ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 21:17:59 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

ReferenceManifestValidator trustStore not populated during provision

Browse Source
This commit is contained in:
iadgovuser29 2024-06-18 17:03:51 -04:00
parent 7b465ed9ee
commit c84d67dfd7
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java
View File

@ -23,9 +23,8 @@ import java.nio.charset.StandardCharsets;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.HashMap; import java.security.cert.X509Certificate;
import java.util.LinkedList; import java.util.*;
import java.util.List;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL; import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS; import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
@ -106,6 +105,19 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
signingCert = cert; signingCert = cert;
KeyStore keyStore = ValidationService.getCaChain(signingCert, KeyStore keyStore = ValidationService.getCaChain(signingCert,
caCredentialRepository); caCredentialRepository);
Set<CertificateAuthorityCredential> set = ValidationService.getCaChainRec(signingCert,
Collections.emptySet(),
caCredentialRepository);
ArrayList<X509Certificate> certs = new ArrayList<>(set.size());
for (CertificateAuthorityCredential cac : set) {
try {
certs.add(cac.getX509Certificate());
} catch (IOException e) {
log.error("Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": "
+ e.getMessage());
}
}
referenceManifestValidator.setTrustStore(certs);
try { try {
if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(), if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(),
signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) { signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) {