From b06025a71fa0dd0c4e00d6e1122985ac5c5a9992 Mon Sep 17 00:00:00 2001
From: Cyrus <24922493+cyrus-dev@users.noreply.github.com>
Date: Thu, 17 Jun 2021 12:52:28 -0400
Subject: [PATCH] Updated the Event Log Measurements class to use a hash for
 lookup

---
 ...stractAttestationCertificateAuthority.java | 37 ++++++++++++-------
 .../SupplyChainValidationServiceImpl.java     | 11 +++---
 ...eferenceManifestDetailsPageController.java |  6 +--
 .../data/persist/EventLogMeasurements.java    | 29 +++++++++++++++
 .../hirs/data/persist/ReferenceManifest.java  | 20 ++++++++++
 5 files changed, 81 insertions(+), 22 deletions(-)

diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
index 19bc8f22..99a76900 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@@ -14,6 +14,7 @@ import hirs.data.persist.DeviceInfoReport;
 import hirs.data.persist.EventLogMeasurements;
 import hirs.data.persist.ReferenceDigestRecord;
 import hirs.data.persist.ReferenceDigestValue;
+import hirs.data.persist.ReferenceManifest;
 import hirs.data.persist.SupplyChainPolicy;
 import hirs.data.persist.SupplyChainValidationSummary;
 import hirs.data.persist.SupportReferenceManifest;
@@ -97,6 +98,7 @@ import java.util.Base64;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 import java.util.regex.Matcher;
@@ -782,6 +784,7 @@ public abstract class AbstractAttestationCertificateAuthority
         Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
         Matcher matcher;
         MessageDigest messageDigest =  MessageDigest.getInstance("SHA-256");
+        List<ReferenceManifest> listOfSavedRims = new LinkedList<>();
 
         if (dv.getLogfileCount() > 0) {
             for (ByteString logFile : dv.getLogfileList()) {
@@ -894,9 +897,11 @@ public abstract class AbstractAttestationCertificateAuthority
                     dbSupport.setUpdated(true);
                     dbSupport.setAssociatedRim(dbBaseRim.getId());
                     this.referenceManifestManager.update(dbSupport);
+                    listOfSavedRims.add(dbSupport);
                 }
             }
             this.referenceManifestManager.update(dbBaseRim);
+            listOfSavedRims.add(dbBaseRim);
         }
 
         generateDigestRecords(hw.getManufacturer(), hw.getProductName(),
@@ -907,20 +912,26 @@ public abstract class AbstractAttestationCertificateAuthority
             fileName = String.format("%s.measurement",
                     dv.getNw().getHostname());
             try {
-                // find previous version.  If it exists, delete it
-                measurements = EventLogMeasurements.select(referenceManifestManager)
-                        .byDeviceName(dv.getNw().getHostname()).getRIM();
-                if (measurements != null) {
-                    LOG.info("Previous bios measurement log found and being archived...");
-                    this.referenceManifestManager.update(measurements);
-                }
-                measurements = new EventLogMeasurements(fileName,
+                EventLogMeasurements temp = new EventLogMeasurements(fileName,
                         dv.getLivelog().toByteArray());
-                measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
-                measurements.setPlatformModel(dv.getHw().getProductName());
-                measurements.setTagId(tagId);
-                measurements.setDeviceName(dv.getNw().getHostname());
-                this.referenceManifestManager.save(measurements);
+                // find previous version.
+                measurements = EventLogMeasurements.select(referenceManifestManager)
+                        .byHexDecHash(temp.getHexDecHash()).includeArchived().getRIM();
+                if (measurements == null) {
+                    measurements = temp;
+                    measurements.setPlatformManufacturer(dv.getHw().getManufacturer());
+                    measurements.setPlatformModel(dv.getHw().getProductName());
+                    measurements.setTagId(tagId);
+                    measurements.setDeviceName(dv.getNw().getHostname());
+                    this.referenceManifestManager.save(measurements);
+                }
+                // now save the hash to the base and support rims associated
+                for (ReferenceManifest rim : listOfSavedRims) {
+                    if (rim != null) {
+                        rim.setEventLogHash(temp.getHexDecHash());
+                        this.referenceManifestManager.update(rim);
+                    }
+                }
             } catch (IOException ioEx) {
                 LOG.error(ioEx);
             }
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
index ae0f0527..e2ac1782 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
@@ -379,25 +379,26 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
         baseReferenceManifests = BaseReferenceManifest.select(referenceManifestManager)
                 .byDeviceName(device.getDeviceInfo().getNetworkInfo().getHostname()).getRIMs();
 
-        measurement = EventLogMeasurements.select(referenceManifestManager)
-                .byManufacturer(manufacturer).getRIM();
-
         for (BaseReferenceManifest bRim : baseReferenceManifests) {
             if (!bRim.isSwidSupplemental() && !bRim.isSwidPatch()) {
                 baseReferenceManifest = bRim;
             }
         }
 
-        validationObject = measurement;
         String failedString = "";
         if (baseReferenceManifest == null) {
             failedString = "Base Reference Integrity Manifest\n";
             passed = false;
+        } else {
+            measurement = EventLogMeasurements.select(referenceManifestManager)
+                    .byHexDecHash(baseReferenceManifest.getEventLogHash()).getRIM();
         }
+
         if (measurement == null) {
             failedString += "Bios measurement";
             passed = false;
         }
+        validationObject = measurement;
 
         if (passed) {
             List<SwidResource> resources =
@@ -592,7 +593,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                 }
                 eventLog = EventLogMeasurements
                         .select(this.referenceManifestManager)
-                        .byDeviceName(deviceName).getRIM();
+                        .byHexDecHash(sRim.getEventLogHash()).getRIM();
 
                 if (sRim == null) {
                     fwStatus = new AppraisalStatus(FAIL,
diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
index 0e4c9b2e..3f34170f 100644
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
@@ -358,10 +358,8 @@ public class ReferenceManifestDetailsPageController
         // testing this independent of the above if statement because the above
         // starts off checking if associated rim is null; that is irrelevant for
         // this statement.
-        if (support.getPlatformManufacturer() != null) {
-            measurements = EventLogMeasurements.select(referenceManifestManager)
-                    .byManufacturer(support.getPlatformManufacturer()).getRIM();
-        }
+        measurements = EventLogMeasurements.select(referenceManifestManager)
+                .byHexDecHash(support.getEventLogHash()).getRIM();
 
         if (support.isSwidPatch()) {
             data.put("swidPatch", "True");
diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java
index 07a52dac..9a3920b8 100644
--- a/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/EventLogMeasurements.java
@@ -71,6 +71,16 @@ public class EventLogMeasurements extends ReferenceManifest {
             setFieldValue("deviceName", deviceName);
             return this;
         }
+
+        /**
+         * Specify the RIM hash associated with the Event Log.
+         * @param hexDecHash the hash of the file associated with the rim
+         * @return this instance
+         */
+        public Selector byHexDecHash(final String hexDecHash) {
+            setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
+            return this;
+        }
     }
 
     /**
@@ -94,6 +104,7 @@ public class EventLogMeasurements extends ReferenceManifest {
                             ) throws IOException {
         super(rimBytes);
         this.setFileName(fileName);
+        this.archive("Event Log Measurement");
         this.setRimType(MEASUREMENT_RIM);
         this.pcrHash = 0;
     }
@@ -190,4 +201,22 @@ public class EventLogMeasurements extends ReferenceManifest {
     public void setOverallValidationResult(final AppraisalStatus.Status overallValidationResult) {
         this.overallValidationResult = overallValidationResult;
     }
+
+    @Override
+    public boolean equals(final Object object) {
+        if (this == object) {
+            return true;
+        }
+        if (object == null || getClass() != object.getClass()) {
+            return false;
+        }
+        EventLogMeasurements that = (EventLogMeasurements) object;
+
+        return this.getHexDecHash().equals(that.getHexDecHash());
+    }
+
+    @Override
+    public int hashCode() {
+        return super.hashCode();
+    }
 }
diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
index abbad229..aa490e45 100644
--- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
@@ -100,6 +100,9 @@ public abstract class ReferenceManifest extends ArchivableEntity {
     @Column
     @JsonIgnore
     private String hexDecHash = "";
+    @Column
+    @JsonIgnore
+    private String eventLogHash = "";
 
     /**
      * Default constructor necessary for Hibernate.
@@ -358,6 +361,23 @@ public abstract class ReferenceManifest extends ArchivableEntity {
         return hexDecHash;
     }
 
+    /**
+     * Getter for the event log hash.
+     * @param eventLogHash hash value to store
+     */
+    public void setEventLogHash(final String eventLogHash) {
+        this.eventLogHash = eventLogHash;
+    }
+
+    /**
+     * Getter for the event log hash.
+     *
+     * @return int representation of the hash value
+     */
+    public String getEventLogHash() {
+        return eventLogHash;
+    }
+
     /**
      * Getter for the Reference Integrity Manifest as a byte array.
      *