Additional refactor

This commit is contained in:
Cyrus 2022-11-18 11:03:57 -05:00
parent 271cfa0145
commit 9812f464e8
13 changed files with 14 additions and 214 deletions

View File

@ -1,7 +1,7 @@
package hirs.attestationca; package hirs.attestationca;
import hirs.appraiser.SupplyChainAppraiser; import hirs.appraiser.SupplyChainAppraiser;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.attestationca.service.AppraiserService; import hirs.attestationca.service.AppraiserService;
import hirs.attestationca.service.PolicyService; import hirs.attestationca.service.PolicyService;

View File

@ -1,4 +1,6 @@
package hirs.data.persist.policy; package hirs.attestationca.policy;
import hirs.data.persist.policy.Policy;
import javax.persistence.Column; import javax.persistence.Column;
import javax.persistence.Embedded; import javax.persistence.Embedded;

View File

@ -14,7 +14,7 @@ import hirs.attestationca.entity.certificate.CertificateAuthorityCredential;
import hirs.attestationca.entity.certificate.DeviceAssociatedCertificate; import hirs.attestationca.entity.certificate.DeviceAssociatedCertificate;
import hirs.attestationca.entity.certificate.EndorsementCredential; import hirs.attestationca.entity.certificate.EndorsementCredential;
import hirs.attestationca.entity.certificate.PlatformCredential; import hirs.attestationca.entity.certificate.PlatformCredential;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.persist.CrudManager; import hirs.persist.CrudManager;
import hirs.validation.CredentialValidator; import hirs.validation.CredentialValidator;
import hirs.attestationca.validation.SupplyChainCredentialValidator; import hirs.attestationca.validation.SupplyChainCredentialValidator;

View File

@ -35,7 +35,7 @@ import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo; import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo; import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo; import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.structs.converters.SimpleStructBuilder; import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter; import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope; import hirs.structs.elements.aca.IdentityRequestEnvelope;

View File

@ -1,9 +1,9 @@
package hirs; package hirs.attestationca.portal;
import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JsonSerializer; import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.SerializerProvider;
import hirs.data.persist.AppraisalResult; import hirs.attestationca.entity.AppraisalResult;
import java.io.IOException; import java.io.IOException;

View File

@ -1,6 +1,6 @@
package hirs.attestationca.portal.model; package hirs.attestationca.portal.model;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
/** /**
* PolicyPage model object to demonstrate data exchange between policy.jsp page * PolicyPage model object to demonstrate data exchange between policy.jsp page

View File

@ -6,7 +6,7 @@ import hirs.attestationca.portal.model.PolicyPageModel;
import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.NoPageParams; import hirs.attestationca.portal.page.params.NoPageParams;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.persist.PolicyManagerException; import hirs.persist.PolicyManagerException;
import hirs.attestationca.service.AppraiserService; import hirs.attestationca.service.AppraiserService;
import hirs.attestationca.service.PolicyService; import hirs.attestationca.service.PolicyService;

View File

@ -4,7 +4,7 @@ import hirs.attestationca.entity.Device;
import hirs.attestationca.entity.SupplyChainValidationSummary; import hirs.attestationca.entity.SupplyChainValidationSummary;
import hirs.attestationca.entity.certificate.EndorsementCredential; import hirs.attestationca.entity.certificate.EndorsementCredential;
import hirs.attestationca.entity.certificate.PlatformCredential; import hirs.attestationca.entity.certificate.PlatformCredential;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import java.util.Set; import java.util.Set;

View File

@ -21,7 +21,7 @@ import hirs.attestationca.entity.certificate.CertificateAuthorityCredential;
import hirs.attestationca.entity.certificate.EndorsementCredential; import hirs.attestationca.entity.certificate.EndorsementCredential;
import hirs.attestationca.entity.certificate.PlatformCredential; import hirs.attestationca.entity.certificate.PlatformCredential;
import hirs.attestationca.policy.PCRPolicy; import hirs.attestationca.policy.PCRPolicy;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.persist.CrudManager; import hirs.persist.CrudManager;
import hirs.persist.DBManagerException; import hirs.persist.DBManagerException;
import hirs.attestationca.service.AppraiserService; import hirs.attestationca.service.AppraiserService;

View File

@ -4,7 +4,7 @@ import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser; import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageControllerTest; import hirs.attestationca.portal.page.PageControllerTest;
import hirs.data.persist.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;

View File

@ -1,162 +0,0 @@
package hirs.data.persist;
import java.sql.Timestamp;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
/**
* DTO representing a Report. Reports are the basic DTOs exchanged between the
* HIRS client machines and the HIRS server machines.
*
* Reports are partially persisted in HIRS server database as rows in the
* 'Report' table. Only the values necessary for locating particular reports for
* processing or presentation are saved in the database; the remainder of the
* Report's contents are saved on disk as a file. The expected use case of the
* Report records in the database is:
* - Select one or more Report objects from
* the database based on some search criteria.
* - From the returned Report
* objects, obtain the IDs of the reports in question. - Use these IDs to access
* the complete report from disk.
*
* Reports have an XML representation, generated via JAXB
*
*
*/
@Entity
@Table(name = "ReportMapper")
@XmlRootElement(name = "report")
public class ReportMapper {
/*------------------- HIBERNATE-MAPPED PROPERTIES -----------------------*/
/**
* The unique ID of the Report, if one exists. Reports are assigned their ID
* when they are first inserted into the HIRS database. Newly-created
* Reports have a 'null' ID, indicating that they have not yet been
* persisted. An important use case for this is when a Report DTO is
* deserialized as it is submitted by a HIRS client: in this case, no ID
* will have been reported by the client (since the client has no idea of
* the existence of the server database)
*
* In XML representation, a Report's id is represented by its 'id'
* attribute.
*/
@Id
@Column(name = "id")
@GeneratedValue(strategy = GenerationType.AUTO)
private Integer id;
@XmlAttribute(name = "id", required = false)
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
/**
* The processing state of this report. Reports have a very simple
* lifecycle: - NEW: The report is newly generated - INIT: The report has
* had its nonce value assigned and returned to the client; the appraiser is
* waiting for the client to return the completed report. - DONE: The report
* has been received, saved in the database, and processed.
*
* Additional states may be added as the system evolves.
*/
@Column(name = "state")
@Enumerated(EnumType.STRING)
private State state;
@XmlType(name = "ReportState")
public enum State {
NEW, INIT, DONE
};
@XmlAttribute(name = "state")
public State getState() {
return state;
}
public void setState(State state) {
this.state = state;
}
/**
* The Client DTO associated with this Report. Each Report is (optionally)
* associated with a Client object, which encapsulates business information
* about the client (IP number, OS version, etc.) The Client objects are
* persisted in their own database table and have a many-to-one relationship
* with their Reports: many Reports can be associated with a single Client
* in the database.
*
* In XML representation, a Report's associated Client is represented by a
* child <client> element.
*/
@ManyToOne
@JoinColumn(name = "client_id")
private Device client;
@XmlElement(name = "client", required = false)
public Device getClient() {
return client;
}
public void setClient(Device client) {
this.client = client;
}
@Column(name = "timestamp")
private Timestamp timestamp;
@XmlElement(name = "timestamp")
public Timestamp getTimestamp() {
return new Timestamp(timestamp.getTime());
}
public void setTimestamp(Timestamp timestamp) {
this.timestamp = new Timestamp(timestamp.getTime());
}
/**
* The nonce value of the Report, used to prevent replays. The intended use
* case is: - A client contacts the appraiser to begin the report submission
* process by calling the 'initReport()' method. - The appraiser creates a
* new Report object, assigns it a nonce value, and saves the Report in the
* database - The appraiser responds back to the client, including the nonce
* value.
*
* Later, when the Client has finished generating the report, it submits it
* back to the appraiser including the nonce value: - The client sends the
* report to the appraiser. - The appraiser extracts out the nonce value of
* the report, and uses it to locate the corresponding Report in the
* database. - Once the Report has been located, the appraiser fills out its
* details from the report that the client has submitted.
*/
@Column(name = "nonce")
private byte[] nonce;
@XmlElement(name = "nonce")
public byte[] getNonce() {
return nonce.clone();
}
public void setNonce(byte[] nonce) {
this.nonce = nonce.clone();
}
}

View File

@ -1,6 +1,5 @@
package hirs.data.persist.policy; package hirs.data.persist.policy;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.enums.AlertSeverity; import hirs.data.persist.enums.AlertSeverity;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
@ -139,7 +138,6 @@ public final class TPMPolicy extends Policy {
*/ */
public void addToDeviceSpecificPCRs(final int pcrId) { public void addToDeviceSpecificPCRs(final int pcrId) {
LOGGER.debug("adding device-specific PCR ID# {} to policy {}", pcrId, getName()); LOGGER.debug("adding device-specific PCR ID# {} to policy {}", pcrId, getName());
TPMMeasurementRecord.checkForValidPcrId(pcrId);
if (deviceSpecificPCRs.contains(pcrId)) { if (deviceSpecificPCRs.contains(pcrId)) {
LOGGER.info("PCR ID already exists in list: {}", pcrId); LOGGER.info("PCR ID already exists in list: {}", pcrId);
@ -310,7 +308,6 @@ public final class TPMPolicy extends Policy {
* @param pcrId the PCR to set to appraised. * @param pcrId the PCR to set to appraised.
*/ */
public void setPcrAppraised(final int pcrId) { public void setPcrAppraised(final int pcrId) {
TPMMeasurementRecord.checkForValidPcrId(pcrId);
if (!isPcrReported(pcrId)) { if (!isPcrReported(pcrId)) {
String msg = "Cannot set PCR to be Appraised." String msg = "Cannot set PCR to be Appraised."
+ " It is not being reported on by this Policy."; + " It is not being reported on by this Policy.";

View File

@ -1,8 +1,5 @@
package hirs.data.persist.tpm; package hirs.data.persist.tpm;
import hirs.data.persist.Digest;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.enums.DigestAlgorithm;
import org.apache.commons.codec.binary.Hex; import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
@ -22,8 +19,6 @@ import java.nio.ByteBuffer;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
/** /**
* Java class for PcrInfoShort complex type, which was modified from code * Java class for PcrInfoShort complex type, which was modified from code
@ -212,12 +207,8 @@ public class PcrInfoShort implements Serializable {
* if MessageDigest doesn't recognize "SHA-1" or "SHA-256" * if MessageDigest doesn't recognize "SHA-1" or "SHA-256"
*/ */
public final byte[] getCalculatedDigest() throws NoSuchAlgorithmException { public final byte[] getCalculatedDigest() throws NoSuchAlgorithmException {
if (this.isTpm1()) {
return getCalculatedDigestTpmV1p2(MessageDigest.getInstance("SHA-1"));
} else {
return getCalculatedDigestTpmV2p0(MessageDigest.getInstance("SHA-256")); return getCalculatedDigestTpmV2p0(MessageDigest.getInstance("SHA-256"));
} }
}
/** /**
* Calculates the SHA-1 digest of the PCR values the same way a TPM computes the digest * Calculates the SHA-1 digest of the PCR values the same way a TPM computes the digest
@ -241,10 +232,6 @@ public class PcrInfoShort implements Serializable {
byteBuffer.put(this.pcrSelection.getValue()); byteBuffer.put(this.pcrSelection.getValue());
byteBuffer.putInt(pcrComposite.getValueSize()); byteBuffer.putInt(pcrComposite.getValueSize());
for (TPMMeasurementRecord record: pcrComposite.getPcrValueList()) {
byteBuffer.put(record.getHash().getDigest());
}
LOGGER.debug("PCR composite buffer to be hashed: {}", LOGGER.debug("PCR composite buffer to be hashed: {}",
Hex.encodeHexString(byteBuffer.array())); Hex.encodeHexString(byteBuffer.array()));
computedDigest = messageDigest.digest(byteBuffer.array()); computedDigest = messageDigest.digest(byteBuffer.array());
@ -265,12 +252,6 @@ public class PcrInfoShort implements Serializable {
int sizeOfByteBuffer = pcrComposite.getValueSize(); int sizeOfByteBuffer = pcrComposite.getValueSize();
ByteBuffer byteBuffer = ByteBuffer.allocate(sizeOfByteBuffer); ByteBuffer byteBuffer = ByteBuffer.allocate(sizeOfByteBuffer);
LOGGER.debug("Size of the buffer allocated to hash: {}", sizeOfByteBuffer); LOGGER.debug("Size of the buffer allocated to hash: {}", sizeOfByteBuffer);
Iterator iter = pcrComposite.getPcrValueList().iterator();
while (iter.hasNext()) {
TPMMeasurementRecord record = (TPMMeasurementRecord) iter.next();
byteBuffer.put(record.getHash().getDigest());
}
LOGGER.debug("PCR composite buffer to be hashed: {}", LOGGER.debug("PCR composite buffer to be hashed: {}",
Hex.encodeHexString(byteBuffer.array())); Hex.encodeHexString(byteBuffer.array()));
@ -293,22 +274,4 @@ public class PcrInfoShort implements Serializable {
return byteBuffer.array(); return byteBuffer.array();
} }
/**
* Determines whether the TPM used to generate this pcr info is version 1.2 or not.
*
* @return whether the TPM used to generate this pcr info is version 1.2 or not
*/
public boolean isTpm1() {
// need to get an individual PCR and measure length to determine SHA1 v SHA 256
List<TPMMeasurementRecord> pcrs = this.getPcrComposite().getPcrValueList();
if (pcrs.size() == 0) {
// it's the case of an empty pcrmask, so it doesn't matter
return false;
}
Digest hash = pcrs.get(0).getHash();
// check if the hash algorithm is SHA 1, if so it's TPM 1.2, if not it's TPM 2.0
return hash.getAlgorithm() == DigestAlgorithm.SHA1;
}
} }