From 57632e0923a522fad94449b8e3af56ac99fbe3ea Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 23 Jun 2023 09:22:02 -0400 Subject: [PATCH 1/6] the DN compare of bouncy castle utils throws and exception if the object is null. Added additional condition to the if statement to check null status. --- .../persist/service/SupplyChainValidationServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java index bd7b9668..8b4f794f 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java @@ -117,7 +117,8 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService caCreds = new HashSet<>(); for (CertificateAuthorityCredential cred : certAuthsWithMatchingIssuer) { caCreds.add(cred); - if (!BouncyCastleUtils.x500NameCompare(cred.getHolderIssuer(), + if ((cred.getHolderIssuer() != null && cred.getSubject() != null) + && !BouncyCastleUtils.x500NameCompare(cred.getHolderIssuer(), cred.getSubject())) { caCreds.addAll(getCaChainRec(cred, queriedOrganizations)); } From 5ff5650be19cecd7a843e5417892fdcfbdd63edc Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 23 Jun 2023 09:24:08 -0400 Subject: [PATCH 2/6] Small addition [no ci] --- .../persist/service/SupplyChainValidationServiceImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java index 8b4f794f..30543763 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java @@ -123,6 +123,7 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService Date: Mon, 26 Jun 2023 13:32:28 -0400 Subject: [PATCH 3/6] Updated the RIM details page to search for the associated support rim if the base doesn't have it. This is a temp measure before completing #526 [no ci] --- .../persist/entity/AbstractEntity.java | 2 +- .../manager/ReferenceManifestRepository.java | 2 +- .../attributes/ComponentClass.java | 2 - .../rim/BaseReferenceManifest.java | 111 ------------------ ...eferenceManifestDetailsPageController.java | 26 +++- 5 files changed, 23 insertions(+), 120 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java index 669fb900..a647b1da 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java @@ -40,7 +40,7 @@ public abstract class AbstractEntity implements Serializable { @Column (name = "create_time") @ColumnDefault(value = "CURRENT_TIMESTAMP") @Generated(GenerationTime.INSERT) - private Date createTime;// = new Date(); + private Date createTime; /** * Default empty constructor is required for Hibernate. It is protected to diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java index 7994255d..136d9b83 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java @@ -21,7 +21,7 @@ public interface ReferenceManifestRepository extends JpaRepository getBaseByManufacturerModel(String manufacturer, String model); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true) - ReferenceManifest getByManufacturer(String manufacturer, String dType); + List getByManufacturer(String manufacturer, String dType); @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true) ReferenceManifest getByModel(String model, String dType); @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java index 56e0b122..40d9a5cc 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java @@ -32,8 +32,6 @@ public class ComponentClass { private static final Path JSON_PATH = FileSystems.getDefault() .getPath("/opt", "hirs", "default-properties", "component-class.json"); -// private static final Path JSON_PATH = FileSystems.getDefault() -// .getPath("/opt", "hirs", "default-properties", "component-class.json"); private static final String OTHER_STRING = "Other"; private static final String UNKNOWN_STRING = "Unknown"; private static final String NONE_STRING = "None"; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index 92436ed8..2e9b7be5 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -3,7 +3,6 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; -import hirs.attestationca.persist.service.selector.ReferenceManifestSelector; import hirs.utils.SwidResource; import hirs.utils.xjc.BaseElement; import hirs.utils.xjc.Directory; @@ -92,105 +91,6 @@ public class BaseReferenceManifest extends ReferenceManifest { private String linkHref = null; private String linkRel = null; - /** - * This class enables the retrieval of BaseReferenceManifest by their attributes. - */ - public static class Selector extends ReferenceManifestSelector { - /** - * Construct a new ReferenceManifestSelector that will use - * the given (@link ReferenceManifestService} - * to retrieve one or may BaseReferenceManifest. - * - * @param referenceManifestManager the reference manifest manager to be used to retrieve - * reference manifests. - */ - public Selector(final ReferenceManifestServiceImpl referenceManifestManager) { - super(referenceManifestManager, BaseReferenceManifest.class); - } - - /** - * Specify the platform manufacturer that rims must have to be considered - * as matching. - * @param manufacturer string for the manufacturer - * @return this instance - */ - public Selector byManufacturer(final String manufacturer) { - setFieldValue(PLATFORM_MANUFACTURER, manufacturer); - return this; - } - - /** - * Specify the platform model that rims must have to be considered - * as matching. - * @param model string for the model - * @return this instance - */ - public Selector byModel(final String model) { - setFieldValue(PLATFORM_MODEL, model); - return this; - } - - /** - * Specify the platform manufacturer/model that rims must have to be considered - * as matching. - * @param manufacturer string for the manufacturer - * @param model string for the model - * @return this instance - */ - public Selector byManufacturerModel(final String manufacturer, final String model) { - setFieldValue(PLATFORM_MANUFACTURER, manufacturer); - setFieldValue(PLATFORM_MODEL, model); - return this; - } - - /** - * Specify the platform manufacturer/model/base flag that rims must have to be considered - * as matching. - * @param manufacturer string for the manufacturer - * @param model string for the model - * @return this instance - */ - public Selector byManufacturerModelBase(final String manufacturer, final String model) { - setFieldValue(PLATFORM_MANUFACTURER, manufacturer); - setFieldValue(PLATFORM_MODEL, model); - setFieldValue("swidPatch", false); - setFieldValue("swidSupplemental", false); - //setFieldValue("", false); //corpus? - return this; - } - - /** - * Specify the device name that rims must have to be considered - * as matching. - * @param deviceName string for the deviceName - * @return this instance - */ - public Selector byDeviceName(final String deviceName) { - setFieldValue("deviceName", deviceName); - return this; - } - - /** - * Specify the RIM hash associated with the base RIM. - * @param base64Hash the hash of the file associated with the rim - * @return this instance - */ - public Selector byBase64Hash(final String base64Hash) { - setFieldValue(BASE_64_HASH_FIELD, base64Hash); - return this; - } - - /** - * Specify the RIM hash associated with the base RIM. - * @param hexDecHash the hash of the file associated with the rim - * @return this instance - */ - public Selector byHexDecHash(final String hexDecHash) { - setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash); - return this; - } - } - /** * Support constructor for the RIM object. * @@ -340,17 +240,6 @@ public class BaseReferenceManifest extends ReferenceManifest { } } - /** - * Get a Selector for use in retrieving ReferenceManifest. - * - * @param rimMan the ReferenceManifestService to be used to retrieve - * persisted RIMs - * @return a Selector instance to use for retrieving RIMs - */ - public static Selector select(final ReferenceManifestServiceImpl rimMan) { - return new Selector(rimMan); - } - /** * This method and code is pulled and adopted from the TCG Tool. Since this * is taking in an file stored in memory through http, this was changed from diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index 62cdfb1e..fb961f70 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -29,6 +29,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; @@ -101,8 +102,6 @@ public class ReferenceManifestDetailsPageController extends PageController resources = baseRim.parseResource(); TCGEventLog logProcessor = null; + List subManifests; SupportReferenceManifest support = null; if (baseRim.getAssociatedRim() == null) { - support = (SupportReferenceManifest) referenceManifestRepository + /** + * Need to have parsing implemented + */ +// referenceManifestRepository.findByHash("hexDecHash", "Support"); + subManifests = referenceManifestRepository .getByManufacturer(baseRim.getPlatformManufacturer(), "SupportReferenceManifest"); + String fileString = new String(baseRim.getRimBytes(), StandardCharsets.UTF_8); + + for (ReferenceManifest rim : subManifests) { + if (rim instanceof SupportReferenceManifest) { + support = (SupportReferenceManifest) rim; + if (fileString.contains(rim.getHexDecHash())) { + break; + } + } + } if (support != null) { baseRim.setAssociatedRim(support.getId()); } @@ -300,8 +314,8 @@ public class ReferenceManifestDetailsPageController extends PageController Date: Thu, 29 Jun 2023 07:49:32 -0400 Subject: [PATCH 4/6] This push fixes the issues with parsing the file tag and getting the hash value for the support rim and as well for getting the collapsible file link on the details page to operate. [no ci] --- .../rim/BaseReferenceManifest.java | 206 ++++++++++++------ .../main/resources/identity_transform.xslt | 10 + ...eferenceManifestDetailsPageController.java | 2 +- .../java/hirs/utils/BouncyCastleUtils.java | 3 +- .../main/java/hirs/utils/SwidResource.java | 6 +- .../hirs/utils/swid/SwidTagConstants.java | 137 ++++++++++++ 6 files changed, 291 insertions(+), 73 deletions(-) create mode 100644 HIRS_AttestationCA/src/main/resources/identity_transform.xslt create mode 100644 HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index 2e9b7be5..365fca10 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -2,15 +2,9 @@ package hirs.attestationca.persist.entity.userdefined.rim; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; -import hirs.attestationca.persist.service.ReferenceManifestServiceImpl; import hirs.utils.SwidResource; -import hirs.utils.xjc.BaseElement; -import hirs.utils.xjc.Directory; -import hirs.utils.xjc.File; -import hirs.utils.xjc.FilesystemItem; +import hirs.utils.swid.SwidTagConstants; import hirs.utils.xjc.Link; -import hirs.utils.xjc.Meta; -import hirs.utils.xjc.ResourceCollection; import hirs.utils.xjc.SoftwareIdentity; import hirs.utils.xjc.SoftwareMeta; import jakarta.persistence.Column; @@ -25,9 +19,21 @@ import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.extern.log4j.Log4j2; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; import javax.xml.namespace.QName; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMResult; +import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -170,8 +176,6 @@ public class BaseReferenceManifest extends ReferenceManifest { } break; case "Payload": - parseResource((ResourceCollection) element.getValue()); - break; case "Signature": // left blank for a followup issue enhancement default: @@ -259,35 +263,67 @@ public class BaseReferenceManifest extends ReferenceManifest { } /** - * Helper method that is used to parse a specific element of the SwidTag - * based on an already established and stored byte array. + * This method validates the .swidtag file at the given filepath against the + * schema. A successful validation results in the output of the tag's name + * and tagId attributes, otherwise a generic error message is printed. * - * @param elementName string of an xml tag in the file. - * @return the object value of the element, if it exists */ - private BaseElement getBaseElementFromBytes(final String elementName) { - BaseElement baseElement = null; + private Element getDirectoryTag() { + return getDirectoryTag(new ByteArrayInputStream(getRimBytes())); + } - if (getRimBytes() != null && elementName != null) { - try { - SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(getRimBytes())); - JAXBElement element; - for (Object object : si.getEntityOrEvidenceOrLink()) { - if (object instanceof JAXBElement) { - element = (JAXBElement) object; - if (element.getName().getLocalPart().equals(elementName)) { - // found the element - baseElement = (BaseElement) element.getValue(); - } - } - } + /** + * This method validates the .swidtag file at the given filepath against the + * schema. A successful validation results in the output of the tag's name + * and tagId attributes, otherwise a generic error message is printed. + * + * @param byteArrayInputStream the location of the file to be validated + */ + private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) { + Document document = unmarshallSwidTag(byteArrayInputStream); + Element softwareIdentity = + (Element) document.getElementsByTagName("SoftwareIdentity").item(0); + if (softwareIdentity != null) { + Element directory = (Element) document.getElementsByTagName("Directory").item(0); - } catch (IOException ioEx) { - log.error("Failed to parse Swid Tag bytes.", ioEx); - } + return directory; + } else { + log.error("Invalid xml for validation, please verify "); } - return baseElement; + return null; + } + + /** + * This method iterates over the list of File elements under the directory. * + */ + public List getFileResources() { + return getFileResources(getRimBytes()); + } + + /** + * This method iterates over the list of File elements under the directory. + * + * @param rimBytes the bytes to find the files + * + */ + public List getFileResources(final byte[] rimBytes) { + Element directoryTag = getDirectoryTag(new ByteArrayInputStream(rimBytes)); + List validHashes = new ArrayList<>(); + NodeList fileNodeList = directoryTag.getChildNodes(); + Element file = null; + SwidResource swidResource = null; + for (int i = 0; i < fileNodeList.getLength(); i++) { + file = (Element) fileNodeList.item(i); + swidResource = new SwidResource(); + swidResource.setName(file.getAttribute(SwidTagConstants.NAME)); + swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE)); + swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" + + SwidTagConstants._SHA256_HASH.getLocalPart())); + validHashes.add(swidResource); + } + + return validHashes; } /** @@ -301,13 +337,15 @@ public class BaseReferenceManifest extends ReferenceManifest { private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException { JAXBElement jaxbe = null; Schema schema; + Unmarshaller unmarshaller = null; try { - schema = ReferenceManifestServiceImpl.getSchemaObject(); + SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE); + schema = schemaFactory.newSchema(new StreamSource(stream)); if (jaxbContext == null) { jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE); } - Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + unmarshaller = jaxbContext.createUnmarshaller(); unmarshaller.setSchema(schema); jaxbe = (JAXBElement) unmarshaller.unmarshal(stream); } catch (UnmarshalException umEx) { @@ -316,6 +354,8 @@ public class BaseReferenceManifest extends ReferenceManifest { for (StackTraceElement ste : umEx.getStackTrace()) { log.error(ste.toString()); } + } catch (SAXException e) { + System.out.println("Error setting schema for validation!"); } catch (IllegalArgumentException iaEx) { log.error("Input file empty."); } catch (JAXBException jaxEx) { @@ -332,51 +372,79 @@ public class BaseReferenceManifest extends ReferenceManifest { } /** - * Default method for parsing the payload element. + * This method unmarshalls the swidtag found at [path] into a Document object + * and validates it according to the schema. * - * @return a collection of payload objects. + * @param byteArrayInputStream to the input swidtag + * @return the SoftwareIdentity element at the root of the swidtag + * @throws IOException if the swidtag cannot be unmarshalled or validated */ - public final List parseResource() { - return parseResource((ResourceCollection) this.getBaseElementFromBytes("Payload")); + private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) { + InputStream is = null; + Document document = null; + Unmarshaller unmarshaller = null; + try { + document = removeXMLWhitespace(byteArrayInputStream); + SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE); + is = getClass().getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL); + Schema schema = schemaFactory.newSchema(new StreamSource(is)); + if (jaxbContext == null) { + jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE); + } + unmarshaller = jaxbContext.createUnmarshaller(); + unmarshaller.setSchema(schema); + unmarshaller.unmarshal(document); + } catch (IOException e) { + log.error(e.getMessage()); + } catch (SAXException e) { + log.error("Error setting schema for validation!"); + } catch (UnmarshalException e) { + log.error("Error validating swidtag file!"); + } catch (IllegalArgumentException e) { + log.error("Input file empty."); + } catch (JAXBException e) { + e.printStackTrace(); + } finally { + if (is != null) { + try { + is.close(); + } catch (IOException e) { + System.out.println("Error closing input stream"); + } + } + } + + return document; } /** - * This method parses the payload method of a {@link ResourceCollection}. + * This method strips all whitespace from an xml file, including indents and spaces + * added for human-readability. * - * @param rc Resource Collection object. - * @return a collection of payload objects. + * @param byteArrayInputStream to the xml file + * @return Document object without whitespace */ - public final List parseResource(final ResourceCollection rc) { - List resources = new ArrayList<>(); - - log.error("Parsing stuff"); - try { - if (rc != null) { - for (Meta meta : rc.getDirectoryOrFileOrProcess()) { - if (meta instanceof Directory) { - Directory directory = (Directory) meta; - for (FilesystemItem fsi : directory.getDirectoryOrFile()) { - if (fsi != null) { - resources.add(new SwidResource( - (File) fsi, null)); - } else { - log.error("fsi is negative"); - } - } - } else if (meta instanceof File) { - resources.add(new SwidResource((File) meta, null)); - } - } - } else { - log.error("ResourceCollection is negative"); + private Document removeXMLWhitespace(final ByteArrayInputStream byteArrayInputStream) throws IOException { + TransformerFactory tf = TransformerFactory.newInstance(); + Source source = new StreamSource( + getClass().getClassLoader().getResourceAsStream("identity_transform.xslt")); + Document document = null; + if (byteArrayInputStream.available() > 0) { + try { + Transformer transformer = tf.newTransformer(source); + DOMResult result = new DOMResult(); + transformer.transform(new StreamSource(byteArrayInputStream), result); + document = (Document) result.getNode(); + } catch (TransformerConfigurationException tcEx) { + log.error("Error configuring transformer!"); + } catch (TransformerException tEx) { + log.error("Error transforming input!"); } - } catch (ClassCastException ccEx) { - log.error(ccEx); - log.error("At this time, the code does not support the " - + "particular formatting of this SwidTag's Payload."); + } else { + throw new IOException("Input file is empty!"); } - return resources; + return document; } @Override diff --git a/HIRS_AttestationCA/src/main/resources/identity_transform.xslt b/HIRS_AttestationCA/src/main/resources/identity_transform.xslt new file mode 100644 index 00000000..e5b58225 --- /dev/null +++ b/HIRS_AttestationCA/src/main/resources/identity_transform.xslt @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java index fb961f70..901c53c0 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java @@ -245,7 +245,7 @@ public class ReferenceManifestDetailsPageController extends PageController resources = baseRim.parseResource(); + List resources = baseRim.getFileResources(); TCGEventLog logProcessor = null; List subManifests; SupportReferenceManifest support = null; diff --git a/HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java b/HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java index a5ba12aa..d04cd993 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java +++ b/HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java @@ -27,7 +27,8 @@ public final class BouncyCastleUtils { */ public static boolean x500NameCompare(final String nameValue1, final String nameValue2) { if (nameValue1 == null || nameValue2 == null) { - throw new IllegalArgumentException("Provided DN string is null."); + log.error("Provided DN string is null."); + return true; } boolean result = false; diff --git a/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java b/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java index ee9f947e..342dffa7 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java +++ b/HIRS_Utils/src/main/java/hirs/utils/SwidResource.java @@ -4,6 +4,7 @@ import com.google.common.base.Preconditions; import hirs.utils.digest.DigestAlgorithm; import hirs.utils.xjc.File; import lombok.Getter; +import lombok.Setter; import lombok.ToString; import javax.xml.namespace.QName; @@ -18,9 +19,10 @@ import java.util.Map; public class SwidResource { @Getter - private String name, size; + @Setter + private String name, size, hashValue; @Getter - private String rimFormat, rimType, rimUriGlobal, hashValue; + private String rimFormat, rimType, rimUriGlobal; // private TpmWhiteListBaseline tpmWhiteList; private DigestAlgorithm digest = DigestAlgorithm.SHA1; @Getter diff --git a/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java new file mode 100644 index 00000000..dd6b2916 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java @@ -0,0 +1,137 @@ +package hirs.utils.swid; + +import javax.xml.XMLConstants; +import javax.xml.namespace.QName; + + +/** + * This class contains the String constants that are referenced by the gateway + * class. It is expected that member properties of this class will expand as + * more functionality is added to SwidTagGateway. + */ +public class SwidTagConstants { + + public static final String DEFAULT_KEYSTORE_FILE = "keystore.jks";//"/opt/hirs/rimtool/keystore.jks"; + public static final String DEFAULT_KEYSTORE_PASSWORD = "password"; + public static final String DEFAULT_PRIVATE_KEY_ALIAS = "1"; + public static final String DEFAULT_ATTRIBUTES_FILE = "/opt/hirs/rimtool/rim_fields.json"; + public static final String DEFAULT_ENGLISH = "en"; + + public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; + + public static final String SCHEMA_PACKAGE = "hirs.swid.xjc"; + public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI; + public static final String SCHEMA_URL = "swid_schema.xsd"; + + public static final String SOFTWARE_IDENTITY = "SoftwareIdentity"; + public static final String ENTITY = "Entity"; + public static final String LINK = "Link"; + public static final String META = "Meta"; + public static final String PAYLOAD = "Payload"; + public static final String DIRECTORY = "Directory"; + public static final String FILE = "File"; + public static final String NAME = "name"; + public static final String VERSION = "version"; + public static final String VERSION_SCHEME = "versionScheme"; + public static final String TAGID = "tagId"; + public static final String TAGVERSION = "tagVersion"; + public static final String CORPUS = "corpus"; + public static final String PATCH = "patch"; + public static final String SUPPLEMENTAL = "supplemental"; + public static final String REGID = "regid"; + public static final String ROLE = "role"; + public static final String THUMBPRINT = "thumbprint"; + public static final String HREF = "href"; + public static final String REL = "rel"; + public static final String COLLOQUIAL_VERSION = "colloquialVersion"; + public static final String EDITION = "edition"; + public static final String PRODUCT = "product"; + public static final String REVISION = "revision"; + public static final String PAYLOAD_TYPE = "PayloadType"; + public static final String HYBRID = "hybrid"; + public static final String PLATFORM_MANUFACTURER_STR = "platformManufacturerStr"; + public static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId"; + public static final String PLATFORM_MODEL = "platformModel"; + public static final String PLATFORM_VERSION = "platformVersion"; + public static final String FIRMWARE_MANUFACTURER_STR = "firmwareManufacturerStr"; + public static final String FIRMWARE_MANUFACTURER_ID = "firmwareManufacturerId"; + public static final String FIRMWARE_MODEL = "firmwareModel"; + public static final String FIRMWARE_VERSION = "firmwareVersion"; + public static final String BINDING_SPEC = "bindingSpec"; + public static final String BINDING_SPEC_VERSION = "bindingSpecVersion"; + public static final String PC_URI_LOCAL = "pcURIlocal"; + public static final String PC_URI_GLOBAL = "pcURIGlobal"; + public static final String RIM_LINK_HASH = "rimLinkHash"; + public static final String SIZE = "size"; + public static final String HASH = "hash"; + public static final String SUPPORT_RIM_TYPE = "supportRIMType"; + public static final String SUPPORT_RIM_FORMAT = "supportRIMFormat"; + public static final String TCG_EVENTLOG_ASSERTION = "TCG_EventLog_Assertion"; + public static final String TPM_PCR_ASSERTION = "TPM_PCR_Assertion"; + public static final String SUPPORT_RIM_FORMAT_MISSING = "supportRIMFormat missing"; + public static final String SUPPORT_RIM_URI_GLOBAL = "supportRIMURIGlobal"; + public static final String DATETIME = "dateTime"; + + public static final String NIST_NS = "http://csrc.nist.gov/ns/swid/2015-extensions/1.0"; + public static final String TCG_NS = "https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model"; + public static final String RFC3852_NS = "https://www.ietf.org/rfc/rfc3852.txt"; + public static final String RFC3339_NS = "https://www.ietf.org/rfc/rfc3339.txt"; + + public static final String N8060_PFX = "n8060"; + public static final String RIM_PFX = "rim"; + public static final String RFC3852_PFX = "rcf3852"; + public static final String RFC3339_PFX = "rcf3339"; + + public static final QName _SHA256_HASH = new QName( + "http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256"); + public static final QName _COLLOQUIAL_VERSION = new QName( + NIST_NS, COLLOQUIAL_VERSION, N8060_PFX); + public static final QName _EDITION = new QName( + NIST_NS, EDITION, N8060_PFX); + public static final QName _PRODUCT = new QName( + NIST_NS, PRODUCT, N8060_PFX); + public static final QName _REVISION = new QName( + NIST_NS, REVISION, N8060_PFX); + public static final QName _PAYLOAD_TYPE = new QName( + TCG_NS, PAYLOAD_TYPE, RIM_PFX); + public static final QName _PLATFORM_MANUFACTURER_STR = new QName( + TCG_NS, PLATFORM_MANUFACTURER_STR, RIM_PFX); + public static final QName _PLATFORM_MANUFACTURER_ID = new QName( + TCG_NS, PLATFORM_MANUFACTURER_ID, RIM_PFX); + public static final QName _PLATFORM_MODEL = new QName( + TCG_NS, PLATFORM_MODEL, RIM_PFX); + public static final QName _PLATFORM_VERSION = new QName( + TCG_NS, PLATFORM_VERSION, RIM_PFX); + public static final QName _FIRMWARE_MANUFACTURER_STR = new QName( + TCG_NS, FIRMWARE_MANUFACTURER_STR, RIM_PFX); + public static final QName _FIRMWARE_MANUFACTURER_ID = new QName( + TCG_NS, FIRMWARE_MANUFACTURER_ID, RIM_PFX); + public static final QName _FIRMWARE_MODEL = new QName( + TCG_NS, FIRMWARE_MODEL, RIM_PFX); + public static final QName _FIRMWARE_VERSION = new QName( + TCG_NS, FIRMWARE_VERSION, RIM_PFX); + public static final QName _BINDING_SPEC = new QName( + TCG_NS, BINDING_SPEC, RIM_PFX); + public static final QName _BINDING_SPEC_VERSION = new QName( + TCG_NS, BINDING_SPEC_VERSION, RIM_PFX); + public static final QName _PC_URI_LOCAL = new QName( + TCG_NS, PC_URI_LOCAL, RIM_PFX); + public static final QName _PC_URI_GLOBAL = new QName( + TCG_NS, PC_URI_GLOBAL, RIM_PFX); + public static final QName _RIM_LINK_HASH = new QName( + TCG_NS, RIM_LINK_HASH, RIM_PFX); + public static final QName _SUPPORT_RIM_TYPE = new QName( + TCG_NS, SUPPORT_RIM_TYPE, RIM_PFX); + public static final QName _SUPPORT_RIM_FORMAT = new QName( + TCG_NS, SUPPORT_RIM_FORMAT, RIM_PFX); + public static final QName _SUPPORT_RIM_URI_GLOBAL = new QName( + TCG_NS, SUPPORT_RIM_URI_GLOBAL, RIM_PFX); + public static final QName _N8060_ENVVARPREFIX = new QName( + NIST_NS, "envVarPrefix", N8060_PFX); + public static final QName _N8060_ENVVARSUFFIX = new QName( + NIST_NS, "envVarSuffix", N8060_PFX); + public static final QName _N8060_PATHSEPARATOR = new QName( + NIST_NS, "pathSeparator", N8060_PFX); + + public static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2"; +} From 34aa54100e7402658ff08a4050bd1286f24ad657 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 30 Jun 2023 09:03:19 -0400 Subject: [PATCH 5/6] This push resolves the parsing issue of swidtags that may not meet the validation based on an attribute not matching the spec. --- .../rim/BaseReferenceManifest.java | 237 +++++------------- .../SupplyChainValidationServiceImpl.java | 3 +- .../portal/PersistenceJPAConfig.java | 7 + .../hirs/utils/swid/SwidTagConstants.java | 1 + 4 files changed, 78 insertions(+), 170 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java index 365fca10..391fe8ae 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java @@ -4,13 +4,9 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.utils.SwidResource; import hirs.utils.swid.SwidTagConstants; -import hirs.utils.xjc.Link; -import hirs.utils.xjc.SoftwareIdentity; -import hirs.utils.xjc.SoftwareMeta; import jakarta.persistence.Column; import jakarta.persistence.Entity; import jakarta.xml.bind.JAXBContext; -import jakarta.xml.bind.JAXBElement; import jakarta.xml.bind.JAXBException; import jakarta.xml.bind.UnmarshalException; import jakarta.xml.bind.Unmarshaller; @@ -24,7 +20,6 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import javax.xml.namespace.QName; import javax.xml.transform.Source; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; @@ -42,7 +37,6 @@ import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Base64; import java.util.List; -import java.util.Map; /** * @@ -100,28 +94,31 @@ public class BaseReferenceManifest extends ReferenceManifest { /** * Support constructor for the RIM object. * - * @param fileName - string representation of the uploaded file. * @param rimBytes - the file content of the uploaded file. * @throws IOException - thrown if the file is invalid. */ - public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException { - this(rimBytes); - this.setFileName(fileName); + public BaseReferenceManifest(final byte[] rimBytes) throws IOException { + this("", rimBytes); } /** * Main constructor for the RIM object. This takes in a byte array of a * valid swidtag file and parses the information. * + * @param fileName - string representation of the uploaded file. * @param rimBytes byte array representation of the RIM * @throws IOException if unable to unmarshal the string */ @SuppressWarnings("checkstyle:AvoidInlineConditionals") - public BaseReferenceManifest(final byte[] rimBytes) throws IOException { + public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException { super(rimBytes); this.setRimType(BASE_RIM); - this.setFileName(""); - SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes)); + this.setFileName(fileName); + Document document = unmarshallSwidTag(new ByteArrayInputStream(rimBytes)); + Element softwareIdentity; + Element meta; + Element entity; + Element link; MessageDigest digest = null; this.base64Hash = ""; @@ -134,54 +131,22 @@ public class BaseReferenceManifest extends ReferenceManifest { } // begin parsing valid swid tag - if (si != null) { - setTagId(si.getTagId()); - this.swidName = si.getName(); - this.swidCorpus = si.isCorpus() ? 1 : 0; - this.setSwidPatch(si.isPatch()); - this.setSwidSupplemental(si.isSupplemental()); - this.setSwidVersion(si.getVersion()); - if (si.getTagVersion() != null) { - this.setSwidTagVersion(si.getTagVersion().toString()); - } + if (document != null) { + softwareIdentity = (Element) document.getElementsByTagName(SwidTagConstants.SOFTWARE_IDENTITY).item(0); + entity = (Element) document.getElementsByTagName(SwidTagConstants.ENTITY).item(0); + link = (Element) document.getElementsByTagName(SwidTagConstants.LINK).item(0); + meta = (Element) document.getElementsByTagName(SwidTagConstants.META).item(0); + setTagId(softwareIdentity.getAttribute(SwidTagConstants.TAGID)); + this.swidName = softwareIdentity.getAttribute(SwidTagConstants.NAME); + this.swidCorpus = Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.CORPUS)) ? 1 : 0; + this.setSwidPatch(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.PATCH))); + this.setSwidSupplemental(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.SUPPLEMENTAL))); + this.setSwidVersion(softwareIdentity.getAttribute(SwidTagConstants.VERSION)); + this.setSwidTagVersion(softwareIdentity.getAttribute(SwidTagConstants.TAGVERSION)); - for (Object object : si.getEntityOrEvidenceOrLink()) { - if (object instanceof JAXBElement) { - JAXBElement element = (JAXBElement) object; - String elementName = element.getName().getLocalPart(); - switch (elementName) { - case "Meta": - parseSoftwareMeta((SoftwareMeta) element.getValue()); - break; - case "Entity": - hirs.utils.xjc.Entity entity - = (hirs.utils.xjc.Entity) element.getValue(); - if (entity != null) { - this.entityName = entity.getName(); - this.entityRegId = entity.getRegid(); - StringBuilder sb = new StringBuilder(); - for (String role : entity.getRole()) { - sb.append(String.format("%s%n", role)); - } - this.entityRole = sb.toString(); - this.entityThumbprint = entity.getThumbprint(); - } - break; - case "Link": - Link link - = (Link) element.getValue(); - if (link != null) { - this.linkHref = link.getHref(); - this.linkRel = link.getRel(); - } - break; - case "Payload": - case "Signature": - // left blank for a followup issue enhancement - default: - } - } - } + parseSoftwareMeta(meta); + parseEntity(entity); + parseLink(link); } } @@ -191,75 +156,57 @@ public class BaseReferenceManifest extends ReferenceManifest { * * @param softwareMeta The object to parse. */ - private void parseSoftwareMeta(final SoftwareMeta softwareMeta) { + private void parseSoftwareMeta(final Element softwareMeta) { if (softwareMeta != null) { - for (Map.Entry entry - : softwareMeta.getOtherAttributes().entrySet()) { - switch (entry.getKey().getLocalPart()) { - case "colloquialVersion": - this.colloquialVersion = entry.getValue(); - break; - case "product": - this.product = entry.getValue(); - break; - case "revision": - this.revision = entry.getValue(); - break; - case "edition": - this.edition = entry.getValue(); - break; - case "rimLinkHash": - this.rimLinkHash = entry.getValue(); - break; - case "bindingSpec": - this.bindingSpec = entry.getValue(); - break; - case "bindingSpecVersion": - this.bindingSpecVersion = entry.getValue(); - break; - case "platformManufacturerId": - this.setPlatformManufacturerId(entry.getValue()); - break; - case "platformModel": - this.setPlatformModel(entry.getValue()); - break; - case "platformManufacturerStr": - this.setPlatformManufacturer(entry.getValue()); - break; - case "platformVersion": - this.platformVersion = entry.getValue(); - break; - case "payloadType": - this.payloadType = entry.getValue(); - break; - case "pcURIGlobal": - this.pcURIGlobal = entry.getValue(); - break; - case "pcURILocal": - this.pcURILocal = entry.getValue(); - break; - default: - } - } + this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants._COLLOQUIAL_VERSION_STR); + this.product = softwareMeta.getAttribute(SwidTagConstants._PRODUCT_STR); + this.revision = softwareMeta.getAttribute(SwidTagConstants._REVISION_STR); + this.edition = softwareMeta.getAttribute(SwidTagConstants._EDITION_STR); + this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants._RIM_LINK_HASH_STR); + this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_STR); + this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_VERSION_STR); + this.setPlatformManufacturerId(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_ID_STR)); + this.setPlatformManufacturer(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_STR)); + this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MODEL_STR)); + this.platformVersion = softwareMeta.getAttribute(SwidTagConstants._PLATFORM_VERSION_STR); + this.payloadType = softwareMeta.getAttribute(SwidTagConstants._PAYLOAD_TYPE_STR); + this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_GLOBAL_STR); + this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_LOCAL_STR); + } else { + log.warn("SoftwareMeta Tag not found."); } } /** - * This method and code is pulled and adopted from the TCG Tool. Since this - * is taking in an file stored in memory through http, this was changed from - * a file to a stream as the input. + * This is a helper method that parses the Entity tag and stores the + * information in the class fields. * - * @param fileStream stream of the swidtag file. - * @return a {@link SoftwareIdentity} object - * @throws IOException Thrown by the unmarhsallSwidTag method. + * @param entity The object to parse. */ - private SoftwareIdentity validateSwidTag(final InputStream fileStream) throws IOException { - JAXBElement jaxbe = unmarshallSwidTag(fileStream); - SoftwareIdentity swidTag = (SoftwareIdentity) jaxbe.getValue(); + private void parseEntity(final Element entity) { + if (entity != null) { + this.entityName = entity.getAttribute(SwidTagConstants.NAME); + this.entityRegId = entity.getAttribute(SwidTagConstants.REGID); + this.entityRole = entity.getAttribute(SwidTagConstants.ROLE); + this.entityThumbprint = entity.getAttribute(SwidTagConstants.THUMBPRINT); + } else { + log.warn("Entity Tag not found."); + } + } - log.debug(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s", - swidTag.getName(), swidTag.getTagId(), SCHEMA_STATEMENT)); - return swidTag; + /** + * This is a helper method that parses the Link tag and stores the + * information in the class fields. + * + * @param link The object to parse. + */ + private void parseLink(final Element link) { + if (link != null) { + this.linkHref = link.getAttribute(SwidTagConstants.HREF); + this.linkRel = link.getAttribute(SwidTagConstants.REL); + } else { + log.warn("Link Tag not found."); + } } /** @@ -326,58 +273,12 @@ public class BaseReferenceManifest extends ReferenceManifest { return validHashes; } - /** - * This method unmarshalls the swidtag found at [path] and validates it - * according to the schema. - * - * @param stream to the input swidtag - * @return the SoftwareIdentity element at the root of the swidtag - * @throws IOException if the swidtag cannot be unmarshalled or validated - */ - private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException { - JAXBElement jaxbe = null; - Schema schema; - Unmarshaller unmarshaller = null; - - try { - SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE); - schema = schemaFactory.newSchema(new StreamSource(stream)); - if (jaxbContext == null) { - jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE); - } - unmarshaller = jaxbContext.createUnmarshaller(); - unmarshaller.setSchema(schema); - jaxbe = (JAXBElement) unmarshaller.unmarshal(stream); - } catch (UnmarshalException umEx) { - log.error(String.format("Error validating swidtag file!%n%s%n%s", - umEx.getMessage(), umEx.toString())); - for (StackTraceElement ste : umEx.getStackTrace()) { - log.error(ste.toString()); - } - } catch (SAXException e) { - System.out.println("Error setting schema for validation!"); - } catch (IllegalArgumentException iaEx) { - log.error("Input file empty."); - } catch (JAXBException jaxEx) { - for (StackTraceElement ste : jaxEx.getStackTrace()) { - log.error(ste.toString()); - } - } - - if (jaxbe != null) { - return jaxbe; - } else { - throw new IOException("Invalid Base RIM, swidtag format expected."); - } - } - /** * This method unmarshalls the swidtag found at [path] into a Document object * and validates it according to the schema. * * @param byteArrayInputStream to the input swidtag - * @return the SoftwareIdentity element at the root of the swidtag - * @throws IOException if the swidtag cannot be unmarshalled or validated + * @return the Document element at the root of the swidtag */ private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) { InputStream is = null; diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java index 30543763..d9785bb5 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java @@ -117,8 +117,7 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService caCreds = new HashSet<>(); for (CertificateAuthorityCredential cred : certAuthsWithMatchingIssuer) { caCreds.add(cred); - if ((cred.getHolderIssuer() != null && cred.getSubject() != null) - && !BouncyCastleUtils.x500NameCompare(cred.getHolderIssuer(), + if (!BouncyCastleUtils.x500NameCompare(cred.getHolderIssuer(), cred.getSubject())) { caCreds.addAll(getCaChainRec(cred, queriedOrganizations)); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java index 15074321..f8b06efe 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java @@ -26,6 +26,13 @@ import javax.sql.DataSource; import java.security.cert.X509Certificate; import java.util.Properties; +/** + * Provides application context configuration for the Attestation Certificate + * Authority application. The properties are processed in order and as such, the + * last property file read in will override properties that may had already been + * defined previously. In other words, the 'defaults.properties' file provides a + * basic standard of properties that can be overrode by the + */ @Log4j2 @Configuration @EnableWebMvc diff --git a/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java index dd6b2916..c259a56c 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java @@ -79,6 +79,7 @@ public class SwidTagConstants { public static final String N8060_PFX = "n8060"; public static final String RIM_PFX = "rim"; + public static final String FX_SEPARATOR = ":"; public static final String RFC3852_PFX = "rcf3852"; public static final String RFC3339_PFX = "rcf3339"; From c55c148da787b852f33b8494a269d7888912520a Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 30 Jun 2023 09:10:05 -0400 Subject: [PATCH 6/6] Not sure why but constants didn't get pushed. --- .../hirs/utils/swid/SwidTagConstants.java | 33 ++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java index c259a56c..287493bd 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java +++ b/HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java @@ -83,6 +83,37 @@ public class SwidTagConstants { public static final String RFC3852_PFX = "rcf3852"; public static final String RFC3339_PFX = "rcf3339"; + public static final String _COLLOQUIAL_VERSION_STR = new String(N8060_PFX + FX_SEPARATOR + + COLLOQUIAL_VERSION); + public static final String _PRODUCT_STR = new String(N8060_PFX + FX_SEPARATOR + + PRODUCT); + public static final String _REVISION_STR = new String(N8060_PFX + FX_SEPARATOR + + REVISION); + public static final String _EDITION_STR = new String(N8060_PFX + FX_SEPARATOR + + EDITION); + + public static final String _RIM_LINK_HASH_STR = new String(RIM_PFX + FX_SEPARATOR + + RIM_LINK_HASH); + public static final String _BINDING_SPEC_STR = new String(RIM_PFX + FX_SEPARATOR + + BINDING_SPEC); + public static final String _BINDING_SPEC_VERSION_STR = new String(RIM_PFX + FX_SEPARATOR + + BINDING_SPEC_VERSION); + public static final String _PLATFORM_MANUFACTURER_STR = new String(RIM_PFX + FX_SEPARATOR + + PLATFORM_MANUFACTURER_STR); + public static final String _PLATFORM_MANUFACTURER_ID_STR = new String(RIM_PFX + FX_SEPARATOR + + PLATFORM_MANUFACTURER_ID); + public static final String _PLATFORM_MODEL_STR = new String(RIM_PFX + FX_SEPARATOR + + PLATFORM_MODEL); + public static final String _PLATFORM_VERSION_STR = new String(RIM_PFX + FX_SEPARATOR + + PLATFORM_VERSION); + public static final String _PAYLOAD_TYPE_STR = new String(RIM_PFX + FX_SEPARATOR + + PAYLOAD_TYPE); + public static final String _PC_URI_LOCAL_STR = new String(RIM_PFX + FX_SEPARATOR + + PC_URI_LOCAL); + public static final String _PC_URI_GLOBAL_STR = new String(RIM_PFX + FX_SEPARATOR + + PC_URI_GLOBAL); + + public static final QName _SHA256_HASH = new QName( "http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256"); public static final QName _COLLOQUIAL_VERSION = new QName( @@ -95,7 +126,7 @@ public class SwidTagConstants { NIST_NS, REVISION, N8060_PFX); public static final QName _PAYLOAD_TYPE = new QName( TCG_NS, PAYLOAD_TYPE, RIM_PFX); - public static final QName _PLATFORM_MANUFACTURER_STR = new QName( + public static final QName _PLATFORM_MANUFACTURER = new QName( TCG_NS, PLATFORM_MANUFACTURER_STR, RIM_PFX); public static final QName _PLATFORM_MANUFACTURER_ID = new QName( TCG_NS, PLATFORM_MANUFACTURER_ID, RIM_PFX);