From d4b6fdd1df29bdf32ff94087663c20cb92dca919 Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Fri, 15 Apr 2022 07:02:44 -0400 Subject: [PATCH] Pushing up changes. Majority of the libraries are updated. The main 2, hibernate/spring are saved for last. Protobuf won't be updated without a new OS. --- .../IssuedCertificateAttributeHelperTest.java | 6 +- .../attestationca/portal/util/PciIds.java | 26 ++++---- .../data/persist/certificate/Certificate.java | 3 +- .../certificate/EndorsementCredential.java | 14 +++-- .../certificate/PlatformCredential.java | 4 +- .../attributes/CommonCriteriaMeasures.java | 10 +-- .../attributes/ComponentAddress.java | 12 ++-- .../attributes/ComponentIdentifier.java | 62 +++++++++---------- .../certificate/attributes/FIPSLevel.java | 12 ++-- .../attributes/PlatformProperty.java | 24 +++---- .../attributes/TBBSecurityAssertion.java | 15 ++--- .../certificate/attributes/URIReference.java | 34 +++++----- .../attributes/V2/ComponentIdentifierV2.java | 18 +++--- .../attributes/V2/PlatformPropertyV2.java | 5 +- .../src/main/java/hirs/utils/PciIds.java | 25 ++++---- .../SupplyChainCredentialValidator.java | 22 +++---- build.gradle | 2 +- 17 files changed, 150 insertions(+), 144 deletions(-) diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java index f3fae92a..8a6fdc52 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/IssuedCertificateAttributeHelperTest.java @@ -1,5 +1,7 @@ package hirs.attestationca; +import hirs.data.persist.certificate.EndorsementCredential; +import hirs.data.persist.certificate.PlatformCredential; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; @@ -16,8 +18,6 @@ import java.util.Enumeration; import java.util.HashMap; import java.util.List; import java.util.Map; -import hirs.data.persist.certificate.EndorsementCredential; -import hirs.data.persist.certificate.PlatformCredential; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNull; @@ -189,7 +189,7 @@ public class IssuedCertificateAttributeHelperTest { DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue(); DERTaggedObject derTaggedObject = (DERTaggedObject) dlSequence.getObjectAt(0); - DERSequence derSequence = (DERSequence) derTaggedObject.getObject(); + DERSequence derSequence = (DERSequence) derTaggedObject.getLoadedObject(); Enumeration enumeration = derSequence.getObjects(); while (enumeration.hasMoreElements()) { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java index 3cbeedfa..89348579 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/PciIds.java @@ -6,7 +6,7 @@ import com.github.marandus.pciid.service.PciIdsDatabase; import com.google.common.base.Strings; import hirs.data.persist.certificate.attributes.ComponentIdentifier; import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2; -import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.ASN1UTF8String; import java.io.File; import java.io.FileInputStream; @@ -129,8 +129,8 @@ public final class PciIds { final String compClassValue = component.getComponentClass().getCategoryValue(); if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC) || compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) { - DERUTF8String manufacturer = translateVendor(component.getComponentManufacturer()); - DERUTF8String model = translateDevice(component.getComponentManufacturer(), + ASN1UTF8String manufacturer = translateVendor(component.getComponentManufacturer()); + ASN1UTF8String model = translateDevice(component.getComponentManufacturer(), component.getComponentModel()); newComponent = new ComponentIdentifierV2(component.getComponentClass(), @@ -153,15 +153,15 @@ public final class PciIds { /** * Look up the vendor name from the PCI IDs list, if the input string contains an ID. * If any part of this fails, return the original manufacturer value. - * @param refManufacturer DERUTF8String, likely from a ComponentIdentifier - * @return DERUTF8String with the discovered vendor name, or the original manufacturer value. + * @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier + * @return ASN1UTF8String with the discovered vendor name, or the original manufacturer value. */ - public static DERUTF8String translateVendor(final DERUTF8String refManufacturer) { - DERUTF8String manufacturer = refManufacturer; + public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) { + ASN1UTF8String manufacturer = refManufacturer; if (manufacturer != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) { Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase()); if (ven != null && !Strings.isNullOrEmpty(ven.getName())) { - manufacturer = new DERUTF8String(ven.getName()); + manufacturer = ASN1UTF8String.getInstance(ven.getName()); } } return manufacturer; @@ -175,10 +175,10 @@ public final class PciIds { * @param refModel DERUTF8String, likely from a ComponentIdentifier * @return DERUTF8String with the discovered device name, or the original model value. */ - public static DERUTF8String translateDevice(final DERUTF8String refManufacturer, - final DERUTF8String refModel) { - DERUTF8String manufacturer = refManufacturer; - DERUTF8String model = refModel; + public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer, + final ASN1UTF8String refModel) { + ASN1UTF8String manufacturer = refManufacturer; + ASN1UTF8String model = refModel; if (manufacturer != null && model != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$") @@ -186,7 +186,7 @@ public final class PciIds { Device dev = DB.findDevice(manufacturer.getString().toLowerCase(), model.getString().toLowerCase()); if (dev != null && !Strings.isNullOrEmpty(dev.getName())) { - model = new DERUTF8String(dev.getName()); + model = ASN1UTF8String.getInstance(dev.getName()); } } return model; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java index 31931005..8f13fefe 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java @@ -9,6 +9,7 @@ import org.apache.logging.log4j.Logger; import org.bouncycastle.asn1.ASN1BitString; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1GeneralizedTime; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Object; @@ -735,7 +736,7 @@ public abstract class Certificate extends ArchivableEntity { .getNames(); for (GeneralName genName : genNames) { if (genName.getTagNo() == GeneralName.uniformResourceIdentifier) { - String url = DERIA5String.getInstance(genName.getName()) + String url = ASN1IA5String.getInstance(genName.getName()) .getString(); crlUrls.add(url); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java index 820439ab..be867566 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java @@ -419,27 +419,29 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); // Iterate through remaining fields to set optional attributes int tag; - DERTaggedObject obj; + ASN1TaggedObject obj; for (int i = seqPosition; i < seq.size(); i++) { if (seq.getObjectAt(i) instanceof DERTaggedObject) { obj = (DERTaggedObject) seq.getObjectAt(i); tag = obj.getTagNo(); if (tag == EK_TYPE_TAG) { - int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue(); + int ekGenTypeVal = ((ASN1Enumerated) obj.getLoadedObject()) + .getValue().intValue(); if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) { TPMSecurityAssertions.EkGenerationType ekGenType = TPMSecurityAssertions.EkGenerationType.values()[ekGenTypeVal]; tpmSecurityAssertions.setEkGenType(ekGenType); } } else if (tag == EK_LOC_TAG) { - int ekGenLocVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue(); + int ekGenLocVal = ((ASN1Enumerated) obj.getLoadedObject()) + .getValue().intValue(); if (ekGenLocVal >= EK_LOC_VAL_MIN && ekGenLocVal <= EK_LOC_VAL_MAX) { TPMSecurityAssertions.EkGenerationLocation ekGenLocation = TPMSecurityAssertions.EkGenerationLocation.values()[ekGenLocVal]; tpmSecurityAssertions.setEkGenLoc(ekGenLocation); } } else if (tag == EK_CERT_LOC_TAG) { - int ekCertGenLocVal = ((ASN1Enumerated) obj.getObject()) + int ekCertGenLocVal = ((ASN1Enumerated) obj.getLoadedObject()) .getValue().intValue(); if (ekCertGenLocVal >= EK_LOC_VAL_MIN && ekCertGenLocVal <= EK_LOC_VAL_MAX) { @@ -498,7 +500,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } else if (component instanceof ASN1TaggedObject) { ASN1TaggedObject taggedObj = (ASN1TaggedObject) component; - parseSingle(taggedObj.getObject(), addToMapping, key); + parseSingle(taggedObj.getLoadedObject(), addToMapping, key); } else if (component instanceof ASN1OctetString) { // this may contain parseable data or may just be a OID key-pair value @@ -605,7 +607,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } } else if (component instanceof ASN1ApplicationSpecific) { - parseSingle(((ASN1ApplicationSpecific) component).getObject(), addToMapping, key); + parseSingle(((ASN1ApplicationSpecific) component).getLoadedObject(), addToMapping, key); } else if (component instanceof DERBMPString) { if (addToMapping) { diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java index 9dd07a52..f695e796 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java @@ -14,9 +14,9 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.util.Strings; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.x500.AttributeTypeAndValue; import org.bouncycastle.asn1.x500.RDN; @@ -997,7 +997,7 @@ public class PlatformCredential extends DeviceAssociatedCertificate { // Subtract the data based on the OID switch (info.getPolicyQualifierId().getId()) { case POLICY_QUALIFIER_CPSURI: - cpsURI = DERIA5String.getInstance(info.getQualifier()).getString(); + cpsURI = ASN1IA5String.getInstance(info.getQualifier()).getString(); break; case POLICY_QUALIFIER_USER_NOTICE: UserNotice userNotice = UserNotice.getInstance(info.getQualifier()); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/CommonCriteriaMeasures.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/CommonCriteriaMeasures.java index 12254f31..a83a14cd 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/CommonCriteriaMeasures.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/CommonCriteriaMeasures.java @@ -2,10 +2,10 @@ package hirs.data.persist.certificate.attributes; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERIA5String; /** * Basic class that handle CommonCriteriaMeasures for the Platform Certificate @@ -186,7 +186,7 @@ public class CommonCriteriaMeasures { } } - private DERIA5String version; + private ASN1IA5String version; private EvaluationAssuranceLevel assurancelevel; private EvaluationStatus evaluationStatus; private ASN1Boolean plus; @@ -220,7 +220,7 @@ public class CommonCriteriaMeasures { //Get all the mandatory values int index = 0; - version = DERIA5String.getInstance(sequence.getObjectAt(index)); + version = ASN1IA5String.getInstance(sequence.getObjectAt(index)); ++index; ASN1Enumerated enumarated = ASN1Enumerated.getInstance(sequence.getObjectAt(index)); ++index; @@ -285,7 +285,7 @@ public class CommonCriteriaMeasures { /** * @return the version */ - public DERIA5String getVersion() { + public ASN1IA5String getVersion() { return version; } @@ -293,7 +293,7 @@ public class CommonCriteriaMeasures { * Set the version. * @param version the version to set */ - public void setVersion(final DERIA5String version) { + public void setVersion(final ASN1IA5String version) { this.version = version; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentAddress.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentAddress.java index ec04eee7..5711578e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentAddress.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentAddress.java @@ -2,7 +2,7 @@ package hirs.data.persist.certificate.attributes; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.ASN1UTF8String; /** * Basic class that handle component addresses from the component identifier. @@ -25,7 +25,7 @@ public class ComponentAddress { private static final String BLUETOOTH_MAC = "2.23.133.17.3"; private ASN1ObjectIdentifier addressType; - private DERUTF8String addressValue; + private ASN1UTF8String addressValue; /** * Default constructor. @@ -41,7 +41,7 @@ public class ComponentAddress { * @param addressValue string containing the address value */ public ComponentAddress(final ASN1ObjectIdentifier addressType, - final DERUTF8String addressValue) { + final ASN1UTF8String addressValue) { this.addressType = addressType; this.addressValue = addressValue; } @@ -60,7 +60,7 @@ public class ComponentAddress { + "all the required fields."); } addressType = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(0)); - addressValue = DERUTF8String.getInstance(sequence.getObjectAt(1)); + addressValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1)); } /** @@ -103,14 +103,14 @@ public class ComponentAddress { /** * @return the addressValue */ - public DERUTF8String getAddressValue() { + public ASN1UTF8String getAddressValue() { return addressValue; } /** * @param addressValue the addressValue to set */ - public void setAddressValue(final DERUTF8String addressValue) { + public void setAddressValue(final ASN1UTF8String addressValue) { this.addressValue = addressValue; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java index f0207502..84f8f0b0 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java @@ -1,17 +1,17 @@ package hirs.data.persist.certificate.attributes; +import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.asn1.ASN1Boolean; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.ASN1UTF8String; + import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Objects; import java.util.stream.Collectors; -import org.apache.commons.lang3.StringUtils; - -import org.bouncycastle.asn1.ASN1Boolean; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERUTF8String; /** * Basic class that handle component identifiers from the Platform Configuration @@ -67,10 +67,10 @@ public class ComponentIdentifier { */ protected static final int COMPONENT_ADDRESS = 4; - private DERUTF8String componentManufacturer; - private DERUTF8String componentModel; - private DERUTF8String componentSerial; - private DERUTF8String componentRevision; + private ASN1UTF8String componentManufacturer; + private ASN1UTF8String componentModel; + private ASN1UTF8String componentSerial; + private ASN1UTF8String componentRevision; private ASN1ObjectIdentifier componentManufacturerId; private ASN1Boolean fieldReplaceable; private List componentAddress; @@ -80,10 +80,10 @@ public class ComponentIdentifier { * Default constructor. */ public ComponentIdentifier() { - componentManufacturer = new DERUTF8String(NOT_SPECFIED_COMPONENT); - componentModel = new DERUTF8String(NOT_SPECFIED_COMPONENT); - componentSerial = new DERUTF8String(StringUtils.EMPTY); - componentRevision = new DERUTF8String(StringUtils.EMPTY); + componentManufacturer = ASN1UTF8String.getInstance(NOT_SPECFIED_COMPONENT); + componentModel = ASN1UTF8String.getInstance(NOT_SPECFIED_COMPONENT); + componentSerial = ASN1UTF8String.getInstance(StringUtils.EMPTY); + componentRevision = ASN1UTF8String.getInstance(StringUtils.EMPTY); componentManufacturerId = null; fieldReplaceable = null; componentAddress = new ArrayList<>(); @@ -100,10 +100,10 @@ public class ComponentIdentifier { * @param fieldReplaceable represents if the component is replaceable * @param componentAddress represents a list of addresses */ - public ComponentIdentifier(final DERUTF8String componentManufacturer, - final DERUTF8String componentModel, - final DERUTF8String componentSerial, - final DERUTF8String componentRevision, + public ComponentIdentifier(final ASN1UTF8String componentManufacturer, + final ASN1UTF8String componentModel, + final ASN1UTF8String componentSerial, + final ASN1UTF8String componentRevision, final ASN1ObjectIdentifier componentManufacturerId, final ASN1Boolean fieldReplaceable, final List componentAddress) { @@ -130,18 +130,18 @@ public class ComponentIdentifier { } //Mandatory values - componentManufacturer = DERUTF8String.getInstance(sequence.getObjectAt(0)); - componentModel = DERUTF8String.getInstance(sequence.getObjectAt(1)); + componentManufacturer = ASN1UTF8String.getInstance(sequence.getObjectAt(0)); + componentModel = ASN1UTF8String.getInstance(sequence.getObjectAt(1)); //Continue reading the sequence if it does contain more than 2 values for (int i = 2; i < sequence.size(); i++) { ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i)); switch (taggedObj.getTagNo()) { case COMPONENT_SERIAL: - componentSerial = DERUTF8String.getInstance(taggedObj, false); + componentSerial = ASN1UTF8String.getInstance(taggedObj, false); break; case COMPONENT_REVISION: - componentRevision = DERUTF8String.getInstance(taggedObj, false); + componentRevision = ASN1UTF8String.getInstance(taggedObj, false); break; case COMPONENT_MANUFACTURER_ID: componentManufacturerId = ASN1ObjectIdentifier.getInstance(taggedObj, false); @@ -163,56 +163,56 @@ public class ComponentIdentifier { /** * @return the componentManufacturer */ - public DERUTF8String getComponentManufacturer() { + public ASN1UTF8String getComponentManufacturer() { return componentManufacturer; } /** * @param componentManufacturer the componentManufacturer to set */ - public void setComponentManufacturer(final DERUTF8String componentManufacturer) { + public void setComponentManufacturer(final ASN1UTF8String componentManufacturer) { this.componentManufacturer = componentManufacturer; } /** * @return the componentModel */ - public DERUTF8String getComponentModel() { + public ASN1UTF8String getComponentModel() { return componentModel; } /** * @param componentModel the componentModel to set */ - public void setComponentModel(final DERUTF8String componentModel) { + public void setComponentModel(final ASN1UTF8String componentModel) { this.componentModel = componentModel; } /** * @return the componentSerial */ - public DERUTF8String getComponentSerial() { + public ASN1UTF8String getComponentSerial() { return componentSerial; } /** * @param componentSerial the componentSerial to set */ - public void setComponentSerial(final DERUTF8String componentSerial) { + public void setComponentSerial(final ASN1UTF8String componentSerial) { this.componentSerial = componentSerial; } /** * @return the componentRevision */ - public DERUTF8String getComponentRevision() { + public ASN1UTF8String getComponentRevision() { return componentRevision; } /** * @param componentRevision the componentRevision to set */ - public void setComponentRevision(final DERUTF8String componentRevision) { + public void setComponentRevision(final ASN1UTF8String componentRevision) { this.componentRevision = componentRevision; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/FIPSLevel.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/FIPSLevel.java index 3f698cb7..ae66ce5e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/FIPSLevel.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/FIPSLevel.java @@ -2,8 +2,8 @@ package hirs.data.persist.certificate.attributes; import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERIA5String; /** * Basic class that handle FIPS Level. @@ -66,7 +66,7 @@ public class FIPSLevel { } } - private DERIA5String version; + private ASN1IA5String version; private SecurityLevel level; private ASN1Boolean plus; @@ -85,7 +85,7 @@ public class FIPSLevel { * @param level of the FIPS. * @param plus boolean value. */ - public FIPSLevel(final DERIA5String version, + public FIPSLevel(final ASN1IA5String version, final SecurityLevel level, final ASN1Boolean plus) { this.version = version; @@ -101,7 +101,7 @@ public class FIPSLevel { */ public FIPSLevel(final ASN1Sequence sequence) throws IllegalArgumentException { //Get version - version = DERIA5String.getInstance(sequence.getObjectAt(0)); + version = ASN1IA5String.getInstance(sequence.getObjectAt(0)); //Get and validate level ASN1Enumerated enumarated = ASN1Enumerated.getInstance(sequence.getObjectAt(1)); //Throw exception when is not between 1 and 7 @@ -121,14 +121,14 @@ public class FIPSLevel { /** * @return the version */ - public DERIA5String getVersion() { + public ASN1IA5String getVersion() { return version; } /** * @param version the version to set */ - public void setVersion(final DERIA5String version) { + public void setVersion(final ASN1IA5String version) { this.version = version; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java index 072cb7a8..d544fdf4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/PlatformProperty.java @@ -2,7 +2,7 @@ package hirs.data.persist.certificate.attributes; import hirs.data.persist.DeviceInfoReport; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.ASN1UTF8String; /** * @@ -21,15 +21,15 @@ public class PlatformProperty { */ protected static final int IDENTIFIER_NUMBER = 2; - private DERUTF8String propertyName; - private DERUTF8String propertyValue; + private ASN1UTF8String propertyName; + private ASN1UTF8String propertyValue; /** * Default constructor. */ public PlatformProperty() { - this.propertyName = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED); - this.propertyValue = new DERUTF8String(DeviceInfoReport.NOT_SPECIFIED); + this.propertyName = ASN1UTF8String.getInstance(DeviceInfoReport.NOT_SPECIFIED); + this.propertyValue = ASN1UTF8String.getInstance(DeviceInfoReport.NOT_SPECIFIED); } /** @@ -38,7 +38,7 @@ public class PlatformProperty { * @param propertyName string containing the property name * @param propertyValue string containing the property value */ - public PlatformProperty(final DERUTF8String propertyName, final DERUTF8String propertyValue) { + public PlatformProperty(final ASN1UTF8String propertyName, final ASN1UTF8String propertyValue) { this.propertyName = propertyName; this.propertyValue = propertyValue; } @@ -57,35 +57,35 @@ public class PlatformProperty { + "the required fields."); } - this.propertyName = DERUTF8String.getInstance(sequence.getObjectAt(0)); - this.propertyValue = DERUTF8String.getInstance(sequence.getObjectAt(1)); + this.propertyName = ASN1UTF8String.getInstance(sequence.getObjectAt(0)); + this.propertyValue = ASN1UTF8String.getInstance(sequence.getObjectAt(1)); } /** * @return the propertyName */ - public DERUTF8String getPropertyName() { + public ASN1UTF8String getPropertyName() { return propertyName; } /** * @param propertyName the propertyName to set */ - public void setPropertyName(final DERUTF8String propertyName) { + public void setPropertyName(final ASN1UTF8String propertyName) { this.propertyName = propertyName; } /** * @return the propertyValue */ - public DERUTF8String getPropertyValue() { + public ASN1UTF8String getPropertyValue() { return propertyValue; } /** * @param propertyValue the propertyValue to set */ - public void setPropertyValue(final DERUTF8String propertyValue) { + public void setPropertyValue(final ASN1UTF8String propertyValue) { this.propertyValue = propertyValue; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/TBBSecurityAssertion.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/TBBSecurityAssertion.java index 0dc08686..58f8fe37 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/TBBSecurityAssertion.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/TBBSecurityAssertion.java @@ -1,14 +1,15 @@ package hirs.data.persist.certificate.attributes; -import java.math.BigInteger; - import org.bouncycastle.asn1.ASN1Boolean; import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1IA5String; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERIA5String; +import java.math.BigInteger; + /** * Basic class that handle component identifiers from the Platform Configuration * Attribute. @@ -93,7 +94,7 @@ public class TBBSecurityAssertion { private FIPSLevel fipsLevel; private MeasurementRootType rtmType; private ASN1Boolean iso9000Certified; - private DERIA5String iso9000Uri; + private ASN1IA5String iso9000Uri; /** * Default constructor. @@ -122,7 +123,7 @@ public class TBBSecurityAssertion { final FIPSLevel fipsLevel, final MeasurementRootType rtmType, final ASN1Boolean iso9000Certified, - final DERIA5String iso9000Uri) { + final ASN1IA5String iso9000Uri) { this.version = version; this.ccInfo = ccInfo; this.fipsLevel = fipsLevel; @@ -192,7 +193,7 @@ public class TBBSecurityAssertion { // Check if it's a IA5String if (index < sequenceSize && sequence.getObjectAt(index).toASN1Primitive() instanceof DERIA5String) { - iso9000Uri = DERIA5String.getInstance(sequence.getObjectAt(index)); + iso9000Uri = ASN1IA5String.getInstance(sequence.getObjectAt(index)); } } @@ -269,14 +270,14 @@ public class TBBSecurityAssertion { /** * @return the iso9000Uri */ - public DERIA5String getIso9000Uri() { + public ASN1IA5String getIso9000Uri() { return iso9000Uri; } /** * @param iso9000Uri the iso9000Uri to set */ - public void setIso9000Uri(final DERIA5String iso9000Uri) { + public void setIso9000Uri(final ASN1IA5String iso9000Uri) { this.iso9000Uri = iso9000Uri; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/URIReference.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/URIReference.java index 8fbe3644..b9b49432 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/URIReference.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/URIReference.java @@ -1,11 +1,10 @@ package hirs.data.persist.certificate.attributes; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - import com.fasterxml.jackson.annotation.JsonIgnore; +import org.bouncycastle.asn1.ASN1BitString; +import org.bouncycastle.asn1.ASN1IA5String; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; /** * @@ -19,10 +18,10 @@ import com.fasterxml.jackson.annotation.JsonIgnore; * */ public class URIReference { - private DERIA5String uniformResourceIdentifier; + private ASN1IA5String uniformResourceIdentifier; private AlgorithmIdentifier hashAlgorithm; @JsonIgnore - private DERBitString hashValue; + private ASN1BitString hashValue; private static final int PLATFORM_PROPERTIES_URI_MAX = 3; private static final int PLATFORM_PROPERTIES_URI_MIN = 1; @@ -43,9 +42,9 @@ public class URIReference { * @param hashAlgorithm algorithm identifier * @param hashValue string containing the hash value */ - public URIReference(final DERIA5String uniformResourceIdentifier, + public URIReference(final ASN1IA5String uniformResourceIdentifier, final AlgorithmIdentifier hashAlgorithm, - final DERBitString hashValue) { + final ASN1BitString hashValue) { this.uniformResourceIdentifier = uniformResourceIdentifier; this.hashAlgorithm = hashAlgorithm; this.hashValue = hashValue; @@ -67,14 +66,15 @@ public class URIReference { //Get the Platform Configuration URI values for (int j = 0; j < sequence.size(); j++) { - if (sequence.getObjectAt(j) instanceof DERIA5String) { - this.uniformResourceIdentifier = DERIA5String.getInstance(sequence.getObjectAt(j)); + if (sequence.getObjectAt(j) instanceof ASN1IA5String + || sequence.getObjectAt(j) instanceof ASN1IA5String) { + this.uniformResourceIdentifier = ASN1IA5String.getInstance(sequence.getObjectAt(j)); } else if ((sequence.getObjectAt(j) instanceof AlgorithmIdentifier) || (sequence.getObjectAt(j) instanceof ASN1Sequence)) { this.hashAlgorithm = AlgorithmIdentifier.getInstance(sequence.getObjectAt(j)); - } else if (sequence.getObjectAt(j) instanceof DERBitString) { - this.hashValue = DERBitString.getInstance(sequence.getObjectAt(j)); + } else if (sequence.getObjectAt(j) instanceof ASN1BitString) { + this.hashValue = ASN1BitString.getInstance(sequence.getObjectAt(j)); } else { throw new IllegalArgumentException("Unexpected DER type found. " + sequence.getObjectAt(j).getClass().getName() + " found at index " + j + "."); @@ -85,14 +85,14 @@ public class URIReference { /** * @return the uniformResourceIdentifier */ - public DERIA5String getUniformResourceIdentifier() { + public ASN1IA5String getUniformResourceIdentifier() { return uniformResourceIdentifier; } /** * @param uniformResourceIdentifier the uniformResourceIdentifier to set */ - public void setUniformResourceIdentifier(final DERIA5String uniformResourceIdentifier) { + public void setUniformResourceIdentifier(final ASN1IA5String uniformResourceIdentifier) { this.uniformResourceIdentifier = uniformResourceIdentifier; } @@ -113,14 +113,14 @@ public class URIReference { /** * @return the hashValue */ - public DERBitString getHashValue() { + public ASN1BitString getHashValue() { return hashValue; } /** * @param hashValue the hashValue to set */ - public void setHashValue(final DERBitString hashValue) { + public void setHashValue(final ASN1BitString hashValue) { this.hashValue = hashValue; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java index f13b158f..0617c838 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java @@ -9,8 +9,8 @@ import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERUTF8String; import java.util.List; import java.util.stream.Collectors; @@ -75,10 +75,10 @@ public class ComponentIdentifierV2 extends ComponentIdentifier { */ @SuppressWarnings("checkstyle:parameternumber") public ComponentIdentifierV2(final ComponentClass componentClass, - final DERUTF8String componentManufacturer, - final DERUTF8String componentModel, - final DERUTF8String componentSerial, - final DERUTF8String componentRevision, + final ASN1UTF8String componentManufacturer, + final ASN1UTF8String componentModel, + final ASN1UTF8String componentSerial, + final ASN1UTF8String componentRevision, final ASN1ObjectIdentifier componentManufacturerId, final ASN1Boolean fieldReplaceable, final List componentAddress, @@ -114,18 +114,18 @@ public class ComponentIdentifierV2 extends ComponentIdentifier { DEROctetString.getInstance(componentIdSeq.getObjectAt(tag)).toString()); // Mandatory values - this.setComponentManufacturer(DERUTF8String.getInstance(sequence.getObjectAt(tag++))); - this.setComponentModel(DERUTF8String.getInstance(sequence.getObjectAt(tag++))); + this.setComponentManufacturer(ASN1UTF8String.getInstance(sequence.getObjectAt(tag++))); + this.setComponentModel(ASN1UTF8String.getInstance(sequence.getObjectAt(tag++))); // Continue reading the sequence if it does contain more than 2 values for (int i = tag; i < sequence.size(); i++) { ASN1TaggedObject taggedObj = ASN1TaggedObject.getInstance(sequence.getObjectAt(i)); switch (taggedObj.getTagNo()) { case COMPONENT_SERIAL: - this.setComponentSerial(DERUTF8String.getInstance(taggedObj, false)); + this.setComponentSerial(ASN1UTF8String.getInstance(taggedObj, false)); break; case COMPONENT_REVISION: - this.setComponentRevision(DERUTF8String.getInstance(taggedObj, false)); + this.setComponentRevision(ASN1UTF8String.getInstance(taggedObj, false)); break; case COMPONENT_MANUFACTURER_ID: this.setComponentManufacturerId(ASN1ObjectIdentifier diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java index b53d42de..ea5254cc 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/V2/PlatformPropertyV2.java @@ -3,6 +3,7 @@ package hirs.data.persist.certificate.attributes.V2; import hirs.data.persist.certificate.attributes.PlatformProperty; import org.bouncycastle.asn1.ASN1Enumerated; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.DERUTF8String; /** @@ -55,8 +56,8 @@ public class PlatformPropertyV2 extends PlatformProperty { + "the required fields."); } - setPropertyName(DERUTF8String.getInstance(sequence.getObjectAt(0))); - setPropertyValue(DERUTF8String.getInstance(sequence.getObjectAt(1))); + setPropertyName(ASN1UTF8String.getInstance(sequence.getObjectAt(0))); + setPropertyValue(ASN1UTF8String.getInstance(sequence.getObjectAt(1))); // optional value which is a placeholder for now if (sequence.size() > IDENTIFIER_NUMBER diff --git a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java index 1e91cf90..90d84087 100644 --- a/HIRS_Utils/src/main/java/hirs/utils/PciIds.java +++ b/HIRS_Utils/src/main/java/hirs/utils/PciIds.java @@ -6,6 +6,7 @@ import com.github.marandus.pciid.service.PciIdsDatabase; import com.google.common.base.Strings; import hirs.data.persist.certificate.attributes.ComponentIdentifier; import hirs.data.persist.certificate.attributes.V2.ComponentIdentifierV2; +import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.DERUTF8String; import java.io.File; @@ -129,8 +130,8 @@ public final class PciIds { final String compClassValue = component.getComponentClass().getCategoryValue(); if (compClassValue.equals(COMPCLASS_TCG_CAT_NIC) || compClassValue.equals(COMPCLASS_TCG_CAT_GFX)) { - DERUTF8String manufacturer = translateVendor(component.getComponentManufacturer()); - DERUTF8String model = translateDevice(component.getComponentManufacturer(), + ASN1UTF8String manufacturer = translateVendor(component.getComponentManufacturer()); + ASN1UTF8String model = translateDevice(component.getComponentManufacturer(), component.getComponentModel()); newComponent = new ComponentIdentifierV2(component.getComponentClass(), @@ -156,12 +157,12 @@ public final class PciIds { * @param refManufacturer DERUTF8String, likely from a ComponentIdentifier * @return DERUTF8String with the discovered vendor name, or the original manufacturer value. */ - public static DERUTF8String translateVendor(final DERUTF8String refManufacturer) { - DERUTF8String manufacturer = refManufacturer; + public static ASN1UTF8String translateVendor(final ASN1UTF8String refManufacturer) { + ASN1UTF8String manufacturer = refManufacturer; if (manufacturer != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$")) { Vendor ven = DB.findVendor(manufacturer.getString().toLowerCase()); if (ven != null && !Strings.isNullOrEmpty(ven.getName())) { - manufacturer = new DERUTF8String(ven.getName()); + manufacturer = ASN1UTF8String.getInstance(ven.getName()); } } return manufacturer; @@ -171,14 +172,14 @@ public final class PciIds { * Look up the device name from the PCI IDs list, if the input strings contain IDs. * The Device lookup requires the Vendor ID AND the Device ID to be valid values. * If any part of this fails, return the original model value. - * @param refManufacturer DERUTF8String, likely from a ComponentIdentifier - * @param refModel DERUTF8String, likely from a ComponentIdentifier - * @return DERUTF8String with the discovered device name, or the original model value. + * @param refManufacturer ASN1UTF8String, likely from a ComponentIdentifier + * @param refModel ASN1UTF8String, likely from a ComponentIdentifier + * @return ASN1UTF8String with the discovered device name, or the original model value. */ - public static DERUTF8String translateDevice(final DERUTF8String refManufacturer, - final DERUTF8String refModel) { - DERUTF8String manufacturer = refManufacturer; - DERUTF8String model = refModel; + public static ASN1UTF8String translateDevice(final ASN1UTF8String refManufacturer, + final ASN1UTF8String refModel) { + ASN1UTF8String manufacturer = refManufacturer; + ASN1UTF8String model = refModel; if (manufacturer != null && model != null && manufacturer.getString().trim().matches("^[0-9A-Fa-f]{4}$") diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index b28e51ad..1c4ea21d 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -19,7 +19,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.util.Strings; -import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.ASN1UTF8String; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.cert.CertException; import org.bouncycastle.cert.X509AttributeCertificateHolder; @@ -821,19 +821,19 @@ public final class SupplyChainCredentialValidator implements CredentialValidator final List pcComponents = new ArrayList<>(); for (ComponentIdentifier component : untrimmedPcComponents) { if (component.getComponentManufacturer() != null) { - component.setComponentManufacturer(new DERUTF8String( + component.setComponentManufacturer(ASN1UTF8String.getInstance( component.getComponentManufacturer().getString().trim())); } if (component.getComponentModel() != null) { - component.setComponentModel(new DERUTF8String( + component.setComponentModel(ASN1UTF8String.getInstance( component.getComponentModel().getString().trim())); } if (component.getComponentSerial() != null) { - component.setComponentSerial(new DERUTF8String( + component.setComponentSerial(ASN1UTF8String.getInstance( component.getComponentSerial().getString().trim())); } if (component.getComponentRevision() != null) { - component.setComponentRevision(new DERUTF8String( + component.setComponentRevision(ASN1UTF8String.getInstance( component.getComponentRevision().getString().trim())); } pcComponents.add(component); @@ -843,13 +843,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator pcComponents.forEach(component -> LOGGER.info(component.toString())); LOGGER.info("...against the the following DeviceInfoReport components:"); allDeviceInfoComponents.forEach(component -> LOGGER.info(component.toString())); - Set manufacturerSet = new HashSet<>(); + Set manufacturerSet = new HashSet<>(); pcComponents.forEach(pcComp -> manufacturerSet.add(pcComp.getComponentManufacturer())); // Create a list for unmatched components across all manufacturers to display at the end. List pcUnmatchedComponents = new ArrayList<>(); - for (DERUTF8String derUtf8Manufacturer : manufacturerSet) { + for (ASN1UTF8String derUtf8Manufacturer : manufacturerSet) { List pcComponentsFromManufacturer = pcComponents.stream().filter(compIdentifier -> compIdentifier.getComponentManufacturer().equals(derUtf8Manufacturer)) @@ -983,7 +983,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator * @return true if fieldValue is null or empty; false otherwise */ private static boolean hasEmptyValueForRequiredField(final String description, - final DERUTF8String fieldValue) { + final ASN1UTF8String fieldValue) { if (fieldValue == null || StringUtils.isEmpty(fieldValue.getString().trim())) { LOGGER.error("Required field was empty or null in Platform Credential: " + description); @@ -1115,7 +1115,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator private static boolean isMatchOrEmptyInPlatformCert( final String evidenceFromDevice, - final DERUTF8String valueInPlatformCert) { + final ASN1UTF8String valueInPlatformCert) { if (valueInPlatformCert == null || StringUtils.isEmpty(valueInPlatformCert.getString())) { return true; } @@ -1123,8 +1123,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator } private static boolean isMatchOrEmptyInPlatformCert( - final DERUTF8String evidenceFromDevice, - final DERUTF8String valueInPlatformCert) { + final ASN1UTF8String evidenceFromDevice, + final ASN1UTF8String valueInPlatformCert) { return evidenceFromDevice.equals(valueInPlatformCert); } diff --git a/build.gradle b/build.gradle index d54da645..ed61ea1f 100644 --- a/build.gradle +++ b/build.gradle @@ -92,7 +92,7 @@ subprojects { // here to ensure that all projects are using the same versions of common // dependencies: ext.libs = [ - bouncy_castle: 'org.bouncycastle:bcmail-jdk15on:1.59', + bouncy_castle: 'org.bouncycastle:bcmail-jdk15on:1.70', checkstyle: 'com.puppycrawl.tools:checkstyle:10.0', commons_cli: 'commons-cli:commons-cli:1.4', commons_codec: 'commons-codec:commons-codec:1.15',