mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 02:39:56 +00:00
* Updating code to list what specifically is unmatched for platform components on the validation page when there is a failure. * Updates include a small shift for the policy page, putting the correct order for setting them (top to bottom). Updated unit tests for the additional text that now appears on the tool tip for the validation failure icon.
This commit is contained in:
Cyrus
apldev3
parent
aeebd068f5
commit
df72603476
@ -12,6 +12,22 @@
|
||||
|
||||
<jsp:body>
|
||||
<ul>
|
||||
<%-- Endorsement validation --%>
|
||||
<div class="aca-input-box">
|
||||
<form:form method="POST" modelAttribute="initialData" action="policy/update-ec-validation">
|
||||
<li>Endorsement Credential Validation: ${initialData.enableEcValidation ? 'Enabled' : 'Disabled'}
|
||||
<my:editor id="ecPolicyEditor" label="Edit Settings ">
|
||||
<div class="radio">
|
||||
<label><input id="ecTop" type="radio" name="ecValidate" ${initialData.enableEcValidation ? 'checked' : ''} value="checked"/> Endorsement Credentials will be validated</label>
|
||||
</div>
|
||||
<div class="radio">
|
||||
<label><input id="ecBot" type="radio" name="ecValidate" ${initialData.enableEcValidation ? '' : 'checked'} value="unchecked"/> Endorsement Credentials will not be validated</label>
|
||||
</div>
|
||||
</my:editor>
|
||||
</li>
|
||||
</form:form>
|
||||
</div>
|
||||
|
||||
<%-- Platform validation --%>
|
||||
<div class="aca-input-box">
|
||||
<form:form method="POST" modelAttribute="initialData" action="policy/update-pc-validation">
|
||||
@ -43,22 +59,6 @@
|
||||
</li>
|
||||
</form:form>
|
||||
</div>
|
||||
|
||||
<%-- Endorsement validation --%>
|
||||
<div class="aca-input-box">
|
||||
<form:form method="POST" modelAttribute="initialData" action="policy/update-ec-validation">
|
||||
<li>Endorsement Credential Validation: ${initialData.enableEcValidation ? 'Enabled' : 'Disabled'}
|
||||
<my:editor id="ecPolicyEditor" label="Edit Settings ">
|
||||
<div class="radio">
|
||||
<label><input id="ecTop" type="radio" name="ecValidate" ${initialData.enableEcValidation ? 'checked' : ''} value="checked"/> Endorsement Credentials will be validated</label>
|
||||
</div>
|
||||
<div class="radio">
|
||||
<label><input id="ecBot" type="radio" name="ecValidate" ${initialData.enableEcValidation ? '' : 'checked'} value="unchecked"/> Endorsement Credentials will not be validated</label>
|
||||
</div>
|
||||
</my:editor>
|
||||
</li>
|
||||
</form:form>
|
||||
</div>
|
||||
</ul>
|
||||
</jsp:body>
|
||||
</my:page>
|
||||
|
||||
@ -55,6 +55,7 @@ import java.util.stream.Collectors;
|
||||
import static hirs.data.persist.AppraisalStatus.Status.ERROR;
|
||||
import static hirs.data.persist.AppraisalStatus.Status.FAIL;
|
||||
import static hirs.data.persist.AppraisalStatus.Status.PASS;
|
||||
import org.apache.logging.log4j.util.Strings;
|
||||
|
||||
|
||||
/**
|
||||
@ -450,11 +451,13 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
.collect(Collectors.toList());
|
||||
|
||||
String paccorOutputString = deviceInfoReport.getPaccorOutputString();
|
||||
String unmatchedComponents;
|
||||
try {
|
||||
List<ComponentInfo> componentInfoList
|
||||
= getComponentInfoFromPaccorOutput(paccorOutputString);
|
||||
fieldValidation &= validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
unmatchedComponents = validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
validPcComponents, componentInfoList);
|
||||
fieldValidation &= unmatchedComponents.isEmpty();
|
||||
} catch (IOException e) {
|
||||
final String baseErrorMessage = "Error parsing JSON output from PACCOR: ";
|
||||
LOGGER.error(baseErrorMessage + e.toString());
|
||||
@ -463,7 +466,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
}
|
||||
|
||||
if (!fieldValidation) {
|
||||
resultMessage.append("There are unmatched components\n");
|
||||
resultMessage.append("There are unmatched components:\n");
|
||||
resultMessage.append(unmatchedComponents);
|
||||
}
|
||||
|
||||
passesValidation &= fieldValidation;
|
||||
@ -485,7 +489,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
* @param allDeviceInfoComponents the device info report components
|
||||
* @return true if validation passes
|
||||
*/
|
||||
private static boolean validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
private static String validateV2p0PlatformCredentialComponentsExpectingExactMatch(
|
||||
final List<ComponentIdentifier> untrimmedPcComponents,
|
||||
final List<ComponentInfo> allDeviceInfoComponents) {
|
||||
// For each manufacturer listed in the platform credential, create two lists:
|
||||
@ -559,8 +563,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
= deviceInfoComponentsFromManufacturer.stream()
|
||||
.filter(componentInfo
|
||||
-> StringUtils.isNotEmpty(componentInfo.getComponentSerial()))
|
||||
.filter(componentInfo
|
||||
-> componentInfo.getComponentSerial()
|
||||
.filter(componentInfo -> componentInfo.getComponentSerial()
|
||||
.equals(pcComponent.getComponentSerial().getString()))
|
||||
.findFirst();
|
||||
|
||||
@ -589,10 +592,8 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
: pcComponentsFromManufacturerWithRevision) {
|
||||
Optional<ComponentInfo> first
|
||||
= deviceInfoComponentsFromManufacturer.stream()
|
||||
.filter(info
|
||||
-> StringUtils.isNotEmpty(info.getComponentRevision()))
|
||||
.filter(info
|
||||
-> info.getComponentRevision()
|
||||
.filter(info -> StringUtils.isNotEmpty(info.getComponentRevision()))
|
||||
.filter(info -> info.getComponentRevision()
|
||||
.equals(pcComponent.getComponentRevision().getString()))
|
||||
.findFirst();
|
||||
|
||||
@ -624,18 +625,21 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
|
||||
}
|
||||
|
||||
if (!pcUnmatchedComponents.isEmpty()) {
|
||||
LOGGER.error(String.format(
|
||||
"Platform Credential contained %d unmatched components:",
|
||||
StringBuilder sb = new StringBuilder();
|
||||
LOGGER.error(String.format("Platform Credential contained %d unmatched components:",
|
||||
pcUnmatchedComponents.size()));
|
||||
|
||||
int umatchedComponentCounter = 1;
|
||||
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
|
||||
LOGGER.error("Unmatched component " + umatchedComponentCounter++ + ": "
|
||||
+ unmatchedComponent);
|
||||
sb.append(String.format("Manufacturer=%s, Model=%s%n",
|
||||
unmatchedComponent.getComponentManufacturer(),
|
||||
unmatchedComponent.getComponentModel()));
|
||||
}
|
||||
return false;
|
||||
return sb.toString();
|
||||
}
|
||||
return true;
|
||||
return Strings.EMPTY;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -491,7 +491,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
+ "Platform model did not match\n"
|
||||
+ "Platform version did not match\n"
|
||||
+ "Platform serial did not match\n"
|
||||
+ "There are unmatched components\n";
|
||||
+ "There are unmatched components:\n";
|
||||
|
||||
AppraisalStatus result =
|
||||
supplyChainCredentialValidator.validatePlatformCredentialAttributes(
|
||||
@ -1112,7 +1112,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
+ "Platform model did not match\n"
|
||||
+ "Platform version did not match\n"
|
||||
+ "Platform serial did not match\n"
|
||||
+ "There are unmatched components\n";
|
||||
+ "There are unmatched components:\n"
|
||||
+ "Manufacturer=Intel, Model=platform2018\n";
|
||||
|
||||
AppraisalStatus result =
|
||||
supplyChainCredentialValidator.validatePlatformCredentialAttributes(
|
||||
@ -1239,7 +1240,7 @@ public class SupplyChainCredentialValidatorTest {
|
||||
+ "Platform model did not match\n"
|
||||
+ "Platform version did not match\n"
|
||||
+ "Platform serial did not match\n"
|
||||
+ "There are unmatched components\n";
|
||||
+ "There are unmatched components:\n";
|
||||
|
||||
AppraisalStatus result =
|
||||
supplyChainCredentialValidator.validatePlatformCredentialAttributes(
|
||||
@ -1755,7 +1756,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
deviceInfoReport);
|
||||
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
|
||||
Assert.assertEquals(result.getMessage(), "Component manufacturer is empty\n"
|
||||
+ "There are unmatched components\n");
|
||||
+ "There are unmatched components:\n"
|
||||
+ "Manufacturer=, Model=Core i7\n");
|
||||
|
||||
platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
|
||||
result = SupplyChainCredentialValidator
|
||||
@ -1810,7 +1812,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
.validatePlatformCredentialAttributesV2p0(platformCredential,
|
||||
deviceInfoReport);
|
||||
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
|
||||
Assert.assertEquals(result.getMessage(), "There are unmatched components\n");
|
||||
Assert.assertEquals(result.getMessage(), "There are unmatched components:\n"
|
||||
+ "Manufacturer=ACME, Model=TNT\n");
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1872,7 +1875,8 @@ public class SupplyChainCredentialValidatorTest {
|
||||
deviceInfoReport);
|
||||
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
|
||||
Assert.assertEquals(result.getMessage(), "Component manufacturer is empty\n"
|
||||
+ "There are unmatched components\n");
|
||||
+ "There are unmatched components:\n"
|
||||
+ "Manufacturer=, Model=Core i7\n");
|
||||
|
||||
platformCredential = setupMatchingPlatformCredential(deviceInfoReport);
|
||||
result = SupplyChainCredentialValidator
|
||||
|
||||
Loading…
Reference in New Issue
Block a user