ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-24 04:55:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Pushing up changes. Majority of the libraries are updated. The main 2,

Browse Source 
hibernate/spring are saved for last.  Protobuf won't be updated without
a new OS.
This commit is contained in:
Cyrus 2022-04-15 07:02:44 -04:00
parent bc643be28a
commit d4b6fdd1df
17 changed files with 150 additions and 144 deletions

6
HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java

@ -1,5 +1,7 @@
package hirs.attestationca;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
@ -16,8 +18,6 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNull;
@ -189,7 +189,7 @@ public class IssuedCertificateAttributeHelperTest {
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();
DERTaggedObject derTaggedObject = (DERTaggedObject) dlSequence.getObjectAt(0);
DERSequence derSequence = (DERSequence) derTaggedObject.getObject();
DERSequence derSequence = (DERSequence) derTaggedObject.getLoadedObject();
Enumeration enumeration = derSequence.getObjects();
while (enumeration.hasMoreElements()) {

26
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java

@ -6,7 +6,7 @@ import com.github.marandus.pciid.service.PciIdsDatabase;
import com.google.common.base.Strings;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ASN1UTF8String;
import java.io.File;
import java.io.FileInputStream;
@ -129,8 +129,8 @@ public final class PciIds {
final String compClassValue = component.getComponentClass().getCategoryValue();
if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC)
|| compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) {
DERUTF8String manufacturer = translateVendor(component.getComponentManufacturer());
DERUTF8String model = translateDevice(component.getComponentManufacturer(),
ASN1UTF8String manufacturer = translateVendor(component.getComponentManufacturer());
ASN1UTF8String model = translateDevice(component.getComponentManufacturer(),
component.getComponentModel());
newComponent = new ComponentIdentifierV2(component.getComponentClass(),
@ -153,15 +153,15 @@ public final class PciIds {
/**
* Look up the vendor name from the PCI IDs list, if the input string contains an ID.
* If any part of this fails, return the original manufacturer value.
* @param refManufacturer DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered vendor name, or the original manufacturer value.
* @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier
* @return ASN1UTF8String with the discovered vendor name, or the original manufacturer value.
*/
public static DERUTF8String translateVendor(final DERUTF8String refManufacturer) {
DERUTF8String manufacturer = refManufacturer;
public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) {
ASN1UTF8String manufacturer = refManufacturer;
if (manufacturer != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) {
Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase());
if (ven != null && !Strings.isNullOrEmpty(ven.getName())) {
manufacturer = new DERUTF8String(ven.getName());
manufacturer = ASN1UTF8String.getInstance(ven.getName());
}
}
return manufacturer;
@ -175,10 +175,10 @@ public final class PciIds {
* @param refModel DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered device name, or the original model value.
*/
public static DERUTF8String translateDevice(final DERUTF8String refManufacturer,
final DERUTF8String refModel) {
DERUTF8String manufacturer = refManufacturer;
DERUTF8String model = refModel;
public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer,
final ASN1UTF8String refModel) {
ASN1UTF8String manufacturer = refManufacturer;
ASN1UTF8String model = refModel;
if (manufacturer != null
&& model != null
&& manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")
@ -186,7 +186,7 @@ public final class PciIds {
Device dev = DB.findDevice(manufacturer.getString().toLowerCase(),
model.getString().toLowerCase());
if (dev != null && !Strings.isNullOrEmpty(dev.getName())) {
model = new DERUTF8String(dev.getName());
model = ASN1UTF8String.getInstance(dev.getName());
}
}
return model;

3
HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java

@ -9,6 +9,7 @@ import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Object;
@ -735,7 +736,7 @@ public abstract class Certificate extends ArchivableEntity {
.getNames();
for (GeneralName genName : genNames) {
if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) {
String url = DERIA5String.getInstance(genName.getName())
String url = ASN1IA5String.getInstance(genName.getName())
.getString();
crlUrls.add(url);
}

14
HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java

@ -419,27 +419,29 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
// Iterate through remaining fields to set optional attributes
int tag;
DERTaggedObject obj;
ASN1TaggedObject obj;
for (int i = seqPosition; i < seq.size(); i++) {
if (seq.getObjectAt(i) instanceof DERTaggedObject) {
obj = (DERTaggedObject) seq.getObjectAt(i);
tag = obj.getTagNo();
if (tag == EK_TYPE_TAG) {
int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue();
int ekGenTypeVal = ((ASN1Enumerated) obj.getLoadedObject())
.getValue().intValue();
if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) {
TPMSecurityAssertions.EkGenerationType ekGenType
= TPMSecurityAssertions.EkGenerationType.values()[ekGenTypeVal];
tpmSecurityAssertions.setEkGenType(ekGenType);
}
} else if (tag == EK_LOC_TAG) {
int ekGenLocVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue();
int ekGenLocVal = ((ASN1Enumerated) obj.getLoadedObject())
.getValue().intValue();
if (ekGenLocVal >= EK_LOC_VAL_MIN && ekGenLocVal <= EK_LOC_VAL_MAX) {
TPMSecurityAssertions.EkGenerationLocation ekGenLocation
= TPMSecurityAssertions.EkGenerationLocation.values()[ekGenLocVal];
tpmSecurityAssertions.setEkGenLoc(ekGenLocation);
}
} else if (tag == EK_CERT_LOC_TAG) {
int ekCertGenLocVal = ((ASN1Enumerated) obj.getObject())
int ekCertGenLocVal = ((ASN1Enumerated) obj.getLoadedObject())
.getValue().intValue();
if (ekCertGenLocVal >= EK_LOC_VAL_MIN
&& ekCertGenLocVal <= EK_LOC_VAL_MAX) {
@ -498,7 +500,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
} else if (component instanceof ASN1TaggedObject) {
ASN1TaggedObject taggedObj = (ASN1TaggedObject) component;
parseSingle(taggedObj.getObject(), addToMapping, key);
parseSingle(taggedObj.getLoadedObject(), addToMapping, key);
} else if (component instanceof ASN1OctetString) {
// this may contain parseable data or may just be a OID key-pair value
@ -605,7 +607,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
}
} else if (component instanceof ASN1ApplicationSpecific) {
parseSingle(((ASN1ApplicationSpecific) component).getObject(), addToMapping, key);
parseSingle(((ASN1ApplicationSpecific) component).getLoadedObject(), addToMapping, key);
} else if (component instanceof DERBMPString) {
if (addToMapping) {

4
HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java

@ -14,9 +14,9 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
@ -997,7 +997,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
// Subtract the data based on the OID
switch (info.getPolicyQualifierId().getId()) {
case POLICY_QUALIFIER_CPSURI:
cpsURI = DERIA5String.getInstance(info.getQualifier()).getString();
cpsURI = ASN1IA5String.getInstance(info.getQualifier()).getString();
break;
case POLICY_QUALIFIER_USER_NOTICE:
UserNotice userNotice = UserNotice.getInstance(info.getQualifier());

10
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/CommonCriteriaMeasures.java

@ -2,10 +2,10 @@ package hirs.data.persist.certificate.attributes;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERIA5String;
/**
* Basic class that handle CommonCriteriaMeasures for the Platform Certificate
@ -186,7 +186,7 @@ public class CommonCriteriaMeasures {
}
}
private DERIA5String version;
private ASN1IA5String version;
private EvaluationAssuranceLevel assurancelevel;
private EvaluationStatus evaluationStatus;
private ASN1Boolean plus;
@ -220,7 +220,7 @@ public class CommonCriteriaMeasures {
//Get all the mandatory values
int index = 0;
version = DERIA5String.getInstance(sequence.getObjectAt(index));
version = ASN1IA5String.getInstance(sequence.getObjectAt(index));
++index;
ASN1Enumerated enumarated = ASN1Enumerated.getInstance(sequence.getObjectAt(index));
++index;
@ -285,7 +285,7 @@ public class CommonCriteriaMeasures {
/**
* @return the version
*/
public DERIA5String getVersion() {
public ASN1IA5String getVersion() {
return version;
}
@ -293,7 +293,7 @@ public class CommonCriteriaMeasures {
* Set the version.
* @param version the version to set
*/
public void setVersion(final DERIA5String version) {
public void setVersion(final ASN1IA5String version) {
this.version = version;
}

12
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentAddress.java

@ -2,7 +2,7 @@ package hirs.data.persist.certificate.attributes;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ASN1UTF8String;
/**
* Basic class that handle component addresses from the component identifier.
@ -25,7 +25,7 @@ public class ComponentAddress {
private static final String BLUETOOTH_MAC = "2.23.133.17.3";
private ASN1ObjectIdentifier addressType;
private DERUTF8String addressValue;
private ASN1UTF8String addressValue;
/**
* Default constructor.
@ -41,7 +41,7 @@ public class ComponentAddress {
* @param addressValue string containing the address value
*/
public ComponentAddress(final ASN1ObjectIdentifier addressType,
final DERUTF8String addressValue) {
final ASN1UTF8String addressValue) {
this.addressType = addressType;
this.addressValue = addressValue;
}
@ -60,7 +60,7 @@ public class ComponentAddress {
+ "all the required fields.");
}
addressType = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(0));
addressValue = DERUTF8String.getInstance(sequence.getObjectAt(1));
addressValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1));
}
/**
@ -103,14 +103,14 @@ public class ComponentAddress {
/**
* @return the addressValue
*/
public DERUTF8String getAddressValue() {
public ASN1UTF8String getAddressValue() {
return addressValue;
}
/**
* @param addressValue the addressValue to set
*/
public void setAddressValue(final DERUTF8String addressValue) {
public void setAddressValue(final ASN1UTF8String addressValue) {
this.addressValue = addressValue;
}

62
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java

@ -1,17 +1,17 @@
package hirs.data.persist.certificate.attributes;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.ASN1UTF8String;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERUTF8String;
/**
* Basic class that handle component identifiers from the Platform Configuration
@ -67,10 +67,10 @@ public class ComponentIdentifier {
*/
protected static final int COMPONENT_ADDRESS = 4;
private DERUTF8String componentManufacturer;
private DERUTF8String componentModel;
private DERUTF8String componentSerial;
private DERUTF8String componentRevision;
private ASN1UTF8String componentManufacturer;
private ASN1UTF8String componentModel;
private ASN1UTF8String componentSerial;
private ASN1UTF8String componentRevision;
private ASN1ObjectIdentifier componentManufacturerId;
private ASN1Boolean fieldReplaceable;
private List<ComponentAddress> componentAddress;
@ -80,10 +80,10 @@ public class ComponentIdentifier {
* Default constructor.
*/
public ComponentIdentifier() {
componentManufacturer = new DERUTF8String(NOT_SPECFIED_COMPONENT);
componentModel = new DERUTF8String(NOT_SPECFIED_COMPONENT);
componentSerial = new DERUTF8String(StringUtils.EMPTY);
componentRevision = new DERUTF8String(StringUtils.EMPTY);
componentManufacturer = ASN1UTF8String.getInstance(NOT_SPECFIED_COMPONENT);
componentModel = ASN1UTF8String.getInstance(NOT_SPECFIED_COMPONENT);
componentSerial = ASN1UTF8String.getInstance(StringUtils.EMPTY);
componentRevision = ASN1UTF8String.getInstance(StringUtils.EMPTY);
componentManufacturerId = null;
fieldReplaceable = null;
componentAddress = new ArrayList<>();
@ -100,10 +100,10 @@ public class ComponentIdentifier {
* @param fieldReplaceable represents if the component is replaceable
* @param componentAddress represents a list of addresses
*/
public ComponentIdentifier(final DERUTF8String componentManufacturer,
final DERUTF8String componentModel,
final DERUTF8String componentSerial,
final DERUTF8String componentRevision,
public ComponentIdentifier(final ASN1UTF8String componentManufacturer,
final ASN1UTF8String componentModel,
final ASN1UTF8String componentSerial,
final ASN1UTF8String componentRevision,
final ASN1ObjectIdentifier componentManufacturerId,
final ASN1Boolean fieldReplaceable,
final List<ComponentAddress> componentAddress) {
@ -130,18 +130,18 @@ public class ComponentIdentifier {
}
//Mandatory values
componentManufacturer = DERUTF8String.getInstance(sequence.getObjectAt(0));
componentModel = DERUTF8String.getInstance(sequence.getObjectAt(1));
componentManufacturer = ASN1UTF8String.getInstance(sequence.getObjectAt(0));
componentModel = ASN1UTF8String.getInstance(sequence.getObjectAt(1));
//Continue reading the sequence if it does contain more than 2 values
for (int i = 2; i < sequence.size(); i++) {
ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i));
switch (taggedObj.getTagNo()) {
case COMPONENT_SERIAL:
componentSerial = DERUTF8String.getInstance(taggedObj, false);
componentSerial = ASN1UTF8String.getInstance(taggedObj, false);
break;
case COMPONENT_REVISION:
componentRevision = DERUTF8String.getInstance(taggedObj, false);
componentRevision = ASN1UTF8String.getInstance(taggedObj, false);
break;
case COMPONENT_MANUFACTURER_ID:
componentManufacturerId = ASN1ObjectIdentifier.getInstance(taggedObj, false);
@ -163,56 +163,56 @@ public class ComponentIdentifier {
/**
* @return the componentManufacturer
*/
public DERUTF8String getComponentManufacturer() {
public ASN1UTF8String getComponentManufacturer() {
return componentManufacturer;
}
/**
* @param componentManufacturer the componentManufacturer to set
*/
public void setComponentManufacturer(final DERUTF8String componentManufacturer) {
public void setComponentManufacturer(final ASN1UTF8String componentManufacturer) {
this.componentManufacturer = componentManufacturer;
}
/**
* @return the componentModel
*/
public DERUTF8String getComponentModel() {
public ASN1UTF8String getComponentModel() {
return componentModel;
}
/**
* @param componentModel the componentModel to set
*/
public void setComponentModel(final DERUTF8String componentModel) {
public void setComponentModel(final ASN1UTF8String componentModel) {
this.componentModel = componentModel;
}
/**
* @return the componentSerial
*/
public DERUTF8String getComponentSerial() {
public ASN1UTF8String getComponentSerial() {
return componentSerial;
}
/**
* @param componentSerial the componentSerial to set
*/
public void setComponentSerial(final DERUTF8String componentSerial) {
public void setComponentSerial(final ASN1UTF8String componentSerial) {
this.componentSerial = componentSerial;
}
/**
* @return the componentRevision
*/
public DERUTF8String getComponentRevision() {
public ASN1UTF8String getComponentRevision() {
return componentRevision;
}
/**
* @param componentRevision the componentRevision to set
*/
public void setComponentRevision(final DERUTF8String componentRevision) {
public void setComponentRevision(final ASN1UTF8String componentRevision) {
this.componentRevision = componentRevision;
}

12
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/FIPSLevel.java

@ -2,8 +2,8 @@ package hirs.data.persist.certificate.attributes;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
/**
* Basic class that handle FIPS Level.
@ -66,7 +66,7 @@ public class FIPSLevel {
}
}
private DERIA5String version;
private ASN1IA5String version;
private SecurityLevel level;
private ASN1Boolean plus;
@ -85,7 +85,7 @@ public class FIPSLevel {
* @param level of the FIPS.
* @param plus boolean value.
*/
public FIPSLevel(final DERIA5String version,
public FIPSLevel(final ASN1IA5String version,
final SecurityLevel level,
final ASN1Boolean plus) {
this.version = version;
@ -101,7 +101,7 @@ public class FIPSLevel {
*/
public FIPSLevel(final ASN1Sequence sequence) throws IllegalArgumentException {
//Get version
version = DERIA5String.getInstance(sequence.getObjectAt(0));
version = ASN1IA5String.getInstance(sequence.getObjectAt(0));
//Get and validate level
ASN1Enumerated enumarated = ASN1Enumerated.getInstance(sequence.getObjectAt(1));
//Throw exception when is not between 1 and 7
@ -121,14 +121,14 @@ public class FIPSLevel {
/**
* @return the version
*/
public DERIA5String getVersion() {
public ASN1IA5String getVersion() {
return version;
}
/**
* @param version the version to set
*/
public void setVersion(final DERIA5String version) {
public void setVersion(final ASN1IA5String version) {
this.version = version;
}

24
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java

@ -2,7 +2,7 @@ package hirs.data.persist.certificate.attributes;
import hirs.data.persist.DeviceInfoReport;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ASN1UTF8String;
/**
*
@ -21,15 +21,15 @@ public class PlatformProperty {
*/
protected static final int IDENTIFIER_NUMBER = 2;
private DERUTF8String propertyName;
private DERUTF8String propertyValue;
private ASN1UTF8String propertyName;
private ASN1UTF8String propertyValue;
/**
* Default constructor.
*/
public PlatformProperty() {
this.propertyName = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED);
this.propertyValue = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED);
this.propertyName = ASN1UTF8String.getInstance(DeviceInfoReport.NOT_SPECIFIED);
this.propertyValue = ASN1UTF8String.getInstance(DeviceInfoReport.NOT_SPECIFIED);
}
/**
@ -38,7 +38,7 @@ public class PlatformProperty {
* @param propertyName string containing the property name
* @param propertyValue string containing the property value
*/
public PlatformProperty(final DERUTF8String propertyName, final DERUTF8String propertyValue) {
public PlatformProperty(final ASN1UTF8String propertyName, final ASN1UTF8String propertyValue) {
this.propertyName = propertyName;
this.propertyValue = propertyValue;
}
@ -57,35 +57,35 @@ public class PlatformProperty {
+ "the required fields.");
}
this.propertyName = DERUTF8String.getInstance(sequence.getObjectAt(0));
this.propertyValue = DERUTF8String.getInstance(sequence.getObjectAt(1));
this.propertyName = ASN1UTF8String.getInstance(sequence.getObjectAt(0));
this.propertyValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1));
}
/**
* @return the propertyName
*/
public DERUTF8String getPropertyName() {
public ASN1UTF8String getPropertyName() {
return propertyName;
}
/**
* @param propertyName the propertyName to set
*/
public void setPropertyName(final DERUTF8String propertyName) {
public void setPropertyName(final ASN1UTF8String propertyName) {
this.propertyName = propertyName;
}
/**
* @return the propertyValue
*/
public DERUTF8String getPropertyValue() {
public ASN1UTF8String getPropertyValue() {
return propertyValue;
}
/**
* @param propertyValue the propertyValue to set
*/
public void setPropertyValue(final DERUTF8String propertyValue) {
public void setPropertyValue(final ASN1UTF8String propertyValue) {
this.propertyValue = propertyValue;
}

15
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/TBBSecurityAssertion.java

@ -1,14 +1,15 @@
package hirs.data.persist.certificate.attributes;
import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERIA5String;
import java.math.BigInteger;
/**
* Basic class that handle component identifiers from the Platform Configuration
* Attribute.
@ -93,7 +94,7 @@ public class TBBSecurityAssertion {
private FIPSLevel fipsLevel;
private MeasurementRootType rtmType;
private ASN1Boolean iso9000Certified;
private DERIA5String iso9000Uri;
private ASN1IA5String iso9000Uri;
/**
* Default constructor.
@ -122,7 +123,7 @@ public class TBBSecurityAssertion {
final FIPSLevel fipsLevel,
final MeasurementRootType rtmType,
final ASN1Boolean iso9000Certified,
final DERIA5String iso9000Uri) {
final ASN1IA5String iso9000Uri) {
this.version = version;
this.ccInfo = ccInfo;
this.fipsLevel = fipsLevel;
@ -192,7 +193,7 @@ public class TBBSecurityAssertion {
// Check if it's a IA5String
if (index < sequenceSize
&& sequence.getObjectAt(index).toASN1Primitive() instanceof DERIA5String) {
iso9000Uri = DERIA5String.getInstance(sequence.getObjectAt(index));
iso9000Uri = ASN1IA5String.getInstance(sequence.getObjectAt(index));
}
}
@ -269,14 +270,14 @@ public class TBBSecurityAssertion {
/**
* @return the iso9000Uri
*/
public DERIA5String getIso9000Uri() {
public ASN1IA5String getIso9000Uri() {
return iso9000Uri;
}
/**
* @param iso9000Uri the iso9000Uri to set
*/
public void setIso9000Uri(final DERIA5String iso9000Uri) {
public void setIso9000Uri(final ASN1IA5String iso9000Uri) {
this.iso9000Uri = iso9000Uri;
}

34
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/URIReference.java

@ -1,11 +1,10 @@
package hirs.data.persist.certificate.attributes;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
/**
*
@ -19,10 +18,10 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
* </pre>
*/
public class URIReference {
private DERIA5String uniformResourceIdentifier;
private ASN1IA5String uniformResourceIdentifier;
private AlgorithmIdentifier hashAlgorithm;
@JsonIgnore
private DERBitString hashValue;
private ASN1BitString hashValue;
private static final int PLATFORM_PROPERTIES_URI_MAX = 3;
private static final int PLATFORM_PROPERTIES_URI_MIN = 1;
@ -43,9 +42,9 @@ public class URIReference {
* @param hashAlgorithm algorithm identifier
* @param hashValue string containing the hash value
*/
public URIReference(final DERIA5String uniformResourceIdentifier,
public URIReference(final ASN1IA5String uniformResourceIdentifier,
final AlgorithmIdentifier hashAlgorithm,
final DERBitString hashValue) {
final ASN1BitString hashValue) {
this.uniformResourceIdentifier = uniformResourceIdentifier;
this.hashAlgorithm = hashAlgorithm;
this.hashValue = hashValue;
@ -67,14 +66,15 @@ public class URIReference {
//Get the Platform Configuration URI values
for (int j = 0; j < sequence.size(); j++) {
if (sequence.getObjectAt(j) instanceof DERIA5String) {
this.uniformResourceIdentifier = DERIA5String.getInstance(sequence.getObjectAt(j));
if (sequence.getObjectAt(j) instanceof ASN1IA5String
|| sequence.getObjectAt(j) instanceof ASN1IA5String) {
this.uniformResourceIdentifier = ASN1IA5String.getInstance(sequence.getObjectAt(j));
} else if ((sequence.getObjectAt(j) instanceof AlgorithmIdentifier)
|| (sequence.getObjectAt(j) instanceof ASN1Sequence)) {
this.hashAlgorithm =
AlgorithmIdentifier.getInstance(sequence.getObjectAt(j));
} else if (sequence.getObjectAt(j) instanceof DERBitString) {
this.hashValue = DERBitString.getInstance(sequence.getObjectAt(j));
} else if (sequence.getObjectAt(j) instanceof ASN1BitString) {
this.hashValue = ASN1BitString.getInstance(sequence.getObjectAt(j));
} else {
throw new IllegalArgumentException("Unexpected DER type found. "
+ sequence.getObjectAt(j).getClass().getName() + " found at index " + j + ".");
@ -85,14 +85,14 @@ public class URIReference {
/**
* @return the uniformResourceIdentifier
*/
public DERIA5String getUniformResourceIdentifier() {
public ASN1IA5String getUniformResourceIdentifier() {
return uniformResourceIdentifier;
}
/**
* @param uniformResourceIdentifier the uniformResourceIdentifier to set
*/
public void setUniformResourceIdentifier(final DERIA5String uniformResourceIdentifier) {
public void setUniformResourceIdentifier(final ASN1IA5String uniformResourceIdentifier) {
this.uniformResourceIdentifier = uniformResourceIdentifier;
}
@ -113,14 +113,14 @@ public class URIReference {
/**
* @return the hashValue
*/
public DERBitString getHashValue() {
public ASN1BitString getHashValue() {
return hashValue;
}
/**
* @param hashValue the hashValue to set
*/
public void setHashValue(final DERBitString hashValue) {
public void setHashValue(final ASN1BitString hashValue) {
this.hashValue = hashValue;
}

18
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java

@ -9,8 +9,8 @@ import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import java.util.List;
import java.util.stream.Collectors;
@ -75,10 +75,10 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
*/
@SuppressWarnings("checkstyle:parameternumber")
public ComponentIdentifierV2(final ComponentClass componentClass,
final DERUTF8String componentManufacturer,
final DERUTF8String componentModel,
final DERUTF8String componentSerial,
final DERUTF8String componentRevision,
final ASN1UTF8String componentManufacturer,
final ASN1UTF8String componentModel,
final ASN1UTF8String componentSerial,
final ASN1UTF8String componentRevision,
final ASN1ObjectIdentifier componentManufacturerId,
final ASN1Boolean fieldReplaceable,
final List<ComponentAddress> componentAddress,
@ -114,18 +114,18 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
DEROctetString.getInstance(componentIdSeq.getObjectAt(tag)).toString());
// Mandatory values
this.setComponentManufacturer(DERUTF8String.getInstance(sequence.getObjectAt(tag++)));
this.setComponentModel(DERUTF8String.getInstance(sequence.getObjectAt(tag++)));
this.setComponentManufacturer(ASN1UTF8String.getInstance(sequence.getObjectAt(tag++)));
this.setComponentModel(ASN1UTF8String.getInstance(sequence.getObjectAt(tag++)));
// Continue reading the sequence if it does contain more than 2 values
for (int i = tag; i < sequence.size(); i++) {
ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i));
switch (taggedObj.getTagNo()) {
case COMPONENT_SERIAL:
this.setComponentSerial(DERUTF8String.getInstance(taggedObj, false));
this.setComponentSerial(ASN1UTF8String.getInstance(taggedObj, false));
break;
case COMPONENT_REVISION:
this.setComponentRevision(DERUTF8String.getInstance(taggedObj, false));
this.setComponentRevision(ASN1UTF8String.getInstance(taggedObj, false));
break;
case COMPONENT_MANUFACTURER_ID:
this.setComponentManufacturerId(ASN1ObjectIdentifier

5
HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java

@ -3,6 +3,7 @@ package hirs.data.persist.certificate.attributes.V2;
import hirs.data.persist.certificate.attributes.PlatformProperty;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String;
/**
@ -55,8 +56,8 @@ public class PlatformPropertyV2 extends PlatformProperty {
+ "the required fields.");
}
setPropertyName(DERUTF8String.getInstance(sequence.getObjectAt(0)));
setPropertyValue(DERUTF8String.getInstance(sequence.getObjectAt(1)));
setPropertyName(ASN1UTF8String.getInstance(sequence.getObjectAt(0)));
setPropertyValue(ASN1UTF8String.getInstance(sequence.getObjectAt(1)));
// optional value which is a placeholder for now
if (sequence.size() > IDENTIFIER_NUMBER

25
HIRS_Utils/src/main/java/hirs/utils/PciIds.java

@ -6,6 +6,7 @@ import com.github.marandus.pciid.service.PciIdsDatabase;
import com.google.common.base.Strings;
import hirs.data.persist.certificate.attributes.ComponentIdentifier;
import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.DERUTF8String;
import java.io.File;
@ -129,8 +130,8 @@ public final class PciIds {
final String compClassValue = component.getComponentClass().getCategoryValue();
if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC)
|| compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) {
DERUTF8String manufacturer = translateVendor(component.getComponentManufacturer());
DERUTF8String model = translateDevice(component.getComponentManufacturer(),
ASN1UTF8String manufacturer = translateVendor(component.getComponentManufacturer());
ASN1UTF8String model = translateDevice(component.getComponentManufacturer(),
component.getComponentModel());
newComponent = new ComponentIdentifierV2(component.getComponentClass(),
@ -156,12 +157,12 @@ public final class PciIds {
* @param refManufacturer DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered vendor name, or the original manufacturer value.
*/
public static DERUTF8String translateVendor(final DERUTF8String refManufacturer) {
DERUTF8String manufacturer = refManufacturer;
public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) {
ASN1UTF8String manufacturer = refManufacturer;
if (manufacturer != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) {
Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase());
if (ven != null && !Strings.isNullOrEmpty(ven.getName())) {
manufacturer = new DERUTF8String(ven.getName());
manufacturer = ASN1UTF8String.getInstance(ven.getName());
}
}
return manufacturer;
@ -171,14 +172,14 @@ public final class PciIds {
* Look up the device name from the PCI IDs list, if the input strings contain IDs.
* The Device lookup requires the Vendor ID AND the Device ID to be valid values.
* If any part of this fails, return the original model value.
* @param refManufacturer DERUTF8String, likely from a ComponentIdentifier
* @param refModel DERUTF8String, likely from a ComponentIdentifier
* @return DERUTF8String with the discovered device name, or the original model value.
* @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier
* @param refModel ASN1UTF8String, likely from a ComponentIdentifier
* @return ASN1UTF8String with the discovered device name, or the original model value.
*/
public static DERUTF8String translateDevice(final DERUTF8String refManufacturer,
final DERUTF8String refModel) {
DERUTF8String manufacturer = refManufacturer;
DERUTF8String model = refModel;
public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer,
final ASN1UTF8String refModel) {
ASN1UTF8String manufacturer = refManufacturer;
ASN1UTF8String model = refModel;
if (manufacturer != null
&& model != null
&& manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")

22
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java

@ -19,7 +19,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.util.Strings;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.ASN1UTF8String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.CertException;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
@ -821,19 +821,19 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
final List<ComponentIdentifier> pcComponents = new ArrayList<>();
for (ComponentIdentifier component : untrimmedPcComponents) {
if (component.getComponentManufacturer() != null) {
component.setComponentManufacturer(new DERUTF8String(
component.setComponentManufacturer(ASN1UTF8String.getInstance(
component.getComponentManufacturer().getString().trim()));
}
if (component.getComponentModel() != null) {
component.setComponentModel(new DERUTF8String(
component.setComponentModel(ASN1UTF8String.getInstance(
component.getComponentModel().getString().trim()));
}
if (component.getComponentSerial() != null) {
component.setComponentSerial(new DERUTF8String(
component.setComponentSerial(ASN1UTF8String.getInstance(
component.getComponentSerial().getString().trim()));
}
if (component.getComponentRevision() != null) {
component.setComponentRevision(new DERUTF8String(
component.setComponentRevision(ASN1UTF8String.getInstance(
component.getComponentRevision().getString().trim()));
}
pcComponents.add(component);
@ -843,13 +843,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
pcComponents.forEach(component -> LOGGER.info(component.toString()));
LOGGER.info("...against the the following DeviceInfoReport components:");
allDeviceInfoComponents.forEach(component -> LOGGER.info(component.toString()));
Set<DERUTF8String> manufacturerSet = new HashSet<>();
Set<ASN1UTF8String> manufacturerSet = new HashSet<>();
pcComponents.forEach(pcComp -> manufacturerSet.add(pcComp.getComponentManufacturer()));
// Create a list for unmatched components across all manufacturers to display at the end.
List<ComponentIdentifier> pcUnmatchedComponents = new ArrayList<>();
for (DERUTF8String derUtf8Manufacturer : manufacturerSet) {
for (ASN1UTF8String derUtf8Manufacturer : manufacturerSet) {
List<ComponentIdentifier> pcComponentsFromManufacturer
= pcComponents.stream().filter(compIdentifier
-> compIdentifier.getComponentManufacturer().equals(derUtf8Manufacturer))
@ -983,7 +983,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
* @return true if fieldValue is null or empty; false otherwise
*/
private static boolean hasEmptyValueForRequiredField(final String description,
final DERUTF8String fieldValue) {
final ASN1UTF8String fieldValue) {
if (fieldValue == null || StringUtils.isEmpty(fieldValue.getString().trim())) {
LOGGER.error("Required field was empty or null in Platform Credential: "
+ description);
@ -1115,7 +1115,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
private static boolean isMatchOrEmptyInPlatformCert(
final String evidenceFromDevice,
final DERUTF8String valueInPlatformCert) {
final ASN1UTF8String valueInPlatformCert) {
if (valueInPlatformCert == null || StringUtils.isEmpty(valueInPlatformCert.getString())) {
return true;
}
@ -1123,8 +1123,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
}
private static boolean isMatchOrEmptyInPlatformCert(
final DERUTF8String evidenceFromDevice,
final DERUTF8String valueInPlatformCert) {
final ASN1UTF8String evidenceFromDevice,
final ASN1UTF8String valueInPlatformCert) {
return evidenceFromDevice.equals(valueInPlatformCert);
}

2
build.gradle

@ -92,7 +92,7 @@ subprojects {
// here to ensure that all projects are using the same versions of common
// dependencies:
ext.libs = [
bouncy_castle: 'org.bouncycastle:bcmail-jdk15on:1.59',
bouncy_castle: 'org.bouncycastle:bcmail-jdk15on:1.70',
checkstyle: 'com.puppycrawl.tools:checkstyle:10.0',
commons_cli: 'commons-cli:commons-cli:1.4',
commons_codec: 'commons-codec:commons-codec:1.15',