ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-02 23:51:02 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #544 from nsacyber/v3_issue-534-basedetails

Browse Source 
[#534] Base RIM Details Page
This commit is contained in:
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 2023-06-30 10:48:37 -04:00 committed by GitHub
commit cee017090f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 409 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/AbstractEntity.java
View File

@ -40,7 +40,7 @@ public abstract class AbstractEntity implements Serializable {
@Column (name = "create_time") @Column (name = "create_time")
@ColumnDefault(value = "CURRENT_TIMESTAMP") @ColumnDefault(value = "CURRENT_TIMESTAMP")
@Generated(GenerationTime.INSERT) @Generated(GenerationTime.INSERT)
private Date createTime;// = new Date(); private Date createTime;
/** /**
* Default empty constructor is required for Hibernate. It is protected to * Default empty constructor is required for Hibernate. It is protected to

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ReferenceManifestRepository.java
View File

@ -21,7 +21,7 @@ public interface ReferenceManifestRepository extends JpaRepository<ReferenceMani
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true) @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND platformModel = ?2 AND rimType = 'Base'", nativeQuery = true)
List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model); List<BaseReferenceManifest> getBaseByManufacturerModel(String manufacturer, String model);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true) @Query(value = "SELECT * FROM ReferenceManifest WHERE platformManufacturer = ?1 AND DTYPE = ?2", nativeQuery = true)
ReferenceManifest getByManufacturer(String manufacturer, String dType); List<ReferenceManifest> getByManufacturer(String manufacturer, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true) @Query(value = "SELECT * FROM ReferenceManifest WHERE platformModel = ?1 AND DTYPE = ?2", nativeQuery = true)
ReferenceManifest getByModel(String model, String dType); ReferenceManifest getByModel(String model, String dType);
@Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true) @Query(value = "SELECT * FROM ReferenceManifest WHERE DTYPE = 'BaseReferenceManifest'", nativeQuery = true)

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java
View File

@ -32,8 +32,6 @@ public class ComponentClass {
private static final Path JSON_PATH = FileSystems.getDefault() private static final Path JSON_PATH = FileSystems.getDefault()
.getPath("/opt", "hirs", "default-properties", "component-class.json"); .getPath("/opt", "hirs", "default-properties", "component-class.json");
// private static final Path JSON_PATH = FileSystems.getDefault()
// .getPath("/opt", "hirs", "default-properties", "component-class.json");
private static final String OTHER_STRING = "Other"; private static final String OTHER_STRING = "Other";
private static final String UNKNOWN_STRING = "Unknown"; private static final String UNKNOWN_STRING = "Unknown";
private static final String NONE_STRING = "None"; private static final String NONE_STRING = "None";

540
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/rim/BaseReferenceManifest.java
View File

@ -2,22 +2,11 @@ package hirs.attestationca.persist.entity.userdefined.rim;
import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.attestationca.persist.entity.userdefined.ReferenceManifest; import hirs.attestationca.persist.entity.userdefined.ReferenceManifest;
import hirs.attestationca.persist.service.ReferenceManifestServiceImpl;
import hirs.attestationca.persist.service.selector.ReferenceManifestSelector;
import hirs.utils.SwidResource; import hirs.utils.SwidResource;
import hirs.utils.xjc.BaseElement; import hirs.utils.swid.SwidTagConstants;
import hirs.utils.xjc.Directory;
import hirs.utils.xjc.File;
import hirs.utils.xjc.FilesystemItem;
import hirs.utils.xjc.Link;
import hirs.utils.xjc.Meta;
import hirs.utils.xjc.ResourceCollection;
import hirs.utils.xjc.SoftwareIdentity;
import hirs.utils.xjc.SoftwareMeta;
import jakarta.persistence.Column; import jakarta.persistence.Column;
import jakarta.persistence.Entity; import jakarta.persistence.Entity;
import jakarta.xml.bind.JAXBContext; import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBElement;
import jakarta.xml.bind.JAXBException; import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.UnmarshalException; import jakarta.xml.bind.UnmarshalException;
import jakarta.xml.bind.Unmarshaller; import jakarta.xml.bind.Unmarshaller;
@ -26,9 +15,20 @@ import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import lombok.extern.log4j.Log4j2; import lombok.extern.log4j.Log4j2;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import javax.xml.namespace.QName; import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema; import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@ -37,7 +37,6 @@ import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Base64; import java.util.Base64;
import java.util.List; import java.util.List;
import java.util.Map;
/** /**
* *
@ -92,130 +91,34 @@ public class BaseReferenceManifest extends ReferenceManifest {
private String linkHref = null; private String linkHref = null;
private String linkRel = null; private String linkRel = null;
/**
* This class enables the retrieval of BaseReferenceManifest by their attributes.
*/
public static class Selector extends ReferenceManifestSelector<BaseReferenceManifest> {
/**
* Construct a new ReferenceManifestSelector that will use
* the given (@link ReferenceManifestService}
* to retrieve one or may BaseReferenceManifest.
*
* @param referenceManifestManager the reference manifest manager to be used to retrieve
* reference manifests.
*/
public Selector(final ReferenceManifestServiceImpl referenceManifestManager) {
super(referenceManifestManager, BaseReferenceManifest.class);
}
/**
* Specify the platform manufacturer that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @return this instance
*/
public Selector byManufacturer(final String manufacturer) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
return this;
}
/**
* Specify the platform model that rims must have to be considered
* as matching.
* @param model string for the model
* @return this instance
*/
public Selector byModel(final String model) {
setFieldValue(PLATFORM_MODEL, model);
return this;
}
/**
* Specify the platform manufacturer/model that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @param model string for the model
* @return this instance
*/
public Selector byManufacturerModel(final String manufacturer, final String model) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
setFieldValue(PLATFORM_MODEL, model);
return this;
}
/**
* Specify the platform manufacturer/model/base flag that rims must have to be considered
* as matching.
* @param manufacturer string for the manufacturer
* @param model string for the model
* @return this instance
*/
public Selector byManufacturerModelBase(final String manufacturer, final String model) {
setFieldValue(PLATFORM_MANUFACTURER, manufacturer);
setFieldValue(PLATFORM_MODEL, model);
setFieldValue("swidPatch", false);
setFieldValue("swidSupplemental", false);
//setFieldValue("", false); //corpus?
return this;
}
/**
* Specify the device name that rims must have to be considered
* as matching.
* @param deviceName string for the deviceName
* @return this instance
*/
public Selector byDeviceName(final String deviceName) {
setFieldValue("deviceName", deviceName);
return this;
}
/**
* Specify the RIM hash associated with the base RIM.
* @param base64Hash the hash of the file associated with the rim
* @return this instance
*/
public Selector byBase64Hash(final String base64Hash) {
setFieldValue(BASE_64_HASH_FIELD, base64Hash);
return this;
}
/**
* Specify the RIM hash associated with the base RIM.
* @param hexDecHash the hash of the file associated with the rim
* @return this instance
*/
public Selector byHexDecHash(final String hexDecHash) {
setFieldValue(HEX_DEC_HASH_FIELD, hexDecHash);
return this;
}
}
/** /**
* Support constructor for the RIM object. * Support constructor for the RIM object.
* *
* @param fileName - string representation of the uploaded file.
* @param rimBytes - the file content of the uploaded file. * @param rimBytes - the file content of the uploaded file.
* @throws IOException - thrown if the file is invalid. * @throws IOException - thrown if the file is invalid.
*/ */
public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException { public BaseReferenceManifest(final byte[] rimBytes) throws IOException {
this(rimBytes); this("", rimBytes);
this.setFileName(fileName);
} }
/** /**
* Main constructor for the RIM object. This takes in a byte array of a * Main constructor for the RIM object. This takes in a byte array of a
* valid swidtag file and parses the information. * valid swidtag file and parses the information.
* *
* @param fileName - string representation of the uploaded file.
* @param rimBytes byte array representation of the RIM * @param rimBytes byte array representation of the RIM
* @throws IOException if unable to unmarshal the string * @throws IOException if unable to unmarshal the string
*/ */
@SuppressWarnings("checkstyle:AvoidInlineConditionals") @SuppressWarnings("checkstyle:AvoidInlineConditionals")
public BaseReferenceManifest(final byte[] rimBytes) throws IOException { public BaseReferenceManifest(final String fileName, final byte[] rimBytes) throws IOException {
super(rimBytes); super(rimBytes);
this.setRimType(BASE_RIM); this.setRimType(BASE_RIM);
this.setFileName(""); this.setFileName(fileName);
SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(rimBytes)); Document document = unmarshallSwidTag(new ByteArrayInputStream(rimBytes));
Element softwareIdentity;
Element meta;
Element entity;
Element link;
MessageDigest digest = null; MessageDigest digest = null;
this.base64Hash = ""; this.base64Hash = "";
@ -228,56 +131,22 @@ public class BaseReferenceManifest extends ReferenceManifest {
} }
// begin parsing valid swid tag // begin parsing valid swid tag
if (si != null) { if (document != null) {
setTagId(si.getTagId()); softwareIdentity = (Element) document.getElementsByTagName(SwidTagConstants.SOFTWARE_IDENTITY).item(0);
this.swidName = si.getName(); entity = (Element) document.getElementsByTagName(SwidTagConstants.ENTITY).item(0);
this.swidCorpus = si.isCorpus() ? 1 : 0; link = (Element) document.getElementsByTagName(SwidTagConstants.LINK).item(0);
this.setSwidPatch(si.isPatch()); meta = (Element) document.getElementsByTagName(SwidTagConstants.META).item(0);
this.setSwidSupplemental(si.isSupplemental()); setTagId(softwareIdentity.getAttribute(SwidTagConstants.TAGID));
this.setSwidVersion(si.getVersion()); this.swidName = softwareIdentity.getAttribute(SwidTagConstants.NAME);
if (si.getTagVersion() != null) { this.swidCorpus = Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.CORPUS)) ? 1 : 0;
this.setSwidTagVersion(si.getTagVersion().toString()); this.setSwidPatch(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.PATCH)));
} this.setSwidSupplemental(Boolean.parseBoolean(softwareIdentity.getAttribute(SwidTagConstants.SUPPLEMENTAL)));
this.setSwidVersion(softwareIdentity.getAttribute(SwidTagConstants.VERSION));
this.setSwidTagVersion(softwareIdentity.getAttribute(SwidTagConstants.TAGVERSION));
for (Object object : si.getEntityOrEvidenceOrLink()) { parseSoftwareMeta(meta);
if (object instanceof JAXBElement) { parseEntity(entity);
JAXBElement element = (JAXBElement) object; parseLink(link);
String elementName = element.getName().getLocalPart();
switch (elementName) {
case "Meta":
parseSoftwareMeta((SoftwareMeta) element.getValue());
break;
case "Entity":
hirs.utils.xjc.Entity entity
= (hirs.utils.xjc.Entity) element.getValue();
if (entity != null) {
this.entityName = entity.getName();
this.entityRegId = entity.getRegid();
StringBuilder sb = new StringBuilder();
for (String role : entity.getRole()) {
sb.append(String.format("%s%n", role));
}
this.entityRole = sb.toString();
this.entityThumbprint = entity.getThumbprint();
}
break;
case "Link":
Link link
= (Link) element.getValue();
if (link != null) {
this.linkHref = link.getHref();
this.linkRel = link.getRel();
}
break;
case "Payload":
parseResource((ResourceCollection) element.getValue());
break;
case "Signature":
// left blank for a followup issue enhancement
default:
}
}
}
} }
} }
@ -287,207 +156,196 @@ public class BaseReferenceManifest extends ReferenceManifest {
* *
* @param softwareMeta The object to parse. * @param softwareMeta The object to parse.
*/ */
private void parseSoftwareMeta(final SoftwareMeta softwareMeta) { private void parseSoftwareMeta(final Element softwareMeta) {
if (softwareMeta != null) { if (softwareMeta != null) {
for (Map.Entry<QName, String> entry this.colloquialVersion = softwareMeta.getAttribute(SwidTagConstants._COLLOQUIAL_VERSION_STR);
: softwareMeta.getOtherAttributes().entrySet()) { this.product = softwareMeta.getAttribute(SwidTagConstants._PRODUCT_STR);
switch (entry.getKey().getLocalPart()) { this.revision = softwareMeta.getAttribute(SwidTagConstants._REVISION_STR);
case "colloquialVersion": this.edition = softwareMeta.getAttribute(SwidTagConstants._EDITION_STR);
this.colloquialVersion = entry.getValue(); this.rimLinkHash = softwareMeta.getAttribute(SwidTagConstants._RIM_LINK_HASH_STR);
break; this.bindingSpec = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_STR);
case "product": this.bindingSpecVersion = softwareMeta.getAttribute(SwidTagConstants._BINDING_SPEC_VERSION_STR);
this.product = entry.getValue(); this.setPlatformManufacturerId(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_ID_STR));
break; this.setPlatformManufacturer(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MANUFACTURER_STR));
case "revision": this.setPlatformModel(softwareMeta.getAttribute(SwidTagConstants._PLATFORM_MODEL_STR));
this.revision = entry.getValue(); this.platformVersion = softwareMeta.getAttribute(SwidTagConstants._PLATFORM_VERSION_STR);
break; this.payloadType = softwareMeta.getAttribute(SwidTagConstants._PAYLOAD_TYPE_STR);
case "edition": this.pcURIGlobal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_GLOBAL_STR);
this.edition = entry.getValue(); this.pcURILocal = softwareMeta.getAttribute(SwidTagConstants._PC_URI_LOCAL_STR);
break; } else {
case "rimLinkHash": log.warn("SoftwareMeta Tag not found.");
this.rimLinkHash = entry.getValue();
break;
case "bindingSpec":
this.bindingSpec = entry.getValue();
break;
case "bindingSpecVersion":
this.bindingSpecVersion = entry.getValue();
break;
case "platformManufacturerId":
this.setPlatformManufacturerId(entry.getValue());
break;
case "platformModel":
this.setPlatformModel(entry.getValue());
break;
case "platformManufacturerStr":
this.setPlatformManufacturer(entry.getValue());
break;
case "platformVersion":
this.platformVersion = entry.getValue();
break;
case "payloadType":
this.payloadType = entry.getValue();
break;
case "pcURIGlobal":
this.pcURIGlobal = entry.getValue();
break;
case "pcURILocal":
this.pcURILocal = entry.getValue();
break;
default:
}
}
} }
} }
/** /**
* Get a Selector for use in retrieving ReferenceManifest. * This is a helper method that parses the Entity tag and stores the
* information in the class fields.
* *
* @param rimMan the ReferenceManifestService to be used to retrieve * @param entity The object to parse.
* persisted RIMs
* @return a Selector instance to use for retrieving RIMs
*/ */
public static Selector select(final ReferenceManifestServiceImpl rimMan) { private void parseEntity(final Element entity) {
return new Selector(rimMan); if (entity != null) {
this.entityName = entity.getAttribute(SwidTagConstants.NAME);
this.entityRegId = entity.getAttribute(SwidTagConstants.REGID);
this.entityRole = entity.getAttribute(SwidTagConstants.ROLE);
this.entityThumbprint = entity.getAttribute(SwidTagConstants.THUMBPRINT);
} else {
log.warn("Entity Tag not found.");
}
} }
/** /**
* This method and code is pulled and adopted from the TCG Tool. Since this * This is a helper method that parses the Link tag and stores the
* is taking in an file stored in memory through http, this was changed from * information in the class fields.
* a file to a stream as the input.
* *
* @param fileStream stream of the swidtag file. * @param link The object to parse.
* @return a {@link SoftwareIdentity} object
* @throws IOException Thrown by the unmarhsallSwidTag method.
*/ */
private SoftwareIdentity validateSwidTag(final InputStream fileStream) throws IOException { private void parseLink(final Element link) {
JAXBElement jaxbe = unmarshallSwidTag(fileStream); if (link != null) {
SoftwareIdentity swidTag = (SoftwareIdentity) jaxbe.getValue(); this.linkHref = link.getAttribute(SwidTagConstants.HREF);
this.linkRel = link.getAttribute(SwidTagConstants.REL);
log.debug(String.format("SWID Tag found: %nname: %s;%ntagId: %s%n%s", } else {
swidTag.getName(), swidTag.getTagId(), SCHEMA_STATEMENT)); log.warn("Link Tag not found.");
return swidTag; }
} }
/** /**
* Helper method that is used to parse a specific element of the SwidTag * This method validates the .swidtag file at the given filepath against the
* based on an already established and stored byte array. * schema. A successful validation results in the output of the tag's name
* and tagId attributes, otherwise a generic error message is printed.
* *
* @param elementName string of an xml tag in the file.
* @return the object value of the element, if it exists
*/ */
private BaseElement getBaseElementFromBytes(final String elementName) { private Element getDirectoryTag() {
BaseElement baseElement = null; return getDirectoryTag(new ByteArrayInputStream(getRimBytes()));
}
if (getRimBytes() != null && elementName != null) { /**
* This method validates the .swidtag file at the given filepath against the
* schema. A successful validation results in the output of the tag's name
* and tagId attributes, otherwise a generic error message is printed.
*
* @param byteArrayInputStream the location of the file to be validated
*/
private Element getDirectoryTag(final ByteArrayInputStream byteArrayInputStream) {
Document document = unmarshallSwidTag(byteArrayInputStream);
Element softwareIdentity =
(Element) document.getElementsByTagName("SoftwareIdentity").item(0);
if (softwareIdentity != null) {
Element directory = (Element) document.getElementsByTagName("Directory").item(0);
return directory;
} else {
log.error("Invalid xml for validation, please verify ");
}
return null;
}
/**
* This method iterates over the list of File elements under the directory. *
*/
public List<SwidResource> getFileResources() {
return getFileResources(getRimBytes());
}
/**
* This method iterates over the list of File elements under the directory.
*
* @param rimBytes the bytes to find the files
*
*/
public List<SwidResource> getFileResources(final byte[] rimBytes) {
Element directoryTag = getDirectoryTag(new ByteArrayInputStream(rimBytes));
List<SwidResource> validHashes = new ArrayList<>();
NodeList fileNodeList = directoryTag.getChildNodes();
Element file = null;
SwidResource swidResource = null;
for (int i = 0; i < fileNodeList.getLength(); i++) {
file = (Element) fileNodeList.item(i);
swidResource = new SwidResource();
swidResource.setName(file.getAttribute(SwidTagConstants.NAME));
swidResource.setSize(file.getAttribute(SwidTagConstants.SIZE));
swidResource.setHashValue(file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":"
+ SwidTagConstants._SHA256_HASH.getLocalPart()));
validHashes.add(swidResource);
}
return validHashes;
}
/**
* This method unmarshalls the swidtag found at [path] into a Document object
* and validates it according to the schema.
*
* @param byteArrayInputStream to the input swidtag
* @return the Document element at the root of the swidtag
*/
private Document unmarshallSwidTag(final ByteArrayInputStream byteArrayInputStream) {
InputStream is = null;
Document document = null;
Unmarshaller unmarshaller = null;
try { try {
SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(getRimBytes())); document = removeXMLWhitespace(byteArrayInputStream);
JAXBElement element; SchemaFactory schemaFactory = SchemaFactory.newInstance(SCHEMA_LANGUAGE);
for (Object object : si.getEntityOrEvidenceOrLink()) { is = getClass().getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL);
if (object instanceof JAXBElement) { Schema schema = schemaFactory.newSchema(new StreamSource(is));
element = (JAXBElement) object;
if (element.getName().getLocalPart().equals(elementName)) {
// found the element
baseElement = (BaseElement) element.getValue();
}
}
}
} catch (IOException ioEx) {
log.error("Failed to parse Swid Tag bytes.", ioEx);
}
}
return baseElement;
}
/**
* This method unmarshalls the swidtag found at [path] and validates it
* according to the schema.
*
* @param stream to the input swidtag
* @return the SoftwareIdentity element at the root of the swidtag
* @throws IOException if the swidtag cannot be unmarshalled or validated
*/
private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException {
JAXBElement jaxbe = null;
Schema schema;
try {
schema = ReferenceManifestServiceImpl.getSchemaObject();
if (jaxbContext == null) { if (jaxbContext == null) {
jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE); jaxbContext = JAXBContext.newInstance(SCHEMA_PACKAGE);
} }
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); unmarshaller = jaxbContext.createUnmarshaller();
unmarshaller.setSchema(schema); unmarshaller.setSchema(schema);
jaxbe = (JAXBElement) unmarshaller.unmarshal(stream); unmarshaller.unmarshal(document);
} catch (UnmarshalException umEx) { } catch (IOException e) {
log.error(String.format("Error validating swidtag file!%n%s%n%s", log.error(e.getMessage());
umEx.getMessage(), umEx.toString())); } catch (SAXException e) {
for (StackTraceElement ste : umEx.getStackTrace()) { log.error("Error setting schema for validation!");
log.error(ste.toString()); } catch (UnmarshalException e) {
} log.error("Error validating swidtag file!");
} catch (IllegalArgumentException iaEx) { } catch (IllegalArgumentException e) {
log.error("Input file empty."); log.error("Input file empty.");
} catch (JAXBException jaxEx) { } catch (JAXBException e) {
for (StackTraceElement ste : jaxEx.getStackTrace()) { e.printStackTrace();
log.error(ste.toString()); } finally {
} if (is != null) {
}
if (jaxbe != null) {
return jaxbe;
} else {
throw new IOException("Invalid Base RIM, swidtag format expected.");
}
}
/**
* Default method for parsing the payload element.
*
* @return a collection of payload objects.
*/
public final List<SwidResource> parseResource() {
return parseResource((ResourceCollection) this.getBaseElementFromBytes("Payload"));
}
/**
* This method parses the payload method of a {@link ResourceCollection}.
*
* @param rc Resource Collection object.
* @return a collection of payload objects.
*/
public final List<SwidResource> parseResource(final ResourceCollection rc) {
List<SwidResource> resources = new ArrayList<>();
log.error("Parsing stuff");
try { try {
if (rc != null) { is.close();
for (Meta meta : rc.getDirectoryOrFileOrProcess()) { } catch (IOException e) {
if (meta instanceof Directory) { System.out.println("Error closing input stream");
Directory directory = (Directory) meta;
for (FilesystemItem fsi : directory.getDirectoryOrFile()) {
if (fsi != null) {
resources.add(new SwidResource(
(File) fsi, null));
} else {
log.error("fsi is negative");
} }
} }
} else if (meta instanceof File) {
resources.add(new SwidResource((File) meta, null));
}
}
} else {
log.error("ResourceCollection is negative");
}
} catch (ClassCastException ccEx) {
log.error(ccEx);
log.error("At this time, the code does not support the "
+ "particular formatting of this SwidTag's Payload.");
} }
return resources; return document;
}
/**
* This method strips all whitespace from an xml file, including indents and spaces
* added for human-readability.
*
* @param byteArrayInputStream to the xml file
* @return Document object without whitespace
*/
private Document removeXMLWhitespace(final ByteArrayInputStream byteArrayInputStream) throws IOException {
TransformerFactory tf = TransformerFactory.newInstance();
Source source = new StreamSource(
getClass().getClassLoader().getResourceAsStream("identity_transform.xslt"));
Document document = null;
if (byteArrayInputStream.available() > 0) {
try {
Transformer transformer = tf.newTransformer(source);
DOMResult result = new DOMResult();
transformer.transform(new StreamSource(byteArrayInputStream), result);
document = (Document) result.getNode();
} catch (TransformerConfigurationException tcEx) {
log.error("Error configuring transformer!");
} catch (TransformerException tEx) {
log.error("Error transforming input!");
}
} else {
throw new IOException("Input file is empty!");
}
return document;
} }
@Override @Override

1
HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationServiceImpl.java
View File

@ -122,6 +122,7 @@ public class SupplyChainValidationServiceImpl extends DefaultDbService<SupplyCha
caCreds.addAll(getCaChainRec(cred, queriedOrganizations)); caCreds.addAll(getCaChainRec(cred, queriedOrganizations));
} }
} }
return caCreds; return caCreds;
} }

10
HIRS_AttestationCA/src/main/resources/identity_transform.xslt Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output indent="no" />
<xsl:strip-space elements="*"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

7
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/PersistenceJPAConfig.java
View File

@ -26,6 +26,13 @@ import javax.sql.DataSource;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Properties; import java.util.Properties;
/**
* Provides application context configuration for the Attestation Certificate
* Authority application. The properties are processed in order and as such, the
* last property file read in will override properties that may had already been
* defined previously. In other words, the 'defaults.properties' file provides a
* basic standard of properties that can be overrode by the
*/
@Log4j2 @Log4j2
@Configuration @Configuration
@EnableWebMvc @EnableWebMvc

28
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -29,6 +29,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
@ -101,8 +102,6 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
UUID uuid = UUID.fromString(params.getId()); UUID uuid = UUID.fromString(params.getId());
data.putAll(getRimDetailInfo(uuid, referenceManifestRepository, data.putAll(getRimDetailInfo(uuid, referenceManifestRepository,
referenceDigestValueRepository, certificateRepository)); referenceDigestValueRepository, certificateRepository));
data.putAll(getRimDetailInfo(uuid, referenceManifestRepository,
referenceDigestValueRepository, certificateRepository));
} catch (IllegalArgumentException iaEx) { } catch (IllegalArgumentException iaEx) {
String uuidError = "Failed to parse ID from: " + params.getId(); String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError); messages.addError(uuidError);
@ -246,14 +245,29 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
} }
data.put("rimType", baseRim.getRimType()); data.put("rimType", baseRim.getRimType());
List<SwidResource> resources = baseRim.parseResource(); List<SwidResource> resources = baseRim.getFileResources();
TCGEventLog logProcessor = null; TCGEventLog logProcessor = null;
List<ReferenceManifest> subManifests;
SupportReferenceManifest support = null; SupportReferenceManifest support = null;
if (baseRim.getAssociatedRim() == null) { if (baseRim.getAssociatedRim() == null) {
support = (SupportReferenceManifest) referenceManifestRepository /**
* Need to have parsing implemented
*/
// referenceManifestRepository.findByHash("hexDecHash", "Support");
subManifests = referenceManifestRepository
.getByManufacturer(baseRim.getPlatformManufacturer(), .getByManufacturer(baseRim.getPlatformManufacturer(),
"SupportReferenceManifest"); "SupportReferenceManifest");
String fileString = new String(baseRim.getRimBytes(), StandardCharsets.UTF_8);
for (ReferenceManifest rim : subManifests) {
if (rim instanceof SupportReferenceManifest) {
support = (SupportReferenceManifest) rim;
if (fileString.contains(rim.getHexDecHash())) {
break;
}
}
}
if (support != null) { if (support != null) {
baseRim.setAssociatedRim(support.getId()); baseRim.setAssociatedRim(support.getId());
} }
@ -300,8 +314,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
data.replace("signatureValid", true); data.replace("signatureValid", true);
break; break;
} }
} catch (SupplyChainValidatorException e) { } catch (SupplyChainValidatorException scvEx) {
log.error("Error verifying cert chain: " + e.getMessage()); log.warn("Error verifying cert chain: " + scvEx.getMessage());
} }
} }
} }
@ -315,6 +329,8 @@ public class ReferenceManifestDetailsPageController extends PageController<Refer
} }
} catch (NullPointerException e) { } catch (NullPointerException e) {
log.error("Unable to link signing certificate: " + e.getMessage()); log.error("Unable to link signing certificate: " + e.getMessage());
} catch (Exception ex) {
log.warn(ex.getMessage());
} }
return data; return data;
} }

3
HIRS_Utils/src/main/java/hirs/utils/BouncyCastleUtils.java
View File

@ -27,7 +27,8 @@ public final class BouncyCastleUtils {
*/ */
public static boolean x500NameCompare(final String nameValue1, final String nameValue2) { public static boolean x500NameCompare(final String nameValue1, final String nameValue2) {
if (nameValue1 == null || nameValue2 == null) { if (nameValue1 == null || nameValue2 == null) {
throw new IllegalArgumentException("Provided DN string is null."); log.error("Provided DN string is null.");
return true;
} }
boolean result = false; boolean result = false;

6
HIRS_Utils/src/main/java/hirs/utils/SwidResource.java
View File

@ -4,6 +4,7 @@ import com.google.common.base.Preconditions;
import hirs.utils.digest.DigestAlgorithm; import hirs.utils.digest.DigestAlgorithm;
import hirs.utils.xjc.File; import hirs.utils.xjc.File;
import lombok.Getter; import lombok.Getter;
import lombok.Setter;
import lombok.ToString; import lombok.ToString;
import javax.xml.namespace.QName; import javax.xml.namespace.QName;
@ -18,9 +19,10 @@ import java.util.Map;
public class SwidResource { public class SwidResource {
@Getter @Getter
private String name, size; @Setter
private String name, size, hashValue;
@Getter @Getter
private String rimFormat, rimType, rimUriGlobal, hashValue; private String rimFormat, rimType, rimUriGlobal;
// private TpmWhiteListBaseline tpmWhiteList; // private TpmWhiteListBaseline tpmWhiteList;
private DigestAlgorithm digest = DigestAlgorithm.SHA1; private DigestAlgorithm digest = DigestAlgorithm.SHA1;
@Getter @Getter

169
HIRS_Utils/src/main/java/hirs/utils/swid/SwidTagConstants.java Normal file
View File

@ -0,0 +1,169 @@
package hirs.utils.swid;
import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
/**
* This class contains the String constants that are referenced by the gateway
* class. It is expected that member properties of this class will expand as
* more functionality is added to SwidTagGateway.
*/
public class SwidTagConstants {
public static final String DEFAULT_KEYSTORE_FILE = "keystore.jks";//"/opt/hirs/rimtool/keystore.jks";
public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "1";
public static final String DEFAULT_ATTRIBUTES_FILE = "/opt/hirs/rimtool/rim_fields.json";
public static final String DEFAULT_ENGLISH = "en";
public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
public static final String SCHEMA_PACKAGE = "hirs.swid.xjc";
public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI;
public static final String SCHEMA_URL = "swid_schema.xsd";
public static final String SOFTWARE_IDENTITY = "SoftwareIdentity";
public static final String ENTITY = "Entity";
public static final String LINK = "Link";
public static final String META = "Meta";
public static final String PAYLOAD = "Payload";
public static final String DIRECTORY = "Directory";
public static final String FILE = "File";
public static final String NAME = "name";
public static final String VERSION = "version";
public static final String VERSION_SCHEME = "versionScheme";
public static final String TAGID = "tagId";
public static final String TAGVERSION = "tagVersion";
public static final String CORPUS = "corpus";
public static final String PATCH = "patch";
public static final String SUPPLEMENTAL = "supplemental";
public static final String REGID = "regid";
public static final String ROLE = "role";
public static final String THUMBPRINT = "thumbprint";
public static final String HREF = "href";
public static final String REL = "rel";
public static final String COLLOQUIAL_VERSION = "colloquialVersion";
public static final String EDITION = "edition";
public static final String PRODUCT = "product";
public static final String REVISION = "revision";
public static final String PAYLOAD_TYPE = "PayloadType";
public static final String HYBRID = "hybrid";
public static final String PLATFORM_MANUFACTURER_STR = "platformManufacturerStr";
public static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId";
public static final String PLATFORM_MODEL = "platformModel";
public static final String PLATFORM_VERSION = "platformVersion";
public static final String FIRMWARE_MANUFACTURER_STR = "firmwareManufacturerStr";
public static final String FIRMWARE_MANUFACTURER_ID = "firmwareManufacturerId";
public static final String FIRMWARE_MODEL = "firmwareModel";
public static final String FIRMWARE_VERSION = "firmwareVersion";
public static final String BINDING_SPEC = "bindingSpec";
public static final String BINDING_SPEC_VERSION = "bindingSpecVersion";
public static final String PC_URI_LOCAL = "pcURIlocal";
public static final String PC_URI_GLOBAL = "pcURIGlobal";
public static final String RIM_LINK_HASH = "rimLinkHash";
public static final String SIZE = "size";
public static final String HASH = "hash";
public static final String SUPPORT_RIM_TYPE = "supportRIMType";
public static final String SUPPORT_RIM_FORMAT = "supportRIMFormat";
public static final String TCG_EVENTLOG_ASSERTION = "TCG_EventLog_Assertion";
public static final String TPM_PCR_ASSERTION = "TPM_PCR_Assertion";
public static final String SUPPORT_RIM_FORMAT_MISSING = "supportRIMFormat missing";
public static final String SUPPORT_RIM_URI_GLOBAL = "supportRIMURIGlobal";
public static final String DATETIME = "dateTime";
public static final String NIST_NS = "http://csrc.nist.gov/ns/swid/2015-extensions/1.0";
public static final String TCG_NS = "https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model";
public static final String RFC3852_NS = "https://www.ietf.org/rfc/rfc3852.txt";
public static final String RFC3339_NS = "https://www.ietf.org/rfc/rfc3339.txt";
public static final String N8060_PFX = "n8060";
public static final String RIM_PFX = "rim";
public static final String FX_SEPARATOR = ":";
public static final String RFC3852_PFX = "rcf3852";
public static final String RFC3339_PFX = "rcf3339";
public static final String _COLLOQUIAL_VERSION_STR = new String(N8060_PFX + FX_SEPARATOR +
COLLOQUIAL_VERSION);
public static final String _PRODUCT_STR = new String(N8060_PFX + FX_SEPARATOR +
PRODUCT);
public static final String _REVISION_STR = new String(N8060_PFX + FX_SEPARATOR +
REVISION);
public static final String _EDITION_STR = new String(N8060_PFX + FX_SEPARATOR +
EDITION);
public static final String _RIM_LINK_HASH_STR = new String(RIM_PFX + FX_SEPARATOR +
RIM_LINK_HASH);
public static final String _BINDING_SPEC_STR = new String(RIM_PFX + FX_SEPARATOR +
BINDING_SPEC);
public static final String _BINDING_SPEC_VERSION_STR = new String(RIM_PFX + FX_SEPARATOR +
BINDING_SPEC_VERSION);
public static final String _PLATFORM_MANUFACTURER_STR = new String(RIM_PFX + FX_SEPARATOR +
PLATFORM_MANUFACTURER_STR);
public static final String _PLATFORM_MANUFACTURER_ID_STR = new String(RIM_PFX + FX_SEPARATOR +
PLATFORM_MANUFACTURER_ID);
public static final String _PLATFORM_MODEL_STR = new String(RIM_PFX + FX_SEPARATOR +
PLATFORM_MODEL);
public static final String _PLATFORM_VERSION_STR = new String(RIM_PFX + FX_SEPARATOR +
PLATFORM_VERSION);
public static final String _PAYLOAD_TYPE_STR = new String(RIM_PFX + FX_SEPARATOR +
PAYLOAD_TYPE);
public static final String _PC_URI_LOCAL_STR = new String(RIM_PFX + FX_SEPARATOR +
PC_URI_LOCAL);
public static final String _PC_URI_GLOBAL_STR = new String(RIM_PFX + FX_SEPARATOR +
PC_URI_GLOBAL);
public static final QName _SHA256_HASH = new QName(
"http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256");
public static final QName _COLLOQUIAL_VERSION = new QName(
NIST_NS, COLLOQUIAL_VERSION, N8060_PFX);
public static final QName _EDITION = new QName(
NIST_NS, EDITION, N8060_PFX);
public static final QName _PRODUCT = new QName(
NIST_NS, PRODUCT, N8060_PFX);
public static final QName _REVISION = new QName(
NIST_NS, REVISION, N8060_PFX);
public static final QName _PAYLOAD_TYPE = new QName(
TCG_NS, PAYLOAD_TYPE, RIM_PFX);
public static final QName _PLATFORM_MANUFACTURER = new QName(
TCG_NS, PLATFORM_MANUFACTURER_STR, RIM_PFX);
public static final QName _PLATFORM_MANUFACTURER_ID = new QName(
TCG_NS, PLATFORM_MANUFACTURER_ID, RIM_PFX);
public static final QName _PLATFORM_MODEL = new QName(
TCG_NS, PLATFORM_MODEL, RIM_PFX);
public static final QName _PLATFORM_VERSION = new QName(
TCG_NS, PLATFORM_VERSION, RIM_PFX);
public static final QName _FIRMWARE_MANUFACTURER_STR = new QName(
TCG_NS, FIRMWARE_MANUFACTURER_STR, RIM_PFX);
public static final QName _FIRMWARE_MANUFACTURER_ID = new QName(
TCG_NS, FIRMWARE_MANUFACTURER_ID, RIM_PFX);
public static final QName _FIRMWARE_MODEL = new QName(
TCG_NS, FIRMWARE_MODEL, RIM_PFX);
public static final QName _FIRMWARE_VERSION = new QName(
TCG_NS, FIRMWARE_VERSION, RIM_PFX);
public static final QName _BINDING_SPEC = new QName(
TCG_NS, BINDING_SPEC, RIM_PFX);
public static final QName _BINDING_SPEC_VERSION = new QName(
TCG_NS, BINDING_SPEC_VERSION, RIM_PFX);
public static final QName _PC_URI_LOCAL = new QName(
TCG_NS, PC_URI_LOCAL, RIM_PFX);
public static final QName _PC_URI_GLOBAL = new QName(
TCG_NS, PC_URI_GLOBAL, RIM_PFX);
public static final QName _RIM_LINK_HASH = new QName(
TCG_NS, RIM_LINK_HASH, RIM_PFX);
public static final QName _SUPPORT_RIM_TYPE = new QName(
TCG_NS, SUPPORT_RIM_TYPE, RIM_PFX);
public static final QName _SUPPORT_RIM_FORMAT = new QName(
TCG_NS, SUPPORT_RIM_FORMAT, RIM_PFX);
public static final QName _SUPPORT_RIM_URI_GLOBAL = new QName(
TCG_NS, SUPPORT_RIM_URI_GLOBAL, RIM_PFX);
public static final QName _N8060_ENVVARPREFIX = new QName(
NIST_NS, "envVarPrefix", N8060_PFX);
public static final QName _N8060_ENVVARSUFFIX = new QName(
NIST_NS, "envVarSuffix", N8060_PFX);
public static final QName _N8060_PATHSEPARATOR = new QName(
NIST_NS, "pathSeparator", N8060_PFX);
public static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2";
}