ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-10 14:34:27 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

More changes

Browse Source
This commit is contained in:
Cyrus 2022-11-18 13:53:08 -05:00
parent 9812f464e8
commit daafe8b899
14 changed files with 35 additions and 987 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/AbstractAttestationCertificateAuthority.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -1,14 +1,10 @@
package hirs.attestationca.portal;
package hirs.attestationca;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import hirs.attestationca.AttestationCertificateAuthority;
import hirs.attestationca.CredentialManagementHelper;
import hirs.attestationca.IssuedCertificateAttributeHelper;
import hirs.attestationca.configuration.provisionerTpm2.ProvisionerTpm2;
import hirs.attestationca.entity.BaseReferenceManifest;
import hirs.attestationca.entity.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.attestationca.entity.EventLogMeasurements;
import hirs.attestationca.entity.ReferenceDigestValue;
import hirs.attestationca.entity.ReferenceManifest;
@ -23,19 +19,20 @@ import hirs.attestationca.entity.certificate.PlatformCredential;
import hirs.attestationca.exceptions.CertificateProcessingException;
import hirs.attestationca.exceptions.IdentityProcessingException;
import hirs.attestationca.exceptions.UnexpectedServerException;
import hirs.attestationca.portal.validation.SupplyChainValidationService;
import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.attestationca.service.CertificateService;
import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.DeviceService;
import hirs.attestationca.service.ReferenceDigestValueService;
import hirs.attestationca.service.ReferenceManifestService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.structs.converters.SimpleStructBuilder;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.aca.IdentityRequestEnvelope;

9
HIRS_AttestationCA/src/main/java/hirs/attestationca/AcaDbInit.java
View File

@ -4,14 +4,19 @@ import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.policy.SupplyChainPolicy;
import hirs.attestationca.service.AppraiserService;
import hirs.attestationca.service.PolicyService;
import static hirs.attestationca.AbstractAttestationCertificateAuthority.LOG;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
* Utility class that simply holds logic to seed the ACA's database with its
* default entries.
*/
public final class AcaDbInit {
/**
* Logger instance for for subclass instances.
*/
protected static final Logger LOG = LogManager.getLogger(AcaDbInit.class);
// prevent construction
private AcaDbInit() { }

19
HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java
View File

@ -1,10 +1,12 @@
package hirs.attestationca.rest;
import hirs.attestationca.AbstractAttestationCertificateAuthority;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.CertificateService;
import hirs.attestationca.service.DeviceRegister;
import hirs.attestationca.service.DeviceService;
import hirs.attestationca.service.ReferenceDigestValueService;
import hirs.attestationca.service.ReferenceManifestService;
import hirs.attestationca.validation.SupplyChainValidationService;
import hirs.structs.converters.StructConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@ -37,8 +39,8 @@ public class RestfulAttestationCertificateAuthority
* @param referenceManifestService the referenceManifestManager
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
* @param deviceManager the device manager
* @param referenceEventManager the reference event manager
* @param deviceService the device service
* @param referenceDigestValueService the reference digest value service
*/
@SuppressWarnings({ "checkstyle:parameternumber" })
@Autowired
@ -49,13 +51,12 @@ public class RestfulAttestationCertificateAuthority
final CertificateService certificateService,
final ReferenceManifestService referenceManifestService,
final DeviceRegister deviceRegister,
final DeviceManager deviceManager,
final ReferenceEventManager referenceEventManager,
final DeviceService deviceService,
final ReferenceDigestValueService referenceDigestValueService,
@Value("${aca.certificates.validity}") final int validDays) {
super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
certificateService, referenceManifestService,
deviceRegister, validDays, deviceManager,
referenceEventManager);
certificateService, referenceManifestService,referenceDigestValueService,
deviceRegister, validDays, deviceService);
}
/*

2
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/PolicyServiceImpl.java
View File

@ -8,8 +8,6 @@ import hirs.data.persist.policy.Policy;
import hirs.persist.CriteriaModifier;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyMapper;
import hirs.persist.service.DefaultService;
import hirs.persist.service.PolicyService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;

552
HIRS_AttestationCA/src/main/java/hirs/attestationca/servicemanager/DBPolicyManager.java
View File

@ -1,552 +0,0 @@
package hirs.attestationca.servicemanager;
import com.google.common.base.Preconditions;
import hirs.appraiser.Appraiser;
import hirs.attestationca.entity.Device;
import hirs.data.persist.policy.Policy;
import hirs.persist.DBManagerException;
import hirs.persist.PolicyManagerException;
import hirs.persist.PolicyMapper;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.query.Query;
import org.springframework.stereotype.Repository;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import java.io.Serializable;
import java.util.List;
/**
* This class defines a <code>PolicyManager</code> that stores policies in a
* database.
*/
@Repository
public class DBPolicyManager extends DBManager<Policy> implements PolicyManager {
private static final Logger LOGGER = LogManager.getLogger(DBPolicyManager.class);
/**
* Creates a new <code>DBPolicyManager</code>. The optional SessionFactory
* parameter is used to initialize a session factory to manage all hibernate
* sessions.
*
* @param em Entity Manager to manage connections to hibernate db
*/
public DBPolicyManager(final EntityManager em) {
super(Policy.class, em);
}
/**
* Saves the <code>Policy</code> in the database and returns it.
*
* @param policy
* policy to save
* @return <code>Policy</code> that was saved
* @throws hirs.persist.PolicyManagerException
* if policy has previously been saved or an error occurs while
* trying to save it to the database
*/
@Override
public final Policy savePolicy(final Policy policy)
throws PolicyManagerException {
LOGGER.debug("saving policy: {}", policy);
try {
return super.save(policy);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Updates a <code>Policy</code>. This updates the database entries to
* reflect the new values that should be set.
*
* @param policy
* policy
* @throws PolicyManagerException
* if policy has not previously been saved or an error occurs
* while trying to save it to the database
*/
@Override
public final void updatePolicy(final Policy policy)
throws PolicyManagerException {
LOGGER.debug("updating policy: {}", policy);
try {
super.update(policy);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Returns a list of all non-archived <code>Policy</code>s of type <code>clazz</code> in the
* database.
*
* @param clazz
* class type of <code>Policy</code>s to return (may be null)
* @return list of <code>Policy</code>s
* @throws PolicyManagerException if unable to search the database
*/
@Override
public final List<Policy> getPolicyList(final Class<? extends Policy> clazz)
throws PolicyManagerException {
LOGGER.debug("getting policy list");
return null;
}
/**
* Retrieves the <code>Policy</code> from the database. This searches the
* database for an entry whose name matches <code>name</code>. It then
* reconstructs a <code>Policy</code> object from the database entry
*
* @param name
* name of the policy
* @return policy if found, otherwise null.
* @throws PolicyManagerException
* if unable to search the database or recreate the
* <code>Policy</code>
*/
@Override
public final Policy getPolicy(final String name)
throws PolicyManagerException {
LOGGER.debug("getting policy by name: {}", name);
try {
return super.get(name);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Retrieves the <code>Policy</code> with this given id from the database. This searches the
* database for an entry whose id matches <code>id</code>. It then reconstructs a
* <code>Policy</code> object from the database response.
*
* @param id
* id of the desired policy
* @return policy if found, otherwise null.
* @throws PolicyManagerException
* if unable to search the database or retrieve the
* <code>Policy</code>
*/
@Override
public final Policy getPolicy(final Serializable id)
throws PolicyManagerException {
LOGGER.debug("getting policy by id: {}", id);
try {
return super.get(id);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Deletes the policy given.
*
* @param policy {@link Policy} to be deleted
* @return status of the deletion
* @throws DBManagerException
*/
@Override
public final boolean delete(final Policy policy) throws DBManagerException {
return false;
}
/**
* Sets the default <code>Policy</code> to use for an <code>Appraiser</code>.
* This updates the database to reflect this change so that when this
* class is loaded it should read that property.
*
* @param appraiser
* appraiser
* @param policy
* default policy
*/
@Override
public final void setDefaultPolicy(final Appraiser appraiser,
final Policy policy) {
LOGGER.debug("set default policy");
if (appraiser == null) {
LOGGER.error("cannot set default policy on null appraiser");
throw new NullPointerException("appraiser");
}
Session session = getSession();
Transaction tx = session.beginTransaction();
try {
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyMapperCriteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyMapperRoot = policyMapperCriteriaQuery
.from(PolicyMapper.class);
Predicate policyPredicate = criteriaBuilder.and(
criteriaBuilder.equal(policyMapperRoot.get("appraiser"), appraiser),
criteriaBuilder.equal(policyMapperRoot.get("group.name"),
"Default Group"));
policyMapperCriteriaQuery.select(policyMapperRoot).where(policyPredicate);
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
LOGGER.debug("finding existing policy mapper from db where "
+ "appraiser = {}", appraiser);
PolicyMapper mapper = null;
Query<PolicyMapper> policyMapperQuery = session.createQuery(policyMapperCriteriaQuery);
List<PolicyMapper> policyMappers = policyMapperQuery.getResultList();
if (policyMappers != null && !policyMappers.isEmpty()) {
mapper = policyMappers.get(0);
}
// final Criteria criteria = session.createCriteria(DeviceGroup.class)
// .add(Restrictions.eq("name", DeviceGroup.DEFAULT_GROUP));
// DeviceGroup group = (DeviceGroup) criteria.uniqueResult();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.debug("policy is null so removing policy");
if (mapper != null) {
session.delete(mapper);
}
} else {
LOGGER.info("setting default policy {} on appraiser {}",
policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
}
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to set default policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
}
@Override
public final Policy getCompletePolicy(final String name) throws PolicyManagerException {
LOGGER.debug("getting policy: {}", name);
try {
return super.getAndLoadLazyFields(name, true);
} catch (DBManagerException e) {
throw new PolicyManagerException(e);
}
}
/**
* Returns the default <code>Policy</code> for the <code>Appraiser</code>.
* If the default <code>Policy</code> has not been set then this returns
* null.
*
* @param appraiser appraiser
* @return default policy
*/
@Override
public final Policy getDefaultPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get default policy for null appraiser");
return null;
}
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = {}",
appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser),
criteriaBuilder.equal(root.get("group.name"), "Default Group"));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .createAlias("deviceGroup", "group")
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("group.name", DeviceGroup.DEFAULT_GROUP));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}",
appraiser);
} else {
ret = mapper.getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get default policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
return ret;
}
/**
* This method takes the device that is passed in and searches the database
* for one with the same name. This ensures it retrieves the version most
* recently saved. This way, an appraiser can reconstruct a
* <code>Device</code> using only the name pulled from the deviceInfo from
* the <code>IntegrityReport</code> without worrying about figuring out
* which device group it belongs to - this method does the work of finding
* the device group. If the policy has not been set for that particular
* device group and appraiser pair, then this method will return null.
*
* @param appraiser
* appraiser
* @param device
* device that needs only the correct name
* @return policy associated with the appraiser-device group pair or null if
* there is none
*/
@Override
public final Policy getPolicy(final Appraiser appraiser, final Device device) {
Preconditions.checkArgument(appraiser != null, "Appraiser must not be null");
Preconditions.checkArgument(device != null, "Device must not be null");
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{} and device= {}", appraiser, device);
final CriteriaBuilder deviceCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<Device> criteriaQuery = deviceCriteriaBuilder.createQuery(Device.class);
Root<Device> root = criteriaQuery.from(Device.class);
Predicate recordPredicate = deviceCriteriaBuilder.and(
deviceCriteriaBuilder.equal(root.get("name"), device.getName()));
criteriaQuery.select(root).where(recordPredicate);
Query<Device> query = session.createQuery(criteriaQuery);
List<Device> results = query.getResultList();
Device retrievedDevice = null;
if (results != null && !results.isEmpty()) {
retrievedDevice = results.get(0);
}
// final Criteria deviceCr = session.createCriteria(Device.class)
// .add(Restrictions.eq("name", device.getName()));
// final Device retrievedDevice = (Device) deviceCr.uniqueResult();
final CriteriaBuilder policyCriteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> policyCriteriaQuery = policyCriteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> policyRoot = policyCriteriaQuery.from(PolicyMapper.class);
Predicate policyPredicate = policyCriteriaBuilder.and(
policyCriteriaBuilder.equal(policyRoot.get("appraiser"), appraiser));
policyCriteriaQuery.select(policyRoot).where(policyPredicate);
Query<PolicyMapper> policyQuery = session.createQuery(policyCriteriaQuery);
List<PolicyMapper> policyResults = policyQuery.getResultList();
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policyResults == null) {
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = policyResults.get(0).getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
return ret;
}
/**
* This class retrieves a policy based on the appraiser and the device
* group. If the policy has not been set for that particular device group
* and appraiser pair, then this method will attempt to find the default
* policy for the given appraiser. If neither the specific policy for the
* device group or the default policy is found, null is returned.
*
* @param appraiser appraiser
* @return policy associated with the appraiser-device group pair or null if
* there is none
*/
@Override
public final Policy getPolicy(final Appraiser appraiser) {
if (appraiser == null) {
LOGGER.error("cannot get policy for null appraiser");
return null;
}
Policy ret = null;
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving policy mapper from db where appraiser = "
+ "{}", appraiser);
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
if (mapper == null) {
LOGGER.debug("no policy mapper found for appraiser {}", appraiser);
} else {
ret = mapper.getPolicy();
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "unable to get policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("rolling back transaction");
tx.rollback();
}
throw new DBManagerException(msg, e);
}
if (ret == null) {
String groupName = "null";
final String msg = String.format("unable to find policy for appraiser '%s'"
+ " for device group '%s'", appraiser.getName(), groupName);
LOGGER.debug(msg);
}
return ret;
}
/**
* Sets the <code>Policy</code> to use for an <code>Appraiser</code> and
* <code>DeviceGroup</code> pair. This updates the database to reflect this
* change so that when this class is loaded it should read that property.
*
* @param appraiser appraiser
* @param policy policy
*/
@Override
public final void setPolicy(final Appraiser appraiser, final Policy policy) {
Preconditions.checkNotNull(appraiser, "Cannot set policy on null appraiser");
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
CriteriaBuilder criteriaBuilder = session.getCriteriaBuilder();
CriteriaQuery<PolicyMapper> criteriaQuery = criteriaBuilder
.createQuery(PolicyMapper.class);
Root<PolicyMapper> root = criteriaQuery.from(PolicyMapper.class);
Predicate recordPredicate = criteriaBuilder.and(
criteriaBuilder.equal(root.get("appraiser"), appraiser));
criteriaQuery.select(root).where(recordPredicate);
Query<PolicyMapper> query = session.createQuery(criteriaQuery);
List<PolicyMapper> results = query.getResultList();
PolicyMapper mapper = null;
if (results != null && !results.isEmpty()) {
mapper = results.get(0);
}
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("appraiser", appraiser))
// .add(Restrictions.eq("deviceGroup", deviceGroup));
// final PolicyMapper mapper = (PolicyMapper) cr.uniqueResult();
if (policy == null) {
LOGGER.info("Policy is null, so removing policy from device group {}");
if (mapper != null) {
session.delete(mapper);
}
} else {
LOGGER.info("Setting policy {} on appraiser {} on device "
+ "group {}", policy, appraiser);
if (mapper == null) {
session.save(new PolicyMapper(appraiser, policy));
} else {
mapper.setPolicy(policy);
session.update(mapper);
}
}
session.getTransaction().commit();
} catch (Exception e) {
final String msg = "Unable to set policy";
LOGGER.error(msg, e);
if (tx != null) {
LOGGER.debug("Rolling back transaction");
tx.rollback();
}
throw new PolicyManagerException(msg, e);
}
}
/**
* Count the number of <code>DeviceGroup</code>s which use the given policy.
*
* @param policy the Policy to investigate.
* @return int the number of groups that are using the policy, or -1 if
* there was an error.
*/
public final int getGroupCountForPolicy(final Policy policy) {
int count = 0;
if (policy != null) {
Transaction tx = null;
Session session = getSession();
try {
tx = session.beginTransaction();
LOGGER.debug("retrieving group use count for policy {}", policy);
// final Criteria cr = session.createCriteria(PolicyMapper.class)
// .add(Restrictions.eq("policy", policy))
// .setProjection(Projections.projectionList()
// .add(Projections.count("policy")));
// final Object result = cr.uniqueResult();
// if (result != null && result instanceof Long) {
// count = ((Long) result).intValue();
// }
} catch (Exception e) {
// Log the error and return -1 to enable error handling.
count = -1;
final String msg =
"There was an error retrieving the group use count for a policy (ID: "
+ policy.getId() + ", Name: " + policy.getName() + ").";
LOGGER.error(msg, e);
} finally {
if (tx != null) {
tx.rollback();
}
}
}
return count;
}
}

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/CredentialValidator.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/CredentialValidator.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;
import hirs.data.persist.DeviceInfoReport;
import hirs.attestationca.entity.SupplyChainValidation;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainCredentialValidator.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainCredentialValidator.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.databind.JsonNode;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidationService.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationService.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;
import hirs.attestationca.entity.Device;
import hirs.attestationca.entity.SupplyChainValidationSummary;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidationServiceImpl.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidationServiceImpl.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/SupplyChainValidatorException.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/SupplyChainValidatorException.java
View File

@ -1,4 +1,4 @@
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;
/**
* This class represents exceptions thrown by the SupplyChainValidator class.

2
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/validation/package-info.java → HIRS_AttestationCA/src/main/java/hirs/attestationca/validation/package-info.java
View File

@ -2,4 +2,4 @@
* Contains the main functionality of the SupplyChainValidationService. Executes the actual
* validation based on the current supply chain policy.
*/
package hirs.attestationca.portal.validation;
package hirs.attestationca.validation;

6
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View File

@ -4,7 +4,7 @@ import hirs.attestationca.portal.page.Page;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageMessages;
import hirs.attestationca.portal.page.params.ReferenceManifestDetailsPageParams;
import hirs.attestationca.portal.validation.SupplyChainValidationServiceImpl;
import hirs.attestationca.validation.SupplyChainValidationServiceImpl;
import hirs.attestationca.entity.BaseReferenceManifest;
import hirs.attestationca.entity.EventLogMeasurements;
import hirs.attestationca.entity.ReferenceDigestValue;
@ -19,8 +19,8 @@ import hirs.attestationca.service.ReferenceManifestService;
import hirs.tpm.eventlog.TCGEventLog;
import hirs.tpm.eventlog.TpmPcrEvent;
import hirs.attestationca.portal.util.ReferenceManifestValidator;
import hirs.attestationca.portal.validation.SupplyChainCredentialValidator;
import hirs.attestationca.portal.validation.SupplyChainValidatorException;
import hirs.attestationca.validation.SupplyChainCredentialValidator;
import hirs.attestationca.validation.SupplyChainValidatorException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;

398
HIRS_AttestationCAPortal/src/test/java/hirs/attestationca/portal/page/controllers/PolicyPageControllerTest.java
View File

@ -1,398 +0,0 @@
package hirs.attestationca.portal.page.controllers;
import hirs.appraiser.Appraiser;
import hirs.appraiser.SupplyChainAppraiser;
import hirs.attestationca.portal.page.PageController;
import hirs.attestationca.portal.page.PageControllerTest;
import hirs.attestationca.policy.SupplyChainPolicy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import static hirs.attestationca.portal.page.Page.POLICY;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.hasProperty;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.flash;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.model;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
/**
* Integration tests that test the URL End Points of PolicyPageController.
*/
public class PolicyPageControllerTest extends PageControllerTest {
@Autowired
private PolicyManager policyManager;
@Autowired
private AppraiserManager appraiserManager;
private SupplyChainPolicy policy;
/**
* Constructor requiring the Page's display and routing specification.
*
*/
public PolicyPageControllerTest() {
super(POLICY);
}
/**
* Constructor providing the Page's display and routing specification.
*/
@BeforeClass
public void setUpPolicy() {
appraiserManager.saveAppraiser(new SupplyChainAppraiser());
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);
policy = new SupplyChainPolicy("DEFAULT SCP", "a default policy");
policyManager.savePolicy(policy);
policyManager.setDefaultPolicy(supplyChainAppraiser, policy);
policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
supplyChainAppraiser);
}
/**
* Verifies that spring is initialized properly by checking that an autowired bean
* is populated.
*/
@Test
public void verifySpringInitialized() {
Assert.assertNotNull(policyManager);
Assert.assertNotNull(appraiserManager);
Assert.assertNotNull(policy);
}
/**
* Checks that the page initializes correctly.
*
* @throws Exception if test fails
*/
@Test
public void testInitPage() throws Exception {
boolean ec = policy.isEcValidationEnabled();
boolean pc = policy.isPcValidationEnabled();
boolean fm = policy.isFirmwareValidationEnabled();
// perform test
getMockMvc()
.perform(MockMvcRequestBuilders.get("/" + getPage().getViewName()))
// Test that the two boolean policy values sent to the page match
// the actual policy values.
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enableEcValidation", is(ec))))
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enablePcCertificateValidation", is(pc))))
.andExpect(model().attribute(PolicyPageController.INITIAL_DATA,
hasProperty("enableFirmwareValidation", is(fm))));
}
/**
* Verifies the rest call for enabling the EC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdateEcValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Endorsement credential validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isEcValidationEnabled());
}
/**
* Verifies the rest call for disabling the EC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdateEcValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcValidationEnabled(false);
policy.setEcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Endorsement credential validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isEcValidationEnabled());
//reset database for invalid policy test
policy.setEcValidationEnabled(true);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-ec-validation")
.param("ecValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("To disable Endorsement Credential Validation, Platform Validation"
+ " must also be disabled."))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isEcValidationEnabled());
}
/**
* Verifies the rest call for enabling the PC Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdatePcValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setEcValidationEnabled(true);
policy.setPcValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcValidationEnabled());
//reset database for invalid policy test
policy.setEcValidationEnabled(false);
policy.setPcValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("Unable to change Platform Validation setting,"
+ " invalid policy configuration."))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcValidationEnabled());
}
/**
* Verifies the rest call for disabling the PC Validation policy setting.
* @throws Exception if test fails
*/
@Test
public void testUpdatePcValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcValidationEnabled(true);
policy.setPcAttributeValidationEnabled(false);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcValidationEnabled());
//reset database for invalid policy test
policy.setPcAttributeValidationEnabled(true);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-validation")
.param("pcValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("Unable to change Platform Validation setting,"
+ " invalid policy configuration."))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcValidationEnabled());
}
/**
* Verifies the rest call for enabling the PC attribute Validation policy setting.
*
* @throws Exception if test fails
*/
@Test
public void testUpdatePcAttributeValEnable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
//init the database
policy = getDefaultPolicy();
policy.setPcAttributeValidationEnabled(false);
policy.setPcValidationEnabled(true);
policy.setFirmwareValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate attribute validation enabled"))));
policy = getDefaultPolicy();
Assert.assertTrue(policy.isPcAttributeValidationEnabled());
//reset database for invalid policy test
policy.setPcAttributeValidationEnabled(false);
policy.setPcValidationEnabled(false);
policyManager.updatePolicy(policy);
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "checked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("error",
hasItem("To enable Platform Attribute Validation,"
+ " Platform Credential Validation must also be enabled."))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcAttributeValidationEnabled());
}
/**
* Verifies the rest call for disabling the PC attribute validation policy setting.
* @throws Exception if test fails
*/
@Test
public void testUpdatePcAttributeValDisable() throws Exception {
final String baseURL = "/" + POLICY.getViewName();
ResultActions actions;
// perform the mock request
actions = getMockMvc()
.perform(MockMvcRequestBuilders.post(baseURL + "/update-pc-attribute-validation")
.param("pcAttributeValidate", "unchecked"));
actions
// check HTTP status
.andExpect(status().is3xxRedirection())
// check the messages forwarded to the redirected page
.andExpect(flash().attribute(PageController.MESSAGES_ATTRIBUTE,
hasProperty("success",
hasItem("Platform certificate attribute validation disabled"))));
policy = getDefaultPolicy();
Assert.assertFalse(policy.isPcAttributeValidationEnabled());
}
/**
* Helper function to get a fresh load of the default policy from the DB.
*
* @return The default Supply Chain Policy
*/
private SupplyChainPolicy getDefaultPolicy() {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);
return (SupplyChainPolicy) policyManager.getDefaultPolicy(
supplyChainAppraiser);
}
}

13
HIRS_Utils/src/main/java/hirs/TPMReportRequest.java
View File

@ -1,16 +1,13 @@
package hirs;
import static org.apache.logging.log4j.LogManager.getLogger;
import javax.xml.bind.annotation.XmlElement;
import hirs.data.persist.Report;
import org.apache.commons.codec.binary.Hex;
import org.apache.logging.log4j.Logger;
import hirs.data.persist.Report;
import javax.xml.bind.annotation.XmlElement;
import java.util.Arrays;
import org.apache.commons.codec.binary.Hex;
import static org.apache.logging.log4j.LogManager.getLogger;
/**
* <code>TPMReportRequest</code> is an immutable class and extends
@ -91,7 +88,7 @@ public final class TPMReportRequest implements ReportRequest {
*/
@Override
public Class<? extends Report> getReportType() {
return TPMReport.class;
return null;
}
/**