1026 Commits

Author SHA1 Message Date
Cyrus
09aafa8041
[#168] Additional fields added to the Issued AC (#201)
* Added additional code pulled from the original branch for these changes aik-field-additions.
* Updated code to include the TCG Credential Specification, which is a different version from the Platform specification.
2019-11-13 10:46:00 -05:00
busaboy1340
00287725da
[#194] Update TPM Provisioner Docker images with latest PACCOR (v1.1.3r3) (#200)
* [#195] Components identified by Component Class will have hardware IDs translated to names

* Update TPM Docker images to latest PACCOR(v1.1.3r3). Comment out the
failing system tests caused by invalid input to PACCOR.
2019-11-07 09:37:06 -05:00
Cyrus
0ede7191ad
[#191] ACA Processing TPM Quote/PCRs from Certificate Request (#197)
* Updated the ACA to verify that the quote and pcrlist exist before trying to parse them.

* Removed unused methods for the tpmquote process.
2019-10-29 09:34:06 -04:00
Cyrus
c7454c945e
[#190] Provision update for quote and pcrs (#196)
* This commit includes functioning TPM quote code that is sent to the ACA.  In addition it has code to also sent the pcrs list results.

Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.Additional changes to correct code for sending the pcr list over to the ACA.

* Changed the requirement for the field into protobuf to optional from required.
2019-10-29 09:33:35 -04:00
busaboy1340
75b9c2ddf7
[#192] Update TPM Provisioner docker images with latest PACCOR (#193)
* Updated TPM Docker images to use PACOR (v1.1.2r3) and TPM 2.0 Emulator
(v1332)

* Use updated TPM Provisioner docker images from Docker Hub.
2019-10-01 09:53:04 -04:00
chubtub
7ea30e3167
Merge pull request #189 from nsacyber/new_version
Update version from 1.0.4 to 1.1.0
2019-09-12 11:32:45 -04:00
chubtub
a52ab2e112 Update version from 1.0.4 to 1.1.0 2019-09-12 09:19:45 -04:00
chubtub
cdd54c8773
Merge pull request #183 from nsacyber/mysql_upgrade_script
[#180] Upgrade hirs_db schema according to upgrade version
2019-09-12 08:38:09 -04:00
chubtub
6cc2a7815a Slight clean up 2019-09-11 12:35:27 -04:00
Cyrus
91520f4b5f Updated syntax. 2019-09-11 12:35:27 -04:00
Cyrus
a476e0783c Updated spec file to cp the version number of the upgraded package. 2019-09-11 12:35:27 -04:00
chubtub
8af49dc6b7 WIP: update version number in ACA banner following upgrade 2019-09-11 12:35:27 -04:00
chubtub
b140ab46e9 Added scripts to upgrade hirs_db schema according to package upgrade. At the time of writing
there are schema changes when upgrading from 1.0.3 to 1.0.4 but not when upgrading to 1.1.0.
These scripts are called when 'yum upgrade HIRS_AttestationCA' is invoked.

Fixed script file path

Fixed MySQL syntax error

These changes now differentiate between upgrade versions and add respective columns, and also
account for upgrades from 1.0.3 directly to 1.1.0.
2019-09-11 12:34:23 -04:00
busaboy1340
6a59033768
Updated system tests from changes in latest Master build. (#187) 2019-09-11 07:55:24 -04:00
iadgovuser26
7c6a533764
Updated README.md links 2019-09-09 10:40:13 -04:00
iadgovuser26
af3036cbbe
Update README.md 2019-09-05 17:22:41 -04:00
iadgovuser26
62a7c9870f
Updated for the version 1.1 release. 2019-09-05 17:21:58 -04:00
iadgovuser26
f0ec345714
Updated images for version 1.1 2019-09-05 17:03:46 -04:00
Cyrus
f73d65c952
[#181] Delta holder validation (#186)
* This is a quick fix to ensure that a delta that is being uploaded has a holder serial number that exists in the database.

* Fixed syntax issues.

* Through further testing with delta certificates that had differing begin validity dates, the code to test the sorting failed.  This push includes a fix that places the deltas in the proper order.

In addition, this code includes a placeholder for deltas that don't have an existing holder certificate in the database.

* Findbugs is a cumbersome COTS product that generates more hassle than help.  Upon indicating 'dodgy' code about redundant null checks, that didn't exist, it then didn't like using non-short circuit operators to verify that both objects are not null.  It then spells out what non-shorting curcuit operators do, without acknowledges that's what you mean to do.
2019-08-29 13:35:41 -04:00
Cyrus
9318c22549
[#167] Component color failure (#185)
* Initial changes to pull down the serial from the validation reports page and transfer them to the certificates details page.  This will then allow the certificate details page to reference the serial numbers that are in failure.

* This is an attempt to transfer data from page to page via the certificate manager.

* Previous attempt didn't work, the manager isn't saving the summary.  Switching to augmenting the database by adding a new column for platform credentials.

* These changes add identifying color to the components that fail validation in the base certificate.  This code however does change the database by adding a new column to track the fails and pass to the classes that display the information.

* Updated the jsp display of the highlighted component to red background with a white foreground.  Updated the index of the string parse to not use magic numbers.
2019-08-29 11:45:22 -04:00
Cyrus
2e07d2cfd7
The validation page was not showing an error icon for attributes failures. This was due to the retained validation type for attributes. This has been removed and the code was additionally updated with logic to handle showing just one icon for both policy checks for the platform credential. (#184) 2019-08-27 10:40:55 -04:00
Cyrus
c3e02825f4
[#181] Validation systemcheck fix (#182)
* The base certificate is getting a failure when the delta fixed the problem.  The code is being modified to ignore the attribute validation of the base certificate and redo the trust chain check.  The code now has a cleaner platform evaluation set up and store.
2019-08-21 10:52:40 -04:00
busaboy1340
db2f80edb9
Fix latest merge onto master (#178)
* Add Base/Delta to .travis.yml

* Implement Delta system test.

* Removed un-needed scripts.

* Update system_test_Driver.py

* Update system_test.py
2019-08-21 06:30:46 -04:00
Cyrus
ce45adbb26
Updated the component class definitions to the current rev 4. (#179) 2019-08-05 13:28:08 -04:00
busaboy1340
4b4f811735
[#176] Initial delta system test to resolve bad component in a base certificate (#177)
* Add Base/Delta to .travis.yml

* Implement Delta system test.

* Removed un-needed scripts.

* Update system_test_Driver.py
2019-08-02 12:39:56 -04:00
Cyrus
7cfabe756d
[#166] Validation icon swap (#173)
* This pull request contains 2 main changes, the first is transferring the status text from the attributes failure to the icon specifically for platform trust chain validation.  Then this removes the third column on the validation page that singles out the icons for the attribute status.  In addition, this status is also rolled up to the summary status icon and displays the text there as well for all that have failed.  This last change meant a change to the sizes of the columns in the database.

The validation of a single base certificate with an error was not handled in the code base.  Due to the changes with the introduction of delta certifications, the validation was modified and only handled changes presented by the deltas and ignored errors in the base certificate.  This commit modifies the code that if there is just a single base certificate that is bad and error is thrown.
2019-08-02 09:41:44 -04:00
busaboy1340
aa707b8665
Updated images to use paccor v1.1.2r2 (#175) 2019-07-29 10:41:28 -04:00
Cyrus
f4bfe47c9c
Clean up (#172)
* This is a test build to determine code to block script base certificate upload if one already exists.

* Added null check

* Fixed checkstyle error
2019-07-25 09:32:33 -04:00
busaboy1340
440bb06b70
Create initial system test for Base/Delta Platform Certificates (#170)
* Add creation of bad base platform certificate.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Adding Base Certificate system test.

* Updated script to add faulty components to bad base certificate.

* Updated addFaultyComponents script.

* Add Base/Delta system tests to .travis.yml

* Disable unit tests to decrease CI time.

* Cleaned up code.

* Cleaned up code.

* Delete system_test_Driver.py
2019-07-19 05:50:26 -04:00
Cyrus
3208241cc3
[#162] Attribute match fix (#165)
* Updated code by removing a loop that wasn't necessary.  It was supposed to filter out the deltas but this wasn't needed as the chain was established.

* The debug code was left in, this is now removed.
2019-06-24 13:02:01 -04:00
Cyrus
a8e2c5cc6e
[#163] Delta issuer validation (#164)
* This code change will add in the delta certficates to the platform validation check.  The current base passes the policy check as long as the base is valid.  The deltas are ignored.  This is because the validation pulls in what is associated with a particular EK associated with the machine provisioning.
2019-06-24 13:01:32 -04:00
busaboy1340
2329d725e8
Use DER format when creating platform credential. (#161) 2019-06-18 13:00:49 -04:00
busaboy1340
a00be77d5c
[# 153] Update TPM 2.0 emulator docker image with latest PACCOR (#158)
* Updating PACCOR for docker images.

* Updating PACCOR for docker images.

* Clean up Dockerfiles.

* Updated docker images to use PACCOR 1.1.2-1
2019-06-12 10:38:57 -04:00
Cyrus
e69bb48799
Similar to the #154 issue, adding multiple delta platform certificates was blocked because there wasn't a check on if the certificate was a base or not. (#157) 2019-06-11 06:59:38 -04:00
Cyrus
ecd0ab5708
Modified the request class that handles uploading, deleting and other associated ACA actions, to only delete multiple associated certificates if the certificate being deleted is a base platform certificate. (#155) 2019-06-06 11:07:56 -04:00
chubtub
5cd77c589d
Merge pull request #148 from nsacyber/v104
Updated version to v1.0.4
2019-06-05 08:16:39 -04:00
Cyrus
157dcb649d
[#109] Delta Chain Validation (#151)
* This code adds functionality to check the delta certificates in a chain. The main operation validates that the delta belongs in that chain and then that the chain establishes correct component modification. No removes before an add, no add to a component that exists, no remove to a component that doesn't exist. The unit test was updated to not use any flat file certificate.

Closes #109

* Changes were made to the validation of a delta certificate based on newer information.  There can be multiple bases and multiple leaves in a tree of associated certificates.  However currently we don't have certificates to validate the entirety of the code to test.

* Updated the code to treat the platform attributes policy, if v2, against all in the chain rather than one at a time.
2019-06-04 14:07:35 -04:00
Cyrus
75b84c8801
[#133] Multiple base restriction (#152)
* Updated the page request controller to check if the platform certificate being uploaded is a part a chain that already exists in the DB.  If so, throw an error.

* Updated code for unit test errors.

* This commit is to close #134.  #133 and #134 are quick changes that modify the same file and use the same added method to pull in deltas associated with the platform serial number.  This addition adds the feature to delete the chain if the base is deleted.
2019-06-03 10:37:26 -04:00
apldev3
74ed0005a1 Update package/scripts/aca/certificate_generate.sh
Co-Authored-By: apldev4 <apl.dev4@jhuapl.edu>
2019-05-23 14:54:01 -04:00
apldev3
77d48631f4 [#142] Make sure Tomcat stops completely in Docker containers before restarting it 2019-05-23 14:54:01 -04:00
busaboy1340
59ad180688
[#138] Add Platform Attribute Validation to System Tests (TPM 2.0 Emulator) (#141)
* Platform Attribute verification for system tests. Upgrade to latest TPM2 Emulator.

* Corrected docker-compose-tpm2.yml file.
2019-05-23 05:53:54 -04:00
apldev3
5c0e4e8373
[#144] Rename integration-tests folder to setup under .ci directory (#145) 2019-05-22 16:33:34 -04:00
iadgovuser26
cedc93e778 Updated version to v1.0.4 2019-05-22 13:47:37 -04:00
Cyrus
567847b3aa
Updated the jsp to correct the comment tags for content and jsp tag. (#147) 2019-05-22 12:07:44 -04:00
apldev3
e846225e75 [#139] Remove Maintainer Tags from Dockerfiles 2019-05-16 12:13:19 -04:00
apldev4
4beb1d2bac [#135] tpm_version prints output containing nulls. (#137)
The tpm_version tool can sometimes print a null
value as part of the TPM major version if the major
version is less than 4 characters. These nulls are
now removed before printing.
2019-05-14 11:08:40 -04:00
apldev3
d26a3da5ea [#135] Fix DeviceInfoCollector's handling of C-Style Strings 2019-05-13 15:03:27 -04:00
Cyrus
3bebec1154
Attribute Validation Match Update (#128)
* Updated the default values of the component identifier and component info classes.  The provisioner side of the process was updated to populate with Empty, the current ACA is using ---.

* Updated unit tests.  For the supply chain validation, I updated the validation fail message to include additional information.

* Updated code for the component identifier classes to correct the default values that can be seen from either paccor or devices when data isn't specified.

* Removed unused variable and change package for the EMPTY variable.
2019-05-06 13:54:16 -04:00
Cyrus
805b87ffb6
[#111] ACA UI updates for V2 platform certificates (#129)
* This issue updates the UI for the newest V2 information for platform attribute certificates.  This first push has updates from #111 for items 1, 2 and 3a/b.

* Updated for additional changes.

* Updated example of numerated base to delta certificates linked on platform details page instead of using previous and next buttons.

* Updated code to unlink supply chain identifier number if that is the current page.

* A unit test was failing because of the next spec and how the certificate string mapper was being used.  I added a null check before sending it to a selector. In addition I updated the selector to print the actual variable name that of the field value failing for better clarity when it fails.

* Updated variable name to reflect changes in the issue around labeling certificates vs credentials.
2019-05-03 06:53:17 -04:00
chubtub
86f2cddb22 [#108] Validity Check for Base and Delta Certs (#126)
* Added methods and placeholders for checking the supply chain for base and delta credentials according to the new TCG spec

Checkstyle changes

Created a new SupplyChainValidation.ValidationType for delta credential attributes. The existing PLATFORM_CREDENTIAL
ValidationType will be used for both base and delta platform credentials from spec 1.1.

* Checkstyle error: trailing spaces
2019-05-02 07:15:43 -04:00