ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-18 02:39:56 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

conflict resoltion step 1

Browse Source
This commit is contained in:
iadgovuser26 2020-06-10 14:04:23 -04:00
commit f2fd7f31bd
195 changed files with 2223 additions and 1758 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View File

@ -10,18 +10,19 @@ import hirs.attestationca.service.SupplyChainValidationService;
import hirs.data.persist.AppraisalStatus;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.OSInfo;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.SupplyChainValidationSummary;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.certificate.Certificate;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.DBManager;
import hirs.persist.DeviceManager;
import hirs.persist.TPM2ProvisionerState;
@ -152,11 +153,10 @@ public abstract class AbstractAttestationCertificateAuthority
private final Integer validDays;
private final CertificateManager certificateManager;
private final ReferenceManifestManager referenceManifestManager;
private final DeviceRegister deviceRegister;
private final DeviceManager deviceManager;
private final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager;
private String[] pcrsList;
private String[] pcrs256List;
private String tpmQuoteHash;
private String tpmSignatureHash;
private String pcrValues;
@ -168,6 +168,7 @@ public abstract class AbstractAttestationCertificateAuthority
* @param acaCertificate the ACA certificate
* @param structConverter the struct converter
* @param certificateManager the certificate manager
* @param referenceManifestManager the Reference Manifest manager
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
* @param deviceManager the device manager
@ -179,6 +180,7 @@ public abstract class AbstractAttestationCertificateAuthority
final PrivateKey privateKey, final X509Certificate acaCertificate,
final StructConverter structConverter,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final DeviceRegister deviceRegister, final int validDays,
final DeviceManager deviceManager,
final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager) {
@ -187,6 +189,7 @@ public abstract class AbstractAttestationCertificateAuthority
this.acaCertificate = acaCertificate;
this.structConverter = structConverter;
this.certificateManager = certificateManager;
this.referenceManifestManager = referenceManifestManager;
this.deviceRegister = deviceRegister;
this.validDays = validDays;
this.deviceManager = deviceManager;
@ -212,7 +215,6 @@ public abstract class AbstractAttestationCertificateAuthority
IdentityRequestEnvelope challenge =
structConverter.convert(identityRequest, IdentityRequestEnvelope.class);
//
byte[] identityProof = unwrapIdentityRequest(challenge.getRequest());
// the decrypted symmetric blob should be in the format of an IdentityProof. Use the
// struct converter to generate it.
@ -506,9 +508,6 @@ public abstract class AbstractAttestationCertificateAuthority
}
if (request.getPcrslist() != null && !request.getPcrslist().isEmpty()) {
this.pcrValues = request.getPcrslist().toStringUtf8();
String[] pcrsSet = this.pcrValues.split("\\+");
this.pcrsList = parsePCRValues(pcrsSet[0]);
this.pcrs256List = parsePCRValues(pcrsSet[1]);
}
// Get device name and device
@ -596,8 +595,7 @@ public abstract class AbstractAttestationCertificateAuthority
byte[] modulus = HexUtils.subarray(publicArea,
pubLen - RSA_MODULUS_LENGTH,
pubLen - 1);
RSAPublicKey pub = (RSAPublicKey) assemblePublicKey(modulus);
return pub;
return (RSAPublicKey) assemblePublicKey(modulus);
}
/**
@ -621,9 +619,10 @@ public abstract class AbstractAttestationCertificateAuthority
// convert mac hex string to byte values
byte[] macAddressBytes = new byte[MAC_BYTES];
Integer hex;
if (macAddressParts.length == MAC_BYTES) {
for (int i = 0; i < MAC_BYTES; i++) {
Integer hex = HexUtils.hexToInt(macAddressParts[i]);
hex = HexUtils.hexToInt(macAddressParts[i]);
macAddressBytes[i] = hex.byteValue();
}
}
@ -884,7 +883,6 @@ public abstract class AbstractAttestationCertificateAuthority
* Assembles a public key using a defined big int modulus and the well known exponent.
*/
private PublicKey assemblePublicKey(final BigInteger modulus) {
// generate a key spec using mod and exp
RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, EXPONENT);
@ -1242,8 +1240,7 @@ public abstract class AbstractAttestationCertificateAuthority
private byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context,
final int sizeInBytes)
throws NoSuchAlgorithmException, InvalidKeyException {
ByteBuffer b;
b = ByteBuffer.allocate(4);
ByteBuffer b = ByteBuffer.allocate(4);
b.putInt(1);
byte[] counter = b.array();
// get the label
@ -1271,14 +1268,13 @@ public abstract class AbstractAttestationCertificateAuthority
}
System.arraycopy(desiredSizeInBits, 0, message, marker, 4);
Mac hmac;
byte[] toReturn = null;
byte[] toReturn = new byte[sizeInBytes];
hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec hmacKey = new SecretKeySpec(seed, hmac.getAlgorithm());
hmac.init(hmacKey);
hmac.update(message);
byte[] hmacResult = hmac.doFinal();
toReturn = new byte[sizeInBytes];
System.arraycopy(hmacResult, 0, toReturn, 0, sizeInBytes);
return toReturn;
}
@ -1290,11 +1286,9 @@ public abstract class AbstractAttestationCertificateAuthority
* @throws NoSuchAlgorithmException improper algorithm selected
*/
private byte[] sha256hash(final byte[] blob) throws NoSuchAlgorithmException {
byte[] toReturn = null;
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(blob);
toReturn = md.digest();
return toReturn;
return md.digest();
}
/**

6
HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java
View File

@ -17,6 +17,7 @@ import hirs.attestationca.AbstractAttestationCertificateAuthority;
import hirs.attestationca.service.SupplyChainValidationService;
import hirs.data.service.DeviceRegister;
import hirs.persist.CertificateManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.DeviceManager;
import hirs.structs.converters.StructConverter;
@ -36,6 +37,7 @@ public class RestfulAttestationCertificateAuthority
* @param acaCertificate the ACA certificate
* @param structConverter the struct converter
* @param certificateManager the certificate manager
* @param referenceManifestManager the referenceManifestManager
* @param deviceRegister the device register
* @param validDays the number of days issued certs are valid
* @param deviceManager the device manager
@ -48,12 +50,14 @@ public class RestfulAttestationCertificateAuthority
final PrivateKey privateKey, final X509Certificate acaCertificate,
final StructConverter structConverter,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final DeviceRegister deviceRegister,
final DeviceManager deviceManager,
final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager,
@Value("${aca.certificates.validity}") final int validDays) {
super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
certificateManager, deviceRegister, validDays, deviceManager,
certificateManager, referenceManifestManager,
deviceRegister, validDays, deviceManager,
tpm2ProvisionerStateDBManager);
}

275
HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View File

@ -5,6 +5,11 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.baseline.TPMBaseline;
import hirs.data.persist.SwidResource;
import hirs.validation.SupplyChainCredentialValidator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
@ -32,8 +37,10 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
import hirs.data.persist.certificate.EndorsementCredential;
import hirs.data.persist.certificate.PlatformCredential;
import hirs.data.persist.certificate.IssuedAttestationCertificate;
import hirs.data.persist.ReferenceManifest;
import hirs.persist.AppraiserManager;
import hirs.persist.CertificateManager;
import hirs.persist.ReferenceManifestManager;
import hirs.persist.CertificateSelector;
import hirs.persist.CrudManager;
import hirs.persist.DBManagerException;
@ -43,11 +50,15 @@ import hirs.validation.CredentialValidator;
import java.util.HashMap;
import java.util.Map;
import static hirs.data.persist.AppraisalStatus.Status.FAIL;
import static hirs.data.persist.AppraisalStatus.Status.PASS;
/**
* The main executor of supply chain verification tasks. The AbstractAttestationCertificateAuthority
* will feed it the PC, EC, other relevant certificates, and serial numbers of the provisioning
* task, and it will then manipulate the data as necessary, retrieve useful certs, and arrange
* for actual validation by the SupplyChainValidator.
* The main executor of supply chain verification tasks. The
* AbstractAttestationCertificateAuthority will feed it the PC, EC, other
* relevant certificates, and serial numbers of the provisioning task, and it
* will then manipulate the data as necessary, retrieve useful certs, and
* arrange for actual validation by the SupplyChainValidator.
*/
@Service
@Import(PersistenceConfiguration.class)
@ -55,19 +66,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
private PolicyManager policyManager;
private AppraiserManager appraiserManager;
private ReferenceManifestManager referenceManifestManager;
private CertificateManager certificateManager;
private CredentialValidator supplyChainCredentialValidator;
private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
private static final Logger LOGGER =
LogManager.getLogger(SupplyChainValidationServiceImpl.class);
private static final Logger LOGGER
= LogManager.getLogger(SupplyChainValidationServiceImpl.class);
/**
* Constructor.
*
* @param policyManager the policy manager
* @param appraiserManager the appraiser manager
* @param certificateManager the cert manager
* @param referenceManifestManager the RIM manager
* @param supplyChainValidatorSummaryManager the summary manager
* @param supplyChainCredentialValidator the credential validator
*/
@ -75,19 +88,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
public SupplyChainValidationServiceImpl(final PolicyManager policyManager,
final AppraiserManager appraiserManager,
final CertificateManager certificateManager,
final ReferenceManifestManager referenceManifestManager,
final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
final CredentialValidator supplyChainCredentialValidator) {
this.policyManager = policyManager;
this.appraiserManager = appraiserManager;
this.certificateManager = certificateManager;
this.referenceManifestManager = referenceManifestManager;
this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
this.supplyChainCredentialValidator = supplyChainCredentialValidator;
}
/**
* The "main" method of supply chain validation. Takes the credentials from an identity
* request and validates the supply chain in accordance to the current supply chain
* policy.
* The "main" method of supply chain validation. Takes the credentials from
* an identity request and validates the supply chain in accordance to the
* current supply chain policy.
*
* @param ec The endorsement credential from the identity request.
* @param pcs The platform credentials from the identity request.
@ -96,8 +111,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
*/
@Override
public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec,
final Set<PlatformCredential> pcs,
final Device device) {
final Set<PlatformCredential> pcs,
final Device device) {
final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
SupplyChainAppraiser.NAME);
SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
@ -163,7 +178,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
AppraisalStatus.Status.FAIL,
"Platform credential(s) missing."
+ " Cannot validate attributes",
+ " Cannot validate attributes",
null, Level.ERROR));
} else {
Iterator<PlatformCredential> it = pcs.iterator();
@ -173,11 +188,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (pc != null) {
if (pc.isDeltaChain()) {
// this check validates the delta changes and recompares
// the modified list to the original.
// this check validates the delta changes and recompares
// the modified list to the original.
attributeScv = validateDeltaPlatformCredentialAttributes(
pc, device.getDeviceInfo(),
baseCredential, deltaMapping);
pc, device.getDeviceInfo(),
baseCredential, deltaMapping);
} else {
attributeScv = validatePlatformCredentialAttributes(
pc, device.getDeviceInfo(), ec);
@ -186,16 +201,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
if (platformScv != null) {
// have to make sure the attribute validation isn't ignored and
// doesn't override general validation status
if (platformScv.getResult() == AppraisalStatus.Status.PASS
&& attributeScv.getResult() != AppraisalStatus.Status.PASS) {
if (platformScv.getResult() == PASS
&& attributeScv.getResult() != PASS) {
// if the platform trust store validated but the attribute didn't
// replace
validations.remove(platformScv);
validations.add(attributeScv);
} else if ((platformScv.getResult() == AppraisalStatus.Status.PASS
&& attributeScv.getResult() == AppraisalStatus.Status.PASS)
|| (platformScv.getResult() != AppraisalStatus.Status.PASS
&& attributeScv.getResult() != AppraisalStatus.Status.PASS)) {
} else if ((platformScv.getResult() == PASS
&& attributeScv.getResult() == PASS)
|| (platformScv.getResult() != PASS
&& attributeScv.getResult() != PASS)) {
// if both trust store and attributes validated or failed
// combine messages
validations.remove(platformScv);
@ -219,18 +234,20 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// may need to associated with device to pull the correct info
// compare tpm quote with what is pulled from RIM associated file
IssuedAttestationCertificate attCert = IssuedAttestationCertificate
.select(this.certificateManager)
.byDeviceId(device.getId())
.getCertificate();
.select(this.certificateManager)
.byDeviceId(device.getId())
.getCertificate();
PlatformCredential pc = PlatformCredential
.select(this.certificateManager)
.byDeviceId(device.getId())
.getCertificate();
if (attCert != null) {
LOGGER.error(attCert.getPcrValues());
}
validations.add(validateFirmware(pc, attCert));
}
// Generate validation summary, save it, and return it.
SupplyChainValidationSummary summary =
new SupplyChainValidationSummary(device, validations);
SupplyChainValidationSummary summary
= new SupplyChainValidationSummary(device, validations);
if (baseCredential != null) {
baseCredential.setComponentFailures(summary.getMessage());
this.certificateManager.update(baseCredential);
@ -243,10 +260,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
return summary;
}
/**
* TDM: I need to compare the manufacturer id, name and model load
* that RIM file and associated eventlog, pull that flag for sha 1
* or 256 and then compare pcrs
*/
/**
* This method is a sub set of the validate supply chain method and focuses on the specific
* multibase validation check for a delta chain. This method also includes the check
* for delta certificate CA validation as well.
* This method is a sub set of the validate supply chain method and focuses
* on the specific multibase validation check for a delta chain. This method
* also includes the check for delta certificate CA validation as well.
*
* @param pc The platform credential getting checked
* @param platformScv The validation record
@ -266,7 +289,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
// if it is, then update the SupplyChainValidation message and result
if (result) {
String message = "Multiple Base certificates found in chain.";
if (!platformScv.getResult().equals(AppraisalStatus.Status.PASS)) {
if (!platformScv.getResult().equals(PASS)) {
message = String.format("%s,%n%s", platformScv.getMessage(), message);
}
subPlatformScv = buildValidationRecord(
@ -299,8 +322,93 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
return subPlatformScv;
}
private SupplyChainValidation validateFirmware(final PlatformCredential pc,
final IssuedAttestationCertificate attCert) {
TPMBaseline tpmBline;
String[] baseline = new String[Integer.SIZE];
Level level = Level.ERROR;
AppraisalStatus fwStatus;
if (attCert != null) {
LOGGER.error(attCert.getPcrValues());
String[] pcrsSet = attCert.getPcrValues().split("\\+");
String[] pcrs1 = pcrsSet[0].split("\\n");
String[] pcrs256 = pcrsSet[1].split("\\n");
for (int i = 0; i < pcrs1.length; i++) {
if (pcrs1[i].contains(":")) {
pcrs1[i].split(":");
}
}
for (int i = 0; i < pcrs256.length; i++) {
if (pcrs256[i].contains(":")) {
pcrs256[i].split(":");
}
}
ReferenceManifest rim = ReferenceManifest.select(
this.referenceManifestManager)
.byManufacturer(pc.getManufacturer())
.getRIM();
if (rim == null) {
fwStatus = new AppraisalStatus(FAIL, String.format("Firmware validation failed: "
+ "No associated RIM file could be found for %s",
pc.getManufacturer()));
} else {
StringBuilder sb = new StringBuilder();
fwStatus = new AppraisalStatus(PASS,
SupplyChainCredentialValidator.FIRMWARE_VALID);
String failureMsg = "Firmware validation failed: PCR %d does not"
+ " match%n%tBaseline [%s] <> Device [%s]%n";
List<SwidResource> swids = rim.parseResource();
for (SwidResource swid : swids) {
baseline = swid.getPcrValues()
.toArray(new String[swid.getPcrValues().size()]);
}
/**
* baseline is null. The purpose of the if check was to
* determine to process doing pcrs1 or pcrs256. So I have to
* rethink this.
*
* this goes back to not knowing if I should do one or the other
* and how to make that a setting of some kind.
*/
if (baseline[0].length() == pcrs1[0].length()) {
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
if (!baseline[i].equals(pcrs1[i])) {
sb.append(String.format(failureMsg, i, baseline[i], pcrs1[i]));
break;
}
}
} else if (baseline[0].length() == pcrs256[0].length()) {
for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
if (!baseline[i].equals(pcrs256[i])) {
sb.append(String.format(failureMsg, i, baseline[i], pcrs256[i]));
break;
}
}
}
if (sb.length() > 0) {
level = Level.ERROR;
fwStatus = new AppraisalStatus(FAIL, sb.toString());
} else {
level = Level.INFO;
}
}
} else {
fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation"
+ " Certificate can not be found.");
}
return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE,
fwStatus.getAppStatus(), fwStatus.getMessage(), pc, level);
}
private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec,
final boolean acceptExpiredCerts) {
final boolean acceptExpiredCerts) {
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL;
LOGGER.info("Validating endorsement credential");
@ -316,14 +424,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
validateEndorsementCredential(ec, ecStore, acceptExpiredCerts);
switch (result.getAppStatus()) {
case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
return buildValidationRecord(validationType, PASS,
result.getMessage(), ec, Level.INFO);
case FAIL:
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), ec, Level.WARN);
case ERROR:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), ec, Level.ERROR);
default:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), ec, Level.ERROR);
@ -331,9 +437,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc,
final KeyStore
trustedCertificateAuthority,
final boolean acceptExpiredCerts) {
final KeyStore trustedCertificateAuthority,
final boolean acceptExpiredCerts) {
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
@ -347,14 +452,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
trustedCertificateAuthority, acceptExpiredCerts);
switch (result.getAppStatus()) {
case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
return buildValidationRecord(validationType, PASS,
result.getMessage(), pc, Level.INFO);
case FAIL:
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), pc, Level.WARN);
case ERROR:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), pc, Level.ERROR);
default:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), pc, Level.ERROR);
@ -362,8 +465,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
private SupplyChainValidation validatePlatformCredentialAttributes(final PlatformCredential pc,
final DeviceInfoReport deviceInfoReport,
final EndorsementCredential ec) {
final DeviceInfoReport deviceInfoReport,
final EndorsementCredential ec) {
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
@ -378,14 +481,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
validatePlatformCredentialAttributes(pc, deviceInfoReport, ec);
switch (result.getAppStatus()) {
case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
return buildValidationRecord(validationType, PASS,
result.getMessage(), pc, Level.INFO);
case FAIL:
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), pc, Level.WARN);
case ERROR:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), pc, Level.ERROR);
default:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), pc, Level.ERROR);
@ -397,8 +498,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
final DeviceInfoReport deviceInfoReport,
final PlatformCredential base,
final Map<PlatformCredential, SupplyChainValidation> deltaMapping) {
final SupplyChainValidation.ValidationType validationType =
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
if (delta == null) {
LOGGER.error("No delta certificate to validate");
@ -412,14 +513,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
base, deltaMapping);
switch (result.getAppStatus()) {
case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
return buildValidationRecord(validationType, PASS,
result.getMessage(), delta, Level.INFO);
case FAIL:
return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
result.getMessage(), delta, Level.WARN);
case ERROR:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), delta, Level.ERROR);
default:
return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
result.getMessage(), delta, Level.ERROR);
@ -427,8 +526,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
/**
* Creates a supply chain validation record and logs the validation
* message at the specified log level.
* Creates a supply chain validation record and logs the validation message
* at the specified log level.
*
* @param validationType the type of validation
* @param result the appraisal status
* @param message the validation message to include in the summary and log
@ -451,18 +551,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
/**
* This method is used to retrieve the entire CA chain (up to a
* trusted self-signed certificate) for the given certificate. This method will look up
* CA certificates that have a matching issuer organization as the given certificate, and will
* perform that operation recursively until all certificates for all relevant organizations
* have been retrieved. For that reason, the returned set of certificates may be larger
* than the the single trust chain for the queried certificate, but is guaranteed to include
* the trust chain if it exists in this class' CertificateManager.
* This method is used to retrieve the entire CA chain (up to a trusted
* self-signed certificate) for the given certificate. This method will look
* up CA certificates that have a matching issuer organization as the given
* certificate, and will perform that operation recursively until all
* certificates for all relevant organizations have been retrieved. For that
* reason, the returned set of certificates may be larger than the the
* single trust chain for the queried certificate, but is guaranteed to
* include the trust chain if it exists in this class' CertificateManager.
* Returns the certificate authority credentials in a KeyStore.
*
* @param credential the credential whose CA chain should be retrieved
* @return A keystore containing all relevant CA credentials to the given certificate's
* organization or null if the keystore can't be assembled
* @return A keystore containing all relevant CA credentials to the given
* certificate's organization or null if the keystore can't be assembled
*/
public KeyStore getCaChain(final Certificate credential) {
KeyStore caKeyStore = null;
@ -475,33 +576,37 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
}
/**
* This is a recursive method which is used to retrieve the entire CA chain (up to a
* trusted self-signed certificate) for the given certificate. This method will look up
* CA certificates that have a matching issuer organization as the given certificate, and will
* perform that operation recursively until all certificates for all relevant organizations
* have been retrieved. For that reason, the returned set of certificates may be larger
* than the the single trust chain for the queried certificate, but is guaranteed to include
* the trust chain if it exists in this class' CertificateManager.
* This is a recursive method which is used to retrieve the entire CA chain
* (up to a trusted self-signed certificate) for the given certificate. This
* method will look up CA certificates that have a matching issuer
* organization as the given certificate, and will perform that operation
* recursively until all certificates for all relevant organizations have
* been retrieved. For that reason, the returned set of certificates may be
* larger than the the single trust chain for the queried certificate, but
* is guaranteed to include the trust chain if it exists in this class'
* CertificateManager.
*
* Implementation notes:
* 1. Queries for CA certs with a subject org matching the given (argument's) issuer org
* 2. Add that org to queriedOrganizations, so we don't search for that organization again
* 3. For each returned CA cert, add that cert to the result set, and recurse with that as the
* argument (to go up the chain), if and only if we haven't already queried for that
* organization (which prevents infinite loops on certs with an identical subject and
* issuer org)
* Implementation notes: 1. Queries for CA certs with a subject org matching
* the given (argument's) issuer org 2. Add that org to
* queriedOrganizations, so we don't search for that organization again 3.
* For each returned CA cert, add that cert to the result set, and recurse
* with that as the argument (to go up the chain), if and only if we haven't
* already queried for that organization (which prevents infinite loops on
* certs with an identical subject and issuer org)
*
* @param credential the credential whose CA chain should be retrieved
* @param previouslyQueriedOrganizations a list of organizations to refrain from querying
* @return a Set containing all relevant CA credentials to the given certificate's organization
* @param previouslyQueriedOrganizations a list of organizations to refrain
* from querying
* @return a Set containing all relevant CA credentials to the given
* certificate's organization
*/
private Set<CertificateAuthorityCredential> getCaChainRec(
final Certificate credential,
final Set<String> previouslyQueriedOrganizations
) {
CertificateSelector<CertificateAuthorityCredential> caSelector =
CertificateAuthorityCredential.select(certificateManager)
.bySubjectOrganization(credential.getIssuerOrganization());
CertificateSelector<CertificateAuthorityCredential> caSelector
= CertificateAuthorityCredential.select(certificateManager)
.bySubjectOrganization(credential.getIssuerOrganization());
Set<CertificateAuthorityCredential> certAuthsWithMatchingOrg = caSelector.getCertificates();
Set<String> queriedOrganizations = new HashSet<>(previouslyQueriedOrganizations);

2
HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java
View File

@ -130,7 +130,7 @@ public class AbstractAttestationCertificateAuthorityTest {
@BeforeTest
public void setup() {
aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(),
null, null, null, null, 1,
null, null, null, null, null, 1,
null, null) {
};
}

7
HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java
View File

@ -398,6 +398,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -451,6 +452,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -495,6 +497,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -530,6 +533,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -588,6 +592,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -633,6 +638,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
supplyChainCredentialValidator
);
@ -683,6 +689,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
policyManager,
appraiserManager,
realCertMan,
null,
supplyChainValidationSummaryDBManager,
new SupplyChainCredentialValidator()
);

28
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java
View File

@ -153,6 +153,17 @@ public class CertificateRequestPageController extends PageController<NoPageParam
return mav;
}
/**
* TODO
* 1. add flag for rim validation dependent on pc attribute flag DONE
* 2. create tpmbaseline on upload of rimel file (DONE?)
* a. add device id? though one won't exist yet
* 3. validation
* a. looks for baseline
* b. if it doesn't find one, looks for rim
* a. creates baseline if it exists
* c. validates after reading rimel, if it finds one.
*/
/**
* Queries for the list of Certificates and returns a data table response
@ -600,8 +611,8 @@ public class CertificateRequestPageController extends PageController<NoPageParam
try {
fileBytes = file.getBytes();
} catch (IOException e) {
final String failMessage = "Failed to read uploaded file ("
+ fileName + "): ";
final String failMessage = String.format(
"Failed to read uploaded file (%s): ", fileName);
LOGGER.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
return null;
@ -615,22 +626,21 @@ public class CertificateRequestPageController extends PageController<NoPageParam
case TRUSTCHAIN:
return new CertificateAuthorityCredential(fileBytes);
default:
final String failMessage = "Failed to parse uploaded file ("
+ fileName + "). Invalid certificate type: "
+ certificateType;
final String failMessage = String.format("Failed to parse uploaded file "
+ "(%s). Invalid certificate type: %s", fileName, certificateType);
LOGGER.error(failMessage);
messages.addError(failMessage);
return null;
}
} catch (IOException e) {
final String failMessage = "Failed to parse uploaded file ("
+ fileName + "): ";
final String failMessage = String.format(
"Failed to parse uploaded file (%s): ", fileName);
LOGGER.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
return null;
} catch (IllegalArgumentException e) {
final String failMessage = "Certificate format not recognized("
+ fileName + "): ";
final String failMessage = String.format(
"Certificate format not recognized(%s): ", fileName);
LOGGER.error(failMessage, e);
messages.addError(failMessage + e.getMessage());
return null;

16
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
View File

@ -276,15 +276,13 @@ public class PolicyPageController extends PageController<NoPageParams> {
try {
SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
//If PC Validation is enabled without EC Validation, disallow change
// if (!isPolicyValid(firmwareValidationOptionEnabled,
//policy.isFirmwareValidationEnabled(),
// policy.isFirmwareValidationEnabled())) {
// handleUserError(model, messages,
// "To disable Endorsement Credential Validation, Platform Validation"
// + " must also be disabled.");
// return redirectToSelf(new NoPageParams(), model, attr);
// }
//If firmware is enabled without PC attributes, disallow change
if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) {
handleUserError(model, messages,
"Firmware validation can not be "
+ "enabled without PC Attributes policy enabled.");
return redirectToSelf(new NoPageParams(), model, attr);
}
// set the policy option and create success message
if (firmwareValidationOptionEnabled) {

4
HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View File

@ -225,6 +225,10 @@ public class ReferenceManifestPageController
messages,
rim,
referenceManifestManager);
for (SwidResource swidRes : rim.parseResource()) {
System.out.println("testing this section!");
}
}
}

2
HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java
View File

@ -21,7 +21,7 @@ import java.util.Enumeration;
import hirs.DeviceInfoReportRequest;
import hirs.collector.CollectorException;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.OSName;
import hirs.data.persist.enums.OSName;
/**
* Unit tests for <code>DeviceInfoCollector</code>.

12
HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java
View File

@ -2,12 +2,12 @@ package hirs.provisioner.client;
import hirs.client.collector.DeviceInfoCollector;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.OSInfo;
import hirs.data.persist.OSName;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.enums.OSName;
import hirs.data.persist.info.TPMInfo;
import hirs.structs.converters.StructConverter;
import hirs.structs.elements.tpm.AsymmetricPublicKey;
import hirs.tpm.tss.Tpm;

4
HIRS_ProvisionerTPM2/lib/CPR.CMakeLists.txt.in
View File

@ -4,8 +4,8 @@ project(cpr-download NONE)
include(ExternalProject)
ExternalProject_Add(cpr
GIT_REPOSITORY https://github.com/whoshuu/cpr
GIT_TAG 1.3.0
URL https://github.com/whoshuu/cpr/archive/1.3.0.zip
URL_HASH SHA1=d669d94b41ffaa2de478923c35a83074e34fdc12
SOURCE_DIR "${CMAKE_BINARY_DIR}/lib/cpr-src"
BINARY_DIR "${CMAKE_BINARY_DIR}/lib/cpr-build"
CONFIGURE_COMMAND ""

6
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java
View File

@ -7,9 +7,9 @@ import hirs.alert.resolve.IgnoreAlertResolver;
import hirs.alert.resolve.RemoveFromIMABaselineAlertResolver;
import hirs.alert.resolve.RemoveFromTPMBaselineAlertResolver;
import hirs.alert.resolve.RequestNewReportAlertResolver;
import hirs.data.persist.Baseline;
import hirs.data.persist.SimpleImaBaseline;
import hirs.data.persist.TpmWhiteListBaseline;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.baseline.SimpleImaBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
/**
* Specifies actions that can be taken to resolve an Alert.

32
HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java
View File

@ -6,19 +6,17 @@ import hirs.appraiser.IMAAppraiser;
import hirs.appraiser.TPMAppraiser;
import hirs.data.persist.Alert;
import hirs.alert.resolve.AlertResolverFactory;
import static hirs.data.persist.Alert.AlertType.WHITE_LIST_PCR_MISMATCH;
import static hirs.data.persist.Alert.AlertType.REQUIRED_SET_MISMATCH;
import static hirs.data.persist.Alert.AlertType.UNKNOWN_FILE;
import static hirs.data.persist.Alert.AlertType.WHITELIST_MISMATCH;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaAcceptableRecordBaseline;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.ImaIgnoreSetBaseline;
import hirs.data.persist.TPMBaseline;
import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.TPMBaseline;
import hirs.data.persist.TPMPolicy;
import hirs.data.persist.TpmWhiteListBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.AlertSource;
import hirs.data.persist.enums.AlertType;
import hirs.persist.AppraiserManager;
import hirs.persist.DeviceManager;
import hirs.persist.PolicyManager;
@ -90,7 +88,7 @@ public class AlertResolutionService {
// the same, so take them from the first alert
DeviceGroup deviceGroup = deviceManager.getDevice(alerts.get(0).getDeviceName())
.getDeviceGroup();
Alert.Source source = alerts.get(0).getSource();
AlertSource source = alerts.get(0).getSource();
// build a list of resolution options specific to the alert source
LOGGER.debug(String.format("source of alerts is %s", source.toString()));
@ -122,8 +120,8 @@ public class AlertResolutionService {
List<AlertResolutionOption> options = new ArrayList<>();
Device device = null;
Alert.Source sharedSource = null;
Alert.Source currentSource = null;
AlertSource sharedSource = null;
AlertSource currentSource = null;
DeviceGroup sharedDeviceGroup = null;
DeviceGroup currentDeviceGroup = null;
@ -191,14 +189,14 @@ public class AlertResolutionService {
boolean canAddToBaseline = true;
Alert.AlertType alertType;
AlertType alertType;
for (Alert alert : alertList) {
alertType = alert.getType();
// addToBaseline only helps if each alert would be fixed by adding a record
if (!alertType.equals(WHITELIST_MISMATCH)
&& !alertType.equals(REQUIRED_SET_MISMATCH)
&& !alertType.equals(UNKNOWN_FILE)) {
if (!alertType.equals(AlertType.WHITELIST_MISMATCH)
&& !alertType.equals(AlertType.REQUIRED_SET_MISMATCH)
&& !alertType.equals(AlertType.UNKNOWN_FILE)) {
LOGGER.debug("cannot add ima record to baseline to resolve alert because alert is"
+ " type {}", alertType);
canAddToBaseline = false;
@ -269,7 +267,7 @@ public class AlertResolutionService {
// should only attempt to add to the baseline if all the alerts are of
// the type WHITE_LIST_PCR_MISMATCH
for (Alert alert : alertList) {
if (!alert.getType().equals(WHITE_LIST_PCR_MISMATCH)) {
if (!alert.getType().equals(AlertType.WHITE_LIST_PCR_MISMATCH)) {
canEditBaseline = false;
break;
}

3
HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java
View File

@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.fasterxml.jackson.databind.ObjectMapper;
import hirs.data.persist.enums.AlertSeverity;
import java.util.Optional;
import java.util.UUID;
@ -88,7 +89,7 @@ public class JsonAlertService extends ManagedAlertService {
items.put("hostname", InetAddress.getLocalHost().getHostName());
items.put("source", "PORTAL");
items.put("type", "Test JSON");
items.put("severity", Alert.Severity.INFO.toString());
items.put("severity", AlertSeverity.INFO.toString());
items.put("details", "This is a test alert sent by the HIRS portal.");
return send(jsonMonitor, buildJson(items));

2
HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java
View File

@ -1,7 +1,7 @@
package hirs.alert.resolve;
import hirs.data.persist.Alert;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.baseline.IMABaselineRecord;
import org.springframework.stereotype.Component;
/**

2
HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java
View File

@ -1,7 +1,7 @@
package hirs.alert.resolve;
import hirs.alert.AlertResolutionAction;
import hirs.data.persist.Baseline;
import hirs.data.persist.baseline.Baseline;
import hirs.persist.BaselineManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;

4
HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java
View File

@ -1,8 +1,8 @@
package hirs.alert.resolve;
import hirs.data.persist.Alert;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.SimpleImaBaseline;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.baseline.SimpleImaBaseline;
import hirs.persist.ImaBaselineRecordManager;
import org.springframework.beans.factory.annotation.Autowired;

2
HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java
View File

@ -1,7 +1,7 @@
package hirs.alert.resolve;
import hirs.data.persist.Alert;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.baseline.IMABaselineRecord;
import org.springframework.stereotype.Component;
/**

4
HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java
View File

@ -2,8 +2,8 @@ package hirs.alert.resolve;
import hirs.data.persist.Alert;
import hirs.data.persist.Digest;
import hirs.data.persist.DigestAlgorithm;
import hirs.data.persist.TPMBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.data.persist.baseline.TPMBaseline;
import hirs.data.persist.TPMMeasurementRecord;
import java.util.HashSet;
import java.util.Set;

12
HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java
View File

@ -4,13 +4,13 @@ import hirs.DeviceInfoReportRequest;
import hirs.ReportRequest;
import hirs.collector.CollectorException;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.NetworkInfo;
import hirs.data.persist.OSInfo;
import hirs.data.persist.OSName;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.enums.OSName;
import hirs.data.persist.Report;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.utils.exec.ExecBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;

6
HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java
View File

@ -3,7 +3,7 @@ package hirs.data.bean;
import java.util.Date;
import java.util.UUID;
import hirs.data.persist.Alert;
import hirs.data.persist.enums.AlertSeverity;
/**
* Provides a bean that can be used to encapsulate simple baseline data.
@ -12,7 +12,7 @@ public class SimpleBaselineBean {
private UUID id;
private Date createTime;
private String name;
private Alert.Severity severity;
private AlertSeverity severity;
private String type;
/**
@ -43,7 +43,7 @@ public class SimpleBaselineBean {
* Get the severity.
* @return Alert.Severity.
*/
public Alert.Severity getSeverity() {
public AlertSeverity getSeverity() {
return severity;
}

53
HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java
View File

@ -1,5 +1,7 @@
package hirs.data.persist;
import hirs.data.persist.enums.DigestComparisonResultType;
import hirs.data.persist.enums.DigestAlgorithm;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -8,6 +10,7 @@ import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
/**
* This abstract class represents a message digest. Extending classes include
@ -19,6 +22,8 @@ import org.apache.commons.lang3.ArrayUtils;
* (see {@link ImaBlacklistRecord} for reference.)
*/
public abstract class AbstractDigest {
private static final org.apache.logging.log4j.Logger LOGGER =
LogManager.getLogger(AbstractDigest.class);
/**
* Length of MD2 digest.
*/
@ -60,8 +65,7 @@ public abstract class AbstractDigest {
}
if (ArrayUtils.isEmpty(digest)) {
final String msg = "Digest must have at least one byte";
throw new IllegalArgumentException(msg);
throw new IllegalArgumentException("Digest must have at least one byte");
}
if (digest.length != algorithm.getLengthInBytes()) {
@ -69,6 +73,51 @@ public abstract class AbstractDigest {
}
}
/**
* This method will help class determine the algorithm associated with the
* pcr values given.
*
* @param digest list of pcr values.
* @return the associated algorithm.
*/
public static final DigestAlgorithm getDigestAlgorithm(final byte[] digest) {
if (digest == null || ArrayUtils.isEmpty(digest)) {
return DigestAlgorithm.UNSPECIFIED;
}
switch (digest.length) {
case MD2_DIGEST_LENGTH:
return DigestAlgorithm.MD5;
case SHA1_DIGEST_LENGTH:
return DigestAlgorithm.SHA1;
case SHA256_DIGEST_LENGTH:
return DigestAlgorithm.SHA256;
case SHA384_DIGEST_LENGTH:
return DigestAlgorithm.SHA384;
case SHA512_DIGEST_LENGTH:
return DigestAlgorithm.SHA512;
default:
return DigestAlgorithm.UNSPECIFIED;
}
}
/**
* This method will help class determine the algorithm associated with the
* pcr values given.
*
* @param digest list of pcr values.
* @return the associated algorithm.
*/
public static final DigestAlgorithm getDigestAlgorithm(final String digest) {
try {
return getDigestAlgorithm(Hex.decodeHex(digest.toCharArray()));
} catch (Exception deEx) {
LOGGER.error(deEx);
}
return DigestAlgorithm.UNSPECIFIED;
}
/**
* Retrieves the <code>DigestAlgorithm</code> that identifies which hash
* function generated the digest.

245
HIRS_Utils/src/main/java/hirs/data/persist/Alert.java
View File

@ -1,5 +1,9 @@
package hirs.data.persist;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.enums.AlertSeverity;
import hirs.data.persist.enums.AlertSource;
import hirs.data.persist.enums.AlertType;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.CollectionTable;
@ -16,7 +20,6 @@ import javax.persistence.Table;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@ -68,7 +71,7 @@ public class Alert extends ArchivableEntity {
@Column(name = "source")
@Enumerated(EnumType.STRING)
private Source source = Source.UNSPECIFIED;
private AlertSource source = AlertSource.UNSPECIFIED;
@Column(name = "type")
@Enumerated(EnumType.STRING)
@ -82,231 +85,7 @@ public class Alert extends ArchivableEntity {
@Column(name = "severity")
@Enumerated(EnumType.STRING)
private Severity severity = Severity.UNSPECIFIED;
/**
* The 'source' of the <code>Alert</code>, which is a string enumeration
* representing the component within the HIRS system that caused the
* <code>Alert</code> to be generated. For example, if a record mismatch is
* detected by the <code>IMAAppraiser</code>, the source of the
* <code>Alert</code> will be "IMAAppraiser". In some cases the class name
* may be used, and in other cases a more abstract name may be used to
* provide clarity to the user, such as the <code>REPORT_PROCESSOR</code>
* type, which can come from the <code>SOAPMessageProcessor</code>, the
* <code>SOAPReportProcessor</code>, or the <code>HIRSAppraiser</code>.
*/
@XmlType(name = "AlertSource")
public enum Source {
/**
* The alerts generated from an unspecified source.
*/
UNSPECIFIED,
/**
* Alerts generated within <code>SOAPMessageProcessor</code>,
* <code>SOAPReportProcessor</code>, or <code>HIRSAppraiser</code> will
* all use the same source. This makes sense right now because those
* Alerts will all be related to <code>Report</code>s that do not match
* the expected format.
*/
REPORT_PROCESSOR,
/**
* Alerts generated within the <code>IMAAppraiser</code>.
*/
IMA_APPRAISER,
/**
* Alerts generated within the <code>TPMAppraiser</code>.
*/
TPM_APPRAISER,
/**
* Alerts generated within <code>OnDemandReportRequestManager</code>.
*/
REPORT_REQUESTOR
}
/**
* The 'type' of the Alert, which is the category of problem identified by
* the 'source'.
*/
@XmlType(name = "AlertType")
public enum AlertType {
/**
* The alert type has not been specified.
*/
UNSPECIFIED,
/**
* The <code>Report</code> does not contain the necessary elements or it
* contains certain unnecessary elements.
*/
MALFORMED_REPORT,
/**
* The <code>Report</code> does not contain the correct
* <code>TPMMeasurementRecord</code>s or the PCR values are not correct.
*/
WHITE_LIST_PCR_MISMATCH,
/**
* The <code>Report</code> contains a <code>TPMMeasurementRecord</code>
* matching a TPM BlackList.
*/
BLACK_LIST_PCR_MATCH,
/**
* The <code>TPMReport</code> does not contain a valid nonce.
*/
INVALID_NONCE,
/**
* The <code>TPMReport</code> does not contain a valid TPM Quote (PCR Digest).
*/
INVALID_TPM_QUOTE,
/**
* The <code>TPMReport</code> does not contain a valid signature.
*/
INVALID_SIGNATURE,
/**
* The <code>TPMReport</code> does not contain a valid certificate.
*/
INVALID_CERTIFICATE,
/**
* The <code>IMAReport</code> contains a whitelist hash mismatch.
*/
WHITELIST_MISMATCH,
/**
* The <code>IMAReport</code> contains a required set hash mismatch.
*/
REQUIRED_SET_MISMATCH,
/**
* The <code>Report</code> is missing a required record.
*/
MISSING_RECORD,
/**
* The <code>IMAReport</code> contains an unknown filepath.
*/
UNKNOWN_FILE,
/**
* The client's <code>ReportRequest</code> query messages missing.
*/
REPORT_REQUESTS_MISSING,
/**
* Client periodic <code>IntegrityReport</code> missing.
*/
PERIODIC_REPORT_MISSING,
/**
* On-demand <code>IntegrityReport</code> missing.
*/
ON_DEMAND_REPORT_MISSING,
/**
* The client sent a report that indicates IMA was not enabled correctly.
*/
IMA_MISCONFIGURED,
/**
* PCR mismatches and device info changes indicated a kernel update.
*/
KERNEL_UPDATE_DETECTED,
/**
* The <code>Report</code> does not contain the correct
* <code>TPMMeasurementRecord</code>s associated with IMA measurements.
*/
IMA_PCR_MISMATCH,
/**
* Indicates an IMA measurement had a path which matched an entry in a blacklist baseline.
*/
IMA_BLACKLIST_PATH_MATCH,
/**
* Indicates an IMA measurement had a hash which matched an entry in a blacklist baseline.
*/
IMA_BLACKLIST_HASH_MATCH,
/**
* Indicates an IMA measurement had both a path and hash which matched an entry in a
* blacklist baseline.
*/
IMA_BLACKLIST_PATH_AND_HASH_MATCH,
/**
* Indicates an IMA measurement had a path that matched an entry in a blacklist baseline,
* and also had a hash that matched another entry in the same (or another) baseline.
*/
IMA_BLACKLIST_MIXED_MATCH
}
/**
* The 'severity' of the <code>Alert</code>, which is a string enumeration
* representing the predicted importance of the problem identified.
*
* A constructor with the enum is used to set a criticality number for each severity level.
* Severity levels can be compared against each other by using the getCriticality method.
*
*/
@XmlType(name = "AlertSeverity")
public enum Severity {
/**
* Used for situations where Severity remains to be implemented or the
* exact level has not been determined for a specific use case.
*/
UNSPECIFIED(5),
/**
* Equivalent to "Ignore" or "Quiet". This is not used for general logging,
* but for Alert level messages that, in specific cases, are not applicable
* or can be or need to be ignored.
*/
INFO(10),
/**
* Applies to a non-system critical file or condition.
*/
LOW(15),
/**
* Involves a stable or system-critical file or a stable PCR value.
*/
HIGH(25),
/**
* Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious
* intent that an automated response, such as network disconnection, is warranted.
*/
SEVERE(30);
/**
* Criticality number assigned to a severity level.
*/
private int criticality;
/**
* Constructor used to set the criticality level.
*
* @param c criticality level
*/
Severity(final int c) {
criticality = c;
}
/**
* Return criticality level assigned to severity level.
*
* @return criticality level
*/
int getCriticality() {
return criticality;
}
}
private AlertSeverity severity = AlertSeverity.UNSPECIFIED;
/**
* Creates a new <code>Alert</code> with the message details. The details
@ -465,7 +244,7 @@ public class Alert extends ArchivableEntity {
* @see Source
*/
@XmlAttribute(name = "source")
public final Source getSource() {
public final AlertSource getSource() {
return source;
}
@ -474,7 +253,7 @@ public class Alert extends ArchivableEntity {
*
* @param source of this <code>Alert</code>
*/
public final void setSource(final Source source) {
public final void setSource(final AlertSource source) {
this.source = source;
}
@ -574,7 +353,7 @@ public class Alert extends ArchivableEntity {
* Set the severity of the alert regardless of baseline.
* @param severity Alert.Severity.
*/
public final void setSeverity(final Alert.Severity severity) {
public final void setSeverity(final AlertSeverity severity) {
// only overwrite severity if the new one is non-null
if (severity != null) {
this.severity = severity;
@ -602,7 +381,7 @@ public class Alert extends ArchivableEntity {
* @see Severity
*/
@XmlAttribute(name = "severity")
public final Severity getSeverity() {
public final AlertSeverity getSeverity() {
return severity;
}
@ -635,8 +414,8 @@ public class Alert extends ArchivableEntity {
* @return prioritized severity level based on criticality
*
*/
private Alert.Severity getPrioritizedSeverityLevel(final Alert.Severity checkSeverity) {
Alert.Severity severityLevel = this.severity;
private AlertSeverity getPrioritizedSeverityLevel(final AlertSeverity checkSeverity) {
AlertSeverity severityLevel = this.severity;
if (severityLevel.getCriticality() < checkSeverity.getCriticality()) {
severityLevel = checkSeverity;
}

2
HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java
View File

@ -1,5 +1,7 @@
package hirs.data.persist;
import hirs.data.persist.enums.CertificateValidationStatus;
/**

1
HIRS_Utils/src/main/java/hirs/data/persist/Device.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.HealthStatus;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import hirs.DeviceGroupSerializer;

1
HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.HealthStatus;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.persist.ScheduledJobInfo;
import org.apache.logging.log4j.LogManager;

18
HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java
View File

@ -1,5 +1,11 @@
package hirs.data.persist;
import hirs.data.persist.info.NetworkInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import static org.apache.logging.log4j.LogManager.getLogger;
import javax.persistence.Column;
@ -34,6 +40,18 @@ public class DeviceInfoReport extends Report implements Serializable {
* A variable used to describe unavailable hardware, firmware, or OS info.
*/
public static final String NOT_SPECIFIED = "Not Specified";
/**
* Constant variable representing the various Short sized strings.
*/
public static final int SHORT_STRING_LENGTH = 32;
/**
* Constant variable representing the various Medium sized strings.
*/
public static final int MED_STRING_LENGTH = 64;
/**
* Constant variable representing the various Long sized strings.
*/
public static final int LONG_STRING_LENGTH = 255;
@XmlElement
@Embedded

9
HIRS_Utils/src/main/java/hirs/data/persist/Digest.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.DigestAlgorithm;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
@ -77,6 +78,14 @@ public final class Digest extends AbstractDigest {
this.digest = Arrays.copyOf(digest, digest.length);
}
/**
* Creates a new <code>Digest</code> when an algorithm isn't specified.
* @param digest byte array value
*/
public Digest(final byte[] digest) {
this(AbstractDigest.getDigestAlgorithm(digest), digest);
}
/**
* Default constructor necessary for Hibernate.
*/

1
HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.ExamineState;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

3
HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.AlertSource;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
@ -197,7 +198,7 @@ public class IMADeviceState extends DeviceState {
@Override
public Criterion getDeviceTrustAlertCriterion() {
Criterion createTimeRestriction = Restrictions.ge("createTime", mostRecentFullReportDate);
Criterion sourceRestriction = Restrictions.eq("source", Alert.Source.IMA_APPRAISER);
Criterion sourceRestriction = Restrictions.eq("source", AlertSource.IMA_APPRAISER);
return Restrictions.and(createTimeRestriction, sourceRestriction);
}

1
HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.DigestAlgorithm;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

6
HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java
View File

@ -1,5 +1,11 @@
package hirs.data.persist;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.ImaBlacklistBaseline;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
import hirs.data.persist.baseline.HasBaselines;
import hirs.data.persist.baseline.Baseline;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import org.apache.logging.log4j.LogManager;

17
HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java
View File

@ -1,5 +1,8 @@
package hirs.data.persist;
import hirs.data.persist.baseline.ImaBlacklistBaseline;
import hirs.data.persist.baseline.AbstractImaBaselineRecord;
import hirs.data.persist.enums.AlertType;
import org.apache.commons.lang3.StringUtils;
import javax.persistence.Entity;
@ -97,8 +100,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
public ImaBlacklistRecord(
final String path,
final Digest hash,
final String description
) {
final String description) {
this(path, hash, description, null);
}
@ -125,8 +127,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
final String path,
final Digest hash,
final String description,
final ImaBlacklistBaseline baseline
) {
final ImaBlacklistBaseline baseline) {
super(path, hash, description);
if (path == null && hash == null) {
throw new IllegalArgumentException("Cannot instantiate with both a null path and hash");
@ -171,13 +172,13 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
*
* @return the alert match type
*/
public Alert.AlertType getAlertMatchType() {
public AlertType getAlertMatchType() {
if (getPath() == null) {
return Alert.AlertType.IMA_BLACKLIST_HASH_MATCH;
return AlertType.IMA_BLACKLIST_HASH_MATCH;
} else if (getHash() == null) {
return Alert.AlertType.IMA_BLACKLIST_PATH_MATCH;
return AlertType.IMA_BLACKLIST_PATH_MATCH;
} else {
return Alert.AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH;
return AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH;
}
}
}

2
HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java
View File

@ -5,6 +5,8 @@
*/
package hirs.data.persist;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.AbstractImaBaselineRecord;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;

1
HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
import hirs.data.persist.enums.DigestAlgorithm;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;

17
HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java
View File

@ -89,6 +89,12 @@ public class ReferenceManifest extends ArchivableEntity {
public Selector(final ReferenceManifestManager referenceManifestManager) {
super(referenceManifestManager);
}
/**
* Specify a manufacturer that certificates must have to be considered as matching.
* @param rimType the manufacturer to query, not empty or null
* @return this instance (for chaining further calls)
*/
}
@Column
@ -303,9 +309,10 @@ public class ReferenceManifest extends ArchivableEntity {
if (rimBytes != null && elementName != null) {
try {
SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(this.rimBytes));
JAXBElement element;
for (Object object : si.getEntityOrEvidenceOrLink()) {
if (object instanceof JAXBElement) {
JAXBElement element = (JAXBElement) object;
element = (JAXBElement) object;
if (element.getName().getLocalPart().equals(elementName)) {
// found the element
baseElement = (BaseElement) element.getValue();
@ -407,11 +414,11 @@ public class ReferenceManifest extends ArchivableEntity {
for (FilesystemItem fsi : directory.getDirectoryOrFile()) {
if (fsi != null) {
resources.add(new SwidResource(
(hirs.utils.xjc.File) fsi));
(hirs.utils.xjc.File) fsi, null));
}
}
} else if (meta instanceof hirs.utils.xjc.File) {
resources.add(new SwidResource((hirs.utils.xjc.File) meta));
resources.add(new SwidResource((hirs.utils.xjc.File) meta, null));
}
}
}
@ -429,13 +436,13 @@ public class ReferenceManifest extends ArchivableEntity {
* This method unmarshalls the swidtag found at [path] and validates it
* according to the schema.
*
* @param path to the input swidtag
* @param stream to the input swidtag
* @return the SoftwareIdentity element at the root of the swidtag
* @throws IOException if the swidtag cannot be unmarshalled or validated
*/
private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException {
JAXBElement jaxbe = null;
Schema schema = null;
Schema schema;
try {
schema = DBReferenceManifestManager.getSchemaObject();

83
HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java
View File

@ -1,14 +1,28 @@
package hirs.data.persist;
import com.google.common.base.Preconditions;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.tpm.eventlog.TCGEventLogProcessor;
import hirs.utils.xjc.File;
import java.io.IOException;
import java.util.Map;
import java.util.List;
import java.util.LinkedHashMap;
import java.util.Collections;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.text.DecimalFormat;
import java.util.Arrays;
import javax.xml.namespace.QName;
import org.apache.commons.codec.DecoderException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
* This object is used to represent the content of a Swid Tags Directory
@ -16,6 +30,8 @@ import javax.xml.namespace.QName;
*/
public class SwidResource {
private static final Logger LOGGER = LogManager.getLogger(SwidResource.class);
private static final String CATALINA_HOME = System.getProperty("catalina.base");
private static final String TOMCAT_UPLOAD_DIRECTORY
= "/webapps/HIRS_AttestationCAPortal/upload/";
@ -30,6 +46,8 @@ public class SwidResource {
private String rimFormat, rimType, rimUriGlobal, hashValue;
private List<String> pcrValues;
private TpmWhiteListBaseline tpmWhiteList;
private DigestAlgorithm digest = DigestAlgorithm.SHA1;
/**
* Default constructor.
@ -46,15 +64,17 @@ public class SwidResource {
/**
* The main constructor that processes a {@code hirs.utils.xjc.File}.
*
* @param file {@link hirs.utils.xjc.File}
* @param digest algorithm associated with pcr values
*/
public SwidResource(final File file) {
public SwidResource(final File file, final DigestAlgorithm digest) {
Preconditions.checkArgument(file != null,
"Cannot construct a RIM Resource from a null File object");
this.name = file.getName();
// at this time, there is a possibility to get an object with
// not size even though it is required.
// no size even though it is required.
if (file.getSize() != null) {
this.size = file.getSize().toString();
} else {
@ -79,10 +99,30 @@ public class SwidResource {
default:
}
}
this.digest = digest;
parsePcrValues();
tpmWhiteList = new TpmWhiteListBaseline(this.name);
if (!pcrValues.isEmpty()) {
int i = 0;
for (String pcr : pcrValues) {
if (this.digest == null) {
// determine by length of pcr value
this.digest = AbstractDigest.getDigestAlgorithm(pcr);
}
try {
tpmWhiteList.addToBaseline(
new TPMMeasurementRecord(i++, pcr));
} catch (DecoderException deEx) {
LOGGER.error(deEx);
}
}
}
}
/**
* Getter for the file name.
*
* @return string of the file name
*/
public String getName() {
@ -91,6 +131,7 @@ public class SwidResource {
/**
* Getter for the file size.
*
* @return string of the file size.
*/
public String getSize() {
@ -99,6 +140,7 @@ public class SwidResource {
/**
* Getter for the RIM format for the resource.
*
* @return string of the format
*/
public String getRimFormat() {
@ -107,6 +149,7 @@ public class SwidResource {
/**
* Getter for the RIM resource type.
*
* @return string of the resource type.
*/
public String getRimType() {
@ -115,6 +158,7 @@ public class SwidResource {
/**
* Getter for the RIM Global URI.
*
* @return string of the URI
*/
public String getRimUriGlobal() {
@ -122,7 +166,8 @@ public class SwidResource {
}
/**
* Getter for the associated Hash.
* Getter for the associated Hash of the file.
*
* @return string of the hash
*/
public String getHashValue() {
@ -131,6 +176,7 @@ public class SwidResource {
/**
* Getter for the list of PCR Values.
*
* @return an unmodifiable list
*/
public List<String> getPcrValues() {
@ -139,6 +185,7 @@ public class SwidResource {
/**
* Setter for the list of associated PCR Values.
*
* @param pcrValues a collection of PCRs
*/
public void setPcrValues(final List<String> pcrValues) {
@ -147,6 +194,7 @@ public class SwidResource {
/**
* Getter for a generated map of the PCR values.
*
* @return mapping of PCR# to the actual value.
*/
public LinkedHashMap<String, String> getPcrMap() {
@ -164,4 +212,33 @@ public class SwidResource {
return innerMap;
}
/**
*
*/
private void parsePcrValues() {
TCGEventLogProcessor logProcessor = new TCGEventLogProcessor();
try {
Path logPath = Paths.get(String.format("%s/%s",
SwidResource.RESOURCE_UPLOAD_FOLDER,
this.getName()));
if (Files.exists(logPath)) {
logProcessor = new TCGEventLogProcessor(
Files.readAllBytes(logPath));
}
this.setPcrValues(Arrays.asList(
logProcessor.getExpectedPCRValues()));
} catch (NoSuchFileException nsfEx) {
LOGGER.error(String.format("File Not found!: %s",
this.getName()));
LOGGER.error(nsfEx);
} catch (IOException ioEx) {
LOGGER.error(ioEx);
} catch (CertificateException cEx) {
LOGGER.error(cEx);
} catch (NoSuchAlgorithmException naEx) {
LOGGER.error(naEx);
}
}
}

34
HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java
View File

@ -10,6 +10,8 @@ import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
/**
* Class represents a Trusted Platform Module (TPM) Platform Configuration
@ -43,15 +45,13 @@ public final class TPMMeasurementRecord extends ExaminableRecord {
private final Digest hash;
/**
* Constructor initializes values associated with PCRMeasurementRecord.
* Constructor initializes values associated with TPMMeasurementRecord.
*
* @param pcrId
* is the TPM PCR index. pcrId must be between 0 and 23.
* @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
* @param hash
* represents the measurement digest found at the particular PCR
* index.
* @throws IllegalArgumentException
* if digest algorithm is not SHA-1
* @throws IllegalArgumentException if pcrId is not valid
*/
public TPMMeasurementRecord(final int pcrId, final Digest hash)
throws IllegalArgumentException {
@ -66,6 +66,30 @@ public final class TPMMeasurementRecord extends ExaminableRecord {
this.hash = hash;
}
/**
* Constructor initializes values associated with TPMMeasurementRecord.
*
* @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
* @param hash represents the measurement digest found at the particular PCR
* index.
* @throws DecoderException if there is a decode issue with string hex.
*/
public TPMMeasurementRecord(final int pcrId, final String hash)
throws DecoderException {
this(pcrId, new Digest(Hex.decodeHex(hash.toCharArray())));
}
/**
* Constructor initializes values associated with TPMMeasurementRecord.
*
* @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
* @param hash represents the measurement digest found at the particular PCR
* index.
*/
public TPMMeasurementRecord(final int pcrId, final byte[] hash) {
this(pcrId, new Digest(hash));
}
/**
* Helper method to determine if a PCR ID number is valid.
*

11
HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java
View File

@ -1,5 +1,10 @@
package hirs.data.persist;
import hirs.data.persist.baseline.TpmBlackListBaseline;
import hirs.data.persist.baseline.TpmWhiteListBaseline;
import hirs.data.persist.baseline.HasBaselines;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.enums.AlertSeverity;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@ -73,7 +78,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
@Column(nullable = false)
@Enumerated(EnumType.STRING)
private Alert.Severity kernelUpdateAlertSeverity = Alert.Severity.UNSPECIFIED;
private AlertSeverity kernelUpdateAlertSeverity = AlertSeverity.UNSPECIFIED;
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "TPMWhiteListBaselines",
@ -550,7 +555,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
* Gets the severity of kernel update alerts.
* @return the severity
*/
public Alert.Severity getKernelUpdateAlertSeverity() {
public AlertSeverity getKernelUpdateAlertSeverity() {
return kernelUpdateAlertSeverity;
}
@ -558,7 +563,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
* Sets the severity of kernel update alerts.
* @param severity The desired severity of kernel update alerts.
*/
public void setKernelUpdateAlertSeverity(final Alert.Severity severity) {
public void setKernelUpdateAlertSeverity(final AlertSeverity severity) {
kernelUpdateAlertSeverity = severity;
}

7
HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java
View File

@ -1,5 +1,8 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.data.persist.Digest;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.data.persist.OptionalDigest;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -70,7 +73,7 @@ public abstract class AbstractImaBaselineRecord {
* @throws IllegalArgumentException
* if digest algorithm is not SHA-1
*/
AbstractImaBaselineRecord(final String path, final Digest hash, final String description)
public AbstractImaBaselineRecord(final String path, final Digest hash, final String description)
throws IllegalArgumentException {
if (hash != null && hash.getAlgorithm() != DigestAlgorithm.SHA1) {
throw new IllegalArgumentException("Hash algorithm is not SHA-1");

10
HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java
View File

@ -1,5 +1,7 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.data.persist.UserDefinedEntity;
import hirs.data.persist.enums.AlertSeverity;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
@ -29,7 +31,7 @@ public abstract class Baseline extends UserDefinedEntity {
@Column(nullable = false, name = "severity")
@Enumerated(EnumType.STRING)
private Alert.Severity severity = Alert.Severity.UNSPECIFIED;
private AlertSeverity severity = AlertSeverity.UNSPECIFIED;
@Column(nullable = false)
private String type;
@ -67,7 +69,7 @@ public abstract class Baseline extends UserDefinedEntity {
* Gets the baseline severity.
* @return the severity
*/
public Alert.Severity getSeverity() {
public AlertSeverity getSeverity() {
return severity;
}
@ -75,7 +77,7 @@ public abstract class Baseline extends UserDefinedEntity {
* Sets the severity of alerts raised by this baseline.
* @param severity The desired severity of alerts raised by this baseline
*/
public void setSeverity(final Alert.Severity severity) {
public void setSeverity(final AlertSeverity severity) {
this.severity = severity;
}
}

2
HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.persist.RepositoryManager;
import hirs.repository.Repository;

7
HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java
View File

@ -1,9 +1,4 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package hirs.data.persist;
package hirs.data.persist.baseline;
import java.util.List;

3
HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@ -13,6 +13,7 @@ import javax.persistence.Table;
import javax.persistence.Transient;
import com.google.common.base.Preconditions;
import hirs.data.persist.Digest;
/**
* An <code>IMABaselineRecord</code> represents a single entry in an

4
HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java
View File

@ -1,6 +1,8 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.persist.ImaBaselineRecordManager;

4
HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java
View File

@ -1,5 +1,7 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.persist.ImaBaselineRecordManager;
import org.hibernate.annotations.Type;

5
HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java
View File

@ -1,7 +1,10 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaBlacklistRecord;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.ima.matching.ImaBlacklistRecordMatcher;
import hirs.persist.ImaBaselineRecordManager;

9
HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java
View File

@ -3,11 +3,14 @@
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaIgnoreSetRecord;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.ima.matching.ImaIgnoreSetRecordMatcher;
import hirs.persist.ImaBaselineRecordManager;
@ -202,7 +205,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline<ImaIgnoreSetRecord> {
* @return
* returns true is the record was added to the list, false if not
*/
final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) {
public final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) {
if (record == null) {
LOGGER.error("invalid parameter (NULL value) "
+ "passed to ImaIgnoreSetBaseline.addOnlyToBaseline");
@ -227,7 +230,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline<ImaIgnoreSetRecord> {
* record to remove
* @return a boolean indicating if the removal was successful
*/
final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) {
public final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) {
return imaIgnoreSetRecords.remove(record);
}
}

5
HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java
View File

@ -1,6 +1,9 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.google.common.base.Preconditions;
import hirs.data.persist.Digest;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.ima.matching.IMAMatchStatus;
import hirs.ima.matching.ImaAcceptableHashRecordMatcher;

4
HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java
View File

@ -1,7 +1,9 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Preconditions;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.ima.matching.BatchImaMatchStatus;
import hirs.ima.matching.ImaAcceptableHashRecordMatcher;
import hirs.ima.matching.ImaAcceptablePathAndHashRecordMatcher;

117
HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java
View File

@ -1,5 +1,13 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.Digest;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.data.persist.info.RIMInfo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -23,14 +31,12 @@ import java.util.Set;
public abstract class TPMBaseline extends Baseline {
private static final Logger LOGGER = LogManager.getLogger(TPMBaseline.class);
private static final String NOT_SPECIFIED = "Not Specified";
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "TPMBaselineRecords",
joinColumns = { @JoinColumn(name = "BaselineID", nullable = false) })
private final Set<TPMMeasurementRecord> pcrRecords = new LinkedHashSet<>();
@Embedded
private FirmwareInfo firmwareInfo;
@ -43,6 +49,8 @@ public abstract class TPMBaseline extends Baseline {
@Embedded
private TPMInfo tpmInfo;
@Embedded
private RIMInfo rimInfo;
/**
* Creates a new <code>TPMBaseline</code> with no valid PCR entries and no device-specific PCRs.
@ -63,48 +71,14 @@ public abstract class TPMBaseline extends Baseline {
initDeviceInfo();
}
private void initDeviceInfo() {
initFirmwareInfo();
initHardwareInfo();
initOSInfo();
initTPMInfo();
}
/**
* Creates default FirmwareInfo object.
*/
private void initFirmwareInfo() {
firmwareInfo = new FirmwareInfo();
hardwareInfo = new HardwareInfo();
osInfo = new OSInfo();
tpmInfo = new TPMInfo();
rimInfo = new RIMInfo();
}
/**
* Creates default HardwareInfo object.
*/
private void initHardwareInfo() {
hardwareInfo =
new HardwareInfo();
}
/**
* Creates default OSInfo object.
*/
private void initOSInfo() {
osInfo =
new OSInfo();
}
/**
* Creates default TPMInfo object.
*/
private void initTPMInfo() {
tpmInfo =
new TPMInfo();
}
/**
* Retrieves the FirmwareInfo for this <code>TPMBaseline</code>.
* @return FirmwareInfo
@ -115,7 +89,7 @@ public abstract class TPMBaseline extends Baseline {
/**
* Retrieves the HardwareInfo for this <code>TPMBaseline</code>.
* @return FirmwareInfo
* @return HardwareInfo
*/
public final HardwareInfo getHardwareInfo() {
return hardwareInfo;
@ -123,7 +97,7 @@ public abstract class TPMBaseline extends Baseline {
/**
* Retrieves the OSInfo for this <code>TPMBaseline</code>.
* @return FirmwareInfo
* @return OSInfo
*/
public final OSInfo getOSInfo() {
return osInfo;
@ -131,12 +105,20 @@ public abstract class TPMBaseline extends Baseline {
/**
* Retrieves the TPMInfo for this <code>TPMBaseline</code>.
* @return FirmwareInfo
* @return TPMInfo
*/
public final TPMInfo getTPMInfo() {
return tpmInfo;
}
/**
* Retrieves the RIMInfo for this <code>TPMBaseline</code>.
* @return an instance of RIMInfo
*/
public final RIMInfo getRIMInfo() {
return rimInfo;
}
/**
* Copy the Firmware data from another object. If null, the default
* FirmwareInfo data will be used.
@ -144,7 +126,7 @@ public abstract class TPMBaseline extends Baseline {
*/
public final void setFirmwareInfo(final FirmwareInfo firmwareInfo) {
if (firmwareInfo == null) {
initFirmwareInfo();
this.firmwareInfo = new FirmwareInfo();
} else {
this.firmwareInfo = firmwareInfo;
}
@ -157,7 +139,7 @@ public abstract class TPMBaseline extends Baseline {
*/
public final void setHardwareInfo(final HardwareInfo hardwareInfo) {
if (hardwareInfo == null) {
initHardwareInfo();
this.hardwareInfo = new HardwareInfo();
} else {
this.hardwareInfo = hardwareInfo;
}
@ -170,7 +152,7 @@ public abstract class TPMBaseline extends Baseline {
*/
public final void setOSInfo(final OSInfo osInfo) {
if (osInfo == null) {
initOSInfo();
this.osInfo = new OSInfo();
} else {
this.osInfo = osInfo;
}
@ -183,7 +165,7 @@ public abstract class TPMBaseline extends Baseline {
*/
public final void setTPMInfo(final TPMInfo tpmInfo) {
if (tpmInfo == null) {
initTPMInfo();
this.tpmInfo = new TPMInfo();
} else {
this.tpmInfo = tpmInfo;
}
@ -227,9 +209,6 @@ public abstract class TPMBaseline extends Baseline {
* @return true if measurement record is found in list, otherwise false
*/
public final boolean isInBaseline(final TPMMeasurementRecord record) {
if (record == null) {
return false;
}
return pcrRecords.contains(record);
}
@ -244,7 +223,7 @@ public abstract class TPMBaseline extends Baseline {
LOGGER.debug("adding record {} to baseline {}", record, getName());
if (record == null) {
LOGGER.error("null record");
throw new NullPointerException("record");
throw new NullPointerException("TPMMeasurementRecord");
}
if (pcrRecords.contains(record)) {
@ -268,7 +247,7 @@ public abstract class TPMBaseline extends Baseline {
public final boolean removeFromBaseline(final TPMMeasurementRecord record) {
LOGGER.debug("removing record {} from baseline {}", record, getName());
if (record == null) {
LOGGER.error("null record");
LOGGER.error("null record can not be removed");
return false;
}
@ -283,25 +262,27 @@ public abstract class TPMBaseline extends Baseline {
*/
public boolean isEmpty() {
LOGGER.debug("Check for empty baseline");
return (firmwareInfo.getBiosReleaseDate().equals(NOT_SPECIFIED)
&& firmwareInfo.getBiosVendor().equals(NOT_SPECIFIED)
&& firmwareInfo.getBiosVersion().equals(NOT_SPECIFIED)
&& hardwareInfo.getBaseboardSerialNumber().equals(NOT_SPECIFIED)
&& hardwareInfo.getChassisSerialNumber().equals(NOT_SPECIFIED)
&& hardwareInfo.getManufacturer().equals(NOT_SPECIFIED)
&& hardwareInfo.getProductName().equals(NOT_SPECIFIED)
&& hardwareInfo.getSystemSerialNumber().equals(NOT_SPECIFIED)
&& hardwareInfo.getVersion().equals(NOT_SPECIFIED)
&& osInfo.getDistribution().equals(NOT_SPECIFIED)
&& osInfo.getDistributionRelease().equals(NOT_SPECIFIED)
&& osInfo.getOSArch().equals(NOT_SPECIFIED)
&& osInfo.getOSName().equals(NOT_SPECIFIED)
&& osInfo.getOSVersion().equals(NOT_SPECIFIED)
&& tpmInfo.getTPMMake().equals(NOT_SPECIFIED)
return (firmwareInfo.getBiosReleaseDate().equals(DeviceInfoReport.NOT_SPECIFIED)
&& firmwareInfo.getBiosVendor().equals(DeviceInfoReport.NOT_SPECIFIED)
&& firmwareInfo.getBiosVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getBaseboardSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getChassisSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getProductName().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getSystemSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
&& hardwareInfo.getVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
&& osInfo.getDistribution().equals(DeviceInfoReport.NOT_SPECIFIED)
&& osInfo.getDistributionRelease().equals(DeviceInfoReport.NOT_SPECIFIED)
&& osInfo.getOSArch().equals(DeviceInfoReport.NOT_SPECIFIED)
&& osInfo.getOSName().equals(DeviceInfoReport.NOT_SPECIFIED)
&& osInfo.getOSVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
&& tpmInfo.getTPMMake().equals(DeviceInfoReport.NOT_SPECIFIED)
&& tpmInfo.getTPMVersionMajor() == 0
&& tpmInfo.getTPMVersionMinor() == 0
&& tpmInfo.getTPMVersionRevMajor() == 0
&& tpmInfo.getTPMVersionRevMinor() == 0
&& rimInfo.getRimManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED)
&& rimInfo.getModel().equals(DeviceInfoReport.NOT_SPECIFIED)
&& pcrRecords.isEmpty());
}
}

2
HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;

2
HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import javax.persistence.Entity;

2
HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import javax.persistence.Entity;

2
HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java → HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.baseline;
import hirs.persist.RepositoryManager;

4
HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java Normal file
View File

@ -0,0 +1,4 @@
/**
* This package contains a set of classes for accessing baseline code.
*/
package hirs.data.persist.baseline;

18
HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java
View File

@ -314,9 +314,10 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
asn1In = new ASN1InputStream(ec.getEncoded());
ASN1Primitive obj = asn1In.readObject();
ASN1Sequence seq;
while (obj != null) {
ASN1Sequence seq = ASN1Sequence.getInstance(obj);
seq = ASN1Sequence.getInstance(obj);
parseSequence(seq, false, null);
obj = asn1In.readObject();
}
@ -328,10 +329,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
}
}
String oid;
Object value;
// unpack fields from parsedFields and set field values
for (Map.Entry<String, Object> entry : parsedFields.entrySet()) {
String oid = entry.getKey();
Object value = entry.getValue();
oid = entry.getKey();
value = entry.getValue();
if (oid.equals(TPM_MODEL)) {
model = value.toString();
LOGGER.debug("Found TPM Model: " + model);
@ -415,10 +418,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
// Iterate through remaining fields to set optional attributes
int tag;
DERTaggedObject obj;
for (int i = seqPosition; i < seq.size(); i++) {
if (seq.getObjectAt(i) instanceof DERTaggedObject) {
DERTaggedObject obj = (DERTaggedObject) seq.getObjectAt(i);
int tag = obj.getTagNo();
obj = (DERTaggedObject) seq.getObjectAt(i);
tag = obj.getTagNo();
if (tag == EK_TYPE_TAG) {
int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue();
if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) {
@ -523,8 +528,9 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
// parseSequences in the future
ASN1Set set = (ASN1Set) component;
Enumeration setContents = set.getObjects();
ASN1Encodable subComp;
while (setContents.hasMoreElements()) {
ASN1Encodable subComp = (ASN1Encodable) setContents.nextElement();
subComp = (ASN1Encodable) setContents.nextElement();
if (subComp instanceof ASN1ObjectIdentifier) {
LOGGER.warn("OID in top level of ASN1Set");
}

65
HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java Normal file
View File

@ -0,0 +1,65 @@
package hirs.data.persist.enums;
import javax.xml.bind.annotation.XmlType;
/**
* The 'severity' of the <code>Alert</code>, which is a string enumeration
* representing the predicted importance of the problem identified.
*
* A constructor with the enum is used to set a criticality number for each
* severity level. Severity levels can be compared against each other by using
* the getCriticality method.
*
*/
@XmlType(name = "AlertSeverity")
public enum AlertSeverity {
/**
* Used for situations where Severity remains to be implemented or the exact
* level has not been determined for a specific use case.
*/
UNSPECIFIED(5),
/**
* Equivalent to "Ignore" or "Quiet". This is not used for general logging,
* but for Alert level messages that, in specific cases, are not applicable
* or can be or need to be ignored.
*/
INFO(10),
/**
* Applies to a non-system critical file or condition.
*/
LOW(15),
/**
* Involves a stable or system-critical file or a stable PCR value.
*/
HIGH(25),
/**
* Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious
* intent that an automated response, such as network disconnection, is
* warranted.
*/
SEVERE(30);
/**
* Criticality number assigned to a severity level.
*/
private int criticality;
/**
* Constructor used to set the criticality level.
*
* @param c criticality level
*/
AlertSeverity(final int c) {
criticality = c;
}
/**
* Return criticality level assigned to severity level.
*
* @return criticality level
*/
public int getCriticality() {
return criticality;
}
}

43
HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java Normal file
View File

@ -0,0 +1,43 @@
package hirs.data.persist.enums;
import javax.xml.bind.annotation.XmlType;
/**
* The 'source' of the <code>Alert</code>, which is a string enumeration
* representing the component within the HIRS system that caused the
* <code>Alert</code> to be generated. For example, if a record mismatch is
* detected by the <code>IMAAppraiser</code>, the source of the
* <code>Alert</code> will be "IMAAppraiser". In some cases the class name may
* be used, and in other cases a more abstract name may be used to provide
* clarity to the user, such as the <code>REPORT_PROCESSOR</code> type, which
* can come from the <code>SOAPMessageProcessor</code>, the
* <code>SOAPReportProcessor</code>, or the <code>HIRSAppraiser</code>.
*/
@XmlType(name = "AlertSource")
public enum AlertSource {
/**
* The alerts generated from an unspecified source.
*/
UNSPECIFIED,
/**
* Alerts generated within <code>SOAPMessageProcessor</code>,
* <code>SOAPReportProcessor</code>, or <code>HIRSAppraiser</code> will all
* use the same source. This makes sense right now because those Alerts will
* all be related to <code>Report</code>s that do not match the expected
* format.
*/
REPORT_PROCESSOR,
/**
* Alerts generated within the <code>IMAAppraiser</code>.
*/
IMA_APPRAISER,
/**
* Alerts generated within the <code>TPMAppraiser</code>.
*/
TPM_APPRAISER,
/**
* Alerts generated within <code>OnDemandReportRequestManager</code>.
*/
REPORT_REQUESTOR
}

110
HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java Normal file
View File

@ -0,0 +1,110 @@
package hirs.data.persist.enums;
import javax.xml.bind.annotation.XmlType;
/**
* The 'type' of the Alert, which is the category of problem identified by the
* 'source'.
*/
@XmlType(name = "AlertType")
public enum AlertType {
/**
* The alert type has not been specified.
*/
UNSPECIFIED,
/**
* The <code>Report</code> does not contain the necessary elements or it
* contains certain unnecessary elements.
*/
MALFORMED_REPORT,
/**
* The <code>Report</code> does not contain the correct
* <code>TPMMeasurementRecord</code>s or the PCR values are not correct.
*/
WHITE_LIST_PCR_MISMATCH,
/**
* The <code>Report</code> contains a <code>TPMMeasurementRecord</code>
* matching a TPM BlackList.
*/
BLACK_LIST_PCR_MATCH,
/**
* The <code>TPMReport</code> does not contain a valid nonce.
*/
INVALID_NONCE,
/**
* The <code>TPMReport</code> does not contain a valid TPM Quote (PCR
* Digest).
*/
INVALID_TPM_QUOTE,
/**
* The <code>TPMReport</code> does not contain a valid signature.
*/
INVALID_SIGNATURE,
/**
* The <code>TPMReport</code> does not contain a valid certificate.
*/
INVALID_CERTIFICATE,
/**
* The <code>IMAReport</code> contains a whitelist hash mismatch.
*/
WHITELIST_MISMATCH,
/**
* The <code>IMAReport</code> contains a required set hash mismatch.
*/
REQUIRED_SET_MISMATCH,
/**
* The <code>Report</code> is missing a required record.
*/
MISSING_RECORD,
/**
* The <code>IMAReport</code> contains an unknown filepath.
*/
UNKNOWN_FILE,
/**
* The client's <code>ReportRequest</code> query messages missing.
*/
REPORT_REQUESTS_MISSING,
/**
* Client periodic <code>IntegrityReport</code> missing.
*/
PERIODIC_REPORT_MISSING,
/**
* On-demand <code>IntegrityReport</code> missing.
*/
ON_DEMAND_REPORT_MISSING,
/**
* The client sent a report that indicates IMA was not enabled correctly.
*/
IMA_MISCONFIGURED,
/**
* PCR mismatches and device info changes indicated a kernel update.
*/
KERNEL_UPDATE_DETECTED,
/**
* The <code>Report</code> does not contain the correct
* <code>TPMMeasurementRecord</code>s associated with IMA measurements.
*/
IMA_PCR_MISMATCH,
/**
* Indicates an IMA measurement had a path which matched an entry in a
* blacklist baseline.
*/
IMA_BLACKLIST_PATH_MATCH,
/**
* Indicates an IMA measurement had a hash which matched an entry in a
* blacklist baseline.
*/
IMA_BLACKLIST_HASH_MATCH,
/**
* Indicates an IMA measurement had both a path and hash which matched an
* entry in a blacklist baseline.
*/
IMA_BLACKLIST_PATH_AND_HASH_MATCH,
/**
* Indicates an IMA measurement had a path that matched an entry in a
* blacklist baseline, and also had a hash that matched another entry in the
* same (or another) baseline.
*/
IMA_BLACKLIST_MIXED_MATCH
}

2
HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* Enum used to represent certificate validation status.

88
HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java Normal file
View File

@ -0,0 +1,88 @@
package hirs.data.persist.enums;
/**
* Identifies the type of component.
*/
public enum ComponentType {
/**
* Baseboard.
*/
BASEBOARD(Values.BASEBOARD),
/**
* BIOS or UEFI.
*/
BIOS_UEFI(Values.BIOS_UEFI),
/**
* Chassis.
*/
CHASSIS(Values.CHASSIS),
/**
* Hard Drive.
*/
HARD_DRIVE(Values.HARD_DRIVE),
/**
* Memory.
*/
MEMORY(Values.MEMORY),
/**
* Network Interface Card.
*/
NIC(Values.NIC),
/**
* Processor.
*/
PROCESSOR(Values.PROCESSOR);
/**
* Constructor.
*
* @param val string value
*/
ComponentType(final String val) {
if (!this.name().equals(val)) {
throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum");
}
}
/**
* String values for use in {@link ComponentTypeEnum}.
*/
public static class Values {
/**
* Baseboard.
*/
public static final String BASEBOARD = "BASEBOARD";
/**
* BIOS or UEFI.
*/
public static final String BIOS_UEFI = "BIOS_UEFI";
/**
* Chassis.
*/
public static final String CHASSIS = "CHASSIS";
/**
* Hard Drive.
*/
public static final String HARD_DRIVE = "HARD_DRIVE";
/**
* Memory.
*/
public static final String MEMORY = "MEMORY";
/**
* Network Interface Card.
*/
public static final String NIC = "NIC";
/**
* Processor.
*/
public static final String PROCESSOR = "PROCESSOR";
}
}

14
HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java
View File

@ -1,4 +1,7 @@
package hirs.data.persist;
package hirs.data.persist.enums;
import hirs.data.persist.AbstractDigest;
import hirs.data.persist.DeviceInfoReport;
/**
* Enum of digest algorithms. The enum values also provide a standardized
@ -29,7 +32,12 @@ public enum DigestAlgorithm {
/**
* SHA-512 digest algorithm.
*/
SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH);
SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH),
/**
* Condition used when an algorithm is not specified and
* the size doesn't match known digests.
*/
UNSPECIFIED(DeviceInfoReport.NOT_SPECIFIED, Integer.BYTES);
private final String standardAlgorithmName;
@ -52,7 +60,7 @@ public enum DigestAlgorithm {
*
* @return standard Java algorithm name
*/
String getStandardAlgorithmName() {
public String getStandardAlgorithmName() {
return this.standardAlgorithmName;
}

2
HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* Enumeration identifying the different outcomes of a comparison between

2
HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* State capturing if a record was examined during appraisal or not.

2
HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* <code>HealthStatus</code> is used to represent the health of a device.

2
HIRS_Utils/src/main/java/hirs/data/persist/OSName.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* Enum used to represent operating system names.

16
HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java Normal file
View File

@ -0,0 +1,16 @@
package hirs.data.persist.enums;
/**
* Schemes used by the HIRS Portal.
*/
public enum PortalScheme {
/**
* HTTP.
*/
HTTP,
/**
* HTTPS.
*/
HTTPS;
}

3
HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java → HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.enums;
/**
* This enum represents the result of a search for a record in a baseline.
@ -20,5 +20,4 @@ public enum ReportMatchStatus {
* Indicates the baseline has no entries matching the file path.
*/
UNKNOWN
}

4
HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java Normal file
View File

@ -0,0 +1,4 @@
/**
* This package contains a set of classes for accessing enums used by data persist.
*/
package hirs.data.persist.enums;

5
HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold BIOS/UEFI Component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BIOS_UEFI)
@DiscriminatorValue(value = ComponentType.Values.BIOS_UEFI)
public class BIOSComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

5
HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold information about baseboard components.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BASEBOARD)
@DiscriminatorValue(value = ComponentType.Values.BASEBOARD)
public class BaseboardComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

5
HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold chassis component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.CHASSIS)
@DiscriminatorValue(value = ComponentType.Values.CHASSIS)
public class ChassisComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

92
HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java
View File

@ -1,4 +1,4 @@
package hirs.data.persist;
package hirs.data.persist.info;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.annotations.DiscriminatorOptions;
@ -25,96 +25,6 @@ import java.util.Objects;
@DiscriminatorOptions(force = true)
public class ComponentInfo implements Serializable {
/**
* Identifies the type of component.
*/
public enum ComponentTypeEnum {
/**
* Baseboard.
*/
BASEBOARD(Values.BASEBOARD),
/**
* BIOS or UEFI.
*/
BIOS_UEFI(Values.BIOS_UEFI),
/**
* Chassis.
*/
CHASSIS(Values.CHASSIS),
/**
* Hard Drive.
*/
HARD_DRIVE(Values.HARD_DRIVE),
/**
* Memory.
*/
MEMORY(Values.MEMORY),
/**
* Network Interface Card.
*/
NIC(Values.NIC),
/**
* Processor.
*/
PROCESSOR(Values.PROCESSOR);
/**
* Constructor.
* @param val string value
*/
ComponentTypeEnum(final String val) {
if (!this.name().equals(val)) {
throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum");
}
}
/**
* String values for use in {@link ComponentTypeEnum}.
*/
public static class Values {
/**
* Baseboard.
*/
public static final String BASEBOARD = "BASEBOARD";
/**
* BIOS or UEFI.
*/
public static final String BIOS_UEFI = "BIOS_UEFI";
/**
* Chassis.
*/
public static final String CHASSIS = "CHASSIS";
/**
* Hard Drive.
*/
public static final String HARD_DRIVE = "HARD_DRIVE";
/**
* Memory.
*/
public static final String MEMORY = "MEMORY";
/**
* Network Interface Card.
*/
public static final String NIC = "NIC";
/**
* Processor.
*/
public static final String PROCESSOR = "PROCESSOR";
}
}
@Id
@Column(name = "componentInfo_id")
@GeneratedValue(strategy = GenerationType.AUTO)

17
HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.DeviceInfoReport;
import hirs.utils.StringValidator;
import javax.persistence.Column;
@ -10,19 +11,17 @@ import java.io.Serializable;
* Used for representing the firmware info of a device, such as the BIOS information.
*/
public class FirmwareInfo implements Serializable {
private static final int SHORT_STRING_LENGTH = 32;
private static final int LONG_STRING_LENGTH = 256;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private final String biosVendor;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private final String biosVersion;
@XmlElement
@Column(length = SHORT_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false)
private final String biosReleaseDate;
/**
@ -35,13 +34,13 @@ public class FirmwareInfo implements Serializable {
public FirmwareInfo(final String biosVendor, final String biosVersion,
final String biosReleaseDate) {
this.biosVendor = StringValidator.check(biosVendor, "biosVendor")
.notBlank().maxLength(LONG_STRING_LENGTH).get();
.notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
this.biosVersion = StringValidator.check(biosVersion, "biosVersion")
.notBlank().maxLength(LONG_STRING_LENGTH).get();
.notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
this.biosReleaseDate = StringValidator.check(biosReleaseDate, "biosReleaseDate")
.notBlank().maxLength(SHORT_STRING_LENGTH).get();
.notBlank().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
}
/**

5
HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold hard drive component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.HARD_DRIVE)
@DiscriminatorValue(value = ComponentType.Values.HARD_DRIVE)
public class HardDriveComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

33
HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.DeviceInfoReport;
import hirs.utils.StringValidator;
import org.apache.commons.lang3.StringUtils;
@ -14,31 +15,29 @@ import java.util.Objects;
*/
@Embeddable
public class HardwareInfo implements Serializable {
private static final int SHORT_STRING_LENGTH = 64;
private static final int LONG_STRING_LENGTH = 256;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private String manufacturer = DeviceInfoReport.NOT_SPECIFIED;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private String productName = DeviceInfoReport.NOT_SPECIFIED;
@XmlElement
@Column(length = SHORT_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
private String version = DeviceInfoReport.NOT_SPECIFIED;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private String systemSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private String chassisSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private String baseboardSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
/**
@ -61,33 +60,35 @@ public class HardwareInfo implements Serializable {
) {
if (!StringUtils.isBlank(manufacturer)) {
this.manufacturer = StringValidator.check(manufacturer, "manufacturer")
.maxLength(LONG_STRING_LENGTH).get();
.maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
}
if (!StringUtils.isBlank(productName)) {
this.productName = StringValidator.check(productName, "productName")
.maxLength(LONG_STRING_LENGTH).get();
.maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
}
if (!StringUtils.isBlank(version)) {
this.version = StringValidator.check(version, "version")
.maxLength(SHORT_STRING_LENGTH).get();
.maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
}
if (!StringUtils.isBlank(systemSerialNumber)) {
this.systemSerialNumber = StringValidator.check(systemSerialNumber,
"systemSerialNumber").maxLength(LONG_STRING_LENGTH).get();
"systemSerialNumber")
.maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
}
if (!StringUtils.isBlank(chassisSerialNumber)) {
this.chassisSerialNumber = StringValidator.check(chassisSerialNumber,
"chassisSerialNumber").maxLength(LONG_STRING_LENGTH).get();
"chassisSerialNumber")
.maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
}
if (!StringUtils.isBlank(baseboardSerialNumber)) {
this.baseboardSerialNumber = StringValidator.check(
baseboardSerialNumber, "baseboardSerialNumber"
).maxLength(LONG_STRING_LENGTH).get();
baseboardSerialNumber, "baseboardSerialNumber")
.maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
}
}

5
HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold memory component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.MEMORY)
@DiscriminatorValue(value = ComponentType.Values.MEMORY)
public class MemoryComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

5
HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold Network Interface Card (NIC) component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.NIC)
@DiscriminatorValue(value = ComponentType.Values.NIC)
public class NICComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

12
HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java
View File

@ -1,5 +1,7 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.InetAddressXmlAdapter;
import java.io.Serializable;
import java.net.InetAddress;
import java.util.Arrays;
@ -22,19 +24,15 @@ public class NetworkInfo implements Serializable {
private static final Logger LOGGER = LogManager
.getLogger(NetworkInfo.class);
private static final int LONG_STRING_LENGTH = 255;
private static final int SHORT_STRING_LENGTH = 32;
private static final int NUM_MAC_ADDRESS_BYTES = 6;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = true)
@SuppressWarnings("checkstyle:magicnumber")
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = true)
private String hostname;
@XmlElement
@XmlJavaTypeAdapter(value = InetAddressXmlAdapter.class)
@SuppressWarnings("checkstyle:magicnumber")
@Column(length = SHORT_STRING_LENGTH, nullable = true)
@Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
@Type(type = "hirs.data.persist.type.InetAddressType")
private InetAddress ipAddress;

25
HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.DeviceInfoReport;
import hirs.utils.StringValidator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -15,27 +16,25 @@ import java.io.Serializable;
@Embeddable
public class OSInfo implements Serializable {
private static final Logger LOGGER = LogManager.getLogger(OSInfo.class);
private static final int SHORT_STRING_LENGTH = 32;
private static final int LONG_STRING_LENGTH = 256;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private final String osName;
@XmlElement
@Column(length = LONG_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
private final String osVersion;
@XmlElement
@Column(length = SHORT_STRING_LENGTH, nullable = false)
@Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false)
private final String osArch;
@XmlElement
@Column(length = SHORT_STRING_LENGTH, nullable = true)
@Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
private final String distribution;
@XmlElement
@Column(length = SHORT_STRING_LENGTH, nullable = true)
@Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
private final String distributionRelease;
/**
@ -61,24 +60,24 @@ public class OSInfo implements Serializable {
final String distributionRelease) {
LOGGER.debug("setting OS name information to: {}", osName);
this.osName = StringValidator.check(osName, "osName")
.notNull().maxLength(LONG_STRING_LENGTH).get();
.notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
LOGGER.debug("setting OS version information to: {}", osVersion);
this.osVersion = StringValidator.check(osVersion, "osVersion")
.notNull().maxLength(LONG_STRING_LENGTH).get();
.notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
LOGGER.debug("setting OS arch information to: {}", osArch);
this.osArch = StringValidator.check(osArch, "osArch")
.notNull().maxLength(SHORT_STRING_LENGTH).get();
.notNull().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
LOGGER.debug("setting OS distribution information to: {}", distribution);
this.distribution = StringValidator.check(distribution, "distribution")
.maxLength(SHORT_STRING_LENGTH).get();
.maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
LOGGER.debug("setting OS distribution release information to: {}",
distributionRelease);
this.distributionRelease = StringValidator.check(distributionRelease, "distributionRelease")
.maxLength(SHORT_STRING_LENGTH).get();
.maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
}
/**

19
HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.PortalScheme;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.persistence.Access;
@ -18,20 +19,6 @@ import javax.persistence.Table;
@Table(name = "PortalInfo")
@Access(AccessType.FIELD)
public class PortalInfo {
/**
* Schemes used by the HIRS Portal.
*/
public enum Scheme {
/**
* HTTP.
*/
HTTP,
/**
* HTTPS.
*/
HTTPS;
}
@Id
@Column
@GeneratedValue(strategy = GenerationType.AUTO)
@ -60,7 +47,7 @@ public class PortalInfo {
*
* @param scheme Name of the portal.
*/
public final void setSchemeName(final PortalInfo.Scheme scheme) {
public final void setSchemeName(final PortalScheme scheme) {
if (scheme == null) {
throw new NullPointerException("Scheme cannot be null");
}

5
HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java
View File

@ -1,5 +1,6 @@
package hirs.data.persist;
package hirs.data.persist.info;
import hirs.data.persist.enums.ComponentType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@ -7,7 +8,7 @@ import javax.persistence.Entity;
* Class to hold processor component information.
*/
@Entity
@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.PROCESSOR)
@DiscriminatorValue(value = ComponentType.Values.PROCESSOR)
public class ProcessorComponentInfo extends ComponentInfo {
/**
* Default constructor required by Hibernate.

138
HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java Normal file
View File

@ -0,0 +1,138 @@
package hirs.data.persist.info;
import hirs.data.persist.DeviceInfoReport;
import hirs.utils.StringValidator;
import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Embeddable;
import javax.xml.bind.annotation.XmlElement;
/**
*
*/
@Embeddable
public class RIMInfo implements Serializable {
@XmlElement
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
private final String rimManufacturer;
@XmlElement
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
private final String model;
@XmlElement
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
private final String fileHash;
@XmlElement
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
private final String pcrHash;
/**
* Constructor for the initial values of the class.
* @param rimManufacturer string of the rimManufacturer
* @param model string of the model
* @param fileHash string of the file hash
* @param pcrHash string of the pcr hash
*/
public RIMInfo(final String rimManufacturer, final String model,
final String fileHash, final String pcrHash) {
this.rimManufacturer = StringValidator.check(rimManufacturer, "rimManufacturer")
.notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
this.model = StringValidator.check(model, "model")
.notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
this.fileHash = StringValidator.check(fileHash, "fileHash")
.notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
this.pcrHash = StringValidator.check(pcrHash, "pcrHash")
.notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
}
/**
* Default no parameter constructor.
*/
public RIMInfo() {
this(DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED,
DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED);
}
/**
* Getter for the rimManufacturer string.
* @return string of the rimManufacturer.
*/
public final String getRimManufacturer() {
return this.rimManufacturer;
}
/**
* Getter for the model string.
* @return of the model string
*/
public final String getModel() {
return this.model;
}
/**
* Getter for the file hash string.
* @return fileHash string
*/
public String getFileHash() {
return fileHash;
}
/**
* Getter for the pcr hash.
* @return pcrhash string
*/
public String getPcrHash() {
return pcrHash;
}
@Override
public String toString() {
return String.format("%s, %s, %s, %s", rimManufacturer, model,
fileHash, pcrHash);
}
@Override
public final boolean equals(final Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof RIMInfo)) {
return false;
}
RIMInfo other = (RIMInfo) obj;
if (rimManufacturer != null && !rimManufacturer.equals(other.rimManufacturer)) {
return false;
}
if (model != null && !model.equals(other.model)) {
return false;
}
if (fileHash != null && !fileHash.equals(other.fileHash)) {
return false;
}
if (pcrHash != null && !pcrHash.equals(other.pcrHash)) {
return false;
}
return true;
}
@Override
public final int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + rimManufacturer.hashCode();
result = prime * result + model.hashCode();
result = prime * result + fileHash.hashCode();
result = prime * result + pcrHash.hashCode();
return result;
}
}

9
HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java → HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java
View File

@ -1,6 +1,8 @@
package hirs.data.persist;
package hirs.data.persist.info;
import com.fasterxml.jackson.annotation.JsonIgnore;
import hirs.data.persist.DeviceInfoReport;
import hirs.data.persist.X509CertificateAdapter;
import java.io.Serializable;
import java.security.cert.X509Certificate;
@ -22,10 +24,9 @@ import org.hibernate.annotations.Type;
@Embeddable
public class TPMInfo implements Serializable {
private static final Logger LOGGER = LogManager.getLogger(TPMInfo.class);
private static final int STRING_LENGTH = 64;
@XmlElement
@Column(length = STRING_LENGTH, nullable = true)
@Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = true)
private String tpmMake;
@XmlElement
@ -226,7 +227,7 @@ public class TPMInfo implements Serializable {
private void setTPMMake(final String tpmMake) {
LOGGER.debug("setting TPM make info: {}", tpmMake);
this.tpmMake = StringValidator.check(tpmMake, "tpmMake")
.notNull().maxLength(STRING_LENGTH).get();
.notNull().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
}
private void setTPMVersionMajor(final short tpmVersionMajor) {

5
HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java Normal file
View File

@ -0,0 +1,5 @@
/**
* This package contains a set of classes for accessing info classes used by data persist.
*/
package hirs.data.persist.info;

2
HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java
View File

@ -1,7 +1,7 @@
package hirs.data.persist.tpm;
import hirs.data.persist.Digest;
import hirs.data.persist.DigestAlgorithm;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.data.persist.TPMMeasurementRecord;
import javax.persistence.AttributeOverride;

56
HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java
View File

@ -1,17 +1,17 @@
package hirs.ima;
import hirs.data.persist.Digest;
import hirs.data.persist.FirmwareInfo;
import hirs.data.persist.HardwareInfo;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.ImaAcceptableRecordBaseline;
import hirs.data.persist.ImaBlacklistBaseline;
import hirs.data.persist.info.FirmwareInfo;
import hirs.data.persist.info.HardwareInfo;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
import hirs.data.persist.baseline.ImaBlacklistBaseline;
import hirs.data.persist.ImaBlacklistRecord;
import hirs.data.persist.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.ImaIgnoreSetRecord;
import hirs.data.persist.OSInfo;
import hirs.data.persist.TPMBaseline;
import hirs.data.persist.TPMInfo;
import hirs.data.persist.info.OSInfo;
import hirs.data.persist.baseline.TPMBaseline;
import hirs.data.persist.info.TPMInfo;
import hirs.data.persist.TPMMeasurementRecord;
import hirs.tpm.TPMBaselineGenerator.TPMBaselineFields;
import org.apache.commons.codec.binary.Hex;
@ -131,28 +131,28 @@ public final class CSVGenerator {
// Add device info records to the map
HashMap<TPMBaselineFields, String> map = new HashMap<TPMBaselineFields, String>();
final FirmwareInfo firmwareInfo = tpmBaseline.getFirmwareInfo();
map.put(TPMBaselineFields.biosvendor, firmwareInfo.getBiosVendor());
map.put(TPMBaselineFields.biosversion, firmwareInfo.getBiosVersion());
map.put(TPMBaselineFields.biosreleasedate, firmwareInfo.getBiosReleaseDate());
map.put(TPMBaselineFields.BIOS_VENDOR, firmwareInfo.getBiosVendor());
map.put(TPMBaselineFields.BIOS_VERSION, firmwareInfo.getBiosVersion());
map.put(TPMBaselineFields.BIOS_RELEASE_DATE, firmwareInfo.getBiosReleaseDate());
final HardwareInfo hardwareInfo = tpmBaseline.getHardwareInfo();
map.put(TPMBaselineFields.manufacturer, hardwareInfo.getManufacturer());
map.put(TPMBaselineFields.productname, hardwareInfo.getProductName());
map.put(TPMBaselineFields.version, hardwareInfo.getVersion());
map.put(TPMBaselineFields.systemserialnumber, hardwareInfo.getSystemSerialNumber());
map.put(TPMBaselineFields.chassisserialnumber, hardwareInfo.getChassisSerialNumber());
map.put(TPMBaselineFields.baseboardserialnumber, hardwareInfo.getBaseboardSerialNumber());
map.put(TPMBaselineFields.MANUFACTURER, hardwareInfo.getManufacturer());
map.put(TPMBaselineFields.PRODUCT_NAME, hardwareInfo.getProductName());
map.put(TPMBaselineFields.VERSION, hardwareInfo.getVersion());
map.put(TPMBaselineFields.SYSTEM_SERIAL_NUMBER, hardwareInfo.getSystemSerialNumber());
map.put(TPMBaselineFields.CHASSIS_SERIAL_NUMBER, hardwareInfo.getChassisSerialNumber());
map.put(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER, hardwareInfo.getBaseboardSerialNumber());
final OSInfo osInfo = tpmBaseline.getOSInfo();
map.put(TPMBaselineFields.osname, osInfo.getOSName());
map.put(TPMBaselineFields.osversion, osInfo.getOSVersion());
map.put(TPMBaselineFields.osarch, osInfo.getOSArch());
map.put(TPMBaselineFields.distribution, osInfo.getDistribution());
map.put(TPMBaselineFields.distributionrelease, osInfo.getDistributionRelease());
map.put(TPMBaselineFields.OS_NAME, osInfo.getOSName());
map.put(TPMBaselineFields.OS_VERSION, osInfo.getOSVersion());
map.put(TPMBaselineFields.OS_ARCH, osInfo.getOSArch());
map.put(TPMBaselineFields.DISTRIBUTION, osInfo.getDistribution());
map.put(TPMBaselineFields.DISTRIBUTION_RELEASE, osInfo.getDistributionRelease());
final TPMInfo tpmInfo = tpmBaseline.getTPMInfo();
map.put(TPMBaselineFields.tpmmake, tpmInfo.getTPMMake());
map.put(TPMBaselineFields.tpmversionmajor, "" + tpmInfo.getTPMVersionMajor());
map.put(TPMBaselineFields.tpmversionminor, "" + tpmInfo.getTPMVersionMinor());
map.put(TPMBaselineFields.tpmversionrevmajor, "" + tpmInfo.getTPMVersionRevMajor());
map.put(TPMBaselineFields.tpmversionrevminor, "" + tpmInfo.getTPMVersionRevMinor());
map.put(TPMBaselineFields.TPM_MAKE, tpmInfo.getTPMMake());
map.put(TPMBaselineFields.TPM_VERSION_MAJOR, "" + tpmInfo.getTPMVersionMajor());
map.put(TPMBaselineFields.TPM_VERSION_MINOR, "" + tpmInfo.getTPMVersionMinor());
map.put(TPMBaselineFields.TPM_VERSION_REV_MAJOR, "" + tpmInfo.getTPMVersionRevMajor());
map.put(TPMBaselineFields.TPM_VERSION_REV_MINOR, "" + tpmInfo.getTPMVersionRevMinor());
// Add device info records to the CSV file
sb.append(TPMBaselineFields.toCSV(map));

2
HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java
View File

@ -3,7 +3,7 @@ package hirs.ima;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import hirs.data.persist.Digest;
import hirs.data.persist.ImaBlacklistBaseline;
import hirs.data.persist.baseline.ImaBlacklistBaseline;
import hirs.data.persist.ImaBlacklistRecord;
import org.apache.commons.csv.CSVFormat;
import org.apache.commons.csv.CSVParser;

2
HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java
View File

@ -1,6 +1,6 @@
package hirs.ima;
import hirs.data.persist.ImaIgnoreSetBaseline;
import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
import hirs.data.persist.ImaIgnoreSetRecord;
import java.io.BufferedReader;

8
HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java
View File

@ -1,11 +1,11 @@
package hirs.ima;
import hirs.data.persist.IMAReport;
import hirs.data.persist.SimpleImaBaseline;
import hirs.data.persist.baseline.SimpleImaBaseline;
import hirs.data.persist.Digest;
import hirs.data.persist.DigestAlgorithm;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.enums.DigestAlgorithm;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IntegrityReport;

6
HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java
View File

@ -2,8 +2,8 @@ package hirs.ima.matching;
import com.google.common.base.Preconditions;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.AbstractImaBaselineRecord;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.baseline.AbstractImaBaselineRecord;
import hirs.data.persist.enums.ReportMatchStatus;
import java.util.ArrayList;
import java.util.Collection;
@ -17,7 +17,7 @@ import java.util.Set;
/**
* This class holds the results of the appraisal of a batch of {@link IMAMeasurementRecord}s against
* one or many {@link hirs.data.persist.ImaBaseline}s.
* one or many {@link hirs.data.persist.baseline.ImaBaseline}s.
*
* @param <T> the type of IMA baseline record that an instance of this class matches against
*/

8
HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java
View File

@ -1,10 +1,10 @@
package hirs.ima.matching;
import hirs.data.persist.Baseline;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.AbstractImaBaselineRecord;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.baseline.AbstractImaBaselineRecord;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.enums.ReportMatchStatus;
import java.util.Collections;
import java.util.HashSet;

6
HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java
View File

@ -1,11 +1,11 @@
package hirs.ima.matching;
import com.google.common.base.Preconditions;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.enums.ReportMatchStatus;
import java.util.Collection;
import java.util.Set;

8
HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java
View File

@ -1,12 +1,12 @@
package hirs.ima.matching;
import com.google.common.base.Preconditions;
import hirs.data.persist.DigestComparisonResultType;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.enums.DigestComparisonResultType;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.enums.ReportMatchStatus;
import org.apache.logging.log4j.Logger;
import java.util.Collection;

12
HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java
View File

@ -1,11 +1,11 @@
package hirs.ima.matching;
import hirs.data.persist.Alert;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.ImaBlacklistRecord;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.enums.AlertType;
import hirs.data.persist.enums.ReportMatchStatus;
import java.util.Collection;
import java.util.HashSet;
@ -81,16 +81,16 @@ public class ImaBlacklistRecordMatcher extends ImaRecordMatcher<ImaBlacklistReco
* @param blacklistMatches the list of matches
* @return the relevant alert type
*/
public static Alert.AlertType getBlacklistAlertType(
public static AlertType getBlacklistAlertType(
final Set<IMAMatchStatus<ImaBlacklistRecord>> blacklistMatches) {
Alert.AlertType type = null;
AlertType type = null;
for (IMAMatchStatus<ImaBlacklistRecord> match : blacklistMatches) {
for (ImaBlacklistRecord blacklistRecord : match.getBaselineRecords()) {
if (type == null) {
type = blacklistRecord.getAlertMatchType();
} else {
if (type != blacklistRecord.getAlertMatchType()) {
return Alert.AlertType.IMA_BLACKLIST_MIXED_MATCH;
return AlertType.IMA_BLACKLIST_MIXED_MATCH;
}
}
}

4
HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java
View File

@ -2,9 +2,9 @@ package hirs.ima.matching;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.baseline.ImaBaseline;
import hirs.data.persist.ImaIgnoreSetRecord;
import hirs.data.persist.ReportMatchStatus;
import hirs.data.persist.enums.ReportMatchStatus;
import hirs.utils.RegexFilePathMatcher;
import java.util.Collection;

6
HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java
View File

@ -3,11 +3,11 @@ package hirs.ima.matching;
import com.google.common.collect.ImmutableListMultimap;
import com.google.common.collect.Multimap;
import hirs.data.persist.Digest;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.IMAMeasurementRecord;
import hirs.data.persist.IMAPolicy;
import hirs.data.persist.AbstractImaBaselineRecord;
import hirs.data.persist.ImaBaseline;
import hirs.data.persist.baseline.AbstractImaBaselineRecord;
import hirs.data.persist.baseline.ImaBaseline;
import java.util.ArrayList;
import java.util.Collection;

5
HIRS_Utils/src/main/java/hirs/persist/AlertManager.java
View File

@ -2,11 +2,12 @@ package hirs.persist;
import hirs.FilteredRecordsList;
import hirs.data.persist.Alert;
import hirs.data.persist.Baseline;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.Device;
import hirs.data.persist.DeviceGroup;
import hirs.data.persist.Policy;
import hirs.data.persist.Report;
import hirs.data.persist.enums.AlertSource;
import org.hibernate.criterion.Criterion;
import java.util.Date;
@ -217,7 +218,7 @@ public interface AlertManager {
* @param source counted alerts must originate from
* @return count of unresolved alerts
*/
int countUnresolvedAlerts(Device device, Alert.Source source);
int countUnresolvedAlerts(Device device, AlertSource source);
/**
* Count the total number of devices with at least one unresolved alert within the given group.

4
HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java
View File

@ -2,8 +2,8 @@ package hirs.persist;
import hirs.FilteredRecordsList;
import hirs.data.bean.SimpleBaselineBean;
import hirs.data.persist.Baseline;
import hirs.data.persist.IMABaselineRecord;
import hirs.data.persist.baseline.Baseline;
import hirs.data.persist.baseline.IMABaselineRecord;
import hirs.data.persist.ImaBlacklistRecord;
import hirs.repository.RepoPackage;

Some files were not shown because too many files have changed in this diff Show More