ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-07 03:40:10 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated a supply chain validation check for delta certificates. Updated the check for duplicate base platform certificates when storing them for the same device and updated the begin validity date for the delta vs the base check.

Browse Source
This commit is contained in:
Cyrus 2021-01-12 12:26:54 -05:00
parent fcb496686c
commit beb1ccbee3
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/CredentialManagementHelper.java
View File

@ -122,7 +122,7 @@ public final class CredentialManagementHelper {
if (!certificates.isEmpty()) { if (!certificates.isEmpty()) {
// found associated certificates // found associated certificates
for (PlatformCredential pc : certificates) { for (PlatformCredential pc : certificates) {
if (pc.isBase()) { if (pc.isBase() && platformCredential.isBase()) {
// found a base in the database associated with // found a base in the database associated with
// parsed certificate // parsed certificate
LOG.error(String.format("Base certificate stored" LOG.error(String.format("Base certificate stored"

4
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -184,8 +184,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// the base // the base
if (baseCredential != null) { if (baseCredential != null) {
for (PlatformCredential pc : pcs) { for (PlatformCredential pc : pcs) {
int result = pc.getBeginValidity() int result = baseCredential.getBeginValidity()
.compareTo(baseCredential.getBeginValidity()); .compareTo(pc.getBeginValidity());
if (!pc.isBase() && (result > 0)) { if (!pc.isBase() && (result > 0)) {
pcErrorMessage = String.format("%s%s%n", pcErrorMessage, pcErrorMessage = String.format("%s%s%n", pcErrorMessage,
"Delta Certificate's validity " "Delta Certificate's validity "

6
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -664,7 +664,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s attempted MODIFIED with no prior instance.%n", "%s attempted MODIFIED with no prior instance.%n",
classValue)); classValue));
scv = deltaMapping.get(delta); scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) { if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage()); failureMsg.append(scv.getMessage());
} }
deltaMapping.put(delta, new SupplyChainValidation( deltaMapping.put(delta, new SupplyChainValidation(
@ -694,7 +694,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s attempted REMOVED with no prior instance.%n", "%s attempted REMOVED with no prior instance.%n",
classValue)); classValue));
scv = deltaMapping.get(delta); scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) { if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage()); failureMsg.append(scv.getMessage());
} }
deltaMapping.put(delta, new SupplyChainValidation( deltaMapping.put(delta, new SupplyChainValidation(
@ -723,7 +723,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
"%s was ADDED, the serial already exists.%n", "%s was ADDED, the serial already exists.%n",
classValue)); classValue));
scv = deltaMapping.get(delta); scv = deltaMapping.get(delta);
if (scv.getResult() != AppraisalStatus.Status.PASS) { if (scv != null && scv.getResult() != AppraisalStatus.Status.PASS) {
failureMsg.append(scv.getMessage()); failureMsg.append(scv.getMessage());
} }
deltaMapping.put(delta, new SupplyChainValidation( deltaMapping.put(delta, new SupplyChainValidation(