diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java index 3bb51627..b9a2415c 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java @@ -10,18 +10,19 @@ import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.persist.AppraisalStatus; import hirs.data.persist.Device; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.SupplyChainValidationSummary; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.IssuedAttestationCertificate; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.service.DeviceRegister; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.DBManager; import hirs.persist.DeviceManager; import hirs.persist.TPM2ProvisionerState; @@ -152,11 +153,10 @@ public abstract class AbstractAttestationCertificateAuthority private final Integer validDays; private final CertificateManager certificateManager; + private final ReferenceManifestManager referenceManifestManager; private final DeviceRegister deviceRegister; private final DeviceManager deviceManager; private final DBManager tpm2ProvisionerStateDBManager; - private String[] pcrsList; - private String[] pcrs256List; private String tpmQuoteHash; private String tpmSignatureHash; private String pcrValues; @@ -168,6 +168,7 @@ public abstract class AbstractAttestationCertificateAuthority * @param acaCertificate the ACA certificate * @param structConverter the struct converter * @param certificateManager the certificate manager + * @param referenceManifestManager the Reference Manifest manager * @param deviceRegister the device register * @param validDays the number of days issued certs are valid * @param deviceManager the device manager @@ -179,6 +180,7 @@ public abstract class AbstractAttestationCertificateAuthority final PrivateKey privateKey, final X509Certificate acaCertificate, final StructConverter structConverter, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final DeviceRegister deviceRegister, final int validDays, final DeviceManager deviceManager, final DBManager tpm2ProvisionerStateDBManager) { @@ -187,6 +189,7 @@ public abstract class AbstractAttestationCertificateAuthority this.acaCertificate = acaCertificate; this.structConverter = structConverter; this.certificateManager = certificateManager; + this.referenceManifestManager = referenceManifestManager; this.deviceRegister = deviceRegister; this.validDays = validDays; this.deviceManager = deviceManager; @@ -212,7 +215,6 @@ public abstract class AbstractAttestationCertificateAuthority IdentityRequestEnvelope challenge = structConverter.convert(identityRequest, IdentityRequestEnvelope.class); - // byte[] identityProof = unwrapIdentityRequest(challenge.getRequest()); // the decrypted symmetric blob should be in the format of an IdentityProof. Use the // struct converter to generate it. @@ -506,9 +508,6 @@ public abstract class AbstractAttestationCertificateAuthority } if (request.getPcrslist() != null && !request.getPcrslist().isEmpty()) { this.pcrValues = request.getPcrslist().toStringUtf8(); - String[] pcrsSet = this.pcrValues.split("\\+"); - this.pcrsList = parsePCRValues(pcrsSet[0]); - this.pcrs256List = parsePCRValues(pcrsSet[1]); } // Get device name and device @@ -596,8 +595,7 @@ public abstract class AbstractAttestationCertificateAuthority byte[] modulus = HexUtils.subarray(publicArea, pubLen - RSA_MODULUS_LENGTH, pubLen - 1); - RSAPublicKey pub = (RSAPublicKey) assemblePublicKey(modulus); - return pub; + return (RSAPublicKey) assemblePublicKey(modulus); } /** @@ -621,9 +619,10 @@ public abstract class AbstractAttestationCertificateAuthority // convert mac hex string to byte values byte[] macAddressBytes = new byte[MAC_BYTES]; + Integer hex; if (macAddressParts.length == MAC_BYTES) { for (int i = 0; i < MAC_BYTES; i++) { - Integer hex = HexUtils.hexToInt(macAddressParts[i]); + hex = HexUtils.hexToInt(macAddressParts[i]); macAddressBytes[i] = hex.byteValue(); } } @@ -884,7 +883,6 @@ public abstract class AbstractAttestationCertificateAuthority * Assembles a public key using a defined big int modulus and the well known exponent. */ private PublicKey assemblePublicKey(final BigInteger modulus) { - // generate a key spec using mod and exp RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, EXPONENT); @@ -1242,8 +1240,7 @@ public abstract class AbstractAttestationCertificateAuthority private byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context, final int sizeInBytes) throws NoSuchAlgorithmException, InvalidKeyException { - ByteBuffer b; - b = ByteBuffer.allocate(4); + ByteBuffer b = ByteBuffer.allocate(4); b.putInt(1); byte[] counter = b.array(); // get the label @@ -1271,14 +1268,13 @@ public abstract class AbstractAttestationCertificateAuthority } System.arraycopy(desiredSizeInBits, 0, message, marker, 4); Mac hmac; - byte[] toReturn = null; + byte[] toReturn = new byte[sizeInBytes]; hmac = Mac.getInstance("HmacSHA256"); SecretKeySpec hmacKey = new SecretKeySpec(seed, hmac.getAlgorithm()); hmac.init(hmacKey); hmac.update(message); byte[] hmacResult = hmac.doFinal(); - toReturn = new byte[sizeInBytes]; System.arraycopy(hmacResult, 0, toReturn, 0, sizeInBytes); return toReturn; } @@ -1290,11 +1286,9 @@ public abstract class AbstractAttestationCertificateAuthority * @throws NoSuchAlgorithmException improper algorithm selected */ private byte[] sha256hash(final byte[] blob) throws NoSuchAlgorithmException { - byte[] toReturn = null; MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(blob); - toReturn = md.digest(); - return toReturn; + return md.digest(); } /** diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java index 3bec221c..254cfd3a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java @@ -17,6 +17,7 @@ import hirs.attestationca.AbstractAttestationCertificateAuthority; import hirs.attestationca.service.SupplyChainValidationService; import hirs.data.service.DeviceRegister; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.DeviceManager; import hirs.structs.converters.StructConverter; @@ -36,6 +37,7 @@ public class RestfulAttestationCertificateAuthority * @param acaCertificate the ACA certificate * @param structConverter the struct converter * @param certificateManager the certificate manager + * @param referenceManifestManager the referenceManifestManager * @param deviceRegister the device register * @param validDays the number of days issued certs are valid * @param deviceManager the device manager @@ -48,12 +50,14 @@ public class RestfulAttestationCertificateAuthority final PrivateKey privateKey, final X509Certificate acaCertificate, final StructConverter structConverter, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final DeviceRegister deviceRegister, final DeviceManager deviceManager, final DBManager tpm2ProvisionerStateDBManager, @Value("${aca.certificates.validity}") final int validDays) { super(supplyChainValidationService, privateKey, acaCertificate, structConverter, - certificateManager, deviceRegister, validDays, deviceManager, + certificateManager, referenceManifestManager, + deviceRegister, validDays, deviceManager, tpm2ProvisionerStateDBManager); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 3f29e5b6..7de76cfe 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -5,6 +5,11 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; + +import hirs.data.persist.TPMMeasurementRecord; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.SwidResource; +import hirs.validation.SupplyChainCredentialValidator; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; @@ -32,8 +37,10 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.certificate.IssuedAttestationCertificate; +import hirs.data.persist.ReferenceManifest; import hirs.persist.AppraiserManager; import hirs.persist.CertificateManager; +import hirs.persist.ReferenceManifestManager; import hirs.persist.CertificateSelector; import hirs.persist.CrudManager; import hirs.persist.DBManagerException; @@ -43,11 +50,15 @@ import hirs.validation.CredentialValidator; import java.util.HashMap; import java.util.Map; +import static hirs.data.persist.AppraisalStatus.Status.FAIL; +import static hirs.data.persist.AppraisalStatus.Status.PASS; + /** - * The main executor of supply chain verification tasks. The AbstractAttestationCertificateAuthority - * will feed it the PC, EC, other relevant certificates, and serial numbers of the provisioning - * task, and it will then manipulate the data as necessary, retrieve useful certs, and arrange - * for actual validation by the SupplyChainValidator. + * The main executor of supply chain verification tasks. The + * AbstractAttestationCertificateAuthority will feed it the PC, EC, other + * relevant certificates, and serial numbers of the provisioning task, and it + * will then manipulate the data as necessary, retrieve useful certs, and + * arrange for actual validation by the SupplyChainValidator. */ @Service @Import(PersistenceConfiguration.class) @@ -55,19 +66,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe private PolicyManager policyManager; private AppraiserManager appraiserManager; + private ReferenceManifestManager referenceManifestManager; private CertificateManager certificateManager; private CredentialValidator supplyChainCredentialValidator; private CrudManager supplyChainValidatorSummaryManager; - private static final Logger LOGGER = - LogManager.getLogger(SupplyChainValidationServiceImpl.class); - + private static final Logger LOGGER + = LogManager.getLogger(SupplyChainValidationServiceImpl.class); /** * Constructor. + * * @param policyManager the policy manager * @param appraiserManager the appraiser manager * @param certificateManager the cert manager + * @param referenceManifestManager the RIM manager * @param supplyChainValidatorSummaryManager the summary manager * @param supplyChainCredentialValidator the credential validator */ @@ -75,19 +88,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe public SupplyChainValidationServiceImpl(final PolicyManager policyManager, final AppraiserManager appraiserManager, final CertificateManager certificateManager, + final ReferenceManifestManager referenceManifestManager, final CrudManager supplyChainValidatorSummaryManager, final CredentialValidator supplyChainCredentialValidator) { this.policyManager = policyManager; this.appraiserManager = appraiserManager; this.certificateManager = certificateManager; + this.referenceManifestManager = referenceManifestManager; this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager; this.supplyChainCredentialValidator = supplyChainCredentialValidator; } /** - * The "main" method of supply chain validation. Takes the credentials from an identity - * request and validates the supply chain in accordance to the current supply chain - * policy. + * The "main" method of supply chain validation. Takes the credentials from + * an identity request and validates the supply chain in accordance to the + * current supply chain policy. * * @param ec The endorsement credential from the identity request. * @param pcs The platform credentials from the identity request. @@ -96,8 +111,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe */ @Override public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec, - final Set pcs, - final Device device) { + final Set pcs, + final Device device) { final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser( SupplyChainAppraiser.NAME); SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy( @@ -163,7 +178,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL, AppraisalStatus.Status.FAIL, "Platform credential(s) missing." - + " Cannot validate attributes", + + " Cannot validate attributes", null, Level.ERROR)); } else { Iterator it = pcs.iterator(); @@ -173,11 +188,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (pc != null) { if (pc.isDeltaChain()) { - // this check validates the delta changes and recompares - // the modified list to the original. + // this check validates the delta changes and recompares + // the modified list to the original. attributeScv = validateDeltaPlatformCredentialAttributes( - pc, device.getDeviceInfo(), - baseCredential, deltaMapping); + pc, device.getDeviceInfo(), + baseCredential, deltaMapping); } else { attributeScv = validatePlatformCredentialAttributes( pc, device.getDeviceInfo(), ec); @@ -186,16 +201,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe if (platformScv != null) { // have to make sure the attribute validation isn't ignored and // doesn't override general validation status - if (platformScv.getResult() == AppraisalStatus.Status.PASS - && attributeScv.getResult() != AppraisalStatus.Status.PASS) { + if (platformScv.getResult() == PASS + && attributeScv.getResult() != PASS) { // if the platform trust store validated but the attribute didn't // replace validations.remove(platformScv); validations.add(attributeScv); - } else if ((platformScv.getResult() == AppraisalStatus.Status.PASS - && attributeScv.getResult() == AppraisalStatus.Status.PASS) - || (platformScv.getResult() != AppraisalStatus.Status.PASS - && attributeScv.getResult() != AppraisalStatus.Status.PASS)) { + } else if ((platformScv.getResult() == PASS + && attributeScv.getResult() == PASS) + || (platformScv.getResult() != PASS + && attributeScv.getResult() != PASS)) { // if both trust store and attributes validated or failed // combine messages validations.remove(platformScv); @@ -219,18 +234,20 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // may need to associated with device to pull the correct info // compare tpm quote with what is pulled from RIM associated file IssuedAttestationCertificate attCert = IssuedAttestationCertificate - .select(this.certificateManager) - .byDeviceId(device.getId()) - .getCertificate(); + .select(this.certificateManager) + .byDeviceId(device.getId()) + .getCertificate(); + PlatformCredential pc = PlatformCredential + .select(this.certificateManager) + .byDeviceId(device.getId()) + .getCertificate(); - if (attCert != null) { - LOGGER.error(attCert.getPcrValues()); - } + validations.add(validateFirmware(pc, attCert)); } // Generate validation summary, save it, and return it. - SupplyChainValidationSummary summary = - new SupplyChainValidationSummary(device, validations); + SupplyChainValidationSummary summary + = new SupplyChainValidationSummary(device, validations); if (baseCredential != null) { baseCredential.setComponentFailures(summary.getMessage()); this.certificateManager.update(baseCredential); @@ -243,10 +260,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return summary; } + /** + * TDM: I need to compare the manufacturer id, name and model load + * that RIM file and associated eventlog, pull that flag for sha 1 + * or 256 and then compare pcrs + */ + /** - * This method is a sub set of the validate supply chain method and focuses on the specific - * multibase validation check for a delta chain. This method also includes the check - * for delta certificate CA validation as well. + * This method is a sub set of the validate supply chain method and focuses + * on the specific multibase validation check for a delta chain. This method + * also includes the check for delta certificate CA validation as well. * * @param pc The platform credential getting checked * @param platformScv The validation record @@ -266,7 +289,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe // if it is, then update the SupplyChainValidation message and result if (result) { String message = "Multiple Base certificates found in chain."; - if (!platformScv.getResult().equals(AppraisalStatus.Status.PASS)) { + if (!platformScv.getResult().equals(PASS)) { message = String.format("%s,%n%s", platformScv.getMessage(), message); } subPlatformScv = buildValidationRecord( @@ -299,8 +322,93 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe return subPlatformScv; } + private SupplyChainValidation validateFirmware(final PlatformCredential pc, + final IssuedAttestationCertificate attCert) { + + TPMBaseline tpmBline; + String[] baseline = new String[Integer.SIZE]; + Level level = Level.ERROR; + AppraisalStatus fwStatus; + + if (attCert != null) { + LOGGER.error(attCert.getPcrValues()); + String[] pcrsSet = attCert.getPcrValues().split("\\+"); + String[] pcrs1 = pcrsSet[0].split("\\n"); + String[] pcrs256 = pcrsSet[1].split("\\n"); + for (int i = 0; i < pcrs1.length; i++) { + if (pcrs1[i].contains(":")) { + pcrs1[i].split(":"); + } + } + + for (int i = 0; i < pcrs256.length; i++) { + if (pcrs256[i].contains(":")) { + pcrs256[i].split(":"); + } + } + + ReferenceManifest rim = ReferenceManifest.select( + this.referenceManifestManager) + .byManufacturer(pc.getManufacturer()) + .getRIM(); + + if (rim == null) { + fwStatus = new AppraisalStatus(FAIL, String.format("Firmware validation failed: " + + "No associated RIM file could be found for %s", + pc.getManufacturer())); + } else { + StringBuilder sb = new StringBuilder(); + fwStatus = new AppraisalStatus(PASS, + SupplyChainCredentialValidator.FIRMWARE_VALID); + String failureMsg = "Firmware validation failed: PCR %d does not" + + " match%n%tBaseline [%s] <> Device [%s]%n"; + + List swids = rim.parseResource(); + for (SwidResource swid : swids) { + baseline = swid.getPcrValues() + .toArray(new String[swid.getPcrValues().size()]); + } + /** + * baseline is null. The purpose of the if check was to + * determine to process doing pcrs1 or pcrs256. So I have to + * rethink this. + * + * this goes back to not knowing if I should do one or the other + * and how to make that a setting of some kind. + */ + if (baseline[0].length() == pcrs1[0].length()) { + for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { + if (!baseline[i].equals(pcrs1[i])) { + sb.append(String.format(failureMsg, i, baseline[i], pcrs1[i])); + break; + } + } + } else if (baseline[0].length() == pcrs256[0].length()) { + for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) { + if (!baseline[i].equals(pcrs256[i])) { + sb.append(String.format(failureMsg, i, baseline[i], pcrs256[i])); + break; + } + } + } + if (sb.length() > 0) { + level = Level.ERROR; + fwStatus = new AppraisalStatus(FAIL, sb.toString()); + } else { + level = Level.INFO; + } + } + } else { + fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation" + + " Certificate can not be found."); + } + + return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE, + fwStatus.getAppStatus(), fwStatus.getMessage(), pc, level); + } + private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec, - final boolean acceptExpiredCerts) { + final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL; LOGGER.info("Validating endorsement credential"); @@ -316,14 +424,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe validateEndorsementCredential(ec, ecStore, acceptExpiredCerts); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), ec, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), ec, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), ec, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), ec, Level.ERROR); @@ -331,9 +437,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc, - final KeyStore - trustedCertificateAuthority, - final boolean acceptExpiredCerts) { + final KeyStore trustedCertificateAuthority, + final boolean acceptExpiredCerts) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -347,14 +452,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe trustedCertificateAuthority, acceptExpiredCerts); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), pc, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), pc, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), pc, Level.ERROR); @@ -362,8 +465,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } private SupplyChainValidation validatePlatformCredentialAttributes(final PlatformCredential pc, - final DeviceInfoReport deviceInfoReport, - final EndorsementCredential ec) { + final DeviceInfoReport deviceInfoReport, + final EndorsementCredential ec) { final SupplyChainValidation.ValidationType validationType = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; @@ -378,14 +481,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe validatePlatformCredentialAttributes(pc, deviceInfoReport, ec); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), pc, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), pc, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), pc, Level.ERROR); @@ -397,8 +498,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe final DeviceInfoReport deviceInfoReport, final PlatformCredential base, final Map deltaMapping) { - final SupplyChainValidation.ValidationType validationType = - SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; + final SupplyChainValidation.ValidationType validationType + = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL; if (delta == null) { LOGGER.error("No delta certificate to validate"); @@ -412,14 +513,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe base, deltaMapping); switch (result.getAppStatus()) { case PASS: - return buildValidationRecord(validationType, AppraisalStatus.Status.PASS, + return buildValidationRecord(validationType, PASS, result.getMessage(), delta, Level.INFO); case FAIL: return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), delta, Level.WARN); case ERROR: - return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, - result.getMessage(), delta, Level.ERROR); default: return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR, result.getMessage(), delta, Level.ERROR); @@ -427,8 +526,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * Creates a supply chain validation record and logs the validation - * message at the specified log level. + * Creates a supply chain validation record and logs the validation message + * at the specified log level. + * * @param validationType the type of validation * @param result the appraisal status * @param message the validation message to include in the summary and log @@ -451,18 +551,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * This method is used to retrieve the entire CA chain (up to a - * trusted self-signed certificate) for the given certificate. This method will look up - * CA certificates that have a matching issuer organization as the given certificate, and will - * perform that operation recursively until all certificates for all relevant organizations - * have been retrieved. For that reason, the returned set of certificates may be larger - * than the the single trust chain for the queried certificate, but is guaranteed to include - * the trust chain if it exists in this class' CertificateManager. + * This method is used to retrieve the entire CA chain (up to a trusted + * self-signed certificate) for the given certificate. This method will look + * up CA certificates that have a matching issuer organization as the given + * certificate, and will perform that operation recursively until all + * certificates for all relevant organizations have been retrieved. For that + * reason, the returned set of certificates may be larger than the the + * single trust chain for the queried certificate, but is guaranteed to + * include the trust chain if it exists in this class' CertificateManager. * Returns the certificate authority credentials in a KeyStore. * * @param credential the credential whose CA chain should be retrieved - * @return A keystore containing all relevant CA credentials to the given certificate's - * organization or null if the keystore can't be assembled + * @return A keystore containing all relevant CA credentials to the given + * certificate's organization or null if the keystore can't be assembled */ public KeyStore getCaChain(final Certificate credential) { KeyStore caKeyStore = null; @@ -475,33 +576,37 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe } /** - * This is a recursive method which is used to retrieve the entire CA chain (up to a - * trusted self-signed certificate) for the given certificate. This method will look up - * CA certificates that have a matching issuer organization as the given certificate, and will - * perform that operation recursively until all certificates for all relevant organizations - * have been retrieved. For that reason, the returned set of certificates may be larger - * than the the single trust chain for the queried certificate, but is guaranteed to include - * the trust chain if it exists in this class' CertificateManager. + * This is a recursive method which is used to retrieve the entire CA chain + * (up to a trusted self-signed certificate) for the given certificate. This + * method will look up CA certificates that have a matching issuer + * organization as the given certificate, and will perform that operation + * recursively until all certificates for all relevant organizations have + * been retrieved. For that reason, the returned set of certificates may be + * larger than the the single trust chain for the queried certificate, but + * is guaranteed to include the trust chain if it exists in this class' + * CertificateManager. * - * Implementation notes: - * 1. Queries for CA certs with a subject org matching the given (argument's) issuer org - * 2. Add that org to queriedOrganizations, so we don't search for that organization again - * 3. For each returned CA cert, add that cert to the result set, and recurse with that as the - * argument (to go up the chain), if and only if we haven't already queried for that - * organization (which prevents infinite loops on certs with an identical subject and - * issuer org) + * Implementation notes: 1. Queries for CA certs with a subject org matching + * the given (argument's) issuer org 2. Add that org to + * queriedOrganizations, so we don't search for that organization again 3. + * For each returned CA cert, add that cert to the result set, and recurse + * with that as the argument (to go up the chain), if and only if we haven't + * already queried for that organization (which prevents infinite loops on + * certs with an identical subject and issuer org) * * @param credential the credential whose CA chain should be retrieved - * @param previouslyQueriedOrganizations a list of organizations to refrain from querying - * @return a Set containing all relevant CA credentials to the given certificate's organization + * @param previouslyQueriedOrganizations a list of organizations to refrain + * from querying + * @return a Set containing all relevant CA credentials to the given + * certificate's organization */ private Set getCaChainRec( final Certificate credential, final Set previouslyQueriedOrganizations ) { - CertificateSelector caSelector = - CertificateAuthorityCredential.select(certificateManager) - .bySubjectOrganization(credential.getIssuerOrganization()); + CertificateSelector caSelector + = CertificateAuthorityCredential.select(certificateManager) + .bySubjectOrganization(credential.getIssuerOrganization()); Set certAuthsWithMatchingOrg = caSelector.getCertificates(); Set queriedOrganizations = new HashSet<>(previouslyQueriedOrganizations); diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java index 61b18e5c..34480353 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java @@ -130,7 +130,7 @@ public class AbstractAttestationCertificateAuthorityTest { @BeforeTest public void setup() { aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(), - null, null, null, null, 1, + null, null, null, null, null, 1, null, null) { }; } diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java index 34f022d4..079547de 100644 --- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java @@ -398,6 +398,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -451,6 +452,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -495,6 +497,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -530,6 +533,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -588,6 +592,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -633,6 +638,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, supplyChainCredentialValidator ); @@ -683,6 +689,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest policyManager, appraiserManager, realCertMan, + null, supplyChainValidationSummaryDBManager, new SupplyChainCredentialValidator() ); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java index acbdf711..9f3b4f08 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java @@ -153,6 +153,17 @@ public class CertificateRequestPageController extends PageController { try { SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model); - //If PC Validation is enabled without EC Validation, disallow change -// if (!isPolicyValid(firmwareValidationOptionEnabled, - //policy.isFirmwareValidationEnabled(), -// policy.isFirmwareValidationEnabled())) { -// handleUserError(model, messages, -// "To disable Endorsement Credential Validation, Platform Validation" -// + " must also be disabled."); -// return redirectToSelf(new NoPageParams(), model, attr); -// } + //If firmware is enabled without PC attributes, disallow change + if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) { + handleUserError(model, messages, + "Firmware validation can not be " + + "enabled without PC Attributes policy enabled."); + return redirectToSelf(new NoPageParams(), model, attr); + } // set the policy option and create success message if (firmwareValidationOptionEnabled) { diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index 75ec1fc8..9aa17a82 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -225,6 +225,10 @@ public class ReferenceManifestPageController messages, rim, referenceManifestManager); + + for (SwidResource swidRes : rim.parseResource()) { + System.out.println("testing this section!"); + } } } diff --git a/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java b/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java index 88938e6f..ab3bdafa 100644 --- a/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java +++ b/HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java @@ -21,7 +21,7 @@ import java.util.Enumeration; import hirs.DeviceInfoReportRequest; import hirs.collector.CollectorException; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.OSName; +import hirs.data.persist.enums.OSName; /** * Unit tests for DeviceInfoCollector. diff --git a/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java b/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java index 9d4629c7..70e2309d 100644 --- a/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java +++ b/HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java @@ -2,12 +2,12 @@ package hirs.provisioner.client; import hirs.client.collector.DeviceInfoCollector; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.OSName; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.enums.OSName; +import hirs.data.persist.info.TPMInfo; import hirs.structs.converters.StructConverter; import hirs.structs.elements.tpm.AsymmetricPublicKey; import hirs.tpm.tss.Tpm; diff --git a/HIRS_ProvisionerTPM2/lib/CPR.CMakeLists.txt.in b/HIRS_ProvisionerTPM2/lib/CPR.CMakeLists.txt.in index 132a0c4b..7c67b746 100644 --- a/HIRS_ProvisionerTPM2/lib/CPR.CMakeLists.txt.in +++ b/HIRS_ProvisionerTPM2/lib/CPR.CMakeLists.txt.in @@ -4,8 +4,8 @@ project(cpr-download NONE) include(ExternalProject) ExternalProject_Add(cpr - GIT_REPOSITORY https://github.com/whoshuu/cpr - GIT_TAG 1.3.0 + URL https://github.com/whoshuu/cpr/archive/1.3.0.zip + URL_HASH SHA1=d669d94b41ffaa2de478923c35a83074e34fdc12 SOURCE_DIR "${CMAKE_BINARY_DIR}/lib/cpr-src" BINARY_DIR "${CMAKE_BINARY_DIR}/lib/cpr-build" CONFIGURE_COMMAND "" diff --git a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java index 0edb16c4..168e6162 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java +++ b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java @@ -7,9 +7,9 @@ import hirs.alert.resolve.IgnoreAlertResolver; import hirs.alert.resolve.RemoveFromIMABaselineAlertResolver; import hirs.alert.resolve.RemoveFromTPMBaselineAlertResolver; import hirs.alert.resolve.RequestNewReportAlertResolver; -import hirs.data.persist.Baseline; -import hirs.data.persist.SimpleImaBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; /** * Specifies actions that can be taken to resolve an Alert. diff --git a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java index 51b04ad8..8b08cb72 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java +++ b/HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java @@ -6,19 +6,17 @@ import hirs.appraiser.IMAAppraiser; import hirs.appraiser.TPMAppraiser; import hirs.data.persist.Alert; import hirs.alert.resolve.AlertResolverFactory; -import static hirs.data.persist.Alert.AlertType.WHITE_LIST_PCR_MISMATCH; -import static hirs.data.persist.Alert.AlertType.REQUIRED_SET_MISMATCH; -import static hirs.data.persist.Alert.AlertType.UNKNOWN_FILE; -import static hirs.data.persist.Alert.AlertType.WHITELIST_MISMATCH; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ImaIgnoreSetBaseline; -import hirs.data.persist.TPMBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.TPMBaseline; import hirs.data.persist.TPMPolicy; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import hirs.persist.AppraiserManager; import hirs.persist.DeviceManager; import hirs.persist.PolicyManager; @@ -90,7 +88,7 @@ public class AlertResolutionService { // the same, so take them from the first alert DeviceGroup deviceGroup = deviceManager.getDevice(alerts.get(0).getDeviceName()) .getDeviceGroup(); - Alert.Source source = alerts.get(0).getSource(); + AlertSource source = alerts.get(0).getSource(); // build a list of resolution options specific to the alert source LOGGER.debug(String.format("source of alerts is %s", source.toString())); @@ -122,8 +120,8 @@ public class AlertResolutionService { List options = new ArrayList<>(); Device device = null; - Alert.Source sharedSource = null; - Alert.Source currentSource = null; + AlertSource sharedSource = null; + AlertSource currentSource = null; DeviceGroup sharedDeviceGroup = null; DeviceGroup currentDeviceGroup = null; @@ -191,14 +189,14 @@ public class AlertResolutionService { boolean canAddToBaseline = true; - Alert.AlertType alertType; + AlertType alertType; for (Alert alert : alertList) { alertType = alert.getType(); // addToBaseline only helps if each alert would be fixed by adding a record - if (!alertType.equals(WHITELIST_MISMATCH) - && !alertType.equals(REQUIRED_SET_MISMATCH) - && !alertType.equals(UNKNOWN_FILE)) { + if (!alertType.equals(AlertType.WHITELIST_MISMATCH) + && !alertType.equals(AlertType.REQUIRED_SET_MISMATCH) + && !alertType.equals(AlertType.UNKNOWN_FILE)) { LOGGER.debug("cannot add ima record to baseline to resolve alert because alert is" + " type {}", alertType); canAddToBaseline = false; @@ -269,7 +267,7 @@ public class AlertResolutionService { // should only attempt to add to the baseline if all the alerts are of // the type WHITE_LIST_PCR_MISMATCH for (Alert alert : alertList) { - if (!alert.getType().equals(WHITE_LIST_PCR_MISMATCH)) { + if (!alert.getType().equals(AlertType.WHITE_LIST_PCR_MISMATCH)) { canEditBaseline = false; break; } diff --git a/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java b/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java index f8d24bfb..98925165 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java +++ b/HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java @@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.fasterxml.jackson.databind.ObjectMapper; +import hirs.data.persist.enums.AlertSeverity; import java.util.Optional; import java.util.UUID; @@ -88,7 +89,7 @@ public class JsonAlertService extends ManagedAlertService { items.put("hostname", InetAddress.getLocalHost().getHostName()); items.put("source", "PORTAL"); items.put("type", "Test JSON"); - items.put("severity", Alert.Severity.INFO.toString()); + items.put("severity", AlertSeverity.INFO.toString()); items.put("details", "This is a test alert sent by the HIRS portal."); return send(jsonMonitor, buildJson(items)); diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java index d8e19f9f..91632da8 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.springframework.stereotype.Component; /** diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java index 5825ef5f..b70487a8 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.alert.AlertResolutionAction; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.persist.BaselineManager; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java index 6f0770fa..07c3598d 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java @@ -1,8 +1,8 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.persist.ImaBaselineRecordManager; import org.springframework.beans.factory.annotation.Autowired; diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java index 611dde6f..9ad5b78d 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java @@ -1,7 +1,7 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.springframework.stereotype.Component; /** diff --git a/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java b/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java index 3297f480..b86bbdb0 100644 --- a/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java +++ b/HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java @@ -2,8 +2,8 @@ package hirs.alert.resolve; import hirs.data.persist.Alert; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.TPMBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.TPMBaseline; import hirs.data.persist.TPMMeasurementRecord; import java.util.HashSet; import java.util.Set; diff --git a/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java b/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java index 173b9cfe..48e3e7f8 100644 --- a/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java +++ b/HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java @@ -4,13 +4,13 @@ import hirs.DeviceInfoReportRequest; import hirs.ReportRequest; import hirs.collector.CollectorException; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.OSName; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.enums.OSName; import hirs.data.persist.Report; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java b/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java index 37d2b63d..6ebe421f 100644 --- a/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java +++ b/HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java @@ -3,7 +3,7 @@ package hirs.data.bean; import java.util.Date; import java.util.UUID; -import hirs.data.persist.Alert; +import hirs.data.persist.enums.AlertSeverity; /** * Provides a bean that can be used to encapsulate simple baseline data. @@ -12,7 +12,7 @@ public class SimpleBaselineBean { private UUID id; private Date createTime; private String name; - private Alert.Severity severity; + private AlertSeverity severity; private String type; /** @@ -43,7 +43,7 @@ public class SimpleBaselineBean { * Get the severity. * @return Alert.Severity. */ - public Alert.Severity getSeverity() { + public AlertSeverity getSeverity() { return severity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java b/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java index a2e3d819..4d7cc5a4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.enums.DigestAlgorithm; import java.util.Arrays; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -8,6 +10,7 @@ import javax.xml.bind.DatatypeConverter; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; +import org.apache.logging.log4j.LogManager; /** * This abstract class represents a message digest. Extending classes include @@ -19,6 +22,8 @@ import org.apache.commons.lang3.ArrayUtils; * (see {@link ImaBlacklistRecord} for reference.) */ public abstract class AbstractDigest { + private static final org.apache.logging.log4j.Logger LOGGER = + LogManager.getLogger(AbstractDigest.class); /** * Length of MD2 digest. */ @@ -60,8 +65,7 @@ public abstract class AbstractDigest { } if (ArrayUtils.isEmpty(digest)) { - final String msg = "Digest must have at least one byte"; - throw new IllegalArgumentException(msg); + throw new IllegalArgumentException("Digest must have at least one byte"); } if (digest.length != algorithm.getLengthInBytes()) { @@ -69,6 +73,51 @@ public abstract class AbstractDigest { } } + /** + * This method will help class determine the algorithm associated with the + * pcr values given. + * + * @param digest list of pcr values. + * @return the associated algorithm. + */ + public static final DigestAlgorithm getDigestAlgorithm(final byte[] digest) { + if (digest == null || ArrayUtils.isEmpty(digest)) { + return DigestAlgorithm.UNSPECIFIED; + } + + switch (digest.length) { + case MD2_DIGEST_LENGTH: + return DigestAlgorithm.MD5; + case SHA1_DIGEST_LENGTH: + return DigestAlgorithm.SHA1; + case SHA256_DIGEST_LENGTH: + return DigestAlgorithm.SHA256; + case SHA384_DIGEST_LENGTH: + return DigestAlgorithm.SHA384; + case SHA512_DIGEST_LENGTH: + return DigestAlgorithm.SHA512; + default: + return DigestAlgorithm.UNSPECIFIED; + } + } + + /** + * This method will help class determine the algorithm associated with the + * pcr values given. + * + * @param digest list of pcr values. + * @return the associated algorithm. + */ + public static final DigestAlgorithm getDigestAlgorithm(final String digest) { + try { + return getDigestAlgorithm(Hex.decodeHex(digest.toCharArray())); + } catch (Exception deEx) { + LOGGER.error(deEx); + } + + return DigestAlgorithm.UNSPECIFIED; + } + /** * Retrieves the DigestAlgorithm that identifies which hash * function generated the digest. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java b/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java index a8fbf3a6..71db4936 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Alert.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.CollectionTable; @@ -16,7 +20,6 @@ import javax.persistence.Table; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -import javax.xml.bind.annotation.XmlType; import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -68,7 +71,7 @@ public class Alert extends ArchivableEntity { @Column(name = "source") @Enumerated(EnumType.STRING) - private Source source = Source.UNSPECIFIED; + private AlertSource source = AlertSource.UNSPECIFIED; @Column(name = "type") @Enumerated(EnumType.STRING) @@ -82,231 +85,7 @@ public class Alert extends ArchivableEntity { @Column(name = "severity") @Enumerated(EnumType.STRING) - private Severity severity = Severity.UNSPECIFIED; - - /** - * The 'source' of the Alert, which is a string enumeration - * representing the component within the HIRS system that caused the - * Alert to be generated. For example, if a record mismatch is - * detected by the IMAAppraiser, the source of the - * Alert will be "IMAAppraiser". In some cases the class name - * may be used, and in other cases a more abstract name may be used to - * provide clarity to the user, such as the REPORT_PROCESSOR - * type, which can come from the SOAPMessageProcessor, the - * SOAPReportProcessor, or the HIRSAppraiser. - */ - @XmlType(name = "AlertSource") - public enum Source { - /** - * The alerts generated from an unspecified source. - */ - UNSPECIFIED, - /** - * Alerts generated within SOAPMessageProcessor, - * SOAPReportProcessor, or HIRSAppraiser will - * all use the same source. This makes sense right now because those - * Alerts will all be related to Reports that do not match - * the expected format. - */ - REPORT_PROCESSOR, - /** - * Alerts generated within the IMAAppraiser. - */ - IMA_APPRAISER, - /** - * Alerts generated within the TPMAppraiser. - */ - TPM_APPRAISER, - /** - * Alerts generated within OnDemandReportRequestManager. - */ - REPORT_REQUESTOR - } - - - - /** - * The 'type' of the Alert, which is the category of problem identified by - * the 'source'. - */ - @XmlType(name = "AlertType") - public enum AlertType { - /** - * The alert type has not been specified. - */ - UNSPECIFIED, - - /** - * The Report does not contain the necessary elements or it - * contains certain unnecessary elements. - */ - MALFORMED_REPORT, - - /** - * The Report does not contain the correct - * TPMMeasurementRecords or the PCR values are not correct. - */ - WHITE_LIST_PCR_MISMATCH, - - /** - * The Report contains a TPMMeasurementRecord - * matching a TPM BlackList. - */ - BLACK_LIST_PCR_MATCH, - - /** - * The TPMReport does not contain a valid nonce. - */ - INVALID_NONCE, - - /** - * The TPMReport does not contain a valid TPM Quote (PCR Digest). - */ - INVALID_TPM_QUOTE, - - /** - * The TPMReport does not contain a valid signature. - */ - INVALID_SIGNATURE, - - /** - * The TPMReport does not contain a valid certificate. - */ - INVALID_CERTIFICATE, - - /** - * The IMAReport contains a whitelist hash mismatch. - */ - WHITELIST_MISMATCH, - - /** - * The IMAReport contains a required set hash mismatch. - */ - REQUIRED_SET_MISMATCH, - - /** - * The Report is missing a required record. - */ - MISSING_RECORD, - - /** - * The IMAReport contains an unknown filepath. - */ - UNKNOWN_FILE, - - /** - * The client's ReportRequest query messages missing. - */ - REPORT_REQUESTS_MISSING, - - /** - * Client periodic IntegrityReport missing. - */ - PERIODIC_REPORT_MISSING, - - /** - * On-demand IntegrityReport missing. - */ - ON_DEMAND_REPORT_MISSING, - - /** - * The client sent a report that indicates IMA was not enabled correctly. - */ - IMA_MISCONFIGURED, - - /** - * PCR mismatches and device info changes indicated a kernel update. - */ - KERNEL_UPDATE_DETECTED, - - /** - * The Report does not contain the correct - * TPMMeasurementRecords associated with IMA measurements. - */ - IMA_PCR_MISMATCH, - - /** - * Indicates an IMA measurement had a path which matched an entry in a blacklist baseline. - */ - IMA_BLACKLIST_PATH_MATCH, - - /** - * Indicates an IMA measurement had a hash which matched an entry in a blacklist baseline. - */ - IMA_BLACKLIST_HASH_MATCH, - - /** - * Indicates an IMA measurement had both a path and hash which matched an entry in a - * blacklist baseline. - */ - IMA_BLACKLIST_PATH_AND_HASH_MATCH, - - /** - * Indicates an IMA measurement had a path that matched an entry in a blacklist baseline, - * and also had a hash that matched another entry in the same (or another) baseline. - */ - IMA_BLACKLIST_MIXED_MATCH - } - - /** - * The 'severity' of the Alert, which is a string enumeration - * representing the predicted importance of the problem identified. - * - * A constructor with the enum is used to set a criticality number for each severity level. - * Severity levels can be compared against each other by using the getCriticality method. - * - */ - @XmlType(name = "AlertSeverity") - public enum Severity { - - /** - * Used for situations where Severity remains to be implemented or the - * exact level has not been determined for a specific use case. - */ - UNSPECIFIED(5), - /** - * Equivalent to "Ignore" or "Quiet". This is not used for general logging, - * but for Alert level messages that, in specific cases, are not applicable - * or can be or need to be ignored. - */ - INFO(10), - /** - * Applies to a non-system critical file or condition. - */ - LOW(15), - /** - * Involves a stable or system-critical file or a stable PCR value. - */ - HIGH(25), - /** - * Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious - * intent that an automated response, such as network disconnection, is warranted. - */ - SEVERE(30); - - /** - * Criticality number assigned to a severity level. - */ - private int criticality; - - /** - * Constructor used to set the criticality level. - * - * @param c criticality level - */ - Severity(final int c) { - criticality = c; - } - - /** - * Return criticality level assigned to severity level. - * - * @return criticality level - */ - int getCriticality() { - return criticality; - } - } + private AlertSeverity severity = AlertSeverity.UNSPECIFIED; /** * Creates a new Alert with the message details. The details @@ -465,7 +244,7 @@ public class Alert extends ArchivableEntity { * @see Source */ @XmlAttribute(name = "source") - public final Source getSource() { + public final AlertSource getSource() { return source; } @@ -474,7 +253,7 @@ public class Alert extends ArchivableEntity { * * @param source of this Alert */ - public final void setSource(final Source source) { + public final void setSource(final AlertSource source) { this.source = source; } @@ -574,7 +353,7 @@ public class Alert extends ArchivableEntity { * Set the severity of the alert regardless of baseline. * @param severity Alert.Severity. */ - public final void setSeverity(final Alert.Severity severity) { + public final void setSeverity(final AlertSeverity severity) { // only overwrite severity if the new one is non-null if (severity != null) { this.severity = severity; @@ -602,7 +381,7 @@ public class Alert extends ArchivableEntity { * @see Severity */ @XmlAttribute(name = "severity") - public final Severity getSeverity() { + public final AlertSeverity getSeverity() { return severity; } @@ -635,8 +414,8 @@ public class Alert extends ArchivableEntity { * @return prioritized severity level based on criticality * */ - private Alert.Severity getPrioritizedSeverityLevel(final Alert.Severity checkSeverity) { - Alert.Severity severityLevel = this.severity; + private AlertSeverity getPrioritizedSeverityLevel(final AlertSeverity checkSeverity) { + AlertSeverity severityLevel = this.severity; if (severityLevel.getCriticality() < checkSeverity.getCriticality()) { severityLevel = checkSeverity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java b/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java index 565e84d6..75f50a5a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.CertificateValidationStatus; + /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Device.java b/HIRS_Utils/src/main/java/hirs/data/persist/Device.java index 934ae142..8a5a9c26 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Device.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Device.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import hirs.DeviceGroupSerializer; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java index 239f0548..0539922d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.persist.ScheduledJobInfo; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java index 990fae3a..104962a2 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import static org.apache.logging.log4j.LogManager.getLogger; import javax.persistence.Column; @@ -34,6 +40,18 @@ public class DeviceInfoReport extends Report implements Serializable { * A variable used to describe unavailable hardware, firmware, or OS info. */ public static final String NOT_SPECIFIED = "Not Specified"; + /** + * Constant variable representing the various Short sized strings. + */ + public static final int SHORT_STRING_LENGTH = 32; + /** + * Constant variable representing the various Medium sized strings. + */ + public static final int MED_STRING_LENGTH = 64; + /** + * Constant variable representing the various Long sized strings. + */ + public static final int LONG_STRING_LENGTH = 255; @XmlElement @Embedded diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java b/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java index e5e5e319..dcc2a691 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/Digest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; @@ -77,6 +78,14 @@ public final class Digest extends AbstractDigest { this.digest = Arrays.copyOf(digest, digest.length); } + /** + * Creates a new Digest when an algorithm isn't specified. + * @param digest byte array value + */ + public Digest(final byte[] digest) { + this(AbstractDigest.getDigestAlgorithm(digest), digest); + } + /** * Default constructor necessary for Hibernate. */ diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java index a34d8aa1..96c486c1 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java index 9cf28550..b8a34210 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.AlertSource; import org.hibernate.criterion.Criterion; import org.hibernate.criterion.Restrictions; @@ -197,7 +198,7 @@ public class IMADeviceState extends DeviceState { @Override public Criterion getDeviceTrustAlertCriterion() { Criterion createTimeRestriction = Restrictions.ge("createTime", mostRecentFullReportDate); - Criterion sourceRestriction = Restrictions.eq("source", Alert.Source.IMA_APPRAISER); + Criterion sourceRestriction = Restrictions.eq("source", AlertSource.IMA_APPRAISER); return Restrictions.and(createTimeRestriction, sourceRestriction); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java index e5f5f99c..fd2b772c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import com.fasterxml.jackson.annotation.JsonIgnore; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java index c46cb290..4a68af55 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.HasBaselines; +import hirs.data.persist.baseline.Baseline; import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java index b758f493..372c3266 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.enums.AlertType; import org.apache.commons.lang3.StringUtils; import javax.persistence.Entity; @@ -97,8 +100,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { public ImaBlacklistRecord( final String path, final Digest hash, - final String description - ) { + final String description) { this(path, hash, description, null); } @@ -125,8 +127,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { final String path, final Digest hash, final String description, - final ImaBlacklistBaseline baseline - ) { + final ImaBlacklistBaseline baseline) { super(path, hash, description); if (path == null && hash == null) { throw new IllegalArgumentException("Cannot instantiate with both a null path and hash"); @@ -171,13 +172,13 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord { * * @return the alert match type */ - public Alert.AlertType getAlertMatchType() { + public AlertType getAlertMatchType() { if (getPath() == null) { - return Alert.AlertType.IMA_BLACKLIST_HASH_MATCH; + return AlertType.IMA_BLACKLIST_HASH_MATCH; } else if (getHash() == null) { - return Alert.AlertType.IMA_BLACKLIST_PATH_MATCH; + return AlertType.IMA_BLACKLIST_PATH_MATCH; } else { - return Alert.AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH; + return AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH; } } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java index a1b31567..d53f68e4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java @@ -5,6 +5,8 @@ */ package hirs.data.persist; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.JoinColumn; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java b/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java index c5fe36c8..ae31138a 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.Column; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java index 8c341709..bd1f869d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java @@ -89,6 +89,12 @@ public class ReferenceManifest extends ArchivableEntity { public Selector(final ReferenceManifestManager referenceManifestManager) { super(referenceManifestManager); } + + /** + * Specify a manufacturer that certificates must have to be considered as matching. + * @param rimType the manufacturer to query, not empty or null + * @return this instance (for chaining further calls) + */ } @Column @@ -303,9 +309,10 @@ public class ReferenceManifest extends ArchivableEntity { if (rimBytes != null && elementName != null) { try { SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(this.rimBytes)); + JAXBElement element; for (Object object : si.getEntityOrEvidenceOrLink()) { if (object instanceof JAXBElement) { - JAXBElement element = (JAXBElement) object; + element = (JAXBElement) object; if (element.getName().getLocalPart().equals(elementName)) { // found the element baseElement = (BaseElement) element.getValue(); @@ -407,11 +414,11 @@ public class ReferenceManifest extends ArchivableEntity { for (FilesystemItem fsi : directory.getDirectoryOrFile()) { if (fsi != null) { resources.add(new SwidResource( - (hirs.utils.xjc.File) fsi)); + (hirs.utils.xjc.File) fsi, null)); } } } else if (meta instanceof hirs.utils.xjc.File) { - resources.add(new SwidResource((hirs.utils.xjc.File) meta)); + resources.add(new SwidResource((hirs.utils.xjc.File) meta, null)); } } } @@ -429,13 +436,13 @@ public class ReferenceManifest extends ArchivableEntity { * This method unmarshalls the swidtag found at [path] and validates it * according to the schema. * - * @param path to the input swidtag + * @param stream to the input swidtag * @return the SoftwareIdentity element at the root of the swidtag * @throws IOException if the swidtag cannot be unmarshalled or validated */ private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException { JAXBElement jaxbe = null; - Schema schema = null; + Schema schema; try { schema = DBReferenceManifestManager.getSchemaObject(); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java b/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java index 9bad68c8..ae0d52d5 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java @@ -1,14 +1,28 @@ package hirs.data.persist; import com.google.common.base.Preconditions; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.tpm.eventlog.TCGEventLogProcessor; import hirs.utils.xjc.File; +import java.io.IOException; import java.util.Map; import java.util.List; import java.util.LinkedHashMap; import java.util.Collections; import java.math.BigInteger; +import java.nio.file.Files; +import java.nio.file.NoSuchFileException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.text.DecimalFormat; +import java.util.Arrays; import javax.xml.namespace.QName; +import org.apache.commons.codec.DecoderException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * This object is used to represent the content of a Swid Tags Directory @@ -16,6 +30,8 @@ import javax.xml.namespace.QName; */ public class SwidResource { + private static final Logger LOGGER = LogManager.getLogger(SwidResource.class); + private static final String CATALINA_HOME = System.getProperty("catalina.base"); private static final String TOMCAT_UPLOAD_DIRECTORY = "/webapps/HIRS_AttestationCAPortal/upload/"; @@ -30,6 +46,8 @@ public class SwidResource { private String rimFormat, rimType, rimUriGlobal, hashValue; private List pcrValues; + private TpmWhiteListBaseline tpmWhiteList; + private DigestAlgorithm digest = DigestAlgorithm.SHA1; /** * Default constructor. @@ -46,15 +64,17 @@ public class SwidResource { /** * The main constructor that processes a {@code hirs.utils.xjc.File}. + * * @param file {@link hirs.utils.xjc.File} + * @param digest algorithm associated with pcr values */ - public SwidResource(final File file) { + public SwidResource(final File file, final DigestAlgorithm digest) { Preconditions.checkArgument(file != null, "Cannot construct a RIM Resource from a null File object"); this.name = file.getName(); // at this time, there is a possibility to get an object with - // not size even though it is required. + // no size even though it is required. if (file.getSize() != null) { this.size = file.getSize().toString(); } else { @@ -79,10 +99,30 @@ public class SwidResource { default: } } + + this.digest = digest; + parsePcrValues(); + tpmWhiteList = new TpmWhiteListBaseline(this.name); + if (!pcrValues.isEmpty()) { + int i = 0; + for (String pcr : pcrValues) { + if (this.digest == null) { + // determine by length of pcr value + this.digest = AbstractDigest.getDigestAlgorithm(pcr); + } + try { + tpmWhiteList.addToBaseline( + new TPMMeasurementRecord(i++, pcr)); + } catch (DecoderException deEx) { + LOGGER.error(deEx); + } + } + } } /** * Getter for the file name. + * * @return string of the file name */ public String getName() { @@ -91,6 +131,7 @@ public class SwidResource { /** * Getter for the file size. + * * @return string of the file size. */ public String getSize() { @@ -99,6 +140,7 @@ public class SwidResource { /** * Getter for the RIM format for the resource. + * * @return string of the format */ public String getRimFormat() { @@ -107,6 +149,7 @@ public class SwidResource { /** * Getter for the RIM resource type. + * * @return string of the resource type. */ public String getRimType() { @@ -115,6 +158,7 @@ public class SwidResource { /** * Getter for the RIM Global URI. + * * @return string of the URI */ public String getRimUriGlobal() { @@ -122,7 +166,8 @@ public class SwidResource { } /** - * Getter for the associated Hash. + * Getter for the associated Hash of the file. + * * @return string of the hash */ public String getHashValue() { @@ -131,6 +176,7 @@ public class SwidResource { /** * Getter for the list of PCR Values. + * * @return an unmodifiable list */ public List getPcrValues() { @@ -139,6 +185,7 @@ public class SwidResource { /** * Setter for the list of associated PCR Values. + * * @param pcrValues a collection of PCRs */ public void setPcrValues(final List pcrValues) { @@ -147,6 +194,7 @@ public class SwidResource { /** * Getter for a generated map of the PCR values. + * * @return mapping of PCR# to the actual value. */ public LinkedHashMap getPcrMap() { @@ -164,4 +212,33 @@ public class SwidResource { return innerMap; } + + /** + * + */ + private void parsePcrValues() { + TCGEventLogProcessor logProcessor = new TCGEventLogProcessor(); + + try { + Path logPath = Paths.get(String.format("%s/%s", + SwidResource.RESOURCE_UPLOAD_FOLDER, + this.getName())); + if (Files.exists(logPath)) { + logProcessor = new TCGEventLogProcessor( + Files.readAllBytes(logPath)); + } + this.setPcrValues(Arrays.asList( + logProcessor.getExpectedPCRValues())); + } catch (NoSuchFileException nsfEx) { + LOGGER.error(String.format("File Not found!: %s", + this.getName())); + LOGGER.error(nsfEx); + } catch (IOException ioEx) { + LOGGER.error(ioEx); + } catch (CertificateException cEx) { + LOGGER.error(cEx); + } catch (NoSuchAlgorithmException naEx) { + LOGGER.error(naEx); + } + } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java index 468bbca5..bd7e20de 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java @@ -10,6 +10,8 @@ import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; /** * Class represents a Trusted Platform Module (TPM) Platform Configuration @@ -43,15 +45,13 @@ public final class TPMMeasurementRecord extends ExaminableRecord { private final Digest hash; /** - * Constructor initializes values associated with PCRMeasurementRecord. + * Constructor initializes values associated with TPMMeasurementRecord. * - * @param pcrId - * is the TPM PCR index. pcrId must be between 0 and 23. + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. * @param hash * represents the measurement digest found at the particular PCR * index. - * @throws IllegalArgumentException - * if digest algorithm is not SHA-1 + * @throws IllegalArgumentException if pcrId is not valid */ public TPMMeasurementRecord(final int pcrId, final Digest hash) throws IllegalArgumentException { @@ -66,6 +66,30 @@ public final class TPMMeasurementRecord extends ExaminableRecord { this.hash = hash; } + /** + * Constructor initializes values associated with TPMMeasurementRecord. + * + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. + * @param hash represents the measurement digest found at the particular PCR + * index. + * @throws DecoderException if there is a decode issue with string hex. + */ + public TPMMeasurementRecord(final int pcrId, final String hash) + throws DecoderException { + this(pcrId, new Digest(Hex.decodeHex(hash.toCharArray()))); + } + + /** + * Constructor initializes values associated with TPMMeasurementRecord. + * + * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23. + * @param hash represents the measurement digest found at the particular PCR + * index. + */ + public TPMMeasurementRecord(final int pcrId, final byte[] hash) { + this(pcrId, new Digest(hash)); + } + /** * Helper method to determine if a PCR ID number is valid. * diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java index 5aeb3b21..63603ffc 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java @@ -1,5 +1,10 @@ package hirs.data.persist; +import hirs.data.persist.baseline.TpmBlackListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.HasBaselines; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -73,7 +78,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { @Column(nullable = false) @Enumerated(EnumType.STRING) - private Alert.Severity kernelUpdateAlertSeverity = Alert.Severity.UNSPECIFIED; + private AlertSeverity kernelUpdateAlertSeverity = AlertSeverity.UNSPECIFIED; @ManyToMany(fetch = FetchType.EAGER) @JoinTable(name = "TPMWhiteListBaselines", @@ -550,7 +555,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { * Gets the severity of kernel update alerts. * @return the severity */ - public Alert.Severity getKernelUpdateAlertSeverity() { + public AlertSeverity getKernelUpdateAlertSeverity() { return kernelUpdateAlertSeverity; } @@ -558,7 +563,7 @@ public final class TPMPolicy extends Policy implements HasBaselines { * Sets the severity of kernel update alerts. * @param severity The desired severity of kernel update alerts. */ - public void setKernelUpdateAlertSeverity(final Alert.Severity severity) { + public void setKernelUpdateAlertSeverity(final AlertSeverity severity) { kernelUpdateAlertSeverity = severity; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java index 69fab7b3..70f42b0c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/AbstractImaBaselineRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java @@ -1,5 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.Digest; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.OptionalDigest; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -70,7 +73,7 @@ public abstract class AbstractImaBaselineRecord { * @throws IllegalArgumentException * if digest algorithm is not SHA-1 */ - AbstractImaBaselineRecord(final String path, final Digest hash, final String description) + public AbstractImaBaselineRecord(final String path, final Digest hash, final String description) throws IllegalArgumentException { if (hash != null && hash.getAlgorithm() != DigestAlgorithm.SHA1) { throw new IllegalArgumentException("Hash algorithm is not SHA-1"); diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java index e3612e38..e502b277 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/Baseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.UserDefinedEntity; +import hirs.data.persist.enums.AlertSeverity; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.Column; @@ -29,7 +31,7 @@ public abstract class Baseline extends UserDefinedEntity { @Column(nullable = false, name = "severity") @Enumerated(EnumType.STRING) - private Alert.Severity severity = Alert.Severity.UNSPECIFIED; + private AlertSeverity severity = AlertSeverity.UNSPECIFIED; @Column(nullable = false) private String type; @@ -67,7 +69,7 @@ public abstract class Baseline extends UserDefinedEntity { * Gets the baseline severity. * @return the severity */ - public Alert.Severity getSeverity() { + public AlertSeverity getSeverity() { return severity; } @@ -75,7 +77,7 @@ public abstract class Baseline extends UserDefinedEntity { * Sets the severity of alerts raised by this baseline. * @param severity The desired severity of alerts raised by this baseline */ - public void setSeverity(final Alert.Severity severity) { + public void setSeverity(final AlertSeverity severity) { this.severity = severity; } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java index d952f968..2495f1c9 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BroadRepoImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import hirs.persist.RepositoryManager; import hirs.repository.Repository; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java similarity index 51% rename from HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java index 1c891b2f..e4437b36 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HasBaselines.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java @@ -1,9 +1,4 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package hirs.data.persist; +package hirs.data.persist.baseline; import java.util.List; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java index 876f5be7..a7eac810 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/IMABaselineRecord.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -13,6 +13,7 @@ import javax.persistence.Table; import javax.persistence.Transient; import com.google.common.base.Preconditions; +import hirs.data.persist.Digest; /** * An IMABaselineRecord represents a single entry in an diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java index 920efbb2..80ec3f48 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaAcceptableRecordBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java @@ -1,6 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.persist.ImaBaselineRecordManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java index 30b0ee8a..809b2a2c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.persist.ImaBaselineRecordManager; import org.hibernate.annotations.Type; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java index 0948404d..5adb5c53 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java @@ -1,7 +1,10 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; +import hirs.data.persist.ImaBlacklistRecord; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaBlacklistRecordMatcher; import hirs.persist.ImaBaselineRecordManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java index b2b20e16..6eb919b8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java @@ -3,11 +3,14 @@ * To change this template file, choose Tools | Templates * and open the template in the editor. */ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; +import hirs.data.persist.ImaIgnoreSetRecord; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaIgnoreSetRecordMatcher; import hirs.persist.ImaBaselineRecordManager; @@ -202,7 +205,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline { * @return * returns true is the record was added to the list, false if not */ - final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) { + public final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) { if (record == null) { LOGGER.error("invalid parameter (NULL value) " + "passed to ImaIgnoreSetBaseline.addOnlyToBaseline"); @@ -227,7 +230,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline { * record to remove * @return a boolean indicating if the removal was successful */ - final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) { + public final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) { return imaIgnoreSetRecords.remove(record); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java index 2ad3ea45..cbe27224 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/QueryableRecordImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java @@ -1,6 +1,9 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.google.common.base.Preconditions; +import hirs.data.persist.Digest; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.ima.matching.ImaAcceptableHashRecordMatcher; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java similarity index 98% rename from HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java index 137484bb..447081a1 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/SimpleImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java @@ -1,7 +1,9 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.fasterxml.jackson.annotation.JsonIgnore; import com.google.common.base.Preconditions; +import hirs.data.persist.IMAMeasurementRecord; +import hirs.data.persist.IMAPolicy; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.ImaAcceptableHashRecordMatcher; import hirs.ima.matching.ImaAcceptablePathAndHashRecordMatcher; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java similarity index 75% rename from HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java index 71b97263..9558c1d7 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java @@ -1,5 +1,13 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.Digest; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.TPMMeasurementRecord; +import hirs.data.persist.info.RIMInfo; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -23,14 +31,12 @@ import java.util.Set; public abstract class TPMBaseline extends Baseline { private static final Logger LOGGER = LogManager.getLogger(TPMBaseline.class); - private static final String NOT_SPECIFIED = "Not Specified"; @ElementCollection(fetch = FetchType.EAGER) @CollectionTable(name = "TPMBaselineRecords", joinColumns = { @JoinColumn(name = "BaselineID", nullable = false) }) private final Set pcrRecords = new LinkedHashSet<>(); - @Embedded private FirmwareInfo firmwareInfo; @@ -43,6 +49,8 @@ public abstract class TPMBaseline extends Baseline { @Embedded private TPMInfo tpmInfo; + @Embedded + private RIMInfo rimInfo; /** * Creates a new TPMBaseline with no valid PCR entries and no device-specific PCRs. @@ -63,48 +71,14 @@ public abstract class TPMBaseline extends Baseline { initDeviceInfo(); } - - private void initDeviceInfo() { - initFirmwareInfo(); - initHardwareInfo(); - initOSInfo(); - initTPMInfo(); - } - - /** - * Creates default FirmwareInfo object. - */ - private void initFirmwareInfo() { firmwareInfo = new FirmwareInfo(); + hardwareInfo = new HardwareInfo(); + osInfo = new OSInfo(); + tpmInfo = new TPMInfo(); + rimInfo = new RIMInfo(); } - - /** - * Creates default HardwareInfo object. - */ - private void initHardwareInfo() { - hardwareInfo = - new HardwareInfo(); - } - - /** - * Creates default OSInfo object. - */ - private void initOSInfo() { - osInfo = - new OSInfo(); - } - - /** - * Creates default TPMInfo object. - */ - private void initTPMInfo() { - tpmInfo = - new TPMInfo(); - } - - /** * Retrieves the FirmwareInfo for this TPMBaseline. * @return FirmwareInfo @@ -115,7 +89,7 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the HardwareInfo for this TPMBaseline. - * @return FirmwareInfo + * @return HardwareInfo */ public final HardwareInfo getHardwareInfo() { return hardwareInfo; @@ -123,7 +97,7 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the OSInfo for this TPMBaseline. - * @return FirmwareInfo + * @return OSInfo */ public final OSInfo getOSInfo() { return osInfo; @@ -131,12 +105,20 @@ public abstract class TPMBaseline extends Baseline { /** * Retrieves the TPMInfo for this TPMBaseline. - * @return FirmwareInfo + * @return TPMInfo */ public final TPMInfo getTPMInfo() { return tpmInfo; } + /** + * Retrieves the RIMInfo for this TPMBaseline. + * @return an instance of RIMInfo + */ + public final RIMInfo getRIMInfo() { + return rimInfo; + } + /** * Copy the Firmware data from another object. If null, the default * FirmwareInfo data will be used. @@ -144,7 +126,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setFirmwareInfo(final FirmwareInfo firmwareInfo) { if (firmwareInfo == null) { - initFirmwareInfo(); + this.firmwareInfo = new FirmwareInfo(); } else { this.firmwareInfo = firmwareInfo; } @@ -157,7 +139,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setHardwareInfo(final HardwareInfo hardwareInfo) { if (hardwareInfo == null) { - initHardwareInfo(); + this.hardwareInfo = new HardwareInfo(); } else { this.hardwareInfo = hardwareInfo; } @@ -170,7 +152,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setOSInfo(final OSInfo osInfo) { if (osInfo == null) { - initOSInfo(); + this.osInfo = new OSInfo(); } else { this.osInfo = osInfo; } @@ -183,7 +165,7 @@ public abstract class TPMBaseline extends Baseline { */ public final void setTPMInfo(final TPMInfo tpmInfo) { if (tpmInfo == null) { - initTPMInfo(); + this.tpmInfo = new TPMInfo(); } else { this.tpmInfo = tpmInfo; } @@ -227,9 +209,6 @@ public abstract class TPMBaseline extends Baseline { * @return true if measurement record is found in list, otherwise false */ public final boolean isInBaseline(final TPMMeasurementRecord record) { - if (record == null) { - return false; - } return pcrRecords.contains(record); } @@ -244,7 +223,7 @@ public abstract class TPMBaseline extends Baseline { LOGGER.debug("adding record {} to baseline {}", record, getName()); if (record == null) { LOGGER.error("null record"); - throw new NullPointerException("record"); + throw new NullPointerException("TPMMeasurementRecord"); } if (pcrRecords.contains(record)) { @@ -268,7 +247,7 @@ public abstract class TPMBaseline extends Baseline { public final boolean removeFromBaseline(final TPMMeasurementRecord record) { LOGGER.debug("removing record {} from baseline {}", record, getName()); if (record == null) { - LOGGER.error("null record"); + LOGGER.error("null record can not be removed"); return false; } @@ -283,25 +262,27 @@ public abstract class TPMBaseline extends Baseline { */ public boolean isEmpty() { LOGGER.debug("Check for empty baseline"); - return (firmwareInfo.getBiosReleaseDate().equals(NOT_SPECIFIED) - && firmwareInfo.getBiosVendor().equals(NOT_SPECIFIED) - && firmwareInfo.getBiosVersion().equals(NOT_SPECIFIED) - && hardwareInfo.getBaseboardSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getChassisSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getManufacturer().equals(NOT_SPECIFIED) - && hardwareInfo.getProductName().equals(NOT_SPECIFIED) - && hardwareInfo.getSystemSerialNumber().equals(NOT_SPECIFIED) - && hardwareInfo.getVersion().equals(NOT_SPECIFIED) - && osInfo.getDistribution().equals(NOT_SPECIFIED) - && osInfo.getDistributionRelease().equals(NOT_SPECIFIED) - && osInfo.getOSArch().equals(NOT_SPECIFIED) - && osInfo.getOSName().equals(NOT_SPECIFIED) - && osInfo.getOSVersion().equals(NOT_SPECIFIED) - && tpmInfo.getTPMMake().equals(NOT_SPECIFIED) + return (firmwareInfo.getBiosReleaseDate().equals(DeviceInfoReport.NOT_SPECIFIED) + && firmwareInfo.getBiosVendor().equals(DeviceInfoReport.NOT_SPECIFIED) + && firmwareInfo.getBiosVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getBaseboardSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getChassisSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getProductName().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getSystemSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED) + && hardwareInfo.getVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getDistribution().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getDistributionRelease().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSArch().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSName().equals(DeviceInfoReport.NOT_SPECIFIED) + && osInfo.getOSVersion().equals(DeviceInfoReport.NOT_SPECIFIED) + && tpmInfo.getTPMMake().equals(DeviceInfoReport.NOT_SPECIFIED) && tpmInfo.getTPMVersionMajor() == 0 && tpmInfo.getTPMVersionMinor() == 0 && tpmInfo.getTPMVersionRevMajor() == 0 && tpmInfo.getTPMVersionRevMinor() == 0 + && rimInfo.getRimManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED) + && rimInfo.getModel().equals(DeviceInfoReport.NOT_SPECIFIED) && pcrRecords.isEmpty()); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java similarity index 99% rename from HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java index 6dc20c02..538a75d9 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TargetedRepoImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java index 781fa2a8..2aef3e01 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TpmBlackListBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import javax.persistence.Entity; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java similarity index 95% rename from HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java index cebc0412..1c9ed43c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TpmWhiteListBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import javax.persistence.Entity; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java rename to HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java index d8c5fb02..473be322 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/UpdatableImaBaseline.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.baseline; import hirs.persist.RepositoryManager; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java new file mode 100644 index 00000000..2c222e8a --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java @@ -0,0 +1,4 @@ +/** + * This package contains a set of classes for accessing baseline code. + */ +package hirs.data.persist.baseline; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java index 4b9c5258..820439ab 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java @@ -314,9 +314,10 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { asn1In = new ASN1InputStream(ec.getEncoded()); ASN1Primitive obj = asn1In.readObject(); + ASN1Sequence seq; while (obj != null) { - ASN1Sequence seq = ASN1Sequence.getInstance(obj); + seq = ASN1Sequence.getInstance(obj); parseSequence(seq, false, null); obj = asn1In.readObject(); } @@ -328,10 +329,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { } } + String oid; + Object value; // unpack fields from parsedFields and set field values for (Map.Entry entry : parsedFields.entrySet()) { - String oid = entry.getKey(); - Object value = entry.getValue(); + oid = entry.getKey(); + value = entry.getValue(); if (oid.equals(TPM_MODEL)) { model = value.toString(); LOGGER.debug("Found TPM Model: " + model); @@ -415,10 +418,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); // Iterate through remaining fields to set optional attributes + int tag; + DERTaggedObject obj; for (int i = seqPosition; i < seq.size(); i++) { if (seq.getObjectAt(i) instanceof DERTaggedObject) { - DERTaggedObject obj = (DERTaggedObject) seq.getObjectAt(i); - int tag = obj.getTagNo(); + obj = (DERTaggedObject) seq.getObjectAt(i); + tag = obj.getTagNo(); if (tag == EK_TYPE_TAG) { int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue(); if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) { @@ -523,8 +528,9 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { // parseSequences in the future ASN1Set set = (ASN1Set) component; Enumeration setContents = set.getObjects(); + ASN1Encodable subComp; while (setContents.hasMoreElements()) { - ASN1Encodable subComp = (ASN1Encodable) setContents.nextElement(); + subComp = (ASN1Encodable) setContents.nextElement(); if (subComp instanceof ASN1ObjectIdentifier) { LOGGER.warn("OID in top level of ASN1Set"); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java new file mode 100644 index 00000000..3af00bf6 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java @@ -0,0 +1,65 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'severity' of the Alert, which is a string enumeration + * representing the predicted importance of the problem identified. + * + * A constructor with the enum is used to set a criticality number for each + * severity level. Severity levels can be compared against each other by using + * the getCriticality method. + * + */ +@XmlType(name = "AlertSeverity") +public enum AlertSeverity { + + /** + * Used for situations where Severity remains to be implemented or the exact + * level has not been determined for a specific use case. + */ + UNSPECIFIED(5), + /** + * Equivalent to "Ignore" or "Quiet". This is not used for general logging, + * but for Alert level messages that, in specific cases, are not applicable + * or can be or need to be ignored. + */ + INFO(10), + /** + * Applies to a non-system critical file or condition. + */ + LOW(15), + /** + * Involves a stable or system-critical file or a stable PCR value. + */ + HIGH(25), + /** + * Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious + * intent that an automated response, such as network disconnection, is + * warranted. + */ + SEVERE(30); + + /** + * Criticality number assigned to a severity level. + */ + private int criticality; + + /** + * Constructor used to set the criticality level. + * + * @param c criticality level + */ + AlertSeverity(final int c) { + criticality = c; + } + + /** + * Return criticality level assigned to severity level. + * + * @return criticality level + */ + public int getCriticality() { + return criticality; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java new file mode 100644 index 00000000..92be72b0 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java @@ -0,0 +1,43 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'source' of the Alert, which is a string enumeration + * representing the component within the HIRS system that caused the + * Alert to be generated. For example, if a record mismatch is + * detected by the IMAAppraiser, the source of the + * Alert will be "IMAAppraiser". In some cases the class name may + * be used, and in other cases a more abstract name may be used to provide + * clarity to the user, such as the REPORT_PROCESSOR type, which + * can come from the SOAPMessageProcessor, the + * SOAPReportProcessor, or the HIRSAppraiser. + */ +@XmlType(name = "AlertSource") +public enum AlertSource { + + /** + * The alerts generated from an unspecified source. + */ + UNSPECIFIED, + /** + * Alerts generated within SOAPMessageProcessor, + * SOAPReportProcessor, or HIRSAppraiser will all + * use the same source. This makes sense right now because those Alerts will + * all be related to Reports that do not match the expected + * format. + */ + REPORT_PROCESSOR, + /** + * Alerts generated within the IMAAppraiser. + */ + IMA_APPRAISER, + /** + * Alerts generated within the TPMAppraiser. + */ + TPM_APPRAISER, + /** + * Alerts generated within OnDemandReportRequestManager. + */ + REPORT_REQUESTOR +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java new file mode 100644 index 00000000..ac0dbdc5 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java @@ -0,0 +1,110 @@ +package hirs.data.persist.enums; + +import javax.xml.bind.annotation.XmlType; + +/** + * The 'type' of the Alert, which is the category of problem identified by the + * 'source'. + */ +@XmlType(name = "AlertType") +public enum AlertType { + + /** + * The alert type has not been specified. + */ + UNSPECIFIED, + /** + * The Report does not contain the necessary elements or it + * contains certain unnecessary elements. + */ + MALFORMED_REPORT, + /** + * The Report does not contain the correct + * TPMMeasurementRecords or the PCR values are not correct. + */ + WHITE_LIST_PCR_MISMATCH, + /** + * The Report contains a TPMMeasurementRecord + * matching a TPM BlackList. + */ + BLACK_LIST_PCR_MATCH, + /** + * The TPMReport does not contain a valid nonce. + */ + INVALID_NONCE, + /** + * The TPMReport does not contain a valid TPM Quote (PCR + * Digest). + */ + INVALID_TPM_QUOTE, + /** + * The TPMReport does not contain a valid signature. + */ + INVALID_SIGNATURE, + /** + * The TPMReport does not contain a valid certificate. + */ + INVALID_CERTIFICATE, + /** + * The IMAReport contains a whitelist hash mismatch. + */ + WHITELIST_MISMATCH, + /** + * The IMAReport contains a required set hash mismatch. + */ + REQUIRED_SET_MISMATCH, + /** + * The Report is missing a required record. + */ + MISSING_RECORD, + /** + * The IMAReport contains an unknown filepath. + */ + UNKNOWN_FILE, + /** + * The client's ReportRequest query messages missing. + */ + REPORT_REQUESTS_MISSING, + /** + * Client periodic IntegrityReport missing. + */ + PERIODIC_REPORT_MISSING, + /** + * On-demand IntegrityReport missing. + */ + ON_DEMAND_REPORT_MISSING, + /** + * The client sent a report that indicates IMA was not enabled correctly. + */ + IMA_MISCONFIGURED, + /** + * PCR mismatches and device info changes indicated a kernel update. + */ + KERNEL_UPDATE_DETECTED, + /** + * The Report does not contain the correct + * TPMMeasurementRecords associated with IMA measurements. + */ + IMA_PCR_MISMATCH, + /** + * Indicates an IMA measurement had a path which matched an entry in a + * blacklist baseline. + */ + IMA_BLACKLIST_PATH_MATCH, + /** + * Indicates an IMA measurement had a hash which matched an entry in a + * blacklist baseline. + */ + IMA_BLACKLIST_HASH_MATCH, + /** + * Indicates an IMA measurement had both a path and hash which matched an + * entry in a blacklist baseline. + */ + IMA_BLACKLIST_PATH_AND_HASH_MATCH, + /** + * Indicates an IMA measurement had a path that matched an entry in a + * blacklist baseline, and also had a hash that matched another entry in the + * same (or another) baseline. + */ + IMA_BLACKLIST_MIXED_MATCH +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java similarity index 90% rename from HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java index 4425f252..01166731 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enum used to represent certificate validation status. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java new file mode 100644 index 00000000..4cec6e03 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java @@ -0,0 +1,88 @@ +package hirs.data.persist.enums; + +/** + * Identifies the type of component. + */ +public enum ComponentType { + + /** + * Baseboard. + */ + BASEBOARD(Values.BASEBOARD), + /** + * BIOS or UEFI. + */ + BIOS_UEFI(Values.BIOS_UEFI), + /** + * Chassis. + */ + CHASSIS(Values.CHASSIS), + /** + * Hard Drive. + */ + HARD_DRIVE(Values.HARD_DRIVE), + /** + * Memory. + */ + MEMORY(Values.MEMORY), + /** + * Network Interface Card. + */ + NIC(Values.NIC), + /** + * Processor. + */ + PROCESSOR(Values.PROCESSOR); + + /** + * Constructor. + * + * @param val string value + */ + ComponentType(final String val) { + if (!this.name().equals(val)) { + throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum"); + } + } + + /** + * String values for use in {@link ComponentTypeEnum}. + */ + public static class Values { + + /** + * Baseboard. + */ + public static final String BASEBOARD = "BASEBOARD"; + + /** + * BIOS or UEFI. + */ + public static final String BIOS_UEFI = "BIOS_UEFI"; + + /** + * Chassis. + */ + public static final String CHASSIS = "CHASSIS"; + + /** + * Hard Drive. + */ + public static final String HARD_DRIVE = "HARD_DRIVE"; + + /** + * Memory. + */ + public static final String MEMORY = "MEMORY"; + + /** + * Network Interface Card. + */ + public static final String NIC = "NIC"; + + /** + * Processor. + */ + public static final String PROCESSOR = "PROCESSOR"; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java index a2498002..0e968ca8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DigestAlgorithm.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java @@ -1,4 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.enums; + +import hirs.data.persist.AbstractDigest; +import hirs.data.persist.DeviceInfoReport; /** * Enum of digest algorithms. The enum values also provide a standardized @@ -29,7 +32,12 @@ public enum DigestAlgorithm { /** * SHA-512 digest algorithm. */ - SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH); + SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH), + /** + * Condition used when an algorithm is not specified and + * the size doesn't match known digests. + */ + UNSPECIFIED(DeviceInfoReport.NOT_SPECIFIED, Integer.BYTES); private final String standardAlgorithmName; @@ -52,7 +60,7 @@ public enum DigestAlgorithm { * * @return standard Java algorithm name */ - String getStandardAlgorithmName() { + public String getStandardAlgorithmName() { return this.standardAlgorithmName; } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java index be3fd764..679f443c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/DigestComparisonResultType.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enumeration identifying the different outcomes of a comparison between diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java similarity index 91% rename from HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java index eb0ea99b..dad62618 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ExamineState.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * State capturing if a record was examined during appraisal or not. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java similarity index 96% rename from HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java index aeae9c60..b67c8da6 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HealthStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * HealthStatus is used to represent the health of a device. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OSName.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java similarity index 90% rename from HIRS_Utils/src/main/java/hirs/data/persist/OSName.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java index 7a365c88..0c84bf52 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OSName.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * Enum used to represent operating system names. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java new file mode 100644 index 00000000..e81767a3 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java @@ -0,0 +1,16 @@ +package hirs.data.persist.enums; + +/** + * Schemes used by the HIRS Portal. + */ +public enum PortalScheme { + + /** + * HTTP. + */ + HTTP, + /** + * HTTPS. + */ + HTTPS; +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java similarity index 93% rename from HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java rename to HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java index ca5cfce8..853189a0 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ReportMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.enums; /** * This enum represents the result of a search for a record in a baseline. @@ -20,5 +20,4 @@ public enum ReportMatchStatus { * Indicates the baseline has no entries matching the file path. */ UNKNOWN - } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java new file mode 100644 index 00000000..07d3c65e --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java @@ -0,0 +1,4 @@ +/** + * This package contains a set of classes for accessing enums used by data persist. + */ +package hirs.data.persist.enums; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java similarity index 86% rename from HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java index 2805a6ce..fb0df5d4 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BIOSComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold BIOS/UEFI Component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BIOS_UEFI) +@DiscriminatorValue(value = ComponentType.Values.BIOS_UEFI) public class BIOSComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java index e44fc0b7..aa7d2eb8 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/BaseboardComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold information about baseboard components. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BASEBOARD) +@DiscriminatorValue(value = ComponentType.Values.BASEBOARD) public class BaseboardComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java index edded09b..075e8d84 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ChassisComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold chassis component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.CHASSIS) +@DiscriminatorValue(value = ComponentType.Values.CHASSIS) public class ChassisComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java similarity index 73% rename from HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java index d4af44de..8a493e16 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java @@ -1,4 +1,4 @@ -package hirs.data.persist; +package hirs.data.persist.info; import org.apache.commons.lang3.StringUtils; import org.hibernate.annotations.DiscriminatorOptions; @@ -25,96 +25,6 @@ import java.util.Objects; @DiscriminatorOptions(force = true) public class ComponentInfo implements Serializable { - /** - * Identifies the type of component. - */ - public enum ComponentTypeEnum { - /** - * Baseboard. - */ - BASEBOARD(Values.BASEBOARD), - - /** - * BIOS or UEFI. - */ - BIOS_UEFI(Values.BIOS_UEFI), - - /** - * Chassis. - */ - CHASSIS(Values.CHASSIS), - - /** - * Hard Drive. - */ - HARD_DRIVE(Values.HARD_DRIVE), - - /** - * Memory. - */ - MEMORY(Values.MEMORY), - - /** - * Network Interface Card. - */ - NIC(Values.NIC), - - /** - * Processor. - */ - PROCESSOR(Values.PROCESSOR); - - /** - * Constructor. - * @param val string value - */ - ComponentTypeEnum(final String val) { - if (!this.name().equals(val)) { - throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum"); - } - } - - /** - * String values for use in {@link ComponentTypeEnum}. - */ - public static class Values { - /** - * Baseboard. - */ - public static final String BASEBOARD = "BASEBOARD"; - - /** - * BIOS or UEFI. - */ - public static final String BIOS_UEFI = "BIOS_UEFI"; - - /** - * Chassis. - */ - public static final String CHASSIS = "CHASSIS"; - - /** - * Hard Drive. - */ - public static final String HARD_DRIVE = "HARD_DRIVE"; - - /** - * Memory. - */ - public static final String MEMORY = "MEMORY"; - - /** - * Network Interface Card. - */ - public static final String NIC = "NIC"; - - /** - * Processor. - */ - public static final String PROCESSOR = "PROCESSOR"; - } - } - @Id @Column(name = "componentInfo_id") @GeneratedValue(strategy = GenerationType.AUTO) diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java similarity index 85% rename from HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java index 4a95a8f5..1dc594ba 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/FirmwareInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import javax.persistence.Column; @@ -10,19 +11,17 @@ import java.io.Serializable; * Used for representing the firmware info of a device, such as the BIOS information. */ public class FirmwareInfo implements Serializable { - private static final int SHORT_STRING_LENGTH = 32; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String biosVendor; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String biosVersion; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false) private final String biosReleaseDate; /** @@ -35,13 +34,13 @@ public class FirmwareInfo implements Serializable { public FirmwareInfo(final String biosVendor, final String biosVersion, final String biosReleaseDate) { this.biosVendor = StringValidator.check(biosVendor, "biosVendor") - .notBlank().maxLength(LONG_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); this.biosVersion = StringValidator.check(biosVersion, "biosVersion") - .notBlank().maxLength(LONG_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); this.biosReleaseDate = StringValidator.check(biosReleaseDate, "biosReleaseDate") - .notBlank().maxLength(SHORT_STRING_LENGTH).get(); + .notBlank().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java index b55cd3d0..ad315367 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HardDriveComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold hard drive component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.HARD_DRIVE) +@DiscriminatorValue(value = ComponentType.Values.HARD_DRIVE) public class HardDriveComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java similarity index 84% rename from HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java index 2bbca81b..dc68857e 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/HardwareInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import org.apache.commons.lang3.StringUtils; @@ -14,31 +15,29 @@ import java.util.Objects; */ @Embeddable public class HardwareInfo implements Serializable { - private static final int SHORT_STRING_LENGTH = 64; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String manufacturer = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String productName = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) private String version = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String systemSerialNumber = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String chassisSerialNumber = DeviceInfoReport.NOT_SPECIFIED; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private String baseboardSerialNumber = DeviceInfoReport.NOT_SPECIFIED; /** @@ -61,33 +60,35 @@ public class HardwareInfo implements Serializable { ) { if (!StringUtils.isBlank(manufacturer)) { this.manufacturer = StringValidator.check(manufacturer, "manufacturer") - .maxLength(LONG_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(productName)) { this.productName = StringValidator.check(productName, "productName") - .maxLength(LONG_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(version)) { this.version = StringValidator.check(version, "version") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); } if (!StringUtils.isBlank(systemSerialNumber)) { this.systemSerialNumber = StringValidator.check(systemSerialNumber, - "systemSerialNumber").maxLength(LONG_STRING_LENGTH).get(); + "systemSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(chassisSerialNumber)) { this.chassisSerialNumber = StringValidator.check(chassisSerialNumber, - "chassisSerialNumber").maxLength(LONG_STRING_LENGTH).get(); + "chassisSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } if (!StringUtils.isBlank(baseboardSerialNumber)) { this.baseboardSerialNumber = StringValidator.check( - baseboardSerialNumber, "baseboardSerialNumber" - ).maxLength(LONG_STRING_LENGTH).get(); + baseboardSerialNumber, "baseboardSerialNumber") + .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); } } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java index 948b58f7..977caccc 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/MemoryComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold memory component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.MEMORY) +@DiscriminatorValue(value = ComponentType.Values.MEMORY) public class MemoryComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java index 05a864a7..f437f41c 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/NICComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold Network Interface Card (NIC) component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.NIC) +@DiscriminatorValue(value = ComponentType.Values.NIC) public class NICComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java similarity index 94% rename from HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java index d1f15c24..d2f2475f 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/NetworkInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java @@ -1,5 +1,7 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.InetAddressXmlAdapter; import java.io.Serializable; import java.net.InetAddress; import java.util.Arrays; @@ -22,19 +24,15 @@ public class NetworkInfo implements Serializable { private static final Logger LOGGER = LogManager .getLogger(NetworkInfo.class); - private static final int LONG_STRING_LENGTH = 255; - private static final int SHORT_STRING_LENGTH = 32; private static final int NUM_MAC_ADDRESS_BYTES = 6; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = true) - @SuppressWarnings("checkstyle:magicnumber") + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = true) private String hostname; @XmlElement @XmlJavaTypeAdapter(value = InetAddressXmlAdapter.class) - @SuppressWarnings("checkstyle:magicnumber") - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) @Type(type = "hirs.data.persist.type.InetAddressType") private InetAddress ipAddress; diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java similarity index 87% rename from HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java index 0c24fc23..37f51af6 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/OSInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.DeviceInfoReport; import hirs.utils.StringValidator; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -15,27 +16,25 @@ import java.io.Serializable; @Embeddable public class OSInfo implements Serializable { private static final Logger LOGGER = LogManager.getLogger(OSInfo.class); - private static final int SHORT_STRING_LENGTH = 32; - private static final int LONG_STRING_LENGTH = 256; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String osName; @XmlElement - @Column(length = LONG_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false) private final String osVersion; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = false) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false) private final String osArch; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) private final String distribution; @XmlElement - @Column(length = SHORT_STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true) private final String distributionRelease; /** @@ -61,24 +60,24 @@ public class OSInfo implements Serializable { final String distributionRelease) { LOGGER.debug("setting OS name information to: {}", osName); this.osName = StringValidator.check(osName, "osName") - .notNull().maxLength(LONG_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); LOGGER.debug("setting OS version information to: {}", osVersion); this.osVersion = StringValidator.check(osVersion, "osVersion") - .notNull().maxLength(LONG_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get(); LOGGER.debug("setting OS arch information to: {}", osArch); this.osArch = StringValidator.check(osArch, "osArch") - .notNull().maxLength(SHORT_STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); LOGGER.debug("setting OS distribution information to: {}", distribution); this.distribution = StringValidator.check(distribution, "distribution") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); LOGGER.debug("setting OS distribution release information to: {}", distributionRelease); this.distributionRelease = StringValidator.check(distributionRelease, "distributionRelease") - .maxLength(SHORT_STRING_LENGTH).get(); + .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get(); } /** diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java similarity index 91% rename from HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java index ccb266f8..b13eae49 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/PortalInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.PortalScheme; import java.net.InetAddress; import java.net.UnknownHostException; import javax.persistence.Access; @@ -18,20 +19,6 @@ import javax.persistence.Table; @Table(name = "PortalInfo") @Access(AccessType.FIELD) public class PortalInfo { - /** - * Schemes used by the HIRS Portal. - */ - public enum Scheme { - /** - * HTTP. - */ - HTTP, - /** - * HTTPS. - */ - HTTPS; - } - @Id @Column @GeneratedValue(strategy = GenerationType.AUTO) @@ -60,7 +47,7 @@ public class PortalInfo { * * @param scheme Name of the portal. */ - public final void setSchemeName(final PortalInfo.Scheme scheme) { + public final void setSchemeName(final PortalScheme scheme) { if (scheme == null) { throw new NullPointerException("Scheme cannot be null"); } diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java similarity index 88% rename from HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java index 5bcaae03..fffd5044 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/ProcessorComponentInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java @@ -1,5 +1,6 @@ -package hirs.data.persist; +package hirs.data.persist.info; +import hirs.data.persist.enums.ComponentType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; @@ -7,7 +8,7 @@ import javax.persistence.Entity; * Class to hold processor component information. */ @Entity -@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.PROCESSOR) +@DiscriminatorValue(value = ComponentType.Values.PROCESSOR) public class ProcessorComponentInfo extends ComponentInfo { /** * Default constructor required by Hibernate. diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java new file mode 100644 index 00000000..15774474 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java @@ -0,0 +1,138 @@ +package hirs.data.persist.info; + +import hirs.data.persist.DeviceInfoReport; +import hirs.utils.StringValidator; +import java.io.Serializable; +import javax.persistence.Column; +import javax.persistence.Embeddable; +import javax.xml.bind.annotation.XmlElement; + +/** + * + */ +@Embeddable +public class RIMInfo implements Serializable { + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String rimManufacturer; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String model; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String fileHash; + + @XmlElement + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false) + private final String pcrHash; + + /** + * Constructor for the initial values of the class. + * @param rimManufacturer string of the rimManufacturer + * @param model string of the model + * @param fileHash string of the file hash + * @param pcrHash string of the pcr hash + */ + public RIMInfo(final String rimManufacturer, final String model, + final String fileHash, final String pcrHash) { + this.rimManufacturer = StringValidator.check(rimManufacturer, "rimManufacturer") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.model = StringValidator.check(model, "model") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.fileHash = StringValidator.check(fileHash, "fileHash") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + this.pcrHash = StringValidator.check(pcrHash, "pcrHash") + .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); + } + + /** + * Default no parameter constructor. + */ + public RIMInfo() { + this(DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED, + DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED); + } + + /** + * Getter for the rimManufacturer string. + * @return string of the rimManufacturer. + */ + public final String getRimManufacturer() { + return this.rimManufacturer; + } + + /** + * Getter for the model string. + * @return of the model string + */ + public final String getModel() { + return this.model; + } + + /** + * Getter for the file hash string. + * @return fileHash string + */ + public String getFileHash() { + return fileHash; + } + + /** + * Getter for the pcr hash. + * @return pcrhash string + */ + public String getPcrHash() { + return pcrHash; + } + + @Override + public String toString() { + return String.format("%s, %s, %s, %s", rimManufacturer, model, + fileHash, pcrHash); + } + + @Override + public final boolean equals(final Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof RIMInfo)) { + return false; + } + RIMInfo other = (RIMInfo) obj; + + if (rimManufacturer != null && !rimManufacturer.equals(other.rimManufacturer)) { + return false; + } + if (model != null && !model.equals(other.model)) { + return false; + } + if (fileHash != null && !fileHash.equals(other.fileHash)) { + return false; + } + if (pcrHash != null && !pcrHash.equals(other.pcrHash)) { + return false; + } + + return true; + } + + @Override + public final int hashCode() { + final int prime = 31; + int result = 1; + + result = prime * result + rimManufacturer.hashCode(); + result = prime * result + model.hashCode(); + result = prime * result + fileHash.hashCode(); + result = prime * result + pcrHash.hashCode(); + + return result; + } +} diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java similarity index 97% rename from HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java rename to HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java index 9f3f13c9..5e672956 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/TPMInfo.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java @@ -1,6 +1,8 @@ -package hirs.data.persist; +package hirs.data.persist.info; import com.fasterxml.jackson.annotation.JsonIgnore; +import hirs.data.persist.DeviceInfoReport; +import hirs.data.persist.X509CertificateAdapter; import java.io.Serializable; import java.security.cert.X509Certificate; @@ -22,10 +24,9 @@ import org.hibernate.annotations.Type; @Embeddable public class TPMInfo implements Serializable { private static final Logger LOGGER = LogManager.getLogger(TPMInfo.class); - private static final int STRING_LENGTH = 64; @XmlElement - @Column(length = STRING_LENGTH, nullable = true) + @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = true) private String tpmMake; @XmlElement @@ -226,7 +227,7 @@ public class TPMInfo implements Serializable { private void setTPMMake(final String tpmMake) { LOGGER.debug("setting TPM make info: {}", tpmMake); this.tpmMake = StringValidator.check(tpmMake, "tpmMake") - .notNull().maxLength(STRING_LENGTH).get(); + .notNull().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get(); } private void setTPMVersionMajor(final short tpmVersionMajor) { diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java b/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java new file mode 100644 index 00000000..53e61619 --- /dev/null +++ b/HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java @@ -0,0 +1,5 @@ +/** + * This package contains a set of classes for accessing info classes used by data persist. + */ +package hirs.data.persist.info; + diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java b/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java index 5f4d4a42..f551350d 100644 --- a/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java +++ b/HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java @@ -1,7 +1,7 @@ package hirs.data.persist.tpm; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.data.persist.TPMMeasurementRecord; import javax.persistence.AttributeOverride; diff --git a/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java index 1dcab211..9bc11d2b 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java @@ -1,17 +1,17 @@ package hirs.ima; import hirs.data.persist.Digest; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.ImaIgnoreSetRecord; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.tpm.TPMBaselineGenerator.TPMBaselineFields; import org.apache.commons.codec.binary.Hex; @@ -131,28 +131,28 @@ public final class CSVGenerator { // Add device info records to the map HashMap map = new HashMap(); final FirmwareInfo firmwareInfo = tpmBaseline.getFirmwareInfo(); - map.put(TPMBaselineFields.biosvendor, firmwareInfo.getBiosVendor()); - map.put(TPMBaselineFields.biosversion, firmwareInfo.getBiosVersion()); - map.put(TPMBaselineFields.biosreleasedate, firmwareInfo.getBiosReleaseDate()); + map.put(TPMBaselineFields.BIOS_VENDOR, firmwareInfo.getBiosVendor()); + map.put(TPMBaselineFields.BIOS_VERSION, firmwareInfo.getBiosVersion()); + map.put(TPMBaselineFields.BIOS_RELEASE_DATE, firmwareInfo.getBiosReleaseDate()); final HardwareInfo hardwareInfo = tpmBaseline.getHardwareInfo(); - map.put(TPMBaselineFields.manufacturer, hardwareInfo.getManufacturer()); - map.put(TPMBaselineFields.productname, hardwareInfo.getProductName()); - map.put(TPMBaselineFields.version, hardwareInfo.getVersion()); - map.put(TPMBaselineFields.systemserialnumber, hardwareInfo.getSystemSerialNumber()); - map.put(TPMBaselineFields.chassisserialnumber, hardwareInfo.getChassisSerialNumber()); - map.put(TPMBaselineFields.baseboardserialnumber, hardwareInfo.getBaseboardSerialNumber()); + map.put(TPMBaselineFields.MANUFACTURER, hardwareInfo.getManufacturer()); + map.put(TPMBaselineFields.PRODUCT_NAME, hardwareInfo.getProductName()); + map.put(TPMBaselineFields.VERSION, hardwareInfo.getVersion()); + map.put(TPMBaselineFields.SYSTEM_SERIAL_NUMBER, hardwareInfo.getSystemSerialNumber()); + map.put(TPMBaselineFields.CHASSIS_SERIAL_NUMBER, hardwareInfo.getChassisSerialNumber()); + map.put(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER, hardwareInfo.getBaseboardSerialNumber()); final OSInfo osInfo = tpmBaseline.getOSInfo(); - map.put(TPMBaselineFields.osname, osInfo.getOSName()); - map.put(TPMBaselineFields.osversion, osInfo.getOSVersion()); - map.put(TPMBaselineFields.osarch, osInfo.getOSArch()); - map.put(TPMBaselineFields.distribution, osInfo.getDistribution()); - map.put(TPMBaselineFields.distributionrelease, osInfo.getDistributionRelease()); + map.put(TPMBaselineFields.OS_NAME, osInfo.getOSName()); + map.put(TPMBaselineFields.OS_VERSION, osInfo.getOSVersion()); + map.put(TPMBaselineFields.OS_ARCH, osInfo.getOSArch()); + map.put(TPMBaselineFields.DISTRIBUTION, osInfo.getDistribution()); + map.put(TPMBaselineFields.DISTRIBUTION_RELEASE, osInfo.getDistributionRelease()); final TPMInfo tpmInfo = tpmBaseline.getTPMInfo(); - map.put(TPMBaselineFields.tpmmake, tpmInfo.getTPMMake()); - map.put(TPMBaselineFields.tpmversionmajor, "" + tpmInfo.getTPMVersionMajor()); - map.put(TPMBaselineFields.tpmversionminor, "" + tpmInfo.getTPMVersionMinor()); - map.put(TPMBaselineFields.tpmversionrevmajor, "" + tpmInfo.getTPMVersionRevMajor()); - map.put(TPMBaselineFields.tpmversionrevminor, "" + tpmInfo.getTPMVersionRevMinor()); + map.put(TPMBaselineFields.TPM_MAKE, tpmInfo.getTPMMake()); + map.put(TPMBaselineFields.TPM_VERSION_MAJOR, "" + tpmInfo.getTPMVersionMajor()); + map.put(TPMBaselineFields.TPM_VERSION_MINOR, "" + tpmInfo.getTPMVersionMinor()); + map.put(TPMBaselineFields.TPM_VERSION_REV_MAJOR, "" + tpmInfo.getTPMVersionRevMajor()); + map.put(TPMBaselineFields.TPM_VERSION_REV_MINOR, "" + tpmInfo.getTPMVersionRevMinor()); // Add device info records to the CSV file sb.append(TPMBaselineFields.toCSV(map)); diff --git a/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java index 8fa3aa16..ac70f4a7 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java @@ -3,7 +3,7 @@ package hirs.ima; import com.google.common.base.Charsets; import com.google.common.base.Preconditions; import hirs.data.persist.Digest; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; import org.apache.commons.csv.CSVFormat; import org.apache.commons.csv.CSVParser; diff --git a/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java index a60735c9..5788b752 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java @@ -1,6 +1,6 @@ package hirs.ima; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.ImaIgnoreSetRecord; import java.io.BufferedReader; diff --git a/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java index 279654e5..68842470 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java @@ -1,11 +1,11 @@ package hirs.ima; import hirs.data.persist.IMAReport; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IntegrityReport; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java b/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java index db75e367..615d21ce 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java @@ -2,8 +2,8 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.ArrayList; import java.util.Collection; @@ -17,7 +17,7 @@ import java.util.Set; /** * This class holds the results of the appraisal of a batch of {@link IMAMeasurementRecord}s against - * one or many {@link hirs.data.persist.ImaBaseline}s. + * one or many {@link hirs.data.persist.baseline.ImaBaseline}s. * * @param the type of IMA baseline record that an instance of this class matches against */ diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java b/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java index 58294f04..dd56057e 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java @@ -1,10 +1,10 @@ package hirs.ima.matching; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collections; import java.util.HashSet; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java index ae3c3ede..f5a9990a 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java @@ -1,11 +1,11 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collection; import java.util.Set; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java index 5b91adf6..1eba0a1d 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java @@ -1,12 +1,12 @@ package hirs.ima.matching; import com.google.common.base.Preconditions; -import hirs.data.persist.DigestComparisonResultType; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import org.apache.logging.log4j.Logger; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java index 007ce96c..f060af72 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java @@ -1,11 +1,11 @@ package hirs.ima.matching; -import hirs.data.persist.Alert; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.ImaBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.enums.AlertType; +import hirs.data.persist.enums.ReportMatchStatus; import java.util.Collection; import java.util.HashSet; @@ -81,16 +81,16 @@ public class ImaBlacklistRecordMatcher extends ImaRecordMatcher> blacklistMatches) { - Alert.AlertType type = null; + AlertType type = null; for (IMAMatchStatus match : blacklistMatches) { for (ImaBlacklistRecord blacklistRecord : match.getBaselineRecords()) { if (type == null) { type = blacklistRecord.getAlertMatchType(); } else { if (type != blacklistRecord.getAlertMatchType()) { - return Alert.AlertType.IMA_BLACKLIST_MIXED_MATCH; + return AlertType.IMA_BLACKLIST_MIXED_MATCH; } } } diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java index d3b74037..5203e838 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java @@ -2,9 +2,9 @@ package hirs.ima.matching; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.ImaBaseline; import hirs.data.persist.ImaIgnoreSetRecord; -import hirs.data.persist.ReportMatchStatus; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.utils.RegexFilePathMatcher; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java index 2e38fc4a..01e7559c 100644 --- a/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java +++ b/HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java @@ -3,11 +3,11 @@ package hirs.ima.matching; import com.google.common.collect.ImmutableListMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.AbstractImaBaselineRecord; -import hirs.data.persist.ImaBaseline; +import hirs.data.persist.baseline.AbstractImaBaselineRecord; +import hirs.data.persist.baseline.ImaBaseline; import java.util.ArrayList; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java b/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java index 5c006e96..679eeb65 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/AlertManager.java @@ -2,11 +2,12 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; import hirs.data.persist.Report; +import hirs.data.persist.enums.AlertSource; import org.hibernate.criterion.Criterion; import java.util.Date; @@ -217,7 +218,7 @@ public interface AlertManager { * @param source counted alerts must originate from * @return count of unresolved alerts */ - int countUnresolvedAlerts(Device device, Alert.Source source); + int countUnresolvedAlerts(Device device, AlertSource source); /** * Count the total number of devices with at least one unresolved alert within the given group. diff --git a/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java b/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java index 4906d41b..7951a834 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java @@ -2,8 +2,8 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.ImaBlacklistRecord; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java index 4405fb97..cacacd2d 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java @@ -4,7 +4,7 @@ import hirs.FilteredRecordsList; import static org.apache.logging.log4j.LogManager.getLogger; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; @@ -17,6 +17,7 @@ import java.util.Map; import java.util.UUID; import hirs.data.persist.Report; +import hirs.data.persist.enums.AlertSource; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.Logger; import org.hibernate.Criteria; @@ -613,7 +614,7 @@ public class DBAlertManager extends DBManager implements AlertManager { * @param source counted alerts must originate from * @return count of unresolved alerts */ - public final int countUnresolvedAlerts(final Device device, final Alert.Source source) { + public final int countUnresolvedAlerts(final Device device, final AlertSource source) { if (device == null) { String msg = "invalid argument - null value for device"; LOGGER.error(msg); diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java index addb11e0..4cf788a3 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBBaselineManager.java @@ -2,9 +2,9 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.BroadRepoImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.BroadRepoImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.ImaBlacklistRecord; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java index 59b4ca0a..3153329e 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBPolicyManager.java @@ -2,10 +2,10 @@ package hirs.persist; import com.google.common.base.Preconditions; import hirs.appraiser.Appraiser; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; -import hirs.data.persist.HasBaselines; +import hirs.data.persist.baseline.HasBaselines; import hirs.data.persist.Policy; import java.io.Serializable; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java b/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java index df5e23c5..5e41cbdb 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DBPortalInfoManager.java @@ -1,6 +1,7 @@ package hirs.persist; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import java.net.URI; import java.net.URISyntaxException; @@ -78,7 +79,7 @@ public class DBPortalInfoManager extends DBManager implements Portal * PortalInfo */ @Override - public final PortalInfo getPortalInfo(final PortalInfo.Scheme scheme) + public final PortalInfo getPortalInfo(final PortalScheme scheme) throws PortalInfoManagerException { LOGGER.debug("getting Portal Info: {}", scheme.name()); try { @@ -101,7 +102,7 @@ public class DBPortalInfoManager extends DBManager implements Portal * from the database */ @Override - public final boolean deletePortalInfo(final PortalInfo.Scheme scheme) + public final boolean deletePortalInfo(final PortalScheme scheme) throws PortalInfoManagerException { LOGGER.debug("deleting Portal Info: {}", scheme.name()); try { @@ -123,9 +124,9 @@ public class DBPortalInfoManager extends DBManager implements Portal try { // Prefer HIRS to use HTTPS, but check HTTP if needed - info = getPortalInfo(PortalInfo.Scheme.HTTPS); + info = getPortalInfo(PortalScheme.HTTPS); if (info == null) { - info = getPortalInfo(PortalInfo.Scheme.HTTP); + info = getPortalInfo(PortalScheme.HTTP); } } catch (Exception e) { info = null; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java index 515d5c76..76f7c729 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DbImaBaselineRecordManager.java @@ -1,10 +1,10 @@ package hirs.persist; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.OptionalDigest; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.utils.Callback; import hirs.utils.Job; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java index 779d1613..fa6971d0 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DbImaBlacklistBaselineRecordManager.java @@ -3,8 +3,8 @@ package hirs.persist; import hirs.data.persist.Digest; import hirs.data.persist.ImaBlacklistRecord; import hirs.data.persist.OptionalDigest; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.utils.Callback; import hirs.utils.Job; diff --git a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java index 4ce4129b..2bbbe4d8 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManager.java @@ -5,7 +5,7 @@ import hirs.data.persist.Alert; import java.util.List; /** - * Class for managing the {@link hirs.data.persist.HealthStatus} + * Class for managing the {@link hirs.data.persist.enums.HealthStatus} * of a {@link hirs.data.persist.Device}. */ public interface DeviceHealthManager { diff --git a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java index 6f949816..a92ee314 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java +++ b/HIRS_Utils/src/main/java/hirs/persist/DeviceHealthManagerImpl.java @@ -3,7 +3,7 @@ package hirs.persist; import hirs.data.persist.Alert; import hirs.data.persist.Device; import hirs.data.persist.DeviceState; -import hirs.data.persist.HealthStatus; +import hirs.data.persist.enums.HealthStatus; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java index d8dab7c1..3d51e21d 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImaBaselineRecordManager.java @@ -1,9 +1,9 @@ package hirs.persist; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.utils.Callback; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java b/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java index 6ee6e753..9bda37d3 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImaBlacklistBaselineRecordManager.java @@ -2,8 +2,8 @@ package hirs.persist; import hirs.data.persist.Digest; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.QueryableRecordImaBaseline; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.QueryableRecordImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.utils.Callback; import java.util.Collection; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java b/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java index 8df6ab3e..a08f371f 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImportBaselineCSV.java @@ -1,6 +1,6 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.ima.IMABaselineGeneratorException; import hirs.ima.ImaIgnoreSetBaselineGenerator; import hirs.ima.ImaIgnoreSetBaselineGeneratorException; diff --git a/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java b/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java index 8529d40b..9207fd55 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ImportCLI.java @@ -1,6 +1,6 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; diff --git a/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java b/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java index 9603c26c..32f76bda 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/PolicyManager.java @@ -1,7 +1,7 @@ package hirs.persist; import hirs.appraiser.Appraiser; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Policy; diff --git a/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java b/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java index 3a6c5c4b..86dcd319 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java +++ b/HIRS_Utils/src/main/java/hirs/persist/PortalInfoManager.java @@ -1,6 +1,7 @@ package hirs.persist; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; /** * A PortalInfoManager manages PortalInfo objects. A @@ -49,7 +50,7 @@ public interface PortalInfoManager { * @throws PortalInfoManagerException * if unable to retrieve the PortalInfo */ - PortalInfo getPortalInfo(PortalInfo.Scheme scheme) + PortalInfo getPortalInfo(PortalScheme scheme) throws PortalInfoManagerException; /** @@ -64,7 +65,7 @@ public interface PortalInfoManager { * if unable to delete the PortalInfo for any reason other * than not found */ - boolean deletePortalInfo(PortalInfo.Scheme scheme) + boolean deletePortalInfo(PortalScheme scheme) throws PortalInfoManagerException; /** diff --git a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java index 8a3a13e4..951f8cc2 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java +++ b/HIRS_Utils/src/main/java/hirs/persist/ReferenceManifestSelector.java @@ -25,7 +25,9 @@ import java.util.UUID; */ public abstract class ReferenceManifestSelector { private static final String PLATFORM_MANUFACTURER = "platformManufacturer"; + private static final String PLATFORM_MANUFACTURER_ID = "platformManufacturerId"; private static final String PLATFORM_MODEL = "platformModel"; + private static final String RIM_TYPE_FIELD = "rimType"; private final ReferenceManifestManager referenceManifestManager; @@ -81,6 +83,17 @@ public abstract class ReferenceManifestSelector { return this; } + /** + * Specify the platform manufacturer id that rims must have to be considered + * as matching. + * @param manufacturerId string for the id of the manufacturer + * @return this instance + */ + public ReferenceManifestSelector byManufacturerId(final String manufacturerId) { + setFieldValue(PLATFORM_MANUFACTURER_ID, manufacturerId); + return this; + } + /** * Specify the platform model that rims must have to be considered * as matching. @@ -103,6 +116,16 @@ public abstract class ReferenceManifestSelector { return this; } + /** + * Specify the RIM Type to match. + * @param rimType the type of rim + * @return this instance + */ + public ReferenceManifestSelector byRimType(final String rimType) { + setFieldValue(RIM_TYPE_FIELD, rimType); + return this; + } + /** * Set a field name and value to match. * diff --git a/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java b/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java index 94a27035..74d2c954 100644 --- a/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java +++ b/HIRS_Utils/src/main/java/hirs/persist/SystemInit.java @@ -10,12 +10,12 @@ import hirs.appraiser.TPMAppraiser; import hirs.data.persist.DeviceGroup; import hirs.data.persist.HIRSPolicy; import hirs.data.persist.IMAPolicy; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; import hirs.data.persist.Policy; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.TPMPolicy; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.utils.HIRSProfiles; import hirs.utils.SpringContextProvider; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java b/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java index 1acedec6..e17e622f 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java +++ b/HIRS_Utils/src/main/java/hirs/repository/RPMRepository.java @@ -1,8 +1,8 @@ package hirs.repository; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.repository.measurement.PackageMeasurer; import hirs.repository.measurement.RPMMeasurer; import hirs.utils.exec.ExecBuilder; diff --git a/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java b/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java index 98718c15..fff1f741 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java +++ b/HIRS_Utils/src/main/java/hirs/repository/RepoPackage.java @@ -2,7 +2,7 @@ package hirs.repository; import com.fasterxml.jackson.annotation.JsonIgnore; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import org.hibernate.annotations.Type; import javax.persistence.CascadeType; diff --git a/HIRS_Utils/src/main/java/hirs/repository/Repository.java b/HIRS_Utils/src/main/java/hirs/repository/Repository.java index 769cb556..aabc33e9 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/Repository.java +++ b/HIRS_Utils/src/main/java/hirs/repository/Repository.java @@ -123,7 +123,7 @@ public abstract class Repository extends UserDefinedEntit /** * This method retrieves the given package and measures its contents. The resulting * measurements are stored in the given RepoPackage objects. The measurements - * are a set of {@link hirs.data.persist.IMABaselineRecord}s + * are a set of {@link hirs.data.persist.baseline.IMABaselineRecord}s * that describe the full file paths and their hashes * that a software package contains. The software package itself will also be measured, and * the measurement will be recorded in the RepoPackage. diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java index 4b0688b6..e7349cfb 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurer.java @@ -2,7 +2,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.repository.RPMRepoPackage; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.FileUtils; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java index 8edb9cd3..b7648311 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/InitramfsMeasurer.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import java.io.File; import java.io.FileNotFoundException; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java index a2e1cc2b..b8021b26 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/PackageMeasurer.java @@ -4,8 +4,8 @@ import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import org.apache.commons.codec.digest.DigestUtils; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java b/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java index f855f1db..4f3ed250 100644 --- a/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java +++ b/HIRS_Utils/src/main/java/hirs/repository/measurement/RPMMeasurer.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.utils.exec.ExecBuilder; import org.apache.commons.io.FileUtils; diff --git a/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java b/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java index 85bf7fb4..36140ad1 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/TPMBaselineGenerator.java @@ -2,18 +2,18 @@ package hirs.tpm; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.Report; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.TPMReport; -import hirs.data.persist.TpmBlackListBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmBlackListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; @@ -54,97 +54,97 @@ public class TPMBaselineGenerator { /** * FirmwareInfo's BIOS Vendor. */ - biosvendor, + BIOS_VENDOR, /** * FirmwareInfo's BIOS Version. */ - biosversion, + BIOS_VERSION, /** * FirmwareInfo's BIOS Release Date. */ - biosreleasedate, + BIOS_RELEASE_DATE, /** * HardwareInfo's Manufacturer. */ - manufacturer, + MANUFACTURER, /** * HardwareInfo's Product Name. */ - productname, + PRODUCT_NAME, /** * HardwareInfo's Version. */ - version, + VERSION, /** * HardwareInfo's Serial number. */ - systemserialnumber, + SYSTEM_SERIAL_NUMBER, /** * HardwareInfo's Chassis serial number. */ - chassisserialnumber, + CHASSIS_SERIAL_NUMBER, /** * HardwareInfo's baseboard serial number. */ - baseboardserialnumber, + BASEBOARD_SERIAL_NUMBER, /** * OSInfo's OS Name. */ - osname, + OS_NAME, /** * OSInfo's OS Version. */ - osversion, + OS_VERSION, /** * OSInfo's OS Arch. */ - osarch, + OS_ARCH, /** * OSInfo's Distribution. */ - distribution, + DISTRIBUTION, /** * OSInfo's Distribution Release. */ - distributionrelease, + DISTRIBUTION_RELEASE, /** * TPMInfo's TPM Make. */ - tpmmake, + TPM_MAKE, /** * TPMInfo's TPM Version Major. */ - tpmversionmajor, + TPM_VERSION_MAJOR, /** * TPMInfo's TPM Version Minor. */ - tpmversionminor, + TPM_VERSION_MINOR, /** * TPMInfo's TPM Version Rev Major. */ - tpmversionrevmajor, + TPM_VERSION_REV_MAJOR, /** * TPMInfo's TPM Version Rev Minor. */ - tpmversionrevminor; + TPM_VERSION_REV_MINOR; /** * Generates a CSV String from a map of TPMBaselineFields to values. @@ -181,19 +181,19 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String biosvendor = + final String biosVendor = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.biosvendor), defaultInfo.getBiosVendor()); + map.get(TPMBaselineFields.BIOS_VENDOR), defaultInfo.getBiosVendor()); - final String biosversion = + final String biosVersion = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.biosversion), defaultInfo.getBiosVersion()); + map.get(TPMBaselineFields.BIOS_VERSION), defaultInfo.getBiosVersion()); - final String biosreleasedate = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.biosreleasedate), + final String biosReleaseDate = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.BIOS_RELEASE_DATE), defaultInfo.getBiosReleaseDate()); - return new FirmwareInfo(biosvendor, biosversion, biosreleasedate); + return new FirmwareInfo(biosVendor, biosVersion, biosReleaseDate); } /** @@ -213,33 +213,33 @@ public class TPMBaselineGenerator { final String manufacturer = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.manufacturer), defaultInfo.getManufacturer()); + map.get(TPMBaselineFields.MANUFACTURER), defaultInfo.getManufacturer()); - final String productname = + final String productName = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.productname), defaultInfo.getProductName()); + map.get(TPMBaselineFields.PRODUCT_NAME), defaultInfo.getProductName()); final String version = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.version), defaultInfo.getVersion()); + map.get(TPMBaselineFields.VERSION), defaultInfo.getVersion()); - final String serialnumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.systemserialnumber), + final String serialNumber = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.SYSTEM_SERIAL_NUMBER), defaultInfo.getSystemSerialNumber()); final String chassisSerialNumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.chassisserialnumber), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.CHASSIS_SERIAL_NUMBER), defaultInfo.getChassisSerialNumber()); final String baseboardSerialNumber = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.baseboardserialnumber), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER), defaultInfo.getBaseboardSerialNumber()); return new HardwareInfo( manufacturer, - productname, + productName, version, - serialnumber, + serialNumber, chassisSerialNumber, baseboardSerialNumber ); @@ -260,27 +260,27 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String osname = + final String osName = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osname), defaultInfo.getOSName()); + map.get(TPMBaselineFields.OS_NAME), defaultInfo.getOSName()); - final String osversion = + final String osVersion = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osversion), defaultInfo.getOSVersion()); + map.get(TPMBaselineFields.OS_VERSION), defaultInfo.getOSVersion()); - final String osarch = + final String osArch = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.osarch), defaultInfo.getOSArch()); + map.get(TPMBaselineFields.OS_ARCH), defaultInfo.getOSArch()); final String distribution = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.distribution), + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.DISTRIBUTION), defaultInfo.getDistribution()); - final String distributionrelease = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.distributionrelease), + final String distributionRelease = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.DISTRIBUTION_RELEASE), defaultInfo.getDistributionRelease()); - return new OSInfo(osname, osversion, osarch, distribution, distributionrelease); + return new OSInfo(osName, osVersion, osArch, distribution, distributionRelease); } /** @@ -298,29 +298,29 @@ public class TPMBaselineGenerator { + " This method should not have been called with a null parameter."); } - final String tpmmake = + final String tpmMake = StringUtils.defaultIfBlank( - map.get(TPMBaselineFields.tpmmake), defaultInfo.getTPMMake()); + map.get(TPMBaselineFields.TPM_MAKE), defaultInfo.getTPMMake()); - final String tpmversionmajor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionmajor), + final String tpmVersionMajor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_MAJOR), "" + defaultInfo.getTPMVersionMajor()); - final String tpmversionminor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionminor), + final String tpmVersionMinor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_MINOR), "" + defaultInfo.getTPMVersionMinor()); - final String tpmversionrevmajor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionrevmajor), + final String tpmVersionRevMajor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_REV_MAJOR), "" + defaultInfo.getTPMVersionRevMajor()); - final String tpmversionrevminor = - StringUtils.defaultIfBlank(map.get(TPMBaselineFields.tpmversionrevminor), + final String tpmVersionRevMinor = + StringUtils.defaultIfBlank(map.get(TPMBaselineFields.TPM_VERSION_REV_MINOR), "" + defaultInfo.getTPMVersionMinor()); - return new TPMInfo(tpmmake, Short.valueOf(tpmversionmajor), - Short.valueOf(tpmversionminor), Short.valueOf(tpmversionrevmajor), - Short.valueOf(tpmversionrevminor)); + return new TPMInfo(tpmMake, Short.valueOf(tpmVersionMajor), + Short.valueOf(tpmVersionMinor), Short.valueOf(tpmVersionRevMajor), + Short.valueOf(tpmVersionRevMinor)); } } @@ -510,8 +510,8 @@ public class TPMBaselineGenerator { // Copy the criteria from the device info report corroborated the kernel update. final OSInfo referenceOSInfo = referenceBaseline.getOSInfo(); final HashMap map = new HashMap<>(); - map.put(TPMBaselineFields.osname, referenceOSInfo.getOSName()); - map.put(TPMBaselineFields.osversion, referenceOSInfo.getOSVersion()); + map.put(TPMBaselineFields.OS_NAME, referenceOSInfo.getOSName()); + map.put(TPMBaselineFields.OS_VERSION, referenceOSInfo.getOSVersion()); final OSInfo osInfo = TPMBaselineFields.toOSInfo(map, new OSInfo()); newBaseline.setOSInfo(osInfo); diff --git a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TcgTpmtHa.java b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TcgTpmtHa.java index 8461b643..08e562f5 100644 --- a/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TcgTpmtHa.java +++ b/HIRS_Utils/src/main/java/hirs/tpm/eventlog/TcgTpmtHa.java @@ -45,7 +45,6 @@ public class TcgTpmtHa { public static final int TPM_ALG_NULL_LENGTH = 0; /** buffer to hold the structure. */ private byte[] buffer = null; - /** * Constructor. * diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java index 004da27c..63ebe14a 100644 --- a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java +++ b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java @@ -4,9 +4,9 @@ import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import hirs.data.persist.AppraisalStatus; -import hirs.data.persist.ComponentInfo; +import hirs.data.persist.info.ComponentInfo; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.certificate.EndorsementCredential; import hirs.data.persist.certificate.PlatformCredential; import hirs.data.persist.certificate.attributes.ComponentIdentifier; diff --git a/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java b/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java index 9d54eff6..6c335f36 100644 --- a/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java +++ b/HIRS_Utils/src/test/java/hirs/DeviceGroupSerializerTest.java @@ -6,11 +6,11 @@ import hirs.data.persist.AppraisalStatus; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java b/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java index 915fb5b6..cbfbc82a 100644 --- a/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java +++ b/HIRS_Utils/src/test/java/hirs/appraiser/AppraiserTestUtil.java @@ -1,13 +1,13 @@ package hirs.appraiser; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAPolicy; import hirs.data.persist.IMAReport; -import hirs.data.persist.ImaIgnoreSetBaseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import org.apache.commons.codec.binary.Base64; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java index 7f719e95..c8288b58 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/AlertTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; +import hirs.data.persist.enums.AlertType; import java.util.Collections; import java.util.Date; import java.util.HashSet; @@ -27,9 +33,9 @@ public final class AlertTest { @Test public void testAlertDefaults() { Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); - Assert.assertEquals(alert.getType(), Alert.AlertType.UNSPECIFIED); - Assert.assertEquals(alert.getSource(), Alert.Source.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); + Assert.assertEquals(alert.getType(), AlertType.UNSPECIFIED); + Assert.assertEquals(alert.getSource(), AlertSource.UNSPECIFIED); Assert.assertNull(alert.getDisplayTitle()); } @@ -91,7 +97,7 @@ public final class AlertTest { public void testBaselineIdAndSeverity() { Alert alert = new Alert(TEST_DETAILS); ImaBaseline baseline = new SimpleImaBaseline(TEST_BASELINE_NAME); - baseline.setSeverity(Alert.Severity.SEVERE); + baseline.setSeverity(AlertSeverity.SEVERE); alert.setBaselineIdsAndSeverity(Collections.singleton(baseline)); Assert.assertEquals(alert.getBaselineIds().iterator().next(), baseline.getId()); Assert.assertEquals(alert.getSeverity(), baseline.getSeverity()); @@ -103,8 +109,8 @@ public final class AlertTest { @Test public void testSource() { Alert alert = new Alert(TEST_DETAILS); - alert.setSource(Alert.Source.IMA_APPRAISER); - Assert.assertEquals(alert.getSource(), Alert.Source.IMA_APPRAISER); + alert.setSource(AlertSource.IMA_APPRAISER); + Assert.assertEquals(alert.getSource(), AlertSource.IMA_APPRAISER); } /** @@ -113,9 +119,9 @@ public final class AlertTest { @Test public void testType() { Alert alert = new Alert(TEST_DETAILS); - alert.setType(Alert.AlertType.REPORT_REQUESTS_MISSING); + alert.setType(AlertType.REPORT_REQUESTS_MISSING); Assert.assertEquals(alert.getType(), - Alert.AlertType.REPORT_REQUESTS_MISSING); + AlertType.REPORT_REQUESTS_MISSING); } /** @@ -135,7 +141,7 @@ public final class AlertTest { @Test public void testSeverity() { Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); } /** @@ -143,18 +149,18 @@ public final class AlertTest { */ @Test public void testSetSeverity() { - final Alert.Severity baselineSeverity = Alert.Severity.SEVERE; - final Alert.Severity alertSeverity = Alert.Severity.LOW; + final AlertSeverity baselineSeverity = AlertSeverity.SEVERE; + final AlertSeverity alertSeverity = AlertSeverity.LOW; // Set up a baseline with a severity ImaBaseline baseline = new SimpleImaBaseline(TEST_BASELINE_NAME); baseline.setSeverity(baselineSeverity); - HashSet baselineSet = new HashSet(); + HashSet baselineSet = new HashSet<>(); baselineSet.add(baseline); // Track the status of the severity value Alert alert = new Alert(TEST_DETAILS); - Assert.assertEquals(alert.getSeverity(), Alert.Severity.UNSPECIFIED); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselineSet); Assert.assertEquals(alert.getSeverity(), baselineSeverity); alert.setSeverity(alertSeverity); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java index 221ec194..262236ad 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BaselineTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import java.io.Serializable; import java.util.List; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java index 0a86d20a..df74a115 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BatchImaMatchStatusTest.java @@ -1,5 +1,10 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java index a7221129..040979a5 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/BroadRepoImaBaselineTest.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.BroadRepoImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.io.UnsupportedEncodingException; import java.util.Collections; import java.util.HashSet; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java index dcc05301..23f4d4cc 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceGroupTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import java.util.Arrays; import java.util.HashSet; import java.util.Set; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java index 02496070..088a9a13 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceInfoReportTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.foss.XMLCleaner; import hirs.persist.DBReportManager; import hirs.persist.ReportManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java index 42ca9201..5670b296 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DeviceTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.HealthStatus; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java index 6c6a6423..319d40c4 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/DigestTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestComparisonResultType; +import hirs.data.persist.enums.DigestAlgorithm; import java.util.Arrays; import org.apache.commons.codec.digest.DigestUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java index a0ccd0c0..58c59db6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/FirmwareInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.FirmwareInfo; import org.apache.commons.lang3.StringUtils; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java index dc56a1d9..320b0e36 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/HardwareInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.HardwareInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java index d68a6952..accb9f95 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMADeviceStateTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.binary.Hex; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java index c58013a7..fc72a651 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAMeasurementRecordTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.enums.DigestAlgorithm; import java.text.ParseException; import org.apache.commons.codec.DecoderException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java index 3ca6d1ec..b6cce4a3 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAPolicyTest.java @@ -1,5 +1,12 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; import java.io.InputStream; import java.io.Serializable; import java.util.LinkedList; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java index 324465da..4e962afd 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/IMAReportTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import java.io.InputStream; import java.io.StringReader; import java.io.StringWriter; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java index 20d5e146..6dd168f5 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBaselineRecordTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import java.text.ParseException; import java.util.Set; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java index e84f6036..1c3ddc99 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistBaselineTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.persist.BaselineManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java index 4c20db65..ff26fa2e 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaBlacklistRecordTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.persist.DBManager; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java index c511bfcd..5de7375f 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/ImaIgnoreSetBaselineTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaIgnoreSetBaseline; +import hirs.data.persist.baseline.Baseline; import hirs.ima.matching.BatchImaMatchStatus; import java.util.Collections; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java index cc457b50..db1a79fb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/NetworkInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.NetworkInfo; import java.net.InetAddress; import java.net.UnknownHostException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java index 95478994..b3b75dfb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/OSInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import org.apache.commons.lang3.StringUtils; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java index bad6a62f..ef9fefeb 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/PortalInfoTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import java.net.InetAddress; import org.testng.Assert; import org.testng.annotations.Test; @@ -25,7 +27,7 @@ public class PortalInfoTest { */ @Test public void testScheme() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfo info = new PortalInfo(); info.setSchemeName(scheme); @@ -38,7 +40,7 @@ public class PortalInfoTest { */ @Test public void testSchemeNull() { - final PortalInfo.Scheme scheme = null; + final PortalScheme scheme = null; PortalInfo info = new PortalInfo(); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java index 263a9073..f26d883a 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/SimpleImaBaselineTest.java @@ -1,5 +1,11 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import hirs.ima.matching.BatchImaMatchStatus; import hirs.ima.matching.IMAMatchStatus; import hirs.persist.BaselineManager; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java index 82d1219d..05648863 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMBaselineTest.java @@ -1,5 +1,13 @@ package hirs.data.persist; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.baseline.Baseline; import static hirs.data.persist.TPMMeasurementRecord.MAX_PCR_ID; import static hirs.data.persist.TPMMeasurementRecord.MIN_PCR_ID; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java index 41fe7f23..a8186b4c 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMInfoTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.info.TPMInfo; import static hirs.data.persist.DeviceInfoReport.NOT_SPECIFIED; import java.io.FileNotFoundException; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java index fde70cfe..cf0f0ce6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMMeasurementRecordTest.java @@ -1,5 +1,7 @@ package hirs.data.persist; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.testng.Assert; @@ -37,7 +39,8 @@ public class TPMMeasurementRecordTest { */ @Test(expectedExceptions = NullPointerException.class) public final void tpmMeasurementRecordNullHash() { - new TPMMeasurementRecord(0, null); + Digest digest = null; + new TPMMeasurementRecord(0, digest); } /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java index 3e1f78ec..2c7792e6 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMPolicyTest.java @@ -1,5 +1,8 @@ package hirs.data.persist; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.enums.AlertSeverity; import java.io.InputStream; import java.io.Serializable; import java.util.Arrays; @@ -420,8 +423,8 @@ public class TPMPolicyTest extends HibernateTest { */ @Test public final void testSetKernelUpdateAlertSeverity() { - final Alert.Severity defaultSeverity = Alert.Severity.UNSPECIFIED; - final Alert.Severity newSeverity = Alert.Severity.INFO; + final AlertSeverity defaultSeverity = AlertSeverity.UNSPECIFIED; + final AlertSeverity newSeverity = AlertSeverity.INFO; TPMPolicy tpmPolicy = new TPMPolicy("TestTPMPolicy"); Assert.assertEquals(tpmPolicy.getKernelUpdateAlertSeverity(), defaultSeverity); tpmPolicy.setKernelUpdateAlertSeverity(newSeverity); diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java index 71286581..f904f2e9 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TPMReportTest.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.enums.DigestAlgorithm; import static org.apache.logging.log4j.LogManager.getLogger; import hirs.data.persist.tpm.PcrComposite; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java b/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java index adcc48d7..c52b881a 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TargetedRepoImaBaselineTest.java @@ -1,5 +1,9 @@ package hirs.data.persist; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.TargetedRepoImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.enums.ReportMatchStatus; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.ArrayList; diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java index e15cc998..8dd51834 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import javax.persistence.Entity; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java index ba0ce228..a3e1e9f1 100644 --- a/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java +++ b/HIRS_Utils/src/test/java/hirs/data/persist/TestBaseline2.java @@ -1,5 +1,6 @@ package hirs.data.persist; +import hirs.data.persist.baseline.Baseline; import javax.persistence.Entity; /** diff --git a/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java b/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java index fda53149..bb74ad68 100644 --- a/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java +++ b/HIRS_Utils/src/test/java/hirs/data/service/DeviceRegisterImplTest.java @@ -3,11 +3,11 @@ package hirs.data.service; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.info.TPMInfo; import hirs.persist.DeviceGroupManager; import hirs.persist.DeviceManager; diff --git a/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java index 6dac29f2..1328c4f9 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/CSVGeneratorTest.java @@ -2,17 +2,17 @@ package hirs.ima; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.OSInfo; -import hirs.data.persist.SimpleImaBaseline; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.OSInfo; +import hirs.data.persist.baseline.SimpleImaBaseline; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import hirs.tpm.TPMBaselineGenerator; import hirs.tpm.TPMBaselineGeneratorException; diff --git a/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java b/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java index f3082045..445c8d57 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java +++ b/HIRS_Utils/src/test/java/hirs/ima/IMATestUtil.java @@ -11,9 +11,9 @@ import org.testng.Assert; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; /** * This class contains utility methods and constants that can be used for IMA diff --git a/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java index 82fc6231..2d7b862a 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/ImaBlacklistBaselineGeneratorTest.java @@ -5,7 +5,7 @@ import org.testng.annotations.Test; import java.io.IOException; import java.io.InputStream; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import hirs.data.persist.ImaBlacklistRecord; /** diff --git a/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java index 7743a3da..b39c12d7 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/SimpleImaBaselineGeneratorTest.java @@ -1,12 +1,12 @@ package hirs.ima; import hirs.data.persist.IMAReport; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IntegrityReport; import hirs.data.persist.TPMReport; diff --git a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java index d7d3309f..064adf30 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptableHashRecordMatcherTest.java @@ -1,10 +1,10 @@ package hirs.ima.matching; import hirs.data.persist.Digest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.ReportMatchStatus; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.ReportMatchStatus; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SimpleImaBaselineTest; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java index b0bdbddc..d695a5dc 100644 --- a/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java +++ b/HIRS_Utils/src/test/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcherTest.java @@ -2,11 +2,11 @@ package hirs.ima.matching; import hirs.data.persist.Digest; import hirs.data.persist.DigestTest; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.IMAMeasurementRecord; -import hirs.data.persist.ImaAcceptableRecordBaseline; -import hirs.data.persist.ReportMatchStatus; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.ImaAcceptableRecordBaseline; +import hirs.data.persist.enums.ReportMatchStatus; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SimpleImaBaselineTest; import org.testng.Assert; import org.testng.annotations.Test; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java index 1e99695d..76731d9e 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBAlertManagerTest.java @@ -2,14 +2,16 @@ package hirs.persist; import hirs.FilteredRecordsList; import hirs.data.persist.Alert; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.Report; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.SpringPersistenceTest; import hirs.data.persist.TestReport; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; +import hirs.data.persist.enums.AlertSeverity; +import hirs.data.persist.enums.AlertSource; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.testng.Assert; @@ -629,7 +631,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { for (int i = 0; i < unresolvedDetails1.length; ++i) { newAlert = new Alert(unresolvedDetails1[i]); newAlert.setDeviceName(deviceName); - newAlert.setSource(Alert.Source.IMA_APPRAISER); + newAlert.setSource(AlertSource.IMA_APPRAISER); mgr.saveAlert(newAlert); } @@ -638,13 +640,13 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { for (int i = 0; i < unresolvedDetails2.length; ++i) { newAlert = new Alert(unresolvedDetails2[i]); newAlert.setDeviceName(deviceName); - newAlert.setSource(Alert.Source.TPM_APPRAISER); + newAlert.setSource(AlertSource.TPM_APPRAISER); mgr.saveAlert(newAlert); } - Assert.assertEquals(mgr.countUnresolvedAlerts(device, Alert.Source.IMA_APPRAISER), + Assert.assertEquals(mgr.countUnresolvedAlerts(device, AlertSource.IMA_APPRAISER), unresolvedDetails1.length); - Assert.assertEquals(mgr.countUnresolvedAlerts(device, Alert.Source.TPM_APPRAISER), + Assert.assertEquals(mgr.countUnresolvedAlerts(device, AlertSource.TPM_APPRAISER), unresolvedDetails2.length); } @@ -772,8 +774,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.SEVERE, Alert.Severity.SEVERE, - Alert.Severity.SEVERE, Alert.Severity.SEVERE); + Set baselines = initBaselines(AlertSeverity.SEVERE, AlertSeverity.SEVERE, + AlertSeverity.SEVERE, AlertSeverity.SEVERE); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -782,7 +784,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.SEVERE); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.SEVERE); } /** @@ -792,8 +794,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndSevereSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.SEVERE, Alert.Severity.HIGH, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.SEVERE, AlertSeverity.HIGH, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -802,7 +804,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.SEVERE); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.SEVERE); } /** @@ -812,8 +814,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndHighSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.HIGH, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.HIGH, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -822,7 +824,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.HIGH); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.HIGH); } /** @@ -832,8 +834,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndLowSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.LOW, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.LOW, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -842,7 +844,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.LOW); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.LOW); } /** @@ -852,8 +854,8 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { @Test public void testBaselineIdsAndInfoSeverity() { Alert alert = new Alert(ALERT_DETAILS); - Set baselines = initBaselines(Alert.Severity.INFO, Alert.Severity.INFO, - Alert.Severity.INFO, Alert.Severity.UNSPECIFIED); + Set baselines = initBaselines(AlertSeverity.INFO, AlertSeverity.INFO, + AlertSeverity.INFO, AlertSeverity.UNSPECIFIED); alert.setBaselineIdsAndSeverity(baselines); Set alertBaselines = alert.getBaselineIds(); @@ -862,7 +864,7 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { Assert.assertTrue(foundMatchingBaselineId(id, baselines)); } - Assert.assertEquals(alert.getSeverity(), Alert.Severity.INFO); + Assert.assertEquals(alert.getSeverity(), AlertSeverity.INFO); } private boolean foundMatchingBaselineId(final UUID baselineId, final Collection @@ -874,10 +876,10 @@ public final class DBAlertManagerTest extends SpringPersistenceTest { } return false; } - private Set initBaselines(final Alert.Severity severity, - final Alert.Severity severity2, - final Alert.Severity severity3, - final Alert.Severity severity4) { + private Set initBaselines(final AlertSeverity severity, + final AlertSeverity severity2, + final AlertSeverity severity3, + final AlertSeverity severity4) { final BaselineManager bMgr = new DBBaselineManager(sessionFactory); Baseline baseline = bMgr.saveBaseline(new TpmWhiteListBaseline(TEST_BASELINE_NAME + "1")); Baseline baseline2 = bMgr.saveBaseline(new TpmWhiteListBaseline(TEST_BASELINE_NAME + "2")); diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java index 140c39b5..e169d860 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBBaselineManagerTest.java @@ -4,15 +4,15 @@ import hirs.FilteredRecordsList; import java.io.UnsupportedEncodingException; import hirs.data.bean.SimpleBaselineBean; -import hirs.data.persist.Baseline; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.baseline.Baseline; +import hirs.data.persist.baseline.SimpleImaBaseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ImaBaseline; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.ImaBaseline; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import java.util.ArrayList; import java.util.Arrays; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java index 8f1f3f4c..f1b584eb 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBDeviceManagerTest.java @@ -12,8 +12,8 @@ import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.DeviceTest; -import hirs.data.persist.HealthStatus; -import hirs.data.persist.NetworkInfo; +import hirs.data.persist.enums.HealthStatus; +import hirs.data.persist.info.NetworkInfo; import hirs.data.persist.SpringPersistenceTest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java index 5b4d7a79..ffe91208 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBPortalInfoManagerTest.java @@ -9,7 +9,8 @@ import java.util.Map; import hirs.data.persist.SpringPersistenceTest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import hirs.data.persist.PortalInfo; +import hirs.data.persist.info.PortalInfo; +import hirs.data.persist.enums.PortalScheme; import org.testng.Assert; import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; @@ -52,7 +53,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void deletePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; LOGGER.debug("creating DBPortalInfoManager"); PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -78,7 +79,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void getPortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); PortalInfo info = new PortalInfo(); @@ -97,7 +98,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void savePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); PortalInfo info = new PortalInfo(); @@ -115,7 +116,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void updatePortalInfo() { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; final int port = 127; PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -139,13 +140,13 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { */ @Test public final void testGetPortalUrl() throws Exception { - final PortalInfo.Scheme scheme = PortalInfo.Scheme.HTTPS; + final PortalScheme scheme = PortalScheme.HTTPS; final int port = 127; final String contextName = "HIRS_Portal"; final String address = "localhost"; try { - HashMap envMap = new HashMap(System.getenv()); + HashMap envMap = new HashMap<>(System.getenv()); setEnv(envMap); PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); @@ -164,7 +165,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { Assert.assertEquals(url + urlExtension, URI.create(url + urlExtension).toString()); } finally { // Unset the process environment variable for other tests. - HashMap envMap = new HashMap(System.getenv()); + HashMap envMap = new HashMap<>(System.getenv()); envMap.remove("HIRS_HIBERNATE_CONFIG"); setEnv(envMap); } @@ -177,7 +178,7 @@ public class DBPortalInfoManagerTest extends SpringPersistenceTest { @Test public final void testGetPortalUrlNoPortalInfoObject() throws Exception { PortalInfoManager dbpim = new DBPortalInfoManager(sessionFactory); - dbpim.getPortalInfo(PortalInfo.Scheme.HTTPS); + dbpim.getPortalInfo(PortalScheme.HTTPS); String url = dbpim.getPortalUrlBase(); Assert.assertEquals(url, "Your_HIRS_Portal/"); diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java index 6967025e..a78c9b1c 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBReportManagerTest.java @@ -4,19 +4,19 @@ import hirs.FilteredRecordsList; import hirs.data.bean.SimpleImaRecordBean; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.ExamineState; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.enums.ExamineState; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IMAMeasurementRecord; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; import hirs.data.persist.SpringPersistenceTest; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.TPMMeasurementRecord; import hirs.data.persist.TPMReport; import org.apache.logging.log4j.Logger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java index b092a962..291e7619 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DBRepositoryManagerTest.java @@ -1,7 +1,7 @@ package hirs.persist; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; import hirs.repository.RPMRepoPackage; import hirs.repository.RepoPackage; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java index 2e16ac7b..7d56bd47 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DbImaBaselineRecordManagerTest.java @@ -1,10 +1,10 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; -import hirs.data.persist.SimpleImaBaseline; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; +import hirs.data.persist.baseline.SimpleImaBaseline; import java.io.UnsupportedEncodingException; import java.math.BigInteger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java b/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java index 2ce36663..dbdb6b8c 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DbImaBlacklistBaselineRecordManagerTest.java @@ -1,10 +1,10 @@ package hirs.persist; -import hirs.data.persist.Baseline; +import hirs.data.persist.baseline.Baseline; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import hirs.data.persist.ImaBlacklistRecord; -import hirs.data.persist.ImaBlacklistBaseline; +import hirs.data.persist.baseline.ImaBlacklistBaseline; import java.io.UnsupportedEncodingException; import java.math.BigInteger; diff --git a/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java b/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java index a2461b3a..08fbb241 100644 --- a/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java +++ b/HIRS_Utils/src/test/java/hirs/persist/DeviceHealthManagerImplTest.java @@ -4,7 +4,7 @@ import hirs.data.persist.Alert; import hirs.data.persist.Device; import hirs.data.persist.DeviceGroup; import hirs.data.persist.DeviceState; -import hirs.data.persist.HealthStatus; +import hirs.data.persist.enums.HealthStatus; import hirs.data.persist.Report; import hirs.data.persist.ReportSummary; diff --git a/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java b/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java index f0b7ab73..e2d7e6e2 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/RepoPackageTest.java @@ -1,8 +1,8 @@ package hirs.repository; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.baseline.IMABaselineRecord; import org.testng.Assert; import org.testng.annotations.AfterMethod; diff --git a/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java b/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java index 4345edcd..5ed1e513 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java +++ b/HIRS_Utils/src/test/java/hirs/repository/TestRepository.java @@ -1,6 +1,6 @@ package hirs.repository; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.persist.DBRepositoryManagerTest; import javax.persistence.Column; diff --git a/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java b/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java index 69a12997..c79d8fe5 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/YumRepositoryTest.java @@ -5,7 +5,7 @@ import static org.apache.logging.log4j.LogManager.getLogger; import java.net.URL; import java.util.HashSet; import java.util.Set; -import hirs.data.persist.IMABaselineRecord; +import hirs.data.persist.baseline.IMABaselineRecord; import hirs.data.persist.SpringPersistenceTest; import hirs.persist.DBRepositoryManager; import hirs.persist.RepositoryManager; diff --git a/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java b/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java index 061393f9..6bac6ca8 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/measurement/InitRamFsGeneratorAndMeasurerTest.java @@ -4,7 +4,7 @@ import com.google.common.collect.Multimap; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.io.FileUtils; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java b/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java index 697037f8..305b57bd 100644 --- a/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java +++ b/HIRS_Utils/src/test/java/hirs/repository/measurement/RPMMeasurerTest.java @@ -3,7 +3,7 @@ package hirs.repository.measurement; import com.google.common.collect.Multimap; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; +import hirs.data.persist.enums.DigestAlgorithm; import org.apache.commons.io.FileUtils; import org.testng.Assert; diff --git a/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java b/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java index b78f02f0..75ebdad8 100644 --- a/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java +++ b/HIRS_Utils/src/test/java/hirs/tpm/TPMBaselineGeneratorTest.java @@ -1,8 +1,8 @@ package hirs.tpm; -import hirs.data.persist.TPMBaseline; -import hirs.data.persist.TPMInfo; -import hirs.data.persist.TpmWhiteListBaseline; +import hirs.data.persist.baseline.TPMBaseline; +import hirs.data.persist.info.TPMInfo; +import hirs.data.persist.baseline.TpmWhiteListBaseline; import java.io.IOException; import java.io.InputStream; @@ -18,12 +18,12 @@ import org.testng.annotations.Test; import hirs.data.persist.DeviceInfoReport; import hirs.data.persist.Digest; -import hirs.data.persist.DigestAlgorithm; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; +import hirs.data.persist.enums.DigestAlgorithm; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; import hirs.data.persist.IMAReport; import hirs.data.persist.IntegrityReport; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.TPMReport; import org.apache.logging.log4j.LogManager; diff --git a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java index 7d7e1c8a..d16cf223 100644 --- a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java +++ b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java @@ -2,15 +2,15 @@ package hirs.validation; import hirs.client.collector.DeviceInfoCollector; import hirs.data.persist.AppraisalStatus; -import hirs.data.persist.ComponentInfo; +import hirs.data.persist.info.ComponentInfo; import hirs.data.persist.DeviceInfoReport; -import hirs.data.persist.FirmwareInfo; -import hirs.data.persist.HardwareInfo; -import hirs.data.persist.NICComponentInfo; -import hirs.data.persist.NetworkInfo; -import hirs.data.persist.OSInfo; +import hirs.data.persist.info.FirmwareInfo; +import hirs.data.persist.info.HardwareInfo; +import hirs.data.persist.info.NICComponentInfo; +import hirs.data.persist.info.NetworkInfo; +import hirs.data.persist.info.OSInfo; import hirs.data.persist.SupplyChainValidation; -import hirs.data.persist.TPMInfo; +import hirs.data.persist.info.TPMInfo; import hirs.data.persist.certificate.Certificate; import hirs.data.persist.certificate.CertificateAuthorityCredential; import hirs.data.persist.certificate.CertificateTest; diff --git a/build.gradle b/build.gradle index 26d24f74..ae1424e2 100644 --- a/build.gradle +++ b/build.gradle @@ -119,7 +119,7 @@ subprojects { 'com.fasterxml.jackson.core:jackson-databind:2.6.3', 'com.fasterxml.jackson.core:jackson-annotations:2.6.3'], jadira_usertype: 'org.jadira.usertype:usertype.core:4.0.0.GA', - jcommander: 'com.beust:jcommander:1.35', + jcommander: 'com.beust:jcommander:1.72', joda_time: 'joda-time:joda-time:2.9.4', jstl: [ 'org.apache.taglibs:taglibs-standard-impl:1.2.5', 'org.apache.taglibs:taglibs-standard-spec:1.2.5'], diff --git a/tools/tcg_rim_tool/RimSignCert.pem b/tools/tcg_rim_tool/RimSignCert.pem new file mode 100644 index 00000000..9d37a2fa --- /dev/null +++ b/tools/tcg_rim_tool/RimSignCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI +UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z +MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE +CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu +UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk +SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44 +/nBaccZDOjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cx +j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ +ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM +PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n +us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s +8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA +A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo +KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib +NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz +O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ +0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr +crTLeyFynlKxuCfDnr1SAHDM65BY +-----END CERTIFICATE----- diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index fd331228..15dc4693 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -7,6 +7,8 @@ repositories { dependencies { compile libs.minimal_json + compile libs.jcommander + compile libs.bouncy_castle testCompile libs.testng } @@ -17,6 +19,7 @@ jar { ) } from(configurations.compile.collect { it.isDirectory() ? it : zipTree(it) }) {} + exclude 'META-INF/*.RSA', 'META-INF/*.SF', 'META-INF/*.DSA' } uploadArchives { diff --git a/tools/tcg_rim_tool/identity_transform.xslt b/tools/tcg_rim_tool/identity_transform.xslt new file mode 100644 index 00000000..d249ca61 --- /dev/null +++ b/tools/tcg_rim_tool/identity_transform.xslt @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/tools/tcg_rim_tool/keystore.jks b/tools/tcg_rim_tool/keystore.jks index 1102b2c5..2877d7f4 100644 Binary files a/tools/tcg_rim_tool/keystore.jks and b/tools/tcg_rim_tool/keystore.jks differ diff --git a/tools/tcg_rim_tool/privateRimKey.pem b/tools/tcg_rim_tool/privateRimKey.pem new file mode 100644 index 00000000..afe282c4 --- /dev/null +++ b/tools/tcg_rim_tool/privateRimKey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCndZVhpEkbsQAG +NsB2oNhlcVJNXWcdj06X0Dn5by3nHAFcGvJkIZbEREavkCvIpY/F36rOOP5wWnHG +Qzo3XyMSFAjH8IRl48QmqmW4E7nDbBMQ57uGq0xq2qAMMx4NHFS4ik/wsY/TS+HX +DIMUV7D3R3129Pdtwu8WHdrdqn1tObpoGo+6nkJenOvAhTbBl+CQPK1hUGb7xseQ +xpSuCk3Iz7kECDbOX8WrDSqi2Noavs/Nsf66sK9oZsosw+haRUsiAATxDD3wdN+h +hIUcLtVhDJKvMiKdo4EVKBWJHvaQd6YfaVaMNB4eJjRUig+KT+NVUimNZ7rPN5nZ +LrpD8uaNAgMBAAECggEAcnG8npd9U0x7HMQMcsZoPaPdwHvF/gCzkLNA+8RM1bZh +A4ZzA5WlCQs0V8Wq9pyXjn7Wp8txsG1PdlT5k2AUgsVoXuR0R4IKyvYHQG9StEjH +GvWURmwJdLlnSg8hSYqEJ/52taNUDO6+MI8fgiaQDd8w0ryF4OCpLy9GJdnfkGYZ +Ayemb3USFUdj/S67NVqxnvAfFMM5FqkKGhkoy7wBRgO6eOeJvoTq8LMiPiponwwF +DW409ZStbrk1f1Oszst/UvFUWA9BdDfeoPmFR61y3eB5zlMQG8Mhr2v5hvkj9TPX +FU4Fm4EzZ1h/60cdWoP6XYCP7F2NqZ8N8u4UBQNAIQKBgQDcGIw5GJEvRF+FFTTR +hYatMRn80DGTVjdT32MgajdKx05OWxBmQsFob34fiSnr0wAXPJeDXG4ruMBE2bSk +EC8rCO08G8ihQoH8x0cvuERe1fpVWk3RWNucVGIiJSEXAIwWrlYZLTfYd5GqBkPE +OQxxo4MtOyqeHmVH1mOywk9ABQKBgQDCxt95luzqQZV9Xl78QQvOIbjOdHLjY23Z +yp8sGt9birL/WZ33TCRgmH1e61BdrSqO7Om/ail2Y59XM5UU6kLbDj0IgmOPTsrJ +JmIVf8r3bKltVUaLePgr4yex7dmtHRH8OkLXKnE0RCO0kCi9kJMB12yE3pWxk+Pu +zztQd3a66QKBgBNJd2g9deONe01fOVyu9clRhzR3ThDaOkj4R2h8xlGgO4V0R3Ce +ovIy6vt6epj2yYg/wAs720+rhfXCmijSXj/ILXnZ+W/gMyHimKNe42boG2LFYhJZ +Vg1R+7OAS3EHlD8ckeDs7Hrkp3gdymx0j1mZ+ZHKIIbwpPFxoRT2IBm9AoGBAI0Z +bIK0puP8psKvPrgWluq42xwUl7XKLaX8dtqIjQ3PqGP7E8g2TJP9Y7UDWrDB5Xas +gZi821R8Ts3o/DKukcgGxIgJjP4f4h9dwug4L1yWRxaBFB2tgHqqj/MBjxMtX/4M +Zqdgg6mNQyBm3lyVAynuWRrX9DE0JYa2cQ2VvVkhAoGBAMBv/oT813w00759PmkO +Uxv3LXTJuYBbq0Rmga25jN3ow8LrGQdSVg7F/af3I5KUF7mLiegDy1pkRfauyXH7 ++WhEqnf86vDrzPpytDMxinWOQZusCqeWHb+nuVTuL3Fv+GxEdwVGYI/7lFJ7B//h +P5rU93ZoYY7sWcGVqaaEkMRU +-----END PRIVATE KEY----- diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java new file mode 100644 index 00000000..96f3fe5a --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java @@ -0,0 +1,213 @@ +package hirs.swid; + +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.util.encoders.Base64; + +import java.io.*; +import java.security.*; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; + +/** + * This class parses private key, public key, and certificate for use in their respective java.security objects. + */ +public class CredentialParser { + private static final String X509 = "X.509"; + private static final String JKS = "JKS"; + private static final String PEM = "PEM"; + private static final String PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----"; + private static final String PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----"; + private static final String PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----"; + private static final String PKCS8_FOOTER = "-----END PRIVATE KEY-----"; + private X509Certificate certificate; + private PrivateKey privateKey; + private PublicKey publicKey; + + public X509Certificate getCertificate() { + return certificate; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public PublicKey getPublicKey() { + return publicKey; + } + + public void parseJKSCredentials() { + KeyStore.PrivateKeyEntry privateKeyEntry = + parseKeystorePrivateKey(SwidTagConstants.DEFAULT_KEYSTORE_PATH, + SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS, + SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD); + certificate = (X509Certificate) privateKeyEntry.getCertificate(); + privateKey = privateKeyEntry.getPrivateKey(); + publicKey = certificate.getPublicKey(); + } + + public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws FileNotFoundException { + certificate = parsePEMCertificate(certificateFile); + privateKey = parsePEMPrivateKey(privateKeyFile, "RSA"); + publicKey = certificate.getPublicKey(); + } + + /** + * This method returns the X509Certificate found in a PEM file. + * @param filename + * @return + * @throws FileNotFoundException + */ + private X509Certificate parsePEMCertificate(String filename) throws FileNotFoundException { + X509Certificate certificate = null; + FileInputStream fis = null; + BufferedInputStream bis = null; + try { + fis = new FileInputStream(filename); + bis = new BufferedInputStream(fis); + CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); + + while (bis.available() > 0) { + certificate = (X509Certificate) certificateFactory.generateCertificate(bis); + } + + bis.close(); + } catch (CertificateException e) { + System.out.println("Error in certificate factory: " + e.getMessage()); + } catch (IOException e) { + System.out.println("Error reading from input stream: " + e.getMessage()); + } finally { + try { + if (fis != null) { + fis.close(); + } + if (bis != null) { + bis.close(); + } + } catch (IOException e) { + System.out.println("Error closing input stream: " + e.getMessage()); + } + } + + return certificate; + } + + /** + * This method extracts the private key from a PEM file. + * Both PKCS1 and PKCS8 formats are handled. + * Algorithm argument is present to allow handling of multiple encryption algorithms, + * but for now it is always RSA. + * @param filename + * @return + */ + private PrivateKey parsePEMPrivateKey(String filename, String algorithm) { + PrivateKey privateKey = null; + FileInputStream fis = null; + DataInputStream dis = null; + try { + File file = new File(filename); + fis = new FileInputStream(file); + dis = new DataInputStream(fis); + byte[] key = new byte[(int) file.length()]; + dis.readFully(key); + dis.close(); + + String privateKeyStr = new String(key); + if (privateKeyStr.contains(PKCS1_HEADER)) { + privateKey = getPKCS1KeyPair(filename).getPrivate(); + } else if (privateKeyStr.contains(PKCS8_HEADER)) { + privateKeyStr = privateKeyStr.replace(PKCS8_HEADER, ""); + privateKeyStr = privateKeyStr.replace(PKCS8_FOOTER, ""); + + byte[] decodedKey = Base64.decode(privateKeyStr); + PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decodedKey); + KeyFactory keyFactory = KeyFactory.getInstance(algorithm); + + privateKey = keyFactory.generatePrivate(spec); + } + } catch (FileNotFoundException e) { + System.out.println("Unable to locate private key file: " + filename); + } catch (NoSuchAlgorithmException e) { + System.out.println("Unable to instantiate KeyFactory with algorithm: " + algorithm); + } catch (IOException e) { + System.out.println("IOException: " + e.getMessage()); + } catch (InvalidKeySpecException e) { + System.out.println("Error instantiating PKCS8EncodedKeySpec object: " + e.getMessage()); + } finally { + try { + if (fis != null) { + fis.close(); + } + if (dis != null) { + dis.close(); + } + } catch (IOException e) { + System.out.println("Error closing input stream: " + e.getMessage()); + } + } + + return privateKey; + } + + /** + * This method reads a PKCS1 keypair from a PEM file. + * @param filename + * @return + */ + private KeyPair getPKCS1KeyPair(String filename) throws IOException { + Security.addProvider(new BouncyCastleProvider()); + PEMParser pemParser = new PEMParser(new FileReader(filename)); + JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); + KeyPair keyPair = converter.getKeyPair((PEMKeyPair) pemParser.readObject()); + + return keyPair; + } + + /** + * This method returns the private key from a JKS keystore. + * @param keystoreFile + * @param alias + * @param password + * @return KeyStore.PrivateKeyEntry + */ + private KeyStore.PrivateKeyEntry parseKeystorePrivateKey(String keystoreFile, String alias, String password) { + KeyStore keystore = null; + KeyStore.PrivateKeyEntry privateKey = null; + try { + keystore = KeyStore.getInstance("JKS"); + keystore.load(new FileInputStream(keystoreFile), password.toCharArray()); + privateKey = (KeyStore.PrivateKeyEntry) keystore.getEntry(alias, + new KeyStore.PasswordProtection(password.toCharArray())); + } catch (FileNotFoundException e) { + System.out.println("Cannot locate keystore " + keystoreFile); + } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | IOException e) { + e.printStackTrace(); + } + + return privateKey; + } + + /** + * Utility method for extracting the subjectKeyIdentifier from an X509Certificate. + * The subjectKeyIdentifier is stored as a DER-encoded octet and will be converted to a String. + * @return + */ + public String getCertificateSubjectKeyIdentifier() throws IOException { + String decodedValue = null; + byte[] extension = certificate.getExtensionValue(SwidTagConstants.CERTIFICATE_SUBJECT_KEY_IDENTIFIER); + if (extension != null) { + decodedValue = JcaX509ExtensionUtils.parseExtensionValue(extension).toString(); + } + //If there is a # symbol at the beginning of the string, remove it + if (decodedValue.startsWith("#")) { + decodedValue = decodedValue.substring(1); + } + return decodedValue; + } +} diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java index 9c83b043..1f93b38c 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java @@ -1,50 +1,60 @@ package hirs.swid; import hirs.swid.utils.Commander; +import com.beust.jcommander.JCommander; + +import java.io.FileNotFoundException; import java.io.IOException; -/* - * Command-line application for generating and validating SWID tags. - * Input arg: path to *.swidtag file - * - * If an argument is given it will be validated against the schema at http://standards.iso.org/iso/19770/-2/2015/schema.xsd - * If an argument is not given a SWID tag file will be generated. - */ public class Main { public static void main(String[] args) { - Commander commander = new Commander(args); + Commander commander = new Commander(); + JCommander jc = JCommander.newBuilder().addObject(commander).build(); + jc.parse(args); SwidTagGateway gateway = new SwidTagGateway(); - if (commander.hasArguments()) { - // we have arguments to work with - if (commander.isAttributesGiven()) { - gateway.setAttributesFile(commander.getAttributesFile()); - } - if (commander.isKeystoreGiven()) { - gateway.setKeystoreFile(commander.getKeystore()); - } - if (commander.isShowCert()) { - gateway.setShowCert(true); - } - - if (commander.create()) { - // parsing the arguments detected a create parameter (-c) - gateway.generateSwidTag(commander.getCreateOutFile()); - } - if (commander.validate()) { - // parsing the arguments detected a validation parameter (-v) - try { - gateway.validateSwidTag(commander.getValidateFile()); - } catch (IOException e) { - System.out.println("Unable to validate file: " + e.getMessage()); + if (commander.isHelp()) { + jc.usage(); + System.out.println(commander.printHelpExamples()); + } else { + if (!commander.getVerifyFile().isEmpty()) { + System.out.println(commander.toString()); + String verifyFile = commander.getVerifyFile(); + String publicCertificate = commander.getPublicCertificate(); + if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) { + try { + gateway.validateSwidTag(verifyFile); + } catch (IOException e) { + System.out.println("Error validating RIM file: " + e.getMessage()); + System.exit(1); + } + } else { + System.out.println("Need both a RIM file to validate and a public certificate to validate with!"); + System.exit(1); } - } - if (commander.parse()) { - try { - gateway.parsePayload(commander.getParseFile()); - } catch (IOException e) { - System.out.println("Unable to parse file: " + e.getMessage()); + } else { + System.out.println(commander.toString()); + String createType = commander.getCreateType().toUpperCase(); + String attributesFile = commander.getAttributesFile(); + String certificateFile = commander.getPublicCertificate(); + String privateKeyFile = commander.getPrivateKeyFile(); + switch (createType) { + case "BASE": + if (!attributesFile.isEmpty()) { + gateway.setAttributesFile(attributesFile); + } + if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { + gateway.setDefaultCredentials(false); + gateway.setPemCertificateFile(certificateFile); + gateway.setPemPrivateKeyFile(privateKeyFile); + } + gateway.generateSwidTag(commander.getOutFile()); + break; + case "EVENTLOG": + break; + case "PCR": + break; } } } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java index bad1a213..1e19a0a5 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java @@ -20,15 +20,10 @@ public class SwidTagConstants { public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; - public static final String SCHEMA_STATEMENT = "ISO/IEC 19770-2:2015 Schema (XSD 1.0) " - + "- September 2015, see http://standards.iso.org/iso/19770/-2/2015/schema.xsd"; public static final String SCHEMA_PACKAGE = "hirs.swid.xjc"; public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI; public static final String SCHEMA_URL = "swid_schema.xsd"; - public static final String HIRS_SWIDTAG_HEADERS = "hirsSwidTagHeader.properties"; - public static final String EXAMPLE_PROPERTIES = "swidExample.properties"; - public static final String SOFTWARE_IDENTITY = "SoftwareIdentity"; public static final String ENTITY = "Entity"; public static final String LINK = "Link"; @@ -147,48 +142,5 @@ public class SwidTagConstants { "http://csrc.nist.gov/ns/swid/2015-extensions/1.0", "pathSeparator", "n8060"); -//Below properties can probably be deleted - public static final String SOFTWARE_IDENTITY_NAME = "softwareIdentity.name"; - public static final String SOFTWARE_IDENTITY_TAGID = "softwareIdentity.tagId"; - public static final String SOFTWARE_IDENTITY_VERSION = "softwareIdentity.version"; - public static final String SOFTWARE_IDENTITY_CORPUS = "softwareIdentity.corpus"; - public static final String SOFTWARE_IDENTITY_PATCH = "softwareIdentity.patch"; - public static final String SOFTWARE_IDENTITY_SUPPLEMENTAL = "softwareIdentity.supplemental"; - - public static final String ENTITY_NAME = "entity.name"; - public static final String ENTITY_REGID = "entity.regid"; - public static final String ENTITY_ROLE = "entity.role"; - public static final String ENTITY_THUMBPRINT = "entity.thumbprint"; - - public static final String LINK_HREF = "link.href"; - public static final String LINK_REL = "link.rel"; - - public static final String META_PCURILOCAL = "softwareMeta.pcUriLocal"; - public static final String META_BINDINGSPEC = "softwareMeta.bindingSpec"; - public static final String META_BINDINGSPECVERSION = "softwareMeta.bindingSpecVersion"; - public static final String META_PLATFORMMANUFACTURERID = "softwareMeta.platformManufacturerId"; - public static final String META_PLATFORMMANUFACTURERSTR = "softwareMeta.platformManufacturerStr"; - public static final String META_PLATFORMMODEL = "softwareMeta.platformModel"; - public static final String META_COMPONENTCLASS = "softwareMeta.componentClass"; - public static final String META_COMPONENTMANUFACTURER = "softwareMeta.componentManufacturer"; - public static final String META_COMPONENTMANUFACTURERID = "softwareMeta.componentManufacturerId"; - public static final String META_RIMLINKHASH = "softwareMeta.rimLinkHash"; - - public static final String PAYLOAD_ENVVARPREFIX = "n8060.envvarprefix"; - public static final String PAYLOAD_ENVVARSUFFIX = "n8060.envvarsuffix"; - public static final String PAYLOAD_PATHSEPARATOR = "n8060.pathseparator"; - - public static final String DIRECTORY_KEY = "directory.key"; - public static final String DIRECTORY_LOCATION = "directory.location"; - public static final String DIRECTORY_NAME = "directory.name"; - public static final String DIRECTORY_ROOT = "directory.root"; - public static final String FILE_KEY = "file.key"; - public static final String FILE_LOCATION = "file.location"; - public static final String FILE_NAME = "file.name"; - public static final String FILE_ROOT = "file.root"; - public static final String FILE_SIZE = "file.size"; - public static final String FILE_VERSION = "file.version"; - - public static final int PCR_NUMBER = 0; - public static final int PCR_VALUE = 1; + public static final String CERTIFICATE_SUBJECT_KEY_IDENTIFIER = "2.5.29.14"; } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 8673ae36..4fbe8b52 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -1,18 +1,19 @@ package hirs.swid; -import javax.xml.bind.JAXB; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; import javax.xml.bind.UnmarshalException; +import javax.xml.crypto.dsig.keyinfo.*; import javax.xml.transform.OutputKeys; import javax.xml.transform.Source; import javax.xml.transform.TransformerFactory; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerException; +import javax.xml.transform.dom.DOMResult; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import javax.xml.transform.stream.StreamSource; @@ -29,7 +30,6 @@ import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dsig.CanonicalizationMethod; import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.SignedInfo; import javax.xml.crypto.dsig.Transform; import javax.xml.crypto.dsig.XMLSignature; @@ -37,78 +37,48 @@ import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.dom.DOMValidateContext; -import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; -import javax.xml.crypto.dsig.keyinfo.KeyInfo; -import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.TransformParameterSpec; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.ByteArrayInputStream; import java.io.BufferedReader; import java.io.FileNotFoundException; -import java.io.OutputStream; -import java.io.FileInputStream; import java.io.FileOutputStream; import java.nio.charset.StandardCharsets; import java.nio.file.Files; -import java.nio.file.Path; import java.nio.file.Paths; -import java.security.InvalidAlgorithmParameterException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.UnrecoverableEntryException; -import java.security.cert.CertificateException; +import java.security.*; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; -import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.Properties; import java.math.BigInteger; -import hirs.swid.utils.CsvParser; -import hirs.swid.utils.HashSwid; -import hirs.swid.xjc.BaseElement; -import hirs.swid.xjc.CanonicalizationMethodType; -import hirs.swid.xjc.DigestMethodType; import hirs.swid.xjc.Directory; import hirs.swid.xjc.Entity; import hirs.swid.xjc.Link; import hirs.swid.xjc.ObjectFactory; import hirs.swid.xjc.ResourceCollection; -import hirs.swid.xjc.ReferenceType; -import hirs.swid.xjc.SignatureType; -import hirs.swid.xjc.SignatureValueType; -import hirs.swid.xjc.SignatureMethodType; -import hirs.swid.xjc.SignedInfoType; import hirs.swid.xjc.SoftwareIdentity; import hirs.swid.xjc.SoftwareMeta; -import hirs.swid.xjc.TransformType; -import hirs.swid.xjc.TransformsType; import com.eclipsesource.json.Json; import com.eclipsesource.json.JsonObject; -import com.eclipsesource.json.JsonObject.Member; -import com.eclipsesource.json.JsonValue; -import com.eclipsesource.json.Location; import com.eclipsesource.json.ParseException; @@ -120,32 +90,16 @@ import com.eclipsesource.json.ParseException; */ public class SwidTagGateway { - private static final QName _DEFAULT_QNAME = new QName( - "http://www.w3.org/2000/09/xmldsig#", "SHA256", "ds"); - private static final QName _SHA1Value_QNAME = new QName( - "http://www.w3.org/2000/09/xmldsig#", "SHA1", "ds"); - private static final QName _SHA384Value_QNAME = new QName( - "http://www.w3.org/2000/09/xmldsig#", "SHA384", "ds"); - private static final QName _SHA512Value_QNAME = new QName( - "http://www.w3.org/2000/09/xmldsig#", "SHA512", "ds"); private static final QName _SHA256_HASH = new QName( "http://www.w3.org/2001/04/xmlenc#sha256", "hash", "SHA256"); - private final ObjectFactory objectFactory = new ObjectFactory(); - private final File generatedFile = new File("generated_swidTag.swidtag"); - private QName hashValue = null; - private JAXBContext jaxbContext; private Marshaller marshaller; private Unmarshaller unmarshaller; private String attributesFile; - /** - * The keystoreFile is used in signXMLDocument() to pass in the keystore path. - * The same method requires the keystore password and the alias of the private key, - * which would need to be passed in if not using the default keystore. - */ - private String keystoreFile; - private boolean showCert; + private boolean defaultCredentials; + private String pemPrivateKeyFile; + private String pemCertificateFile; /** * Default constructor initializes jaxbcontext, marshaller, and unmarshaller @@ -156,8 +110,8 @@ public class SwidTagGateway { marshaller = jaxbContext.createMarshaller(); unmarshaller = jaxbContext.createUnmarshaller(); attributesFile = SwidTagConstants.DEFAULT_ATTRIBUTES_FILE; - keystoreFile = SwidTagConstants.DEFAULT_KEYSTORE_PATH; - showCert = false; + defaultCredentials = true; + pemCertificateFile = ""; } catch (JAXBException e) { System.out.println("Error initializing jaxbcontext: " + e.getMessage()); } @@ -172,107 +126,37 @@ public class SwidTagGateway { } /** - * Setter for String holding keystore path - * @param keystore + * Setter for boolean governing signing credentials + * @param defaultCredentials + * @return */ - public void setKeystoreFile(String keystoreFile) { - this.keystoreFile = keystoreFile; + public void setDefaultCredentials(boolean defaultCredentials) { + this.defaultCredentials = defaultCredentials; } /** - * Setter for boolean to display certificate block in xml signature - * @param showCert + * Setter for private key file in PEM format + * @param pemPrivateKeyFile */ - public void setShowCert(boolean showCert) { - this.showCert = showCert; + public void setPemPrivateKeyFile(String pemPrivateKeyFile) { + this.pemPrivateKeyFile = pemPrivateKeyFile; } - /** - * default generator method that has no parameters + /** Setter for certificate file in PEM format + * @param pemCertificateFile */ - public void generateSwidTag() { - generateSwidTag(""); - } - - /** - * This generator method is used by the create method. - * - * This method should be updated to incorporate the RIM fields that are implemented - * in generateSwidTag(final File outputFile) below. - * - * @param inputFile - the file in csv format that is used as data - * @param outputFile - output specific to the given file - * @param hashType - the optional labeling of the hash type - */ - public void generateSwidTag(final String inputFile, - final String outputFile, final String hashType) { - // create file instances - File input = new File(inputFile); - File output = new File(outputFile); - List tempList = new LinkedList<>(); - - // I need to go over this again about which needs to be checked. - if (input.exists()) { - // parse the csv file - CsvParser parser = new CsvParser(input); - for (String line : parser.getContent()) { - tempList.add(line); - } - - if (hashType.contains("256")) { - hashValue = _DEFAULT_QNAME; - } else if (hashType.contains("384")) { - hashValue = _SHA384Value_QNAME; - } else if (hashType.contains("512")) { - hashValue = _SHA512Value_QNAME; - } else if (hashType.contains("1")) { - hashValue = _SHA1Value_QNAME; - } else { - hashValue = _DEFAULT_QNAME; - } - - // generate a swid tag - Properties properties = new Properties(); - InputStream is = null; - try { - is = SwidTagGateway.class.getClassLoader().getResourceAsStream(SwidTagConstants.HIRS_SWIDTAG_HEADERS); - properties.load(is); - - SoftwareIdentity swidTag = createSwidTag(new JsonObject()); - - JAXBElement entity = objectFactory.createSoftwareIdentityEntity(createEntity(new JsonObject())); - swidTag.getEntityOrEvidenceOrLink().add(entity); - - // we should have resources, there for we need a collection - JAXBElement resources = objectFactory.createSoftwareIdentityPayload(createPayload(tempList, hashValue)); - swidTag.getEntityOrEvidenceOrLink().add(resources); - - JAXBElement jaxbe = objectFactory.createSoftwareIdentity(swidTag); - writeSwidTagFile(jaxbe, output); - } catch (IOException e) { - System.out.println("Error reading properties file: "); - e.printStackTrace(); - } finally { - if (is != null) { - try { - is.close(); - } catch (IOException ex) { - // ignore - } - } - } - } + public void setPemCertificateFile(String pemCertificateFile) { + this.pemCertificateFile = pemCertificateFile; } /** * This method generates a base RIM from the values in a JSON file. * - * @param outputFile + * @param filename */ public void generateSwidTag(final String filename) { SoftwareIdentity swidTag = null; try { - System.out.println("Reading base rim values from " + attributesFile); BufferedReader jsonIn = Files.newBufferedReader(Paths.get(attributesFile), StandardCharsets.UTF_8); JsonObject configProperties = Json.parse(jsonIn).asObject(); //SoftwareIdentity @@ -318,12 +202,7 @@ public class SwidTagGateway { } Document signedSoftwareIdentity = signXMLDocument(objectFactory.createSoftwareIdentity(swidTag)); - System.out.println("Signature core validity: " + validateSignedXMLDocument(signedSoftwareIdentity)); - if (!filename.isEmpty()) { - writeSwidTagFile(signedSoftwareIdentity, new File(filename)); - } else { - writeSwidTagFile(signedSoftwareIdentity, generatedFile); - } + writeSwidTagFile(signedSoftwareIdentity, filename); } /** @@ -334,51 +213,33 @@ public class SwidTagGateway { * @param path the location of the file to be validated */ public boolean validateSwidTag(String path) throws IOException { - JAXBElement jaxbe = unmarshallSwidTag(path); - SoftwareIdentity swidTag = (SoftwareIdentity) jaxbe.getValue(); - String output = String.format("name: %s;\ntagId: %s\n%s", - swidTag.getName(), swidTag.getTagId(), - SwidTagConstants.SCHEMA_STATEMENT); - System.out.println("SWID Tag found: "); - System.out.println(output); + Document document = unmarshallSwidTag(path); + Element softwareIdentity = (Element) document.getElementsByTagName("SoftwareIdentity").item(0); + StringBuilder si = new StringBuilder("Base RIM detected:\n"); + si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); + si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); + System.out.println(si.toString()); + System.out.println("Signature core validity: " + validateSignedXMLDocument(document)); return true; } - /** - * This method calls the marshal() method that writes the swidtag data to the output file. - * - * @param jaxbe - * @param outputFile - */ - public void writeSwidTagFile(JAXBElement jaxbe, File outputFile) { - JAXBContext jaxbContext; - try { - jaxbContext = JAXBContext.newInstance(SwidTagConstants.SCHEMA_PACKAGE); - Marshaller marshaller = jaxbContext.createMarshaller(); - marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - marshaller.marshal(jaxbe, outputFile); - } catch (JAXBException e) { - System.out.println("Error generating xml: "); - e.printStackTrace(); - } - } - /** * This method writes a Document object out to the file specified by generatedFile. * * @param swidTag */ - public void writeSwidTagFile(Document swidTag, File outputFile) { + public void writeSwidTagFile(Document swidTag, String output) { try { - OutputStream outStream = new FileOutputStream(outputFile); TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); transformer.setOutputProperty(OutputKeys.INDENT, "yes"); transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2"); Source source = new DOMSource(swidTag); - System.out.println("Writing to file: " + outputFile.getName()); - transformer.transform(source, new StreamResult(outStream)); - transformer.transform(source, new StreamResult(System.out)); + if (output.isEmpty()) { + transformer.transform(source, new StreamResult(System.out)); + } else { + transformer.transform(source, new StreamResult(new FileOutputStream(output))); + } } catch (FileNotFoundException e) { System.out.println("Unable to write to file: " + e.getMessage()); } catch (TransformerConfigurationException e) { @@ -392,7 +253,7 @@ public class SwidTagGateway { * This method creates SoftwareIdentity element based on the parameters read in from * a properties file. * - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return SoftwareIdentity object created from the properties */ private SoftwareIdentity createSwidTag(JsonObject jsonObject) { @@ -426,7 +287,7 @@ public class SwidTagGateway { * This method creates an Entity object based on the parameters read in from * a properties file. * - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return Entity object created from the properties */ private Entity createEntity(JsonObject jsonObject) { @@ -463,7 +324,7 @@ public class SwidTagGateway { /** * Thsi method creates a Link element based on the parameters read in from a properties * file. - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return Link element created from the properties */ private Link createLink(JsonObject jsonObject) { @@ -483,7 +344,7 @@ public class SwidTagGateway { /** * This method creates a Meta element based on the parameters read in from a properties * file. - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return the Meta element created from the properties */ private SoftwareMeta createSoftwareMeta(JsonObject jsonObject) { @@ -514,15 +375,15 @@ public class SwidTagGateway { /** * This method creates a Payload from the parameters read in from a properties file. * - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return the Payload object created */ private ResourceCollection createPayload(JsonObject jsonObject) { ResourceCollection payload = objectFactory.createResourceCollection(); Map attributes = payload.getOtherAttributes(); - addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARPREFIX, jsonObject.getString(SwidTagConstants.PAYLOAD_ENVVARPREFIX, "")); - addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARSUFFIX, jsonObject.getString(SwidTagConstants.PAYLOAD_ENVVARSUFFIX, "")); - addNonNullAttribute(attributes, SwidTagConstants._N8060_PATHSEPARATOR, jsonObject.getString(SwidTagConstants.PAYLOAD_PATHSEPARATOR, "")); + addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARPREFIX, jsonObject.getString(SwidTagConstants._N8060_ENVVARPREFIX.getLocalPart(), "")); + addNonNullAttribute(attributes, SwidTagConstants._N8060_ENVVARSUFFIX, jsonObject.getString(SwidTagConstants._N8060_ENVVARSUFFIX.getLocalPart(), "")); + addNonNullAttribute(attributes, SwidTagConstants._N8060_PATHSEPARATOR, jsonObject.getString(SwidTagConstants._N8060_PATHSEPARATOR.getLocalPart(), "")); return payload; } @@ -530,7 +391,7 @@ public class SwidTagGateway { /** * This method creates a Directory from the parameters read in from a properties file. * - * @param properties the Properties object containing parameters from file + * @param jsonObject the Properties object containing parameters from file * @return Directory object created from the properties */ private Directory createDirectory(JsonObject jsonObject) { @@ -540,13 +401,7 @@ public class SwidTagGateway { addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_TYPE, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_TYPE, "")); addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_FORMAT, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_FORMAT, "")); addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, "")); -/* - directory.setLocation(jsonObject.getString(SwidTagConstants.DIRECTORY_LOCATION)); - String directoryRoot = jsonObject.getString(SwidTagConstants.DIRECTORY_ROOT); - if (!directoryRoot.isEmpty()) { - directory.setRoot(directoryRoot); - } -*/ + return directory; } @@ -554,8 +409,7 @@ public class SwidTagGateway { * This method creates a hirs.swid.xjc.File from three arguments, then calculates * and stores its hash as an attribute in itself. * - * @param filename - * @param location + * @param jsonObject * @return hirs.swid.xjc.File object from File object */ private hirs.swid.xjc.File createFile(JsonObject jsonObject) { @@ -577,32 +431,6 @@ public class SwidTagGateway { } } - /** - * This method creates a Payload from a list of Strings and a hash algorithm. - * The Strings in the list are expected to be in the form of "[PCR_NUMBER],[PCR_VALUE]" - * and the hash algorithm is attached as the file's xml namespace identifier. - * - * @param populate - * @return - */ - private ResourceCollection createPayload(List populate, QName hashStr) { - ResourceCollection rc = objectFactory.createResourceCollection(); - hirs.swid.xjc.File xjcFile = null; - String[] tempArray = null; - - for (String item : populate) { - xjcFile = objectFactory.createFile(); - - tempArray = item.split(","); - - xjcFile.setName(tempArray[SwidTagConstants.PCR_NUMBER]); - xjcFile.getOtherAttributes().put(hashStr, tempArray[SwidTagConstants.PCR_VALUE]); - rc.getDirectoryOrFileOrProcess().add(xjcFile); - } - - return rc; - } - /** * This method signs a SoftwareIdentity with an xmldsig in compatibility mode. * Current assumptions: digest method SHA256, signature method SHA256, enveloped signature @@ -623,34 +451,47 @@ public class SwidTagGateway { sigFactory.newSignatureMethod(SwidTagConstants.SIGNATURE_ALGORITHM_RSA_SHA256, null), Collections.singletonList(reference) ); - KeyStore keystore = KeyStore.getInstance("JKS"); - keystore.load(new FileInputStream(keystoreFile), SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD.toCharArray()); - KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) keystore.getEntry(SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS, - new KeyStore.PasswordProtection(SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD.toCharArray())); - X509Certificate certificate = (X509Certificate) privateKey.getCertificate(); + List keyInfoElements = new ArrayList(); + KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory(); - ArrayList x509Content = new ArrayList(); - x509Content.add(certificate.getSubjectX500Principal().getName()); - if (showCert) { + PrivateKey privateKey; + PublicKey publicKey; + CredentialParser cp = new CredentialParser(); + if (defaultCredentials) { + cp.parseJKSCredentials(); + privateKey = cp.getPrivateKey(); + publicKey = cp.getPublicKey(); + } else { + cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile); + X509Certificate certificate = cp.getCertificate(); + privateKey = cp.getPrivateKey(); + publicKey = cp.getPublicKey(); + ArrayList x509Content = new ArrayList(); + x509Content.add(certificate.getSubjectX500Principal().getName()); x509Content.add(certificate); + X509Data data = kiFactory.newX509Data(x509Content); + keyInfoElements.add(data); } - X509Data data = kiFactory.newX509Data(x509Content); - KeyInfo keyinfo = kiFactory.newKeyInfo(Collections.singletonList(data)); + KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier()); + keyInfoElements.add(keyName); + KeyValue keyValue = kiFactory.newKeyValue(publicKey); + keyInfoElements.add(keyValue); + KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements); doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); marshaller.marshal(swidTag, doc); - DOMSignContext context = new DOMSignContext(privateKey.getPrivateKey(), doc.getDocumentElement()); + DOMSignContext context = new DOMSignContext(privateKey, doc.getDocumentElement()); XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyinfo); signature.sign(context); } catch (FileNotFoundException e) { System.out.println("Keystore not found! " + e.getMessage()); } catch (IOException e) { System.out.println("Error loading keystore: " + e.getMessage()); - } catch (NoSuchAlgorithmException | KeyStoreException | InvalidAlgorithmParameterException | - ParserConfigurationException | UnrecoverableEntryException e) { + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | + ParserConfigurationException e) { System.out.println(e.getMessage()); - } catch (CertificateException e) { - System.out.println("Certificate error: " + e.getMessage()); + } catch (KeyException e) { + System.out.println("Error setting public key in KeyValue: " + e.getMessage()); } catch (JAXBException e) { System.out.println("Error marshaling signed swidtag: " + e.getMessage()); } catch (MarshalException | XMLSignatureException e) { @@ -733,92 +574,26 @@ public class SwidTagGateway { } /** - * Given an input swidtag at [path] parse any PCRs in the payload into an InputStream object. - * This method will be used in a following pull request. - * - * @param path - * @return - * @throws IOException - */ - public ByteArrayInputStream parsePayload(String path) throws IOException { - JAXBElement jaxbe = unmarshallSwidTag(path); - SoftwareIdentity softwareIdentity = (SoftwareIdentity) jaxbe.getValue(); - String pcrs = ""; - if (!softwareIdentity.getEntityOrEvidenceOrLink().isEmpty()) { - List swidtag = softwareIdentity.getEntityOrEvidenceOrLink(); - for (Object obj : swidtag) { - try { - JAXBElement element = (JAXBElement) obj; - String elementName = element.getName().getLocalPart(); - if (elementName.equals(SwidTagConstants.PAYLOAD)) { - ResourceCollection rc = (ResourceCollection) element.getValue(); - if (!rc.getDirectoryOrFileOrProcess().isEmpty()) { - pcrs = parsePCRs(rc.getDirectoryOrFileOrProcess()); - } - } - } catch (ClassCastException e) { - System.out.println("Found a non-JAXBElement object!" + e.getMessage()); - throw new IOException("Found an invalid element in the swidtag file!"); - } - } - } - return new ByteArrayInputStream(pcrs.getBytes(StandardCharsets.UTF_8)); - } - - /** - * This method traverses a hirs.swid.xjc.Directory recursively until it finds at - * least one hirs.swid.xjc.File. This File is expected to have an attribute of the form - * "[hash algorithm]=[hash value]." - * - * @param list of swidtag elements - * @return the hash value(s) parsed from the File object(s) - */ - private String parsePCRs(List list) { - final String newline = System.lineSeparator(); - StringBuilder sb = new StringBuilder(); - for (Object listItem : list) { - if (listItem instanceof Directory) { - Directory dir = (Directory) listItem; - if (!dir.getDirectoryOrFile().isEmpty()) { - parsePCRs(dir.getDirectoryOrFile()); - } - } else if (listItem instanceof hirs.swid.xjc.File){ - hirs.swid.xjc.File pcr = (hirs.swid.xjc.File) listItem; - String pcrHash = ""; - if (!pcr.getOtherAttributes().isEmpty()) { - Object[] fileAttributes = pcr.getOtherAttributes().values().toArray(); - pcrHash = (String) fileAttributes[0]; - } - if (pcrHash.isEmpty()) { - pcrHash = "null"; - } - sb.append(pcr.getName() + "," + pcrHash); - } - } - System.out.println(sb.toString()); - return sb.toString(); - } - - /** - * This method unmarshalls the swidtag found at [path] into a JAXBElement object + * This method unmarshalls the swidtag found at [path] into a Document object * and validates it according to the schema. * * @param path to the input swidtag * @return the SoftwareIdentity element at the root of the swidtag * @throws IOException if the swidtag cannot be unmarshalled or validated */ - private JAXBElement unmarshallSwidTag(String path) throws IOException { - File input = null; - InputStream is = null; - JAXBElement swidtag = null; - try { - input = new File(path); - is = SwidTagGateway.class.getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL); - SchemaFactory schemaFactory = SchemaFactory.newInstance(SwidTagConstants.SCHEMA_LANGUAGE); - Schema schema = schemaFactory.newSchema(new StreamSource(is)); - unmarshaller.setSchema(schema); - swidtag = (JAXBElement) unmarshaller.unmarshal(input); - } catch (SAXException e) { + private Document unmarshallSwidTag(String path) { + InputStream is = null; + Document document = null; + try { + document = removeXMLWhitespace(path); + is = SwidTagGateway.class.getClassLoader().getResourceAsStream(SwidTagConstants.SCHEMA_URL); + SchemaFactory schemaFactory = SchemaFactory.newInstance(SwidTagConstants.SCHEMA_LANGUAGE); + Schema schema = schemaFactory.newSchema(new StreamSource(is)); + unmarshaller.setSchema(schema); + unmarshaller.unmarshal(document); + } catch (IOException e) { + System.out.println(e.getMessage()); + } catch (SAXException e) { System.out.println("Error setting schema for validation!"); } catch (UnmarshalException e) { System.out.println("Error validating swidtag file!"); @@ -827,18 +602,46 @@ public class SwidTagGateway { } catch (JAXBException e) { e.printStackTrace(); } finally { - if (is != null) { - try { - is.close(); - } catch (IOException e) { - System.out.println("Error closing input stream"); - } - } - if (swidtag != null) { - return swidtag; - } else { - throw new IOException("Invalid swidtag file!"); - } + if (is != null) { + try { + is.close(); + } catch (IOException e) { + System.out.println("Error closing input stream"); + } + } } + + return document; + } + + /** + * This method strips all whitespace from an xml file, including indents and spaces + * added for human-readability. + * @param path + * @return + */ + private Document removeXMLWhitespace(String path) throws IOException { + TransformerFactory tf = TransformerFactory.newInstance(); + Source source = new StreamSource(new File("identity_transform.xslt")); + Document document = null; + File input = new File(path); + if (input.length() > 0) { + try { + Transformer transformer = tf.newTransformer(source); + DOMResult result = new DOMResult(); + transformer.transform(new StreamSource(input), result); + document = (Document) result.getNode(); + } catch (TransformerConfigurationException e) { + System.out.println("Error configuring transformer!"); + e.printStackTrace(); + } catch (TransformerException e) { + System.out.println("Error transforming input!"); + e.printStackTrace(); + } + } else { + throw new IOException("Input file is empty!"); + } + + return document; } } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java index 5c51e167..da380b03 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java @@ -6,292 +6,119 @@ import java.nio.file.Files; import java.nio.file.InvalidPathException; import java.nio.file.Paths; +import com.beust.jcommander.Parameter; + /** * Commander is a class that handles the command line arguments for the SWID - * Tags gateway. + * Tags gateway by implementing the JCommander package. */ public class Commander { - private static final String COMMAND_PREFIX = "-"; - private static final String FULL_COMMAND_PREFIX = "--"; - private static final String CREATE_STRING = "create"; - private static final String VERIFY_STRING = "verify"; - private static final String HELP_STRING = "help"; - private static final String PARSE_STRING = "parse"; - private static final String ATTRIBUTES_STRING = "attributes"; - private static final String KEYSTORE_STRING = "keystore"; - private static final String SHOW_CERT_STRING = "show-cert"; - - private boolean hasArguments = false; - private boolean validate = false; - private boolean create = false; - private boolean parse = false; - private boolean attributesGiven = false; - private boolean keystoreGiven = false; - private boolean showCert = false; - - private String validateFile; - private String createOutFile = ""; - private String parseFile; + @Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.") + private boolean help; + @Parameter(names = {"-c", "--create \"base\""}, order = 0, + description = "The type of RIM to create. A base RIM will be created by default.") + private String createType = "";//other possible values: "eventlog" and "pcr" + @Parameter(names = {"-a", "--attributes "}, order = 1, + description = "The configuration file holding attributes to populate the base RIM with.") private String attributesFile = ""; - private String keystore = ""; - private String hashAlg = null; - - /** - * The main constructor for the Commander class - * - * @param args - */ - public Commander(final String[] args) { - hasArguments = args.length > 0; - - if (hasArguments) { - parseArguments(args); - } else { - printHelp(); - } - - if (create) { - if (hashAlg == null) { - hashAlg = "256"; - } - - if (!getCreateOutFile().isEmpty() && !isValidPath(getCreateOutFile())) { - printHelp(String.format("Invalid file path %s!", getCreateOutFile())); - } - } + @Parameter(names = {"-o", "--out "}, order = 2, + description = "The file to write the RIM out to. The RIM will be written to stdout by default.") + private String outFile = ""; + @Parameter(names = {"-v", "--verify "}, order = 3, + description = "Specify a RIM file to verify.") + private String verifyFile = ""; + @Parameter(names = {"-k", "--privateKeyFile "}, order = 4, + description = "File containing the private key used to sign the base RIM created by the create function.") + private String privateKeyFile = ""; + @Parameter(names = {"-p", "--publicCertificate "}, order = 5, + description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " + + "A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.") + private String publicCertificate = ""; +/* + @Parameter(names = {"-l", "--rimel "}, order = 6, + description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.") + private String rimEventLog = ""; + @Parameter(names = {"-t", "--rimpcr "}, order = 7, + description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.") + private String rimPcrs = ""; + //@Parameter(names = {}, order = 8, description = "") + private String toBeSigned = ""; + @Parameter(names = {"-s", "--addSignatureData "}, order = 8, + description = "The signature data in will be combined with the data in " + + "and written to , or will overwrite if is not given.") + private String signatureData = ""; +*/ + public boolean isHelp() { + return help; } - /** - * The default blank constructor - */ - public Commander() { - + public String getCreateType() { + return createType; } - /** - * This method is called if an empty Commander was created, and later gets - * args. Will be used by the main constructor. - * - * @param args - */ - public final void parseArguments(final String[] args) { - String tempValue; - - for (int i = 0; i < args.length; i++) { - tempValue = args[i]; - - switch (tempValue) { - case FULL_COMMAND_PREFIX + CREATE_STRING: - case COMMAND_PREFIX + "c": - create = true; - if (i+1 < args.length && !args[i+1].substring(0,1).equals(COMMAND_PREFIX)) { - createOutFile = args[++i]; - } - break; - case FULL_COMMAND_PREFIX + ATTRIBUTES_STRING: - case COMMAND_PREFIX + "a": - attributesGiven = true; - if (i+1 < args.length && !args[i+1].substring(0,1).equals(COMMAND_PREFIX)) { - attributesFile = args[++i]; - } - break; - case FULL_COMMAND_PREFIX + VERIFY_STRING: - case COMMAND_PREFIX + "v": - validate = true; - validateFile = args[++i]; - break; - case FULL_COMMAND_PREFIX + PARSE_STRING: - case COMMAND_PREFIX + "p": - parse = true; - parseFile = args[++i]; - break; - case FULL_COMMAND_PREFIX + SHOW_CERT_STRING: - showCert = true; - break; - case FULL_COMMAND_PREFIX + HELP_STRING: - case COMMAND_PREFIX + "h": - default: - printHelp(); - } - } - } - - /** - * Getter for the input validate file associated with the validate flag - * - * @return - */ - public final String getValidateFile() { - return validateFile; - } - - /** - * Getter for the output file for the create flag - * - * @return - */ - public final String getCreateOutFile() { - return createOutFile; - } - - /** - * Getter for the property that indicates if something was given at the - * commandline. - * - * @return - */ - public final boolean hasArguments() { - return hasArguments; - } - - /** - * Getter for the validate command flag. - * - * @return - */ - public final boolean validate() { - return validate; - } - - /** - * Getter for the create command flag. - * - * @return - */ - public final boolean create() { - return create; - } - - /** - * Getter for the hash algorithm to be used for hash functions. - * - * @return - */ - public final String getHashAlg() { - return hashAlg; - } - - /** - * Getter for the parse command flag - * - * @return - */ - public final boolean parse() { - return parse; - } - - /** - * Getter for the file to be parsed by the parse command flag - * - * @return - */ - public final String getParseFile() { - return parseFile; - } - - /** - * Getter for the attributes file given flag - * @return - */ - public boolean isAttributesGiven() { - return attributesGiven; - } - - /** - * Getter for the file containing attribute key-value pairs - * @return - */ public String getAttributesFile() { return attributesFile; } - /** - * Getter for the keystore given flag - * @return - */ - public boolean isKeystoreGiven() { - return keystoreGiven; + public String getOutFile() { + return outFile; } - /** - * Getter for the keystore used for digital signatures - * @return - */ - public String getKeystore() { - return keystore; + public String getVerifyFile() { + return verifyFile; } - /** - * Getter for boolean to show certificate data or not - * @return - */ - public boolean isShowCert() { - return showCert; + public String getPrivateKeyFile() { + return privateKeyFile; } - /** - * Default no parameter help method. - */ - private void printHelp() { - printHelp(null); + public String getPublicCertificate() { + return publicCertificate; } - - /** - * This method is used to inform the user of the allowed functionality of - * the program. - */ - private void printHelp(String message) { - StringBuilder sb = new StringBuilder(); - - if (message != null && !message.isEmpty()) { - sb.append(String.format("ERROR: %s\n\n", message)); - } - sb.append("Usage: HIRS_SwidTag\n"); - sb.append(" -c, --create \t\tCreate a base rim and write to\n" - + " \t\t\t\tthe given file. If no file is given the default is\n" - + " \t\t\t\tgenerated_swidTag.swidtag\n\n"); - sb.append(" -a, --attributes \tSpecify the JSON file that contains\n" - + " \t\t\t\tthe xml attributes to add to the RIM\n\n"); - sb.append(" -v, --verify\t\t\tTakes the provided input file and\n" - + " \t\t\t\tvalidates it against the schema at\n" - + " \t\t\t\thttp://standards.iso.org/iso/19770/-2/2015/schema.xsd\n\n"); - sb.append(" -p, --parse \t\tParse the given swidtag's payload\n\n"); /* - sb.append(" -k, --keystore \tSpecify the keystore and its location to use\n" - + " \t\t\t\tfor digital signatures\n"); - */ - sb.append(" --show-cert\t\t\tPrint the certificate in the signature block of\n" - + " \t\t\t\tthe base RIM\n\n"); - sb.append(" -h, --help, \tPrints this command help information.\n"); - sb.append(" \t\t\t\tListing no command arguments will also\n" - + " \t\t\t\tprint this help text.\n\n"); - sb.append("Example commands: \n" - + " Create a base rim from the default attribute file and write the rim\n" - + " to generated_swidTag.swidtag:\n\n" - + " \t\tjava -jar tcg_rim_tool-1.0.jar -c\n\n" - + " Create a base rim from the values in config.json and write the rim\n" - + " to base_rim.swidtag:\n\n" - + " \t\tjava -jar tcg_rim_tool-1.0.jar -c base_rim.swidtag -a config.json\n\n" - + " "); - - System.out.println(sb.toString()); - System.exit(1); + public String getRimEventLog() { + return rimEventLog; } - - /** - * Checks that the file given to create a new swidtag is a valid path. - * @param filepath - * @return - */ - public static boolean isValidPath(String filepath) { - try { - System.out.println("Checking for a valid creation path..."); - File file = new File(filepath); - file.createNewFile(); - } catch (IOException | InvalidPathException | NullPointerException ex) { - return false; - } - return true; + + public String getRimPcrs() { + return rimPcrs; + } + + public String getToBeSigned() { + return toBeSigned; + } + + public String getSignatureData() { + return signatureData; + } +*/ + public String printHelpExamples() { + StringBuilder sb = new StringBuilder(); + sb.append("Create a base RIM using the values in attributes.json; " + + "sign it with the default keystore, alias, and password;\n"); + sb.append("and write the data to base_rim.swidtag:\n\n"); + sb.append("\t\t-c base -a attributes.json -o base_rim.swidtag\n\n\n"); + sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n"); + sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n"); + sb.append("\t\t-c base -k privateKey.pem -p cert.pem\n\n\n"); + + return sb.toString(); + } + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("Creating: " + getCreateType() + System.lineSeparator()); + sb.append("Using attributes file: " + getAttributesFile() + System.lineSeparator()); + sb.append("Write to: " + getOutFile() + System.lineSeparator()); + sb.append("Verify file: " + getVerifyFile() + System.lineSeparator()); + sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator()); + sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator()); +/* + sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator()); + sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator()); + sb.append("Base RIM to be signed: " + getToBeSigned() + System.lineSeparator()); + sb.append("External signature file: " + getSignatureData() + System.lineSeparator()); +*/ + return sb.toString(); } } diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java index bee91cf2..793c0ed6 100644 --- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java +++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java @@ -14,17 +14,16 @@ import org.testng.annotations.Test; public class TestSwidTagGateway { private SwidTagGateway gateway; - private String inputFile, outputFile, hashType; private final String DEFAULT_OUTPUT = "generated_swidTag.swidtag"; private final String DEFAULT_WITH_CERT = "generated_with_cert.swidtag"; private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag"; + private final String certificateFile = "RimSignCert.pem"; + private final String privateKeyFile = "privateRimKey.pem"; private InputStream expectedFile; @BeforeClass public void setUp() throws Exception { gateway = new SwidTagGateway(); - inputFile = TestSwidTagGateway.class.getClassLoader().getResource("examplecsv.csv").getFile(); - hashType = "SHA256"; } @AfterClass @@ -35,29 +34,35 @@ public class TestSwidTagGateway { } /** - * Creating a base RIM with default attributes with an X509Certificate element. + * This test corresponds to the arguments: + * -c base -k privateRimKey.pem -p RimSignCert.pem */ @Test - public void testGenerateDefaultWithCert() { - gateway.setShowCert(true); - gateway.generateSwidTag(); + public void testCreateBaseWithCert() { + gateway.setDefaultCredentials(false); + gateway.setPemCertificateFile(certificateFile); + gateway.setPemPrivateKeyFile(privateKeyFile); + gateway.generateSwidTag(DEFAULT_OUTPUT); expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_WITH_CERT); Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); } /** - * Create a base RIM with default attributes without an X509Certificate element. + * This test corresponds to the arguments: + * -c base + * -c base -a */ @Test - public void testGenerateDefaultNoCert() { - gateway.setShowCert(false); - gateway.generateSwidTag(); + public void testCreateBaseWithoutCert() { + gateway.setDefaultCredentials(true); + gateway.generateSwidTag(DEFAULT_OUTPUT); expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_NO_CERT); Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); } /** - * Validate a base RIM with default attributes with an X509Certificate element. + * This test corresponds to the arguments: + * -v -p RimSignCert.pem */ @Test public void testValidateSwidTag() { @@ -68,35 +73,6 @@ public class TestSwidTagGateway { } } - /** - * Verify expected values of a File element in a Payload element. - */ - @Test - public void testParsePayload() { - InputStream is = null; - outputFile = TestSwidTagGateway.class.getClassLoader().getResource(DEFAULT_WITH_CERT).getPath(); - try { - is = gateway.parsePayload(outputFile); - Scanner scanner = new Scanner(is, "UTF-8"); - String test = "Example.com.iotBase.bin,688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d"; - String temp = ""; - while (scanner.hasNext()) { - temp = scanner.next(); - Assert.assertEquals(temp, test, "temp: " + temp + ", test: " + test); - } - } catch (IOException e) { - Assert.fail("Error parsing test file!"); - } finally { - if (is != null) { - try { - is.close(); - } catch (IOException e) { - Assert.fail("Failed to close input stream!"); - } - } - } - } - /** * This method compares two files by bytes to determine if they are the same or not. * @param file to be compared to the expected value. diff --git a/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag index 6269de6b..8887df6c 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag @@ -26,9 +26,17 @@ zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O /iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A== - - CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US - + 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 + + + p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx +xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9 +dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q +otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW +jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ== + AQAB + + diff --git a/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag index be75f5a0..336ea344 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag @@ -28,23 +28,35 @@ sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A== CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US - MIIDYTCCAkmgAwIBAgIJAPB+r6VBhBn4MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw + MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxEjAQBgNVBAMM -CUV4YW1wbGVDQTAeFw0yMDAyMTAxODE1MzRaFw0yOTEyMTkxODE1MzRaMFwxCzAJBgNVBAYTAlVT +CUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0zMDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVT MQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNV BAMMEmV4YW1wbGUuUklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1 lWGkSRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44/nBaccZD OjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cxj9NL4dcMgxRXsPdHfXb0 923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY 2hq+z82x/rqwr2hmyizD6FpFSyIABPEMPfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0 -Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMC -BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAGuJ+dasb3/Mb7TBJ1Oe -al5ISq8d2LQD5ke5qnjgSQWKXfQ9fcUy3dWnt3Oked/i8B/Tyk3jCdTZJU3J3iRNgTqFfMLP8rU1 -w2tPYBjjuPKiiK4YRBHPxtFxPdOL1BPmL4ZzNs33Lv6H0m4aff9p6QpMclX5b/CRjl+80JWRLiLj -U3B0CejZB9dJrPr9SBaC31cDoeTpja9Cl86ip7KkqrZZIYeMuNF6ucWyWtjrW2kr3UhmEy8x/6y4 -KigsK8sBwmNv4N2Pu3RppeIcpjYj5NVA1hwRA4eeMgJp2u+urm3l1oo1UNX1HsSSBHp1Owc9zZLm -07Pl8T46kpIA4sroCAU= +Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoB +hhqWT+3s8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAwCwYD +VR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQBl2Bu9xpnH +CCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQoKQxsfZuk7QcSvVd/1v8mqwJ0PwbF +KQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfibNLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDR +utuMKyOTf4a6d8TUcbG2RnyzO/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8 +mVkXUPWYyHTZ0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr +crTLeyFynlKxuCfDnr1SAHDM65BY + 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 + + + p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx +xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9 +dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q +otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW +jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ== + AQAB + +