Modified how unmatched log events are tested. Now it uses the reference event value from the database.

2024-12-18 20:47:58 +00:00 · 2021-03-23 13:13:17 -04:00 · 2021-03-23 13:13:17 -04:00 · c290ba25be
commit c290ba25be
parent 2110b7e94d
5 changed files with 101 additions and 16 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
@ -9,6 +9,8 @@ import hirs.data.persist.Device;
 import hirs.data.persist.DeviceInfoReport;
 import hirs.data.persist.EventLogMeasurements;
 import hirs.data.persist.PCRPolicy;
+import hirs.data.persist.ReferenceDigestRecord;
+import hirs.data.persist.ReferenceDigestValue;
 import hirs.data.persist.ReferenceManifest;
 import hirs.data.persist.SupplyChainPolicy;
 import hirs.data.persist.SupplyChainValidation;
@ -26,6 +28,8 @@ import hirs.persist.CrudManager;
 import hirs.persist.DBManagerException;
 import hirs.persist.PersistenceConfiguration;
 import hirs.persist.PolicyManager;
+import hirs.persist.ReferenceDigestManager;
+import hirs.persist.ReferenceEventManager;
 import hirs.persist.ReferenceManifestManager;
 import hirs.tpm.eventlog.TCGEventLog;
 import hirs.tpm.eventlog.TpmPcrEvent;
@ -76,6 +80,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
    private PolicyManager policyManager;
    private AppraiserManager appraiserManager;
    private ReferenceManifestManager referenceManifestManager;
+    private ReferenceDigestManager referenceDigestManager;
+    private ReferenceEventManager referenceEventManager;
    private CertificateManager certificateManager;
    private CredentialValidator supplyChainCredentialValidator;
    private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
@ -92,20 +98,27 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     * @param referenceManifestManager           the RIM manager
     * @param supplyChainValidatorSummaryManager the summary manager
     * @param supplyChainCredentialValidator     the credential validator
+     * @param referenceDigestManager             the digest manager
+     * @param referenceEventManager              the even manager
     */
    @Autowired
+    @SuppressWarnings("ParameterNumberCheck")
    public SupplyChainValidationServiceImpl(
            final PolicyManager policyManager, final AppraiserManager appraiserManager,
            final CertificateManager certificateManager,
            final ReferenceManifestManager referenceManifestManager,
            final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
-            final CredentialValidator supplyChainCredentialValidator) {
+            final CredentialValidator supplyChainCredentialValidator,
+            final ReferenceDigestManager referenceDigestManager,
+            final ReferenceEventManager referenceEventManager) {
        this.policyManager = policyManager;
        this.appraiserManager = appraiserManager;
        this.certificateManager = certificateManager;
        this.referenceManifestManager = referenceManifestManager;
        this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
        this.supplyChainCredentialValidator = supplyChainCredentialValidator;
+        this.referenceDigestManager = referenceDigestManager;
+        this.referenceEventManager = referenceEventManager;
    }

    /**
@ -354,10 +367,13 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
        AppraisalStatus fwStatus = null;
        String manufacturer = device.getDeviceInfo()
                .getHardwareInfo().getManufacturer();
+        String model = device.getDeviceInfo()
+                .getHardwareInfo().getProductName();
        ReferenceManifest validationObject = null;
        ReferenceManifest baseReferenceManifest = null;
        ReferenceManifest supportReferenceManifest = null;
        ReferenceManifest measurement = null;
+        ReferenceDigestRecord digestRecord = null;

        baseReferenceManifest = BaseReferenceManifest.select(referenceManifestManager)
                .byManufacturer(manufacturer).getRIM();
@ -465,18 +481,22 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                        // part 2 of firmware validation check: bios measurements
                        // vs baseline tcg event log
                        // find the measurement
-                        TCGEventLog tcgEventLog;
                        TCGEventLog tcgMeasurementLog;
+                        digestRecord = this.referenceDigestManager.getRecord(manufacturer, model);
                        LinkedList<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
+                        List<ReferenceDigestValue> eventValue;
+                        HashMap<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
                        try {
                            if (measurement.getPlatformManufacturer().equals(manufacturer)) {
                                tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes());
-                                tcgEventLog = new TCGEventLog(
-                                        supportReferenceManifest.getRimBytes());
-                                for (TpmPcrEvent tpe : tcgEventLog.getEventList()) {
-                                    if (!tpe.eventCompare(
-                                            tcgMeasurementLog.getEventByNumber(
-                                                    tpe.getEventNumber()))) {
+                                eventValue = this.referenceEventManager
+                                        .getValuesByRecordId(digestRecord);
+                                for (ReferenceDigestValue rdv : eventValue) {
+                                    eventValueMap.put(rdv.getDigestValue(), rdv);
+                                }
+
+                                for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
+                                    if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
                                        tpmPcrEvents.add(tpe);
                                    }
                                }
--- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java
+++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java
@ -23,6 +23,8 @@ import hirs.persist.DBDeviceManager;
 import hirs.persist.DeviceGroupManager;
 import hirs.persist.DeviceManager;
 import hirs.persist.PolicyManager;
+import hirs.persist.ReferenceDigestManager;
+import hirs.persist.ReferenceEventManager;
 import hirs.validation.CredentialValidator;
 import hirs.validation.SupplyChainCredentialValidator;
 import org.mockito.ArgumentCaptor;
@ -87,6 +89,12 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
    @Mock
    private CrudManager<SupplyChainValidationSummary> supplyChainValidationSummaryDBManager;

+    @Mock
+    private ReferenceDigestManager referenceDigestManager;
+
+    @Mock
+    private ReferenceEventManager referenceEventManager;
+
    @InjectMocks
    private SupplyChainValidationServiceImpl service;

@ -400,7 +408,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -460,7 +470,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential rootCa = new CertificateAuthorityCredential(
@ -506,7 +518,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        EndorsementCredential endorsementCredential = new EndorsementCredential(
@ -542,7 +556,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -602,7 +618,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential intelCa = new CertificateAuthorityCredential(
@ -648,7 +666,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                supplyChainCredentialValidator
+                supplyChainCredentialValidator,
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential globalSignCaCert = new CertificateAuthorityCredential(
@ -699,7 +719,9 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                realCertMan,
                null,
                supplyChainValidationSummaryDBManager,
-                new SupplyChainCredentialValidator()
+                new SupplyChainCredentialValidator(),
+                referenceDigestManager,
+                referenceEventManager
        );

        CertificateAuthorityCredential stmEkRootCa = new CertificateAuthorityCredential(
--- a/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/DBReferenceDigestManager.java
@ -77,6 +77,37 @@ public class DBReferenceDigestManager extends DBManager<ReferenceDigestRecord>
        return dbRecord;
    }

+    @Override
+    public ReferenceDigestRecord getRecord(final String manufacturer, final String model) {
+        LOGGER.debug("Getting record for {} ~ {}", manufacturer, model);
+        if (manufacturer == null || model == null) {
+            LOGGER.error("No reference to get record from db {} ~ {}", manufacturer, model);
+            return null;
+        }
+
+        ReferenceDigestRecord dbRecord = null;
+        Transaction tx = null;
+        Session session = getFactory().getCurrentSession();
+        try {
+            LOGGER.debug("retrieving referenceDigestRecord from db");
+            tx = session.beginTransaction();
+            dbRecord = (ReferenceDigestRecord) session.createCriteria(ReferenceDigestRecord.class)
+                    .add(Restrictions.eq("manufacturer",
+                            manufacturer)).add(Restrictions.eq("model",
+                            model)).uniqueResult();
+            tx.commit();
+        } catch (Exception ex) {
+            final String msg = "unable to retrieve object";
+            LOGGER.error(msg, ex);
+            if (tx != null) {
+                LOGGER.debug("rolling back transaction");
+                tx.rollback();
+            }
+            throw new DBManagerException(msg, ex);
+        }
+        return dbRecord;
+    }
+
    @Override
    public ReferenceDigestRecord getRecordById(final ReferenceDigestRecord referenceDigestRecord) {
        LOGGER.debug("Getting record for {}", referenceDigestRecord);
--- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java
+++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceDigestManager.java
@ -28,6 +28,15 @@ public interface ReferenceDigestManager {
     */
    ReferenceDigestRecord getRecord(ReferenceDigestRecord referenceDigestRecord);

+    /**
+     * Persists a new Reference Digest.
+     *
+     * @param manufacturer the string of the manufacturer
+     * @param model the string of the model
+     * @return the persisted ReferenceDigestRecord
+     */
+    ReferenceDigestRecord getRecord(String manufacturer, String model);
+
    /**
     * Persists a new Reference Digest.
     *
--- a/config/checkstyle/sun_checks.xml
+++ b/config/checkstyle/sun_checks.xml
@ -123,7 +123,10 @@
            <property name="max" value="100"/>
        </module>
        <module name="MethodLength"/>
-        <module name="ParameterNumber"/>
+        <module name="ParameterNumber">
+            <property name="max" value="10"/>
+            <property name="tokens" value="METHOD_DEF"/>
+        </module>


        <!-- Checks for whitespace                               -->