mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-17 10:20:04 +00:00
Merge branch 'master' into client-display-log-mismatch
This commit is contained in:
commit
9aa2c6a46d
@ -1,5 +1,6 @@
|
|||||||
package hirs.attestationca.service;
|
package hirs.attestationca.service;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
@ -9,11 +10,13 @@ import java.security.cert.CertificateException;
|
|||||||
import hirs.data.persist.BaseReferenceManifest;
|
import hirs.data.persist.BaseReferenceManifest;
|
||||||
import hirs.data.persist.EventLogMeasurements;
|
import hirs.data.persist.EventLogMeasurements;
|
||||||
import hirs.data.persist.SupportReferenceManifest;
|
import hirs.data.persist.SupportReferenceManifest;
|
||||||
|
import hirs.data.persist.SwidResource;
|
||||||
import hirs.data.persist.TPMMeasurementRecord;
|
import hirs.data.persist.TPMMeasurementRecord;
|
||||||
import hirs.data.persist.PCRPolicy;
|
import hirs.data.persist.PCRPolicy;
|
||||||
import hirs.data.persist.ArchivableEntity;
|
import hirs.data.persist.ArchivableEntity;
|
||||||
import hirs.tpm.eventlog.TCGEventLog;
|
import hirs.tpm.eventlog.TCGEventLog;
|
||||||
import hirs.tpm.eventlog.TpmPcrEvent;
|
import hirs.tpm.eventlog.TpmPcrEvent;
|
||||||
|
import hirs.utils.ReferenceManifestValidator;
|
||||||
import hirs.validation.SupplyChainCredentialValidator;
|
import hirs.validation.SupplyChainCredentialValidator;
|
||||||
import org.apache.logging.log4j.LogManager;
|
import org.apache.logging.log4j.LogManager;
|
||||||
import org.apache.logging.log4j.Logger;
|
import org.apache.logging.log4j.Logger;
|
||||||
@ -93,11 +96,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
|||||||
* @param supplyChainCredentialValidator the credential validator
|
* @param supplyChainCredentialValidator the credential validator
|
||||||
*/
|
*/
|
||||||
@Autowired
|
@Autowired
|
||||||
public SupplyChainValidationServiceImpl(final PolicyManager policyManager,
|
public SupplyChainValidationServiceImpl(
|
||||||
final AppraiserManager appraiserManager, final CertificateManager certificateManager,
|
final PolicyManager policyManager, final AppraiserManager appraiserManager,
|
||||||
final ReferenceManifestManager referenceManifestManager,
|
final CertificateManager certificateManager,
|
||||||
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
|
final ReferenceManifestManager referenceManifestManager,
|
||||||
final CredentialValidator supplyChainCredentialValidator) {
|
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
|
||||||
|
final CredentialValidator supplyChainCredentialValidator) {
|
||||||
this.policyManager = policyManager;
|
this.policyManager = policyManager;
|
||||||
this.appraiserManager = appraiserManager;
|
this.appraiserManager = appraiserManager;
|
||||||
this.certificateManager = certificateManager;
|
this.certificateManager = certificateManager;
|
||||||
@ -325,7 +329,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
|||||||
@SuppressWarnings("methodlength")
|
@SuppressWarnings("methodlength")
|
||||||
private SupplyChainValidation validateFirmware(final Device device,
|
private SupplyChainValidation validateFirmware(final Device device,
|
||||||
final PCRPolicy pcrPolicy) {
|
final PCRPolicy pcrPolicy) {
|
||||||
|
|
||||||
boolean passed = true;
|
boolean passed = true;
|
||||||
String[] baseline = new String[Integer.SIZE];
|
String[] baseline = new String[Integer.SIZE];
|
||||||
Level level = Level.ERROR;
|
Level level = Level.ERROR;
|
||||||
@ -341,6 +344,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
|||||||
.byManufacturer(manufacturer).getRIM();
|
.byManufacturer(manufacturer).getRIM();
|
||||||
supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager)
|
supportReferenceManifest = SupportReferenceManifest.select(referenceManifestManager)
|
||||||
.byManufacturer(manufacturer).getRIM();
|
.byManufacturer(manufacturer).getRIM();
|
||||||
|
List<SwidResource> resources =
|
||||||
|
((BaseReferenceManifest) baseReferenceManifest).parseResource();
|
||||||
measurement = EventLogMeasurements.select(referenceManifestManager)
|
measurement = EventLogMeasurements.select(referenceManifestManager)
|
||||||
.byManufacturer(manufacturer).includeArchived().getRIM();
|
.byManufacturer(manufacturer).includeArchived().getRIM();
|
||||||
|
|
||||||
@ -362,99 +367,128 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
|||||||
if (passed) {
|
if (passed) {
|
||||||
fwStatus = new AppraisalStatus(PASS,
|
fwStatus = new AppraisalStatus(PASS,
|
||||||
SupplyChainCredentialValidator.FIRMWARE_VALID);
|
SupplyChainCredentialValidator.FIRMWARE_VALID);
|
||||||
TCGEventLog logProcessor;
|
|
||||||
try {
|
// verify signatures
|
||||||
logProcessor = new TCGEventLog(supportReferenceManifest.getRimBytes());
|
ReferenceManifestValidator referenceManifestValidator =
|
||||||
baseline = logProcessor.getExpectedPCRValues();
|
new ReferenceManifestValidator(
|
||||||
} catch (CertificateException cEx) {
|
new ByteArrayInputStream(baseReferenceManifest.getRimBytes()));
|
||||||
LOGGER.error(cEx);
|
|
||||||
} catch (NoSuchAlgorithmException noSaEx) {
|
for (SwidResource swidRes : resources) {
|
||||||
LOGGER.error(noSaEx);
|
if (swidRes.getName().equals(supportReferenceManifest.getFileName())) {
|
||||||
} catch (IOException ioEx) {
|
referenceManifestValidator.validateSupportRimHash(
|
||||||
LOGGER.error(ioEx);
|
supportReferenceManifest.getRimBytes(), swidRes.getHashValue());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// part 1 of firmware validation check: PCR baseline match
|
if (!referenceManifestValidator.isSignatureValid()) {
|
||||||
pcrPolicy.setBaselinePcrs(baseline);
|
passed = false;
|
||||||
|
fwStatus = new AppraisalStatus(FAIL,
|
||||||
|
"Firmware validation failed: Signature validation "
|
||||||
|
+ "failed for Base RIM.");
|
||||||
|
}
|
||||||
|
|
||||||
if (baseline.length > 0) {
|
if (passed && !referenceManifestValidator.isSupportRimValid()) {
|
||||||
String pcrContent = "";
|
passed = false;
|
||||||
pcrContent = new String(device.getDeviceInfo().getTPMInfo().getPcrValues());
|
fwStatus = new AppraisalStatus(FAIL,
|
||||||
|
"Firmware validation failed: Hash validation "
|
||||||
|
+ "failed for Support RIM.");
|
||||||
|
}
|
||||||
|
|
||||||
if (pcrContent.isEmpty()) {
|
if (passed) {
|
||||||
fwStatus = new AppraisalStatus(FAIL,
|
TCGEventLog logProcessor;
|
||||||
"Firmware validation failed: Client did not "
|
try {
|
||||||
+ "provide pcr values.");
|
logProcessor = new TCGEventLog(supportReferenceManifest.getRimBytes());
|
||||||
LOGGER.warn(String.format(
|
baseline = logProcessor.getExpectedPCRValues();
|
||||||
"Firmware validation failed: Client (%s) did not "
|
} catch (CertificateException cEx) {
|
||||||
+ "provide pcr values.", device.getName()));
|
LOGGER.error(cEx);
|
||||||
} else {
|
} catch (NoSuchAlgorithmException noSaEx) {
|
||||||
// we have a full set of PCR values
|
LOGGER.error(noSaEx);
|
||||||
int algorithmLength = baseline[0].length();
|
} catch (IOException ioEx) {
|
||||||
String[] storedPcrs = buildStoredPcrs(pcrContent, algorithmLength);
|
LOGGER.error(ioEx);
|
||||||
|
}
|
||||||
|
|
||||||
if (storedPcrs[0].isEmpty()) {
|
// part 1 of firmware validation check: PCR baseline match
|
||||||
// validation fail
|
pcrPolicy.setBaselinePcrs(baseline);
|
||||||
|
|
||||||
|
if (baseline.length > 0) {
|
||||||
|
String pcrContent = "";
|
||||||
|
pcrContent = new String(device.getDeviceInfo().getTPMInfo().getPcrValues());
|
||||||
|
|
||||||
|
if (pcrContent.isEmpty()) {
|
||||||
fwStatus = new AppraisalStatus(FAIL,
|
fwStatus = new AppraisalStatus(FAIL,
|
||||||
"Firmware validation failed: "
|
"Firmware validation failed: Client did not "
|
||||||
+ "Client provided PCR "
|
+ "provide pcr values.");
|
||||||
+ "values are not the same algorithm "
|
LOGGER.warn(String.format(
|
||||||
+ "as associated RIM.");
|
"Firmware validation failed: Client (%s) did not "
|
||||||
|
+ "provide pcr values.", device.getName()));
|
||||||
} else {
|
} else {
|
||||||
StringBuilder sb = pcrPolicy.validatePcrs(storedPcrs);
|
// we have a full set of PCR values
|
||||||
if (sb.length() > 0) {
|
int algorithmLength = baseline[0].length();
|
||||||
validationObject = supportReferenceManifest;
|
String[] storedPcrs = buildStoredPcrs(pcrContent, algorithmLength);
|
||||||
level = Level.ERROR;
|
|
||||||
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
if (storedPcrs[0].isEmpty()) {
|
||||||
|
// validation fail
|
||||||
|
fwStatus = new AppraisalStatus(FAIL,
|
||||||
|
"Firmware validation failed: "
|
||||||
|
+ "Client provided PCR "
|
||||||
|
+ "values are not the same algorithm "
|
||||||
|
+ "as associated RIM.");
|
||||||
} else {
|
} else {
|
||||||
level = Level.INFO;
|
StringBuilder sb = pcrPolicy.validatePcrs(storedPcrs);
|
||||||
}
|
if (sb.length() > 0) {
|
||||||
}
|
validationObject = supportReferenceManifest;
|
||||||
// part 2 of firmware validation check: bios measurements
|
level = Level.ERROR;
|
||||||
// vs baseline tcg event log
|
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
||||||
// find the measurement
|
} else {
|
||||||
TCGEventLog tcgEventLog;
|
level = Level.INFO;
|
||||||
TCGEventLog tcgMeasurementLog;
|
|
||||||
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
|
|
||||||
try {
|
|
||||||
if (measurement.getPlatformManufacturer().equals(manufacturer)) {
|
|
||||||
tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
|
|
||||||
tcgEventLog = new TCGEventLog(
|
|
||||||
supportReferenceManifest.getRimBytes());
|
|
||||||
for (TpmPcrEvent tpe : tcgEventLog.getEventList()) {
|
|
||||||
if (!tpe.eventCompare(
|
|
||||||
tcgMeasurementLog.getEventByNumber(
|
|
||||||
tpe.getEventNumber()))) {
|
|
||||||
tpmPcrEvents.add(tpe);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (CertificateException cEx) {
|
// part 2 of firmware validation check: bios measurements
|
||||||
LOGGER.error(cEx);
|
// vs baseline tcg event log
|
||||||
} catch (NoSuchAlgorithmException noSaEx) {
|
// find the measurement
|
||||||
LOGGER.error(noSaEx);
|
TCGEventLog tcgEventLog;
|
||||||
} catch (IOException ioEx) {
|
TCGEventLog tcgMeasurementLog;
|
||||||
LOGGER.error(ioEx);
|
LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
|
||||||
}
|
try {
|
||||||
|
if (measurement.getPlatformManufacturer().equals(manufacturer)) {
|
||||||
|
tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
|
||||||
|
tcgEventLog = new TCGEventLog(
|
||||||
|
supportReferenceManifest.getRimBytes());
|
||||||
|
for (TpmPcrEvent tpe : tcgEventLog.getEventList()) {
|
||||||
|
if (!tpe.eventCompare(
|
||||||
|
tcgMeasurementLog.getEventByNumber(
|
||||||
|
tpe.getEventNumber()))) {
|
||||||
|
tpmPcrEvents.add(tpe);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (CertificateException cEx) {
|
||||||
|
LOGGER.error(cEx);
|
||||||
|
} catch (NoSuchAlgorithmException noSaEx) {
|
||||||
|
LOGGER.error(noSaEx);
|
||||||
|
} catch (IOException ioEx) {
|
||||||
|
LOGGER.error(ioEx);
|
||||||
|
}
|
||||||
|
|
||||||
if (!tpmPcrEvents.isEmpty()) {
|
if (!tpmPcrEvents.isEmpty()) {
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
validationObject = measurement;
|
validationObject = measurement;
|
||||||
for (TpmPcrEvent tpe : tpmPcrEvents) {
|
for (TpmPcrEvent tpe : tpmPcrEvents) {
|
||||||
sb.append(String.format("Event %s - %s%n",
|
sb.append(String.format("Event %s - %s%n",
|
||||||
tpe.getEventNumber(),
|
tpe.getEventNumber(),
|
||||||
tpe.getEventTypeStr()));
|
tpe.getEventTypeStr()));
|
||||||
}
|
}
|
||||||
if (fwStatus.getAppStatus().equals(FAIL)) {
|
if (fwStatus.getAppStatus().equals(FAIL)) {
|
||||||
fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s",
|
fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s",
|
||||||
fwStatus.getMessage(), sb.toString()));
|
fwStatus.getMessage(), sb.toString()));
|
||||||
} else {
|
} else {
|
||||||
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
fwStatus = new AppraisalStatus(FAIL, sb.toString());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
fwStatus = new AppraisalStatus(FAIL, "The RIM baseline could not be found.");
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
fwStatus = new AppraisalStatus(FAIL, "The RIM baseline could not be found.");
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: "
|
fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: "
|
||||||
@ -585,8 +619,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc,
|
private SupplyChainValidation validatePlatformCredential(
|
||||||
final KeyStore trustedCertificateAuthority, final boolean acceptExpiredCerts) {
|
final PlatformCredential pc,
|
||||||
|
final KeyStore trustedCertificateAuthority, final boolean acceptExpiredCerts) {
|
||||||
final SupplyChainValidation.ValidationType validationType
|
final SupplyChainValidation.ValidationType validationType
|
||||||
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
|
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
|
||||||
|
|
||||||
|
@ -5,6 +5,9 @@ import hirs.data.persist.EventLogMeasurements;
|
|||||||
import hirs.data.persist.ReferenceManifest;
|
import hirs.data.persist.ReferenceManifest;
|
||||||
import hirs.data.persist.SupportReferenceManifest;
|
import hirs.data.persist.SupportReferenceManifest;
|
||||||
import hirs.data.persist.SwidResource;
|
import hirs.data.persist.SwidResource;
|
||||||
|
import hirs.data.persist.certificate.Certificate;
|
||||||
|
import hirs.data.persist.certificate.CertificateAuthorityCredential;
|
||||||
|
import hirs.persist.CertificateManager;
|
||||||
import hirs.persist.DBManagerException;
|
import hirs.persist.DBManagerException;
|
||||||
import hirs.persist.ReferenceManifestManager;
|
import hirs.persist.ReferenceManifestManager;
|
||||||
import hirs.tpm.eventlog.TCGEventLog;
|
import hirs.tpm.eventlog.TCGEventLog;
|
||||||
@ -13,6 +16,7 @@ import hirs.attestationca.portal.page.PageController;
|
|||||||
import hirs.attestationca.portal.page.PageMessages;
|
import hirs.attestationca.portal.page.PageMessages;
|
||||||
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
|
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
@ -25,6 +29,7 @@ import java.util.Map;
|
|||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import hirs.tpm.eventlog.TpmPcrEvent;
|
import hirs.tpm.eventlog.TpmPcrEvent;
|
||||||
|
import hirs.utils.ReferenceManifestValidator;
|
||||||
import org.apache.logging.log4j.LogManager;
|
import org.apache.logging.log4j.LogManager;
|
||||||
import org.apache.logging.log4j.Logger;
|
import org.apache.logging.log4j.Logger;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
@ -42,19 +47,25 @@ public class ReferenceManifestDetailsPageController
|
|||||||
extends PageController<ReferenceManifestDetailsPageParams> {
|
extends PageController<ReferenceManifestDetailsPageParams> {
|
||||||
|
|
||||||
private final ReferenceManifestManager referenceManifestManager;
|
private final ReferenceManifestManager referenceManifestManager;
|
||||||
|
private final CertificateManager certificateManager;
|
||||||
|
private static final ReferenceManifestValidator RIM_VALIDATOR
|
||||||
|
= new ReferenceManifestValidator();
|
||||||
private static final Logger LOGGER
|
private static final Logger LOGGER
|
||||||
= LogManager.getLogger(ReferenceManifestDetailsPageController.class);
|
= LogManager.getLogger(ReferenceManifestDetailsPageController.class);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor providing the Page's display and routing specification.
|
* Constructor providing the Page's display and routing specification.
|
||||||
*
|
*
|
||||||
* @param referenceManifestManager the reference manifest manager
|
* @param referenceManifestManager the reference manifest manager.
|
||||||
|
* @param certificateManager the certificate manager.
|
||||||
*/
|
*/
|
||||||
@Autowired
|
@Autowired
|
||||||
public ReferenceManifestDetailsPageController(
|
public ReferenceManifestDetailsPageController(
|
||||||
final ReferenceManifestManager referenceManifestManager) {
|
final ReferenceManifestManager referenceManifestManager,
|
||||||
|
final CertificateManager certificateManager) {
|
||||||
super(Page.RIM_DETAILS);
|
super(Page.RIM_DETAILS);
|
||||||
this.referenceManifestManager = referenceManifestManager;
|
this.referenceManifestManager = referenceManifestManager;
|
||||||
|
this.certificateManager = certificateManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -84,7 +95,7 @@ public class ReferenceManifestDetailsPageController
|
|||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
UUID uuid = UUID.fromString(params.getId());
|
UUID uuid = UUID.fromString(params.getId());
|
||||||
data.putAll(getRimDetailInfo(uuid, referenceManifestManager));
|
data.putAll(getRimDetailInfo(uuid, referenceManifestManager, certificateManager));
|
||||||
} catch (IllegalArgumentException iaEx) {
|
} catch (IllegalArgumentException iaEx) {
|
||||||
String uuidError = "Failed to parse ID from: " + params.getId();
|
String uuidError = "Failed to parse ID from: " + params.getId();
|
||||||
messages.addError(uuidError);
|
messages.addError(uuidError);
|
||||||
@ -112,14 +123,15 @@ public class ReferenceManifestDetailsPageController
|
|||||||
*
|
*
|
||||||
* @param uuid database reference for the requested RIM.
|
* @param uuid database reference for the requested RIM.
|
||||||
* @param referenceManifestManager the reference manifest manager.
|
* @param referenceManifestManager the reference manifest manager.
|
||||||
|
* @param certificateManager the certificate manager.
|
||||||
* @return mapping of the RIM information from the database.
|
* @return mapping of the RIM information from the database.
|
||||||
* @throws java.io.IOException error for reading file bytes.
|
* @throws java.io.IOException error for reading file bytes.
|
||||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||||
* @throws CertificateException if a certificate doesn't parse.
|
* @throws CertificateException if a certificate doesn't parse.
|
||||||
*/
|
*/
|
||||||
private HashMap<String, Object> getRimDetailInfo(
|
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
|
||||||
final UUID uuid,
|
final ReferenceManifestManager referenceManifestManager,
|
||||||
final ReferenceManifestManager referenceManifestManager) throws IOException,
|
final CertificateManager certificateManager) throws IOException,
|
||||||
CertificateException, NoSuchAlgorithmException {
|
CertificateException, NoSuchAlgorithmException {
|
||||||
HashMap<String, Object> data = new HashMap<>();
|
HashMap<String, Object> data = new HashMap<>();
|
||||||
|
|
||||||
@ -127,7 +139,7 @@ public class ReferenceManifestDetailsPageController
|
|||||||
.byEntityId(uuid).getRIM();
|
.byEntityId(uuid).getRIM();
|
||||||
|
|
||||||
if (bRim != null) {
|
if (bRim != null) {
|
||||||
data.putAll(getBaseRimInfo(bRim, referenceManifestManager));
|
data.putAll(getBaseRimInfo(bRim, referenceManifestManager, certificateManager));
|
||||||
}
|
}
|
||||||
|
|
||||||
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager)
|
SupportReferenceManifest sRim = SupportReferenceManifest.select(referenceManifestManager)
|
||||||
@ -153,14 +165,16 @@ public class ReferenceManifestDetailsPageController
|
|||||||
*
|
*
|
||||||
* @param baseRim established ReferenceManifest Type.
|
* @param baseRim established ReferenceManifest Type.
|
||||||
* @param referenceManifestManager the reference manifest manager.
|
* @param referenceManifestManager the reference manifest manager.
|
||||||
|
* @param certificateManager the certificate manager.
|
||||||
* @return mapping of the RIM information from the database.
|
* @return mapping of the RIM information from the database.
|
||||||
* @throws java.io.IOException error for reading file bytes.
|
* @throws java.io.IOException error for reading file bytes.
|
||||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||||
* @throws CertificateException if a certificate doesn't parse.
|
* @throws CertificateException if a certificate doesn't parse.
|
||||||
*/
|
*/
|
||||||
private HashMap<String, Object> getBaseRimInfo(
|
private static HashMap<String, Object> getBaseRimInfo(
|
||||||
final BaseReferenceManifest baseRim,
|
final BaseReferenceManifest baseRim,
|
||||||
final ReferenceManifestManager referenceManifestManager)
|
final ReferenceManifestManager referenceManifestManager,
|
||||||
|
final CertificateManager certificateManager)
|
||||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||||
HashMap<String, Object> data = new HashMap<>();
|
HashMap<String, Object> data = new HashMap<>();
|
||||||
|
|
||||||
@ -228,6 +242,13 @@ public class ReferenceManifestDetailsPageController
|
|||||||
for (SwidResource swidRes : resources) {
|
for (SwidResource swidRes : resources) {
|
||||||
if (support != null && swidRes.getName()
|
if (support != null && swidRes.getName()
|
||||||
.equals(support.getFileName())) {
|
.equals(support.getFileName())) {
|
||||||
|
RIM_VALIDATOR.validateSupportRimHash(support.getRimBytes(),
|
||||||
|
swidRes.getHashValue());
|
||||||
|
if (RIM_VALIDATOR.isSupportRimValid()) {
|
||||||
|
data.put("supportRimHashValid", true);
|
||||||
|
} else {
|
||||||
|
data.put("supportRimHashValid", false);
|
||||||
|
}
|
||||||
swidRes.setPcrValues(Arrays.asList(
|
swidRes.setPcrValues(Arrays.asList(
|
||||||
logProcessor.getExpectedPCRValues()));
|
logProcessor.getExpectedPCRValues()));
|
||||||
break;
|
break;
|
||||||
@ -239,6 +260,20 @@ public class ReferenceManifestDetailsPageController
|
|||||||
data.put("associatedRim", baseRim.getAssociatedRim());
|
data.put("associatedRim", baseRim.getAssociatedRim());
|
||||||
data.put("swidFiles", resources);
|
data.put("swidFiles", resources);
|
||||||
|
|
||||||
|
RIM_VALIDATOR.validateXmlSignature(new ByteArrayInputStream(baseRim.getRimBytes()));
|
||||||
|
data.put("signatureValid", RIM_VALIDATOR.isSignatureValid());
|
||||||
|
if (RIM_VALIDATOR.isSignatureValid()) {
|
||||||
|
LOGGER.info("Public key: " + RIM_VALIDATOR.getPublicKey().toString());
|
||||||
|
try {
|
||||||
|
Certificate certificate =
|
||||||
|
CertificateAuthorityCredential.select(certificateManager)
|
||||||
|
.byEncodedPublicKey(RIM_VALIDATOR.getPublicKey().getEncoded())
|
||||||
|
.getCertificate();
|
||||||
|
data.put("issuerID", certificate.getId().toString());
|
||||||
|
} catch (NullPointerException e) {
|
||||||
|
LOGGER.info("Unable to get signing certificate link: " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -253,7 +288,7 @@ public class ReferenceManifestDetailsPageController
|
|||||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||||
* @throws CertificateException if a certificate doesn't parse.
|
* @throws CertificateException if a certificate doesn't parse.
|
||||||
*/
|
*/
|
||||||
private HashMap<String, Object> getSupportRimInfo(
|
private static HashMap<String, Object> getSupportRimInfo(
|
||||||
final SupportReferenceManifest support,
|
final SupportReferenceManifest support,
|
||||||
final ReferenceManifestManager referenceManifestManager)
|
final ReferenceManifestManager referenceManifestManager)
|
||||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||||
@ -310,7 +345,7 @@ public class ReferenceManifestDetailsPageController
|
|||||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||||
* @throws CertificateException if a certificate doesn't parse.
|
* @throws CertificateException if a certificate doesn't parse.
|
||||||
*/
|
*/
|
||||||
private HashMap<String, Object> getMeasurementsRimInfo(
|
private static HashMap<String, Object> getMeasurementsRimInfo(
|
||||||
final EventLogMeasurements measurements,
|
final EventLogMeasurements measurements,
|
||||||
final ReferenceManifestManager referenceManifestManager)
|
final ReferenceManifestManager referenceManifestManager)
|
||||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||||
|
@ -17,7 +17,13 @@
|
|||||||
</a>
|
</a>
|
||||||
</jsp:attribute>
|
</jsp:attribute>
|
||||||
<jsp:body>
|
<jsp:body>
|
||||||
<div id="certificate-details-page" class="container-fluid">
|
<c:set var="passIcon" value="${icons}/ic_checkbox_marked_circle_black_green_24dp.png"/>
|
||||||
|
<c:set var="failIcon" value="${icons}/ic_error_red_24dp.png"/>
|
||||||
|
<c:set var="signatureValidText" value="Signature valid!"/>
|
||||||
|
<c:set var="signatureInvalidText" value="Signature not valid!"/>
|
||||||
|
<c:set var="supportRimHashValidText" value="Support RIM hash valid!"/>
|
||||||
|
<c:set var="supportRimHashInvalidText" value="Support RIM hash not valid!"/>
|
||||||
|
<div id="certificate-details-page" class="container-fluid">
|
||||||
<c:choose>
|
<c:choose>
|
||||||
<c:when test="${initialData.rimType=='Support'}">
|
<c:when test="${initialData.rimType=='Support'}">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
@ -248,6 +254,14 @@
|
|||||||
<c:choose>
|
<c:choose>
|
||||||
<c:when test="${not empty initialData.associatedRim}">
|
<c:when test="${not empty initialData.associatedRim}">
|
||||||
<a href="${portal}/rim-details?id=${initialData.associatedRim}">${resource.getName()}</a>
|
<a href="${portal}/rim-details?id=${initialData.associatedRim}">${resource.getName()}</a>
|
||||||
|
<c:choose>
|
||||||
|
<c:when test="${not empty initialData.supportRimHashValid}">
|
||||||
|
<img src="${passIcon}" title="${supportRimHashValidText}"/>
|
||||||
|
</c:when>
|
||||||
|
<c:otherwise>
|
||||||
|
<img src="${failIcon}" title="${supportRimHashInvalidText}"/>
|
||||||
|
</c:otherwise>
|
||||||
|
</c:choose>
|
||||||
</c:when>
|
</c:when>
|
||||||
<c:otherwise>
|
<c:otherwise>
|
||||||
${resource.getName()}
|
${resource.getName()}
|
||||||
@ -314,6 +328,24 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-md-1 col-md-offset-1"><span class="colHeader">Signature</span></div>
|
||||||
|
<div id="signature" class="col col-md-8">
|
||||||
|
<div>Validity: <span>
|
||||||
|
<c:choose>
|
||||||
|
<c:when test="${initialData.signatureValid}">
|
||||||
|
<img src="${passIcon}" title="${signatureValidText}"/>
|
||||||
|
<c:if test="${not empty initialData.issuerID}">
|
||||||
|
<div><a href="${portal}/certificate-details?id=${initialData.issuerID}&type=certificateauthority">Signing certificate</a></div>
|
||||||
|
</c:if>
|
||||||
|
</c:when>
|
||||||
|
<c:otherwise>
|
||||||
|
<img src="${failIcon}" title="${signatureInvalidText}"/>
|
||||||
|
</c:otherwise>
|
||||||
|
</c:choose>
|
||||||
|
</span></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</c:otherwise>
|
</c:otherwise>
|
||||||
</c:choose>
|
</c:choose>
|
||||||
</div>
|
</div>
|
||||||
|
@ -151,6 +151,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
|
|||||||
public BaseReferenceManifest(final byte[] rimBytes) throws IOException {
|
public BaseReferenceManifest(final byte[] rimBytes) throws IOException {
|
||||||
super(rimBytes);
|
super(rimBytes);
|
||||||
this.setRimType(BASE_RIM);
|
this.setRimType(BASE_RIM);
|
||||||
|
this.setFileName("");
|
||||||
SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes));
|
SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes));
|
||||||
|
|
||||||
// begin parsing valid swid tag
|
// begin parsing valid swid tag
|
||||||
|
@ -0,0 +1,349 @@
|
|||||||
|
package hirs.utils;
|
||||||
|
|
||||||
|
import org.apache.logging.log4j.LogManager;
|
||||||
|
import org.apache.logging.log4j.Logger;
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.w3c.dom.NodeList;
|
||||||
|
import org.xml.sax.SAXException;
|
||||||
|
|
||||||
|
import javax.xml.XMLConstants;
|
||||||
|
import javax.xml.bind.JAXBContext;
|
||||||
|
import javax.xml.bind.JAXBException;
|
||||||
|
import javax.xml.bind.UnmarshalException;
|
||||||
|
import javax.xml.bind.Unmarshaller;
|
||||||
|
import javax.xml.crypto.AlgorithmMethod;
|
||||||
|
import javax.xml.crypto.KeySelector;
|
||||||
|
import javax.xml.crypto.KeySelectorException;
|
||||||
|
import javax.xml.crypto.KeySelectorResult;
|
||||||
|
import javax.xml.crypto.MarshalException;
|
||||||
|
import javax.xml.crypto.XMLCryptoContext;
|
||||||
|
import javax.xml.crypto.XMLStructure;
|
||||||
|
import javax.xml.crypto.dsig.XMLSignature;
|
||||||
|
import javax.xml.crypto.dsig.XMLSignatureException;
|
||||||
|
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||||||
|
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
||||||
|
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
|
||||||
|
import javax.xml.crypto.dsig.keyinfo.X509Data;
|
||||||
|
import javax.xml.transform.Source;
|
||||||
|
import javax.xml.transform.Transformer;
|
||||||
|
import javax.xml.transform.TransformerConfigurationException;
|
||||||
|
import javax.xml.transform.TransformerException;
|
||||||
|
import javax.xml.transform.TransformerFactory;
|
||||||
|
import javax.xml.transform.dom.DOMResult;
|
||||||
|
import javax.xml.transform.stream.StreamSource;
|
||||||
|
import javax.xml.validation.Schema;
|
||||||
|
import javax.xml.validation.SchemaFactory;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.security.Key;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.PublicKey;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class handles validation functions of RIM files.
|
||||||
|
* Currently supports validation of support RIM hashes and
|
||||||
|
* base RIM signatures.
|
||||||
|
*/
|
||||||
|
public class ReferenceManifestValidator {
|
||||||
|
private static final String SIGNATURE_ALGORITHM_RSA_SHA256 =
|
||||||
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
|
||||||
|
private static final String SCHEMA_PACKAGE = "hirs.utils.xjc";
|
||||||
|
private static final String SCHEMA_URL = "swid_schema.xsd";
|
||||||
|
private static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI;
|
||||||
|
private static final String IDENTITY_TRANSFORM = "identity_transform.xslt";
|
||||||
|
private static final String SHA256 = "SHA-256";
|
||||||
|
private static final int EIGHT_BIT_MASK = 0xff;
|
||||||
|
private static final int LEFT_SHIFT = 0x100;
|
||||||
|
private static final int RADIX = 16;
|
||||||
|
private static final Logger LOGGER = LogManager.getLogger(ReferenceManifestValidator.class);
|
||||||
|
|
||||||
|
private Unmarshaller unmarshaller;
|
||||||
|
private PublicKey publicKey;
|
||||||
|
private Schema schema;
|
||||||
|
private boolean signatureValid, supportRimValid;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Getter for signatureValid.
|
||||||
|
*
|
||||||
|
* @return true if valid, false if not.
|
||||||
|
*/
|
||||||
|
public boolean isSignatureValid() {
|
||||||
|
return signatureValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Getter for supportRimValid.
|
||||||
|
*
|
||||||
|
* @return true if valid, false if not.
|
||||||
|
*/
|
||||||
|
public boolean isSupportRimValid() {
|
||||||
|
return supportRimValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Getter for certificate PublicKey.
|
||||||
|
*
|
||||||
|
* @return PublicKey
|
||||||
|
*/
|
||||||
|
public PublicKey getPublicKey() {
|
||||||
|
return publicKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This default constructor creates the Schema object from SCHEMA_URL immediately to save
|
||||||
|
* time during validation calls later.
|
||||||
|
*/
|
||||||
|
public ReferenceManifestValidator() {
|
||||||
|
try {
|
||||||
|
InputStream is = ReferenceManifestValidator.class
|
||||||
|
.getClassLoader().getResourceAsStream(SCHEMA_URL);
|
||||||
|
SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE);
|
||||||
|
schema = schemaFactory.newSchema(new StreamSource(is));
|
||||||
|
signatureValid = false;
|
||||||
|
supportRimValid = false;
|
||||||
|
publicKey = null;
|
||||||
|
} catch (SAXException e) {
|
||||||
|
LOGGER.warn("Error setting schema for validation!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This constructor is used for a quick signature check which bypasses the loading of
|
||||||
|
* the schema url into memory. As a result the full stream is not validated against the schema.
|
||||||
|
*
|
||||||
|
* @param input xml data byte array.
|
||||||
|
*/
|
||||||
|
public ReferenceManifestValidator(final InputStream input) {
|
||||||
|
try {
|
||||||
|
signatureValid = validateSignedXMLDocument(
|
||||||
|
removeXMLWhitespace(new StreamSource(input)));
|
||||||
|
} catch (IOException e) {
|
||||||
|
LOGGER.warn("Error during unmarshal: " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method calculates the SHA256 hash of the input byte array and compares it against
|
||||||
|
* the value passed in.
|
||||||
|
*
|
||||||
|
* @param input byte array to hash.
|
||||||
|
* @param expected value to compare against.
|
||||||
|
*/
|
||||||
|
public void validateSupportRimHash(final byte[] input, final String expected) {
|
||||||
|
String calculatedHash = getHashValue(input, SHA256);
|
||||||
|
LOGGER.info("Calculated hash: " + calculatedHash + ", actual: " + expected);
|
||||||
|
supportRimValid = calculatedHash.equals(expected);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method validates the xml signature in the stream and stores the
|
||||||
|
* result for public access.
|
||||||
|
*
|
||||||
|
* @param input the xml data stream.
|
||||||
|
*/
|
||||||
|
public void validateXmlSignature(final InputStream input) {
|
||||||
|
try {
|
||||||
|
Document doc = validateSwidtagSchema(removeXMLWhitespace(new StreamSource(input)));
|
||||||
|
signatureValid = validateSignedXMLDocument(doc);
|
||||||
|
} catch (IOException e) {
|
||||||
|
LOGGER.warn("Error during unmarshal: " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method calculates the digest of a byte array based on the hashing algorithm passed in.
|
||||||
|
* @param input byte array.
|
||||||
|
* @param sha hash algorithm.
|
||||||
|
* @return String digest.
|
||||||
|
*/
|
||||||
|
private String getHashValue(final byte[] input, final String sha) {
|
||||||
|
String resultString = null;
|
||||||
|
try {
|
||||||
|
MessageDigest md = MessageDigest.getInstance(sha);
|
||||||
|
byte[] bytes = md.digest(input);
|
||||||
|
StringBuilder sb = new StringBuilder();
|
||||||
|
|
||||||
|
for (int i = 0; i < bytes.length; i++) {
|
||||||
|
sb.append(Integer.toString((bytes[i] & EIGHT_BIT_MASK)
|
||||||
|
+ LEFT_SHIFT, RADIX).substring(1));
|
||||||
|
}
|
||||||
|
resultString = sb.toString();
|
||||||
|
} catch (NoSuchAlgorithmException grex) {
|
||||||
|
LOGGER.warn(grex.getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
return resultString;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method validates a Document with a signature element.
|
||||||
|
*
|
||||||
|
* @param doc
|
||||||
|
*/
|
||||||
|
private boolean validateSignedXMLDocument(final Document doc) {
|
||||||
|
DOMValidateContext context;
|
||||||
|
boolean isValid = false;
|
||||||
|
try {
|
||||||
|
NodeList nodes = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
|
||||||
|
if (nodes.getLength() == 0) {
|
||||||
|
throw new Exception("Signature element not found!");
|
||||||
|
}
|
||||||
|
NodeList embeddedCert = doc.getElementsByTagName("X509Data");
|
||||||
|
if (embeddedCert.getLength() > 0) {
|
||||||
|
X509KeySelector keySelector = new ReferenceManifestValidator.X509KeySelector();
|
||||||
|
context = new DOMValidateContext(keySelector, nodes.item(0));
|
||||||
|
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
|
||||||
|
XMLSignature signature = sigFactory.unmarshalXMLSignature(context);
|
||||||
|
isValid = signature.validate(context);
|
||||||
|
publicKey = keySelector.getPublicKey();
|
||||||
|
} else {
|
||||||
|
LOGGER.info("Signing certificate not found for validation!");
|
||||||
|
}
|
||||||
|
} catch (MarshalException | XMLSignatureException e) {
|
||||||
|
LOGGER.warn(e.getMessage());
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOGGER.warn(e.getMessage());
|
||||||
|
LOGGER.info(e.getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
|
return isValid;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This internal class handles selecting an X509 certificate embedded in a KeyInfo element.
|
||||||
|
* It is passed as a parameter to a DOMValidateContext that uses it to validate
|
||||||
|
* an XML signature.
|
||||||
|
*/
|
||||||
|
public static class X509KeySelector extends KeySelector {
|
||||||
|
private PublicKey publicKey;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method selects an X509 cert based on the provided algorithm.
|
||||||
|
*
|
||||||
|
* @param keyinfo object containing the cert.
|
||||||
|
* @param purpose purpose.
|
||||||
|
* @param algorithm algorithm.
|
||||||
|
* @param context XMLCryptoContext.
|
||||||
|
* @return KeySelectorResult holding the PublicKey.
|
||||||
|
* @throws KeySelectorException exception.
|
||||||
|
*/
|
||||||
|
public KeySelectorResult select(final KeyInfo keyinfo,
|
||||||
|
final KeySelector.Purpose purpose,
|
||||||
|
final AlgorithmMethod algorithm,
|
||||||
|
final XMLCryptoContext context)
|
||||||
|
throws KeySelectorException {
|
||||||
|
Iterator keyinfoItr = keyinfo.getContent().iterator();
|
||||||
|
while (keyinfoItr.hasNext()) {
|
||||||
|
XMLStructure element = (XMLStructure) keyinfoItr.next();
|
||||||
|
if (element instanceof X509Data) {
|
||||||
|
X509Data data = (X509Data) element;
|
||||||
|
Iterator dataItr = data.getContent().iterator();
|
||||||
|
while (dataItr.hasNext()) {
|
||||||
|
Object object = dataItr.next();
|
||||||
|
if (object instanceof X509Certificate) {
|
||||||
|
publicKey = ((X509Certificate) object).getPublicKey();
|
||||||
|
if (areAlgorithmsEqual(algorithm.getAlgorithm(),
|
||||||
|
publicKey.getAlgorithm())) {
|
||||||
|
return new ReferenceManifestValidator.X509KeySelector
|
||||||
|
.RIMKeySelectorResult(publicKey);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new KeySelectorException("No key found!");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method checks if two strings refer to the same algorithm.
|
||||||
|
*
|
||||||
|
* @param uri string 1
|
||||||
|
* @param name string 2
|
||||||
|
* @return true if equal, false if not
|
||||||
|
*/
|
||||||
|
public boolean areAlgorithmsEqual(final String uri, final String name) {
|
||||||
|
return uri.equals(SIGNATURE_ALGORITHM_RSA_SHA256) && name.equalsIgnoreCase("RSA");
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Getter for the public key that is parsed in the select() method above.
|
||||||
|
*
|
||||||
|
* @return PublicKey encoded in the X509 cert.
|
||||||
|
*/
|
||||||
|
public PublicKey getPublicKey() {
|
||||||
|
return publicKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This internal class creates a KeySelectorResult from the public key.
|
||||||
|
*/
|
||||||
|
private static class RIMKeySelectorResult implements KeySelectorResult {
|
||||||
|
private Key key;
|
||||||
|
|
||||||
|
RIMKeySelectorResult(final Key key) {
|
||||||
|
this.key = key;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Key getKey() {
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method validates the Document against the schema.
|
||||||
|
*
|
||||||
|
* @param doc of the input swidtag.
|
||||||
|
* @return document validated against the schema.
|
||||||
|
*/
|
||||||
|
private Document validateSwidtagSchema(final Document doc) {
|
||||||
|
try {
|
||||||
|
JAXBContext jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE);
|
||||||
|
unmarshaller = jaxbContext.createUnmarshaller();
|
||||||
|
unmarshaller.setSchema(schema);
|
||||||
|
unmarshaller.unmarshal(doc);
|
||||||
|
} catch (UnmarshalException e) {
|
||||||
|
LOGGER.warn("Error validating swidtag file!");
|
||||||
|
} catch (IllegalArgumentException e) {
|
||||||
|
LOGGER.warn("Input file empty.");
|
||||||
|
} catch (JAXBException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
|
||||||
|
return doc;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method strips all whitespace from an xml file, including indents and spaces
|
||||||
|
* added for human-readability.
|
||||||
|
*
|
||||||
|
* @param source of the input xml.
|
||||||
|
* @return Document representation of the xml.
|
||||||
|
*/
|
||||||
|
private Document removeXMLWhitespace(final StreamSource source) throws IOException {
|
||||||
|
TransformerFactory tf = TransformerFactory.newInstance();
|
||||||
|
Source identitySource = new StreamSource(
|
||||||
|
ReferenceManifestValidator.class.getClassLoader()
|
||||||
|
.getResourceAsStream(IDENTITY_TRANSFORM));
|
||||||
|
Document doc = null;
|
||||||
|
try {
|
||||||
|
Transformer transformer = tf.newTransformer(identitySource);
|
||||||
|
DOMResult result = new DOMResult();
|
||||||
|
transformer.transform(source, result);
|
||||||
|
doc = (Document) result.getNode();
|
||||||
|
} catch (TransformerConfigurationException e) {
|
||||||
|
LOGGER.warn("Error configuring transformer!");
|
||||||
|
e.printStackTrace();
|
||||||
|
} catch (TransformerException e) {
|
||||||
|
LOGGER.warn("Error transforming input!");
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
|
||||||
|
return doc;
|
||||||
|
}
|
||||||
|
}
|
10
HIRS_Utils/src/main/resources/identity_transform.xslt
Normal file
10
HIRS_Utils/src/main/resources/identity_transform.xslt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
<?xml version="1.0"?>
|
||||||
|
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
||||||
|
<xsl:output indent="no" />
|
||||||
|
<xsl:strip-space elements="*"/>
|
||||||
|
<xsl:template match="@*|node()">
|
||||||
|
<xsl:copy>
|
||||||
|
<xsl:apply-templates select="@*|node()"/>
|
||||||
|
</xsl:copy>
|
||||||
|
</xsl:template>
|
||||||
|
</xsl:stylesheet>
|
Loading…
Reference in New Issue
Block a user