ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 12:46:30 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Clarified checkstyle changes and renamed some data structures for readability or conformity to documentation

Browse Source
This commit is contained in:
chubtub 2024-12-10 16:40:41 -05:00
parent e91c7a819a
commit cb2ba1a846
3 changed files with 75 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
View File

@ -15,6 +15,7 @@ import org.apache.commons.codec.binary.Hex;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@ -62,17 +63,9 @@ public class PcrValidator {
* @param pcrValues RIM provided baseline PCRs
*/
public PcrValidator(final String[] pcrValues) {
baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1);
baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1);
}
/**
* Builds a string array of stored pcrs.
*
* @param pcrContent string representation of the pcr content
* @param algorithmLength length of the algorithm
* @return string array representation of the stored pcrs.
*/
public static String[] buildStoredPcrs(final String pcrContent, final int algorithmLength) {
// we have a full set of PCR values
String[] pcrSet = pcrContent.split("\\n");
@ -149,7 +142,7 @@ public class PcrValidator {
}
if (!baselinePcrs[i].equals(storedPcrs[i])) {
log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]);
log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i]));
sb.append(String.format(failureMsg, i));
}
}
@ -163,36 +156,36 @@ public class PcrValidator {
* will ignore certin PCRs, Event Types and Event Variables present.
*
* @param tcgMeasurementLog Measurement log from the client
* @param eventValueMap The events stored as baseline to compare
* @param eventLogRecords The events stored as baseline to compare
* @param policySettings db entity that holds all of policy
* @return the events that didn't pass
*/
public List<TpmPcrEvent> validateTpmEvents(final TCGEventLog tcgMeasurementLog,
final Map<String, ReferenceDigestValue> eventValueMap,
final Map<String, ReferenceDigestValue> eventLogRecords,
final PolicySettings policySettings) {
List<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) {
log.info("IMA Ignored -> {}", tpe);
log.info(String.format("IMA Ignored -> %s", tpe));
} else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START
&& tpe.getPcrIndex() <= TBOOT_PCR_END)) {
log.info("TBOOT Ignored -> {}", tpe);
log.info(String.format("TBOOT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START
&& tpe.getPcrIndex() <= PXE_PCR_END)) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else {
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
log.info("GPT Ignored -> {}", tpe);
log.info(String.format("GPT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
&& tpe.getEventContentStr().contains("SecureBoot"))) {
log.info("OS Evt Config Ignored -> {}", tpe);
log.info(String.format("OS Evt Config Ignored -> %s", tpe));
} else {
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) {
tpmPcrEvents.add(tpe);
}
}
@ -251,13 +244,12 @@ public class PcrValidator {
// other information.
String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest());
log.debug(
"Validating PCR information with the following:{}calculatedString = {}{}"
+ "quoteString = {}", System.lineSeparator(), calculatedString,
System.lineSeparator(), quoteString);
log.debug("Validating PCR information with the following:" +
System.lineSeparator() + "calculatedString = " + calculatedString +
System.lineSeparator() + "quoteString = " + quoteString);
validated = quoteString.contains(calculatedString);
if (!validated) {
log.warn("{} not found in {}", calculatedString, quoteString);
log.warn(calculatedString + " not found in " + quoteString);
}
} catch (NoSuchAlgorithmException naEx) {
log.error(naEx);

47
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -98,13 +98,10 @@ public class ReferenceManifestDetailsPageController
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository,
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository
caCertificateRepository)
final CACredentialRepository caCertificateRepository)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
@ -141,14 +138,16 @@ public class ReferenceManifestDetailsPageController
* @param certificateRepository the certificate manager.
* @param caCertificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestRepository referenceManifestRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository caCertificateRepository)
throws IOException {
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
// Software Identity
@ -258,8 +257,8 @@ public class ReferenceManifestDetailsPageController
caCertificateRepository));
RIM_VALIDATOR.setTrustStore(truststore);
} catch (IOException e) {
log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(),
e.getMessage());
log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": "
+ e.getMessage());
}
if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
@ -270,7 +269,7 @@ public class ReferenceManifestDetailsPageController
break;
}
} catch (SupplyChainValidatorException scvEx) {
log.error("Error verifying cert chain: {}", scvEx.getMessage());
log.error("Error verifying cert chain: " + scvEx.getMessage());
}
}
}
@ -286,7 +285,7 @@ public class ReferenceManifestDetailsPageController
}
}
} catch (NullPointerException npEx) {
log.warn("Unable to link signing certificate: {}", npEx.getMessage());
log.warn("Unable to link signing certificate: " + npEx.getMessage());
}
return data;
}
@ -298,7 +297,7 @@ public class ReferenceManifestDetailsPageController
* @return list of X509Certificates
*/
private static List<X509Certificate> convertCACsToX509Certificates(
final Set<CertificateAuthorityCredential> set)
Set<CertificateAuthorityCredential> set)
throws IOException {
ArrayList<X509Certificate> certs = new ArrayList<>(set.size());
for (CertificateAuthorityCredential cac : set) {
@ -485,7 +484,7 @@ public class ReferenceManifestDetailsPageController
final ReferenceDigestValueRepository referenceDigestValueRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
LinkedList<TpmPcrEvent> evidence = new LinkedList<>();
BaseReferenceManifest base = null;
List<SupportReferenceManifest> supports = new ArrayList<>();
SupportReferenceManifest baseSupport = null;
@ -498,7 +497,7 @@ public class ReferenceManifestDetailsPageController
data.put("validationResult", measurements.getOverallValidationResult());
data.put("swidBase", true);
List<ReferenceDigestValue> eventValues = new LinkedList<>();
List<ReferenceDigestValue> assertions = new LinkedList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
@ -518,19 +517,19 @@ public class ReferenceManifestDetailsPageController
data.put("associatedRim", base.getId());
}
eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
}
}
TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();
for (ReferenceDigestValue rdv : eventValues) {
eventValueMap.put(rdv.getDigestValue(), rdv);
for (ReferenceDigestValue record : assertions) {
eventValueMap.put(record.getDigestValue(), record);
}
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
livelogEvents.add(measurementEvent);
evidence.add(measurementEvent);
}
}
@ -544,7 +543,7 @@ public class ReferenceManifestDetailsPageController
String bootVariable;
String variablePrefix = "Variable Name:";
String variableSuffix = "UEFI_GUID";
for (TpmPcrEvent tpe : livelogEvents) {
for (TpmPcrEvent tpe : evidence) {
matchedEvents = new ArrayList<>();
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
@ -567,7 +566,7 @@ public class ReferenceManifestDetailsPageController
}
TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes());
data.put("livelogEvents", livelogEvents);
data.put("livelogEvents", evidence);
data.put("events", logProcessor.getEventList());
getEventSummary(data, logProcessor.getEventList());
@ -608,6 +607,12 @@ public class ReferenceManifestDetailsPageController
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
log.error(uuidError, iaEx);
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException nsEx) {
log.error(nsEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(ex);
}

66
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -76,10 +76,8 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
* @param referenceDigestValueRepository this is the reference event manager
*/
@Autowired
public ReferenceManifestPageController(final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository) {
public ReferenceManifestPageController(final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository) {
super(Page.REFERENCE_MANIFESTS);
this.referenceManifestRepository = referenceManifestRepository;
this.referenceDigestValueRepository = referenceDigestValueRepository;
@ -113,11 +111,11 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
method = RequestMethod.GET)
public DataTableResponse<ReferenceManifest> getTableData(
@Valid final DataTableInput input) {
log.debug("Handling request for summary list: {}", input);
log.debug("Handling request for summary list: " + input);
String orderColumnName = input.getOrderColumnName();
log.info("Ordering on column: {}", orderColumnName);
log.info("Querying with the following dataTableInput: {}", input);
log.info("Ordering on column: " + orderColumnName);
log.info("Querying with the following dataTableInput: " + input);
FilteredRecordsList<ReferenceManifest> records = new FilteredRecordsList<>();
int currentPage = input.getStart() / input.getLength();
@ -138,7 +136,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
records.setRecordsFiltered(referenceManifestRepository.findByArchiveFlag(false).size());
log.debug("Returning list of size: {}", records.size());
log.debug("Returning list of size: " + records.size());
return new DataTableResponse<>(records, input);
}
@ -163,7 +161,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
Matcher matcher;
List<BaseReferenceManifest> baseRims = new ArrayList<>();
List<SupportReferenceManifest> supportRims = new ArrayList<>();
log.info("Processing {} uploaded files", files.length);
log.info(String.format("Processing %s uploaded files", files.length));
// loop through the files
for (MultipartFile file : files) {
@ -179,22 +177,20 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
if (isBaseRim || isSupportRim) {
parseRIM(file, isSupportRim, messages, baseRims, supportRims);
} else {
String errorString = "The file extension of " + fileName + " was not recognized."
+ " Base RIMs support the extension \".swidtag\", and support RIMs support "
+ "\".rimpcr\", \".rimel\", \".bin\", and \".log\". "
+ "Please verify your upload and retry.";
log.error("File extension in {} not recognized as base or support RIM.", fileName);
String errorString = "The file extension of " + fileName + " was not recognized." +
" Base RIMs support the extension \".swidtag\", and support RIMs support " +
"\".rimpcr\", \".rimel\", \".bin\", and \".log\". " +
"Please verify your upload and retry.";
log.error("File extension in " + fileName + " not recognized as base or support RIM.");
messages.addError(errorString);
}
}
baseRims.forEach((rim) -> {
log.info("Storing swidtag {}", rim.getFileName());
log.info(String.format("Storing swidtag %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
supportRims.forEach((rim) -> {
log.info("Storing event log {}", rim.getFileName());
log.info(String.format("Storing event log %s", rim.getFileName()));
this.referenceManifestRepository.save(rim);
});
@ -229,7 +225,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
@RequestMapping(value = "/delete", method = RequestMethod.POST)
public RedirectView delete(@RequestParam final String id,
final RedirectAttributes attr) throws URISyntaxException {
log.info("Handling request to delete {}", id);
log.info("Handling request to delete " + id);
Map<String, Object> model = new HashMap<>();
PageMessages messages = new PageMessages();
@ -274,7 +270,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
public void download(@RequestParam final String id,
final HttpServletResponse response)
throws IOException {
log.info("Handling RIM request to download {}", id);
log.info("Handling RIM request to download " + id);
try {
ReferenceManifest referenceManifest = getRimFromDb(id);
@ -285,11 +281,10 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
// send a 404 error when invalid Reference Manifest
response.sendError(HttpServletResponse.SC_NOT_FOUND);
} else {
StringBuilder fileName = new StringBuilder("filename=\"");
fileName.append(referenceManifest.getFileName());
// Set filename for download.
response.setHeader("Content-Disposition",
"attachment;" + "filename=\"" + referenceManifest.getFileName()
// Set filename for download.
);
response.setHeader("Content-Disposition", "attachment;" + fileName);
response.setContentType("application/octet-stream");
// write cert to output stream
@ -363,7 +358,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
*
* @param id of the RIM
* @return the associated RIM from the DB
* @throws IllegalArgumentException if issues arise from attempting to retrieve the rim from the database
* @throws IllegalArgumentException
*/
private ReferenceManifest getRimFromDb(final String id) throws IllegalArgumentException {
UUID uuid = UUID.fromString(id);
@ -385,6 +380,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
* user.
* @param baseRims object to store multiple files
* @param supportRims object to store multiple files
* @return a single or collection of reference manifest files.
*/
private void parseRIM(
final MultipartFile file, final boolean supportRIM,
@ -502,7 +498,7 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
}
private void processTpmEvents(final List<SupportReferenceManifest> dbSupportRims) {
List<ReferenceDigestValue> tpmEvents;
List<ReferenceDigestValue> referenceValues;
TCGEventLog logProcessor = null;
ReferenceManifest baseRim;
ReferenceDigestValue newRdv;
@ -511,9 +507,9 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
// So first we'll have to pull values based on support rim
// get by support rim id NEXT
if (dbSupport.getPlatformManufacturer() != null) {
tpmEvents = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
referenceValues = referenceDigestValueRepository.findBySupportRimId(dbSupport.getId());
baseRim = findBaseRim(dbSupport);
if (tpmEvents.isEmpty()) {
if (referenceValues.isEmpty()) {
try {
logProcessor = new TCGEventLog(dbSupport.getRimBytes());
for (TpmPcrEvent tpe : logProcessor.getEventList()) {
@ -526,14 +522,18 @@ public class ReferenceManifestPageController extends PageController<NoPageParams
this.referenceDigestValueRepository.save(newRdv);
}
} catch (CertificateException | NoSuchAlgorithmException | IOException e) {
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
} else {
for (ReferenceDigestValue rdv : tpmEvents) {
if (!rdv.isUpdated()) {
rdv.updateInfo(dbSupport, baseRim.getId());
this.referenceDigestValueRepository.save(rdv);
for (ReferenceDigestValue referenceValue : referenceValues) {
if (!referenceValue.isUpdated()) {
referenceValue.updateInfo(dbSupport, baseRim.getId());
this.referenceDigestValueRepository.save(referenceValue);
}
}
}