ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-22 06:17:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Modified so PCI ID translation will highlight delta certs and show in Tooltips

Browse Source
This commit is contained in:
iadgovuser29 2021-12-10 09:07:28 -05:00
parent 9b790cb805
commit e22d95c2e6
2 changed files with 44 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View File

@ -565,20 +565,14 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
resultMessage.append(unmatchedComponents); resultMessage.append(unmatchedComponents);
// pass information of which ones failed in additionInfo // pass information of which ones failed in additionInfo
int counter = 0;
for (ComponentIdentifier ci : validPcComponents) { for (ComponentIdentifier ci : validPcComponents) {
try { counter++;
if (ci.isVersion2()) { additionalInfo.append(String.format("%d;", ci.hashCode()));
ComponentIdentifierV2 pciCi = (ComponentIdentifierV2) ci; }
if (PciIds.DB.isReady()) { if (counter > 0) {
pciCi = PciIds.translate((ComponentIdentifierV2) ci); additionalInfo.insert(0, "COMPID=");
} additionalInfo.append(counter);
additionalInfo.append(String.format("%d;", pciCi.hashCode()));
} else {
additionalInfo.append(String.format("%d;", ci.hashCode()));
}
} catch (Exception ex) {
LOGGER.error(ex.getMessage());
}
} }
} }
@ -710,6 +704,7 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
} }
if (!fieldValidation || !deltaSb.toString().isEmpty()) { if (!fieldValidation || !deltaSb.toString().isEmpty()) {
deltaSb.insert(0, "COMPID=");
return new AppraisalStatus(FAIL, resultMessage.toString(), deltaSb.toString()); return new AppraisalStatus(FAIL, resultMessage.toString(), deltaSb.toString());
} }
@ -729,21 +724,29 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
LOGGER.error("PACCOR output string:\n" + paccorOutputString); LOGGER.error("PACCOR output string:\n" + paccorOutputString);
return new AppraisalStatus(ERROR, baseErrorMessage + ioEx.getMessage()); return new AppraisalStatus(ERROR, baseErrorMessage + ioEx.getMessage());
} }
StringBuilder additionalInfo = new StringBuilder();
if (!fieldValidation) { if (!fieldValidation) {
// instead of listing all unmatched, just print the #. The failure
// will link to the platform certificate that'll display them.
String failureResults = unmatchedComponents.substring(0,
unmatchedComponents.length() - 1);
String size = unmatchedComponents.substring(unmatchedComponents.length() - 1);
resultMessage = new StringBuilder(); resultMessage = new StringBuilder();
resultMessage.append("There are unmatched components:\n");
resultMessage.append(String.format("There are %s unmatched components "
+ "on the Platform Certificate:%n", size));
resultMessage.append(unmatchedComponents); resultMessage.append(unmatchedComponents);
return new AppraisalStatus(FAIL, resultMessage.toString(), failureResults); // pass information of which ones failed in additionInfo
int counter = 0;
for (ComponentIdentifier ci : baseCompList) {
counter++;
additionalInfo.append(String.format("%d;", ci.hashCode()));
}
if (counter > 0) {
additionalInfo.insert(0, "COMPID=");
additionalInfo.append(counter);
}
}
if (fieldValidation) {
return new AppraisalStatus(PASS, PLATFORM_ATTRIBUTES_VALID);
} else {
return new AppraisalStatus(FAIL, resultMessage.toString(), additionalInfo.toString());
} }
return new AppraisalStatus(PASS, PLATFORM_ATTRIBUTES_VALID);
} }
private static String validateV2PlatformCredentialAttributes( private static String validateV2PlatformCredentialAttributes(
@ -775,14 +778,23 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
// now we return everything that was unmatched // now we return everything that was unmatched
// what is in the component info/device reported components // what is in the component info/device reported components
// is to be displayed as the failure // is to be displayed as the failure
fullDeltaChainComponents.clear();
for (ComponentIdentifier ci : subCompIdList) { for (ComponentIdentifier ci : subCompIdList) {
ciV2 = (ComponentIdentifierV2) ci; if (ci.isVersion2() && PciIds.DB.isReady()) {
invalidPcIds.append(String.format("%d;", ci = PciIds.translate((ComponentIdentifierV2) ci);
ciV2.hashCode())); }
LOGGER.error("Unmatched component: " + ci);
fullDeltaChainComponents.add(ci);
invalidPcIds.append(String.format(
"Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",
ci.getComponentManufacturer(),
ci.getComponentModel(),
ci.getComponentSerial(),
ci.getComponentRevision()));
} }
} }
return String.format("COMPID=%s%d", invalidPcIds.toString(), subCompIdList.size()); return invalidPcIds.toString();
} }
/** /**
@ -848,7 +860,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
= allDeviceInfoComponents.stream().filter(componentInfo = allDeviceInfoComponents.stream().filter(componentInfo
-> componentInfo.getComponentManufacturer().equals(pcManufacturer)) -> componentInfo.getComponentManufacturer().equals(pcManufacturer))
.collect(Collectors.toList()); .collect(Collectors.toList());
// For each component listed in the platform credential from this manufacturer // For each component listed in the platform credential from this manufacturer
// find the ones that specify a serial number so we can match the most specific ones // find the ones that specify a serial number so we can match the most specific ones
// first. // first.
@ -857,7 +868,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
-> compIdentifier.getComponentSerial() != null -> compIdentifier.getComponentSerial() != null
&& StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString())) && StringUtils.isNotEmpty(compIdentifier.getComponentSerial().getString()))
.collect(Collectors.toList()); .collect(Collectors.toList());
// Now match up the components from the device info that are from the same // Now match up the components from the device info that are from the same
// manufacturer and have a serial number. As matches are found, remove them from // manufacturer and have a serial number. As matches are found, remove them from
// both lists. // both lists.
@ -878,7 +888,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
} }
} }
} }
// For each component listed in the platform credential from this manufacturer // For each component listed in the platform credential from this manufacturer
// find the ones that specify value for the revision field so we can match the most // find the ones that specify value for the revision field so we can match the most
// specific ones first. // specific ones first.
@ -887,7 +896,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
-> compIdentifier.getComponentRevision() != null -> compIdentifier.getComponentRevision() != null
&& StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString())) && StringUtils.isNotEmpty(compIdentifier.getComponentRevision().getString()))
.collect(Collectors.toList()); .collect(Collectors.toList());
// Now match up the components from the device info that are from the same // Now match up the components from the device info that are from the same
// manufacturer and specify a value for the revision field. As matches are found, // manufacturer and specify a value for the revision field. As matches are found,
// remove them from both lists. // remove them from both lists.
@ -908,7 +916,6 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
} }
} }
} }
// The remaining components from the manufacturer have only the 2 required fields so // The remaining components from the manufacturer have only the 2 required fields so
// just match them. // just match them.
List<ComponentIdentifier> templist = new ArrayList<>(pcComponentsFromManufacturer); List<ComponentIdentifier> templist = new ArrayList<>(pcComponentsFromManufacturer);
@ -934,6 +941,10 @@ public final class SupplyChainCredentialValidator implements CredentialValidator
int unmatchedComponentCounter = 1; int unmatchedComponentCounter = 1;
for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) { for (ComponentIdentifier unmatchedComponent : pcUnmatchedComponents) {
if (unmatchedComponent.isVersion2() && PciIds.DB.isReady()) {
unmatchedComponent =
PciIds.translate((ComponentIdentifierV2) unmatchedComponent);
}
LOGGER.error("Unmatched component " + unmatchedComponentCounter++ + ": " LOGGER.error("Unmatched component " + unmatchedComponentCounter++ + ": "
+ unmatchedComponent); + unmatchedComponent);
sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n", sb.append(String.format("Manufacturer=%s, Model=%s, Serial=%s, Revision=%s;%n",

4
HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java
View File

@ -2256,9 +2256,7 @@ public class SupplyChainCredentialValidatorTest {
.validateDeltaPlatformCredentialAttributes(delta1, .validateDeltaPlatformCredentialAttributes(delta1,
deviceInfoReport, base, chainCredentials); deviceInfoReport, base, chainCredentials);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL); Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(), Assert.assertEquals(result.getAdditionalInfo(), "COMPID=370101885;1");
"There are 1 unmatched components on the Platform Certificate:\n"
+ "COMPID=370101885;1");
} }
/** /**