mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-04-15 15:06:47 +00:00
issue_896: Added more javadocs, still going through the process and figuring out places where this will work. Can successfully debug provisioner+aca.
Some checks are pending
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Waiting to run
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Waiting to run
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Blocked by required conditions
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Waiting to run
HIRS System Tests / DockerTests (push) Waiting to run
Some checks are pending
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Waiting to run
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Waiting to run
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Blocked by required conditions
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Waiting to run
HIRS System Tests / DockerTests (push) Waiting to run
This commit is contained in:
TheSilentCoder
parent
50098de266
commit
9e94a527af
@ -108,7 +108,7 @@ public class RestfulAttestationCertificateAuthority extends AttestationCertifica
|
||||
* the client's desired attestation key, if the correct nonce is supplied.
|
||||
*
|
||||
* @param certificateRequest request containing nonce from earlier identity
|
||||
* * claim handshake
|
||||
* claim handshake
|
||||
* @return The response to the client provisioner.
|
||||
*/
|
||||
@Override
|
||||
|
||||
@ -159,6 +159,7 @@ public class AbstractProcessor {
|
||||
final ProvisionerTpm2.IdentityClaim identityClaim,
|
||||
final PublicKey ekPub, final CertificateRepository certificateRepository) {
|
||||
EndorsementCredential endorsementCredential = null;
|
||||
|
||||
if (identityClaim.hasEndorsementCredential()) {
|
||||
endorsementCredential = CredentialManagementHelper.storeEndorsementCredential(
|
||||
certificateRepository,
|
||||
@ -172,6 +173,7 @@ public class AbstractProcessor {
|
||||
log.warn("No endorsement credential was received in identity claim and no EK Public"
|
||||
+ " Key was provided to check for uploaded certificates.");
|
||||
}
|
||||
|
||||
return endorsementCredential;
|
||||
}
|
||||
|
||||
@ -254,7 +256,7 @@ public class AbstractProcessor {
|
||||
* @param endorsementCredential the endorsement credential used to generate the AC
|
||||
* @param platformCredentials the platform credentials used to generate the AC
|
||||
* @param device the device to which the attestation certificate is tied
|
||||
* @param ldevID whether the certificate is a ldevid
|
||||
* @param ldevID whether the certificate is a ldevid
|
||||
* @return whether the certificate was saved successfully
|
||||
* @throws {@link CertificateProcessingException} if error occurs in persisting the Attestation
|
||||
* Certificate
|
||||
|
||||
@ -215,6 +215,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
// device.getDeviceInfo().setPaccorOutputString(claim.getPaccorOutput());
|
||||
handleDeviceComponents(device.getDeviceInfo().getNetworkInfo().getHostname(),
|
||||
claim.getPaccorOutput());
|
||||
|
||||
// There are situations in which the claim is sent with no PCs
|
||||
// or a PC from the tpm which will be deprecated
|
||||
// this is to check what is in the platform object and pull
|
||||
@ -230,6 +231,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
|
||||
platformCredentials.addAll(tempList);
|
||||
}
|
||||
|
||||
// store component results objects
|
||||
for (PlatformCredential platformCredential : platformCredentials) {
|
||||
List<ComponentResult> componentResults = componentResultRepository
|
||||
@ -239,7 +241,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
if (componentResults.isEmpty()) {
|
||||
savePlatformComponents(platformCredential);
|
||||
} else {
|
||||
componentResults.stream().forEach((componentResult) -> {
|
||||
componentResults.forEach((componentResult) -> {
|
||||
componentResult.restore();
|
||||
componentResult.resetCreateTime();
|
||||
componentResultRepository.save(componentResult);
|
||||
@ -256,9 +258,16 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
AppraisalStatus.Status validationResult = summary.getOverallValidationResult();
|
||||
device.setSupplyChainValidationStatus(validationResult);
|
||||
this.deviceRepository.save(device);
|
||||
|
||||
return validationResult;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that utilizes the identity claim to produce a device info report.
|
||||
*
|
||||
* @param claim identity claim
|
||||
* @return device info
|
||||
*/
|
||||
private Device processDeviceInfo(final ProvisionerTpm2.IdentityClaim claim) {
|
||||
DeviceInfoReport deviceInfoReport = null;
|
||||
|
||||
@ -620,7 +629,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
.findByManufacturerAndModel(manufacturer, model);
|
||||
|
||||
Map<String, ReferenceDigestValue> digestValueMap = new HashMap<>();
|
||||
expectedValues.stream().forEach((rdv) -> {
|
||||
expectedValues.forEach((rdv) -> {
|
||||
digestValueMap.put(rdv.getDigestValue(), rdv);
|
||||
});
|
||||
|
||||
@ -728,6 +737,13 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that attempts to find all the provided device's components.
|
||||
*
|
||||
* @param hostName device's host name
|
||||
* @param paccorString
|
||||
* @return number of components
|
||||
*/
|
||||
private int handleDeviceComponents(final String hostName, final String paccorString) {
|
||||
int deviceComponents = 0;
|
||||
Map<Integer, ComponentInfo> componentInfoMap = new HashMap<>();
|
||||
@ -735,9 +751,11 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
List<ComponentInfo> componentInfos = SupplyChainCredentialValidator
|
||||
.getComponentInfoFromPaccorOutput(hostName, paccorString);
|
||||
|
||||
deviceComponents = componentInfos.size();
|
||||
|
||||
// check the DB for like component infos
|
||||
List<ComponentInfo> dbComponentInfos = this.componentInfoRepository.findByDeviceName(hostName);
|
||||
dbComponentInfos.stream().forEach((infos) -> {
|
||||
dbComponentInfos.forEach((infos) -> {
|
||||
componentInfoMap.put(infos.hashCode(), infos);
|
||||
});
|
||||
|
||||
|
||||
@ -238,11 +238,11 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
|
||||
// All components listed in the Platform Credential must have a manufacturer and model
|
||||
for (ComponentIdentifierV2 pcComponent : allPcComponents) {
|
||||
|
||||
fieldValidation = pcComponent.getComponentClass() != null;
|
||||
|
||||
if (!fieldValidation) {
|
||||
resultMessage.append("Component class is null\n");
|
||||
}
|
||||
// fieldValidation = pcComponent.getComponentClass() != null;
|
||||
//
|
||||
// if (!fieldValidation) {
|
||||
// resultMessage.append("Component class is null\n");
|
||||
// }
|
||||
|
||||
fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer",
|
||||
pcComponent.getComponentManufacturer());
|
||||
|
||||
@ -270,7 +270,7 @@ public class SupplyChainCredentialValidator {
|
||||
* Parses the output from PACCOR's allcomponents.sh script into ComponentInfo objects.
|
||||
*
|
||||
* @param hostName the host machine associated with the component
|
||||
* @param paccorOutput the output from PACCOR's allcomoponents.sh
|
||||
* @param paccorOutput the output from PACCOR's allcomponents.sh
|
||||
* @return a list of ComponentInfo objects built from paccorOutput
|
||||
* @throws java.io.IOException if something goes wrong parsing the JSON
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user