ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-10 22:44:26 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

More changes

Browse Source
This commit is contained in:
Cyrus 2022-11-18 13:53:08 -05:00
parent 9812f464e8
commit daafe8b899
14 changed files with 35 additions and 987 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/AbstractAttestationCertificateAuthority.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -1,14 +1,10 @@
package hirs.attestationca.portal; package hirs.attestationca;
import com.google.protobuf.ByteString; import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.InvalidProtocolBufferException;
import hirs.attestationca.AttestationCertificateAuthority;
import hirs.attestationca.CredentialManagementHelper;
import hirs.attestationca.IssuedCertificateAttributeHelper;
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2; import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.entity.BaseReferenceManifest; import hirs.attestationca.entity.BaseReferenceManifest;
import hirs.attestationca.entity.Device; import hirs.attestationca.entity.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.attestationca.entity.EventLogMeasurements; import hirs.attestationca.entity.EventLogMeasurements;
import hirs.attestationca.entity.ReferenceDigestValue; import hirs.attestationca.entity.ReferenceDigestValue;
import hirs.attestationca.entity.ReferenceManifest; import hirs.attestationca.entity.ReferenceManifest;
@ -23,19 +19,20 @@ import hirs.attestationca.entity.certificate.PlatformCredential;
import hirs.attestationca.exceptions.CertificateProcessingException; import hirs.attestationca.exceptions.CertificateProcessingException;
import hirs.attestationca.exceptions.IdentityProcessingException; import hirs.attestationca.exceptions.IdentityProcessingException;
import hirs.attestationca.exceptions.UnexpectedServerException; import hirs.attestationca.exceptions.UnexpectedServerException;
import hirs.attestationca.portal.validation.SupplyChainValidationService; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.attestationca.service.CertificateService; import hirs.attestationca.service.CertificateService;
import hirs.attestationca.service.DeviceRegister; import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.DeviceService; import hirs.attestationca.service.DeviceService;
import hirs.attestationca.service.ReferenceDigestValueService; import hirs.attestationca.service.ReferenceDigestValueService;
import hirs.attestationca.service.ReferenceManifestService; import hirs.attestationca.service.ReferenceManifestService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.data.persist.AppraisalStatus; import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.info.FirmwareInfo; import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo; import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo; import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo; import hirs.data.persist.info.TPMInfo;
import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.structs.converters.SimpleStructBuilder; import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter; import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope; import hirs.structs.elements.aca.IdentityRequestEnvelope;

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/AcaDbInit.java
View File

@ -4,14 +4,19 @@ import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.policy.SupplyChainPolicy; import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.attestationca.service.AppraiserService; import hirs.attestationca.service.AppraiserService;
import hirs.attestationca.service.PolicyService; import hirs.attestationca.service.PolicyService;
import org.apache.logging.log4j.LogManager;
import static hirs.attestationca.AbstractAttestationCertificateAuthority.LOG; import org.apache.logging.log4j.Logger;
/** /**
* Utility class that simply holds logic to seed the ACA's database with its * Utility class that simply holds logic to seed the ACA's database with its
* default entries. * default entries.
*/ */
public final class AcaDbInit { public final class AcaDbInit {
/**
* Logger instance for for subclass instances.
*/
protected static final Logger LOG = LogManager.getLogger(AcaDbInit.class);
// prevent construction // prevent construction
private AcaDbInit() { } private AcaDbInit() { }

19
HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java
View File

@ -1,10 +1,12 @@
package hirs.attestationca.rest; package hirs.attestationca.rest;
import hirs.attestationca.AbstractAttestationCertificateAuthority; import hirs.attestationca.AbstractAttestationCertificateAuthority;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.CertificateService; import hirs.attestationca.service.CertificateService;
import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.DeviceService;
import hirs.attestationca.service.ReferenceDigestValueService;
import hirs.attestationca.service.ReferenceManifestService; import hirs.attestationca.service.ReferenceManifestService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.structs.converters.StructConverter; import hirs.structs.converters.StructConverter;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
@ -37,8 +39,8 @@ public class RestfulAttestationCertificateAuthority
* @param referenceManifestService the referenceManifestManager * @param referenceManifestService the referenceManifestManager
* @param deviceRegister the device register * @param deviceRegister the device register
* @param validDays the number of days issued certs are valid * @param validDays the number of days issued certs are valid
* @param deviceManager the device manager * @param deviceService the device service
* @param referenceEventManager the reference event manager * @param referenceDigestValueService the reference digest value service
*/ */
@SuppressWarnings({ "checkstyle:parameternumber" }) @SuppressWarnings({ "checkstyle:parameternumber" })
@Autowired @Autowired
@ -49,13 +51,12 @@ public class RestfulAttestationCertificateAuthority
final CertificateService certificateService, final CertificateService certificateService,
final ReferenceManifestService referenceManifestService, final ReferenceManifestService referenceManifestService,
final DeviceRegister deviceRegister, final DeviceRegister deviceRegister,
final DeviceManager deviceManager, final DeviceService deviceService,
final ReferenceEventManager referenceEventManager, final ReferenceDigestValueService referenceDigestValueService,
@Value("${aca.certificates.validity}") final int validDays) { @Value("${aca.certificates.validity}") final int validDays) {
super(supplyChainValidationService, privateKey, acaCertificate, structConverter, super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
certificateService, referenceManifestService, certificateService, referenceManifestService,referenceDigestValueService,
deviceRegister, validDays, deviceManager, deviceRegister, validDays, deviceService);
referenceEventManager);
} }
/* /*

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java
View File

@ -8,8 +8,6 @@ import hirs.data.persist.policy.Policy;
import hirs.persist.CriteriaModifier; import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException; import hirs.persist.DBManagerException;
import hirs.persist.PolicyMapper; import hirs.persist.PolicyMapper;
import hirs.persist.service.DefaultService;
import hirs.persist.service.PolicyService;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.hibernate.Session; import org.hibernate.Session;

552
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java
View File

@ -1,552 +0,0 @@
package hirs.attestationca.servicemanager;
import com.google.common.base.Preconditions;
import hirs.appraiser.Appraiser;
import hirs.attestationca.entity.Device;
import hirs.data.persist.policy.Policy;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyManagerException;
import hirs.persist.PolicyMapper;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.query.Query;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.io.Serializable;
import java.util.List;
/**
* This class defines a <code>PolicyManager</code> that stores policies in a
* database.
*/
@Repository
public class DBPolicyManager extends DBManager<Policy> implements PolicyManager {
private static final Logger LOGGER = LogManager.getLogger(DBPolicyManager.class);
/**
* Creates a new <code>DBPolicyManager</code>. The optional SessionFactory
* parameter is used to initialize a session factory to manage all hibernate
* sessions.
*
* @param em Entity Manager to manage connections to hibernate db
*/
public DBPolicyManager(final EntityManager em) {
super(Policy.class, em);
}
/**
* Saves the <code>Policy</code> in the database and returns it.
*
* @param policy
* policy to save
* @return <code>Policy</code> that was saved
* @throws hirs.persist.PolicyManagerException
* if policy has previously been saved or an error occurs while
* trying to save it to the database
*/
@Override
public final Policy savePolicy(final Policy policy)
throws PolicyManagerException {
LOGGER.debug("saving policy: {}", policy);
try {
return super.save(policy);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Updates a <code>Policy</code>. This updates the database entries to
* reflect the new values that should be set.
*
* @param policy
* policy
* @throws PolicyManagerException
* if policy has not previously been saved or an error occurs
* while trying to save it to the database
*/
@Override
public final void updatePolicy(final Policy policy)
throws PolicyManagerException {
LOGGER.debug("updating policy: {}", policy);
try {
super.update(policy);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Returns a list of all non-archived <code>Policy</code>s of type <code>clazz</code> in the
* database.
*
* @param clazz
* class type of <code>Policy</code>s to return (may be null)
* @return list of <code>Policy</code>s
* @throws PolicyManagerException if unable to search the database
*/
@Override
public final List<Policy> getPolicyList(final Class<? extends Policy> clazz)
throws PolicyManagerException {
LOGGER.debug("getting policy list");
return null;
}
/**
* Retrieves the <code>Policy</code> from the database. This searches the
* database for an entry whose name matches <code>name</code>. It then
* reconstructs a <code>Policy</code> object from the database entry
*
* @param name
* name of the policy
* @return policy if found, otherwise null.
* @throws PolicyManagerException
* if unable to search the database or recreate the
* <code>Policy</code>
*/
@Override
public final Policy getPolicy(final String name)
throws PolicyManagerException {
LOGGER.debug("getting policy by name: {}", name);
try {
return super.get(name);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Retrieves the <code>Policy</code> with this given id from the database. This searches the
* database for an entry whose id matches <code>id</code>. It then reconstructs a
* <code>Policy</code> object from the database response.
*
* @param id
* id of the desired policy
* @return policy if found, otherwise null.
* @throws PolicyManagerException
* if unable to search the database or retrieve the
* <code>Policy</code>
*/
@Override
public final Policy getPolicy(final Serializable id)
throws PolicyManagerException {
LOGGER.debug("getting policy by id: {}", id);
try {
return super.get(id);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Deletes the policy given.
*
* @param policy {@link Policy} to be deleted
* @return status of the deletion
* @throws DBManagerException
*/
@Override
public final boolean delete(final Policy policy) throws DBManagerException {
return false;
}
/**
* Sets the default <code>Policy</code> to use for an <code>Appraiser</code>.
* This updates the database to reflect this change so that when this
* class is loaded it should read that property.
*
* @param appraiser
* appraiser
* @param policy
* default policy
*/
@Override
public final void setDefaultPolicy(final Appraiser appraiser,
final Policy policy) {
LOGGER.debug("set default policy");
if (appraiser == null) {
LOGGER.error("cannot set default policy on null appraiser");
throw new NullPointerException("appraiser");
}
Session session = getSession();
Transaction tx = session.beginTransaction();
try {
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyMapperCriteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyMapperRoot = policyMapperCriteriaQuery
.from(PolicyMapper.class);
Predicate policyPredicate = criteriaBuilder.and(
criteriaBuilder.equal(policyMapperRoot.get("appraiser"), appraiser),
criteriaBuilder.equal(policyMapperRoot.get("group.name"),
"Default Group"));
policyMapperCriteriaQuery.select(policyMapperRoot).where(policyPredicate);
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
PolicyMapper mapper = null;
Query<PolicyMapper> policyMapperQuery = session.createQuery(policyMapperCriteriaQuery);
List<PolicyMapper> policyMappers = policyMapperQuery.getResultList();
if (policyMappers != null && !policyMappers.isEmpty()) {
mapper = policyMappers.get(0);
}
// final Criteria criteria = session.createCriteria(DeviceGroup.class)
// .add(Restrictions.eq("name", DeviceGroup.DEFAULT_GROUP));
// DeviceGroup group = (DeviceGroup) criteria.uniqueResult();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.debug("policy is null so removing policy");
if (mapper != null) {
session.delete(mapper);
}
} else {
LOGGER.info("setting default policy {} on appraiser {}",
policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
}
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to set default policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
}
@Override
public final Policy getCompletePolicy(final String name) throws PolicyManagerException {
LOGGER.debug("getting policy: {}", name);
try {
return super.getAndLoadLazyFields(name, true);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Returns the default <code>Policy</code> for the <code>Appraiser</code>.
* If the default <code>Policy</code> has not been set then this returns
* null.
*
* @param appraiser appraiser
* @return default policy
*/
@Override
public final Policy getDefaultPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get default policy for null appraiser");
return null;
}
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = {}",
appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser),
criteriaBuilder.equal(root.get("group.name"), "Default Group"));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}",
appraiser);
} else {
ret = mapper.getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get default policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
return ret;
}
/**
* This method takes the device that is passed in and searches the database
* for one with the same name. This ensures it retrieves the version most
* recently saved. This way, an appraiser can reconstruct a
* <code>Device</code> using only the name pulled from the deviceInfo from
* the <code>IntegrityReport</code> without worrying about figuring out
* which device group it belongs to - this method does the work of finding
* the device group. If the policy has not been set for that particular
* device group and appraiser pair, then this method will return null.
*
* @param appraiser
* appraiser
* @param device
* device that needs only the correct name
* @return policy associated with the appraiser-device group pair or null if
* there is none
*/
@Override
public final Policy getPolicy(final Appraiser appraiser, final Device device) {
Preconditions.checkArgument(appraiser != null, "Appraiser must not be null");
Preconditions.checkArgument(device != null, "Device must not be null");
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{} and device= {}", appraiser, device);
final CriteriaBuilder deviceCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<Device> criteriaQuery = deviceCriteriaBuilder.createQuery(Device.class);
Root<Device> root = criteriaQuery.from(Device.class);
Predicate recordPredicate = deviceCriteriaBuilder.and(
deviceCriteriaBuilder.equal(root.get("name"), device.getName()));
criteriaQuery.select(root).where(recordPredicate);
Query<Device> query = session.createQuery(criteriaQuery);
List<Device> results = query.getResultList();
Device retrievedDevice = null;
if (results != null && !results.isEmpty()) {
retrievedDevice = results.get(0);
}
// final Criteria deviceCr = session.createCriteria(Device.class)
// .add(Restrictions.eq("name", device.getName()));
// final Device retrievedDevice = (Device) deviceCr.uniqueResult();
final CriteriaBuilder policyCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyCriteriaQuery = policyCriteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyRoot = policyCriteriaQuery.from(PolicyMapper.class);
Predicate policyPredicate = policyCriteriaBuilder.and(
policyCriteriaBuilder.equal(policyRoot.get("appraiser"), appraiser));
policyCriteriaQuery.select(policyRoot).where(policyPredicate);
Query<PolicyMapper> policyQuery = session.createQuery(policyCriteriaQuery);
List<PolicyMapper> policyResults = policyQuery.getResultList();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policyResults == null) {
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = policyResults.get(0).getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
return ret;
}
/**
* This class retrieves a policy based on the appraiser and the device
* group. If the policy has not been set for that particular device group
* and appraiser pair, then this method will attempt to find the default
* policy for the given appraiser. If neither the specific policy for the
* device group or the default policy is found, null is returned.
*
* @param appraiser appraiser
* @return policy associated with the appraiser-device group pair or null if
* there is none
*/
@Override
public final Policy getPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get policy for null appraiser");
return null;
}
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{}", appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = mapper.getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
if (ret == null) {
String groupName = "null";
final String msg = String.format("unable to find policy for appraiser '%s'"
+ " for device group '%s'", appraiser.getName(), groupName);
LOGGER.debug(msg);
}
return ret;
}
/**
* Sets the <code>Policy</code> to use for an <code>Appraiser</code> and
* <code>DeviceGroup</code> pair. This updates the database to reflect this
* change so that when this class is loaded it should read that property.
*
* @param appraiser appraiser
* @param policy policy
*/
@Override
public final void setPolicy(final Appraiser appraiser, final Policy policy) {
Preconditions.checkNotNull(appraiser, "Cannot set policy on null appraiser");
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.info("Policy is null, so removing policy from device group {}");
if (mapper != null) {
session.delete(mapper);
}
} else {
LOGGER.info("Setting policy {} on appraiser {} on device "
+ "group {}", policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
}
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "Unable to set policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("Rolling back transaction");
tx.rollback();
}
throw new PolicyManagerException(msg, e);
}
}
/**
* Count the number of <code>DeviceGroup</code>s which use the given policy.
*
* @param policy the Policy to investigate.
* @return int the number of groups that are using the policy, or -1 if
* there was an error.
*/
public final int getGroupCountForPolicy(final Policy policy) {
int count = 0;
if (policy != null) {
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving group use count for policy {}", policy);
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("policy", policy))
// .setProjection(Projections.projectionList()
// .add(Projections.count("policy")));
// final Object result = cr.uniqueResult();
// if (result != null && result instanceof Long) {
// count = ((Long) result).intValue();
// }
} catch (Exception e) {
// Log the error and return -1 to enable error handling.
count = -1;
final String msg =
"There was an error retrieving the group use count for a policy (ID: "
+ policy.getId() + ", Name: " + policy.getName() + ").";
LOGGER.error(msg, e);
} finally {
if (tx != null) {
tx.rollback();
}
}
}
return count;
}
}

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/CredentialValidator.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/CredentialValidator.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;
import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.DeviceInfoReport;
import hirs.attestationca.entity.SupplyChainValidation; import hirs.attestationca.entity.SupplyChainValidation;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainCredentialValidator.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainCredentialValidator.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;
import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidationService.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;
import hirs.attestationca.entity.Device; import hirs.attestationca.entity.Device;
import hirs.attestationca.entity.SupplyChainValidationSummary; import hirs.attestationca.entity.SupplyChainValidationSummary;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidationServiceImpl.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationServiceImpl.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;
import hirs.appraiser.Appraiser; import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser; import hirs.appraiser.SupplyChainAppraiser;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidatorException.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidatorException.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;
/** /**
* This class represents exceptions thrown by the SupplyChainValidator class. * This class represents exceptions thrown by the SupplyChainValidator class.

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/package-info.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/package-info.java
View File

@ -2,4 +2,4 @@
* Contains the main functionality of the SupplyChainValidationService. Executes the actual * Contains the main functionality of the SupplyChainValidationService. Executes the actual
* validation based on the current supply chain policy. * validation based on the current supply chain policy.
*/ */
package hirs.attestationca.portal.validation; package hirs.attestationca.validation;

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -4,7 +4,7 @@ import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController; import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages; import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams; import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import hirs.attestationca.portal.validation.SupplyChainValidationServiceImpl; import hirs.attestationca.validation.SupplyChainValidationServiceImpl;
import hirs.attestationca.entity.BaseReferenceManifest; import hirs.attestationca.entity.BaseReferenceManifest;
import hirs.attestationca.entity.EventLogMeasurements; import hirs.attestationca.entity.EventLogMeasurements;
import hirs.attestationca.entity.ReferenceDigestValue; import hirs.attestationca.entity.ReferenceDigestValue;
@ -19,8 +19,8 @@ import hirs.attestationca.service.ReferenceManifestService;
import hirs.tpm.eventlog.TCGEventLog; import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent; import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.attestationca.portal.util.ReferenceManifestValidator; import hirs.attestationca.portal.util.ReferenceManifestValidator;
import hirs.attestationca.portal.validation.SupplyChainCredentialValidator; import hirs.attestationca.validation.SupplyChainCredentialValidator;
import hirs.attestationca.portal.validation.SupplyChainValidatorException; import hirs.attestationca.validation.SupplyChainValidatorException;
import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;

398
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PolicyPageControllerTest.java
View File

@ -1,398 +0,0 @@
package hirs.attestationca.portal.page.controllers;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.attestationca.policy.SupplyChainPolicy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import static hirs.attestationca.portal.page.Page.POLICY;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasProperty;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.flash;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* Integration tests that test the URL End Points of PolicyPageController.
*/
public class PolicyPageControllerTest extends PageControllerTest {
@Autowired
private PolicyManager policyManager;
@Autowired
private AppraiserManager appraiserManager;
private SupplyChainPolicy policy;
/**
* Constructor requiring the Page's display and routing specification.
*
*/
public PolicyPageControllerTest() {
super(POLICY);
}
/**
* Constructor providing the Page's display and routing specification.
*/
@BeforeClass
public void setUpPolicy() {
appraiserManager.saveAppraiser(new SupplyChainAppraiser());
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);
policy = new SupplyChainPolicy("DEFAULT SCP", "a default policy");
policyManager.savePolicy(policy);
policyManager.setDefaultPolicy(supplyChainAppraiser, policy);
policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
supplyChainAppraiser);
}
/**
* Verifies that spring is initialized properly by checking that an autowired bean
* is populated.
*/
@Test
public void verifySpringInitialized() {
Assert.assertNotNull(policyManager);
Assert.assertNotNull(appraiserManager);
Assert.assertNotNull(policy);
}
/**
* Checks that the page initializes correctly.
*
* @throws Exception if test fails
*/
@Test
public void testInitPage() throws Exception {
boolean ec = policy.isEcValidationEnabled();
boolean pc = policy.isPcValidationEnabled();
boolean fm = policy.isFirmwareValidationEnabled();
// perform test
getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName()))
// Test that the two boolean policy values sent to the page match
// the actual policy values.
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enableEcValidation", is(ec))))
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enablePcCertificateValidation", is(pc))))
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enableFirmwareValidation", is(fm))));
}
/**
* Verifies the rest call for enabling the EC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdateEcValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Endorsement credential validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isEcValidationEnabled());
}
/**
* Verifies the rest call for disabling the EC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdateEcValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcValidationEnabled(false);
policy.setEcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Endorsement credential validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isEcValidationEnabled());
//reset database for invalid policy test
policy.setEcValidationEnabled(true);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("To disable Endorsement Credential Validation, Platform Validation"
+ " must also be disabled."))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isEcValidationEnabled());
}
/**
* Verifies the rest call for enabling the PC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdatePcValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setEcValidationEnabled(true);
policy.setPcValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcValidationEnabled());
//reset database for invalid policy test
policy.setEcValidationEnabled(false);
policy.setPcValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("Unable to change Platform Validation setting,"
+ " invalid policy configuration."))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcValidationEnabled());
}
/**
* Verifies the rest call for disabling the PC Validation policy setting.
* @throws Exception if test fails
*/
@Test
public void testUpdatePcValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcValidationEnabled(true);
policy.setPcAttributeValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcValidationEnabled());
//reset database for invalid policy test
policy.setPcAttributeValidationEnabled(true);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("Unable to change Platform Validation setting,"
+ " invalid policy configuration."))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcValidationEnabled());
}
/**
* Verifies the rest call for enabling the PC attribute Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdatePcAttributeValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcAttributeValidationEnabled(false);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate attribute validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcAttributeValidationEnabled());
//reset database for invalid policy test
policy.setPcAttributeValidationEnabled(false);
policy.setPcValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("To enable Platform Attribute Validation,"
+ " Platform Credential Validation must also be enabled."))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcAttributeValidationEnabled());
}
/**
* Verifies the rest call for disabling the PC attribute validation policy setting.
* @throws Exception if test fails
*/
@Test
public void testUpdatePcAttributeValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate attribute validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcAttributeValidationEnabled());
}
/**
* Helper function to get a fresh load of the default policy from the DB.
*
* @return The default Supply Chain Policy
*/
private SupplyChainPolicy getDefaultPolicy() {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);
return (SupplyChainPolicy) policyManager.getDefaultPolicy(
supplyChainAppraiser);
}
}

13
HIRS_Utils/src/main/java/hirs/TPMReportRequest.java
View File

@ -1,16 +1,13 @@
package hirs; package hirs;
import static org.apache.logging.log4j.LogManager.getLogger; import hirs.data.persist.Report;
import org.apache.commons.codec.binary.Hex;
import javax.xml.bind.annotation.XmlElement;
import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Logger;
import hirs.data.persist.Report; import javax.xml.bind.annotation.XmlElement;
import java.util.Arrays; import java.util.Arrays;
import org.apache.commons.codec.binary.Hex; import static org.apache.logging.log4j.LogManager.getLogger;
/** /**
* <code>TPMReportRequest</code> is an immutable class and extends * <code>TPMReportRequest</code> is an immutable class and extends
@ -91,7 +88,7 @@ public final class TPMReportRequest implements ReportRequest {
*/ */
@Override @Override
public Class<? extends Report> getReportType() { public Class<? extends Report> getReportType() {
return TPMReport.class; return null;
} }
/** /**