ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not unarchive existing RIM bundle during provision, search for unarchived bundle with later creation date. Delete RIM files with /delete endpoint, do not archive.

Browse Source 
Revert changes to ReferenceManifestPageController.

Revert changes to FirmwareScvValidator class
This commit is contained in:
chubtub 2024-08-21 11:58:39 -04:00
parent 6e9e68c1e7
commit a123acc743
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
View File

@ -1,5 +1,6 @@
package hirs.attestationca.persist.provision; package hirs.attestationca.persist.provision;
import com.fasterxml.jackson.databind.ser.Serializers;
import com.google.protobuf.ByteString; import com.google.protobuf.ByteString;
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2; import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.persist.entity.manager.CertificateRepository; import hirs.attestationca.persist.entity.manager.CertificateRepository;
@ -375,11 +376,20 @@ public class IdentityClaimProcessor extends AbstractProcessor {
support.getHexDecHash().length() - NUM_OF_VARIABLES))); support.getHexDecHash().length() - NUM_OF_VARIABLES)));
support.setDeviceName(dv.getNw().getHostname()); support.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(support); this.referenceManifestRepository.save(support);
} else { } else if (support.isArchived()) {
log.info("Client provided Support RIM already loaded in database."); List<ReferenceManifest> rims = referenceManifestRepository.findByArchiveFlag(false);
for (ReferenceManifest rim : rims) {
if (rim.isSupport() &&
rim.getTagId().equals(support.getTagId()) &&
rim.getCreateTime().after(support.getCreateTime())) {
support.setDeviceName(null);
support = (SupportReferenceManifest) rim;
support.setDeviceName(dv.getNw().getHostname());
}
}
if (support.isArchived()) { if (support.isArchived()) {
support.restore(); throw new Exception("Unable to locate an unarchived support RIM.");
support.resetCreateTime(); } else {
this.referenceManifestRepository.save(support); this.referenceManifestRepository.save(support);
} }
} }
@ -408,21 +418,25 @@ public class IdentityClaimProcessor extends AbstractProcessor {
swidFile.toByteArray()); swidFile.toByteArray());
dbBaseRim.setDeviceName(dv.getNw().getHostname()); dbBaseRim.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(dbBaseRim); this.referenceManifestRepository.save(dbBaseRim);
} else { } else if (dbBaseRim.isArchived()) {
log.info("Client provided Base RIM already loaded in database."); List<ReferenceManifest> rims = referenceManifestRepository.findByArchiveFlag(false);
/** for (ReferenceManifest rim : rims) {
* Leaving this as is for now, however can there be a condition if (rim.isBase() && rim.getTagId().equals(dbBaseRim.getTagId()) &&
* in which the provisioner sends swidtags without support rims? rim.getCreateTime().after(dbBaseRim.getCreateTime())) {
*/ dbBaseRim.setDeviceName(null);
dbBaseRim = (BaseReferenceManifest) rim;
dbBaseRim.setDeviceName(dv.getNw().getHostname());
}
}
if (dbBaseRim.isArchived()) { if (dbBaseRim.isArchived()) {
dbBaseRim.restore(); throw new Exception("Unable to locate an unarchived base RIM.");
dbBaseRim.resetCreateTime();
this.referenceManifestRepository.save(dbBaseRim);
} }
} }
tagId = dbBaseRim.getTagId(); tagId = dbBaseRim.getTagId();
} catch (UnmarshalException e) { } catch (UnmarshalException e) {
log.error(e); log.error(e);
} catch (Exception ex) {
log.error(String.format("Failed to load base rim: %s", ex.getMessage()));
} }
} }
} else { } else {