6 +1,5 @@ package hirs.attestationca.persist.entity; -import hirs.utils.ArchivableEntity; import jakarta.persistence.Column; import jakarta.persistence.MappedSuperclass; import lombok.AllArgsConstructor; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java index 26362784..d3f3074f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CACredentialRepository.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.manager; -import hirs.utils.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; import org.springframework.stereotype.Repository; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java index 0f83b2a5..5a97022d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/CertificateRepository.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.manager; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index d934a769..eb0892b2 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.entity.manager; -import hirs.utils.rim.ReferenceManifest; -import hirs.utils.rim.BaseReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; import org.springframework.data.jpa.repository.JpaRepository; diff --git a/HIRS_Utils/src/main/java/hirs/utils/Certificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/utils/Certificate.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java index af28a232..fda9d4c8 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/Certificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Certificate.java @@ -1,7 +1,11 @@ -package hirs.utils; +package hirs.attestationca.persist.entity.userdefined; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.attestationca.persist.entity.ArchivableEntity; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVariables; +import hirs.attestationca.persist.util.CredentialHelper; +import hirs.utils.HexUtils; import jakarta.persistence.Column; import jakarta.persistence.Entity; import jakarta.persistence.Inheritance; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java index cd56b9c4..118cd3d7 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined; -import hirs.utils.AbstractEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport; import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.enums.HealthStatus; diff --git a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifest.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java index 321a8ef9..ea496a00 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/ReferenceManifest.java @@ -1,8 +1,8 @@ -package hirs.utils.rim; +package hirs.attestationca.persist.entity.userdefined; -import hirs.utils.ArchivableEntity; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.attestationca.persist.entity.ArchivableEntity; import jakarta.persistence.Access; import jakarta.persistence.AccessType; import jakarta.persistence.Column; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Report.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Report.java index daf0c523..d6c4ff2b 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Report.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Report.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined; -import hirs.utils.AbstractEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import jakarta.persistence.Access; import jakarta.persistence.AccessType; import jakarta.persistence.Entity; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java index 7a040ac7..97c892e5 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidation.java @@ -1,9 +1,7 @@ package hirs.attestationca.persist.entity.userdefined; import com.google.common.base.Preconditions; -import hirs.utils.ArchivableEntity; -import hirs.utils.Certificate; -import hirs.utils.rim.ReferenceManifest; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.enums.AppraisalStatus; import jakarta.persistence.Column; import jakarta.persistence.Entity; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java index 57f772b2..3ffeff34 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.entity.userdefined; import com.google.common.base.Preconditions; -import hirs.utils.ArchivableEntity; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.enums.AppraisalStatus; import jakarta.persistence.CascadeType; import jakarta.persistence.Column; diff --git a/HIRS_Utils/src/main/java/hirs/utils/CertificateAuthorityCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/utils/CertificateAuthorityCredential.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java index add48be0..72047d42 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/CertificateAuthorityCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredential.java @@ -1,5 +1,6 @@ -package hirs.utils; +package hirs.attestationca.persist.entity.userdefined.certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import jakarta.persistence.Column; import jakarta.persistence.Entity; import lombok.Getter; diff --git a/HIRS_Utils/src/main/java/hirs/utils/CertificateVariables.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/utils/CertificateVariables.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java index 16fcc4a4..621ef771 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/CertificateVariables.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateVariables.java @@ -1,4 +1,4 @@ -package hirs.utils; +package hirs.attestationca.persist.entity.userdefined.certificate; public class CertificateVariables { diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index 9be4a092..ddb6f13c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.certificate; -import hirs.utils.AbstractEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import jakarta.persistence.Entity; import lombok.AccessLevel; import lombok.EqualsAndHashCode; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ConformanceCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ConformanceCredential.java index c695016d..25186117 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ConformanceCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ConformanceCredential.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.certificate; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import jakarta.persistence.Entity; import lombok.AccessLevel; import lombok.NoArgsConstructor; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/DeviceAssociatedCertificate.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/DeviceAssociatedCertificate.java index 499e69af..e0f54321 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/DeviceAssociatedCertificate.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/DeviceAssociatedCertificate.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.certificate; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import jakarta.persistence.Column; import jakarta.persistence.MappedSuperclass; import lombok.AccessLevel; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReport.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReport.java index d33538a9..1d4c4a1f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReport.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReport.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.report; -import hirs.utils.AbstractEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo; import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo; import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo; diff --git a/HIRS_Utils/src/main/java/hirs/utils/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/utils/rim/BaseReferenceManifest.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index a10fdf45..74493148 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -1,5 +1,6 @@ -package hirs.utils.rim; +package hirs.attestationca.persist.entity.userdefined.rim; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.utils.SwidResource; import hirs.utils.swid.SwidTagConstants; import jakarta.persistence.Column; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java index 6433c746..4d400121 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/EventLogMeasurements.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; -import hirs.utils.rim.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/ReferenceDigestValue.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/ReferenceDigestValue.java index 72c9dbce..be8106ef 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/ReferenceDigestValue.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/ReferenceDigestValue.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.rim; -import hirs.utils.AbstractEntity; +import hirs.attestationca.persist.entity.AbstractEntity; import jakarta.persistence.Access; import jakarta.persistence.AccessType; import jakarta.persistence.Column; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java index 14c74d75..98769b57 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/SupportReferenceManifest.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; -import hirs.utils.rim.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import jakarta.persistence.Column; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java index f36233db..cca14eca 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java @@ -4,7 +4,7 @@ import com.google.protobuf.ByteString; import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.PolicyRepository; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.PolicySettings; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index 308a0344..05e1ad77 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -11,7 +11,7 @@ import hirs.attestationca.persist.entity.manager.TPM2ProvisionerStateRepository; import hirs.attestationca.persist.entity.tpm.TPM2ProvisionerState; import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.PolicySettings; -import hirs.utils.rim.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidationSummary; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; @@ -21,7 +21,7 @@ import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo; import hirs.attestationca.persist.entity.userdefined.info.OSInfo; import hirs.attestationca.persist.entity.userdefined.info.TPMInfo; import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport; -import hirs.utils.rim.BaseReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java index c55c1a90..9e6f5d4c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java @@ -1,6 +1,7 @@ package hirs.attestationca.persist.service; import hirs.attestationca.persist.DBManagerException; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ComponentResultRepository; @@ -20,7 +21,6 @@ import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifes import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.validation.PcrValidator; import hirs.attestationca.persist.validation.SupplyChainCredentialValidator; -import hirs.utils.ArchivableEntity; import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java index e54af196..1fe060b5 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java @@ -1,13 +1,16 @@ package hirs.attestationca.persist.service; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ComponentResultRepository; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.PolicySettings; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; @@ -16,10 +19,7 @@ import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.validation.CertificateAttributeScvValidator; import hirs.attestationca.persist.validation.CredentialValidator; import hirs.attestationca.persist.validation.FirmwareScvValidator; -import hirs.utils.ArchivableEntity; import hirs.utils.BouncyCastleUtils; -import hirs.utils.Certificate; -import hirs.utils.CertificateAuthorityCredential; import lombok.extern.log4j.Log4j2; import org.apache.logging.log4j.Level; import org.bouncycastle.util.encoders.Hex; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java index c83b1982..5f28222c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/CertificateSelector.java @@ -1,7 +1,7 @@ package hirs.attestationca.persist.service.selector; import com.google.common.base.Preconditions; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Predicate; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java index 4f6b4d88..62442115 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/selector/ReferenceManifestSelector.java @@ -1,8 +1,8 @@ package hirs.attestationca.persist.service.selector; import com.google.common.base.Preconditions; -import hirs.utils.Certificate; -import hirs.utils.rim.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.Certificate; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Predicate; diff --git a/HIRS_Utils/src/main/java/hirs/utils/CredentialHelper.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java similarity index 98% rename from HIRS_Utils/src/main/java/hirs/utils/CredentialHelper.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java index 27f55912..f6224504 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/CredentialHelper.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java @@ -1,5 +1,6 @@ -package hirs.utils; +package hirs.attestationca.persist.util; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateVariables; import lombok.AccessLevel; import lombok.NoArgsConstructor; import lombok.extern.log4j.Log4j2; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index b6194351..5140632a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -1,6 +1,6 @@ package hirs.attestationca.persist.validation; -import hirs.utils.ArchivableEntity; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java index 068f4dd1..39f43b56 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java @@ -5,15 +5,14 @@ import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.PolicySettings; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.service.ValidationService; -import hirs.utils.CertificateAuthorityCredential; import hirs.utils.SwidResource; -import hirs.utils.rim.ReferenceManifest; -import hirs.utils.rim.ReferenceManifestValidator; -import hirs.utils.rim.BaseReferenceManifest; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; import lombok.extern.log4j.Log4j2; diff --git a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java rename to HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java index 2f3bcc14..6001d34a 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java @@ -1,4 +1,4 @@ -package hirs.utils.rim; +package hirs.attestationca.persist.validation; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBException; diff --git a/HIRS_Utils/src/test/java/hirs/utils/CertificateTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java similarity index 90% rename from HIRS_Utils/src/test/java/hirs/utils/CertificateTest.java rename to HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java index 71187416..b9a0d916 100644 --- a/HIRS_Utils/src/test/java/hirs/utils/CertificateTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java @@ -1,4 +1,6 @@ -package hirs.utils; +package hirs.attestationca.persist.entity.userdefined; + +import hirs.attestationca.persist.entity.ArchivableEntity; import java.io.FileInputStream; import java.io.IOException; @@ -27,30 +29,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; * This class tests functionality of the {@link Certificate} class. */ public class CertificateTest { - /** - * Location of another, slightly different platform attribute cert. - */ - public static final String TEST_PLATFORM_CERT_3 = - "/validation/platform_credentials/Intel_pc3.cer"; - - /** - * Platform cert with comma separated baseboard and chassis serial number. - */ - public static final String TEST_PLATFORM_CERT_4 = - "/validation/platform_credentials/Intel_pc4.pem"; - - /** - * Another platform cert with comma separated baseboard and chassis serial number. - */ - public static final String TEST_PLATFORM_CERT_5 = - "/validation/platform_credentials/Intel_pc5.pem"; - - /** - * Location of another, slightly different platform attribute cert. - */ - public static final String TEST_PLATFORM_CERT_6 = - "/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt"; - /** * Location of a test (fake) root CA certificate. */ @@ -73,8 +51,59 @@ public class CertificateTest { */ public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer"; + /** + * Location of another test self-signed certificate. + */ + public static final String ANOTHER_SELF_SIGNED_FILE = + "/certificates/fakeSelfSigned.cer"; + + /** + * Location of the NUC EC. + */ + public static final String STM_NUC1_EC = "/certificates/nuc-1/tpmcert.pem"; + + /** + * Location of the ST Micro Intermediate 02 CA certificate. + */ + public static final String STM_INT_02_CA = "/certificates/stMicroCaCerts/stmtpmekint02.crt"; + + /** + * Location of the ST Micro Root CA certificate. + */ + public static final String STM_ROOT_CA = "/certificates/stMicroCaCerts/stmtpmekroot.crt"; + + /** + * Location of the GlobalSign Root CA certificate. + */ + public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt"; + + /** + * Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE. + */ + public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX = + "58ec313a1699f94c1c8c4e2c6412402b258f0177"; + + /** + * Location of a test STM endorsement credential. + */ + public static final String TEST_EC = "/certificates/ab21ccf2-tpmcert.pem"; + + /** + * Location of a test client cert. + */ + public static final String ISSUED_CLIENT_CERT = + "/tpm/sample_identity_cert.cer"; + private static final String INT_CA_CERT02 = "/certificates/fakestmtpmekint02.pem"; + private static final String RDN_COMMA_SEPARATED = + "CN=STM TPM EK Intermediate CA 02, O=STMicroelectronics NV, C=CH"; + private static final String RDN_MULTIVALUE = + "CN=Nuvoton TPM Root CA 2010+O=Nuvoton Technology Corporation+C=TW"; + + private static final String RDN_COMMA_SEPARATED_ORGANIZATION = "STMicroelectronics NV"; + private static final String RDN_MULTIVALUE_ORGANIZATION = "Nuvoton Technology Corporation"; + private static final String EK_CERT_WITH_PADDED_BYTES = "/certificates/ek_cert_with_padded_bytes.cer"; @@ -168,11 +197,11 @@ public class CertificateTest { assertNotEquals(getTestCertificate( PlatformCredential.class, - TEST_PLATFORM_CERT_3).getCertificateType(), + PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType(), Certificate.CertificateType.X509_CERTIFICATE); assertEquals(getTestCertificate( PlatformCredential.class, - TEST_PLATFORM_CERT_3).getCertificateType(), + PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType(), Certificate.CertificateType.ATTRIBUTE_CERTIFICATE); } @@ -186,7 +215,7 @@ public class CertificateTest { @Test public void testImportPem() throws IOException { Certificate platformCredential = getTestCertificate( - PlatformCredential.class, TEST_PLATFORM_CERT_4 + PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4 ); assertEquals(platformCredential.getCertificateType(), @@ -197,7 +226,7 @@ public class CertificateTest { ); platformCredential = getTestCertificate( - PlatformCredential.class, TEST_PLATFORM_CERT_5 + PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5 ); assertEquals(platformCredential.getCertificateType(), @@ -257,12 +286,12 @@ public class CertificateTest { public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException { Certificate platformCert = getTestCertificate( PlatformCredential.class, - TEST_PLATFORM_CERT_3 + PlatformCredentialTest.TEST_PLATFORM_CERT_3 ); X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder( Files.readAllBytes(Paths.get(this.getClass().getResource( - TEST_PLATFORM_CERT_3 + PlatformCredentialTest.TEST_PLATFORM_CERT_3 ).toURI())) ); @@ -292,7 +321,7 @@ public class CertificateTest { public void testX509AttributeCertificateParsingExtended() throws IOException, URISyntaxException { Certificate platformCert = getTestCertificate( - PlatformCredential.class, TEST_PLATFORM_CERT_6); + PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6); assertEquals(platformCert.getAuthorityInfoAccess(), "https://trustedservices.intel.com/" diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java index 1c5dbdfa..95c35a64 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java @@ -3,16 +3,11 @@ package hirs.attestationca.persist.entity.userdefined; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; -import hirs.utils.ArchivableEntity; -import hirs.utils.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.ArchivableEntity; import hirs.attestationca.persist.enums.AppraisalStatus; -import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import java.io.IOException; -import java.net.URISyntaxException; -import java.nio.file.Paths; -import java.util.ArrayList; import java.util.List; /** @@ -22,40 +17,6 @@ import java.util.List; class SupplyChainValidationTest { private static final String MESSAGE = "Some message."; - /** - * Location of a test (fake) root CA certificate. - */ - public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer"; - - /** - * Location of a test (fake) Intel intermediate CA certificate. - */ - public static final String FAKE_INTEL_INT_CA_FILE = - "/certificates/fakeIntelIntermediateCA.cer"; - - /** - * Location of a test (fake) SGI intermediate CA certificate. - */ - public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer"; - private static final List allTestCertificates = - new ArrayList(3); - - @BeforeAll - private static void setAllTestCertificates() throws URISyntaxException, IOException { - allTestCertificates.add( - new CertificateAuthorityCredential( - Paths.get(SupplyChainValidationTest.class.getResource( - FAKE_SGI_INT_CA_FILE).toURI()))); - allTestCertificates.add( - new CertificateAuthorityCredential( - Paths.get(SupplyChainValidationTest.class.getResource( - FAKE_INTEL_INT_CA_FILE).toURI()))); - allTestCertificates.add( - new CertificateAuthorityCredential( - Paths.get(SupplyChainValidationTest.class.getResource( - FAKE_ROOT_CA_FILE).toURI()))); - } - /** * Test that this class' getter methods work properly. * @@ -70,7 +31,7 @@ class SupplyChainValidationTest { ); assertEquals( validation.getCertificatesUsed(), - allTestCertificates + CertificateTest.getAllTestCertificates() ); assertEquals(validation.getMessage(), MESSAGE); } @@ -86,7 +47,7 @@ class SupplyChainValidationTest { new SupplyChainValidation( null, AppraisalStatus.Status.PASS, - allTestCertificates, + CertificateTest.getAllTestCertificates(), MESSAGE )); } @@ -117,7 +78,7 @@ class SupplyChainValidationTest { new SupplyChainValidation( SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, AppraisalStatus.Status.PASS, - allTestCertificates, + CertificateTest.getAllTestCertificates(), MESSAGE ); } @@ -134,7 +95,7 @@ class SupplyChainValidationTest { return getTestSupplyChainValidation( SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL, AppraisalStatus.Status.PASS, - allTestCertificates + CertificateTest.getAllTestCertificates() ); } diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java index 0c5c32c3..43b06ae4 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java @@ -1,7 +1,6 @@ package hirs.attestationca.persist.entity.userdefined.certificate; -import hirs.utils.Certificate; -import hirs.utils.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformProperty; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index 77968193..08df7d76 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -9,12 +9,12 @@ import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.EndorsementCredentialRepository; import hirs.attestationca.persist.entity.manager.IssuedCertificateRepository; import hirs.attestationca.persist.entity.manager.PlatformCertificateRepository; -import hirs.utils.Certificate; -import hirs.utils.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.Certificate; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; -import hirs.utils.CredentialHelper; +import hirs.attestationca.persist.util.CredentialHelper; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; import hirs.attestationca.portal.datatables.OrderedListQueryDataTableAdapter; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java index 9a42a374..4b475c35 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/DevicePageController.java @@ -6,7 +6,7 @@ import hirs.attestationca.persist.entity.manager.DeviceRepository; import hirs.attestationca.persist.entity.manager.EndorsementCredentialRepository; import hirs.attestationca.persist.entity.manager.IssuedCertificateRepository; import hirs.attestationca.persist.entity.manager.PlatformCertificateRepository; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.Device; import hirs.attestationca.persist.entity.userdefined.certificate.DeviceAssociatedCertificate; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index d20a4a29..10c3e327 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -5,14 +5,14 @@ import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; -import hirs.utils.rim.ReferenceManifest; -import hirs.utils.CertificateAuthorityCredential; -import hirs.utils.rim.BaseReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; -import hirs.utils.rim.ReferenceManifestValidator; import hirs.attestationca.persist.service.ValidationService; +import hirs.attestationca.persist.validation.ReferenceManifestValidator; import hirs.attestationca.persist.validation.SupplyChainCredentialValidator; import hirs.attestationca.persist.validation.SupplyChainValidatorException; import hirs.attestationca.portal.page.Page; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 68b3bf19..e9b53b74 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -4,8 +4,8 @@ import hirs.attestationca.persist.DBManagerException; import hirs.attestationca.persist.FilteredRecordsList; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; -import hirs.utils.rim.ReferenceManifest; -import hirs.utils.rim.BaseReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; +import hirs.attestationca.persist.entity.userdefined.rim.BaseReferenceManifest; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; import hirs.attestationca.portal.datatables.DataTableInput; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java index 74445763..36cd752c 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/RimDatabasePageController.java @@ -5,7 +5,7 @@ import hirs.attestationca.persist.DBManagerException; import hirs.attestationca.persist.FilteredRecordsList; import hirs.attestationca.persist.entity.manager.ReferenceDigestValueRepository; import hirs.attestationca.persist.entity.manager.ReferenceManifestRepository; -import hirs.utils.Certificate; +import hirs.attestationca.persist.entity.userdefined.Certificate; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; import hirs.attestationca.portal.datatables.DataTableInput; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java index 88855ab4..9c1066a9 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java @@ -3,8 +3,8 @@ package hirs.attestationca.portal.page.utils; import hirs.attestationca.persist.entity.manager.CACredentialRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.ComponentResultRepository; -import hirs.utils.Certificate; -import hirs.utils.CertificateAuthorityCredential; +import hirs.attestationca.persist.entity.userdefined.Certificate; +import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential; import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult; import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; diff --git a/HIRS_Utils/build.gradle b/HIRS_Utils/build.gradle index 1bc6b786..f2b6cbd4 100644 --- a/HIRS_Utils/build.gradle +++ b/HIRS_Utils/build.gradle @@ -37,7 +37,6 @@ dependencies { implementation libs.commons.lang3 implementation libs.commons.io implementation libs.minimal.json - implementation libs.hibernate.core implementation 'org.apache.logging.log4j:log4j-core:2.19.0' implementation 'org.apache.logging.log4j:log4j-api:2.19.0' @@ -73,4 +72,4 @@ jar { // // commandLine './genXjcLibrary.sh' //} -//compileJava.dependsOn generateXjcLibrary +//compileJava.dependsOn generateXjcLibrary \ No newline at end of file diff --git a/HIRS_Utils/src/test/resources/certificates/ek_cert_with_padded_bytes.cer b/HIRS_Utils/src/test/resources/certificates/ek_cert_with_padded_bytes.cer deleted file mode 100644 index 65426766e4ce2c318559e09cac9d8cf38ef4b59a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1100 zcmXqLV(u_#Vk%g`%*4pV#L4h-*Xz`qS6wC<@Un4gwRyCC=VfGMWo0l3H4HY8XJZa! zVHTF~D=o_}$=3Gh`2%Fi!RaCTHMGB7kSPz5RA5|)E2NKMYj%g@PAuT*f(FDl3{ zN-W9D&okfzDPt363JEum6X!KFGcYwWGBPl-G&PPA=QRd$4K1Kt0|tX8#&`oSgj?7R zY!`3?O<>jLV`h?KWmqU-Acm0TK$2M`VjzT&;bdVAaSm`~U~XdM2N}x6)WpchFyn{t zE|Cw#9k1tkIV4y6>dP8dds%GD@C>;Xu*&A6g&mXl-K0Dj;a3$cw0v7i7jQU{ruhLs%bTo(*B7{n2z7s_qSB+Q}`Oc8}}r)e&{w`Tr1dfyqcT4 z?^~4q6<@Q((+|%*Y@2C)o~bD9_mtI}cAwOoYbrO@?e3*2pQo31bcRpYcjqsT;cHr( zqxkYV;|z`ES7&BzjBmYcK6T%5zuUZ5O0`d{eO1mic>M-)UR->i(OY z=Zeo?ZNH|?#LURRxVYG$(7*>6C$fT!jQ?4j3>=o&8Q2(F8Hlj4rZ=)OF$!~MrdXM{ znwppx8yFY}Kt!2@+5G~XL(D2FU?R-I>_Bw}rWS?7cg2F8JKUyd8?Q%FR$v~60?`d>HOK!{|jm#@I!}ynZUTF=W?U zp*OqKDwg_RuARthlD@V-;(Pl4|6lg|wBFyI=y*f*Jk!@w$BJvE;$zpyWUp1=3ZLyV7kJ&vv;)|uZhdXrmZkxd+Bg?G(*jd{?%9XD8*z-H1#(Uf0p48Q*KOHqp&eyJMdX=1TO+O=a_p;he%hpZ( b)Wl@K?scGx=i>j>MR&6Uw)+1R9O3`~^{Qw) diff --git a/HIRS_Utils/src/test/resources/certificates/fakeIntelIntermediateCA.cer b/HIRS_Utils/src/test/resources/certificates/fakeIntelIntermediateCA.cer deleted file mode 100644 index cf8ed36b..00000000 --- a/HIRS_Utils/src/test/resources/certificates/fakeIntelIntermediateCA.cer +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDGDCCAgKgAwIBAgIBAjALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS -b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTI3MDEyNDE1MjU0MVowJzElMCMGA1UE -AwwcRmFrZSBJbnRlbCBJbnRlcm1lZGlhdGUgQ0EgMTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKOwrvGN7liqE0Fv0Z5jSRuYdz5WHbxNgb9HNvllM9AK -a61TKVL2yWjaDMeO3r/QmL6MbiVNLfSYzJtotbujpelZSucgFqq/6skr5K8ik1Lk -se7DrZGsheC6g9ei5UyAJlIQtCmm26xIraQWtQbSrMvMoRo25vm2LNA9fY46hx/a -zk9yPI9OLXOWuK/OnT7gmV/ESU1fLWXedVCxYZfu9KyMD2PxHG5eZc8e/Or/cVt1 -5wuP16ZbzCV8NsJFKPBvfKsngznb4WuGOPTbMJaslB5wJZPp+GyBe3L0g4vr2+GE -WldoObtit9vdHj1HDcsxk2IHaQZ7zkJZ2vyGdDYn10ECAwEAAaNjMGEwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCEFgTDtdHY0MnCE -8CeV32cOi9dzMB8GA1UdIwQYMBaAFFjsMToWmflMHIxOLGQSQCsljwF3MAsGCSqG -SIb3DQEBCwOCAQEAb9OPfUQSOZG5JLNJTMJtBUXWPAAhR7xXvWtG17B3c8UrU4kN -bfqAQnVkya+7vUPpaxVP5KJjzud8hBg5xqgaf7MO5mq/P+3RmtudB/AunTiBApSL -f0nXEMl3UbGdfseWnrEC0QMetsBDgPyhUAJ+P+KwEWWndpaeZRV1pfvPc2OMqG3J -or8hmfEVk2k9Di3GThsA5PnKehYE+FGHtT2+YO5Tpn75PdhN8r2N6MU7kXVPN9yi -5RT5HKpee8ZmkzYdOhWe7+7W23j3Klh3yyVHW1Yk426PRuRym9RrPOZO8dSJY0n5 -abPM8+BCy4GpK/wdUuZhKBo1BX/Mq7fMfR07kQ== ------END CERTIFICATE----- diff --git a/HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer b/HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer deleted file mode 100644 index 7fca7bac..00000000 --- a/HIRS_Utils/src/test/resources/certificates/fakeRootCA.cer +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5zCCAdGgAwIBAgIBATALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS -b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTQ3MDEyNDE1MjU0MVowFzEVMBMGA1UE -AwwMRmFrZSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -geIXUAtrlc+FY8FC/bAGC6Vg1lbok+kILT/ZmG/4vdigZ2hzFR3dVjmgWd4hp3uP -dY7E/JUEouBq24qDpPUWrHIxSCqGp9Rn+whGq6Yy7d1d0FGyskIJJ2aFr1QC+/jA -4CptLbQGhqmyALrmXFai3scUmNciuTbEb3Ap9829IdsD4F9hT557zRSocaelVCUw -6sNLU78fJfG7K3dKmKemvtprqlDlfM3nya5P6IzkRKiPpXN6Q1sL7FDkKQ3HuyBM -WqPU+AWhqhCR9hRenuTpwTxEPVPA8FRV78wkV3VLzXCG7lHPZ8xCDKAZzdbwymjU -wfm9Wr5KperE83suIcIHxQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBBjAdBgNVHQ4EFgQUWOwxOhaZ+UwcjE4sZBJAKyWPAXcwCwYJKoZI -hvcNAQELA4IBAQA2qgdehg53y1ehnq9KKdV5JllGgPon1GigMrMJ8VMGo+zs7h2q -CYlqCyuCI5hYWzZTRzwX6OAfZkIVEgY0O2lYJgTzsC+kz4EFArzq5eLqw2/hsn8c -KveCz+6mIL9AoyAMx9NZB1IytkDWIOtIElxOoAojluEDp3L1gzr9PVHJkI9KMeVV -eaH6Hg+Wg6I0jS1546oJnheEmcrwYaLJ0pHZR9NGpkICxDNMpNTLW9yy8e/kK+iB -xzT6vc3p791ktO1UD5kfK0QW8oRyMX0eHdRlDK2so+VWA5pEka+ZPc9dPB5JSudm -HBfbguS1HVpYAfJslzj31UpSnxr7ZA4OWiLf ------END CERTIFICATE----- diff --git a/HIRS_Utils/src/test/resources/certificates/fakeSGIIntermediateCA.cer b/HIRS_Utils/src/test/resources/certificates/fakeSGIIntermediateCA.cer deleted file mode 100644 index 959cb8e7..00000000 --- a/HIRS_Utils/src/test/resources/certificates/fakeSGIIntermediateCA.cer +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDFjCCAgCgAwIBAgIBAzALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS -b290IENBMB4XDTE3MDEyNDE1MjU0MVoXDTI3MDEyNDE1MjU0MVowJTEjMCEGA1UE -AwwaRmFrZSBTR0kgSW50ZXJtZWRpYXRlIENBIDEwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC7tS739kM5cCJBVXGJtTgiV30AKtnDXeF5uw40DYfiXf1H -H5QAHNdiLqiZpsYJPiTnS7drsdvlzT1zjkfu11cI0jdUjMqDfSP+2MfAvrcjpdSN -R2YlcIJSNTeJyydvkxl6l0keXKdaoUkrMoJ+O0BWbSy7jXbicmndh4aoscq0Qp6s -99n4bPwrKqV/GkuTRjaUqGoEx/h9gM05kUcO5kw9xwO21ogY1H+j3NNstmTAjko+ -PNEhVEp5Ax6XpqTZOqbFpiWQdA7oXJsXar0tXi0DWBWcVz0EXqoOSxhH4cpnBmSZ -ioioIOCzcxitdcWIQS+phm/B+vhK4+YUKHCF2ds1AgMBAAGjYzBhMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQynzPkAJcEtxU2u0uy -YG2QqJ+U/zAfBgNVHSMEGDAWgBRY7DE6Fpn5TByMTixkEkArJY8BdzALBgkqhkiG -9w0BAQsDggEBAGs9uq0DKACdcgoNyJcHzyb11EhMe8+l/D+j8JjsRp3w6rXpw60U -ptZVMh7/SpRte7NjUBJ7wk76IIhntu6rcf/ik4ptyOgSUxDzGDffQzPRHRmXmjj0 -eir+cVQP34O7gByj/n92S9GP4/0RYGt7X7PGGiNArSroeS83fUQMVHhN8PbFzcrk -y9NHNR/In90Le/tPsFwGdTYzirgnjmcaVZFgCQfKuU3xr9vjANc2i5+QzzApjZ1i -K3o3z1eLOz6x25C03J8MF6GRiSV9AjrP8P0vQc25zpsjKH/rvdwmLIC6IjprF3Wk -nqakIzC7ABXdKhS8pOLkbmcoPlyt1rP9RgA= ------END CERTIFICATE----- diff --git a/HIRS_Utils/src/test/resources/certificates/fakestmtpmekint02.pem b/HIRS_Utils/src/test/resources/certificates/fakestmtpmekint02.pem deleted file mode 100644 index eefe3b6f..00000000 --- a/HIRS_Utils/src/test/resources/certificates/fakestmtpmekint02.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDjzCCAnmgAwIBAgIBBTALBgkqhkiG9w0BAQswFzEVMBMGA1UEAwwMRmFrZSBS -b290IENBMB4XDTExMDEyMTAwMDAwMFoXDTI5MTIzMTAwMDAwMFowVTELMAkGA1UE -BhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBOVjEmMCQGA1UEAxMd -U1RNIFRQTSBFSyBJbnRlcm1lZGlhdGUgQ0EgMDIwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCTt4oZ/7h4Fdx65T2ab/PtfsYPXHC396VVyaE+Z/Dxx4sT -emUQZn/zYPOfzg2c8Z6LQuuFg/BhzC8kNAp2tzCRfjBiWeUeSZLiUQeArYEz8HE1 -WSLArrqdGg1pz82Kh8L32og9hQ9GmsQp0yiI1lPTs7Uw9iOtcVtiyhGOFXXvltwu -1mYEuU6apG4Sc8tjSY+qEjAypJXyN1/I1X+254DHAkd19zXCKN+PSA7da9Rn8Afq -Fq4aIGVZzBSSgKEmD/GkKyw1Ze0kDgIE189iAw+m6NY4Gv/Cm+9nQ4fA9qq5Kloe -x8HWrN46qm2/boqujtnSSWPOhY3341z6N4xpRY07AgMBAAGjgaswgagwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwRQYDVR0gAQH/BDswOTA3BgRVHSAA -MC8wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5 -LzAdBgNVHQ4EFgQUVx+Aa0fM55v6NZR87Yi40QBa4J4wHwYDVR0jBBgwFoAUWOwx -OhaZ+UwcjE4sZBJAKyWPAXcwCwYJKoZIhvcNAQELA4IBAQB8IaDIWicxm7m2qyDv -v4L253D3qRcx+sdM2GM0IpvK3u9z3BQraAhF6PPLlgFGP6slZdDY6ryrP8PEkvsH -tHoapB1MWe+eMrxw7dXQLnpzm/P++8AWMtY8roziiO7x3AYTbRb9lB2HjOWc2aGZ -1xW+su+aTnr9U4uYO1+HrDDKYgkypIcousRwUMW6c6szAZY2UtWS2e4346V3LVLz -sv22n4rqWWRzJ2tl+jIqLepChqOdgscDL+aO2iowmzTSWV/WLJRaTs0AsOYJkdlG -8wWRzygRbfGdIL7A/hKK42o0b7v3R/NI0nemwAzVN/QOYjTbkOCIUBg/6mT8CkYx -pmiq ------END CERTIFICATE----- diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc3.cer b/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc3.cer deleted file mode 100755 index 42d19bbd3b618513a5d968ecc7b81dbb4a8384c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 772 zcmXqLVrDRCVtm2G$Y@}&K+iyIiHL!ap@0D&8*?ZNGY@-kh;L?cQ9hH1_YA$>r#mNh z-zYg0Ii*$j)!CyL&n#%1V9?mRq_NAOvE7i{fD@#LO_(V(7{=k?VRCjf1eyqvVdvov zPRuJwRB+BoEJ`$#GLQg?a`6ay=9Q%8C^+XA733EsmSpDV87dmcgXFk*BtnW3^NI@+ zi&FDS6oN|&3UVqHoHG(L^9;odL_kWId3ejq%k?rrM(8Ey=Nj;`acZ@Bw0-AgWMpM! zU=rccE|&aTlKd#`P|u1P0R_+6%Dp@dlqC3#3=GW;jE#(qjEqf;jiW#U#s-E)#z16h zX=)i|U}zx8#+u&9$|ML14g*eL2r)4-0ZAT4L!jMYDPfRDnHU+G7?~Lv84Ma18u$Vo zC9A;5_@Bkuz|p{-jSJ+MAHIyNOe{bX_1QSI*?{h1XJRr?=1~lB4scWmDJm^4Nlj4* z$Vn_o%P-1RaLr4}FDg#W1$x;a0A!pX$T&9xmnBXH4&bN(+s(qm3Jy3!Q3GL!Ygl=> zTwIMU3{68Ky*&`ZY&={ZMrM|l7P=+|Mrh%~+yr#DxQTx8YHfyg_In(st{$K6!(hhX z=e7FTDzyw{7F+HaL5rVm+q2E+o0%0;EO*Z0ra&DQ4H2UYn+vWrHn@bX{mgCh%By>6 zm>{oZ`2}g#%}RAnJl{R4HX6TkK9{%PWcNe9M8^BGe-$P!Ntx(sa9T^B`?X!p_MHM6 zVhY(lx5ek&+;*IM>eth&FR4~=*E^=9@+Vq#zk0H2+TH!vxE7!NbAdhh<##TQ60 t^_Z-f9Fud;CU!1|`{nbm>uv?!HT=E3jQ!lhDJM5ue|__{?E6cW768LZ@-YAa diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc4.pem b/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc4.pem deleted file mode 100644 index 9ea77f12c977877d6ba8cafe4de96fd59203dea6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 914 zcmXqLV(v3&V*1X+$Y@}&K+iyIiHL!ap@0D&8*?ZNGY@-kh;L?cQ9hFhJ40h@`hU|( zu?d&1uuO^ln$4Gcd_m&`gT~$^ja>$f?S|Y2oFF}H!c3vTFb)R~le42C&_s|7I}dko zVqQt2f^$w{QKF%gfdojDi$~BiuOu}`!8yOEAipTFBr`wHP|-jhB*)Do5mJ)FR?K>|cBP%Nd zlL*t~1Ha8xg86M;O4^)U{;$AM^6WMPB?*2b14DBI6C*<)X=-E{1rjheFf=j-B2!CK z%P0dw14%a4^hQ=DK~QiQZ~{Y!iIE9N@-P|#?FLH;gFMQ_$k4>d%*e=K(8Rdjpm8nG zS+WX@jQ?307a26pH)x#0#szZG4_`)BCKh0L8R)ZdXtM!b$IirLpvfH zT#}li5Rj8tl9peTtKgcKl3!GunhW%}K@?mAqnKYtNl8JmmA-xnL`QLIQCVhkYB3@R z^po>}p^;aj9}?`WpPX7$QVe2&7yR(hSN$&J_eXH`gG0Nv1(M zIP$^1W8q;1M~$JVfiT3stUO#UuErLIrXi8u9tdGJ9xe|fGfPVgT@wQ%LsbK1Ha1|u zu`;spNV=OvdYc#-8yGlSnCrN^hC~8`+`z!lJq#SfvdSzH24W2&8kaY`_^&emTMzT2 z?xQ?O>vVsmHyI?ue9g$n5^fM`5DeoRFtxdp6AEC@1ZSq_W#*-Or&j6#g9I(PFgG?b zlrP@gb0hY_@=rc5vaFjA7w&j9#iGsT?QNFh8?&xXR=<&2Ly{>@N6|ay049I k{ln^v$xGV5{t48Miz(gH|1E!NiAckd+ZJla{2X5a0Fet4>i_@% diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc5.pem b/HIRS_Utils/src/test/resources/validation/platform_credentials/Intel_pc5.pem deleted file mode 100644 index 478f6229a0f8f675626f79c3207cdb988b715274..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 914 zcmbV~T}V@57{~XX?Hrw+l^<)&NSkS7A8yat+;n!6E>jUpI9o9x^EBr?G|yRQ$A$*c z8EGGCU-Y3AXtAJ+OfLdIx(I?{koJK$Ru@4aSV33O%mO=SVnUa}%gg&d&-*;*|NlJ) zqUy^K#S$1o0K;Z5#PpCwWxxhP?a`>o6xvW@j6KsryQgI1{_vM~?6c1a~MR|O?^R5B@KI?Zq*V{!!rHiUoPJ)Y#!PBh?<@_YJqLWjaHyap~OnbyWIwj zO27t`)g~{y)9!2p3UUZMAmLc1f&;WNAq-*iP9jSFb~2T%7{!n(iqr_HAc{so8j)q? znh;viNcTY+0_iT1rYKsfM>wXDd4YvU-A%~qQZNh($b7e}p~B=AI>MsA#ncdF#8zHt zH&t;hyb$)c%f_McZviqKY!k&$xZGk9S1ZDP;S}rhhu0BUe7sD96D@AqW%2n1F|3@F zLjxaVeVw$(h{?X@P)jRB6uFs-+;%t-V~3#e z&3c$1(`u{^r?afM1gz9{C?E(K9F7Pwr`qAIE3w)DT$PSJ)m3h_KlR4R)dD5-vycTD@D zCo#bk&AgfYd13j$ow?gnx4N(^O?mT!>+IOZyXZSt% i{zJO;6Dc@skb diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt b/HIRS_Utils/src/test/resources/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt deleted file mode 100644 index f99f228125ff7c86484d5f25c79ac388041fe47a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2144 zcmbVNX>b!|7|w349$RQ>DTPv4L7*Jnyt_Fz4QH;lp(K~JcG45ADa3L~h9Acw~=Drl7%h5;RQ1VNyH3JmrKNCy~nH*JBT{BWGvAK&+W@AW<3 z`#cNrq)LcuzD5xQ#7)iO8z8RQB{qS$oJ@sejj}?e$wVDa@&yVTl0PHk+`qSO%XsEK`);vu`!RspK>bqT5-3Z zs|)%ALS2;Qs&Ts&2Z};fOSH9Do5kHA?%XAA2XX6DO;vciH%S<3w~|@VM=qhoQoVjo z@Zz`b>mNT>m~*Z5fu zcg13LUH!O9i;L#^oL(Q94OyL+Nn5yZA;HRdi2xslG)?lTrjn+6X$X?4R-jqPh!x7* zpRZ19-8(sL^UB}vmM5p5haow=DIg1hA`K)>8T2qqHs~oZ>PZqPJy5eCu3QQOHR@_n zjb@OUkO9dkf})5*dL)%fp->>wRTHQE$z;$bmPsgNciQ@qX&^nFJ#J%OjY45a*4RZQ)-*S8tVzO$x48P2O)t%6JQ1dL6Qa&l=Mi` z^8vABPlcUkjSi3PnLbh`8)*||Dlh;E3wmVAN;H&TKJw{lz_ik6FgR;$%=YoPjlql9 zP>89*Z4LNT!b!LZG5_f>CNbTtv4GYCRN(fq3Vaey5hf@uSq#P=CAD6EI9A71W9e=K zO!M#=kfLGs` zZUmrAHkzi*V5DfUi7FFV3!$z@s^`F$>lA93D8~pA4jjh>WK!TRiYzRc;%>|^2P_b@ zn1U9XvII<)fKfy#a@Rl@kQk>71ncRsa{{DdN~_z4sf1`916deWUl!$YC+D9hVcBKv zkEJ`Je8gMBMjoH2gZ@yAX&IkAwnh*lF^f(oQ!5hk3qd{_4hO4cg6X>U5haNo_evbk z!&TxA5VwK&jwVIsc842Lqbd;B!YobFXbqxPYf&WI(_KlrbxdHYVobE24KT4M+Mtu_ z2$H(!d|taQAT=M8SMs8a53zv;uizJ$u;f5Qs)9f~&W*wl4ENcKabIUy|xPzGQ-{5fzrw&7cxzLe@I%YAj_kP15>8 znLuPN^zZW5V7(pFCD{anq*xMbNl5$^@`kE%AiFVZ_pR11UuhmQzoXvmsmv}hr8j>x z3Fdd-MbfT0Q27KmK%4$AZgab2*=~I-%7ldFGXkuPBckH7yE_gyoL_V8BD=BgFU-Mh zx=XjB7js+Qf2jR?_ASpKI`6$JFN%Ar!e=+l&OJ3`kmcB-`yKVAqtoMt`;)$1ygjq7 zwl$~yI(O%_9pG~RB=Q$5`B z)6w?REvk1@Kiv3WTIC{P`nj9K6(>)7l142XaOCX%2U|xiZ@Y14Z`FafEb9k`;m=L& zu8Wmhg%QJt|F*9q|FzmNH;I?`+&*L-zwyY~{;o`7Xzb)4v4_Q%50a`k@6?Xn(Qm|e z7ut@sHk8l3x_@Tg`U^|>q)6%Al`TcX94>3$8SYcM4c@gQ+dF1XKk?PR!#8HPoL-$W zY4fTK^^kkla+~_)pBr^__v+HC=5vnE?E~846ITx%w&a`dXB|+i+%V5LTl~P=YuzX4 zoFBHgO+LBh$6HH(9en1|Kc1Z2WB0b!kIg!GnU83vtXZ+oReon(tTkn6&BBHSGX{3_ fE;k2-2OY=T*UVgeccNuk@12!R*M&nX59a&}jckdr diff --git a/HIRS_Utils/src/test/resources/validation/platform_credentials/intel_chain/root/intermediate2.cer b/HIRS_Utils/src/test/resources/validation/platform_credentials/intel_chain/root/intermediate2.cer deleted file mode 100644 index 4ed90e4aee0a61b0c3546fe4b013fb18170eca93..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1645 zcmXqLV#_pWVhLQp%*4pVBvQR^5#ze7MJFO&l-|itQtp1GC~(YxmyJ`a&7r7bF&?=9MS}mlhP{R4O=UBxdF* z1m))gMKaU#GV{_6#SBD1>X~_X%gf94GC}6)CFkcF$cghBnj0Dzm>PgVlsK=k5fay+ zaSqI-RB^VMfeFOfx;UNfSzKHSbg_c7qk^ZmyIXvSYj6lo=QlAfLJnv~RtDxK#(oBa zCdMwNCdNjF1(WAp_UmrfkC62H^UPwJdhI#`RzZ)$efd>9llQqL$IOoS5c=Y%+J5`p zDl&1)HE&xNB8F7W04!~yp}vKSr_%_`QE10nPN@{|B3z=aG52Ra^tI# zcr25$&J)Kvtt&6@{^VxZ{r2viNk%($&hk8#`y_K{8IR~Lpv3~YRIQ~$489B22l?5gV4 zO~G?bY$xs%@$Jk%-D)+}TBHB5>vG5E?F$;db!hcZ)7Co-N{>8X9fB zR)pu#)-MMqUbal1`B#{4inPkg$K~t9@^`E459!=+C;Q{v*Fg+g%l4P=eSVdnk&}s; zk%4h>6QepXMwAV5**LV>7+G1_85vm;4dM-AVSEFow!n;%l7eC@ef^T6(&CcTl;YH) zvdrYvVnkZiPtFG>+q@F}kYH#1Hqc>{T1 zQj=9?kuVTz5ZRhvboOuBx#oHDw;eqD*)`>(XKn{)I$2>x#{VoF25dlziIKs;52Q(+ z#ofTwzw5*=2Q19O*Na#4-}AILm@kR2?*!lKPU7R2Xc5n~atVcYpTd8y6P zn(TIGW6O_sR|3p{F1lAF-}d3RO-!!ajZSOn zM18;HvF7;t`>z7cy|?$e#1`u(oSj$Ua$YQ{Byq#P_5W{_uaEi3vbr>@F(J$3U)WKj z`$xks_QtqvEjr8anMd)Vox`*mhklWhiyALUO^@9#F0uUX&UV&q*)~s}uA1>))^fXT z60ew8L&LMoQwnCapFV!b>Xr!$yA^*d;8b?Z-Z#50edyPnR93R9`4LNV=JetYDMw?$ z`2{lHHhO4?sqVY}uz!K1dWrPz;BM|tLE%X;EG6p%TBaqb+RNRmbo>72Ui7u%-nnO8 zXMg@>k;~2dFgp6hVby}9L>8};S{|OCBu$jBJ#>m$?CN*YGvs^m&#G5_;_+EGUb*!P zZ<7hK&Hq!E&^~Lrt(kJv{~7O=G!{!arhVJnS!R8-Wbw?&ZiQEtv3X z?uXHGgUF`tO=}&>`L)g!dUXCu_X;=Z-FRwk+xx43{$_6u`S_nLwk7!Pr+*vX`xsrk z_q0t#zx!l&lfQ1|)WyYmN7QyFKP|LXYDfrL@~hma?r`daEiA_BW~?45=ar}YeYaI< z- getFileResources() { + return getFileResources(getRimBytes()); + } + + /** + * This method iterates over the list of File elements under the directory. + * + * @param rimBytes the bytes to find the files + * + */ + public List getFileResources(final byte[] rimBytes) { + Element directoryTag = getDirectoryTag(new ByteArrayInputStream(rimBytes)); + List validHashes = new ArrayList<>(); + NodeList fileNodeList = directoryTag.getChildNodes(); + Element file = null; + SwidResource swidResource = null; + for (int i = 0; i < fileNodeList.getLength(); i++) { + file = (Element) fileNodeList.item(i); + swidResource = new SwidResource(); + swidResource.setName(file.getAttribute(SwidTagConstants.NAME)); + swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE)); + swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" + + SwidTagConstants._SHA256_HASH.getLocalPart())); + validHashes.add(swidResource); + } + + return validHashes; + } + + /** + * This method unmarshalls the swidtag found at [path] into a Document object + * and validates it according to the schema. + * + * @param byteArrayInputStream to the input swidtag + * @return the Document element at the root of the swidtag + */ + private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) { + InputStream is = null; + Document document = null; + Unmarshaller unmarshaller = null; + try { + document = removeXMLWhitespace(byteArrayInputStream); + SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE); + is = getClass().getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL); + Schema schema = schemaFactory.newSchema(new StreamSource(is)); + if (jaxbContext == null) { + jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE); + } + unmarshaller = jaxbContext.createUnmarshaller(); + unmarshaller.setSchema(schema); + unmarshaller.unmarshal(document); + } catch (IOException e) { + log.error(e.getMessage()); + } catch (SAXException e) { + log.error("Error setting schema for validation!"); + } catch (UnmarshalException e) { + log.error("Error validating swidtag file!"); + } catch (IllegalArgumentException e) { + log.error("Input file empty."); + } catch (JAXBException e) { + e.printStackTrace(); + } finally { + if (is != null) { + try { + is.close(); + } catch (IOException e) { + System.out.println("Error closing input stream"); + } + } + } + + return document; + } + + /** + * This method strips all whitespace from an xml file, including indents and spaces + * added for human-readability. + * + * @param byteArrayInputStream to the xml file + * @return Document object without whitespace + */ + private Document removeXMLWhitespace(final ByteArrayInputStream byteArrayInputStream) throws IOException { + TransformerFactory tf = TransformerFactory.newInstance(); + Source source = new StreamSource( + getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); + Document document = null; + if (byteArrayInputStream.available() > 0) { + try { + Transformer transformer = tf.newTransformer(source); + DOMResult result = new DOMResult(); + transformer.transform(new StreamSource(byteArrayInputStream), result); + document = (Document) result.getNode(); + } catch (TransformerConfigurationException tcEx) { + log.error("Error configuring transformer!"); + } catch (TransformerException tEx) { + log.error("Error transforming input!"); + } + } else { + throw new IOException("Input file is empty!"); + } + + return document; + } + + @Override + public String toString() { + return String.format("ReferenceManifest{swidName=%s," + + "platformManufacturer=%s," + + " platformModel=%s," + + "tagId=%s, base64Hash=%s}", + swidName, this.getPlatformManufacturer(), + this.getPlatformModel(), getTagId(), this.getBase64Hash()); + } +} diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/DigestAlgorithm.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/DigestAlgorithm.java new file mode 100644 index 00000000..35111dc3 --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/DigestAlgorithm.java @@ -0,0 +1,66 @@ +package hirs.swid; + + +import lombok.AllArgsConstructor; +import lombok.Getter; + +/** + * Enum of digest algorithms. The enum values also provide a standardized + * algorithm name. The standardized algorithm name is a String of the algorithm + * name as defined by Java. + */ +@Getter +@AllArgsConstructor +public enum DigestAlgorithm { + /** + * MD2 digest algorithm. + */ + MD2("MD2", 16), + /** + * MD5 digest algorithm. + */ + MD5("MD5", 16), + /** + * SHA-1 digest algorithm. + */ + SHA1("SHA-1", 20), + /** + * SHA-256 digest algorithm. + */ + SHA256("SHA-256", 32), + /** + * SHA-384 digest algorithm. + */ + SHA384("SHA-384", 48), + /** + * SHA-512 digest algorithm. + */ + SHA512("SHA-512", 64), + /** + * Condition used when an algorithm is not specified and + * the size doesn't match known digests. + */ + UNSPECIFIED("NOT SPECIFIED", Integer.BYTES); + + private final String standardAlgorithmName; + private final int lengthInBytes; + + /** + * Returns a DigestAlgorithm object given a String. The String is expected to be one of the + * options for standardAlgorithmName. Throws an IllegalArgumentException if no Enum exists with + * that value. + * + * @param standardAlgorithmName + * String value of the Enum + * @return DigestAlgorithm object + */ + public static DigestAlgorithm findByString(final String standardAlgorithmName) { + for (DigestAlgorithm algorithm: DigestAlgorithm.values()) { + if (algorithm.getStandardAlgorithmName().equals(standardAlgorithmName)) { + return algorithm; + } + } + throw new IllegalArgumentException(String.format("No constant with text \"%s\" found", + standardAlgorithmName)); + } +} \ No newline at end of file diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/ReferenceManifest.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/ReferenceManifest.java new file mode 100644 index 00000000..325597f3 --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/ReferenceManifest.java @@ -0,0 +1,165 @@ +package hirs.swid; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.google.common.base.Preconditions; +import jakarta.persistence.Access; +import jakarta.persistence.AccessType; +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.Inheritance; +import jakarta.persistence.InheritanceType; +import jakarta.persistence.Table; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.extern.log4j.Log4j2; +import org.apache.commons.codec.binary.Hex; +import org.hibernate.annotations.JdbcTypeCode; + +import javax.xml.XMLConstants; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.UUID; + +/** + * This class represents the Reference Integrity Manifest object that will be + * loaded into the DB and displayed in the ACA. + */ +@Getter @Setter @ToString +@EqualsAndHashCode(onlyExplicitlyIncluded = true, callSuper = false) +@Log4j2 +@Entity +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@Table(name = "ReferenceManifest") +@Access(AccessType.FIELD) +public class ReferenceManifest { + + /** + * Holds the name of the 'hexDecHash' field. + */ + public static final String HEX_DEC_HASH_FIELD = "hexDecHash"; + /** + * String for display of a Base RIM. + */ + public static final String BASE_RIM = "Base"; + /** + * String for display of a Support RIM. + */ + public static final String SUPPORT_RIM = "Support"; + /** + * String for display of a Support RIM. + */ + public static final String MEASUREMENT_RIM = "Measurement"; + + /** + * String for the xml schema ios standard. + */ + public static final String SCHEMA_STATEMENT = "ISO/IEC 19770-2:2015 Schema (XSD 1.0) " + + "- September 2015, see http://standards.iso.org/iso/19770/-2/2015/schema.xsd"; + /** + * String for the xml schema URL file name. + */ + public static final String SCHEMA_URL = "swid_schema.xsd"; + /** + * String for the language type for the xml schema. + */ + public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI; + /** + * String for the package location of the xml generated java files. + */ + public static final String SCHEMA_PACKAGE = "hirs.utils.xjc"; + + @EqualsAndHashCode.Include + @Column(columnDefinition = "mediumblob", nullable = false) + private byte[] rimBytes; + @EqualsAndHashCode.Include + @Column(nullable = false) + private String rimType = "Base"; + @Column + private String tagId = null; + @Column + private boolean swidPatch = false; + @Column + private boolean swidSupplemental = false; + @Column + private String platformManufacturer = null; + @Column + private String platformManufacturerId = null; + @Column + private String swidTagVersion = null; + @Column + private String swidVersion = null; + @Column + private String platformModel = null; + @Column(nullable = false) + private String fileName = null; + @JdbcTypeCode(java.sql.Types.VARCHAR) + @Column + private UUID associatedRim; + @Column + private String deviceName; + @Column + private String hexDecHash = ""; + @Column + private String eventLogHash = ""; + + /** + * Default constructor necessary for Hibernate. + */ + protected ReferenceManifest() { + super(); + this.rimBytes = null; + this.rimType = null; + this.platformManufacturer = null; + this.platformManufacturerId = null; + this.platformModel = null; + this.fileName = BASE_RIM; + this.tagId = null; + this.associatedRim = null; + } + + /** + * Default constructor for ingesting the bytes of the file content. + * @param rimBytes - file contents. + */ + public ReferenceManifest(final byte[] rimBytes) { + Preconditions.checkArgument(rimBytes != null, + "Cannot construct a RIM from a null byte array"); + + Preconditions.checkArgument(rimBytes.length > 0, + "Cannot construct a RIM from an empty byte array"); + + this.rimBytes = rimBytes.clone(); + MessageDigest digest = null; + this.hexDecHash = ""; + try { + digest = MessageDigest.getInstance("SHA-256"); + this.hexDecHash = Hex.encodeHexString( + digest.digest(rimBytes)); + } catch (NoSuchAlgorithmException noSaEx) { + log.error(noSaEx); + } + } + + /** + * Getter for the Reference Integrity Manifest as a byte array. + * + * @return array of bytes + */ + @JsonIgnore + public byte[] getRimBytes() { + if (this.rimBytes != null) { + return this.rimBytes.clone(); + } + return null; + } + + public boolean isBase() { + return rimType.equals(BASE_RIM); + } + + public boolean isSupport() { + return rimType.equals(SUPPORT_RIM); + } +} diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidResource.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidResource.java new file mode 100644 index 00000000..b79f090d --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidResource.java @@ -0,0 +1,83 @@ +package hirs.swid; + +import com.google.common.base.Preconditions; +import hirs.swid.DigestAlgorithm; +import hirs.swid.xjc.File; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; + +import javax.xml.namespace.QName; +import java.math.BigInteger; +import java.util.Map; + +/** + * This object is used to represent the content of a Swid Tags Directory + * section. + */ +@ToString +public class SwidResource { + + @Getter + @Setter + private String name, size, hashValue; + @Getter + private String rimFormat, rimType, rimUriGlobal; + private DigestAlgorithm digest = DigestAlgorithm.SHA1; + @Getter + private boolean validFileSize = false; + + /** + * Default constructor. + */ + public SwidResource() { + name = null; + size = null; + rimFormat = null; + rimType = null; + rimUriGlobal = null; + hashValue = null; + } + + /** + * The main constructor that processes a {@code hirs.utils.xjc.File}. + * + * @param file {@link File} + * @param digest algorithm associated with pcr values + */ + public SwidResource(final File file, final DigestAlgorithm digest) { + Preconditions.checkArgument(file != null, + "Cannot construct a RIM Resource from a null File object"); + + this.name = file.getName(); + // at this time, there is a possibility to get an object with + // no size even though it is required. + if (file.getSize() != null) { + this.size = file.getSize().toString(); + } else { + this.size = BigInteger.ZERO.toString(); + } + + for (Map.Entry entry + : file.getOtherAttributes().entrySet()) { + switch (entry.getKey().getLocalPart()) { + case "supportRIMFormat": + this.rimFormat = entry.getValue(); + break; + case "supportRIMType": + this.rimType = entry.getValue(); + break; + case "supportRIMURIGlobal": + this.rimUriGlobal = entry.getValue(); + break; + case "hash": + this.hashValue = entry.getValue(); + break; + default: + } + } + + this.digest = digest; +// tpmWhiteList = new TpmWhiteListBaseline(this.name); + } +} \ No newline at end of file From 071981dcb0be1ca1a133a32feb86c9964b1df509 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Wed, 1 Nov 2023 11:45:43 -0400 Subject: [PATCH 2/2] Repeat changes to ReferenceManifestValidator from reverted commit --- .../attestationca/persist/validation/FirmwareScvValidator.java | 1 + .../controllers/ReferenceManifestDetailsPageController.java | 2 +- .../main/java/hirs/utils/rim}/ReferenceManifestValidator.java | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) rename {HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation => HIRS_Utils/src/main/java/hirs/utils/rim}/ReferenceManifestValidator.java (99%) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java index 39f43b56..1ee6bc4d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java @@ -12,6 +12,7 @@ import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.enums.AppraisalStatus; import hirs.attestationca.persist.service.ValidationService; +import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.SwidResource; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 10c3e327..c75b4776 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -12,13 +12,13 @@ import hirs.attestationca.persist.entity.userdefined.rim.EventLogMeasurements; import hirs.attestationca.persist.entity.userdefined.rim.ReferenceDigestValue; import hirs.attestationca.persist.entity.userdefined.rim.SupportReferenceManifest; import hirs.attestationca.persist.service.ValidationService; -import hirs.attestationca.persist.validation.ReferenceManifestValidator; import hirs.attestationca.persist.validation.SupplyChainCredentialValidator; import hirs.attestationca.persist.validation.SupplyChainValidatorException; import hirs.attestationca.portal.page.Page; import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams; +import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.SwidResource; import hirs.utils.tpm.eventlog.TCGEventLog; import hirs.utils.tpm.eventlog.TpmPcrEvent; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java similarity index 99% rename from HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java rename to HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java index 6001d34a..2f3bcc14 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/ReferenceManifestValidator.java +++ b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java @@ -1,4 +1,4 @@ -package hirs.attestationca.persist.validation; +package hirs.utils.rim; import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBException;