diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 3bb51627..b9a2415c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -10,18 +10,19 @@ import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.persist.AppraisalStatus; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.SupplyChainValidationSummary; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.IssuedAttestationCertificate; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.service.DeviceRegister; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.DBManager; import hirs.persist.DeviceManager; import hirs.persist.TPM2ProvisionerState; @@ -152,11 +153,10 @@ public abstract class AbstractAttestationCertificateAuthority private final Integer validDays; private final CertificateManager certificateManager; + private final ReferenceManifestManager referenceManifestManager; private final DeviceRegister deviceRegister; private final DeviceManager deviceManager; private final DBManager tpm2ProvisionerStateDBManager; - private String[] pcrsList; - private String[] pcrs256List; private String tpmQuoteHash; private String tpmSignatureHash; private String pcrValues; @@ -168,6 +168,7 @@ public abstract class AbstractAttestationCertificateAuthority * @param acaCertificate the ACA certificate * @param structConverter the struct converter * @param certificateManager the certificate manager + * @param referenceManifestManager the Reference Manifest manager * @param deviceRegister the device register * @param validDays the number of days issued certs are valid * @param deviceManager the device manager @@ -179,6 +180,7 @@ public abstract class AbstractAttestationCertificateAuthority final PrivateKey privateKey, final X509Certificate acaCertificate, final StructConverter structConverter, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final DeviceRegister deviceRegister, final int validDays, final DeviceManager deviceManager, final DBManager tpm2ProvisionerStateDBManager) { @@ -187,6 +189,7 @@ public abstract class AbstractAttestationCertificateAuthority this.acaCertificate = acaCertificate; this.structConverter = structConverter; this.certificateManager = certificateManager; + this.referenceManifestManager = referenceManifestManager; this.deviceRegister = deviceRegister; this.validDays = validDays; this.deviceManager = deviceManager; @@ -212,7 +215,6 @@ public abstract class AbstractAttestationCertificateAuthority IdentityRequestEnvelope challenge = structConverter.convert(identityRequest, IdentityRequestEnvelope.class); - // byte[] identityProof = unwrapIdentityRequest(challenge.getRequest()); // the decrypted symmetric blob should be in the format of an IdentityProof. Use the // struct converter to generate it. @@ -506,9 +508,6 @@ public abstract class AbstractAttestationCertificateAuthority } if (request.getPcrslist() != null && !request.getPcrslist().isEmpty()) { this.pcrValues = request.getPcrslist().toStringUtf8(); - String[] pcrsSet = this.pcrValues.split("\\+"); - this.pcrsList = parsePCRValues(pcrsSet[0]); - this.pcrs256List = parsePCRValues(pcrsSet[1]); } // Get device name and device @@ -596,8 +595,7 @@ public abstract class AbstractAttestationCertificateAuthority byte[] modulus = HexUtils.subarray(publicArea, pubLen - RSA_MODULUS_LENGTH, pubLen - 1); - RSAPublicKey pub = (RSAPublicKey) assemblePublicKey(modulus); - return pub; + return (RSAPublicKey) assemblePublicKey(modulus); } /** @@ -621,9 +619,10 @@ public abstract class AbstractAttestationCertificateAuthority // convert mac hex string to byte values byte[] macAddressBytes = new byte[MAC_BYTES]; + Integer hex; if (macAddressParts.length == MAC_BYTES) { for (int i = 0; i < MAC_BYTES; i++) { - Integer hex = HexUtils.hexToInt(macAddressParts[i]); + hex = HexUtils.hexToInt(macAddressParts[i]); macAddressBytes[i] = hex.byteValue(); } } @@ -884,7 +883,6 @@ public abstract class AbstractAttestationCertificateAuthority * Assembles a public key using a defined big int modulus and the well known exponent. */ private PublicKey assemblePublicKey(final BigInteger modulus) { - // generate a key spec using mod and exp RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, EXPONENT); @@ -1242,8 +1240,7 @@ public abstract class AbstractAttestationCertificateAuthority private byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context, final int sizeInBytes) throws NoSuchAlgorithmException, InvalidKeyException { - ByteBuffer b; - b = ByteBuffer.allocate(4); + ByteBuffer b = ByteBuffer.allocate(4); b.putInt(1); byte[] counter = b.array(); // get the label @@ -1271,14 +1268,13 @@ public abstract class AbstractAttestationCertificateAuthority } System.arraycopy(desiredSizeInBits, 0, message, marker, 4); Mac hmac; - byte[] toReturn = null; + byte[] toReturn = new byte[sizeInBytes]; hmac = Mac.getInstance("HmacSHA256"); SecretKeySpec hmacKey = new SecretKeySpec(seed, hmac.getAlgorithm()); hmac.init(hmacKey); hmac.update(message); byte[] hmacResult = hmac.doFinal(); - toReturn = new byte[sizeInBytes]; System.arraycopy(hmacResult, 0, toReturn, 0, sizeInBytes); return toReturn; } @@ -1290,11 +1286,9 @@ public abstract class AbstractAttestationCertificateAuthority * @throws NoSuchAlgorithmException improper algorithm selected */ private byte[] sha256hash(final byte[] blob) throws NoSuchAlgorithmException { - byte[] toReturn = null; MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(blob); - toReturn = md.digest(); - return toReturn; + return md.digest(); } /** diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java index 3bec221c..254cfd3a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java @@ -17,6 +17,7 @@ import hirs.attestationca.AbstractAttestationCertificateAuthority; import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.service.DeviceRegister; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.DeviceManager; import hirs.structs.converters.StructConverter; @@ -36,6 +37,7 @@ public class RestfulAttestationCertificateAuthority * @param acaCertificate the ACA certificate * @param structConverter the struct converter * @param certificateManager the certificate manager + * @param referenceManifestManager the referenceManifestManager * @param deviceRegister the device register * @param validDays the number of days issued certs are valid * @param deviceManager the device manager @@ -48,12 +50,14 @@ public class RestfulAttestationCertificateAuthority final PrivateKey privateKey, final X509Certificate acaCertificate, final StructConverter structConverter, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final DeviceRegister deviceRegister, final DeviceManager deviceManager, final DBManager tpm2ProvisionerStateDBManager, @Value("${aca.certificates.validity}") final int validDays) { super(supplyChainValidationService, privateKey, acaCertificate, structConverter, - certificateManager, deviceRegister, validDays, deviceManager, + certificateManager, referenceManifestManager, + deviceRegister, validDays, deviceManager, tpm2ProvisionerStateDBManager); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 3f29e5b6..7de76cfe 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -5,6 +5,11 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; + +import hirs.data.persist.TPMMeasurementRecord; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.SwidResource; +import hirs.validation.SupplyChainCredentialValidator; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; @@ -32,8 +37,10 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.certificate.IssuedAttestationCertificate; +import hirs.data.persist.ReferenceManifest; import hirs.persist.AppraiserManager; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.CertificateSelector; import hirs.persist.CrudManager; import hirs.persist.DBManagerException; @@ -43,11 +50,15 @@ import hirs.validation.CredentialValidator; import java.util.HashMap; import java.util.Map; +import static hirs.data.persist.AppraisalStatus.Status.FAIL; +import static hirs.data.persist.AppraisalStatus.Status.PASS; + /** - * The main executor of supply chain verification tasks. The AbstractAttestationCertificateAuthority - * will feed it the PC, EC, other relevant certificates, and serial numbers of the provisioning - * task, and it will then manipulate the data as necessary, retrieve useful certs, and arrange - * for actual validation by the SupplyChainValidator. + * The main executor of supply chain verification tasks. The + * AbstractAttestationCertificateAuthority will feed it the PC, EC, other + * relevant certificates, and serial numbers of the provisioning task, and it + * will then manipulate the data as necessary, retrieve useful certs, and + * arrange for actual validation by the SupplyChainValidator. */ @Service @Import(PersistenceConfiguration.class) @@ -55,19 +66,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe private PolicyManager policyManager; private AppraiserManager appraiserManager; + private ReferenceManifestManager referenceManifestManager; private CertificateManager certificateManager; private CredentialValidator supplyChainCredentialValidator; private CrudManager supplyChainValidatorSummaryManager; - private static final Logger LOGGER = - LogManager.getLogger(SupplyChainValidationServiceImpl.class); - + private static final Logger LOGGER + = LogManager.getLogger(SupplyChainValidationServiceImpl.class); /** * Constructor. + * * @param policyManager the policy manager * @param appraiserManager the appraiser manager * @param certificateManager the cert manager + * @param referenceManifestManager the RIM manager * @param supplyChainValidatorSummaryManager the summary manager * @param supplyChainCredentialValidator the credential validator */ @@ -75,19 +88,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe public SupplyChainValidationServiceImpl(final PolicyManager policyManager, final AppraiserManager appraiserManager, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final CrudManager supplyChainValidatorSummaryManager, final CredentialValidator supplyChainCredentialValidator) { this.policyManager = policyManager; this.appraiserManager = appraiserManager; this.certificateManager = certificateManager; + this.referenceManifestManager = referenceManifestManager; this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager; this.supplyChainCredentialValidator = supplyChainCredentialValidator; } /** - * The "main" method of supply chain validation. Takes the credentials from an identity - * request and validates the supply chain in accordance to the current supply chain - * policy. + * The "main" method of supply chain validation. Takes the credentials from + * an identity request and validates the supply chain in accordance to the + * current supply chain policy. * * @param ec The endorsement credential from the identity request. * @param pcs The platform credentials from the identity request. @@ -96,8 +111,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe */ @Override public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec, - final Set pcs, - final Device device) { + final Set pcs, + final Device device) { final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( SupplyChainAppraiser.NAME); SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy( @@ -163,7 +178,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL, AppraisalStatus.Status.FAIL, "Platform credential(s) missing." - + " Cannot validate attributes", + + " Cannot validate attributes", null, Level.ERROR)); } else { Iterator it = pcs.iterator(); @@ -173,11 +188,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (pc != null) { if (pc.isDeltaChain()) { - // this check validates the delta changes and recompares - // the modified list to the original. + // this check validates the delta changes and recompares + // the modified list to the original. attributeScv = validateDeltaPlatformCredentialAttributes( - pc, device.getDeviceInfo(), - baseCredential, deltaMapping); + pc, device.getDeviceInfo(), + baseCredential, deltaMapping); } else { attributeScv = validatePlatformCredentialAttributes( pc, device.getDeviceInfo(), ec); @@ -186,16 +201,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (platformScv != null) { // have to make sure the attribute validation isn't ignored and // doesn't override general validation status - if (platformScv.getResult() == AppraisalStatus.Status.PASS - && attributeScv.getResult() != AppraisalStatus.Status.PASS) { + if (platformScv.getResult() == PASS + && attributeScv.getResult() != PASS) { // if the platform trust store validated but the attribute didn't // replace validations.remove(platformScv); validations.add(attributeScv); - } else if ((platformScv.getResult() == AppraisalStatus.Status.PASS - && attributeScv.getResult() == AppraisalStatus.Status.PASS) - || (platformScv.getResult() != AppraisalStatus.Status.PASS - && attributeScv.getResult() != AppraisalStatus.Status.PASS)) { + } else if ((platformScv.getResult() == PASS + && attributeScv.getResult() == PASS) + || (platformScv.getResult() != PASS + && attributeScv.getResult() != PASS)) { // if both trust store and attributes validated or failed // combine messages validations.remove(platformScv); @@ -219,18 +234,20 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // may need to associated with device to pull the correct info // compare tpm quote with what is pulled from RIM associated file IssuedAttestationCertificate attCert = IssuedAttestationCertificate - .select(this.certificateManager) - .byDeviceId(device.getId()) - .getCertificate(); + .select(this.certificateManager) + .byDeviceId(device.getId()) + .getCertificate(); + PlatformCredential pc = PlatformCredential + .select(this.certificateManager) + .byDeviceId(device.getId()) + .getCertificate(); - if (attCert != null) { - LOGGER.error(attCert.getPcrValues()); - } + validations.add(validateFirmware(pc, attCert)); } // Generate validation summary, save it, and return it. - SupplyChainValidationSummary summary = - new SupplyChainValidationSummary(device, validations); + SupplyChainValidationSummary summary + = new SupplyChainValidationSummary(device, validations); if (baseCredential != null) { baseCredential.setComponentFailures(summary.getMessage()); this.certificateManager.update(baseCredential); @@ -243,10 +260,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return summary; } + /** + * TDM: I need to compare the manufacturer id, name and model load + * that RIM file and associated eventlog, pull that flag for sha 1 + * or 256 and then compare pcrs + */ + /** - * This method is a sub set of the validate supply chain method and focuses on the specific - * multibase validation check for a delta chain. This method also includes the check - * for delta certificate CA validation as well. + * This method is a sub set of the validate supply chain method and focuses + * on the specific multibase validation check for a delta chain. This method + * also includes the check for delta certificate CA validation as well. * * @param pc The platform credential getting checked * @param platformScv The validation record @@ -266,7 +289,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // if it is, then update the SupplyChainValidation message and result if (result) { String message = "Multiple Base certificates found in chain."; - if (!platformScv.getResult().equals(AppraisalStatus.Status.PASS)) { + if (!platformScv.getResult().equals(PASS)) { message = String.format("%s,%n%s", platformScv.getMessage(), message); } subPlatformScv = buildValidationRecord( @@ -299,8 +322,93 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return subPlatformScv; } + private SupplyChainValidation validateFirmware(final PlatformCredential pc, + final IssuedAttestationCertificate attCert) { + + TPMBaseline tpmBline; + String[] baseline = new String[Integer.SIZE]; + Level level = Level.ERROR; + AppraisalStatus fwStatus; + + if (attCert != null) { + LOGGER.error(attCert.getPcrValues()); + String[] pcrsSet = attCert.getPcrValues().split("\\+"); + String[] pcrs1 = pcrsSet[0].split("\\n"); + String[] pcrs256 = pcrsSet[1].split("\\n"); + for (int i = 0; i < pcrs1.length; i++) { + if (pcrs1[i].contains(":")) { + pcrs1[i].split(":"); + } + } + + for (int i = 0; i < pcrs256.length; i++) { + if (pcrs256[i].contains(":")) { + pcrs256[i].split(":"); + } + } + + ReferenceManifest rim = ReferenceManifest.select( + this.referenceManifestManager) + .byManufacturer(pc.getManufacturer()) + .getRIM(); + + if (rim == null) { + fwStatus = new AppraisalStatus(FAIL, String.format("Firmware validation failed: " + + "No associated RIM file could be found for %s", + pc.getManufacturer())); + } else { + StringBuilder sb = new StringBuilder(); + fwStatus = new AppraisalStatus(PASS, + SupplyChainCredentialValidator.FIRMWARE_VALID); + String failureMsg = "Firmware validation failed: PCR %d does not" + + " match%n%tBaseline [%s] <> Device [%s]%n"; + + List swids = rim.parseResource(); + for (SwidResource swid : swids) { + baseline = swid.getPcrValues() + .toArray(new String[swid.getPcrValues().size()]); + } + /** + * baseline is null. The purpose of the if check was to + * determine to process doing pcrs1 or pcrs256. So I have to + * rethink this. + * + * this goes back to not knowing if I should do one or the other + * and how to make that a setting of some kind. + */ + if (baseline[0].length() == pcrs1[0].length()) { + for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { + if (!baseline[i].equals(pcrs1[i])) { + sb.append(String.format(failureMsg, i, baseline[i], pcrs1[i])); + break; + } + } + } else if (baseline[0].length() == pcrs256[0].length()) { + for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { + if (!baseline[i].equals(pcrs256[i])) { + sb.append(String.format(failureMsg, i, baseline[i], pcrs256[i])); + break; + } + } + } + if (sb.length() > 0) { + level = Level.ERROR; + fwStatus = new AppraisalStatus(FAIL, sb.toString()); + } else { + level = Level.INFO; + } + } + } else { + fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation" + + " Certificate can not be found."); + } + + return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE, + fwStatus.getAppStatus(), fwStatus.getMessage(), pc, level); + } + private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec, - final boolean acceptExpiredCerts) { + final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL; LOGGER.info("Validating endorsement credential"); @@ -316,14 +424,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe validateEndorsementCredential(ec, ecStore, acceptExpiredCerts); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), ec, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), ec, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), ec, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), ec, Level.ERROR); @@ -331,9 +437,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc, - final KeyStore - trustedCertificateAuthority, - final boolean acceptExpiredCerts) { + final KeyStore trustedCertificateAuthority, + final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -347,14 +452,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe trustedCertificateAuthority, acceptExpiredCerts); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), pc, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), pc, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), pc, Level.ERROR); @@ -362,8 +465,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validatePlatformCredentialAttributes(final PlatformCredential pc, - final DeviceInfoReport deviceInfoReport, - final EndorsementCredential ec) { + final DeviceInfoReport deviceInfoReport, + final EndorsementCredential ec) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -378,14 +481,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe validatePlatformCredentialAttributes(pc, deviceInfoReport, ec); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), pc, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), pc, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), pc, Level.ERROR); @@ -397,8 +498,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe final DeviceInfoReport deviceInfoReport, final PlatformCredential base, final Map deltaMapping) { - final SupplyChainValidation.ValidationType validationType = - SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; + final SupplyChainValidation.ValidationType validationType + = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; if (delta == null) { LOGGER.error("No delta certificate to validate"); @@ -412,14 +513,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe base, deltaMapping); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), delta, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), delta, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), delta, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), delta, Level.ERROR); @@ -427,8 +526,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * Creates a supply chain validation record and logs the validation - * message at the specified log level. + * Creates a supply chain validation record and logs the validation message + * at the specified log level. + * * @param validationType the type of validation * @param result the appraisal status * @param message the validation message to include in the summary and log @@ -451,18 +551,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * This method is used to retrieve the entire CA chain (up to a - * trusted self-signed certificate) for the given certificate. This method will look up - * CA certificates that have a matching issuer organization as the given certificate, and will - * perform that operation recursively until all certificates for all relevant organizations - * have been retrieved. For that reason, the returned set of certificates may be larger - * than the the single trust chain for the queried certificate, but is guaranteed to include - * the trust chain if it exists in this class' CertificateManager. + * This method is used to retrieve the entire CA chain (up to a trusted + * self-signed certificate) for the given certificate. This method will look + * up CA certificates that have a matching issuer organization as the given + * certificate, and will perform that operation recursively until all + * certificates for all relevant organizations have been retrieved. For that + * reason, the returned set of certificates may be larger than the the + * single trust chain for the queried certificate, but is guaranteed to + * include the trust chain if it exists in this class' CertificateManager. * Returns the certificate authority credentials in a KeyStore. * * @param credential the credential whose CA chain should be retrieved - * @return A keystore containing all relevant CA credentials to the given certificate's - * organization or null if the keystore can't be assembled + * @return A keystore containing all relevant CA credentials to the given + * certificate's organization or null if the keystore can't be assembled */ public KeyStore getCaChain(final Certificate credential) { KeyStore caKeyStore = null; @@ -475,33 +576,37 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * This is a recursive method which is used to retrieve the entire CA chain (up to a - * trusted self-signed certificate) for the given certificate. This method will look up - * CA certificates that have a matching issuer organization as the given certificate, and will - * perform that operation recursively until all certificates for all relevant organizations - * have been retrieved. For that reason, the returned set of certificates may be larger - * than the the single trust chain for the queried certificate, but is guaranteed to include - * the trust chain if it exists in this class' CertificateManager. + * This is a recursive method which is used to retrieve the entire CA chain + * (up to a trusted self-signed certificate) for the given certificate. This + * method will look up CA certificates that have a matching issuer + * organization as the given certificate, and will perform that operation + * recursively until all certificates for all relevant organizations have + * been retrieved. For that reason, the returned set of certificates may be + * larger than the the single trust chain for the queried certificate, but + * is guaranteed to include the trust chain if it exists in this class' + * CertificateManager. * - * Implementation notes: - * 1. Queries for CA certs with a subject org matching the given (argument's) issuer org - * 2. Add that org to queriedOrganizations, so we don't search for that organization again - * 3. For each returned CA cert, add that cert to the result set, and recurse with that as the - * argument (to go up the chain), if and only if we haven't already queried for that - * organization (which prevents infinite loops on certs with an identical subject and - * issuer org) + * Implementation notes: 1. Queries for CA certs with a subject org matching + * the given (argument's) issuer org 2. Add that org to + * queriedOrganizations, so we don't search for that organization again 3. + * For each returned CA cert, add that cert to the result set, and recurse + * with that as the argument (to go up the chain), if and only if we haven't + * already queried for that organization (which prevents infinite loops on + * certs with an identical subject and issuer org) * * @param credential the credential whose CA chain should be retrieved - * @param previouslyQueriedOrganizations a list of organizations to refrain from querying - * @return a Set containing all relevant CA credentials to the given certificate's organization + * @param previouslyQueriedOrganizations a list of organizations to refrain + * from querying + * @return a Set containing all relevant CA credentials to the given + * certificate's organization */ private Set getCaChainRec( final Certificate credential, final Set previouslyQueriedOrganizations ) { - CertificateSelector caSelector = - CertificateAuthorityCredential.select(certificateManager) - .bySubjectOrganization(credential.getIssuerOrganization()); + CertificateSelector caSelector + = CertificateAuthorityCredential.select(certificateManager) + .bySubjectOrganization(credential.getIssuerOrganization()); Set certAuthsWithMatchingOrg = caSelector.getCertificates(); Set queriedOrganizations = new HashSet<>(previouslyQueriedOrganizations); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java index 61b18e5c..34480353 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java @@ -130,7 +130,7 @@ public class AbstractAttestationCertificateAuthorityTest { @BeforeTest public void setup() { aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(), - null, null, null, null, 1, + null, null, null, null, null, 1, null, null) { }; } diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java index 34f022d4..079547de 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java @@ -398,6 +398,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -451,6 +452,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -495,6 +497,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -530,6 +533,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -588,6 +592,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -633,6 +638,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -683,6 +689,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, new SupplyChainCredentialValidator() ); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java index acbdf711..9f3b4f08 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java @@ -153,6 +153,17 @@ public class CertificateRequestPageController extends PageController { try { SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model); - //If PC Validation is enabled without EC Validation, disallow change -// if (!isPolicyValid(firmwareValidationOptionEnabled, - //policy.isFirmwareValidationEnabled(), -// policy.isFirmwareValidationEnabled())) { -// handleUserError(model, messages, -// "To disable Endorsement Credential Validation, Platform Validation" -// + " must also be disabled."); -// return redirectToSelf(new NoPageParams(), model, attr); -// } + //If firmware is enabled without PC attributes, disallow change + if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) { + handleUserError(model, messages, + "Firmware validation can not be " + + "enabled without PC Attributes policy enabled."); + return redirectToSelf(new NoPageParams(), model, attr); + } // set the policy option and create success message if (firmwareValidationOptionEnabled) { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 75ec1fc8..9aa17a82 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -225,6 +225,10 @@ public class ReferenceManifestPageController messages, rim, referenceManifestManager); + + for (SwidResource swidRes : rim.parseResource()) { + System.out.println("testing this section!"); + } } } diff --git a/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java b/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java index 88938e6f..ab3bdafa 100644 --- a/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java +++ b/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java @@ -21,7 +21,7 @@ import java.util.Enumeration; import hirs.DeviceInfoReportRequest; import hirs.collector.CollectorException; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.OSName; +import hirs.data.persist.enums.OSName; /** * Unit tests for DeviceInfoCollector. diff --git a/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java b/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java index 9d4629c7..70e2309d 100644 --- a/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java +++ b/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java @@ -2,12 +2,12 @@ package hirs.provisioner.client; import hirs.client.collector.DeviceInfoCollector; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.OSName; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.enums.OSName; +import hirs.data.persist.info.TPMInfo; import hirs.structs.converters.StructConverter; import hirs.structs.elements.tpm.AsymmetricPublicKey; import hirs.tpm.tss.Tpm; diff --git a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java index 0edb16c4..168e6162 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java +++ b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java @@ -7,9 +7,9 @@ import hirs.alert.resolve.IgnoreAlertResolver; import hirs.alert.resolve.RemoveFromIMABaselineAlertResolver; import hirs.alert.resolve.RemoveFromTPMBaselineAlertResolver; import hirs.alert.resolve.RequestNewReportAlertResolver; -import hirs.data.persist.Baseline; -import hirs.data.persist.SimpleImaBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; /** * Specifies actions that can be taken to resolve an Alert. diff --git a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java index 51b04ad8..8b08cb72 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java +++ b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java @@ -6,19 +6,17 @@ import hirs.appraiser.IMAAppraiser; import hirs.appraiser.TPMAppraiser; import hirs.data.persist.Alert; import hirs.alert.resolve.AlertResolverFactory; -import static hirs.data.persist.Alert.AlertType.WHITE_LIST_PCR_MISMATCH; -import static hirs.data.persist.Alert.AlertType.REQUIRED_SET_MISMATCH; -import static hirs.data.persist.Alert.AlertType.UNKNOWN_FILE; -import static hirs.data.persist.Alert.AlertType.WHITELIST_MISMATCH; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ImaIgnoreSetBaseline; -import hirs.data.persist.TPMBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.TPMBaseline; import hirs.data.persist.TPMPolicy; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import hirs.persist.AppraiserManager; import hirs.persist.DeviceManager; import hirs.persist.PolicyManager; @@ -90,7 +88,7 @@ public class AlertResolutionService { // the same, so take them from the first alert DeviceGroup deviceGroup = deviceManager.getDevice(alerts.get(0).getDeviceName()) .getDeviceGroup(); - Alert.Source source = alerts.get(0).getSource(); + AlertSource source = alerts.get(0).getSource(); // build a list of resolution options specific to the alert source LOGGER.debug(String.format("source of alerts is %s", source.toString())); @@ -122,8 +120,8 @@ public class AlertResolutionService { List options = new ArrayList<>(); Device device = null; - Alert.Source sharedSource = null; - Alert.Source currentSource = null; + AlertSource sharedSource = null; + AlertSource currentSource = null; DeviceGroup sharedDeviceGroup = null; DeviceGroup currentDeviceGroup = null; @@ -191,14 +189,14 @@ public class AlertResolutionService { boolean canAddToBaseline = true; - Alert.AlertType alertType; + AlertType alertType; for (Alert alert : alertList) { alertType = alert.getType(); // addToBaseline only helps if each alert would be fixed by adding a record - if (!alertType.equals(WHITELIST_MISMATCH) - && !alertType.equals(REQUIRED_SET_MISMATCH) - && !alertType.equals(UNKNOWN_FILE)) { + if (!alertType.equals(AlertType.WHITELIST_MISMATCH) + && !alertType.equals(AlertType.REQUIRED_SET_MISMATCH) + && !alertType.equals(AlertType.UNKNOWN_FILE)) { LOGGER.debug("cannot add ima record to baseline to resolve alert because alert is" + " type {}", alertType); canAddToBaseline = false; @@ -269,7 +267,7 @@ public class AlertResolutionService { // should only attempt to add to the baseline if all the alerts are of // the type WHITE_LIST_PCR_MISMATCH for (Alert alert : alertList) { - if (!alert.getType().equals(WHITE_LIST_PCR_MISMATCH)) { + if (!alert.getType().equals(AlertType.WHITE_LIST_PCR_MISMATCH)) { canEditBaseline = false; break; } diff --git a/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java b/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java index f8d24bfb..98925165 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java +++ b/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java @@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.fasterxml.jackson.databind.ObjectMapper; +import hirs.data.persist.enums.AlertSeverity; import java.util.Optional; import java.util.UUID; @@ -88,7 +89,7 @@ public class JsonAlertService extends ManagedAlertService { items.put("hostname", InetAddress.getLocalHost().getHostName()); items.put("source", "PORTAL"); items.put("type", "Test JSON"); - items.put("severity", Alert.Severity.INFO.toString()); + items.put("severity", AlertSeverity.INFO.toString()); items.put("details", "This is a test alert sent by the HIRS portal."); return send(jsonMonitor, buildJson(items)); diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java index d8e19f9f..91632da8 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.springframework.stereotype.Component; /** diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java index 5825ef5f..b70487a8 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.alert.AlertResolutionAction; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.persist.BaselineManager; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java index 6f0770fa..07c3598d 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java @@ -1,8 +1,8 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.persist.ImaBaselineRecordManager; import org.springframework.beans.factory.annotation.Autowired; diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java index 611dde6f..9ad5b78d 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.springframework.stereotype.Component; /** diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java index 3297f480..b86bbdb0 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java @@ -2,8 +2,8 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.TPMBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.TPMBaseline; import hirs.data.persist.TPMMeasurementRecord; import java.util.HashSet; import java.util.Set; diff --git a/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java b/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java index 173b9cfe..48e3e7f8 100644 --- a/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java +++ b/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java @@ -4,13 +4,13 @@ import hirs.DeviceInfoReportRequest; import hirs.ReportRequest; import hirs.collector.CollectorException; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.OSName; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.enums.OSName; import hirs.data.persist.Report; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java b/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java index 37d2b63d..6ebe421f 100644 --- a/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java +++ b/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java @@ -3,7 +3,7 @@ package hirs.data.bean; import java.util.Date; import java.util.UUID; -import hirs.data.persist.Alert; +import hirs.data.persist.enums.AlertSeverity; /** * Provides a bean that can be used to encapsulate simple baseline data. @@ -12,7 +12,7 @@ public class SimpleBaselineBean { private UUID id; private Date createTime; private String name; - private Alert.Severity severity; + private AlertSeverity severity; private String type; /** @@ -43,7 +43,7 @@ public class SimpleBaselineBean { * Get the severity. * @return Alert.Severity. */ - public Alert.Severity getSeverity() { + public AlertSeverity getSeverity() { return severity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java b/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java index a2e3d819..4d7cc5a4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.enums.DigestAlgorithm; import java.util.Arrays; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -8,6 +10,7 @@ import javax.xml.bind.DatatypeConverter; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; +import org.apache.logging.log4j.LogManager; /** * This abstract class represents a message digest. Extending classes include @@ -19,6 +22,8 @@ import org.apache.commons.lang3.ArrayUtils; * (see {@link ImaBlacklistRecord} for reference.) */ public abstract class AbstractDigest { + private static final org.apache.logging.log4j.Logger LOGGER = + LogManager.getLogger(AbstractDigest.class); /** * Length of MD2 digest. */ @@ -60,8 +65,7 @@ public abstract class AbstractDigest { } if (ArrayUtils.isEmpty(digest)) { - final String msg = "Digest must have at least one byte"; - throw new IllegalArgumentException(msg); + throw new IllegalArgumentException("Digest must have at least one byte"); } if (digest.length != algorithm.getLengthInBytes()) { @@ -69,6 +73,51 @@ public abstract class AbstractDigest { } } + /** + * This method will help class determine the algorithm associated with the + * pcr values given. + * + * @param digest list of pcr values. + * @return the associated algorithm. + */ + public static final DigestAlgorithm getDigestAlgorithm(final byte[] digest) { + if (digest == null || ArrayUtils.isEmpty(digest)) { + return DigestAlgorithm.UNSPECIFIED; + } + + switch (digest.length) { + case MD2_DIGEST_LENGTH: + return DigestAlgorithm.MD5; + case SHA1_DIGEST_LENGTH: + return DigestAlgorithm.SHA1; + case SHA256_DIGEST_LENGTH: + return DigestAlgorithm.SHA256; + case SHA384_DIGEST_LENGTH: + return DigestAlgorithm.SHA384; + case SHA512_DIGEST_LENGTH: + return DigestAlgorithm.SHA512; + default: + return DigestAlgorithm.UNSPECIFIED; + } + } + + /** + * This method will help class determine the algorithm associated with the + * pcr values given. + * + * @param digest list of pcr values. + * @return the associated algorithm. + */ + public static final DigestAlgorithm getDigestAlgorithm(final String digest) { + try { + return getDigestAlgorithm(Hex.decodeHex(digest.toCharArray())); + } catch (Exception deEx) { + LOGGER.error(deEx); + } + + return DigestAlgorithm.UNSPECIFIED; + } + /** * Retrieves the DigestAlgorithm that identifies which hash * function generated the digest. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java b/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java index a8fbf3a6..71db4936 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.CollectionTable; @@ -16,7 +20,6 @@ import javax.persistence.Table; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlType; import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -68,7 +71,7 @@ public class Alert extends ArchivableEntity { @Column(name = "source") @Enumerated(EnumType.STRING) - private Source source = Source.UNSPECIFIED; + private AlertSource source = AlertSource.UNSPECIFIED; @Column(name = "type") @Enumerated(EnumType.STRING) @@ -82,231 +85,7 @@ public class Alert extends ArchivableEntity { @Column(name = "severity") @Enumerated(EnumType.STRING) - private Severity severity = Severity.UNSPECIFIED; - - /** - * The 'source' of the Alert, which is a string enumeration - * representing the component within the HIRS system that caused the - * Alert to be generated. For example, if a record mismatch is - * detected by the IMAAppraiser, the source of the - * Alert will be "IMAAppraiser". In some cases the class name - * may be used, and in other cases a more abstract name may be used to - * provide clarity to the user, such as the REPORT_PROCESSOR - * type, which can come from the SOAPMessageProcessor, the - * SOAPReportProcessor, or the HIRSAppraiser. - */ - @XmlType(name = "AlertSource") - public enum Source { - /** - * The alerts generated from an unspecified source. - */ - UNSPECIFIED, - /** - * Alerts generated within SOAPMessageProcessor, - * SOAPReportProcessor, or HIRSAppraiser will - * all use the same source. This makes sense right now because those - * Alerts will all be related to Reports that do not match - * the expected format. - */ - REPORT_PROCESSOR, - /** - * Alerts generated within the IMAAppraiser. - */ - IMA_APPRAISER, - /** - * Alerts generated within the TPMAppraiser. - */ - TPM_APPRAISER, - /** - * Alerts generated within OnDemandReportRequestManager. - */ - REPORT_REQUESTOR - } - - - - /** - * The 'type' of the Alert, which is the category of problem identified by - * the 'source'. - */ - @XmlType(name = "AlertType") - public enum AlertType { - /** - * The alert type has not been specified. - */ - UNSPECIFIED, - - /** - * The Report does not contain the necessary elements or it - * contains certain unnecessary elements. - */ - MALFORMED_REPORT, - - /** - * The Report does not contain the correct - * TPMMeasurementRecords or the PCR values are not correct. - */ - WHITE_LIST_PCR_MISMATCH, - - /** - * The Report contains a TPMMeasurementRecord - * matching a TPM BlackList. - */ - BLACK_LIST_PCR_MATCH, - - /** - * The TPMReport does not contain a valid nonce. - */ - INVALID_NONCE, - - /** - * The TPMReport does not contain a valid TPM Quote (PCR Digest). - */ - INVALID_TPM_QUOTE, - - /** - * The TPMReport does not contain a valid signature. - */ - INVALID_SIGNATURE, - - /** - * The TPMReport does not contain a valid certificate. - */ - INVALID_CERTIFICATE, - - /** - * The IMAReport contains a whitelist hash mismatch. - */ - WHITELIST_MISMATCH, - - /** - * The IMAReport contains a required set hash mismatch. - */ - REQUIRED_SET_MISMATCH, - - /** - * The Report is missing a required record. - */ - MISSING_RECORD, - - /** - * The IMAReport contains an unknown filepath. - */ - UNKNOWN_FILE, - - /** - * The client's ReportRequest query messages missing. - */ - REPORT_REQUESTS_MISSING, - - /** - * Client periodic IntegrityReport missing. - */ - PERIODIC_REPORT_MISSING, - - /** - * On-demand IntegrityReport missing. - */ - ON_DEMAND_REPORT_MISSING, - - /** - * The client sent a report that indicates IMA was not enabled correctly. - */ - IMA_MISCONFIGURED, - - /** - * PCR mismatches and device info changes indicated a kernel update. - */ - KERNEL_UPDATE_DETECTED, - - /** - * The Report does not contain the correct - * TPMMeasurementRecords associated with IMA measurements. - */ - IMA_PCR_MISMATCH, - - /** - * Indicates an IMA measurement had a path which matched an entry in a blacklist baseline. - */ - IMA_BLACKLIST_PATH_MATCH, - - /** - * Indicates an IMA measurement had a hash which matched an entry in a blacklist baseline. - */ - IMA_BLACKLIST_HASH_MATCH, - - /** - * Indicates an IMA measurement had both a path and hash which matched an entry in a - * blacklist baseline. - */ - IMA_BLACKLIST_PATH_AND_HASH_MATCH, - - /** - * Indicates an IMA measurement had a path that matched an entry in a blacklist baseline, - * and also had a hash that matched another entry in the same (or another) baseline. - */ - IMA_BLACKLIST_MIXED_MATCH - } - - /** - * The 'severity' of the Alert, which is a string enumeration - * representing the predicted importance of the problem identified. - * - * A constructor with the enum is used to set a criticality number for each severity level. - * Severity levels can be compared against each other by using the getCriticality method. - * - */ - @XmlType(name = "AlertSeverity") - public enum Severity { - - /** - * Used for situations where Severity remains to be implemented or the - * exact level has not been determined for a specific use case. - */ - UNSPECIFIED(5), - /** - * Equivalent to "Ignore" or "Quiet". This is not used for general logging, - * but for Alert level messages that, in specific cases, are not applicable - * or can be or need to be ignored. - */ - INFO(10), - /** - * Applies to a non-system critical file or condition. - */ - LOW(15), - /** - * Involves a stable or system-critical file or a stable PCR value. - */ - HIGH(25), - /** - * Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious - * intent that an automated response, such as network disconnection, is warranted. - */ - SEVERE(30); - - /** - * Criticality number assigned to a severity level. - */ - private int criticality; - - /** - * Constructor used to set the criticality level. - * - * @param c criticality level - */ - Severity(final int c) { - criticality = c; - } - - /** - * Return criticality level assigned to severity level. - * - * @return criticality level - */ - int getCriticality() { - return criticality; - } - } + private AlertSeverity severity = AlertSeverity.UNSPECIFIED; /** * Creates a new Alert with the message details. The details @@ -465,7 +244,7 @@ public class Alert extends ArchivableEntity { * @see Source */ @XmlAttribute(name = "source") - public final Source getSource() { + public final AlertSource getSource() { return source; } @@ -474,7 +253,7 @@ public class Alert extends ArchivableEntity { * * @param source of this Alert */ - public final void setSource(final Source source) { + public final void setSource(final AlertSource source) { this.source = source; } @@ -574,7 +353,7 @@ public class Alert extends ArchivableEntity { * Set the severity of the alert regardless of baseline. * @param severity Alert.Severity. */ - public final void setSeverity(final Alert.Severity severity) { + public final void setSeverity(final AlertSeverity severity) { // only overwrite severity if the new one is non-null if (severity != null) { this.severity = severity; @@ -602,7 +381,7 @@ public class Alert extends ArchivableEntity { * @see Severity */ @XmlAttribute(name = "severity") - public final Severity getSeverity() { + public final AlertSeverity getSeverity() { return severity; } @@ -635,8 +414,8 @@ public class Alert extends ArchivableEntity { * @return prioritized severity level based on criticality * */ - private Alert.Severity getPrioritizedSeverityLevel(final Alert.Severity checkSeverity) { - Alert.Severity severityLevel = this.severity; + private AlertSeverity getPrioritizedSeverityLevel(final AlertSeverity checkSeverity) { + AlertSeverity severityLevel = this.severity; if (severityLevel.getCriticality() < checkSeverity.getCriticality()) { severityLevel = checkSeverity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java b/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java index 565e84d6..75f50a5a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.CertificateValidationStatus; + /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Device.java b/HIRS_Utils/src/main/java/hirs/data/persist/Device.java index 934ae142..8a5a9c26 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Device.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Device.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import hirs.DeviceGroupSerializer; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java index 239f0548..0539922d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.persist.ScheduledJobInfo; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java index 990fae3a..104962a2 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import static org.apache.logging.log4j.LogManager.getLogger; import javax.persistence.Column; @@ -34,6 +40,18 @@ public class DeviceInfoReport extends Report implements Serializable { * A variable used to describe unavailable hardware, firmware, or OS info. */ public static final String NOT_SPECIFIED = "Not Specified"; + /** + * Constant variable representing the various Short sized strings. + */ + public static final int SHORT_STRING_LENGTH = 32; + /** + * Constant variable representing the various Medium sized strings. + */ + public static final int MED_STRING_LENGTH = 64; + /** + * Constant variable representing the various Long sized strings. + */ + public static final int LONG_STRING_LENGTH = 255; @XmlElement @Embedded diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java b/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java index e5e5e319..dcc2a691 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; @@ -77,6 +78,14 @@ public final class Digest extends AbstractDigest { this.digest = Arrays.copyOf(digest, digest.length); } + /** + * Creates a new Digest when an algorithm isn't specified. + * @param digest byte array value + */ + public Digest(final byte[] digest) { + this(AbstractDigest.getDigestAlgorithm(digest), digest); + } + /** * Default constructor necessary for Hibernate. */ diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java index a34d8aa1..96c486c1 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java index 9cf28550..b8a34210 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.AlertSource; import org.hibernate.criterion.Criterion; import org.hibernate.criterion.Restrictions; @@ -197,7 +198,7 @@ public class IMADeviceState extends DeviceState { @Override public Criterion getDeviceTrustAlertCriterion() { Criterion createTimeRestriction = Restrictions.ge("createTime", mostRecentFullReportDate); - Criterion sourceRestriction = Restrictions.eq("source", Alert.Source.IMA_APPRAISER); + Criterion sourceRestriction = Restrictions.eq("source", AlertSource.IMA_APPRAISER); return Restrictions.and(createTimeRestriction, sourceRestriction); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java index e5f5f99c..fd2b772c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import com.fasterxml.jackson.annotation.JsonIgnore; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java index c46cb290..4a68af55 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.HasBaselines; +import hirs.data.persist.baseline.Baseline; import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java index b758f493..372c3266 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.enums.AlertType; import org.apache.commons.lang3.StringUtils; import javax.persistence.Entity; @@ -97,8 +100,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { public ImaBlacklistRecord( final String path, final Digest hash, - final String description - ) { + final String description) { this(path, hash, description, null); } @@ -125,8 +127,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { final String path, final Digest hash, final String description, - final ImaBlacklistBaseline baseline - ) { + final ImaBlacklistBaseline baseline) { super(path, hash, description); if (path == null && hash == null) { throw new IllegalArgumentException("Cannot instantiate with both a null path and hash"); @@ -171,13 +172,13 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { * * @return the alert match type */ - public Alert.AlertType getAlertMatchType() { + public AlertType getAlertMatchType() { if (getPath() == null) { - return Alert.AlertType.IMA_BLACKLIST_HASH_MATCH; + return AlertType.IMA_BLACKLIST_HASH_MATCH; } else if (getHash() == null) { - return Alert.AlertType.IMA_BLACKLIST_PATH_MATCH; + return AlertType.IMA_BLACKLIST_PATH_MATCH; } else { - return Alert.AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH; + return AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH; } } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java index a1b31567..d53f68e4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java @@ -5,6 +5,8 @@ */ package hirs.data.persist; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.JoinColumn; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java b/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java index c5fe36c8..ae31138a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.Column; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 8c341709..bd1f869d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -89,6 +89,12 @@ public class ReferenceManifest extends ArchivableEntity { public Selector(final ReferenceManifestManager referenceManifestManager) { super(referenceManifestManager); } + + /** + * Specify a manufacturer that certificates must have to be considered as matching. + * @param rimType the manufacturer to query, not empty or null + * @return this instance (for chaining further calls) + */ } @Column @@ -303,9 +309,10 @@ public class ReferenceManifest extends ArchivableEntity { if (rimBytes != null && elementName != null) { try { SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(this.rimBytes)); + JAXBElement element; for (Object object : si.getEntityOrEvidenceOrLink()) { if (object instanceof JAXBElement) { - JAXBElement element = (JAXBElement) object; + element = (JAXBElement) object; if (element.getName().getLocalPart().equals(elementName)) { // found the element baseElement = (BaseElement) element.getValue(); @@ -407,11 +414,11 @@ public class ReferenceManifest extends ArchivableEntity { for (FilesystemItem fsi : directory.getDirectoryOrFile()) { if (fsi != null) { resources.add(new SwidResource( - (hirs.utils.xjc.File) fsi)); + (hirs.utils.xjc.File) fsi, null)); } } } else if (meta instanceof hirs.utils.xjc.File) { - resources.add(new SwidResource((hirs.utils.xjc.File) meta)); + resources.add(new SwidResource((hirs.utils.xjc.File) meta, null)); } } } @@ -429,13 +436,13 @@ public class ReferenceManifest extends ArchivableEntity { * This method unmarshalls the swidtag found at [path] and validates it * according to the schema. * - * @param path to the input swidtag + * @param stream to the input swidtag * @return the SoftwareIdentity element at the root of the swidtag * @throws IOException if the swidtag cannot be unmarshalled or validated */ private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException { JAXBElement jaxbe = null; - Schema schema = null; + Schema schema; try { schema = DBReferenceManifestManager.getSchemaObject(); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java b/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java index 9bad68c8..ae0d52d5 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java @@ -1,14 +1,28 @@ package hirs.data.persist; import com.google.common.base.Preconditions; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.tpm.eventlog.TCGEventLogProcessor; import hirs.utils.xjc.File; +import java.io.IOException; import java.util.Map; import java.util.List; import java.util.LinkedHashMap; import java.util.Collections; import java.math.BigInteger; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.text.DecimalFormat; +import java.util.Arrays; import javax.xml.namespace.QName; +import org.apache.commons.codec.DecoderException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * This object is used to represent the content of a Swid Tags Directory @@ -16,6 +30,8 @@ import javax.xml.namespace.QName; */ public class SwidResource { + private static final Logger LOGGER = LogManager.getLogger(SwidResource.class); + private static final String CATALINA_HOME = System.getProperty("catalina.base"); private static final String TOMCAT_UPLOAD_DIRECTORY = "/webapps/HIRS_AttestationCAPortal/upload/"; @@ -30,6 +46,8 @@ public class SwidResource { private String rimFormat, rimType, rimUriGlobal, hashValue; private List pcrValues; + private TpmWhiteListBaseline tpmWhiteList; + private DigestAlgorithm digest = DigestAlgorithm.SHA1; /** * Default constructor. @@ -46,15 +64,17 @@ public class SwidResource { /** * The main constructor that processes a {@code hirs.utils.xjc.File}. + * * @param file {@link hirs.utils.xjc.File} + * @param digest algorithm associated with pcr values */ - public SwidResource(final File file) { + public SwidResource(final File file, final DigestAlgorithm digest) { Preconditions.checkArgument(file != null, "Cannot construct a RIM Resource from a null File object"); this.name = file.getName(); // at this time, there is a possibility to get an object with - // not size even though it is required. + // no size even though it is required. if (file.getSize() != null) { this.size = file.getSize().toString(); } else { @@ -79,10 +99,30 @@ public class SwidResource { default: } } + + this.digest = digest; + parsePcrValues(); + tpmWhiteList = new TpmWhiteListBaseline(this.name); + if (!pcrValues.isEmpty()) { + int i = 0; + for (String pcr : pcrValues) { + if (this.digest == null) { + // determine by length of pcr value + this.digest = AbstractDigest.getDigestAlgorithm(pcr); + } + try { + tpmWhiteList.addToBaseline( + new TPMMeasurementRecord(i++, pcr)); + } catch (DecoderException deEx) { + LOGGER.error(deEx); + } + } + } } /** * Getter for the file name. + * * @return string of the file name */ public String getName() { @@ -91,6 +131,7 @@ public class SwidResource { /** * Getter for the file size. + * * @return string of the file size. */ public String getSize() { @@ -99,6 +140,7 @@ public class SwidResource { /** * Getter for the RIM format for the resource. + * * @return string of the format */ public String getRimFormat() { @@ -107,6 +149,7 @@ public class SwidResource { /** * Getter for the RIM resource type. + * * @return string of the resource type. */ public String getRimType() { @@ -115,6 +158,7 @@ public class SwidResource { /** * Getter for the RIM Global URI. + * * @return string of the URI */ public String getRimUriGlobal() { @@ -122,7 +166,8 @@ public class SwidResource { } /** - * Getter for the associated Hash. + * Getter for the associated Hash of the file. + * * @return string of the hash */ public String getHashValue() { @@ -131,6 +176,7 @@ public class SwidResource { /** * Getter for the list of PCR Values. + * * @return an unmodifiable list */ public List getPcrValues() { @@ -139,6 +185,7 @@ public class SwidResource { /** * Setter for the list of associated PCR Values. + * * @param pcrValues a collection of PCRs */ public void setPcrValues(final List pcrValues) { @@ -147,6 +194,7 @@ public class SwidResource { /** * Getter for a generated map of the PCR values. + * * @return mapping of PCR# to the actual value. */ public LinkedHashMap getPcrMap() { @@ -164,4 +212,33 @@ public class SwidResource { return innerMap; } + + /** + * + */ + private void parsePcrValues() { + TCGEventLogProcessor logProcessor = new TCGEventLogProcessor(); + + try { + Path logPath = Paths.get(String.format("%s/%s", + SwidResource.RESOURCE_UPLOAD_FOLDER, + this.getName())); + if (Files.exists(logPath)) { + logProcessor = new TCGEventLogProcessor( + Files.readAllBytes(logPath)); + } + this.setPcrValues(Arrays.asList( + logProcessor.getExpectedPCRValues())); + } catch (NoSuchFileException nsfEx) { + LOGGER.error(String.format("File Not found!: %s", + this.getName())); + LOGGER.error(nsfEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException naEx) { + LOGGER.error(naEx); + } + } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java index 468bbca5..bd7e20de 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java @@ -10,6 +10,8 @@ import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; /** * Class represents a Trusted Platform Module (TPM) Platform Configuration @@ -43,15 +45,13 @@ public final class TPMMeasurementRecord extends ExaminableRecord { private final Digest hash; /** - * Constructor initializes values associated with PCRMeasurementRecord. + * Constructor initializes values associated with TPMMeasurementRecord. * - * @param pcrId - * is the TPM PCR index. pcrId must be between 0 and 23. + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. * @param hash * represents the measurement digest found at the particular PCR * index. - * @throws IllegalArgumentException - * if digest algorithm is not SHA-1 + * @throws IllegalArgumentException if pcrId is not valid */ public TPMMeasurementRecord(final int pcrId, final Digest hash) throws IllegalArgumentException { @@ -66,6 +66,30 @@ public final class TPMMeasurementRecord extends ExaminableRecord { this.hash = hash; } + /** + * Constructor initializes values associated with TPMMeasurementRecord. + * + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. + * @param hash represents the measurement digest found at the particular PCR + * index. + * @throws DecoderException if there is a decode issue with string hex. + */ + public TPMMeasurementRecord(final int pcrId, final String hash) + throws DecoderException { + this(pcrId, new Digest(Hex.decodeHex(hash.toCharArray()))); + } + + /** + * Constructor initializes values associated with TPMMeasurementRecord. + * + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. + * @param hash represents the measurement digest found at the particular PCR + * index. + */ + public TPMMeasurementRecord(final int pcrId, final byte[] hash) { + this(pcrId, new Digest(hash)); + } + /** * Helper method to determine if a PCR ID number is valid. * diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java index 5aeb3b21..63603ffc 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java @@ -1,5 +1,10 @@ package hirs.data.persist; +import hirs.data.persist.baseline.TpmBlackListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.HasBaselines; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -73,7 +78,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { @Column(nullable = false) @Enumerated(EnumType.STRING) - private Alert.Severity kernelUpdateAlertSeverity = Alert.Severity.UNSPECIFIED; + private AlertSeverity kernelUpdateAlertSeverity = AlertSeverity.UNSPECIFIED; @ManyToMany(fetch = FetchType.EAGER) @JoinTable(name = "TPMWhiteListBaselines", @@ -550,7 +555,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { * Gets the severity of kernel update alerts. * @return the severity */ - public Alert.Severity getKernelUpdateAlertSeverity() { + public AlertSeverity getKernelUpdateAlertSeverity() { return kernelUpdateAlertSeverity; } @@ -558,7 +563,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { * Sets the severity of kernel update alerts. * @param severity The desired severity of kernel update alerts. */ - public void setKernelUpdateAlertSeverity(final Alert.Severity severity) { + public void setKernelUpdateAlertSeverity(final AlertSeverity severity) { kernelUpdateAlertSeverity = severity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java index 69fab7b3..70f42b0c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java @@ -1,5 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.Digest; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.OptionalDigest; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -70,7 +73,7 @@ public abstract class AbstractImaBaselineRecord { * @throws IllegalArgumentException * if digest algorithm is not SHA-1 */ - AbstractImaBaselineRecord(final String path, final Digest hash, final String description) + public AbstractImaBaselineRecord(final String path, final Digest hash, final String description) throws IllegalArgumentException { if (hash != null && hash.getAlgorithm() != DigestAlgorithm.SHA1) { throw new IllegalArgumentException("Hash algorithm is not SHA-1"); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java index e3612e38..e502b277 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.UserDefinedEntity; +import hirs.data.persist.enums.AlertSeverity; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.Column; @@ -29,7 +31,7 @@ public abstract class Baseline extends UserDefinedEntity { @Column(nullable = false, name = "severity") @Enumerated(EnumType.STRING) - private Alert.Severity severity = Alert.Severity.UNSPECIFIED; + private AlertSeverity severity = AlertSeverity.UNSPECIFIED; @Column(nullable = false) private String type; @@ -67,7 +69,7 @@ public abstract class Baseline extends UserDefinedEntity { * Gets the baseline severity. * @return the severity */ - public Alert.Severity getSeverity() { + public AlertSeverity getSeverity() { return severity; } @@ -75,7 +77,7 @@ public abstract class Baseline extends UserDefinedEntity { * Sets the severity of alerts raised by this baseline. * @param severity The desired severity of alerts raised by this baseline */ - public void setSeverity(final Alert.Severity severity) { + public void setSeverity(final AlertSeverity severity) { this.severity = severity; } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java index d952f968..2495f1c9 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import hirs.persist.RepositoryManager; import hirs.repository.Repository; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java similarity index 51% rename from HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java index 1c891b2f..e4437b36 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java @@ -1,9 +1,4 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package hirs.data.persist; +package hirs.data.persist.baseline; import java.util.List; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java index 876f5be7..a7eac810 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -13,6 +13,7 @@ import javax.persistence.Table; import javax.persistence.Transient; import com.google.common.base.Preconditions; +import hirs.data.persist.Digest; /** * An IMABaselineRecord represents a single entry in an diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java index 920efbb2..80ec3f48 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java @@ -1,6 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.persist.ImaBaselineRecordManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java index 30b0ee8a..809b2a2c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.persist.ImaBaselineRecordManager; import org.hibernate.annotations.Type; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java index 0948404d..5adb5c53 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java @@ -1,7 +1,10 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; +import hirs.data.persist.ImaBlacklistRecord; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaBlacklistRecordMatcher; import hirs.persist.ImaBaselineRecordManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java index b2b20e16..6eb919b8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java @@ -3,11 +3,14 @@ * To change this template file, choose Tools | Templates * and open the template in the editor. */ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; +import hirs.data.persist.ImaIgnoreSetRecord; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaIgnoreSetRecordMatcher; import hirs.persist.ImaBaselineRecordManager; @@ -202,7 +205,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline { * @return * returns true is the record was added to the list, false if not */ - final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) { + public final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) { if (record == null) { LOGGER.error("invalid parameter (NULL value) " + "passed to ImaIgnoreSetBaseline.addOnlyToBaseline"); @@ -227,7 +230,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline { * record to remove * @return a boolean indicating if the removal was successful */ - final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) { + public final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) { return imaIgnoreSetRecords.remove(record); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java index 2ad3ea45..cbe27224 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java @@ -1,6 +1,9 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.google.common.base.Preconditions; +import hirs.data.persist.Digest; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.ima.matching.ImaAcceptableHashRecordMatcher; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java similarity index 98% rename from HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java index 137484bb..447081a1 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java @@ -1,7 +1,9 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaAcceptableHashRecordMatcher; import hirs.ima.matching.ImaAcceptablePathAndHashRecordMatcher; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java similarity index 75% rename from HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java index 71b97263..9558c1d7 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java @@ -1,5 +1,13 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.Digest; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.TPMMeasurementRecord; +import hirs.data.persist.info.RIMInfo; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -23,14 +31,12 @@ import java.util.Set; public abstract class TPMBaseline extends Baseline { private static final Logger LOGGER = LogManager.getLogger(TPMBaseline.class); - private static final String NOT_SPECIFIED = "Not Specified"; @ElementCollection(fetch = FetchType.EAGER) @CollectionTable(name = "TPMBaselineRecords", joinColumns = { @JoinColumn(name = "BaselineID", nullable = false) }) private final Set pcrRecords = new LinkedHashSet<>(); - @Embedded private FirmwareInfo firmwareInfo; @@ -43,6 +49,8 @@ public abstract class TPMBaseline extends Baseline { @Embedded private TPMInfo tpmInfo; + @Embedded + private RIMInfo rimInfo; /** * Creates a new TPMBaseline with no valid PCR entries and no device-specific PCRs. @@ -63,48 +71,14 @@ public abstract class TPMBaseline extends Baseline { initDeviceInfo(); } - - private void initDeviceInfo() { - initFirmwareInfo(); - initHardwareInfo(); - initOSInfo(); - initTPMInfo(); - } - - /** - * Creates default FirmwareInfo object. - */ - private void initFirmwareInfo() { firmwareInfo = new FirmwareInfo(); + hardwareInfo = new HardwareInfo(); + osInfo = new OSInfo(); + tpmInfo = new TPMInfo(); + rimInfo = new RIMInfo(); } - - /** - * Creates default HardwareInfo object. - */ - private void initHardwareInfo() { - hardwareInfo = - new HardwareInfo(); - } - - /** - * Creates default OSInfo object. - */ - private void initOSInfo() { - osInfo = - new OSInfo(); - } - - /** - * Creates default TPMInfo object. - */ - private void initTPMInfo() { - tpmInfo = - new TPMInfo(); - } - - /** * Retrieves the FirmwareInfo for this TPMBaseline. * @return FirmwareInfo @@ -115,7 +89,7 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the HardwareInfo for this TPMBaseline. - * @return FirmwareInfo + * @return HardwareInfo */ public final HardwareInfo getHardwareInfo() { return hardwareInfo; @@ -123,7 +97,7 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the OSInfo for this TPMBaseline. - * @return FirmwareInfo + * @return OSInfo */ public final OSInfo getOSInfo() { return osInfo; @@ -131,12 +105,20 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the TPMInfo for this TPMBaseline. - * @return FirmwareInfo + * @return TPMInfo */ public final TPMInfo getTPMInfo() { return tpmInfo; } + /** + * Retrieves the RIMInfo for this TPMBaseline. + * @return an instance of RIMInfo + */ + public final RIMInfo getRIMInfo() { + return rimInfo; + } + /** * Copy the Firmware data from another object. If null, the default * FirmwareInfo data will be used. @@ -144,7 +126,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setFirmwareInfo(final FirmwareInfo firmwareInfo) { if (firmwareInfo == null) { - initFirmwareInfo(); + this.firmwareInfo = new FirmwareInfo(); } else { this.firmwareInfo = firmwareInfo; } @@ -157,7 +139,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setHardwareInfo(final HardwareInfo hardwareInfo) { if (hardwareInfo == null) { - initHardwareInfo(); + this.hardwareInfo = new HardwareInfo(); } else { this.hardwareInfo = hardwareInfo; } @@ -170,7 +152,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setOSInfo(final OSInfo osInfo) { if (osInfo == null) { - initOSInfo(); + this.osInfo = new OSInfo(); } else { this.osInfo = osInfo; } @@ -183,7 +165,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setTPMInfo(final TPMInfo tpmInfo) { if (tpmInfo == null) { - initTPMInfo(); + this.tpmInfo = new TPMInfo(); } else { this.tpmInfo = tpmInfo; } @@ -227,9 +209,6 @@ public abstract class TPMBaseline extends Baseline { * @return true if measurement record is found in list, otherwise false */ public final boolean isInBaseline(final TPMMeasurementRecord record) { - if (record == null) { - return false; - } return pcrRecords.contains(record); } @@ -244,7 +223,7 @@ public abstract class TPMBaseline extends Baseline { LOGGER.debug("adding record {} to baseline {}", record, getName()); if (record == null) { LOGGER.error("null record"); - throw new NullPointerException("record"); + throw new NullPointerException("TPMMeasurementRecord"); } if (pcrRecords.contains(record)) { @@ -268,7 +247,7 @@ public abstract class TPMBaseline extends Baseline { public final boolean removeFromBaseline(final TPMMeasurementRecord record) { LOGGER.debug("removing record {} from baseline {}", record, getName()); if (record == null) { - LOGGER.error("null record"); + LOGGER.error("null record can not be removed"); return false; } @@ -283,25 +262,27 @@ public abstract class TPMBaseline extends Baseline { */ public boolean isEmpty() { LOGGER.debug("Check for empty baseline"); - return (firmwareInfo.getBiosReleaseDate().equals(NOT_SPECIFIED) - && firmwareInfo.getBiosVendor().equals(NOT_SPECIFIED) - && firmwareInfo.getBiosVersion().equals(NOT_SPECIFIED) - && hardwareInfo.getBaseboardSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getChassisSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getManufacturer().equals(NOT_SPECIFIED) - && hardwareInfo.getProductName().equals(NOT_SPECIFIED) - && hardwareInfo.getSystemSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getVersion().equals(NOT_SPECIFIED) - && osInfo.getDistribution().equals(NOT_SPECIFIED) - && osInfo.getDistributionRelease().equals(NOT_SPECIFIED) - && osInfo.getOSArch().equals(NOT_SPECIFIED) - && osInfo.getOSName().equals(NOT_SPECIFIED) - && osInfo.getOSVersion().equals(NOT_SPECIFIED) - && tpmInfo.getTPMMake().equals(NOT_SPECIFIED) + return (firmwareInfo.getBiosReleaseDate().equals(DeviceInfoReport.NOT_SPECIFIED) + && firmwareInfo.getBiosVendor().equals(DeviceInfoReport.NOT_SPECIFIED) + && firmwareInfo.getBiosVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getBaseboardSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getChassisSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getProductName().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getSystemSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getDistribution().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getDistributionRelease().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSArch().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSName().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && tpmInfo.getTPMMake().equals(DeviceInfoReport.NOT_SPECIFIED) && tpmInfo.getTPMVersionMajor() == 0 && tpmInfo.getTPMVersionMinor() == 0 && tpmInfo.getTPMVersionRevMajor() == 0 && tpmInfo.getTPMVersionRevMinor() == 0 + && rimInfo.getRimManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED) + && rimInfo.getModel().equals(DeviceInfoReport.NOT_SPECIFIED) && pcrRecords.isEmpty()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java index 6dc20c02..538a75d9 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java index 781fa2a8..2aef3e01 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import javax.persistence.Entity; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java index cebc0412..1c9ed43c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import javax.persistence.Entity; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java index d8c5fb02..473be322 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import hirs.persist.RepositoryManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java new file mode 100644 index 00000000..2c222e8a --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java @@ -0,0 +1,4 @@ +/** + * This package contains a set of classes for accessing baseline code. + */ +package hirs.data.persist.baseline; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java index 4b9c5258..820439ab 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java @@ -314,9 +314,10 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { asn1In = new ASN1InputStream(ec.getEncoded()); ASN1Primitive obj = asn1In.readObject(); + ASN1Sequence seq; while (obj != null) { - ASN1Sequence seq = ASN1Sequence.getInstance(obj); + seq = ASN1Sequence.getInstance(obj); parseSequence(seq, false, null); obj = asn1In.readObject(); } @@ -328,10 +329,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } } + String oid; + Object value; // unpack fields from parsedFields and set field values for (Map.Entry entry : parsedFields.entrySet()) { - String oid = entry.getKey(); - Object value = entry.getValue(); + oid = entry.getKey(); + value = entry.getValue(); if (oid.equals(TPM_MODEL)) { model = value.toString(); LOGGER.debug("Found TPM Model: " + model); @@ -415,10 +418,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); // Iterate through remaining fields to set optional attributes + int tag; + DERTaggedObject obj; for (int i = seqPosition; i < seq.size(); i++) { if (seq.getObjectAt(i) instanceof DERTaggedObject) { - DERTaggedObject obj = (DERTaggedObject) seq.getObjectAt(i); - int tag = obj.getTagNo(); + obj = (DERTaggedObject) seq.getObjectAt(i); + tag = obj.getTagNo(); if (tag == EK_TYPE_TAG) { int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue(); if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) { @@ -523,8 +528,9 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { // parseSequences in the future ASN1Set set = (ASN1Set) component; Enumeration setContents = set.getObjects(); + ASN1Encodable subComp; while (setContents.hasMoreElements()) { - ASN1Encodable subComp = (ASN1Encodable) setContents.nextElement(); + subComp = (ASN1Encodable) setContents.nextElement(); if (subComp instanceof ASN1ObjectIdentifier) { LOGGER.warn("OID in top level of ASN1Set"); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java new file mode 100644 index 00000000..3af00bf6 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java @@ -0,0 +1,65 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'severity' of the Alert, which is a string enumeration + * representing the predicted importance of the problem identified. + * + * A constructor with the enum is used to set a criticality number for each + * severity level. Severity levels can be compared against each other by using + * the getCriticality method. + * + */ +@XmlType(name = "AlertSeverity") +public enum AlertSeverity { + + /** + * Used for situations where Severity remains to be implemented or the exact + * level has not been determined for a specific use case. + */ + UNSPECIFIED(5), + /** + * Equivalent to "Ignore" or "Quiet". This is not used for general logging, + * but for Alert level messages that, in specific cases, are not applicable + * or can be or need to be ignored. + */ + INFO(10), + /** + * Applies to a non-system critical file or condition. + */ + LOW(15), + /** + * Involves a stable or system-critical file or a stable PCR value. + */ + HIGH(25), + /** + * Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious + * intent that an automated response, such as network disconnection, is + * warranted. + */ + SEVERE(30); + + /** + * Criticality number assigned to a severity level. + */ + private int criticality; + + /** + * Constructor used to set the criticality level. + * + * @param c criticality level + */ + AlertSeverity(final int c) { + criticality = c; + } + + /** + * Return criticality level assigned to severity level. + * + * @return criticality level + */ + public int getCriticality() { + return criticality; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java new file mode 100644 index 00000000..92be72b0 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java @@ -0,0 +1,43 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'source' of the Alert, which is a string enumeration + * representing the component within the HIRS system that caused the + * Alert to be generated. For example, if a record mismatch is + * detected by the IMAAppraiser, the source of the + * Alert will be "IMAAppraiser". In some cases the class name may + * be used, and in other cases a more abstract name may be used to provide + * clarity to the user, such as the REPORT_PROCESSOR type, which + * can come from the SOAPMessageProcessor, the + * SOAPReportProcessor, or the HIRSAppraiser. + */ +@XmlType(name = "AlertSource") +public enum AlertSource { + + /** + * The alerts generated from an unspecified source. + */ + UNSPECIFIED, + /** + * Alerts generated within SOAPMessageProcessor, + * SOAPReportProcessor, or HIRSAppraiser will all + * use the same source. This makes sense right now because those Alerts will + * all be related to Reports that do not match the expected + * format. + */ + REPORT_PROCESSOR, + /** + * Alerts generated within the IMAAppraiser. + */ + IMA_APPRAISER, + /** + * Alerts generated within the TPMAppraiser. + */ + TPM_APPRAISER, + /** + * Alerts generated within OnDemandReportRequestManager. + */ + REPORT_REQUESTOR +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java new file mode 100644 index 00000000..ac0dbdc5 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java @@ -0,0 +1,110 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'type' of the Alert, which is the category of problem identified by the + * 'source'. + */ +@XmlType(name = "AlertType") +public enum AlertType { + + /** + * The alert type has not been specified. + */ + UNSPECIFIED, + /** + * The Report does not contain the necessary elements or it + * contains certain unnecessary elements. + */ + MALFORMED_REPORT, + /** + * The Report does not contain the correct + * TPMMeasurementRecords or the PCR values are not correct. + */ + WHITE_LIST_PCR_MISMATCH, + /** + * The Report contains a TPMMeasurementRecord + * matching a TPM BlackList. + */ + BLACK_LIST_PCR_MATCH, + /** + * The TPMReport does not contain a valid nonce. + */ + INVALID_NONCE, + /** + * The TPMReport does not contain a valid TPM Quote (PCR + * Digest). + */ + INVALID_TPM_QUOTE, + /** + * The TPMReport does not contain a valid signature. + */ + INVALID_SIGNATURE, + /** + * The TPMReport does not contain a valid certificate. + */ + INVALID_CERTIFICATE, + /** + * The IMAReport contains a whitelist hash mismatch. + */ + WHITELIST_MISMATCH, + /** + * The IMAReport contains a required set hash mismatch. + */ + REQUIRED_SET_MISMATCH, + /** + * The Report is missing a required record. + */ + MISSING_RECORD, + /** + * The IMAReport contains an unknown filepath. + */ + UNKNOWN_FILE, + /** + * The client's ReportRequest query messages missing. + */ + REPORT_REQUESTS_MISSING, + /** + * Client periodic IntegrityReport missing. + */ + PERIODIC_REPORT_MISSING, + /** + * On-demand IntegrityReport missing. + */ + ON_DEMAND_REPORT_MISSING, + /** + * The client sent a report that indicates IMA was not enabled correctly. + */ + IMA_MISCONFIGURED, + /** + * PCR mismatches and device info changes indicated a kernel update. + */ + KERNEL_UPDATE_DETECTED, + /** + * The Report does not contain the correct + * TPMMeasurementRecords associated with IMA measurements. + */ + IMA_PCR_MISMATCH, + /** + * Indicates an IMA measurement had a path which matched an entry in a + * blacklist baseline. + */ + IMA_BLACKLIST_PATH_MATCH, + /** + * Indicates an IMA measurement had a hash which matched an entry in a + * blacklist baseline. + */ + IMA_BLACKLIST_HASH_MATCH, + /** + * Indicates an IMA measurement had both a path and hash which matched an + * entry in a blacklist baseline. + */ + IMA_BLACKLIST_PATH_AND_HASH_MATCH, + /** + * Indicates an IMA measurement had a path that matched an entry in a + * blacklist baseline, and also had a hash that matched another entry in the + * same (or another) baseline. + */ + IMA_BLACKLIST_MIXED_MATCH +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java similarity index 90% rename from HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java index 4425f252..01166731 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enum used to represent certificate validation status. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java new file mode 100644 index 00000000..4cec6e03 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java @@ -0,0 +1,88 @@ +package hirs.data.persist.enums; + +/** + * Identifies the type of component. + */ +public enum ComponentType { + + /** + * Baseboard. + */ + BASEBOARD(Values.BASEBOARD), + /** + * BIOS or UEFI. + */ + BIOS_UEFI(Values.BIOS_UEFI), + /** + * Chassis. + */ + CHASSIS(Values.CHASSIS), + /** + * Hard Drive. + */ + HARD_DRIVE(Values.HARD_DRIVE), + /** + * Memory. + */ + MEMORY(Values.MEMORY), + /** + * Network Interface Card. + */ + NIC(Values.NIC), + /** + * Processor. + */ + PROCESSOR(Values.PROCESSOR); + + /** + * Constructor. + * + * @param val string value + */ + ComponentType(final String val) { + if (!this.name().equals(val)) { + throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum"); + } + } + + /** + * String values for use in {@link ComponentTypeEnum}. + */ + public static class Values { + + /** + * Baseboard. + */ + public static final String BASEBOARD = "BASEBOARD"; + + /** + * BIOS or UEFI. + */ + public static final String BIOS_UEFI = "BIOS_UEFI"; + + /** + * Chassis. + */ + public static final String CHASSIS = "CHASSIS"; + + /** + * Hard Drive. + */ + public static final String HARD_DRIVE = "HARD_DRIVE"; + + /** + * Memory. + */ + public static final String MEMORY = "MEMORY"; + + /** + * Network Interface Card. + */ + public static final String NIC = "NIC"; + + /** + * Processor. + */ + public static final String PROCESSOR = "PROCESSOR"; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java index a2498002..0e968ca8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java @@ -1,4 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.enums; + +import hirs.data.persist.AbstractDigest; +import hirs.data.persist.DeviceInfoReport; /** * Enum of digest algorithms. The enum values also provide a standardized @@ -29,7 +32,12 @@ public enum DigestAlgorithm { /** * SHA-512 digest algorithm. */ - SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH); + SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH), + /** + * Condition used when an algorithm is not specified and + * the size doesn't match known digests. + */ + UNSPECIFIED(DeviceInfoReport.NOT_SPECIFIED, Integer.BYTES); private final String standardAlgorithmName; @@ -52,7 +60,7 @@ public enum DigestAlgorithm { * * @return standard Java algorithm name */ - String getStandardAlgorithmName() { + public String getStandardAlgorithmName() { return this.standardAlgorithmName; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java index be3fd764..679f443c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enumeration identifying the different outcomes of a comparison between diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java similarity index 91% rename from HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java index eb0ea99b..dad62618 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * State capturing if a record was examined during appraisal or not. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java index aeae9c60..b67c8da6 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * HealthStatus is used to represent the health of a device. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OSName.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java similarity index 90% rename from HIRS_Utils/src/main/java/hirs/data/persist/OSName.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java index 7a365c88..0c84bf52 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OSName.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enum used to represent operating system names. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java new file mode 100644 index 00000000..e81767a3 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java @@ -0,0 +1,16 @@ +package hirs.data.persist.enums; + +/** + * Schemes used by the HIRS Portal. + */ +public enum PortalScheme { + + /** + * HTTP. + */ + HTTP, + /** + * HTTPS. + */ + HTTPS; +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java similarity index 93% rename from HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java index ca5cfce8..853189a0 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * This enum represents the result of a search for a record in a baseline. @@ -20,5 +20,4 @@ public enum ReportMatchStatus { * Indicates the baseline has no entries matching the file path. */ UNKNOWN - } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java new file mode 100644 index 00000000..07d3c65e --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java @@ -0,0 +1,4 @@ +/** + * This package contains a set of classes for accessing enums used by data persist. + */ +package hirs.data.persist.enums; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java similarity index 86% rename from HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java index 2805a6ce..fb0df5d4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold BIOS/UEFI Component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BIOS_UEFI) +@DiscriminatorValue(value = ComponentType.Values.BIOS_UEFI) public class BIOSComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java index e44fc0b7..aa7d2eb8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold information about baseboard components. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BASEBOARD) +@DiscriminatorValue(value = ComponentType.Values.BASEBOARD) public class BaseboardComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java index edded09b..075e8d84 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold chassis component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.CHASSIS) +@DiscriminatorValue(value = ComponentType.Values.CHASSIS) public class ChassisComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java similarity index 73% rename from HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java index d4af44de..8a493e16 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.info; import org.apache.commons.lang3.StringUtils; import org.hibernate.annotations.DiscriminatorOptions; @@ -25,96 +25,6 @@ import java.util.Objects; @DiscriminatorOptions(force = true) public class ComponentInfo implements Serializable { - /** - * Identifies the type of component. - */ - public enum ComponentTypeEnum { - /** - * Baseboard. - */ - BASEBOARD(Values.BASEBOARD), - - /** - * BIOS or UEFI. - */ - BIOS_UEFI(Values.BIOS_UEFI), - - /** - * Chassis. - */ - CHASSIS(Values.CHASSIS), - - /** - * Hard Drive. - */ - HARD_DRIVE(Values.HARD_DRIVE), - - /** - * Memory. - */ - MEMORY(Values.MEMORY), - - /** - * Network Interface Card. - */ - NIC(Values.NIC), - - /** - * Processor. - */ - PROCESSOR(Values.PROCESSOR); - - /** - * Constructor. - * @param val string value - */ - ComponentTypeEnum(final String val) { - if (!this.name().equals(val)) { - throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum"); - } - } - - /** - * String values for use in {@link ComponentTypeEnum}. - */ - public static class Values { - /** - * Baseboard. - */ - public static final String BASEBOARD = "BASEBOARD"; - - /** - * BIOS or UEFI. - */ - public static final String BIOS_UEFI = "BIOS_UEFI"; - - /** - * Chassis. - */ - public static final String CHASSIS = "CHASSIS"; - - /** - * Hard Drive. - */ - public static final String HARD_DRIVE = "HARD_DRIVE"; - - /** - * Memory. - */ - public static final String MEMORY = "MEMORY"; - - /** - * Network Interface Card. - */ - public static final String NIC = "NIC"; - - /** - * Processor. - */ - public static final String PROCESSOR = "PROCESSOR"; - } - } - @Id @Column(name = "componentInfo_id") @GeneratedValue(strategy = GenerationType.AUTO) diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java index 4a95a8f5..1dc594ba 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import javax.persistence.Column; @@ -10,19 +11,17 @@ import java.io.Serializable; * Used for representing the firmware info of a device, such as the BIOS information. */ public class FirmwareInfo implements Serializable { - private static final int SHORT_STRING_LENGTH = 32; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String biosVendor; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String biosVersion; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false) private final String biosReleaseDate; /** @@ -35,13 +34,13 @@ public class FirmwareInfo implements Serializable { public FirmwareInfo(final String biosVendor, final String biosVersion, final String biosReleaseDate) { this.biosVendor = StringValidator.check(biosVendor, "biosVendor") - .notBlank().maxLength(LONG_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); this.biosVersion = StringValidator.check(biosVersion, "biosVersion") - .notBlank().maxLength(LONG_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); this.biosReleaseDate = StringValidator.check(biosReleaseDate, "biosReleaseDate") - .notBlank().maxLength(SHORT_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java index b55cd3d0..ad315367 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold hard drive component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.HARD_DRIVE) +@DiscriminatorValue(value = ComponentType.Values.HARD_DRIVE) public class HardDriveComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java similarity index 84% rename from HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java index 2bbca81b..dc68857e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import org.apache.commons.lang3.StringUtils; @@ -14,31 +15,29 @@ import java.util.Objects; */ @Embeddable public class HardwareInfo implements Serializable { - private static final int SHORT_STRING_LENGTH = 64; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String manufacturer = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String productName = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) private String version = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String systemSerialNumber = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String chassisSerialNumber = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String baseboardSerialNumber = DeviceInfoReport.NOT_SPECIFIED; /** @@ -61,33 +60,35 @@ public class HardwareInfo implements Serializable { ) { if (!StringUtils.isBlank(manufacturer)) { this.manufacturer = StringValidator.check(manufacturer, "manufacturer") - .maxLength(LONG_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(productName)) { this.productName = StringValidator.check(productName, "productName") - .maxLength(LONG_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(version)) { this.version = StringValidator.check(version, "version") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); } if (!StringUtils.isBlank(systemSerialNumber)) { this.systemSerialNumber = StringValidator.check(systemSerialNumber, - "systemSerialNumber").maxLength(LONG_STRING_LENGTH).get(); + "systemSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(chassisSerialNumber)) { this.chassisSerialNumber = StringValidator.check(chassisSerialNumber, - "chassisSerialNumber").maxLength(LONG_STRING_LENGTH).get(); + "chassisSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(baseboardSerialNumber)) { this.baseboardSerialNumber = StringValidator.check( - baseboardSerialNumber, "baseboardSerialNumber" - ).maxLength(LONG_STRING_LENGTH).get(); + baseboardSerialNumber, "baseboardSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java index 948b58f7..977caccc 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold memory component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.MEMORY) +@DiscriminatorValue(value = ComponentType.Values.MEMORY) public class MemoryComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java index 05a864a7..f437f41c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold Network Interface Card (NIC) component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.NIC) +@DiscriminatorValue(value = ComponentType.Values.NIC) public class NICComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java index d1f15c24..d2f2475f 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.InetAddressXmlAdapter; import java.io.Serializable; import java.net.InetAddress; import java.util.Arrays; @@ -22,19 +24,15 @@ public class NetworkInfo implements Serializable { private static final Logger LOGGER = LogManager .getLogger(NetworkInfo.class); - private static final int LONG_STRING_LENGTH = 255; - private static final int SHORT_STRING_LENGTH = 32; private static final int NUM_MAC_ADDRESS_BYTES = 6; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = true) - @SuppressWarnings("checkstyle:magicnumber") + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = true) private String hostname; @XmlElement @XmlJavaTypeAdapter(value = InetAddressXmlAdapter.class) - @SuppressWarnings("checkstyle:magicnumber") - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) @Type(type = "hirs.data.persist.type.InetAddressType") private InetAddress ipAddress; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java similarity index 87% rename from HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java index 0c24fc23..37f51af6 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -15,27 +16,25 @@ import java.io.Serializable; @Embeddable public class OSInfo implements Serializable { private static final Logger LOGGER = LogManager.getLogger(OSInfo.class); - private static final int SHORT_STRING_LENGTH = 32; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String osName; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String osVersion; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false) private final String osArch; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) private final String distribution; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) private final String distributionRelease; /** @@ -61,24 +60,24 @@ public class OSInfo implements Serializable { final String distributionRelease) { LOGGER.debug("setting OS name information to: {}", osName); this.osName = StringValidator.check(osName, "osName") - .notNull().maxLength(LONG_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); LOGGER.debug("setting OS version information to: {}", osVersion); this.osVersion = StringValidator.check(osVersion, "osVersion") - .notNull().maxLength(LONG_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); LOGGER.debug("setting OS arch information to: {}", osArch); this.osArch = StringValidator.check(osArch, "osArch") - .notNull().maxLength(SHORT_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); LOGGER.debug("setting OS distribution information to: {}", distribution); this.distribution = StringValidator.check(distribution, "distribution") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); LOGGER.debug("setting OS distribution release information to: {}", distributionRelease); this.distributionRelease = StringValidator.check(distributionRelease, "distributionRelease") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java similarity index 91% rename from HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java index ccb266f8..b13eae49 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.PortalScheme; import java.net.InetAddress; import java.net.UnknownHostException; import javax.persistence.Access; @@ -18,20 +19,6 @@ import javax.persistence.Table; @Table(name = "PortalInfo") @Access(AccessType.FIELD) public class PortalInfo { - /** - * Schemes used by the HIRS Portal. - */ - public enum Scheme { - /** - * HTTP. - */ - HTTP, - /** - * HTTPS. - */ - HTTPS; - } - @Id @Column @GeneratedValue(strategy = GenerationType.AUTO) @@ -60,7 +47,7 @@ public class PortalInfo { * * @param scheme Name of the portal. */ - public final void setSchemeName(final PortalInfo.Scheme scheme) { + public final void setSchemeName(final PortalScheme scheme) { if (scheme == null) { throw new NullPointerException("Scheme cannot be null"); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java index 5bcaae03..fffd5044 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold processor component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.PROCESSOR) +@DiscriminatorValue(value = ComponentType.Values.PROCESSOR) public class ProcessorComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java new file mode 100644 index 00000000..15774474 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java @@ -0,0 +1,138 @@ +package hirs.data.persist.info; + +import hirs.data.persist.DeviceInfoReport; +import hirs.utils.StringValidator; +import java.io.Serializable; +import javax.persistence.Column; +import javax.persistence.Embeddable; +import javax.xml.bind.annotation.XmlElement; + +/** + * + */ +@Embeddable +public class RIMInfo implements Serializable { + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String rimManufacturer; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String model; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String fileHash; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String pcrHash; + + /** + * Constructor for the initial values of the class. + * @param rimManufacturer string of the rimManufacturer + * @param model string of the model + * @param fileHash string of the file hash + * @param pcrHash string of the pcr hash + */ + public RIMInfo(final String rimManufacturer, final String model, + final String fileHash, final String pcrHash) { + this.rimManufacturer = StringValidator.check(rimManufacturer, "rimManufacturer") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.model = StringValidator.check(model, "model") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.fileHash = StringValidator.check(fileHash, "fileHash") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.pcrHash = StringValidator.check(pcrHash, "pcrHash") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + } + + /** + * Default no parameter constructor. + */ + public RIMInfo() { + this(DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED, + DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED); + } + + /** + * Getter for the rimManufacturer string. + * @return string of the rimManufacturer. + */ + public final String getRimManufacturer() { + return this.rimManufacturer; + } + + /** + * Getter for the model string. + * @return of the model string + */ + public final String getModel() { + return this.model; + } + + /** + * Getter for the file hash string. + * @return fileHash string + */ + public String getFileHash() { + return fileHash; + } + + /** + * Getter for the pcr hash. + * @return pcrhash string + */ + public String getPcrHash() { + return pcrHash; + } + + @Override + public String toString() { + return String.format("%s, %s, %s, %s", rimManufacturer, model, + fileHash, pcrHash); + } + + @Override + public final boolean equals(final Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof RIMInfo)) { + return false; + } + RIMInfo other = (RIMInfo) obj; + + if (rimManufacturer != null && !rimManufacturer.equals(other.rimManufacturer)) { + return false; + } + if (model != null && !model.equals(other.model)) { + return false; + } + if (fileHash != null && !fileHash.equals(other.fileHash)) { + return false; + } + if (pcrHash != null && !pcrHash.equals(other.pcrHash)) { + return false; + } + + return true; + } + + @Override + public final int hashCode() { + final int prime = 31; + int result = 1; + + result = prime * result + rimManufacturer.hashCode(); + result = prime * result + model.hashCode(); + result = prime * result + fileHash.hashCode(); + result = prime * result + pcrHash.hashCode(); + + return result; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java index 9f3f13c9..5e672956 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java @@ -1,6 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.info; import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.X509CertificateAdapter; import java.io.Serializable; import java.security.cert.X509Certificate; @@ -22,10 +24,9 @@ import org.hibernate.annotations.Type; @Embeddable public class TPMInfo implements Serializable { private static final Logger LOGGER = LogManager.getLogger(TPMInfo.class); - private static final int STRING_LENGTH = 64; @XmlElement - @Column(length = STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = true) private String tpmMake; @XmlElement @@ -226,7 +227,7 @@ public class TPMInfo implements Serializable { private void setTPMMake(final String tpmMake) { LOGGER.debug("setting TPM make info: {}", tpmMake); this.tpmMake = StringValidator.check(tpmMake, "tpmMake") - .notNull().maxLength(STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); } private void setTPMVersionMajor(final short tpmVersionMajor) { diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java new file mode 100644 index 00000000..53e61619 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java @@ -0,0 +1,5 @@ +/** + * This package contains a set of classes for accessing info classes used by data persist. + */ +package hirs.data.persist.info; + diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java b/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java index 5f4d4a42..f551350d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java @@ -1,7 +1,7 @@ package hirs.data.persist.tpm; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.data.persist.TPMMeasurementRecord; import javax.persistence.AttributeOverride; diff --git a/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java index 1dcab211..9bc11d2b 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java @@ -1,17 +1,17 @@ package hirs.ima; import hirs.data.persist.Digest; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.ImaIgnoreSetRecord; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.tpm.TPMBaselineGenerator.TPMBaselineFields; import org.apache.commons.codec.binary.Hex; @@ -131,28 +131,28 @@ public final class CSVGenerator { // Add device info records to the map HashMap map = new HashMap(); final FirmwareInfo firmwareInfo = tpmBaseline.getFirmwareInfo(); - map.put(TPMBaselineFields.biosvendor, firmwareInfo.getBiosVendor()); - map.put(TPMBaselineFields.biosversion, firmwareInfo.getBiosVersion()); - map.put(TPMBaselineFields.biosreleasedate, firmwareInfo.getBiosReleaseDate()); + map.put(TPMBaselineFields.BIOS_VENDOR, firmwareInfo.getBiosVendor()); + map.put(TPMBaselineFields.BIOS_VERSION, firmwareInfo.getBiosVersion()); + map.put(TPMBaselineFields.BIOS_RELEASE_DATE, firmwareInfo.getBiosReleaseDate()); final HardwareInfo hardwareInfo = tpmBaseline.getHardwareInfo(); - map.put(TPMBaselineFields.manufacturer, hardwareInfo.getManufacturer()); - map.put(TPMBaselineFields.productname, hardwareInfo.getProductName()); - map.put(TPMBaselineFields.version, hardwareInfo.getVersion()); - map.put(TPMBaselineFields.systemserialnumber, hardwareInfo.getSystemSerialNumber()); - map.put(TPMBaselineFields.chassisserialnumber, hardwareInfo.getChassisSerialNumber()); - map.put(TPMBaselineFields.baseboardserialnumber, hardwareInfo.getBaseboardSerialNumber()); + map.put(TPMBaselineFields.MANUFACTURER, hardwareInfo.getManufacturer()); + map.put(TPMBaselineFields.PRODUCT_NAME, hardwareInfo.getProductName()); + map.put(TPMBaselineFields.VERSION, hardwareInfo.getVersion()); + map.put(TPMBaselineFields.SYSTEM_SERIAL_NUMBER, hardwareInfo.getSystemSerialNumber()); + map.put(TPMBaselineFields.CHASSIS_SERIAL_NUMBER, hardwareInfo.getChassisSerialNumber()); + map.put(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER, hardwareInfo.getBaseboardSerialNumber()); final OSInfo osInfo = tpmBaseline.getOSInfo(); - map.put(TPMBaselineFields.osname, osInfo.getOSName()); - map.put(TPMBaselineFields.osversion, osInfo.getOSVersion()); - map.put(TPMBaselineFields.osarch, osInfo.getOSArch()); - map.put(TPMBaselineFields.distribution, osInfo.getDistribution()); - map.put(TPMBaselineFields.distributionrelease, osInfo.getDistributionRelease()); + map.put(TPMBaselineFields.OS_NAME, osInfo.getOSName()); + map.put(TPMBaselineFields.OS_VERSION, osInfo.getOSVersion()); + map.put(TPMBaselineFields.OS_ARCH, osInfo.getOSArch()); + map.put(TPMBaselineFields.DISTRIBUTION, osInfo.getDistribution()); + map.put(TPMBaselineFields.DISTRIBUTION_RELEASE, osInfo.getDistributionRelease()); final TPMInfo tpmInfo = tpmBaseline.getTPMInfo(); - map.put(TPMBaselineFields.tpmmake, tpmInfo.getTPMMake()); - map.put(TPMBaselineFields.tpmversionmajor, "" + tpmInfo.getTPMVersionMajor()); - map.put(TPMBaselineFields.tpmversionminor, "" + tpmInfo.getTPMVersionMinor()); - map.put(TPMBaselineFields.tpmversionrevmajor, "" + tpmInfo.getTPMVersionRevMajor()); - map.put(TPMBaselineFields.tpmversionrevminor, "" + tpmInfo.getTPMVersionRevMinor()); + map.put(TPMBaselineFields.TPM_MAKE, tpmInfo.getTPMMake()); + map.put(TPMBaselineFields.TPM_VERSION_MAJOR, "" + tpmInfo.getTPMVersionMajor()); + map.put(TPMBaselineFields.TPM_VERSION_MINOR, "" + tpmInfo.getTPMVersionMinor()); + map.put(TPMBaselineFields.TPM_VERSION_REV_MAJOR, "" + tpmInfo.getTPMVersionRevMajor()); + map.put(TPMBaselineFields.TPM_VERSION_REV_MINOR, "" + tpmInfo.getTPMVersionRevMinor()); // Add device info records to the CSV file sb.append(TPMBaselineFields.toCSV(map)); diff --git a/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java index 8fa3aa16..ac70f4a7 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java @@ -3,7 +3,7 @@ package hirs.ima; import com.google.common.base.Charsets; import com.google.common.base.Preconditions; import hirs.data.persist.Digest; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; import org.apache.commons.csv.CSVFormat; import org.apache.commons.csv.CSVParser; diff --git a/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java index a60735c9..5788b752 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java @@ -1,6 +1,6 @@ package hirs.ima; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.ImaIgnoreSetRecord; import java.io.BufferedReader; diff --git a/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java index 279654e5..68842470 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java @@ -1,11 +1,11 @@ package hirs.ima; import hirs.data.persist.IMAReport; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IntegrityReport; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java b/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java index db75e367..615d21ce 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java @@ -2,8 +2,8 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.ArrayList; import java.util.Collection; @@ -17,7 +17,7 @@ import java.util.Set; /** * This class holds the results of the appraisal of a batch of {@link IMAMeasurementRecord}s against - * one or many {@link hirs.data.persist.ImaBaseline}s. + * one or many {@link hirs.data.persist.baseline.ImaBaseline}s. * * @param the type of IMA baseline record that an instance of this class matches against */ diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java b/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java index 58294f04..dd56057e 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java @@ -1,10 +1,10 @@ package hirs.ima.matching; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collections; import java.util.HashSet; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java index ae3c3ede..f5a9990a 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java @@ -1,11 +1,11 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collection; import java.util.Set; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java index 5b91adf6..1eba0a1d 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java @@ -1,12 +1,12 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; -import hirs.data.persist.DigestComparisonResultType; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import org.apache.logging.log4j.Logger; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java index 007ce96c..f060af72 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java @@ -1,11 +1,11 @@ package hirs.ima.matching; -import hirs.data.persist.Alert; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.ImaBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.enums.AlertType; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collection; import java.util.HashSet; @@ -81,16 +81,16 @@ public class ImaBlacklistRecordMatcher extends ImaRecordMatcher> blacklistMatches) { - Alert.AlertType type = null; + AlertType type = null; for (IMAMatchStatus match : blacklistMatches) { for (ImaBlacklistRecord blacklistRecord : match.getBaselineRecords()) { if (type == null) { type = blacklistRecord.getAlertMatchType(); } else { if (type != blacklistRecord.getAlertMatchType()) { - return Alert.AlertType.IMA_BLACKLIST_MIXED_MATCH; + return AlertType.IMA_BLACKLIST_MIXED_MATCH; } } } diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java index d3b74037..5203e838 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java @@ -2,9 +2,9 @@ package hirs.ima.matching; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.ImaBaseline; import hirs.data.persist.ImaIgnoreSetRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.utils.RegexFilePathMatcher; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java index 2e38fc4a..01e7559c 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java @@ -3,11 +3,11 @@ package hirs.ima.matching; import com.google.common.collect.ImmutableListMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.baseline.ImaBaseline; import java.util.ArrayList; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java b/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java index 5c006e96..679eeb65 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java @@ -2,11 +2,12 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; import hirs.data.persist.Report; +import hirs.data.persist.enums.AlertSource; import org.hibernate.criterion.Criterion; import java.util.Date; @@ -217,7 +218,7 @@ public interface AlertManager { * @param source counted alerts must originate from * @return count of unresolved alerts */ - int countUnresolvedAlerts(Device device, Alert.Source source); + int countUnresolvedAlerts(Device device, AlertSource source); /** * Count the total number of devices with at least one unresolved alert within the given group. diff --git a/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java b/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java index 4906d41b..7951a834 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java @@ -2,8 +2,8 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.ImaBlacklistRecord; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java index 4405fb97..cacacd2d 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java @@ -4,7 +4,7 @@ import hirs.FilteredRecordsList; import static org.apache.logging.log4j.LogManager.getLogger; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; @@ -17,6 +17,7 @@ import java.util.Map; import java.util.UUID; import hirs.data.persist.Report; +import hirs.data.persist.enums.AlertSource; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.Logger; import org.hibernate.Criteria; @@ -613,7 +614,7 @@ public class DBAlertManager extends DBManager implements AlertManager { * @param source counted alerts must originate from * @return count of unresolved alerts */ - public final int countUnresolvedAlerts(final Device device, final Alert.Source source) { + public final int countUnresolvedAlerts(final Device device, final AlertSource source) { if (device == null) { String msg = "invalid argument - null value for device"; LOGGER.error(msg); diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java index addb11e0..4cf788a3 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java @@ -2,9 +2,9 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.BroadRepoImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.BroadRepoImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.ImaBlacklistRecord; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java index 59b4ca0a..3153329e 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java @@ -2,10 +2,10 @@ package hirs.persist; import com.google.common.base.Preconditions; import hirs.appraiser.Appraiser; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; -import hirs.data.persist.HasBaselines; +import hirs.data.persist.baseline.HasBaselines; import hirs.data.persist.Policy; import java.io.Serializable; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java index df5e23c5..5e41cbdb 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java @@ -1,6 +1,7 @@ package hirs.persist; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import java.net.URI; import java.net.URISyntaxException; @@ -78,7 +79,7 @@ public class DBPortalInfoManager extends DBManager implements Portal * PortalInfo */ @Override - public final PortalInfo getPortalInfo(final PortalInfo.Scheme scheme) + public final PortalInfo getPortalInfo(final PortalScheme scheme) throws PortalInfoManagerException { LOGGER.debug("getting Portal Info: {}", scheme.name()); try { @@ -101,7 +102,7 @@ public class DBPortalInfoManager extends DBManager implements Portal * from the database */ @Override - public final boolean deletePortalInfo(final PortalInfo.Scheme scheme) + public final boolean deletePortalInfo(final PortalScheme scheme) throws PortalInfoManagerException { LOGGER.debug("deleting Portal Info: {}", scheme.name()); try { @@ -123,9 +124,9 @@ public class DBPortalInfoManager extends DBManager implements Portal try { // Prefer HIRS to use HTTPS, but check HTTP if needed - info = getPortalInfo(PortalInfo.Scheme.HTTPS); + info = getPortalInfo(PortalScheme.HTTPS); if (info == null) { - info = getPortalInfo(PortalInfo.Scheme.HTTP); + info = getPortalInfo(PortalScheme.HTTP); } } catch (Exception e) { info = null; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java index 515d5c76..76f7c729 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java @@ -1,10 +1,10 @@ package hirs.persist; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.OptionalDigest; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.utils.Callback; import hirs.utils.Job; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java index 779d1613..fa6971d0 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java @@ -3,8 +3,8 @@ package hirs.persist; import hirs.data.persist.Digest; import hirs.data.persist.ImaBlacklistRecord; import hirs.data.persist.OptionalDigest; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.utils.Callback; import hirs.utils.Job; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java index 4ce4129b..2bbbe4d8 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java @@ -5,7 +5,7 @@ import hirs.data.persist.Alert; import java.util.List; /** - * Class for managing the {@link hirs.data.persist.HealthStatus} + * Class for managing the {@link hirs.data.persist.enums.HealthStatus} * of a {@link hirs.data.persist.Device}. */ public interface DeviceHealthManager { diff --git a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java index 6f949816..a92ee314 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java @@ -3,7 +3,7 @@ package hirs.persist; import hirs.data.persist.Alert; import hirs.data.persist.Device; import hirs.data.persist.DeviceState; -import hirs.data.persist.HealthStatus; +import hirs.data.persist.enums.HealthStatus; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java index d8dab7c1..3d51e21d 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java @@ -1,9 +1,9 @@ package hirs.persist; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.utils.Callback; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java index 6ee6e753..9bda37d3 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java @@ -2,8 +2,8 @@ package hirs.persist; import hirs.data.persist.Digest; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.utils.Callback; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java b/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java index 8df6ab3e..a08f371f 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java @@ -1,6 +1,6 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.ima.IMABaselineGeneratorException; import hirs.ima.ImaIgnoreSetBaselineGenerator; import hirs.ima.ImaIgnoreSetBaselineGeneratorException; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java b/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java index 8529d40b..9207fd55 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java @@ -1,6 +1,6 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; diff --git a/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java b/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java index 9603c26c..32f76bda 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java @@ -1,7 +1,7 @@ package hirs.persist; import hirs.appraiser.Appraiser; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; diff --git a/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java b/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java index 3a6c5c4b..86dcd319 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java @@ -1,6 +1,7 @@ package hirs.persist; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; /** * A PortalInfoManager manages PortalInfo objects. A @@ -49,7 +50,7 @@ public interface PortalInfoManager { * @throws PortalInfoManagerException * if unable to retrieve the PortalInfo */ - PortalInfo getPortalInfo(PortalInfo.Scheme scheme) + PortalInfo getPortalInfo(PortalScheme scheme) throws PortalInfoManagerException; /** @@ -64,7 +65,7 @@ public interface PortalInfoManager { * if unable to delete the PortalInfo for any reason other * than not found */ - boolean deletePortalInfo(PortalInfo.Scheme scheme) + boolean deletePortalInfo(PortalScheme scheme) throws PortalInfoManagerException; /** diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 8a3a13e4..951f8cc2 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -25,7 +25,9 @@ import java.util.UUID; */ public abstract class ReferenceManifestSelector { private static final String PLATFORM_MANUFACTURER = "platformManufacturer"; + private static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId"; private static final String PLATFORM_MODEL = "platformModel"; + private static final String RIM_TYPE_FIELD = "rimType"; private final ReferenceManifestManager referenceManifestManager; @@ -81,6 +83,17 @@ public abstract class ReferenceManifestSelector { return this; } + /** + * Specify the platform manufacturer id that rims must have to be considered + * as matching. + * @param manufacturerId string for the id of the manufacturer + * @return this instance + */ + public ReferenceManifestSelector byManufacturerId(final String manufacturerId) { + setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + return this; + } + /** * Specify the platform model that rims must have to be considered * as matching. @@ -103,6 +116,16 @@ public abstract class ReferenceManifestSelector { return this; } + /** + * Specify the RIM Type to match. + * @param rimType the type of rim + * @return this instance + */ + public ReferenceManifestSelector byRimType(final String rimType) { + setFieldValue(RIM_TYPE_FIELD, rimType); + return this; + } + /** * Set a field name and value to match. * diff --git a/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java b/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java index 94a27035..74d2c954 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java +++ b/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java @@ -10,12 +10,12 @@ import hirs.appraiser.TPMAppraiser; import hirs.data.persist.DeviceGroup; import hirs.data.persist.HIRSPolicy; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.Policy; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.TPMPolicy; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.utils.HIRSProfiles; import hirs.utils.SpringContextProvider; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java b/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java index 1acedec6..e17e622f 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java +++ b/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java @@ -1,8 +1,8 @@ package hirs.repository; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.repository.measurement.PackageMeasurer; import hirs.repository.measurement.RPMMeasurer; import hirs.utils.exec.ExecBuilder; diff --git a/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java b/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java index 98718c15..fff1f741 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java +++ b/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java @@ -2,7 +2,7 @@ package hirs.repository; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.hibernate.annotations.Type; import javax.persistence.CascadeType; diff --git a/HIRS_Utils/src/main/java/hirs/repository/Repository.java b/HIRS_Utils/src/main/java/hirs/repository/Repository.java index 769cb556..aabc33e9 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/Repository.java +++ b/HIRS_Utils/src/main/java/hirs/repository/Repository.java @@ -123,7 +123,7 @@ public abstract class Repository extends UserDefinedEntit /** * This method retrieves the given package and measures its contents. The resulting * measurements are stored in the given RepoPackage objects. The measurements - * are a set of {@link hirs.data.persist.IMABaselineRecord}s + * are a set of {@link hirs.data.persist.baseline.IMABaselineRecord}s * that describe the full file paths and their hashes * that a software package contains. The software package itself will also be measured, and * the measurement will be recorded in the RepoPackage. diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java index 4b0688b6..e7349cfb 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java @@ -2,7 +2,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.repository.RPMRepoPackage; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.FileUtils; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java index 8edb9cd3..b7648311 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import java.io.File; import java.io.FileNotFoundException; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java index a2e1cc2b..b8021b26 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java @@ -4,8 +4,8 @@ import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import org.apache.commons.codec.digest.DigestUtils; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java index f855f1db..4f3ed250 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.FileUtils; diff --git a/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java index 85bf7fb4..36140ad1 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java @@ -2,18 +2,18 @@ package hirs.tpm; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.Report; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.TPMReport; -import hirs.data.persist.TpmBlackListBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmBlackListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; @@ -54,97 +54,97 @@ public class TPMBaselineGenerator { /** * FirmwareInfo's BIOS Vendor. */ - biosvendor, + BIOS_VENDOR, /** * FirmwareInfo's BIOS Version. */ - biosversion, + BIOS_VERSION, /** * FirmwareInfo's BIOS Release Date. */ - biosreleasedate, + BIOS_RELEASE_DATE, /** * HardwareInfo's Manufacturer. */ - manufacturer, + MANUFACTURER, /** * HardwareInfo's Product Name. */ - productname, + PRODUCT_NAME, /** * HardwareInfo's Version. */ - version, + VERSION, /** * HardwareInfo's Serial number. */ - systemserialnumber, + SYSTEM_SERIAL_NUMBER, /** * HardwareInfo's Chassis serial number. */ - chassisserialnumber, + CHASSIS_SERIAL_NUMBER, /** * HardwareInfo's baseboard serial number. */ - baseboardserialnumber, + BASEBOARD_SERIAL_NUMBER, /** * OSInfo's OS Name. */ - osname, + OS_NAME, /** * OSInfo's OS Version. */ - osversion, + OS_VERSION, /** * OSInfo's OS Arch. */ - osarch, + OS_ARCH, /** * OSInfo's Distribution. */ - distribution, + DISTRIBUTION, /** * OSInfo's Distribution Release. */ - distributionrelease, + DISTRIBUTION_RELEASE, /** * TPMInfo's TPM Make. */ - tpmmake, + TPM_MAKE, /** * TPMInfo's TPM Version Major. */ - tpmversionmajor, + TPM_VERSION_MAJOR, /** * TPMInfo's TPM Version Minor. */ - tpmversionminor, + TPM_VERSION_MINOR, /** * TPMInfo's TPM Version Rev Major. */ - tpmversionrevmajor, + TPM_VERSION_REV_MAJOR, /** * TPMInfo's TPM Version Rev Minor. */ - tpmversionrevminor; + TPM_VERSION_REV_MINOR; /** * Generates a CSV String from a map of TPMBaselineFields to values. @@ -181,19 +181,19 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String biosvendor = + final String biosVendor = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.biosvendor), defaultInfo.getBiosVendor()); + map.get(TPMBaselineFields.BIOS_VENDOR), defaultInfo.getBiosVendor()); - final String biosversion = + final String biosVersion = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.biosversion), defaultInfo.getBiosVersion()); + map.get(TPMBaselineFields.BIOS_VERSION), defaultInfo.getBiosVersion()); - final String biosreleasedate = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.biosreleasedate), + final String biosReleaseDate = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.BIOS_RELEASE_DATE), defaultInfo.getBiosReleaseDate()); - return new FirmwareInfo(biosvendor, biosversion, biosreleasedate); + return new FirmwareInfo(biosVendor, biosVersion, biosReleaseDate); } /** @@ -213,33 +213,33 @@ public class TPMBaselineGenerator { final String manufacturer = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.manufacturer), defaultInfo.getManufacturer()); + map.get(TPMBaselineFields.MANUFACTURER), defaultInfo.getManufacturer()); - final String productname = + final String productName = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.productname), defaultInfo.getProductName()); + map.get(TPMBaselineFields.PRODUCT_NAME), defaultInfo.getProductName()); final String version = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.version), defaultInfo.getVersion()); + map.get(TPMBaselineFields.VERSION), defaultInfo.getVersion()); - final String serialnumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.systemserialnumber), + final String serialNumber = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.SYSTEM_SERIAL_NUMBER), defaultInfo.getSystemSerialNumber()); final String chassisSerialNumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.chassisserialnumber), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.CHASSIS_SERIAL_NUMBER), defaultInfo.getChassisSerialNumber()); final String baseboardSerialNumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.baseboardserialnumber), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER), defaultInfo.getBaseboardSerialNumber()); return new HardwareInfo( manufacturer, - productname, + productName, version, - serialnumber, + serialNumber, chassisSerialNumber, baseboardSerialNumber ); @@ -260,27 +260,27 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String osname = + final String osName = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osname), defaultInfo.getOSName()); + map.get(TPMBaselineFields.OS_NAME), defaultInfo.getOSName()); - final String osversion = + final String osVersion = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osversion), defaultInfo.getOSVersion()); + map.get(TPMBaselineFields.OS_VERSION), defaultInfo.getOSVersion()); - final String osarch = + final String osArch = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osarch), defaultInfo.getOSArch()); + map.get(TPMBaselineFields.OS_ARCH), defaultInfo.getOSArch()); final String distribution = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.distribution), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.DISTRIBUTION), defaultInfo.getDistribution()); - final String distributionrelease = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.distributionrelease), + final String distributionRelease = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.DISTRIBUTION_RELEASE), defaultInfo.getDistributionRelease()); - return new OSInfo(osname, osversion, osarch, distribution, distributionrelease); + return new OSInfo(osName, osVersion, osArch, distribution, distributionRelease); } /** @@ -298,29 +298,29 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String tpmmake = + final String tpmMake = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.tpmmake), defaultInfo.getTPMMake()); + map.get(TPMBaselineFields.TPM_MAKE), defaultInfo.getTPMMake()); - final String tpmversionmajor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionmajor), + final String tpmVersionMajor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_MAJOR), "" + defaultInfo.getTPMVersionMajor()); - final String tpmversionminor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionminor), + final String tpmVersionMinor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_MINOR), "" + defaultInfo.getTPMVersionMinor()); - final String tpmversionrevmajor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionrevmajor), + final String tpmVersionRevMajor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_REV_MAJOR), "" + defaultInfo.getTPMVersionRevMajor()); - final String tpmversionrevminor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionrevminor), + final String tpmVersionRevMinor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_REV_MINOR), "" + defaultInfo.getTPMVersionMinor()); - return new TPMInfo(tpmmake, Short.valueOf(tpmversionmajor), - Short.valueOf(tpmversionminor), Short.valueOf(tpmversionrevmajor), - Short.valueOf(tpmversionrevminor)); + return new TPMInfo(tpmMake, Short.valueOf(tpmVersionMajor), + Short.valueOf(tpmVersionMinor), Short.valueOf(tpmVersionRevMajor), + Short.valueOf(tpmVersionRevMinor)); } } @@ -510,8 +510,8 @@ public class TPMBaselineGenerator { // Copy the criteria from the device info report corroborated the kernel update. final OSInfo referenceOSInfo = referenceBaseline.getOSInfo(); final HashMap map = new HashMap<>(); - map.put(TPMBaselineFields.osname, referenceOSInfo.getOSName()); - map.put(TPMBaselineFields.osversion, referenceOSInfo.getOSVersion()); + map.put(TPMBaselineFields.OS_NAME, referenceOSInfo.getOSName()); + map.put(TPMBaselineFields.OS_VERSION, referenceOSInfo.getOSVersion()); final OSInfo osInfo = TPMBaselineFields.toOSInfo(map, new OSInfo()); newBaseline.setOSInfo(osInfo); diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java index 6929838c..5988fad4 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLog.java @@ -1,84 +1,104 @@ package hirs.tpm.eventlog; +import hirs.data.persist.AbstractDigest; +import hirs.tpm.eventlog.uefi.UefiConstants; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.ArrayList; -import hirs.tpm.eventlog.events.EvConstants; -import hirs.utils.HexUtils; +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * Class for handling different formats of TCG Event logs. */ public final class TCGEventLog { -// private static final Logger LOGGER = (Logger) LogManager.getLogger(TCGEventLog.class); + private static final Logger LOGGER + = LogManager.getLogger(TCGEventLog.class); - /** Initial value for SHA 256 values.*/ + /** + * Init value for SHA 256 values. + */ public static final String INIT_SHA256_LIST = "00000000000000000000000000" + "00000000000000000000000000000000000000"; - /** Initial value for SHA 1 values. */ + /** + * Init value for SHA 1 values. + */ public static final String INIT_SHA1_LIST = "0000000000000000000000000000000000000000"; - /** PFP defined EV_NO_ACTION identifier. */ + + /** + * PFP defined EV_NO_ACTION identifier. + */ public static final int NO_ACTION_EVENT = 0x00000003; - /** String value of SHA1 hash.*/ + /** + * String value of SHA1 hash. + */ public static final String HASH_STRING = "SHA1"; - /** String value of SHA256 hash. */ + /** + * String value of SHA256 hash. + */ public static final String HASH256_STRING = "SHA-256"; - /** Each PCR bank holds 24 registers. */ + /** + * Each PCR bank holds 24 registers. + */ public static final int PCR_COUNT = 24; - /** 2 dimensional array holding the PCR values. */ - private byte[][] pcrList; - /** List of parsed events within the log. */ - private ArrayList eventList = new ArrayList<>(); - /** Length of PCR. Indicates which hash algorithm is used. */ + /** + * 2 dimensional array holding the PCR values. + */ + private final byte[][] pcrList; + /** + * List of parsed events within the log. + */ + private final ArrayList eventList = new ArrayList<>(); + private int pcrLength; - /** Name of hash algorithm. */ private String hashType; - /** Initial Value to use. */ private String initValue; /** * Default blank object constructor. */ public TCGEventLog() { - this.pcrList = new byte[PCR_COUNT][EvConstants.SHA1_LENGTH]; + this.pcrList = new byte[PCR_COUNT][UefiConstants.SIZE_20]; initValue = INIT_SHA1_LIST; - pcrLength = EvConstants.SHA1_LENGTH; + pcrLength = UefiConstants.SIZE_20; initPcrList(); } /** * Default constructor for just the rawlog that'll set up SHA1 Log. - * @param rawlog data for the event log file. - * @throws NoSuchAlgorithmException if an unknown algorithm is encountered. - * @throws CertificateException if a certificate in the log cannot be parsed. - * @throws IOException IO Stream if event cannot be parsed. + * @param rawlog data for the event log file + * @throws IOException IO Stream for the event log + * @throws CertificateException certificate exception + * @throws NoSuchAlgorithmException no such alogirthm exception */ - public TCGEventLog(final byte[] rawlog) throws CertificateException, NoSuchAlgorithmException, - IOException { - this(rawlog, EvConstants.SHA1_LENGTH, HASH_STRING, INIT_SHA1_LIST); + public TCGEventLog(final byte[] rawlog) throws IOException, + CertificateException, NoSuchAlgorithmException { + this(rawlog, UefiConstants.SIZE_20, HASH_STRING, INIT_SHA1_LIST); } /** * Default constructor for specific log. * @param rawlog data for the event log file - * @param pLength determined by SHA1 or 256 - * @param hType the type of algorithm - * @param iValue the default blank value. + * @param pcrLength determined by SHA1 or 256 + * @param hashType the type of algorithm + * @param initValue the default blank value * @throws IOException IO Stream for the event log - * @throws NoSuchAlgorithmException if an unknown algorithm is encountered. - * @throws CertificateException f a certificate in the log cannot be parsed. + * @throws CertificateException certificate exception + * @throws NoSuchAlgorithmException no such alogirthm exception */ - public TCGEventLog(final byte[] rawlog, final int pLength, final String hType, - final String iValue) throws IOException, CertificateException, - NoSuchAlgorithmException { - pcrLength = pLength; + public TCGEventLog(final byte[] rawlog, final int pcrLength, + final String hashType, final String initValue) throws IOException, + CertificateException, NoSuchAlgorithmException { + this.pcrLength = pcrLength; this.pcrList = new byte[PCR_COUNT][pcrLength]; - hashType = hType; - initValue = iValue; + this.hashType = hashType; + this.initValue = initValue; ByteArrayInputStream is = new ByteArrayInputStream(rawlog); // Process the 1st entry as a SHA1 format (per the spec) eventList.add(new TpmPcrEvent1(is)); @@ -97,10 +117,14 @@ public final class TCGEventLog { * This method puts blank values in the pcrList. */ private void initPcrList() { - for (int i = 0; i < PCR_COUNT; i++) { // Initialize the PCRlist1 array - System.arraycopy(HexUtils.hexStringToByteArray( - initValue), - 0, pcrList[i], 0, pcrLength); + for (int i = 0; i < PCR_COUNT; i++) { + try { + // Initialize the PCRlist1 array + System.arraycopy(Hex.decodeHex(initValue.toCharArray()), + 0, pcrList[i], 0, pcrLength); + } catch (DecoderException deEx) { + LOGGER.error(deEx); + } } } @@ -122,37 +146,45 @@ public final class TCGEventLog { 0, currentEvent.getDigestLength()); } } catch (NoSuchAlgorithmException e) { - // ((org.apache.logging.log4j.Logger) LOGGER).error(e); + LOGGER.error(e); } } } } - /** + /**hjmmm I'll h * Extends a hash with a hash of new data. * * @param currentValue value to extend - * @param newEvent value to extend with + * @param newEvent value to extend with * @return new hash resultant hash * @throws NoSuchAlgorithmException if hash algorithm not supported */ private byte[] extendPCR(final byte[] currentValue, final byte[] newEvent) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance(hashType); - md.update(HexUtils.hexStringToByteArray(HexUtils.byteArrayToHexString(currentValue) - + HexUtils.byteArrayToHexString(newEvent))); + StringBuilder sb = new StringBuilder(AbstractDigest.SHA512_DIGEST_LENGTH); + sb.append(Hex.encodeHexString(currentValue).toCharArray()); + sb.append(Hex.encodeHexString(newEvent).toCharArray()); + + try { + md.update(Hex.decodeHex(sb.toString().toCharArray())); + } catch (DecoderException deEx) { + LOGGER.error(deEx); + } return md.digest(); } /** * Returns all 24 PCR values for display purposes. * - * @return Returns an array of strings representing the expected hash values for all 24 PCRs + * @return Returns an array of strings representing the expected hash values + * for all 24 PCRs */ public String[] getExpectedPCRValues() { String[] pcrs = new String[PCR_COUNT]; for (int i = 0; i < PCR_COUNT; i++) { - pcrs[i] = HexUtils.byteArrayToHexString(pcrList[i]); + pcrs[i] = Hex.encodeHexString(pcrList[i]); } return pcrs; } @@ -163,8 +195,17 @@ public final class TCGEventLog { * @param index pcr index * @return String representing the PCR contents */ - public String getExpectedPCRValue(final int index) { - return HexUtils.byteArrayToHexString(pcrList[index]); + public String getExpectedPCRString(final int index) { + return Hex.encodeHexString(pcrList[index]); } + /** + * Returns a single PCR value given an index (PCR Number). + * + * @param index pcr index. + * @return byte array of the pcr contents. + */ + public byte[] getExpectedPCRBytes(final int index) { + return pcrList[index]; + } } diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLogProcessor.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLogProcessor.java index 878e2824..cdfc2834 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLogProcessor.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TCGEventLogProcessor.java @@ -3,16 +3,16 @@ package hirs.tpm.eventlog; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; import hirs.data.persist.TPMMeasurementRecord; -import hirs.data.persist.TpmWhiteListBaseline; -import hirs.tpm.eventlog.events.EvConstants; -import hirs.tpm.eventlog.uefi.UefiConstants; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.utils.HexUtils; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm;; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.tpm.eventlog.uefi.UefiConstants; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import org.apache.commons.codec.DecoderException; /** * Class for parsing a TCG EventLogs (both SHA1 and Crypto Agile Formats). @@ -20,16 +20,22 @@ import hirs.data.persist.DigestAlgorithm;; * Constructor parses the input byte array into a List of TpmPcrEvents. */ public class TCGEventLogProcessor { - /** Name of the hash algorithm used to process the Event Log, default is SHA256. */ + /** + * Name of the hash algorithm used to process the Event Log, default is SHA256. + */ private String algorithm = "TPM_ALG_SHA256"; - /** Parsed event log array. */ + /** + * Parsed event log array. + */ private TCGEventLog tcgLog = null; - /** EV_NO_ACTION signature offset. */ + /** + * EV_NO_ACTION signature offset. + */ private static final int SIG_OFFSET = 32; - /** TEV_NO_ACTION signature size. */ + /** + * TEV_NO_ACTION signature size. + */ private static final int SIG_SIZE = 16; - /** Number of PCRs in a TPM PCR Bank. */ - private static final int PCR_COUNT = 24; /** * Default Constructor. @@ -41,15 +47,15 @@ public class TCGEventLogProcessor { /** * Constructor. * - * @param rawLog the byte array holding the contents of the TCG Event Log. - * @throws IOException IO Stream for the event log. - * @throws NoSuchAlgorithmException if an unknown algorithm is encountered. - * @throws CertificateException f a certificate in the log cannot be parsed. + * @param rawLog the byte array holding the contents of the TCG Event Log + * @throws IOException if there is a parsing error + * @throws CertificateException certificate exception + * @throws NoSuchAlgorithmException no such alogirthm exception */ - public TCGEventLogProcessor(final byte[] rawLog) throws IOException, CertificateException, - NoSuchAlgorithmException { + public TCGEventLogProcessor(final byte[] rawLog) throws IOException, + CertificateException, NoSuchAlgorithmException { if (isLogCrytoAgile(rawLog)) { - tcgLog = new TCGEventLog(rawLog, EvConstants.SHA256_LENGTH, + tcgLog = new TCGEventLog(rawLog, UefiConstants.SIZE_32, TCGEventLog.HASH256_STRING, TCGEventLog.INIT_SHA256_LIST); } else { tcgLog = new TCGEventLog(rawLog); @@ -73,7 +79,7 @@ public class TCGEventLogProcessor { * @return String representing the PCR contents */ public String getExpectedPCRValue(final int index) { - return tcgLog.getExpectedPCRValue(index); + return tcgLog.getExpectedPCRString(index); } /** @@ -100,22 +106,21 @@ public class TCGEventLogProcessor { * * @param name name to call the TPM Baseline * @return whitelist baseline + * @throws DecoderException hex string problem. */ - public TpmWhiteListBaseline createTPMBaseline(final String name) { + public TpmWhiteListBaseline createTPMBaseline(final String name) throws DecoderException { TpmWhiteListBaseline baseline = new TpmWhiteListBaseline(name); TPMMeasurementRecord record; - String pcrValue; - for (int i = 0; i < PCR_COUNT; i++) { + + for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { if (algorithm.compareToIgnoreCase("TPM_ALG_SHA1") == 0) { // Log Was SHA1 Format - pcrValue = tcgLog.getExpectedPCRValue(i); - byte[] hexValue = HexUtils.hexStringToByteArray(pcrValue); - final Digest hash = new Digest(DigestAlgorithm.SHA1, hexValue); - record = new TPMMeasurementRecord(i, hash); + record = new TPMMeasurementRecord(i, + new Digest(DigestAlgorithm.SHA1, + tcgLog.getExpectedPCRBytes(i))); } else { // Log was Crypto Agile, currently assumes SHA256 - pcrValue = tcgLog.getExpectedPCRValue(i); - byte[] hexValue = HexUtils.hexStringToByteArray(pcrValue); - final Digest hash = new Digest(DigestAlgorithm.SHA256, hexValue); - record = new TPMMeasurementRecord(i, hash); + record = new TPMMeasurementRecord(i, + new Digest(DigestAlgorithm.SHA256, + tcgLog.getExpectedPCRBytes(i))); } baseline.addToBaseline(record); } @@ -131,8 +136,8 @@ public class TCGEventLogProcessor { * @throws UnsupportedEncodingException if parsing error occurs. */ public boolean isLogCrytoAgile(final byte[] log) throws UnsupportedEncodingException { - byte[] eType = new byte[UefiConstants.SIZE_4]; - System.arraycopy(log, UefiConstants.SIZE_4, eType, 0, UefiConstants.SIZE_4); + byte[] eType = new byte[Integer.BYTES]; + System.arraycopy(log, Integer.BYTES, eType, 0, Integer.BYTES); byte[] eventType = HexUtils.leReverseByte(eType); int eventID = new BigInteger(eventType).intValue(); if (eventID != TCGEventLog.NO_ACTION_EVENT) { diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index 004da27c..63ebe14a 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -4,9 +4,9 @@ import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import hirs.data.persist.AppraisalStatus; -import hirs.data.persist.ComponentInfo; +import hirs.data.persist.info.ComponentInfo; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.certificate.attributes.ComponentIdentifier; diff --git a/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java b/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java index 9d54eff6..6c335f36 100644 --- a/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java +++ b/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java @@ -6,11 +6,11 @@ import hirs.data.persist.AppraisalStatus; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java b/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java index 915fb5b6..cbfbc82a 100644 --- a/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java +++ b/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java @@ -1,13 +1,13 @@ package hirs.appraiser; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; import hirs.data.persist.IMAReport; -import hirs.data.persist.ImaIgnoreSetBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import org.apache.commons.codec.binary.Base64; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java index 7f719e95..c8288b58 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import java.util.Collections; import java.util.Date; import java.util.HashSet; @@ -27,9 +33,9 @@ public final class AlertTest { @Test public void testAlertDefaults() { Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); - Assert.assertEquals(alert.getType(), Alert.AlertType.UNSPECIFIED); - Assert.assertEquals(alert.getSource(), Alert.Source.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); + Assert.assertEquals(alert.getType(), AlertType.UNSPECIFIED); + Assert.assertEquals(alert.getSource(), AlertSource.UNSPECIFIED); Assert.assertNull(alert.getDisplayTitle()); } @@ -91,7 +97,7 @@ public final class AlertTest { public void testBaselineIdAndSeverity() { Alert alert = new Alert(TEST_DETAILS); ImaBaseline baseline = new SimpleImaBaseline(TEST_BASELINE_NAME); - baseline.setSeverity(Alert.Severity.SEVERE); + baseline.setSeverity(AlertSeverity.SEVERE); alert.setBaselineIdsAndSeverity(Collections.singleton(baseline)); Assert.assertEquals(alert.getBaselineIds().iterator().next(), baseline.getId()); Assert.assertEquals(alert.getSeverity(), baseline.getSeverity()); @@ -103,8 +109,8 @@ public final class AlertTest { @Test public void testSource() { Alert alert = new Alert(TEST_DETAILS); - alert.setSource(Alert.Source.IMA_APPRAISER); - Assert.assertEquals(alert.getSource(), Alert.Source.IMA_APPRAISER); + alert.setSource(AlertSource.IMA_APPRAISER); + Assert.assertEquals(alert.getSource(), AlertSource.IMA_APPRAISER); } /** @@ -113,9 +119,9 @@ public final class AlertTest { @Test public void testType() { Alert alert = new Alert(TEST_DETAILS); - alert.setType(Alert.AlertType.REPORT_REQUESTS_MISSING); + alert.setType(AlertType.REPORT_REQUESTS_MISSING); Assert.assertEquals(alert.getType(), - Alert.AlertType.REPORT_REQUESTS_MISSING); + AlertType.REPORT_REQUESTS_MISSING); } /** @@ -135,7 +141,7 @@ public final class AlertTest { @Test public void testSeverity() { Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); } /** @@ -143,18 +149,18 @@ public final class AlertTest { */ @Test public void testSetSeverity() { - final Alert.Severity baselineSeverity = Alert.Severity.SEVERE; - final Alert.Severity alertSeverity = Alert.Severity.LOW; + final AlertSeverity baselineSeverity = AlertSeverity.SEVERE; + final AlertSeverity alertSeverity = AlertSeverity.LOW; // Set up a baseline with a severity ImaBaseline baseline = new SimpleImaBaseline(TEST_BASELINE_NAME); baseline.setSeverity(baselineSeverity); - HashSet baselineSet = new HashSet(); + HashSet baselineSet = new HashSet<>(); baselineSet.add(baseline); // Track the status of the severity value Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselineSet); Assert.assertEquals(alert.getSeverity(), baselineSeverity); alert.setSeverity(alertSeverity); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java index 221ec194..262236ad 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import java.io.Serializable; import java.util.List; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java index 0a86d20a..df74a115 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java @@ -1,5 +1,10 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java index a7221129..040979a5 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.BroadRepoImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.io.UnsupportedEncodingException; import java.util.Collections; import java.util.HashSet; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java index dcc05301..23f4d4cc 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import java.util.Arrays; import java.util.HashSet; import java.util.Set; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java index 02496070..088a9a13 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.foss.XMLCleaner; import hirs.persist.DBReportManager; import hirs.persist.ReportManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java index 42ca9201..5670b296 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java index 6c6a6423..319d40c4 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.enums.DigestAlgorithm; import java.util.Arrays; import org.apache.commons.codec.digest.DigestUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java index a0ccd0c0..58c59db6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.FirmwareInfo; import org.apache.commons.lang3.StringUtils; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java index dc56a1d9..320b0e36 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.HardwareInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java index d68a6952..accb9f95 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.binary.Hex; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java index c58013a7..fc72a651 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.enums.DigestAlgorithm; import java.text.ParseException; import org.apache.commons.codec.DecoderException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java index 3ca6d1ec..b6cce4a3 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java @@ -1,5 +1,12 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; import java.io.InputStream; import java.io.Serializable; import java.util.LinkedList; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java index 324465da..4e962afd 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import java.io.InputStream; import java.io.StringReader; import java.io.StringWriter; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java index 20d5e146..6dd168f5 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import java.text.ParseException; import java.util.Set; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java index e84f6036..1c3ddc99 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.persist.BaselineManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java index 4c20db65..ff26fa2e 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.persist.DBManager; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java index c511bfcd..5de7375f 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.Baseline; import hirs.ima.matching.BatchImaMatchStatus; import java.util.Collections; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java index cc457b50..db1a79fb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.NetworkInfo; import java.net.InetAddress; import java.net.UnknownHostException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java index 95478994..b3b75dfb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java index bad6a62f..ef9fefeb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import java.net.InetAddress; import org.testng.Assert; import org.testng.annotations.Test; @@ -25,7 +27,7 @@ public class PortalInfoTest { */ @Test public void testScheme() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfo info = new PortalInfo(); info.setSchemeName(scheme); @@ -38,7 +40,7 @@ public class PortalInfoTest { */ @Test public void testSchemeNull() { - final PortalInfo.Scheme scheme = null; + final PortalScheme scheme = null; PortalInfo info = new PortalInfo(); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java index 263a9073..f26d883a 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.persist.BaselineManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java index 82d1219d..05648863 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java @@ -1,5 +1,13 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.baseline.Baseline; import static hirs.data.persist.TPMMeasurementRecord.MAX_PCR_ID; import static hirs.data.persist.TPMMeasurementRecord.MIN_PCR_ID; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java index 41fe7f23..a8186b4c 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.TPMInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import java.io.FileNotFoundException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java index fde70cfe..cf0f0ce6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.testng.Assert; @@ -37,7 +39,8 @@ public class TPMMeasurementRecordTest { */ @Test(expectedExceptions = NullPointerException.class) public final void tpmMeasurementRecordNullHash() { - new TPMMeasurementRecord(0, null); + Digest digest = null; + new TPMMeasurementRecord(0, digest); } /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java index 3e1f78ec..2c7792e6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.enums.AlertSeverity; import java.io.InputStream; import java.io.Serializable; import java.util.Arrays; @@ -420,8 +423,8 @@ public class TPMPolicyTest extends HibernateTest { */ @Test public final void testSetKernelUpdateAlertSeverity() { - final Alert.Severity defaultSeverity = Alert.Severity.UNSPECIFIED; - final Alert.Severity newSeverity = Alert.Severity.INFO; + final AlertSeverity defaultSeverity = AlertSeverity.UNSPECIFIED; + final AlertSeverity newSeverity = AlertSeverity.INFO; TPMPolicy tpmPolicy = new TPMPolicy("TestTPMPolicy"); Assert.assertEquals(tpmPolicy.getKernelUpdateAlertSeverity(), defaultSeverity); tpmPolicy.setKernelUpdateAlertSeverity(newSeverity); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java index 71286581..f904f2e9 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import static org.apache.logging.log4j.LogManager.getLogger; import hirs.data.persist.tpm.PcrComposite; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java index adcc48d7..c52b881a 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.TargetedRepoImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.ArrayList; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java index e15cc998..8dd51834 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import javax.persistence.Entity; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java index ba0ce228..a3e1e9f1 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import javax.persistence.Entity; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java b/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java index fda53149..bb74ad68 100644 --- a/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java @@ -3,11 +3,11 @@ package hirs.data.service; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; import hirs.persist.DeviceGroupManager; import hirs.persist.DeviceManager; diff --git a/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java index 6dac29f2..1328c4f9 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java @@ -2,17 +2,17 @@ package hirs.ima; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.OSInfo; -import hirs.data.persist.SimpleImaBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.tpm.TPMBaselineGenerator; import hirs.tpm.TPMBaselineGeneratorException; diff --git a/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java b/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java index f3082045..445c8d57 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java +++ b/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java @@ -11,9 +11,9 @@ import org.testng.Assert; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; /** * This class contains utility methods and constants that can be used for IMA diff --git a/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java index 82fc6231..2d7b862a 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java @@ -5,7 +5,7 @@ import org.testng.annotations.Test; import java.io.IOException; import java.io.InputStream; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; /** diff --git a/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java index 7743a3da..b39c12d7 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java @@ -1,12 +1,12 @@ package hirs.ima; import hirs.data.persist.IMAReport; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IntegrityReport; import hirs.data.persist.TPMReport; diff --git a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java index d7d3309f..064adf30 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java @@ -1,10 +1,10 @@ package hirs.ima.matching; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.ReportMatchStatus; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SimpleImaBaselineTest; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java index b0bdbddc..d695a5dc 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java @@ -2,11 +2,11 @@ package hirs.ima.matching; import hirs.data.persist.Digest; import hirs.data.persist.DigestTest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ReportMatchStatus; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.enums.ReportMatchStatus; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SimpleImaBaselineTest; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java index 1e99695d..76731d9e 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java @@ -2,14 +2,16 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Report; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SpringPersistenceTest; import hirs.data.persist.TestReport; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.testng.Assert; @@ -629,7 +631,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { for (int i = 0; i < unresolvedDetails1.length; ++i) { newAlert = new Alert(unresolvedDetails1[i]); newAlert.setDeviceName(deviceName); - newAlert.setSource(Alert.Source.IMA_APPRAISER); + newAlert.setSource(AlertSource.IMA_APPRAISER); mgr.saveAlert(newAlert); } @@ -638,13 +640,13 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { for (int i = 0; i < unresolvedDetails2.length; ++i) { newAlert = new Alert(unresolvedDetails2[i]); newAlert.setDeviceName(deviceName); - newAlert.setSource(Alert.Source.TPM_APPRAISER); + newAlert.setSource(AlertSource.TPM_APPRAISER); mgr.saveAlert(newAlert); } - Assert.assertEquals(mgr.countUnresolvedAlerts(device, Alert.Source.IMA_APPRAISER), + Assert.assertEquals(mgr.countUnresolvedAlerts(device, AlertSource.IMA_APPRAISER), unresolvedDetails1.length); - Assert.assertEquals(mgr.countUnresolvedAlerts(device, Alert.Source.TPM_APPRAISER), + Assert.assertEquals(mgr.countUnresolvedAlerts(device, AlertSource.TPM_APPRAISER), unresolvedDetails2.length); } @@ -772,8 +774,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.SEVERE, Alert.Severity.SEVERE, - Alert.Severity.SEVERE, Alert.Severity.SEVERE); + Set baselines = initBaselines(AlertSeverity.SEVERE, AlertSeverity.SEVERE, + AlertSeverity.SEVERE, AlertSeverity.SEVERE); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -782,7 +784,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.SEVERE); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.SEVERE); } /** @@ -792,8 +794,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndSevereSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.SEVERE, Alert.Severity.HIGH, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.SEVERE, AlertSeverity.HIGH, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -802,7 +804,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.SEVERE); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.SEVERE); } /** @@ -812,8 +814,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndHighSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.HIGH, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.HIGH, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -822,7 +824,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.HIGH); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.HIGH); } /** @@ -832,8 +834,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndLowSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.LOW, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.LOW, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -842,7 +844,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.LOW); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.LOW); } /** @@ -852,8 +854,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndInfoSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.INFO, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.INFO, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -862,7 +864,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.INFO); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.INFO); } private boolean foundMatchingBaselineId(final UUID baselineId, final Collection @@ -874,10 +876,10 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { } return false; } - private Set initBaselines(final Alert.Severity severity, - final Alert.Severity severity2, - final Alert.Severity severity3, - final Alert.Severity severity4) { + private Set initBaselines(final AlertSeverity severity, + final AlertSeverity severity2, + final AlertSeverity severity3, + final AlertSeverity severity4) { final BaselineManager bMgr = new DBBaselineManager(sessionFactory); Baseline baseline = bMgr.saveBaseline(new TpmWhiteListBaseline(TEST_BASELINE_NAME + "1")); Baseline baseline2 = bMgr.saveBaseline(new TpmWhiteListBaseline(TEST_BASELINE_NAME + "2")); diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java index 140c39b5..e169d860 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java @@ -4,15 +4,15 @@ import hirs.FilteredRecordsList; import java.io.UnsupportedEncodingException; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import java.util.ArrayList; import java.util.Arrays; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java index 8f1f3f4c..f1b584eb 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java @@ -12,8 +12,8 @@ import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.DeviceTest; -import hirs.data.persist.HealthStatus; -import hirs.data.persist.NetworkInfo; +import hirs.data.persist.enums.HealthStatus; +import hirs.data.persist.info.NetworkInfo; import hirs.data.persist.SpringPersistenceTest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java index 5b4d7a79..ffe91208 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java @@ -9,7 +9,8 @@ import java.util.Map; import hirs.data.persist.SpringPersistenceTest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import org.testng.Assert; import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; @@ -52,7 +53,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void deletePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; LOGGER.debug("creating DBPortalInfoManager"); PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -78,7 +79,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void getPortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); PortalInfo info = new PortalInfo(); @@ -97,7 +98,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void savePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); PortalInfo info = new PortalInfo(); @@ -115,7 +116,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void updatePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; final int port = 127; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -139,13 +140,13 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void testGetPortalUrl() throws Exception { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; final int port = 127; final String contextName = "HIRS_Portal"; final String address = "localhost"; try { - HashMap envMap = new HashMap(System.getenv()); + HashMap envMap = new HashMap<>(System.getenv()); setEnv(envMap); PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -164,7 +165,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { Assert.assertEquals(url + urlExtension, URI.create(url + urlExtension).toString()); } finally { // Unset the process environment variable for other tests. - HashMap envMap = new HashMap(System.getenv()); + HashMap envMap = new HashMap<>(System.getenv()); envMap.remove("HIRS_HIBERNATE_CONFIG"); setEnv(envMap); } @@ -177,7 +178,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { @Test public final void testGetPortalUrlNoPortalInfoObject() throws Exception { PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); - dbpim.getPortalInfo(PortalInfo.Scheme.HTTPS); + dbpim.getPortalInfo(PortalScheme.HTTPS); String url = dbpim.getPortalUrlBase(); Assert.assertEquals(url, "Your_HIRS_Portal/"); diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java index 6967025e..a78c9b1c 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java @@ -4,19 +4,19 @@ import hirs.FilteredRecordsList; import hirs.data.bean.SimpleImaRecordBean; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ExamineState; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; import hirs.data.persist.SpringPersistenceTest; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.TPMReport; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java index b092a962..291e7619 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java @@ -1,7 +1,7 @@ package hirs.persist; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; import hirs.repository.RPMRepoPackage; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java index 2e16ac7b..7d56bd47 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java @@ -1,10 +1,10 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import java.io.UnsupportedEncodingException; import java.math.BigInteger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java index 2ce36663..dbdb6b8c 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java @@ -1,10 +1,10 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import java.io.UnsupportedEncodingException; import java.math.BigInteger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java b/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java index a2461b3a..08fbb241 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java @@ -4,7 +4,7 @@ import hirs.data.persist.Alert; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceState; -import hirs.data.persist.HealthStatus; +import hirs.data.persist.enums.HealthStatus; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; diff --git a/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java b/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java index f0b7ab73..e2d7e6e2 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java @@ -1,8 +1,8 @@ package hirs.repository; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import org.testng.Assert; import org.testng.annotations.AfterMethod; diff --git a/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java b/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java index 4345edcd..5ed1e513 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java +++ b/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java @@ -1,6 +1,6 @@ package hirs.repository; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.persist.DBRepositoryManagerTest; import javax.persistence.Column; diff --git a/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java b/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java index 69a12997..c79d8fe5 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java @@ -5,7 +5,7 @@ import static org.apache.logging.log4j.LogManager.getLogger; import java.net.URL; import java.util.HashSet; import java.util.Set; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; import hirs.persist.DBRepositoryManager; import hirs.persist.RepositoryManager; diff --git a/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java b/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java index 061393f9..6bac6ca8 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java @@ -4,7 +4,7 @@ import com.google.common.collect.Multimap; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.io.FileUtils; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java b/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java index 697037f8..305b57bd 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.io.FileUtils; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java index b78f02f0..75ebdad8 100644 --- a/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java @@ -1,8 +1,8 @@ package hirs.tpm; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import java.io.IOException; import java.io.InputStream; @@ -18,12 +18,12 @@ import org.testng.annotations.Test; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.TPMReport; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/test/java/hirs/tpm/eventlog/TCGEventLogProcessorTest.java b/HIRS_Utils/src/test/java/hirs/tpm/eventlog/TCGEventLogProcessorTest.java index cbbdbb56..fffeebaa 100644 --- a/HIRS_Utils/src/test/java/hirs/tpm/eventlog/TCGEventLogProcessorTest.java +++ b/HIRS_Utils/src/test/java/hirs/tpm/eventlog/TCGEventLogProcessorTest.java @@ -2,35 +2,34 @@ package hirs.tpm.eventlog; import java.io.IOException; import java.io.InputStream; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; import java.util.Arrays; -//import java.util.List; -//import java.util.Set; import org.apache.commons.io.IOUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -//import org.hibernate.Session; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import org.testng.Assert; import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; -//import hirs.data.persist.Baseline; -//import hirs.data.persist.Digest; -//import hirs.data.persist.SpringPersistenceTest; -//import hirs.data.persist.TpmWhiteListBaseline; -//import hirs.utils.HexUtils; +/* +import org.junit.Test; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +*/ + +import hirs.data.persist.SpringPersistenceTest; /** * Class for testing TCG Event Log processing. */ -//public class TCGEventLogProcessorTest extends SpringPersistenceTest { -public class TCGEventLogProcessorTest { - private static final String DEFAULT_EVENT_LOG = "/tcgeventlog/TpmLog.bin"; +public class TCGEventLogProcessorTest extends SpringPersistenceTest { + private static final String DEFAULT_EVENT_LOG = "/tcgeventlog/TpmLog.bin"; private static final String DEFAULT_EXPECTED_PCRS = "/tcgeventlog/TpmLogExpectedPcrs.txt"; private static final String SHA1_EVENT_LOG = "/tcgeventlog/TpmLogSHA1.bin"; private static final String SHA1_EXPECTED_PCRS = "/tcgeventlog/TpmLogSHA1ExpectedPcrs.txt"; @@ -127,7 +126,7 @@ public class TCGEventLogProcessorTest { boolean testPass = true; log = this.getClass().getResourceAsStream(SHA1_EVENT_LOG); byte[] rawLogBytes = IOUtils.toByteArray(log); - TCGEventLogProcessor tlp = new TCGEventLogProcessor(rawLogBytes); + TCGEventLogProcessor tlp = new TCGEventLogProcessor(rawLogBytes); String[] pcrFromLog = tlp.getExpectedPCRValues(); pcrs = this.getClass().getResourceAsStream(SHA1_EXPECTED_PCRS); Object[] pcrObj = IOUtils.readLines(pcrs).toArray(); @@ -179,7 +178,7 @@ public class TCGEventLogProcessorTest { String pcrValue = HexUtils.byteArrayToHexString(digest.getDigest()); if (pcrFromLog[i].compareToIgnoreCase(pcrValue) != 0) { testPass = false; - LOGGER.error("\testTPMBaselineCreate error with PCR " + i); + LOGGER.error("\ttestTPMBaselineCreate error with PCR " + i); } } } diff --git a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java index 7d7e1c8a..d16cf223 100644 --- a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java @@ -2,15 +2,15 @@ package hirs.validation; import hirs.client.collector.DeviceInfoCollector; import hirs.data.persist.AppraisalStatus; -import hirs.data.persist.ComponentInfo; +import hirs.data.persist.info.ComponentInfo; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NICComponentInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NICComponentInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.SupplyChainValidation; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.CertificateTest;