ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 12:46:30 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #886 from nsacyber/v3_issue-879
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
Details
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
Details
HIRS System Tests / DockerTests (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Details

Browse Source 
[#879] Additional renaming and checkstyle  changes
This commit is contained in:
iadgovuser26 2024-12-13 12:15:23 -05:00 committed by GitHub
commit ad0966941d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 73 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
View File

@ -15,6 +15,7 @@ import org.apache.commons.codec.binary.Hex;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@ -62,8 +63,7 @@ public class PcrValidator {
* @param pcrValues RIM provided baseline PCRs
*/
public PcrValidator(final String[] pcrValues) {
baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1);
baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1);
}
/**
@ -149,7 +149,7 @@ public class PcrValidator {
}
if (!baselinePcrs[i].equals(storedPcrs[i])) {
log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]);
log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i]));
sb.append(String.format(failureMsg, i));
}
}
@ -163,36 +163,36 @@ public class PcrValidator {
* will ignore certin PCRs, Event Types and Event Variables present.
*
* @param tcgMeasurementLog Measurement log from the client
* @param eventValueMap The events stored as baseline to compare
* @param eventLogRecords The events stored as baseline to compare
* @param policySettings db entity that holds all of policy
* @return the events that didn't pass
*/
public List<TpmPcrEvent> validateTpmEvents(final TCGEventLog tcgMeasurementLog,
final Map<String, ReferenceDigestValue> eventValueMap,
final Map<String, ReferenceDigestValue> eventLogRecords,
final PolicySettings policySettings) {
List<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) {
log.info("IMA Ignored -> {}", tpe);
log.info(String.format("IMA Ignored -> %s", tpe));
} else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START
&& tpe.getPcrIndex() <= TBOOT_PCR_END)) {
log.info("TBOOT Ignored -> {}", tpe);
log.info(String.format("TBOOT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START
&& tpe.getPcrIndex() <= PXE_PCR_END)) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else {
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
log.info("GPT Ignored -> {}", tpe);
log.info(String.format("GPT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
&& tpe.getEventContentStr().contains("SecureBoot"))) {
log.info("OS Evt Config Ignored -> {}", tpe);
log.info(String.format("OS Evt Config Ignored -> %s", tpe));
} else {
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) {
tpmPcrEvents.add(tpe);
}
}
@ -251,13 +251,12 @@ public class PcrValidator {
// other information.
String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest());
log.debug(
"Validating PCR information with the following:{}calculatedString = {}{}"
+ "quoteString = {}", System.lineSeparator(), calculatedString,
System.lineSeparator(), quoteString);
log.debug("Validating PCR information with the following:"
+ System.lineSeparator() + "calculatedString = " + calculatedString
+ System.lineSeparator() + "quoteString = " + quoteString);
validated = quoteString.contains(calculatedString);
if (!validated) {
log.warn("{} not found in {}", calculatedString, quoteString);
log.warn(calculatedString + " not found in " + quoteString);
}
} catch (NoSuchAlgorithmException naEx) {
log.error(naEx);

46
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -97,14 +97,12 @@ public class ReferenceManifestDetailsPageController
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository,
public static HashMap<String, Object> getRimDetailInfo(
final UUID uuid,
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository
caCertificateRepository)
final CACredentialRepository caCertificateRepository)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -142,13 +140,15 @@ public class ReferenceManifestDetailsPageController
* @param caCertificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestRepository referenceManifestRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository caCertificateRepository)
throws IOException {
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
// Software Identity
@ -258,8 +258,8 @@ public class ReferenceManifestDetailsPageController
caCertificateRepository));
RIM_VALIDATOR.setTrustStore(truststore);
} catch (IOException e) {
log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(),
e.getMessage());
log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": "
+ e.getMessage());
}
if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
@ -270,7 +270,7 @@ public class ReferenceManifestDetailsPageController
break;
}
} catch (SupplyChainValidatorException scvEx) {
log.error("Error verifying cert chain: {}", scvEx.getMessage());
log.error("Error verifying cert chain: " + scvEx.getMessage());
}
}
}
@ -286,7 +286,7 @@ public class ReferenceManifestDetailsPageController
}
}
} catch (NullPointerException npEx) {
log.warn("Unable to link signing certificate: {}", npEx.getMessage());
log.warn("Unable to link signing certificate: " + npEx.getMessage());
}
return data;
}
@ -485,7 +485,7 @@ public class ReferenceManifestDetailsPageController
final ReferenceDigestValueRepository referenceDigestValueRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
LinkedList<TpmPcrEvent> evidence = new LinkedList<>();
BaseReferenceManifest base = null;
List<SupportReferenceManifest> supports = new ArrayList<>();
SupportReferenceManifest baseSupport = null;
@ -498,7 +498,7 @@ public class ReferenceManifestDetailsPageController
data.put("validationResult", measurements.getOverallValidationResult());
data.put("swidBase", true);
List<ReferenceDigestValue> eventValues = new LinkedList<>();
List<ReferenceDigestValue> assertions = new LinkedList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
@ -518,19 +518,19 @@ public class ReferenceManifestDetailsPageController
data.put("associatedRim", base.getId());
}
eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
}
}
TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
for (ReferenceDigestValue rdv : eventValues) {
eventValueMap.put(rdv.getDigestValue(), rdv);
for (ReferenceDigestValue record : assertions) {
eventValueMap.put(record.getDigestValue(), record);
}
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
livelogEvents.add(measurementEvent);
evidence.add(measurementEvent);
}
}
@ -544,7 +544,7 @@ public class ReferenceManifestDetailsPageController
String bootVariable;
String variablePrefix = "Variable Name:";
String variableSuffix = "UEFI_GUID";
for (TpmPcrEvent tpe : livelogEvents) {
for (TpmPcrEvent tpe : evidence) {
matchedEvents = new ArrayList<>();
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
@ -567,7 +567,7 @@ public class ReferenceManifestDetailsPageController
}
TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes());
data.put("livelogEvents", livelogEvents);
data.put("livelogEvents", evidence);
data.put("events", logProcessor.getEventList());
getEventSummary(data, logProcessor.getEventList());
@ -608,6 +608,12 @@ public class ReferenceManifestDetailsPageController
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
log.error(uuidError, iaEx);
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException nsEx) {
log.error(nsEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(ex);
}

58
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -76,10 +76,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
* @param referenceDigestValueRepository this is the reference event manager
*/
@Autowired
public ReferenceManifestPageController(final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository) {
public ReferenceManifestPageController(
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository) {
super(Page.REFERENCE_MANIFESTS);
this.referenceManifestRepository = referenceManifestRepository;
this.referenceDigestValueRepository = referenceDigestValueRepository;
@ -113,11 +112,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
method = RequestMethod.GET)
public DataTableResponse<ReferenceManifest> getTableData(
@Valid final DataTableInput input) {
log.debug("Handling request for summary list: {}", input);
log.debug("Handling request for summary list: " + input);
String orderColumnName = input.getOrderColumnName();
log.info("Ordering on column: {}", orderColumnName);
log.info("Querying with the following dataTableInput: {}", input);
log.info("Ordering on column: " + orderColumnName);
log.info("Querying with the following dataTableInput: " + input);
FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
int currentPage = input.getStart() / input.getLength();
@ -138,7 +137,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
records.setRecordsFiltered(referenceManifestRepository.findByArchiveFlag(false).size());
log.debug("Returning list of size: {}", records.size());
log.debug("Returning list of size: " + records.size());
return new DataTableResponse<>(records, input);
}
@ -163,7 +162,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
Matcher matcher;
List<BaseReferenceManifest> baseRims = new ArrayList<>();
List<SupportReferenceManifest> supportRims = new ArrayList<>();
log.info("Processing {} uploaded files", files.length);
log.info(String.format("Processing %s uploaded files", files.length));
// loop through the files
for (MultipartFile file : files) {
@ -183,18 +182,16 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
+ " Base RIMs support the extension \".swidtag\", and support RIMs support "
+ "\".rimpcr\", \".rimel\", \".bin\", and \".log\". "
+ "Please verify your upload and retry.";
log.error("File extension in {} not recognized as base or support RIM.", fileName);
log.error("File extension in " + fileName + " not recognized as base or support RIM.");
messages.addError(errorString);
}
}
baseRims.forEach((rim) -> {
log.info("Storing swidtag {}", rim.getFileName());
log.info(String.format("Storing swidtag %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
supportRims.forEach((rim) -> {
log.info("Storing event log {}", rim.getFileName());
log.info(String.format("Storing event log %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
@ -229,7 +226,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
@RequestMapping(value = "/delete", method = RequestMethod.POST)
public RedirectView delete(@RequestParam final String id,
final RedirectAttributes attr) throws URISyntaxException {
log.info("Handling request to delete {}", id);
log.info("Handling request to delete " + id);
Map<String, Object> model = new HashMap<>();
PageMessages messages = new PageMessages();
@ -274,7 +271,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
public void download(@RequestParam final String id,
final HttpServletResponse response)
throws IOException {
log.info("Handling RIM request to download {}", id);
log.info("Handling RIM request to download " + id);
try {
ReferenceManifest referenceManifest = getRimFromDb(id);
@ -285,11 +282,10 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
// send a 404 error when invalid Reference Manifest
response.sendError(HttpServletResponse.SC_NOT_FOUND);
} else {
StringBuilder fileName = new StringBuilder("filename=\"");
fileName.append(referenceManifest.getFileName());
// Set filename for download.
response.setHeader("Content-Disposition",
"attachment;" + "filename=\"" + referenceManifest.getFileName()
// Set filename for download.
);
response.setHeader("Content-Disposition", "attachment;" + fileName);
response.setContentType("application/octet-stream");
// write cert to output stream
@ -363,7 +359,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
*
* @param id of the RIM
* @return the associated RIM from the DB
* @throws IllegalArgumentException if issues arise from attempting to retrieve the rim from the database
* @throws IllegalArgumentException
*/
private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException {
UUID uuid = UUID.fromString(id);
@ -502,7 +498,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
}
private void processTpmEvents(final List<SupportReferenceManifest> dbSupportRims) {
List<ReferenceDigestValue> tpmEvents;
List<ReferenceDigestValue> referenceValues;
TCGEventLog logProcessor = null;
ReferenceManifest baseRim;
ReferenceDigestValue newRdv;
@ -511,9 +507,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
// So first we'll have to pull values based on support rim
// get by support rim id NEXT
if (dbSupport.getPlatformManufacturer() != null) {
tpmEvents = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
referenceValues = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
baseRim = findBaseRim(dbSupport);
if (tpmEvents.isEmpty()) {
if (referenceValues.isEmpty()) {
try {
logProcessor = new TCGEventLog(dbSupport.getRimBytes());
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
@ -526,14 +522,18 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
this.referenceDigestValueRepository.save(newRdv);
}
} catch (CertificateException | NoSuchAlgorithmException | IOException e) {
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
} else {
for (ReferenceDigestValue rdv : tpmEvents) {
if (!rdv.isUpdated()) {
rdv.updateInfo(dbSupport, baseRim.getId());
this.referenceDigestValueRepository.save(rdv);
for (ReferenceDigestValue referenceValue : referenceValues) {
if (!referenceValue.isUpdated()) {
referenceValue.updateInfo(dbSupport, baseRim.getId());
this.referenceDigestValueRepository.save(referenceValue);
}
}
}