Updated the code to now display the var swidtag and rimel. However there are issues with the examples. This commit has fixes for how the pcr values are pulled for display on the base RIM page.

2024-12-19 04:58:00 +00:00 · 2021-04-02 06:34:47 -04:00 · 2021-04-02 06:34:47 -04:00 · ea5b85b703
commit ea5b85b703
parent 4911742c7a
5 changed files with 107 additions and 90 deletions
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@ -94,11 +94,9 @@ import java.security.interfaces.RSAPublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.RSAPublicKeySpec;
-import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@ -773,10 +771,10 @@ public abstract class AbstractAttestationCertificateAuthority
        }

        // check for RIM Base and Support files, if they don't exists in the database, load them
-        String clientName = String.format("%s_%s",
+        String defaultClientName = String.format("%s_%s",
                dv.getHw().getManufacturer(),
                dv.getHw().getProductName());
-        ReferenceManifest dbBaseRim = null;
+        BaseReferenceManifest dbBaseRim = null;
        ReferenceManifest support;
        EventLogMeasurements measurements;
        String tagId = "";
@ -805,19 +803,21 @@ public abstract class AbstractAttestationCertificateAuthority
                    if (support == null) {
                        support = new SupportReferenceManifest(
                                String.format("%s.rimel",
-                                        clientName),
+                                        defaultClientName),
                                logFile.toByteArray());
                        support.setPlatformManufacturer(dv.getHw().getManufacturer());
                        support.setPlatformModel(dv.getHw().getProductName());
-                        support.setFileName(String.format("%s_[%s].rimel", clientName,
+                        support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
                                support.getRimHash().substring(
                                        support.getRimHash().length() - NUM_OF_VARIABLES)));
                        this.referenceManifestManager.save(support);
                    } else {
                        LOG.info("Client provided Support RIM already loaded in database.");
-                        support.restore();
-                        support.resetCreateTime();
-                        this.referenceManifestManager.update(support);
+                        if (support.isArchived()) {
+                            support.restore();
+                            support.resetCreateTime();
+                            this.referenceManifestManager.update(support);
+                        }
                    }
                } catch (IOException ioEx) {
                    LOG.error(ioEx);
@ -827,9 +827,9 @@ public abstract class AbstractAttestationCertificateAuthority
            LOG.warn("Device did not send support RIM file...");
        }

-        List<String> archie = new ArrayList<>();
        if (dv.getSwidfileCount() > 0) {
            for (ByteString swidFile : dv.getSwidfileList()) {
+                fileName = "";
                try {
                    dbBaseRim = BaseReferenceManifest.select(referenceManifestManager)
                            .includeArchived()
@ -838,91 +838,79 @@ public abstract class AbstractAttestationCertificateAuthority
                            .getRIM();

                    if (dbBaseRim == null) {
-                        /**
-                         * This has to change, each log file can't have the same name
-                         */
                        dbBaseRim = new BaseReferenceManifest(
                                String.format("%s.swidtag",
-                                        clientName),
+                                        defaultClientName),
                                swidFile.toByteArray());

-                        BaseReferenceManifest base = (BaseReferenceManifest) dbBaseRim;
-                        for (SwidResource swid : base.parseResource()) {
+                        // get file name to use
+                        for (SwidResource swid : dbBaseRim.parseResource()) {
                            matcher = pattern.matcher(swid.getName());
                            if (matcher.matches()) {
                                //found the file name
                                int dotIndex = swid.getName().lastIndexOf(".");
-                                clientName = swid.getName().substring(0, dotIndex);
+                                fileName = swid.getName().substring(0, dotIndex);
                                dbBaseRim = new BaseReferenceManifest(
                                        String.format("%s.swidtag",
-                                                clientName),
+                                                fileName),
                                        swidFile.toByteArray());
                            }
+
                            // now update support rim
                            SupportReferenceManifest dbSupport = SupportReferenceManifest
                                    .select(referenceManifestManager)
                                    .byRimHash(swid.getHashValue()).getRIM();
-                            if (dbSupport == null) {
-                                LOG.error("Why is this happening?");
-                                // I could do this, and then when the actual
-                                // support comes in just update the byte field
-                            }
                            if (dbSupport != null && !dbSupport.isUpdated()) {
-                                LOG.error("We found the old support");
                                dbSupport.setFileName(swid.getName());
-                                dbSupport.setSwidTagVersion(base.getSwidTagVersion());
+                                dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
                                // I might create a get for the bytes of the swidtag file
                                // so that I can set that instead of the rim ID
-                                dbSupport.setTagId(base.getTagId());
+                                dbSupport.setTagId(dbBaseRim.getTagId());
+                                dbSupport.setSwidTagVersion(dbBaseRim.getSwidTagVersion());
+                                dbSupport.setSwidVersion(dbBaseRim.getSwidVersion());
                                dbSupport.setSwidPatch(dbBaseRim.isSwidPatch());
                                dbSupport.setSwidSupplemental(dbBaseRim.isSwidSupplemental());
-                                // might want to expand so that the record digest value know
-                                // if it was a patch or supplemental
+                                dbBaseRim.setAssociatedRim(dbSupport.getId());
                                dbSupport.setUpdated(true);
                                this.referenceManifestManager.update(dbSupport);
+                                break;
                            }
                        }
                        this.referenceManifestManager.save(dbBaseRim);
                    } else {
-                        LOG.error("Client provided Base RIM already loaded in database.");
-                        dbBaseRim.restore();
-                        dbBaseRim.resetCreateTime();
-                        this.referenceManifestManager.update(dbBaseRim);
+                        LOG.info("Client provided Base RIM already loaded in database.");
+                        /**
+                         * Leaving this as is for now, however can there be a condition
+                         * in which the provisioner sends swidtags without support rims?
+                         */
+                        if (dbBaseRim.isArchived()) {
+                            dbBaseRim.restore();
+                            dbBaseRim.resetCreateTime();
+                            this.referenceManifestManager.update(dbBaseRim);
+                        }
                    }

-                    tagId = dbBaseRim.getTagId();
                } catch (IOException ioEx) {
                    LOG.error(ioEx);
                }
            }
-
-            for (ByteString swidFile : dv.getSwidfileList()) {
-
-                String hashStr = swidFile.toString();
-                LOG.error(SupportReferenceManifest.select(referenceManifestManager)
-                        .includeArchived()
-                        .byHashCode(Hex.encodeHexString(messageDigest.digest(
-                                swidFile.toByteArray())))
-                        .getRIM());
-            }
        } else {
            LOG.warn("Device did not send swid tag file...");
        }

-        if (true) {
-            Set<SupportReferenceManifest> dbSupportRims = SupportReferenceManifest
+        Set<SupportReferenceManifest> dbSupportRims = SupportReferenceManifest
                    .select(referenceManifestManager).getRIMs();

-            for (SupportReferenceManifest dbSupport : dbSupportRims) {
-                // all of this has to be moved somewhere else
-                /**
-                 * Because the log file we get isn't promised to be the baseline support rim.
-                 * If it is a patch of supplemental we have to check that the baseline
-                 * has been done
-                 * and those entries can't become the baseline
-                 *
-                 * However, we don't know which log file is what until we link them to a swidtag
-                 */
+        for (SupportReferenceManifest dbSupport : dbSupportRims) {
+            /**
+             * Because the log file we get isn't promised to be the baseline support rim.
+             * If it is a patch of supplemental we have to check that the baseline
+             * has been done
+             * and those entries can't become the baseline
+             *
+             * However, we don't know which log file is what until we link them to a swidtag
+             */
+            if (!dbSupport.isSwidPatch() && !dbSupport.isSwidSupplemental()) {
                ReferenceDigestRecord dbObj = new ReferenceDigestRecord(dbSupport,
                        hw.getManufacturer(), hw.getProductName());
                // this is where we update or create the log
@ -952,13 +940,19 @@ public abstract class AbstractAttestationCertificateAuthority
                        e.printStackTrace();
                    }
                }
+            } else {
+                // what to do about patch and supplemental
+                LOG.error(String.format("%s is a patch? %b", dbSupport.getFileName(),
+                        dbSupport.isSwidPatch()));
+                LOG.error(String.format("%s is a supplemental? %b", dbSupport.getFileName(),
+                        dbSupport.isSwidSupplemental()));
            }
        }

        if (dv.hasLivelog()) {
            LOG.info("Device sent bios measurement log...");
            fileName = String.format("%s.measurement",
-                    clientName);
+                    defaultClientName);
            try {
                // find previous version.  If it exists, delete it
                measurements = EventLogMeasurements.select(referenceManifestManager)
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
@ -99,7 +99,9 @@ public class ReferenceManifestDetailsPageController
                LOGGER.error(uuidError, iaEx);
            } catch (Exception ioEx) {
                LOGGER.error(ioEx);
-                LOGGER.trace(ioEx);
+                for (StackTraceElement ste : ioEx.getStackTrace()) {
+                    LOGGER.debug(ste.toString());
+                }
            }
            if (data.isEmpty()) {
                String notFoundMessage = "Unable to find RIM with ID: " + params.getId();
@ -185,8 +187,16 @@ public class ReferenceManifestDetailsPageController
        } else {
            data.put("swidCorpus", "False");
        }
-        data.put("swidPatch", baseRim.isSwidPatch());
-        data.put("swidSupplemental", baseRim.isSwidSupplemental());
+        if (baseRim.isSwidPatch()) {
+            data.put("swidPatch", "True");
+        } else {
+            data.put("swidPatch", "False");
+        }
+        if (baseRim.isSwidSupplemental()) {
+            data.put("swidSupplemental", "True");
+        } else {
+            data.put("swidSupplemental", "False");
+        }
        data.put("swidTagId", baseRim.getTagId());
        // Entity
        data.put("entityName", baseRim.getEntityName());
@ -195,9 +205,16 @@ public class ReferenceManifestDetailsPageController
        data.put("entityThumbprint", baseRim.getEntityThumbprint());
        // Link
        data.put("linkHref", baseRim.getLinkHref());
+        for (BaseReferenceManifest bRim : BaseReferenceManifest
+                .select(referenceManifestManager).getRIMs()) {
+            if (baseRim.getLinkHref().contains(bRim.getTagId())) {
+                data.put("linkHrefLink", bRim.getId().toString());
+                break;
+            } else {
+                data.put("linkHrefLink", "");
+            }
+        }
        data.put("linkRel", baseRim.getLinkRel());
-        data.put("supportRimId", "");
-        data.put("supportRimTagId", "");
        data.put("platformManufacturer", baseRim.getPlatformManufacturer());
        data.put("platformManufacturerId", baseRim.getPlatformManufacturerId());
        data.put("platformModel", baseRim.getPlatformModel());
@ -216,7 +233,7 @@ public class ReferenceManifestDetailsPageController

        List<SwidResource> resources = baseRim.parseResource();
        TCGEventLog logProcessor = null;
-        ReferenceManifest support = null;
+        SupportReferenceManifest support = null;

        if (baseRim.getAssociatedRim() == null) {
            support = SupportReferenceManifest.select(referenceManifestManager)
@ -249,6 +266,10 @@ public class ReferenceManifestDetailsPageController

        data.put("associatedRim", baseRim.getAssociatedRim());
        data.put("swidFiles", resources);
+        if (support != null && (!baseRim.isSwidSupplemental()
+                && !baseRim.isSwidPatch())) {
+            data.put("pcrList", support.getExpectedPCRList());
+        }

        RIM_VALIDATOR.validateXmlSignature(new ByteArrayInputStream(baseRim.getRimBytes()));
        data.put("signatureValid", RIM_VALIDATOR.isSignatureValid());
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/rim-details.jsp
@ -326,7 +326,7 @@
                    <div class="col-md-1 col-md-offset-1"><span class="colHeader">Link</span></div>
                    <div id="link" class="col col-md-8">
                        <c:if test="${not empty initialData.linkHref}">
-                            <div><span><a href="${initialData.linkHref}" rel="${initialData.linkRel}">${initialData.linkHref}</a></span>
+                            <div><span><a href="${portal}/rim-details?id=${initialData.linkHrefLink}" rel="${initialData.linkRel}">${initialData.linkHref}</a></span>
                            </div>
                            <div>Rel:&nbsp;<span>${initialData.linkRel}</span>
                            </div>
@ -410,7 +410,7 @@
                                                                </span>
                                                            </div>
                                                            <c:choose>
-                                                                <c:when test="${not empty resource.getPcrValues()}">
+                                                                <c:when test="${not empty initialData.pcrList}">
                                                                    <div class="component col col-md-10">
                                                                        <span class="fieldHeader">File Size:</span>
                                                                        <span class="fieldValue">${resource.getSize()}</span><br/>
@ -428,7 +428,7 @@
                                                                            <span class="fieldHeader">URI Global:</span>
                                                                            <span class="fieldValue">${resource.getRimUriGlobal()}</span><br/>
                                                                        </c:if>
-                                                                        <c:if test="${not empty resource.getPcrValues()}"> 
+                                                                        <c:if test="${not empty initialData.pcrList}">
                                                                            <div class="panel-body">
                                                                                <div class="component" role="tab" id="pcrValues">
                                                                                    <a role="button" data-toggle="collapse" data-parent="#directorycollapse" class="collapsed"
@ -438,13 +438,15 @@
                                                                                </div>
                                                                                <div id="pcrscollapse" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingThree" aria-expanded="true">
                                                                                    <div>
-                                                                                        <c:forEach items="${resource.getPcrMap()}" var="pcrValue">
+                                                                                        <c:set var="count" value="0" scope="page"/>
+                                                                                        <c:forEach items="${initialData.pcrList}" var="pcrValue">
                                                                                            <div id="componentIdentifier" class="row">
-                                                                                                <div>                                                                                    
-                                                                                                    <span>${pcrValue.key}</span>
-                                                                                                    <span style="overflow-wrap: break-word">${pcrValue.value}</span>
+                                                                                                <div>
+                                                                                                    <span>PCR ${count} - </span>
+                                                                                                    <span style="overflow-wrap: break-word">${pcrValue}</span>
                                                                                                </div>
                                                                                            </div>
+                                                                                            <c:set var="count" value="${count + 1}" scope="page"/>
                                                                                        </c:forEach>
                                                                                    </div>
                                                                                </div>
--- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/BaseReferenceManifest.java
@ -41,8 +41,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
    @Column
    private String swidName = null;
    @Column
-    private String swidVersion = null;
-    @Column
    private int swidCorpus = 0;
    @Column
    private String colloquialVersion = null;
@ -157,7 +155,7 @@ public class BaseReferenceManifest extends ReferenceManifest {
            this.swidCorpus = si.isCorpus() ? 1 : 0;
            this.setSwidPatch(si.isPatch());
            this.setSwidSupplemental(si.isSupplemental());
-            this.swidVersion = si.getVersion();
+            this.setSwidVersion(si.getVersion());
            if (si.getTagVersion() != null) {
                this.setSwidTagVersion(si.getTagVersion().toString());
            }
@ -435,24 +433,6 @@ public class BaseReferenceManifest extends ReferenceManifest {
        this.swidName = swidName;
    }

-    /**
-     * Getter for the SWID version.
-     *
-     * @return string of the version number
-     */
-    public String getSwidVersion() {
-        return swidVersion;
-    }
-
-    /**
-     * Setter for the SWID version.
-     *
-     * @param swidVersion string of the version
-     */
-    public void setSwidVersion(final String swidVersion) {
-        this.swidVersion = swidVersion;
-    }
-
    /**
     * Getter for the corpus flag.
     *
--- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
@ -89,6 +89,8 @@ public abstract class ReferenceManifest extends ArchivableEntity {
    @Column
    private String swidTagVersion = null;
    @Column
+    private String swidVersion = null;
+    @Column
    private String platformModel = null;
    @Column(nullable = false)
    private String fileName = null;
@ -245,6 +247,24 @@ public abstract class ReferenceManifest extends ArchivableEntity {
        this.swidTagVersion = swidTagVersion;
    }

+    /**
+     * Getter for the SWID version.
+     *
+     * @return string of the version number
+     */
+    public String getSwidVersion() {
+        return swidVersion;
+    }
+
+    /**
+     * Setter for the SWID version.
+     *
+     * @param swidVersion string of the version
+     */
+    public void setSwidVersion(final String swidVersion) {
+        this.swidVersion = swidVersion;
+    }
+
    /**
     * Getter for the RIM Tag ID.
     *