ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-04-15 15:06:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

issue_896: deleted abstract plat form config class, replaced it with plat config v1 (which already exists), moved attribuutes associated with v2 to the v2 class, when validating the aca will now verify if the platform config associated with the cert is v1 or v2. Made corrections to attributes names to better align with tcg docs.
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
Details
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
Details
HIRS System Tests / DockerTests (push) Has been cancelled
Details
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Details

Browse Source
This commit is contained in:
TheSilentCoder 2025-02-04 15:12:05 -05:00
parent 2f96fb0606
commit bbe22287ef
20 changed files with 372 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java
View File

@ -98,7 +98,7 @@ public class ComponentResult extends ArchivableEntity {
*
* @param boardSerialNumber associated platform certificate serial number.
* @param certificateSerialNumber unique number associated with header info.
* @param certificateType parameter holds version 1.2 or 2.0.
* @param certificateType type of certificate. parameter holds version 1.2 or 2.0.
* @param componentIdentifier object with information from the platform certificate components.
*/
public ComponentResult(final String boardSerialNumber, final String certificateSerialNumber,
@ -116,7 +116,7 @@ public class ComponentResult extends ArchivableEntity {
}
StringBuilder sb = new StringBuilder();
for (ComponentAddress element : componentIdentifier.getComponentAddress()) {
for (ComponentAddress element : componentIdentifier.getComponentAddresses()) {
sb.append(String.format("%s:%s;", element.getAddressTypeValue(),
element.getAddressValue().toString()));
}
@ -124,10 +124,10 @@ public class ComponentResult extends ArchivableEntity {
}
/**
* @param boardSerialNumber
* @param certificateSerialNumber
* @param certificateType
* @param componentIdentifierV2
* @param boardSerialNumber associated platform certificate serial number
* @param certificateSerialNumber unique number associated with header info
* @param certificateType type of certificate. Parameter holds version 1.2 or 2.0.
* @param componentIdentifierV2 version 2 component identifier
*/
public ComponentResult(final String boardSerialNumber, final String certificateSerialNumber,
final String certificateType,
@ -145,7 +145,7 @@ public class ComponentResult extends ArchivableEntity {
}
StringBuilder sb = new StringBuilder();
for (ComponentAddress element : componentIdentifierV2.getComponentAddress()) {
for (ComponentAddress element : componentIdentifierV2.getComponentAddresses()) {
sb.append(String.format("%s:%s;", element.getAddressTypeValue(),
element.getAddressValue().toString()));
}
@ -156,10 +156,10 @@ public class ComponentResult extends ArchivableEntity {
this.componentClassType = componentIdentifierV2.getComponentClass().getRegistryType();
this.attributeStatus = componentIdentifierV2.getAttributeStatus();
this.version2 = true;
if (componentIdentifierV2.getCertificateIdentifier() != null) {
this.issuerDN = componentIdentifierV2.getCertificateIdentifier().getIssuerDN().toString();
if (componentIdentifierV2.getComponentPlatformUri() != null) {
this.uniformResourceIdentifier = componentIdentifierV2.getComponentPlatformUri()
if (componentIdentifierV2.getComponentPlatformCert() != null) {
this.issuerDN = componentIdentifierV2.getComponentPlatformCert().getIssuerDN().toString();
if (componentIdentifierV2.getComponentPlatformCertUri() != null) {
this.uniformResourceIdentifier = componentIdentifierV2.getComponentPlatformCertUri()
.getUniformResourceIdentifier().toString();
}
}

34
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
View File

@ -2,7 +2,6 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
import com.google.common.base.Preconditions;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
@ -261,8 +260,8 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
/**
* Verify if the AlgorithmIdentifiers are equal.
*
* @param id1 AlgorithIdentifier one
* @param id2 AlgorithIdentifier two
* @param id1 Algorithm Identifier one
* @param id2 Algorithm Identifier two
* @return True if are the same, False if not
*/
public static boolean isAlgIdEqual(final AlgorithmIdentifier id1,
@ -356,7 +355,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* @throws IOException
* Parses the Platform Certificate fields.
*/
private void parseFields() throws IOException {
AttributeCertificateInfo certificate = getAttributeCertificate().getAcinfo();
@ -412,7 +411,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Parse a 1.2 Platform Certificate (Attribute Certificate).
* Parses a 1.2 Platform Certificate (Attribute Certificate).
*
* @param certificate Attribute Certificate
*/
@ -465,7 +464,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Parse a 2.0 Platform Certificate (Attribute Certificate).
* Parses a 2.0 Platform Certificate (Attribute Certificate).
*
* @param certificate Attribute Certificate
*/
@ -514,7 +513,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Get the x509 Platform Certificate version.
* Retrieves the x509 Platform Certificate version.
*
* @return a big integer representing the certificate version.
*/
@ -533,7 +532,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Get the cPSuri from the Certificate Policies.
* Retrieves the cPSuri from the Certificate Policies.
*
* @return cPSuri from the CertificatePolicies.
* @throws IOException when reading the certificate.
@ -549,7 +548,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Get the Platform Configuration Attribute from the Platform Certificate.
* Retrieves the Platform Configuration Attribute from the Platform Certificate.
*
* @return a map with all the attributes
* @throws IllegalArgumentException when there is a parsing error
@ -618,12 +617,12 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
* @throws IllegalArgumentException when there is a parsing error
* @throws IOException when reading the certificate.
*/
public PlatformConfiguration getPlatformConfiguration()
public PlatformConfigurationV1 getPlatformConfigurationV1()
throws IllegalArgumentException, IOException {
if (getAttribute("platformConfiguration") != null
&& getAttribute("platformConfiguration") instanceof PlatformConfiguration) {
return (PlatformConfiguration) getAttribute("platformConfiguration");
&& getAttribute("platformConfiguration") instanceof PlatformConfigurationV1) {
return (PlatformConfigurationV1) getAttribute("platformConfiguration");
}
return null;
@ -710,15 +709,15 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Get the list of component identifiers if there are any.
* Retrieves the list of component identifiers if there are any.
*
* @return the list of component identifiers if there are any
*/
public List<ComponentIdentifier> getComponentIdentifiers() {
try {
PlatformConfiguration platformConfig = getPlatformConfiguration();
PlatformConfigurationV1 platformConfig = getPlatformConfigurationV1();
if (platformConfig != null) {
return platformConfig.getComponentIdentifier();
return platformConfig.getComponentIdentifiers();
}
} catch (IOException e) {
log.error("Unable to parse Platform Configuration from Platform Credential or find"
@ -728,15 +727,16 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
}
/**
* Get the list of version 2 component identifiers if there are any.
* Retrieves the list of version 2 component identifiers if there are any.
*
* @return the list of version 2 component identifiers if there are any
*/
public List<ComponentIdentifierV2> getComponentIdentifiersV2() {
try {
PlatformConfigurationV2 platformConfigV2 = getPlatformConfigurationV2();
if (platformConfigV2 != null) {
return platformConfigV2.getComponentIdentifierV2();
return platformConfigV2.getComponentIdentifiers();
}
} catch (IOException e) {
log.error("Unable to parse Platform Configuration Version 2 from Platform Credential or find"

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAddress.java
View File

@ -8,9 +8,9 @@ import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1UTF8String;
/**
* Basic class that handle component addresses from the component identifier.
* Basic class that represents the component addresses from the component identifier object.
* <pre>
* componentAddress ::= SEQUENCE {
* componentAddresses ::= SEQUENCE {
* addressType AddressType,
* addressValue UTF8String (SIZE (1..STRMAX)) }
* where STRMAX is 256

22
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentIdentifier.java
View File

@ -16,8 +16,8 @@ import java.util.List;
import java.util.stream.Collectors;
/**
* Basic class that handle component identifiers from the Platform Configuration
* Attribute.
* Basic class that represents version 1 of the component identifiers from the Version 1
* Platform Configuration Attribute.
* <pre>
* ComponentIdentifier ::= SEQUENCE {
* componentManufacturer UTF8String (SIZE (1..STRMAX)),
@ -26,7 +26,7 @@ import java.util.stream.Collectors;
* componentRevision [1] IMPLICIT UTF8String (SIZE (1..STRMAX)) OPTIONAL,
* componentManufacturerId [2] IMPLICIT PrivateEnterpriseNumber OPTIONAL,
* fieldReplaceable [3] IMPLICIT BOOLEAN OPTIONAL,
* componentAddress [4] IMPLICIT
* componentAddresses [4] IMPLICIT
* SEQUENCE(SIZE(1..CONFIGMAX)) OF ComponentAddress OPTIONAL}
* where STRMAX is 256, CONFIGMAX is 32
* </pre>
@ -80,7 +80,7 @@ public class ComponentIdentifier {
private ASN1Boolean fieldReplaceable;
private List<ComponentAddress> componentAddress;
private List<ComponentAddress> componentAddresses;
private boolean validationResult = true;
@ -94,7 +94,7 @@ public class ComponentIdentifier {
componentRevision = new DERUTF8String(NOT_SPECIFIED_COMPONENT);
componentManufacturerId = null;
fieldReplaceable = null;
componentAddress = new ArrayList<>();
componentAddresses = new ArrayList<>();
}
/**
@ -121,7 +121,7 @@ public class ComponentIdentifier {
this.componentRevision = componentRevision;
this.componentManufacturerId = componentManufacturerId;
this.fieldReplaceable = fieldReplaceable;
this.componentAddress = componentAddress.stream().toList();
this.componentAddresses = componentAddress.stream().toList();
}
/**
@ -160,7 +160,7 @@ public class ComponentIdentifier {
break;
case COMPONENT_ADDRESS:
ASN1Sequence addressesSequence = ASN1Sequence.getInstance(taggedObj, false);
componentAddress = retrieveComponentAddress(addressesSequence);
componentAddresses = retrieveComponentAddress(addressesSequence);
break;
default:
throw new IllegalArgumentException("Component identifier contains "
@ -229,14 +229,14 @@ public class ComponentIdentifier {
if (fieldReplaceable != null) {
sb.append(fieldReplaceable);
}
sb.append(", componentAddress=");
if (!componentAddress.isEmpty()) {
sb.append(componentAddress
sb.append(", componentAddresses=");
if (!componentAddresses.isEmpty()) {
sb.append(componentAddresses
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", certificateIdentifier=");
sb.append(", componentPlatformCert=");
sb.append("}");
return sb.toString();

112
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java
View File

@ -1,112 +0,0 @@
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/**
* Abstract class that provides base info for Platform Configuration of
* the Platform Certificate Attribute.
*/
@AllArgsConstructor
public abstract class PlatformConfiguration {
private List<ComponentIdentifier> componentIdentifier;
@Getter
@Setter
private URIReference componentIdentifierUri;
private List<PlatformProperty> platformProperties;
@Getter
@Setter
private URIReference platformPropertiesUri;
/**
* Default constructor.
*/
public PlatformConfiguration() {
this.componentIdentifier = new ArrayList<>();
this.componentIdentifierUri = null;
this.platformProperties = new ArrayList<>();
this.platformPropertiesUri = null;
}
/**
* Constructor given the Platform Configuration values.
*
* @param componentIdentifier list containing all the components inside the
* Platform Configuration.
* @param platformProperties list containing all the properties inside the
* Platform Configuration.
* @param platformPropertiesUri object containing the URI Reference
*/
public PlatformConfiguration(final List<ComponentIdentifier> componentIdentifier,
final List<PlatformProperty> platformProperties,
final URIReference platformPropertiesUri) {
this.componentIdentifier = new ArrayList<>(componentIdentifier);
this.platformProperties = new ArrayList<>(platformProperties);
this.platformPropertiesUri = platformPropertiesUri;
}
/**
* @return the componentIdentifier
*/
public List<ComponentIdentifier> getComponentIdentifier() {
return Collections.unmodifiableList(componentIdentifier);
}
/**
* @param componentIdentifier the componentIdentifier to set
*/
public void setComponentIdentifier(final List<ComponentIdentifier> componentIdentifier) {
this.componentIdentifier = new ArrayList<>(componentIdentifier);
}
/**
* Add function for the component identifier array.
*
* @param componentIdentifier object to add
* @return status of the add, if successful or not
*/
protected boolean add(final ComponentIdentifier componentIdentifier) {
if (this.componentIdentifier != null) {
return this.componentIdentifier.add(componentIdentifier);
}
return false;
}
/**
* @return the platformProperties
*/
public List<PlatformProperty> getPlatformProperties() {
return Collections.unmodifiableList(platformProperties);
}
/**
* @param platformProperties the platformProperties to set
*/
public void setPlatformProperties(final List<PlatformProperty> platformProperties) {
this.platformProperties = new ArrayList<>(platformProperties);
}
/**
* Add function for the platform property array.
*
* @param platformProperty property object to add
* @return status of the add, if successful or not
*/
protected boolean add(final PlatformProperty platformProperty) {
if (this.platformProperties != null) {
return this.platformProperties.add(platformProperty);
}
return false;
}
}

99
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/PlatformConfigurationV1.java
View File

@ -1,28 +1,53 @@
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
/**
* Basic class that handle Platform Configuration for the Platform Certificate
* Basic class that represents the Version 1 Platform Configuration used for the Platform Certificate
* Attribute.
* <pre>
* PlatformConfiguration ::= SEQUENCE {
* componentIdentifier [0] IMPLICIT SEQUENCE(SIZE(1..CONFIGMAX)) OF
* componentIdentifiers [0] IMPLICIT SEQUENCE(SIZE(1..CONFIGMAX)) OF
* ComponentIdentifier OPTIONAL,
* platformProperties [1] IMPLICIT SEQUENCE(SIZE(1..CONFIGMAX)) OF Properties OPTIONAL,
* platformPropertiesUri [2] IMPLICIT URIReference OPTIONAL }
* </pre>
*/
public class PlatformConfigurationV1 extends PlatformConfiguration {
@AllArgsConstructor
public class PlatformConfigurationV1 {
private static final int COMPONENT_IDENTIFIER = 0;
private static final int PLATFORM_PROPERTIES = 1;
private static final int PLATFORM_PROPERTIES_URI = 2;
private List<ComponentIdentifier> componentIdentifiers;
private List<PlatformProperty> platformProperties;
@Getter
@Setter
private URIReference platformPropertiesUri;
/**
* Default constructor.
*/
public PlatformConfigurationV1() {
componentIdentifiers = new ArrayList<>();
platformProperties = new ArrayList<>();
platformPropertiesUri = null;
}
/**
* Constructor given the SEQUENCE that contains Platform Configuration.
*
@ -32,7 +57,7 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
public PlatformConfigurationV1(final ASN1Sequence sequence) throws IllegalArgumentException {
//Default values
setComponentIdentifier(new ArrayList<>());
setComponentIdentifiers(new ArrayList<>());
setPlatformProperties(new ArrayList<>());
setPlatformPropertiesUri(null);
@ -42,7 +67,7 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
//Set information based on the set tagged
switch (taggedSequence.getTagNo()) {
case COMPONENT_IDENTIFIER:
//Get componentIdentifier
//Get componentIdentifiers
ASN1Sequence componentConfiguration
= ASN1Sequence.getInstance(taggedSequence, false);
@ -77,6 +102,62 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
}
}
/**
* @return list of version 1 component identifiers
*/
public List<ComponentIdentifier> getComponentIdentifiers() {
return Collections.unmodifiableList(componentIdentifiers);
}
/**
* @param componentIdentifiers list of version 1 component identifiers
*/
public void setComponentIdentifiers(final List<ComponentIdentifier> componentIdentifiers) {
this.componentIdentifiers = new ArrayList<>(componentIdentifiers);
}
/**
* Add function for the version 1 component identifier array.
*
* @param componentIdentifier object to add
* @return status of the add, if successful or not
*/
protected boolean add(final ComponentIdentifier componentIdentifier) {
if (this.componentIdentifiers != null) {
return this.componentIdentifiers.add(componentIdentifier);
}
return false;
}
/**
* @return the platformProperties
*/
public List<PlatformProperty> getPlatformProperties() {
return Collections.unmodifiableList(platformProperties);
}
/**
* @param platformProperties the platformProperties to set
*/
public void setPlatformProperties(final List<PlatformProperty> platformProperties) {
this.platformProperties = new ArrayList<>(platformProperties);
}
/**
* Add function for the platform property array.
*
* @param platformProperty property object to add
* @return status of the add, if successful or not
*/
protected boolean add(final PlatformProperty platformProperty) {
if (this.platformProperties != null) {
return this.platformProperties.add(platformProperty);
}
return false;
}
/**
* Creates a string representation of the Platform Configuration V1 object.
*
@ -86,15 +167,15 @@ public class PlatformConfigurationV1 extends PlatformConfiguration {
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PlatformConfiguration{");
sb.append("componentIdentifier=");
if (getComponentIdentifier().size() > 0) {
sb.append(getComponentIdentifier()
sb.append("componentIdentifiers=");
if (!getComponentIdentifiers().isEmpty()) {
sb.append(getComponentIdentifiers()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", platformProperties=");
if (getPlatformProperties().size() > 0) {
if (!getPlatformProperties().isEmpty()) {
sb.append(getPlatformProperties()
.stream()
.map(Object::toString)

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/AttributeStatus.java
View File

@ -16,6 +16,7 @@ import org.apache.commons.lang3.StringUtils;
* removed (2) }
* </pre>
*/
@Getter
@AllArgsConstructor
public enum AttributeStatus {
/**
@ -35,6 +36,5 @@ public enum AttributeStatus {
*/
EMPTY_STATUS(StringUtils.EMPTY);
@Getter
private final String value;
}

98
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java
View File

@ -20,8 +20,8 @@ import java.util.List;
import java.util.stream.Collectors;
/**
* Basic class that handle component identifiers from the Platform Configuration
* Attribute.
* Basic class that represents version 2 of the component identifiers from the Version 2
* Platform Configuration Attribute.
* <pre>
* ComponentIdentifier ::= SEQUENCE {
* componentManufacturer UTF8String (SIZE (1..STRMAX)),
@ -30,7 +30,7 @@ import java.util.stream.Collectors;
* componentRevision [1] IMPLICIT UTF8String (SIZE (1..STRMAX)) OPTIONAL,
* componentManufacturerId [2] IMPLICIT PrivateEnterpriseNumber OPTIONAL,
* fieldReplaceable [3] IMPLICIT BOOLEAN OPTIONAL,
* componentAddress [4] IMPLICIT
* componentAddresses [4] IMPLICIT
* SEQUENCE(SIZE(1..CONFIGMAX)) OF ComponentAddress OPTIONAL
* componentPlatformCert [5] IMPLICIT CertificateIdentifier OPTIONAL,
* componentPlatformCertUri [6] IMPLICIT URIReference OPTIONAL,
@ -48,15 +48,15 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
// Additional optional identifiers for version 2
private static final int COMPONENT_PLATFORM_CERT = 5;
private static final int COMPONENT_PLATFORM_URI = 6;
private static final int COMPONENT_PLATFORM_CERT_URI = 6;
private static final int ATTRIBUTE_STATUS = 7;
private ComponentClass componentClass;
private CertificateIdentifier certificateIdentifier;
private CertificateIdentifier componentPlatformCert;
private URIReference componentPlatformUri;
private URIReference componentPlatformCertUri;
private AttributeStatus attributeStatus;
@ -66,25 +66,25 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
public ComponentIdentifierV2() {
super();
componentClass = new ComponentClass();
certificateIdentifier = null;
componentPlatformUri = null;
componentPlatformCert = null;
componentPlatformCertUri = null;
attributeStatus = AttributeStatus.EMPTY_STATUS;
}
/**
* Constructor given the components values.
*
* @param componentClass represent the component type
* @param componentManufacturer represents the component manufacturer
* @param componentModel represents the component model
* @param componentSerial represents the component serial number
* @param componentRevision represents the component revision
* @param componentManufacturerId represents the component manufacturer ID
* @param fieldReplaceable represents if the component is replaceable
* @param componentAddress represents a list of addresses
* @param certificateIdentifier object representing certificate Id
* @param componentPlatformUri object containing the URI Reference
* @param attributeStatus object containing enumerated status
* @param componentClass represent the component type
* @param componentManufacturer represents the component manufacturer
* @param componentModel represents the component model
* @param componentSerial represents the component serial number
* @param componentRevision represents the component revision
* @param componentManufacturerId represents the component manufacturer ID
* @param fieldReplaceable represents if the component is replaceable
* @param componentAddress represents a list of addresses
* @param certificateIdentifier object representing certificate Id
* @param componentPlatformCertUri object containing the URI Reference
* @param attributeStatus object containing enumerated status
*/
public ComponentIdentifierV2(final ComponentClass componentClass,
final DERUTF8String componentManufacturer,
@ -95,15 +95,15 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
final ASN1Boolean fieldReplaceable,
final List<ComponentAddress> componentAddress,
final CertificateIdentifier certificateIdentifier,
final URIReference componentPlatformUri,
final URIReference componentPlatformCertUri,
final AttributeStatus attributeStatus) {
super(componentManufacturer, componentModel, componentSerial,
componentRevision, componentManufacturerId, fieldReplaceable,
componentAddress);
this.componentClass = componentClass;
// additional optional component identifiers
this.certificateIdentifier = certificateIdentifier;
this.componentPlatformUri = componentPlatformUri;
this.componentPlatformCert = certificateIdentifier;
this.componentPlatformCertUri = componentPlatformCertUri;
this.attributeStatus = attributeStatus;
}
@ -150,15 +150,15 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
break;
case COMPONENT_ADDRESS:
ASN1Sequence addressesSequence = ASN1Sequence.getInstance(taggedObj, false);
this.setComponentAddress(retrieveComponentAddress(addressesSequence));
this.setComponentAddresses(retrieveComponentAddress(addressesSequence));
break;
case COMPONENT_PLATFORM_CERT:
ASN1Sequence ciSequence = ASN1Sequence.getInstance(taggedObj, false);
certificateIdentifier = new CertificateIdentifier(ciSequence);
componentPlatformCert = new CertificateIdentifier(ciSequence);
break;
case COMPONENT_PLATFORM_URI:
case COMPONENT_PLATFORM_CERT_URI:
ASN1Sequence uriSequence = ASN1Sequence.getInstance(taggedObj, false);
this.componentPlatformUri = new URIReference(uriSequence);
this.componentPlatformCertUri = new URIReference(uriSequence);
break;
case ATTRIBUTE_STATUS:
ASN1Enumerated enumerated = ASN1Enumerated.getInstance(taggedObj, false);
@ -172,34 +172,6 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
}
}
/**
* @return true if the component has been modified.
*/
public final boolean isAdded() {
return getAttributeStatus() == AttributeStatus.ADDED;
}
/**
* @return true if the component has been modified.
*/
public final boolean isModified() {
return getAttributeStatus() == AttributeStatus.MODIFIED;
}
/**
* @return true if the component has been removed.
*/
public final boolean isRemoved() {
return getAttributeStatus() == AttributeStatus.REMOVED;
}
/**
* @return true if the component status wasn't set.
*/
public final boolean isEmpty() {
return (getAttributeStatus() == AttributeStatus.EMPTY_STATUS)
|| (getAttributeStatus() == null);
}
/**
* @return indicates the type of platform certificate.
@ -238,20 +210,20 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
if (getFieldReplaceable() != null) {
sb.append(getFieldReplaceable());
}
sb.append(", componentAddress=");
if (!getComponentAddress().isEmpty()) {
sb.append(getComponentAddress()
sb.append(", componentAddresses=");
if (!getComponentAddresses().isEmpty()) {
sb.append(getComponentAddresses()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", certificateIdentifier=");
if (certificateIdentifier != null) {
sb.append(certificateIdentifier);
sb.append(", componentPlatformCert=");
if (componentPlatformCert != null) {
sb.append(componentPlatformCert);
}
sb.append(", componentPlatformUri=");
if (componentPlatformUri != null) {
sb.append(componentPlatformUri);
sb.append(", componentPlatformCertUri=");
if (componentPlatformCertUri != null) {
sb.append(componentPlatformCertUri);
}
sb.append(", status=");
if (attributeStatus != null) {

115
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java
View File

@ -1,7 +1,10 @@
package hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformProperty;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
@ -11,7 +14,7 @@ import java.util.List;
import java.util.stream.Collectors;
/**
* Basic class that handle Platform Configuration for the Platform Certificate
* Basic class that represents the Version 2 Platform Configuration used for the Platform Certificate
* Attribute.
* <pre>
* PlatformConfiguration ::= SEQUENCE {
@ -22,24 +25,49 @@ import java.util.stream.Collectors;
* platformPropertiesUri [3] IMPLICIT URIReference OPTIONAL }
* </pre>
*/
public class PlatformConfigurationV2 extends PlatformConfiguration {
@AllArgsConstructor
public class PlatformConfigurationV2 {
private static final int COMPONENT_IDENTIFIER = 0;
private static final int COMPONENT_IDENTIFIER_URI = 1;
private static final int PLATFORM_PROPERTIES = 2;
private static final int PLATFORM_PROPERTIES_URI = 3;
private List<ComponentIdentifierV2> componentIdentifierV2;
private List<ComponentIdentifierV2> componentIdentifiers;
@Getter
@Setter
private URIReference componentIdentifiersUri;
private List<PlatformProperty> platformProperties;
@Getter
@Setter
private URIReference platformPropertiesUri;
/**
* Default constructor.
*/
public PlatformConfigurationV2() {
componentIdentifiers = new ArrayList<>();
componentIdentifiersUri = null;
platformProperties = new ArrayList<>();
platformPropertiesUri = null;
}
/**
* Constructor given the SEQUENCE that contains version 2 Platform Configuration.
*
* @param sequence containing the the Platform Configuration.
* @throws IllegalArgumentException if there was an error on the parsing
* @param sequence containing the version 2 Platform Configuration.
* @throws IllegalArgumentException if there was an error while parsing
*/
public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgumentException {
//Default values
setComponentIdentifierV2(new ArrayList<>());
setComponentIdentifierUri(null);
setComponentIdentifiers(new ArrayList<>());
setComponentIdentifiersUri(null);
setPlatformProperties(new ArrayList<>());
setPlatformPropertiesUri(null);
@ -65,7 +93,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
//Get componentIdentifierURI
ASN1Sequence componentUri = ASN1Sequence.getInstance(taggedSequence, false);
//Save Component Identifier URI
setComponentIdentifierUri(new URIReference(componentUri));
setComponentIdentifiersUri(new URIReference(componentUri));
break;
case PLATFORM_PROPERTIES:
//Get platformProperties
@ -93,16 +121,59 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
/**
* @return a collection of version 2 component identifiers.
*/
public List<ComponentIdentifierV2> getComponentIdentifierV2() {
return Collections.unmodifiableList(componentIdentifierV2);
public List<ComponentIdentifierV2> getComponentIdentifiers() {
return Collections.unmodifiableList(componentIdentifiers);
}
/**
* @param componentIdentifierV2 list of version 2 component identifiers
* @param componentIdentifiers list of version 2 component identifiers
*/
public void setComponentIdentifierV2(
final List<ComponentIdentifierV2> componentIdentifierV2) {
this.componentIdentifierV2 = new ArrayList<>(componentIdentifierV2);
public void setComponentIdentifiers(
final List<ComponentIdentifierV2> componentIdentifiers) {
this.componentIdentifiers = new ArrayList<>(componentIdentifiers);
}
/**
* Add function for the component identifier array.
*
* @param componentIdentifierV2 object to add
* @return status of the add, if successful or not
*/
protected boolean add(final ComponentIdentifierV2 componentIdentifierV2) {
if (this.componentIdentifiers != null) {
return this.componentIdentifiers.add(componentIdentifierV2);
}
return false;
}
/**
* @return the platformProperties
*/
public List<PlatformProperty> getPlatformProperties() {
return Collections.unmodifiableList(platformProperties);
}
/**
* @param platformProperties the platformProperties to set
*/
public void setPlatformProperties(final List<PlatformProperty> platformProperties) {
this.platformProperties = new ArrayList<>(platformProperties);
}
/**
* Add function for the platform property array.
*
* @param platformProperty property object to add
* @return status of the add, if successful or not
*/
protected boolean add(final PlatformProperty platformProperty) {
if (this.platformProperties != null) {
return this.platformProperties.add(platformProperty);
}
return false;
}
/**
@ -113,17 +184,17 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("PlatformConfiguration{");
sb.append("componentIdentifierV2=");
if (!getComponentIdentifierV2().isEmpty()) {
sb.append(getComponentIdentifierV2()
sb.append("PlatformConfigurationV2{");
sb.append("componentIdentifiers=");
if (!getComponentIdentifiers().isEmpty()) {
sb.append(getComponentIdentifiers()
.stream()
.map(Object::toString)
.collect(Collectors.joining(",")));
}
sb.append(", componentIdentifierUri=");
if (getComponentIdentifierUri() != null) {
sb.append(getComponentIdentifierUri());
sb.append(", componentIdentifiersUri=");
if (getComponentIdentifiersUri() != null) {
sb.append(getComponentIdentifiersUri());
}
sb.append(", platformProperties=");
if (!getPlatformProperties().isEmpty()) {

16
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
View File

@ -204,7 +204,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
* @return the {@link AppraisalStatus} of the supply chain validation
*/
private AppraisalStatus.Status doSupplyChainValidation(
final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) {
final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) throws IOException {
// attempt to find an endorsement credential to validate
EndorsementCredential endorsementCredential =
@ -745,16 +745,15 @@ public class IdentityClaimProcessor extends AbstractProcessor {
*
* @param certificate certificate
*/
private void savePlatformComponents(final Certificate certificate) {
private void savePlatformComponents(final Certificate certificate) throws IOException {
PlatformCredential platformCredential;
if (certificate instanceof PlatformCredential) {
platformCredential = (PlatformCredential) certificate;
ComponentResult componentResult;
// if the provided platform certificate is version 1.2
if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) {
// if the provided platform certificate is using version 1 Platform Configuration
if (platformCredential.getPlatformConfigurationV1() != null) {
for (ComponentIdentifier componentIdentifier : platformCredential
.getComponentIdentifiers()) {
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
@ -765,11 +764,10 @@ public class IdentityClaimProcessor extends AbstractProcessor {
componentResult.setDelta(!platformCredential.isPlatformBase());
componentResultRepository.save(componentResult);
}
}
// if the provided platform certificate is version 2.0
else if (platformCredential.getCredentialType()
.equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) {
// if the provided platform certificate is using version 2 Platform Configuration
else if (platformCredential.getPlatformConfigurationV2() != null) {
for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential
.getComponentIdentifiersV2()) {
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
View File

@ -32,6 +32,7 @@ import org.apache.logging.log4j.Level;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.HashMap;
@ -108,7 +109,8 @@ public class SupplyChainValidationService {
public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec,
final List<PlatformCredential> pcs,
final Device device,
final List<ComponentInfo> componentInfos) {
final List<ComponentInfo> componentInfos)
throws IOException {
boolean acceptExpiredCerts = getPolicySettings().isExpiredCertificateValidationEnabled();
provisionSessionId = UUID.randomUUID();
PlatformCredential baseCredential = null;
@ -153,6 +155,7 @@ public class SupplyChainValidationService {
pcErrorMessage = String.format("%s%s%n", pcErrorMessage,
platformScv.getMessage());
}
// set the base credential
if (pc.isPlatformBase()) {
baseCredential = pc;
@ -407,9 +410,9 @@ public class SupplyChainValidationService {
}
/**
* Helper function to get a fresh load of the default policy from the DB.
* Helper function that retrieves the default policy settings from the database.
*
* @return The default Supply Chain Policy
* @return The default Supply Chain Policy Settings
*/
private PolicySettings getPolicySettings() {
PolicySettings defaultSettings = this.policyRepository.findByName("Default");

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
View File

@ -139,7 +139,7 @@ public final class ValidationService {
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos,
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) throws IOException {
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES;

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/AcaPciIds.java
View File

@ -110,9 +110,9 @@ public final class AcaPciIds {
component.getComponentRevision(),
component.getComponentManufacturerId(),
component.getFieldReplaceable(),
component.getComponentAddress(),
component.getCertificateIdentifier(),
component.getComponentPlatformUri(),
component.getComponentAddresses(),
component.getComponentPlatformCert(),
component.getComponentPlatformCertUri(),
component.getAttributeStatus());
}

53
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
View File

@ -23,6 +23,7 @@ import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
@ -167,7 +168,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos,
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) throws IOException {
boolean passesValidation = true;
StringBuilder resultMessage = new StringBuilder();
HardwareInfo hardwareInfo = deviceInfoReport.getHardwareInfo();
@ -231,38 +232,42 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
passesValidation &= fieldValidation;
// Retrieve the list of all version 2 component identifiers from the Platform Credential
List<ComponentIdentifierV2> allPcComponents
= new ArrayList<>(platformCredential.getComponentIdentifiersV2());
if (platformCredential.getPlatformConfigurationV1() != null) {
// All components listed in the Platform Credential must have a manufacturer and model
for (ComponentIdentifierV2 pcComponent : allPcComponents) {
// Retrieve the list of all version 2 component identifiers from the Platform Credential
List<ComponentIdentifier> allPcComponents
= new ArrayList<>(platformCredential.getComponentIdentifiers());
// fieldValidation = pcComponent.getComponentClass() != null;
//
// if (!fieldValidation) {
// resultMessage.append("Component class is null\n");
// }
// All components listed in the Platform Credential must have a manufacturer and model
for (ComponentIdentifier pcComponent : allPcComponents) {
fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer",
pcComponent.getComponentManufacturer());
fieldValidation = !hasEmptyValueForRequiredField("componentManufacturer",
pcComponent.getComponentManufacturer());
if (!fieldValidation) {
resultMessage.append("Component manufacturer is empty\n");
if (!fieldValidation) {
resultMessage.append("Component manufacturer is empty\n");
}
passesValidation &= fieldValidation;
fieldValidation = !hasEmptyValueForRequiredField("componentModel",
pcComponent.getComponentModel());
if (!fieldValidation) {
resultMessage.append("Component model is empty\n");
}
passesValidation &= fieldValidation;
}
passesValidation &= fieldValidation;
} else if (platformCredential.getPlatformConfigurationV2() != null) {
fieldValidation = !hasEmptyValueForRequiredField("componentModel",
pcComponent.getComponentModel());
if (!fieldValidation) {
resultMessage.append("Component model is empty\n");
}
passesValidation &= fieldValidation;
// Retrieve the list of all version 2 component identifiers from the Platform Credential
List<ComponentIdentifierV2> allPcComponents
= new ArrayList<>(platformCredential.getComponentIdentifiersV2());
}
// populate componentResults list
List<ComponentResult> componentResults = componentResultRepository
.findByCertificateSerialNumberAndBoardSerialNumber(

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
View File

@ -100,7 +100,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
*
* @param pc The platform credential to verify.
* @param trustStore trust store holding trusted certificates.
* @param acceptExpired whether or not to accept expired certificates as valid.
* @param acceptExpired whether to accept expired certificates as valid.
* @return The result of the validation.
*/
public static AppraisalStatus validatePlatformCredential(final PlatformCredential pc,
@ -183,7 +183,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
final List<ComponentInfo> componentInfos,
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) {
final UUID provisionSessionId, final boolean ignoreRevisionAttribute) throws IOException {
final String baseErrorMessage = "Can't validate platform credential attributes without ";
String message;
if (platformCredential == null) {

61
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java
View File

@ -3,10 +3,11 @@ package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformProperty;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.util.encoders.Base64;
@ -439,10 +440,10 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV1 platformConfigV1 = platformCert.getPlatformConfigurationV1();
//Check component identifier
List<ComponentIdentifier> allComponents = platformConfig.getComponentIdentifier();
List<ComponentIdentifier> allComponents = platformConfigV1.getComponentIdentifiers();
if (allComponents.isEmpty()) {
Assertions.fail("Component Identifier is empty.");
}
@ -472,14 +473,14 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
component = allComponents.get(component5Position);
Assertions.assertEquals("Ethernet Connection I219-LM", component.getComponentModel()
.getString());
Assertions.assertEquals("8c:0f:6f:72:c6:c5", component.getComponentAddress().get(0)
Assertions.assertEquals("8c:0f:6f:72:c6:c5", component.getComponentAddresses().get(0)
.getAddressValue()
.getString());
Assertions.assertEquals("ethernet mac", component.getComponentAddress().get(0)
Assertions.assertEquals("ethernet mac", component.getComponentAddresses().get(0)
.getAddressTypeValue());
//Check Platform Properties
List<PlatformProperty> platformProperties = platformConfig.getPlatformProperties();
List<PlatformProperty> platformProperties = platformConfigV1.getPlatformProperties();
if (platformProperties.isEmpty()) {
Assertions.fail("Platform Properties is empty.");
}
@ -499,7 +500,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Assertions.assertEquals("true", property.getPropertyValue().getString());
//Check Platform Properties URI
URIReference platformPropertyUri = platformConfig.getPlatformPropertiesUri();
URIReference platformPropertyUri = platformConfigV1.getPlatformPropertiesUri();
Assertions.assertNotNull(platformPropertyUri);
Assertions.assertEquals("https://www.intel.com/platformproperties.xml",
@ -522,13 +523,13 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV1 platformConfigV1 = platformCert.getPlatformConfigurationV1();
//Check component identifier
List<ComponentIdentifier> allComponents = platformConfig.getComponentIdentifier();
List<ComponentIdentifier> allComponents = platformConfigV1.getComponentIdentifiers();
Assertions.assertTrue(allComponents.isEmpty());
List<PlatformProperty> platformProperties = platformConfig.getPlatformProperties();
List<PlatformProperty> platformProperties = platformConfigV1.getPlatformProperties();
if (platformProperties.isEmpty()) {
Assertions.fail("Platform Properties is empty.");
}
@ -560,10 +561,10 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV1 platformConfigV1 = platformCert.getPlatformConfigurationV1();
//Check component identifier
List<ComponentIdentifier> allComponents = platformConfig.getComponentIdentifier();
List<ComponentIdentifier> allComponents = platformConfigV1.getComponentIdentifiers();
if (allComponents.isEmpty()) {
Assertions.fail("Component Identifier is empty.");
}
@ -589,7 +590,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
.getString());
//Check Platform Properties
List<PlatformProperty> platformProperties = platformConfig.getPlatformProperties();
List<PlatformProperty> platformProperties = platformConfigV1.getPlatformProperties();
if (platformProperties.isEmpty()) {
Assertions.fail("Platform Properties is empty.");
}
@ -597,7 +598,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Assertions.assertEquals(platformProperties.size(), 2);
//Check Platform Properties URI
URIReference platformPropertyUri = platformConfig.getPlatformPropertiesUri();
URIReference platformPropertyUri = platformConfigV1.getPlatformPropertiesUri();
Assertions.assertNotNull(platformPropertyUri);
Assertions.assertEquals("https://www.intel.com/platformproperties.xml",
@ -629,10 +630,10 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV1 platformConfigV1 = platformCert.getPlatformConfigurationV1();
//Check component identifier
List<ComponentIdentifier> allComponents = platformConfig.getComponentIdentifier();
List<ComponentIdentifier> allComponents = platformConfigV1.getComponentIdentifiers();
if (allComponents.isEmpty()) {
Assertions.fail("Component Identifier is empty.");
}
@ -651,15 +652,15 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
//Check component #7
final int component7Position = 6;
component = allComponents.get(component7Position);
Assertions.assertTrue(component.getComponentAddress().size() > 0);
Assertions.assertEquals("8c:0f:6f:72:c6:c5", component.getComponentAddress().get(0)
Assertions.assertFalse(component.getComponentAddresses().isEmpty());
Assertions.assertEquals("8c:0f:6f:72:c6:c5", component.getComponentAddresses().get(0)
.getAddressValue()
.getString());
Assertions.assertEquals("ethernet mac", component.getComponentAddress().get(0)
Assertions.assertEquals("ethernet mac", component.getComponentAddresses().get(0)
.getAddressTypeValue());
//Check Platform Properties
List<PlatformProperty> platformProperties = platformConfig.getPlatformProperties();
List<PlatformProperty> platformProperties = platformConfigV1.getPlatformProperties();
if (platformProperties.isEmpty()) {
Assertions.fail("Platform Properties is empty.");
}
@ -667,7 +668,7 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Assertions.assertEquals(platformProperties.size(), 2);
//Check Platform Properties URI
URIReference platformPropertyUri = platformConfig.getPlatformPropertiesUri();
URIReference platformPropertyUri = platformConfigV1.getPlatformPropertiesUri();
Assertions.assertNotNull(platformPropertyUri);
Assertions.assertEquals("https://www.intel.com/platformproperties.xml",
@ -700,17 +701,17 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV2 platformConfigV2 = platformCert.getPlatformConfigurationV2();
//Check component identifier
List<ComponentIdentifier> allComponents = platformConfig.getComponentIdentifier();
List<ComponentIdentifierV2> allComponents = platformConfigV2.getComponentIdentifiers();
Assertions.assertFalse(allComponents.isEmpty());
final int component6Position = 5;
ComponentIdentifier component = allComponents.get(component6Position);
ComponentIdentifierV2 component = allComponents.get(component6Position);
Assertions.assertTrue(component.isVersion2());
List<PlatformProperty> platformProperties = platformConfig.getPlatformProperties();
List<PlatformProperty> platformProperties = platformConfigV2.getPlatformProperties();
if (platformProperties.isEmpty()) {
Assertions.fail("Platform Properties is empty.");
}
@ -749,15 +750,15 @@ public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
Path certPath = Paths.get(resource.toURI());
PlatformCredential platformCert = new PlatformCredential(certPath);
PlatformConfiguration platformConfig = platformCert.getPlatformConfiguration();
PlatformConfigurationV2 platformConfigV2 = platformCert.getPlatformConfigurationV2();
Assertions.assertInstanceOf(PlatformConfigurationV2.class, platformConfig);
Assertions.assertEquals(platformConfig.getPlatformPropertiesUri()
Assertions.assertInstanceOf(PlatformConfigurationV2.class, platformConfigV2);
Assertions.assertEquals(platformConfigV2.getPlatformPropertiesUri()
.getUniformResourceIdentifier().toString(),
"https://www.intel.com/platformproperties.xml");
// Assertions.assertNotNull(platformConfig.getComponentIdentifierUri());
// Assertions.assertNotNull(platformConfigV1.getComponentIdentifiersUri());
// Assertions.assertEquals(platformConfig.getComponentIdentifierUri()
// Assertions.assertEquals(platformConfigV1.getComponentIdentifiersUri()
// .getUniformResourceIdentifier().toString(),
// "https://www.intel.com/platformidentifiers.xml");

8
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
View File

@ -1990,7 +1990,7 @@ public class SupplyChainCredentialValidatorTest {
// ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
// ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
// ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
// ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
// ciV21Faulty.setComponentAddresses(compId2.getComponentAddresses());
// ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
// ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
// ciV22Faulty.setComponentClass(compId3.getComponentClass());
@ -1999,7 +1999,7 @@ public class SupplyChainCredentialValidatorTest {
// ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
// ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
// ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
// ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
// ciV22Faulty.setComponentAddresses(compId3.getComponentAddresses());
// ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
//
// List<ComponentIdentifier> compList = new ArrayList<>(3);
@ -2117,7 +2117,7 @@ public class SupplyChainCredentialValidatorTest {
// ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
// ciV21Faulty.setComponentManufacturerId(compId2.getComponentManufacturerId());
// ciV21Faulty.setFieldReplaceable(compId2.getFieldReplaceable());
// ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
// ciV21Faulty.setComponentAddresses(compId2.getComponentAddresses());
// ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
// ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
// ciV22Faulty.setComponentModel(compId3.getComponentModel());
@ -2125,7 +2125,7 @@ public class SupplyChainCredentialValidatorTest {
// ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
// ciV22Faulty.setComponentManufacturerId(compId3.getComponentManufacturerId());
// ciV22Faulty.setFieldReplaceable(compId3.getFieldReplaceable());
// ciV22Faulty.setComponentAddress(compId3.getComponentAddress());
// ciV22Faulty.setComponentAddresses(compId3.getComponentAddresses());
// ciV22Faulty.setAttributeStatus(AttributeStatus.REMOVED);
//
// List<ComponentIdentifier> compList = new ArrayList<>(3);

22
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java
View File

@ -949,7 +949,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
}
this.certificateRepository.save(certificate);
handlePlatformComponents(certificate);
parseAndSaveComponentResults(certificate);
final String successMsg
= String.format("New certificate successfully uploaded (%s): ", fileName);
@ -963,6 +963,11 @@ public class CertificatePageController extends PageController<NoPageParams> {
messages.addError(failMessage + dbsEx.getMessage());
log.error(failMessage, dbsEx);
return;
} catch (IOException ioException) {
final String ioExceptionMessage = "Failed to save component results in the database";
messages.addError(ioExceptionMessage + ioException.getMessage());
log.error(ioExceptionMessage, ioException);
return;
}
try {
@ -1006,11 +1011,12 @@ public class CertificatePageController extends PageController<NoPageParams> {
}
/**
* Helper method that attempts to manage the provided platform certificate's components.
* Helper method that utilizes the components of the provided platform certificate to generate
* a collection of component results and subsequently stores these results in the database.
*
* @param certificate certificate
*/
private void handlePlatformComponents(final Certificate certificate) {
private void parseAndSaveComponentResults(final Certificate certificate) throws IOException {
PlatformCredential platformCredential;
if (certificate instanceof PlatformCredential) {
@ -1023,8 +1029,8 @@ public class CertificatePageController extends PageController<NoPageParams> {
if (componentResults.isEmpty()) {
ComponentResult componentResult;
// if the provided platform certificate is version 1.2
if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) {
// if the provided platform certificate is using version 1 Platform Configuration
if (platformCredential.getPlatformConfigurationV1() != null) {
for (ComponentIdentifier componentIdentifier : platformCredential
.getComponentIdentifiers()) {
@ -1037,9 +1043,9 @@ public class CertificatePageController extends PageController<NoPageParams> {
componentResultRepository.save(componentResult);
}
}
// if the provided platform certificate is version 2.0
else if (platformCredential.getCredentialType()
.equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) {
// if the provided platform certificate is using version 2 Platform Configuration
else if (platformCredential.getPlatformConfigurationV2() != null) {
for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential
.getComponentIdentifiersV2()) {

27
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
View File

@ -10,8 +10,8 @@ import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCred
import hirs.attestationca.persist.entity.userdefined.certificate.IDevIDCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
import hirs.attestationca.persist.util.AcaPciIds;
import hirs.utils.BouncyCastleUtils;
import hirs.utils.PciIds;
@ -401,21 +401,22 @@ public final class CertificateStringMapBuilder {
data.put("componentResults", compResults);
//Get platform Configuration values and set map with it
PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration();
if (platformConfiguration != null) {
PlatformConfigurationV2 platformConfigurationV2 = certificate.getPlatformConfigurationV2();
if (platformConfigurationV2 != null) {
//Component Identifier - attempt to translate hardware IDs
List<ComponentIdentifier> comps = platformConfiguration.getComponentIdentifier();
if (PciIds.DB.isReady()) {
comps = AcaPciIds.translate(comps);
}
data.put("componentsIdentifier", comps);
List<ComponentIdentifierV2> componentIdentifiers =
platformConfigurationV2.getComponentIdentifiers();
/* if (PciIds.DB.isReady()) {
componentIdentifiers = AcaPciIds.translate(componentIdentifiers);
}*/
data.put("componentsIdentifier", componentIdentifiers);
//Component Identifier URI
data.put("componentsIdentifierURI", platformConfiguration
.getComponentIdentifierUri());
data.put("componentsIdentifierURI", platformConfigurationV2
.getComponentIdentifiersUri());
//Platform Properties
data.put("platformProperties", platformConfiguration.getPlatformProperties());
data.put("platformProperties", platformConfigurationV2.getPlatformProperties());
//Platform Properties URI
data.put("platformPropertiesURI", platformConfiguration.getPlatformPropertiesUri());
data.put("platformPropertiesURI", platformConfigurationV2.getPlatformPropertiesUri());
}
//TBB Security Assertion
data.put("tbbSecurityAssertion", certificate.getTBBSecurityAssertion());

2
package/linux/systemd/hirs-aca.service
View File

@ -5,7 +5,7 @@ After=network.target
[Service]
User=root
Group=root
ExecStart=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w
ExecStart=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -d -w
SuccessExitStatus=0
Restart=always
RestartSec=60