mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-20 19:49:31 +00:00
Merge pull request #886 from nsacyber/v3_issue-879
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
[#879] Additional renaming and checkstyle changes
This commit is contained in:
commit
ad0966941d
@ -15,6 +15,7 @@ import org.apache.commons.codec.binary.Hex;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -62,8 +63,7 @@ public class PcrValidator {
|
||||
* @param pcrValues RIM provided baseline PCRs
|
||||
*/
|
||||
public PcrValidator(final String[] pcrValues) {
|
||||
baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
|
||||
System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1);
|
||||
baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -149,7 +149,7 @@ public class PcrValidator {
|
||||
}
|
||||
|
||||
if (!baselinePcrs[i].equals(storedPcrs[i])) {
|
||||
log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]);
|
||||
log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i]));
|
||||
sb.append(String.format(failureMsg, i));
|
||||
}
|
||||
}
|
||||
@ -163,36 +163,36 @@ public class PcrValidator {
|
||||
* will ignore certin PCRs, Event Types and Event Variables present.
|
||||
*
|
||||
* @param tcgMeasurementLog Measurement log from the client
|
||||
* @param eventValueMap The events stored as baseline to compare
|
||||
* @param eventLogRecords The events stored as baseline to compare
|
||||
* @param policySettings db entity that holds all of policy
|
||||
* @return the events that didn't pass
|
||||
*/
|
||||
public List<TpmPcrEvent> validateTpmEvents(final TCGEventLog tcgMeasurementLog,
|
||||
final Map<String, ReferenceDigestValue> eventValueMap,
|
||||
final Map<String, ReferenceDigestValue> eventLogRecords,
|
||||
final PolicySettings policySettings) {
|
||||
List<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
|
||||
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
|
||||
if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) {
|
||||
log.info("IMA Ignored -> {}", tpe);
|
||||
log.info(String.format("IMA Ignored -> %s", tpe));
|
||||
} else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START
|
||||
&& tpe.getPcrIndex() <= TBOOT_PCR_END)) {
|
||||
log.info("TBOOT Ignored -> {}", tpe);
|
||||
log.info(String.format("TBOOT Ignored -> %s", tpe));
|
||||
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START
|
||||
&& tpe.getPcrIndex() <= PXE_PCR_END)) {
|
||||
log.info("OS Evt Ignored -> {}", tpe);
|
||||
log.info(String.format("OS Evt Ignored -> %s", tpe));
|
||||
} else {
|
||||
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
|
||||
log.info("GPT Ignored -> {}", tpe);
|
||||
log.info(String.format("GPT Ignored -> %s", tpe));
|
||||
} else if (policySettings.isIgnoreOsEvtEnabled() && (
|
||||
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|
||||
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
|
||||
log.info("OS Evt Ignored -> {}", tpe);
|
||||
log.info(String.format("OS Evt Ignored -> %s", tpe));
|
||||
} else if (policySettings.isIgnoreOsEvtEnabled() && (
|
||||
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
|
||||
&& tpe.getEventContentStr().contains("SecureBoot"))) {
|
||||
log.info("OS Evt Config Ignored -> {}", tpe);
|
||||
log.info(String.format("OS Evt Config Ignored -> %s", tpe));
|
||||
} else {
|
||||
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
|
||||
if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) {
|
||||
tpmPcrEvents.add(tpe);
|
||||
}
|
||||
}
|
||||
@ -251,13 +251,12 @@ public class PcrValidator {
|
||||
// other information.
|
||||
String calculatedString = Hex.encodeHexString(
|
||||
pcrInfoShort.getCalculatedDigest());
|
||||
log.debug(
|
||||
"Validating PCR information with the following:{}calculatedString = {}{}"
|
||||
+ "quoteString = {}", System.lineSeparator(), calculatedString,
|
||||
System.lineSeparator(), quoteString);
|
||||
log.debug("Validating PCR information with the following:"
|
||||
+ System.lineSeparator() + "calculatedString = " + calculatedString
|
||||
+ System.lineSeparator() + "quoteString = " + quoteString);
|
||||
validated = quoteString.contains(calculatedString);
|
||||
if (!validated) {
|
||||
log.warn("{} not found in {}", calculatedString, quoteString);
|
||||
log.warn(calculatedString + " not found in " + quoteString);
|
||||
}
|
||||
} catch (NoSuchAlgorithmException naEx) {
|
||||
log.error(naEx);
|
||||
|
@ -97,14 +97,12 @@ public class ReferenceManifestDetailsPageController
|
||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||
* @throws CertificateException if a certificate doesn't parse.
|
||||
*/
|
||||
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
|
||||
final ReferenceManifestRepository
|
||||
referenceManifestRepository,
|
||||
final ReferenceDigestValueRepository
|
||||
referenceDigestValueRepository,
|
||||
final CertificateRepository certificateRepository,
|
||||
final CACredentialRepository
|
||||
caCertificateRepository)
|
||||
public static HashMap<String, Object> getRimDetailInfo(
|
||||
final UUID uuid,
|
||||
final ReferenceManifestRepository referenceManifestRepository,
|
||||
final ReferenceDigestValueRepository referenceDigestValueRepository,
|
||||
final CertificateRepository certificateRepository,
|
||||
final CACredentialRepository caCertificateRepository)
|
||||
throws IOException,
|
||||
CertificateException, NoSuchAlgorithmException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
@ -141,14 +139,16 @@ public class ReferenceManifestDetailsPageController
|
||||
* @param certificateRepository the certificate manager.
|
||||
* @param caCertificateRepository the certificate manager.
|
||||
* @return mapping of the RIM information from the database.
|
||||
* @throws java.io.IOException error for reading file bytes.
|
||||
* @throws java.io.IOException error for reading file bytes.
|
||||
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
|
||||
* @throws CertificateException if a certificate doesn't parse.
|
||||
*/
|
||||
private static HashMap<String, Object> getBaseRimInfo(
|
||||
final BaseReferenceManifest baseRim,
|
||||
final ReferenceManifestRepository referenceManifestRepository,
|
||||
final CertificateRepository certificateRepository,
|
||||
final CACredentialRepository caCertificateRepository)
|
||||
throws IOException {
|
||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
|
||||
// Software Identity
|
||||
@ -258,8 +258,8 @@ public class ReferenceManifestDetailsPageController
|
||||
caCertificateRepository));
|
||||
RIM_VALIDATOR.setTrustStore(truststore);
|
||||
} catch (IOException e) {
|
||||
log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(),
|
||||
e.getMessage());
|
||||
log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": "
|
||||
+ e.getMessage());
|
||||
}
|
||||
if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
|
||||
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
|
||||
@ -270,7 +270,7 @@ public class ReferenceManifestDetailsPageController
|
||||
break;
|
||||
}
|
||||
} catch (SupplyChainValidatorException scvEx) {
|
||||
log.error("Error verifying cert chain: {}", scvEx.getMessage());
|
||||
log.error("Error verifying cert chain: " + scvEx.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -286,7 +286,7 @@ public class ReferenceManifestDetailsPageController
|
||||
}
|
||||
}
|
||||
} catch (NullPointerException npEx) {
|
||||
log.warn("Unable to link signing certificate: {}", npEx.getMessage());
|
||||
log.warn("Unable to link signing certificate: " + npEx.getMessage());
|
||||
}
|
||||
return data;
|
||||
}
|
||||
@ -485,7 +485,7 @@ public class ReferenceManifestDetailsPageController
|
||||
final ReferenceDigestValueRepository referenceDigestValueRepository)
|
||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||
HashMap<String, Object> data = new HashMap<>();
|
||||
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
|
||||
LinkedList<TpmPcrEvent> evidence = new LinkedList<>();
|
||||
BaseReferenceManifest base = null;
|
||||
List<SupportReferenceManifest> supports = new ArrayList<>();
|
||||
SupportReferenceManifest baseSupport = null;
|
||||
@ -498,7 +498,7 @@ public class ReferenceManifestDetailsPageController
|
||||
data.put("validationResult", measurements.getOverallValidationResult());
|
||||
data.put("swidBase", true);
|
||||
|
||||
List<ReferenceDigestValue> eventValues = new LinkedList<>();
|
||||
List<ReferenceDigestValue> assertions = new LinkedList<>();
|
||||
if (measurements.getDeviceName() != null) {
|
||||
supports.addAll(referenceManifestRepository.byDeviceName(measurements
|
||||
.getDeviceName()));
|
||||
@ -518,19 +518,19 @@ public class ReferenceManifestDetailsPageController
|
||||
data.put("associatedRim", base.getId());
|
||||
}
|
||||
|
||||
eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
|
||||
assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
|
||||
}
|
||||
}
|
||||
|
||||
TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
|
||||
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
|
||||
|
||||
for (ReferenceDigestValue rdv : eventValues) {
|
||||
eventValueMap.put(rdv.getDigestValue(), rdv);
|
||||
for (ReferenceDigestValue record : assertions) {
|
||||
eventValueMap.put(record.getDigestValue(), record);
|
||||
}
|
||||
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
|
||||
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
|
||||
livelogEvents.add(measurementEvent);
|
||||
evidence.add(measurementEvent);
|
||||
}
|
||||
}
|
||||
|
||||
@ -544,7 +544,7 @@ public class ReferenceManifestDetailsPageController
|
||||
String bootVariable;
|
||||
String variablePrefix = "Variable Name:";
|
||||
String variableSuffix = "UEFI_GUID";
|
||||
for (TpmPcrEvent tpe : livelogEvents) {
|
||||
for (TpmPcrEvent tpe : evidence) {
|
||||
matchedEvents = new ArrayList<>();
|
||||
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
|
||||
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
|
||||
@ -567,7 +567,7 @@ public class ReferenceManifestDetailsPageController
|
||||
}
|
||||
|
||||
TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes());
|
||||
data.put("livelogEvents", livelogEvents);
|
||||
data.put("livelogEvents", evidence);
|
||||
data.put("events", logProcessor.getEventList());
|
||||
getEventSummary(data, logProcessor.getEventList());
|
||||
|
||||
@ -608,6 +608,12 @@ public class ReferenceManifestDetailsPageController
|
||||
String uuidError = "Failed to parse ID from: " + params.getId();
|
||||
messages.addError(uuidError);
|
||||
log.error(uuidError, iaEx);
|
||||
} catch (CertificateException cEx) {
|
||||
log.error(cEx);
|
||||
} catch (NoSuchAlgorithmException nsEx) {
|
||||
log.error(nsEx);
|
||||
} catch (IOException ioEx) {
|
||||
log.error(ioEx);
|
||||
} catch (Exception ex) {
|
||||
log.error(ex);
|
||||
}
|
||||
|
@ -76,10 +76,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
* @param referenceDigestValueRepository this is the reference event manager
|
||||
*/
|
||||
@Autowired
|
||||
public ReferenceManifestPageController(final ReferenceManifestRepository
|
||||
referenceManifestRepository,
|
||||
final ReferenceDigestValueRepository
|
||||
referenceDigestValueRepository) {
|
||||
public ReferenceManifestPageController(
|
||||
final ReferenceManifestRepository referenceManifestRepository,
|
||||
final ReferenceDigestValueRepository referenceDigestValueRepository) {
|
||||
super(Page.REFERENCE_MANIFESTS);
|
||||
this.referenceManifestRepository = referenceManifestRepository;
|
||||
this.referenceDigestValueRepository = referenceDigestValueRepository;
|
||||
@ -113,11 +112,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
method = RequestMethod.GET)
|
||||
public DataTableResponse<ReferenceManifest> getTableData(
|
||||
@Valid final DataTableInput input) {
|
||||
log.debug("Handling request for summary list: {}", input);
|
||||
log.debug("Handling request for summary list: " + input);
|
||||
|
||||
String orderColumnName = input.getOrderColumnName();
|
||||
log.info("Ordering on column: {}", orderColumnName);
|
||||
log.info("Querying with the following dataTableInput: {}", input);
|
||||
log.info("Ordering on column: " + orderColumnName);
|
||||
log.info("Querying with the following dataTableInput: " + input);
|
||||
|
||||
FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
|
||||
int currentPage = input.getStart() / input.getLength();
|
||||
@ -138,7 +137,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
|
||||
records.setRecordsFiltered(referenceManifestRepository.findByArchiveFlag(false).size());
|
||||
|
||||
log.debug("Returning list of size: {}", records.size());
|
||||
log.debug("Returning list of size: " + records.size());
|
||||
return new DataTableResponse<>(records, input);
|
||||
}
|
||||
|
||||
@ -163,7 +162,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
Matcher matcher;
|
||||
List<BaseReferenceManifest> baseRims = new ArrayList<>();
|
||||
List<SupportReferenceManifest> supportRims = new ArrayList<>();
|
||||
log.info("Processing {} uploaded files", files.length);
|
||||
log.info(String.format("Processing %s uploaded files", files.length));
|
||||
|
||||
// loop through the files
|
||||
for (MultipartFile file : files) {
|
||||
@ -183,18 +182,16 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
+ " Base RIMs support the extension \".swidtag\", and support RIMs support "
|
||||
+ "\".rimpcr\", \".rimel\", \".bin\", and \".log\". "
|
||||
+ "Please verify your upload and retry.";
|
||||
log.error("File extension in {} not recognized as base or support RIM.", fileName);
|
||||
log.error("File extension in " + fileName + " not recognized as base or support RIM.");
|
||||
messages.addError(errorString);
|
||||
}
|
||||
}
|
||||
|
||||
baseRims.forEach((rim) -> {
|
||||
log.info("Storing swidtag {}", rim.getFileName());
|
||||
log.info(String.format("Storing swidtag %s", rim.getFileName()));
|
||||
this.referenceManifestRepository.save(rim);
|
||||
});
|
||||
|
||||
supportRims.forEach((rim) -> {
|
||||
log.info("Storing event log {}", rim.getFileName());
|
||||
log.info(String.format("Storing event log %s", rim.getFileName()));
|
||||
this.referenceManifestRepository.save(rim);
|
||||
});
|
||||
|
||||
@ -229,7 +226,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
@RequestMapping(value = "/delete", method = RequestMethod.POST)
|
||||
public RedirectView delete(@RequestParam final String id,
|
||||
final RedirectAttributes attr) throws URISyntaxException {
|
||||
log.info("Handling request to delete {}", id);
|
||||
log.info("Handling request to delete " + id);
|
||||
|
||||
Map<String, Object> model = new HashMap<>();
|
||||
PageMessages messages = new PageMessages();
|
||||
@ -274,7 +271,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
public void download(@RequestParam final String id,
|
||||
final HttpServletResponse response)
|
||||
throws IOException {
|
||||
log.info("Handling RIM request to download {}", id);
|
||||
log.info("Handling RIM request to download " + id);
|
||||
|
||||
try {
|
||||
ReferenceManifest referenceManifest = getRimFromDb(id);
|
||||
@ -285,11 +282,10 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
// send a 404 error when invalid Reference Manifest
|
||||
response.sendError(HttpServletResponse.SC_NOT_FOUND);
|
||||
} else {
|
||||
StringBuilder fileName = new StringBuilder("filename=\"");
|
||||
fileName.append(referenceManifest.getFileName());
|
||||
// Set filename for download.
|
||||
response.setHeader("Content-Disposition",
|
||||
"attachment;" + "filename=\"" + referenceManifest.getFileName()
|
||||
// Set filename for download.
|
||||
);
|
||||
response.setHeader("Content-Disposition", "attachment;" + fileName);
|
||||
response.setContentType("application/octet-stream");
|
||||
|
||||
// write cert to output stream
|
||||
@ -363,7 +359,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
*
|
||||
* @param id of the RIM
|
||||
* @return the associated RIM from the DB
|
||||
* @throws IllegalArgumentException if issues arise from attempting to retrieve the rim from the database
|
||||
* @throws IllegalArgumentException
|
||||
*/
|
||||
private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException {
|
||||
UUID uuid = UUID.fromString(id);
|
||||
@ -502,7 +498,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
}
|
||||
|
||||
private void processTpmEvents(final List<SupportReferenceManifest> dbSupportRims) {
|
||||
List<ReferenceDigestValue> tpmEvents;
|
||||
List<ReferenceDigestValue> referenceValues;
|
||||
TCGEventLog logProcessor = null;
|
||||
ReferenceManifest baseRim;
|
||||
ReferenceDigestValue newRdv;
|
||||
@ -511,9 +507,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
// So first we'll have to pull values based on support rim
|
||||
// get by support rim id NEXT
|
||||
if (dbSupport.getPlatformManufacturer() != null) {
|
||||
tpmEvents = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
|
||||
referenceValues = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
|
||||
baseRim = findBaseRim(dbSupport);
|
||||
if (tpmEvents.isEmpty()) {
|
||||
if (referenceValues.isEmpty()) {
|
||||
try {
|
||||
logProcessor = new TCGEventLog(dbSupport.getRimBytes());
|
||||
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
|
||||
@ -526,14 +522,18 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
|
||||
|
||||
this.referenceDigestValueRepository.save(newRdv);
|
||||
}
|
||||
} catch (CertificateException | NoSuchAlgorithmException | IOException e) {
|
||||
} catch (CertificateException e) {
|
||||
e.printStackTrace();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
e.printStackTrace();
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
} else {
|
||||
for (ReferenceDigestValue rdv : tpmEvents) {
|
||||
if (!rdv.isUpdated()) {
|
||||
rdv.updateInfo(dbSupport, baseRim.getId());
|
||||
this.referenceDigestValueRepository.save(rdv);
|
||||
for (ReferenceDigestValue referenceValue : referenceValues) {
|
||||
if (!referenceValue.isUpdated()) {
|
||||
referenceValue.updateInfo(dbSupport, baseRim.getId());
|
||||
this.referenceDigestValueRepository.save(referenceValue);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user