ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-31 00:24:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated a supply chain validation check for delta certificates. Updated the check for duplicate base platform certificates when storing them for the same device and updated the begin validity date for the delta vs the base check.

Browse Source
This commit is contained in:
Cyrus 2021-01-12 12:26:54 -05:00
parent fcb496686c
commit beb1ccbee3
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/CredentialManagementHelper.java
View File

@ -122,7 +122,7 @@ public final class CredentialManagementHelper {
if (!certificates.isEmpty()) {
// found associated certificates
for (PlatformCredential pc : certificates) {
if (pc.isBase()) {
if (pc.isBase() && platformCredential.isBase()) {
// found a base in the database associated with
// parsed certificate
LOG.error(String.format("Base certificate stored"

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -184,8 +184,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// the base
if (baseCredential != null) {
for (PlatformCredential pc : pcs) {
int result = pc.getBeginValidity()
.compareTo(baseCredential.getBeginValidity());
int result = baseCredential.getBeginValidity()
.compareTo(pc.getBeginValidity());
if (!pc.isBase() && (result > 0)) {
pcErrorMessage = String.format("%s%s%n", pcErrorMessage,
"Delta Certificate's validity "

6
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -664,7 +664,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s attempted MODIFIED with no prior instance.%n",
classValue));
scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) {
if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage());
}
deltaMapping.put(delta, new SupplyChainValidation(
@ -694,7 +694,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s attempted REMOVED with no prior instance.%n",
classValue));
scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) {
if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage());
}
deltaMapping.put(delta, new SupplyChainValidation(
@ -723,7 +723,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s was ADDED, the serial already exists.%n",
classValue));
scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) {
if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage());
}
deltaMapping.put(delta, new SupplyChainValidation(