diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java index f964007f..6620f815 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java @@ -15,6 +15,7 @@ import org.apache.commons.codec.binary.Hex; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -62,8 +63,7 @@ public class PcrValidator { * @param pcrValues RIM provided baseline PCRs */ public PcrValidator(final String[] pcrValues) { - baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1]; - System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1); + baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1); } /** @@ -149,7 +149,7 @@ public class PcrValidator { } if (!baselinePcrs[i].equals(storedPcrs[i])) { - log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]); + log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i])); sb.append(String.format(failureMsg, i)); } } @@ -163,36 +163,36 @@ public class PcrValidator { * will ignore certin PCRs, Event Types and Event Variables present. * * @param tcgMeasurementLog Measurement log from the client - * @param eventValueMap The events stored as baseline to compare + * @param eventLogRecords The events stored as baseline to compare * @param policySettings db entity that holds all of policy * @return the events that didn't pass */ public List validateTpmEvents(final TCGEventLog tcgMeasurementLog, - final Map eventValueMap, + final Map eventLogRecords, final PolicySettings policySettings) { List tpmPcrEvents = new LinkedList<>(); for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) { if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) { - log.info("IMA Ignored -> {}", tpe); + log.info(String.format("IMA Ignored -> %s", tpe)); } else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START && tpe.getPcrIndex() <= TBOOT_PCR_END)) { - log.info("TBOOT Ignored -> {}", tpe); + log.info(String.format("TBOOT Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START && tpe.getPcrIndex() <= PXE_PCR_END)) { - log.info("OS Evt Ignored -> {}", tpe); + log.info(String.format("OS Evt Ignored -> %s", tpe)); } else { if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) { - log.info("GPT Ignored -> {}", tpe); + log.info(String.format("GPT Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && ( tpe.getEventTypeStr().contains(EVT_EFI_BOOT) || tpe.getEventTypeStr().contains(EVT_EFI_VAR))) { - log.info("OS Evt Ignored -> {}", tpe); + log.info(String.format("OS Evt Ignored -> %s", tpe)); } else if (policySettings.isIgnoreOsEvtEnabled() && ( tpe.getEventTypeStr().contains(EVT_EFI_CFG) && tpe.getEventContentStr().contains("SecureBoot"))) { - log.info("OS Evt Config Ignored -> {}", tpe); + log.info(String.format("OS Evt Config Ignored -> %s", tpe)); } else { - if (!eventValueMap.containsKey(tpe.getEventDigestStr())) { + if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) { tpmPcrEvents.add(tpe); } } @@ -251,13 +251,12 @@ public class PcrValidator { // other information. String calculatedString = Hex.encodeHexString( pcrInfoShort.getCalculatedDigest()); - log.debug( - "Validating PCR information with the following:{}calculatedString = {}{}" - + "quoteString = {}", System.lineSeparator(), calculatedString, - System.lineSeparator(), quoteString); + log.debug("Validating PCR information with the following:" + + System.lineSeparator() + "calculatedString = " + calculatedString + + System.lineSeparator() + "quoteString = " + quoteString); validated = quoteString.contains(calculatedString); if (!validated) { - log.warn("{} not found in {}", calculatedString, quoteString); + log.warn(calculatedString + " not found in " + quoteString); } } catch (NoSuchAlgorithmException naEx) { log.error(naEx); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index ea440af0..16d2e988 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -97,14 +97,12 @@ public class ReferenceManifestDetailsPageController * @throws NoSuchAlgorithmException If an unknown Algorithm is encountered. * @throws CertificateException if a certificate doesn't parse. */ - public static HashMap getRimDetailInfo(final UUID uuid, - final ReferenceManifestRepository - referenceManifestRepository, - final ReferenceDigestValueRepository - referenceDigestValueRepository, - final CertificateRepository certificateRepository, - final CACredentialRepository - caCertificateRepository) + public static HashMap getRimDetailInfo( + final UUID uuid, + final ReferenceManifestRepository referenceManifestRepository, + final ReferenceDigestValueRepository referenceDigestValueRepository, + final CertificateRepository certificateRepository, + final CACredentialRepository caCertificateRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); @@ -141,14 +139,16 @@ public class ReferenceManifestDetailsPageController * @param certificateRepository the certificate manager. * @param caCertificateRepository the certificate manager. * @return mapping of the RIM information from the database. - * @throws java.io.IOException error for reading file bytes. + * @throws java.io.IOException error for reading file bytes. + * @throws NoSuchAlgorithmException If an unknown Algorithm is encountered. + * @throws CertificateException if a certificate doesn't parse. */ private static HashMap getBaseRimInfo( final BaseReferenceManifest baseRim, final ReferenceManifestRepository referenceManifestRepository, final CertificateRepository certificateRepository, final CACredentialRepository caCertificateRepository) - throws IOException { + throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); // Software Identity @@ -258,8 +258,8 @@ public class ReferenceManifestDetailsPageController caCertificateRepository)); RIM_VALIDATOR.setTrustStore(truststore); } catch (IOException e) { - log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(), - e.getMessage()); + log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": " + + e.getMessage()); } if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(), caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) { @@ -270,7 +270,7 @@ public class ReferenceManifestDetailsPageController break; } } catch (SupplyChainValidatorException scvEx) { - log.error("Error verifying cert chain: {}", scvEx.getMessage()); + log.error("Error verifying cert chain: " + scvEx.getMessage()); } } } @@ -286,7 +286,7 @@ public class ReferenceManifestDetailsPageController } } } catch (NullPointerException npEx) { - log.warn("Unable to link signing certificate: {}", npEx.getMessage()); + log.warn("Unable to link signing certificate: " + npEx.getMessage()); } return data; } @@ -485,7 +485,7 @@ public class ReferenceManifestDetailsPageController final ReferenceDigestValueRepository referenceDigestValueRepository) throws IOException, CertificateException, NoSuchAlgorithmException { HashMap data = new HashMap<>(); - LinkedList livelogEvents = new LinkedList<>(); + LinkedList evidence = new LinkedList<>(); BaseReferenceManifest base = null; List supports = new ArrayList<>(); SupportReferenceManifest baseSupport = null; @@ -498,7 +498,7 @@ public class ReferenceManifestDetailsPageController data.put("validationResult", measurements.getOverallValidationResult()); data.put("swidBase", true); - List eventValues = new LinkedList<>(); + List assertions = new LinkedList<>(); if (measurements.getDeviceName() != null) { supports.addAll(referenceManifestRepository.byDeviceName(measurements .getDeviceName())); @@ -518,19 +518,19 @@ public class ReferenceManifestDetailsPageController data.put("associatedRim", base.getId()); } - eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId())); + assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId())); } } TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes()); Map eventValueMap = new HashMap<>(); - for (ReferenceDigestValue rdv : eventValues) { - eventValueMap.put(rdv.getDigestValue(), rdv); + for (ReferenceDigestValue record : assertions) { + eventValueMap.put(record.getDigestValue(), record); } for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) { if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) { - livelogEvents.add(measurementEvent); + evidence.add(measurementEvent); } } @@ -544,7 +544,7 @@ public class ReferenceManifestDetailsPageController String bootVariable; String variablePrefix = "Variable Name:"; String variableSuffix = "UEFI_GUID"; - for (TpmPcrEvent tpe : livelogEvents) { + for (TpmPcrEvent tpe : evidence) { matchedEvents = new ArrayList<>(); for (TpmPcrEvent tpmPcrEvent : combinedBaselines) { if (tpmPcrEvent.getEventType() == tpe.getEventType()) { @@ -567,7 +567,7 @@ public class ReferenceManifestDetailsPageController } TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes()); - data.put("livelogEvents", livelogEvents); + data.put("livelogEvents", evidence); data.put("events", logProcessor.getEventList()); getEventSummary(data, logProcessor.getEventList()); @@ -608,6 +608,12 @@ public class ReferenceManifestDetailsPageController String uuidError = "Failed to parse ID from: " + params.getId(); messages.addError(uuidError); log.error(uuidError, iaEx); + } catch (CertificateException cEx) { + log.error(cEx); + } catch (NoSuchAlgorithmException nsEx) { + log.error(nsEx); + } catch (IOException ioEx) { + log.error(ioEx); } catch (Exception ex) { log.error(ex); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 7e885720..fc84e213 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -76,10 +76,9 @@ public class ReferenceManifestPageController extends PageController getTableData( @Valid final DataTableInput input) { - log.debug("Handling request for summary list: {}", input); + log.debug("Handling request for summary list: " + input); String orderColumnName = input.getOrderColumnName(); - log.info("Ordering on column: {}", orderColumnName); - log.info("Querying with the following dataTableInput: {}", input); + log.info("Ordering on column: " + orderColumnName); + log.info("Querying with the following dataTableInput: " + input); FilteredRecordsList records = new FilteredRecordsList<>(); int currentPage = input.getStart() / input.getLength(); @@ -138,7 +137,7 @@ public class ReferenceManifestPageController extends PageController(records, input); } @@ -163,7 +162,7 @@ public class ReferenceManifestPageController extends PageController baseRims = new ArrayList<>(); List supportRims = new ArrayList<>(); - log.info("Processing {} uploaded files", files.length); + log.info(String.format("Processing %s uploaded files", files.length)); // loop through the files for (MultipartFile file : files) { @@ -183,18 +182,16 @@ public class ReferenceManifestPageController extends PageController { - log.info("Storing swidtag {}", rim.getFileName()); + log.info(String.format("Storing swidtag %s", rim.getFileName())); this.referenceManifestRepository.save(rim); }); - supportRims.forEach((rim) -> { - log.info("Storing event log {}", rim.getFileName()); + log.info(String.format("Storing event log %s", rim.getFileName())); this.referenceManifestRepository.save(rim); }); @@ -229,7 +226,7 @@ public class ReferenceManifestPageController extends PageController model = new HashMap<>(); PageMessages messages = new PageMessages(); @@ -274,7 +271,7 @@ public class ReferenceManifestPageController extends PageController dbSupportRims) { - List tpmEvents; + List referenceValues; TCGEventLog logProcessor = null; ReferenceManifest baseRim; ReferenceDigestValue newRdv; @@ -511,9 +507,9 @@ public class ReferenceManifestPageController extends PageController