Commit Graph

73 Commits

Author SHA1 Message Date
Cyrus
2e767994ff
[#107] Additional component fields for version 2 (#121)
* Updated CONTRIBUTING.md

* Remove old CI Runner config

* [#1] Add support for processing ECC certificates as part of the trust chain

* [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly

* [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly

* Update Link to Build Instructions on main README

* Fixed link to the Platform Credential Profile.

* [#7] Support Building (Not Packaging) on Ubuntu 18.04

* [#10] Fix representation of zero-valued hashes

Zero-value hashes, and hashes of no data, are now
considered as matches to equal values instead of
treating them as 'unknown'.

* [#12] Setup basic Travis CI build

* Update README to include Build Status

* [#7] Setup Build/Package Support for Ubuntu (#9)

* Updating the certificate details page to display the Holder information and include a link to the associated Endorsement Certificate.

* Adding ability to delete Attestation Certificates on the ACA.

* [#14] Parallelize Subproject CI Builds and Pull Pre-Built Image

* Revise Docker to Always Pull Latest HIRS project

* This change forces the supply chain validation service to verify that the Platform Credential has a status of PASS.  If it does not, no matter the outcome of the Attributes validation, the status of the Attributes can not be PASS.

Added an additional null check for a platform supply validation.  Added a mapping object for platform credential to the associated attributes during validations.

Added an additional null check for a platform supply validation.  Added a mapping object for platform credential to the associated attributes during validations. Missed import statement.

* Adding Tpm2-tss support for Deb packaging.

Changes how tpm20.h, which contains the TPM2 SAPI, is
imported to allow successful packaging of both debs and
rpms.

* [#23] Update HIRS Utils and ACA to handle certificate padding (#26)

* [#27] Fix TPMSecurityAssertions Parsing in EndorsementCredential (#31)

* [#28] ACA RPM modifies SELinux policy to allow Tomcat to use MySQL.

The CentOS7 package selinux-policy-targeted does not allow Tomcat
to use port 3306, which is the default MySQL port. This commit
changes the ACA RPM to modify the SELinux policy to grant that
permission on fresh installs. This makes the ACA RPM now require
the policycoreutils package to be installed.

* Print provisioner installation comments to console

* [#25] Make ACA exception handling more descriptive

* [#38] ACA checks uploaded EK Certs if one is not provided during provisioning

* [#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries

* [#33] IMA baselines can match measurements based solely on hashes (#34)

ImaAcceptableRecordBaseline and its subclasses have been updated to include
a containsHashes method to be able to match IMA measurement records
based solely on their hashes.  Supporting classes have been
updated or created as necessary.

Additionally, the set of path equivalencies as specified in the IMA
policy have been updated to include additional entries.

Closes #33.

* Updated for release 1.0.2

* [#32] Add package stage to Travis Build

* [#47] Prevent deletion of external dependencies for TPM 2.0 Provisioner (#48)

* [#41] Provisioners use PACCOR for device info collection. (#45)

The provisioners used to shell out using different tools
to collect device info. Now they both use PACCOR instead.

* [#49] Modify getPolicy behavior to reflect use

DBPolicyManager's getPolicy(appraiser, device) has historically
returned the default policy for an appraiser if none is defined
in the device group that the given device belongs to.  However,
this behavior does not in fact support the current use of devices,
groups, and policies; in the case where a group has no policy
assigned for a type of appraiser, the system is in a state
where that type of appraisal will not occur for devices in
a given group.  To better reflect desired behavior, the method
now returns null if a policy is not explicitly set for
the given (appraiser, device group) pair.

Closes #49.

* [#52] Make TPM2 Provisioner check for a running Resource Manager (#53)

[#52] Make TPM2 Provisioner check for a running Resource Manager

* [#55] Add displayTitle to Alert

These changes simply add a field called
'displayTitle' to the Alert class to hold
a human-readable title for each Alert instance.

Closes #55.

* Add changes for device deletion.

Changes data structures to facilitate deletion of devices
from the DB and all other entries with foreign key relationships.

* TPMBaseline.isEmpty() method, activated tests

Added unit test for TPMBaseline.isEmpty(). Change exception type thrown in generator class

Added unit tests to account for both an empty and a non-empty baseline object

Checkstyle changes

* Replace Refs of yum localinstall with yum install

There is no functional difference between `yum install` and `yum localinstall`, however the former is preferred for modern conventions' sake.

* [#62] Cleaned up preprocessor file expansion.

There were unnecessary references to file paths in the executable.

* [#43] Additional certificate fields to display

* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

* Made some fixes to the platform class print out.  Needs to print out string representation of the value.

* Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

Made some fixes to the platform class print out.  Needs to print out string representation of the value.

Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

Small updates to code commits and statements

* Stashing changes.

* Correcting some unit test fail instances.  The PC Test fails because the tested cert is not updated to new (constantly changing) specs.  Not just on the value but also on the value type.

* Fixing git merge meta data.

* Updates to include the Authority Key information as a set rather than just one item.  Using a bouncy castle defined class.

* Reversed the type of variable the public key value returns so that the unit test for it doesn't have to change.  The type wasn't important, it was a convenience decision.

* Adding changes based on review comments from @apldev3.

* Made changes based on github review comments.

* Additional changes for github comments

* Updated the code for the public key size on CA and EK certificates.  There was a previous issue with 4 additional bytes being included in the size.

* Some more changes for Github comments

* Add selector for Endorsement Credential and Platform Credential Deletion (#66)

Adds a selector method to retrieve ECs and PCs by their associated device
so they can be deleted.

* [#69] Add null checks to Component Identifier Serial/Revision Trimming (#70)

* [#54] ACA Users guide (#57)

* Added the ACA Users Guide

* Updated the installation notes on the ACA portal help page

* changed format of user guide from pdf to doc

* [#54] Edit ACA Users Guide

* Updated the ACA Install and User Guide

* Added the ACA Users Guide.

Updated the ACA install Notes and added the ACA User Guide.

* [#46] Setup Travis for HIRS Integration Tests (#68)

* [#46] Ensure Travis mounts repository rather than clones it in Docker

* [#46] Containerize HIRS ACA and prep ACA container for Integration Tests

* [#46] Containerize HIRS TPM2Provisioner and prep TPM2Provisioner container for Integration Tests

* [#46] Replace localinstall with install

* [#46] Prevent rebuilding of packages unnecessarily

* [#46] Finish initial docker compose setup for integration tests

* [#46] Allow for detection of complete Integration Environment Setup

* [#46] Fix Travis CI to allow for detecting Integ Test Environ Stand-Up

* [#46] Fix Initial Integration Test Script

* [#46] Troubleshoot Integration Test script

* #67 Add systems tests for HIRS Provisioner TPM 2.0  (#73)

* Added System Tests.

* Cleaned up scripts

* Cleaned up system tests.

* Cleaned up system tests.

* Cleaned up system tests.

* Updated system tests.

* Code review updates.

* Fix Style Issue in Build (#76)

A couple of variables had conflicting names and the inner scope was
shadowing the outer. Style checker was complaining. Deleted one inner
definition and renamed another variable.

* Incremented VERSION to 1.0.3 (#81)

* [#78] hirs-provisioner-tpm2 on path after installation. (#84)

There was a problem in the rpm-post-install.sh script
that ran as part of the CentOS7 rpm installation where
a link was being created called libcurl.so which pointed
to libcurl.so.4. If the link could not be created because
it already existed, the script would quit before finishing
and never place hirs-provisioner-tpm2 in a directory on
the PATH.

The proper solution was to link hirs-provisioner against
libcurl.so.4 so that it is clear which version of the API
was compiled against. This was not happening because
we were linking against a version of curl build by the CPR
project which was not properly embedding the SONAME in the
shared object file. By linking instead against the shared
object file distributed in the development package of
libcurl, hirs-provisioner-tpm2 now looks for libcurl.so.4
rather than the generic libcurl.so. This will prevent our
executable from breaking if libcurl.so gets updated to point
to a newer version of libcurl that uses a different API.

Closes #78.

* [#82] Systems Tests not Reporting Failure Correctly (#83)

* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.

* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.

* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.

* [#71] Dockerize TPM 1.2 Provisioner and Integrate with Docker Compose (#77)

* [#71] Initial Dockerization of TPM 1.2 Provisioner

* Fix permissions on new script

* Fix current bugs

* [#71] Try a new direction for setting up TPM 1.2 Provisioner Testing

* [#71] Attempt to the latest version of Trousers on Travis CI VM for 1.2 Provisioner support

* [#71] Try IBM TPM 1.2 Emulator

* [#71] Move towards cleaning up work

* [#71] Update TPM1.2 Provisioner Docker to work with Docker Compose in Systems Test

* [#71] Get TPM 1.2 Provisioner to provision successfully in Docker container

* Update system tests script to include TPM 1.2 Provisioner container

* [#71] Separate TPM 1.2 and 2.0 Provisioner System Tests

* [#71] Pipe TPM Emulator log output to file to clear up system test output

* [#87] Combine Packaging and System Tests into One Travis Test Phase (#89)

* [#91] Add Authority Information Access to Issuer field of Attribute Certificates (#92)

* Updated code base for Attribute Certificates.  They are currently not showing Authority Information Access in the Issuer field on the certificate details page.  The code was not written to handle this
or to set it.

* Updated unit tests to test Authority Info Access and Key Identifier.

* Adding extra certificates to be used in the new tests.

* Updated unit test, the new tests were missing the @Test parameter.

* [#19] General Name/DN equals functionality (#93)

* Adding new class GeneralNames, I will be changing it to adjust to the bc class as to not confuse the two.  This class takes the subject string and parse out the information for comparsion.

* Adding file I didn't have tracked in the previous commit.

* Updating code to handle the instance of multiple organization units.

* A null exception was being thrown from the unit tests for the organization unit variable.

* Add some comments

* continued testing and updates are needed.

* Cleanup - removed excess commented code and debug lines.

* Updating code base to use X500Name for name compares, removing GeneralNamesParser.java file as it is not necessary

* Updated for final changes.

* Modification to previous changes per request on github.  Separated out compare method into its own class and created unit tests.

* Added Users Guide to the Quick Links section

* [#72] Supply Chain Validator fix and update (#94)

* This fix correct an IllegalStateException for the SupplyChainValider when all policy settings are true.  When trying to remove a value from the iterator in the validator, the item was null and caused this issue.  This also takes out the Platform Serial as a required field.

Closes #72

* checking in a small change that puts back in a line for checking the serial number.  It has been changed from FAIL to PASS however.

* Committing updated changes.

* Committing test certs for changes.

* Updated unit tests

* Fixing travis checkstyle for URISyntaxException missing from UnitTests

* [#96] Validation tooltip update (#98)

* Updating code to list what specifically is unmatched for platform components on the validation page when there is a failure.

* Updates include a small shift for the policy page, putting the correct order for setting them (top to bottom).  Updated unit tests for the additional text that now appears on the tool tip for the validation failure icon.

* Updates to allow for TPM 2.0 quote.

* [#106] Platform Configuration v2 (#112)

* These changes are the beginning stage for spec 2 changes to the platform configuration section of the attributes platform certificate.

* Updated typos and corrected check style errors.

* Updating Platform Credential Unit test from #24

* Added unit test resource

* [#24] Implementation of Component Class field (#114)

* This is new code that parses a new field in the upcoming TCG spec for the platform components fields. The new field indicates the type of hardware (ex Memory - DDR3). This information wasn't provided before so it wasn't always clear what the component was. The new information is provided in a json file. A unit test was created to test the different variations. This commit does not include hooks in the base code to use this class yet. This commit is mainly to include the added library and correct bug and checkstyle issues associated with the new code.

Closes #24

* Removed duplicate CONSTANT variable.

* Added newline

* Added Newline

* Updated variable names for json object.

* Fixed line length style error.

* This is an initial set up for the new tagged elements for the component identifier.

* This is an initial set up for the new tagged elements for the component identifier.

* Split out functionality for version 2 changes.  Added a new class to handle newer component elements.

* Split out functionality for version 2 changes.  Added a new class to handle newer component elements.

* Updated for how to display version 2 versus version 1.

* Updated for how to display version 2 versus version 1.

* Moved V2 versions of class files to V2 specific folder.

* Moved V2 versions of class files to V2 specific folder.

* Debugging a problem with the componentclass portion of the spec 2 certificate.  Pushing up so that I can debug at a different location.

* Debugging a problem with the componentclass portion of the spec 2 certificate.  Pushing up so that I can debug at a different location.

* Updated changes that fixed a bug.  The V2 of component identifier wasn't actually being used, and causes the cert to not upload.

* Updated changes that fixed a bug.  The V2 of component identifier wasn't actually being used, and causes the cert to not upload.

* Additional changes made to resovle unit test failures and changes made to the unit test to validate some of the additional changes.

* Additional changes made to resovle unit test failures and changes made to the unit test to validate some of the additional changes.

* Fixed checkstyle issue of unused import.

* Fixed checkstyle issue of unused import.

* Last minute changes to fix some elements that were missed as prep for pull request.

* Last minute changes to fix some elements that were missed as prep for pull request.

* Update CertificateIdentifier for the issuerDN field so that findbugs does not error on the line setting it only to null.

* Update CertificateIdentifier for the issuerDN field so that findbugs does not error on the line setting it only to null.

* Updates to the placeholder class to avoid findbug errors.

* Updates to the placeholder class to avoid findbug errors.

* Added instanceof object check for attribute status in platform property V2 as an additional safeguard against type mismatch.

* Added instanceof object check for attribute status in platform property V2 as an additional safeguard against type mismatch.

* Corrected logic on AttributeStatus isRemoved method.

* Removed reference to ComponentClass in V1 of ComponentIdentifer.  Updated CertificateIdentifer to deal with tagged objects being optional, therefore the check for required in constructor is unnecessary.

* Updated the parsing statements for the CertificateIdentifier's elements.
2019-04-08 14:09:21 -04:00
busaboy1340
0bc9b94d3e
[#122] Add clean up of dangling docker containers for TPM 2.0 system tests (#123)
* Added clean up of dangling docker containers.

* Added clean up of dangling docker containers.

* Added clean up of dangling docker containers.
2019-04-08 06:57:22 -04:00
apldev4
90a94434b1
[#119] tpm_aca_provision no longer tries to guess the TPM version. (#120)
The tpm_aca_provision script used to try to guess the version
of the TPM on the machine and call the appropriate command
to provision the TPM. However:
1. The guessing was error prone,
2. The command to provision the TPM is the same regardless of the
TPM version, and
3. By the time the script is run, either the TPM Provisioner 1.2
package or the TPM Provisioner 2.0 package has already been
installed. By that point, it's too late to be wondering which
version of TPM is on the machine. The decision of which package
to install is guided by the documentation.
2019-03-29 11:35:28 -04:00
iadgovuser26
c123e85a3d
Merge pull request #117 from nsacyber/system_serial_number
[#115] Update System Platform Information for EK and Attribute Certs
2019-03-29 10:47:47 -04:00
apldev3
1a28853d23
[#18] Add in Null Checks for Certificate and Subclasses (#118)
* [#18] Add in null checks to Certificate and PlatformCredential

* [#18] Fix checkstyle errors
2019-03-29 10:18:44 -04:00
Taruan Matthews
002a4b735c Removed chassisSerialNumber 2019-03-28 11:09:48 -04:00
iadgovuser26
6dba37be80
Merge pull request #97 from nsacyber/issue-90
Modify build scripts to enable installation on Amazon Linux
2019-03-28 11:06:33 -04:00
apldev3
267001226e
[#61] Remove Magic String Usage from PersistenceConfiguration (#116) 2019-03-28 09:53:50 -04:00
Taruan Matthews
97e5d7d48c Updated the System Platform Information section of the Platform and Endorsement details page. Both pages had a field for Serial NR which was listed as optional in the code and wasn't being populated by any data. The Platform page now checks for the type of certificate and displays either the platform or the chassis serial number and the Serial NR section was removed from the Endorsement as there was no equivalent serial number. 2019-03-28 07:06:29 -04:00
apldev3
bc717c9241
[#95] Resolve Log4cplus Error complaining about no appenders on TPM2 Provisioner startup (#101) 2019-03-27 18:18:55 -04:00
Cyrus
35c63efe19
[#24] Implementation of Component Class field (#114)
* This is new code that parses a new field in the upcoming TCG spec for the platform components fields. The new field indicates the type of hardware (ex Memory - DDR3). This information wasn't provided before so it wasn't always clear what the component was. The new information is provided in a json file. A unit test was created to test the different variations. This commit does not include hooks in the base code to use this class yet. This commit is mainly to include the added library and correct bug and checkstyle issues associated with the new code.

Closes #24

* Removed duplicate CONSTANT variable.

* Added newline

* Added Newline

* Updated variable names for json object.

* Fixed line length style error.
2019-03-25 11:14:19 -04:00
Cyrus
3ae32b6777
[#106] Platform Configuration v2 (#112)
* These changes are the beginning stage for spec 2 changes to the platform configuration section of the attributes platform certificate.

* Updated typos and corrected check style errors.

* Updating Platform Credential Unit test from #24

* Added unit test resource
2019-03-25 11:13:09 -04:00
apldev2
c83b3c2de5
Merge pull request #100 from nsacyber/update-provisioner-installation
Updates to allow for TPM 2.0 quote.
2019-03-08 15:07:00 -05:00
apldev4
efbd22812d Updates to allow for TPM 2.0 quote. 2019-03-08 14:33:06 -05:00
apldev3
e2904a6dd7 Comment out Amazon Linux Package Step / Will fix in follow on issue 2019-03-04 13:01:55 -05:00
Cyrus
df72603476 [#96] Validation tooltip update (#98)
* Updating code to list what specifically is unmatched for platform components on the validation page when there is a failure.

* Updates include a small shift for the policy page, putting the correct order for setting them (top to bottom).  Updated unit tests for the additional text that now appears on the tool tip for the validation failure icon.
2019-02-27 11:03:46 -05:00
Cyrus
aeebd068f5 [#72] Supply Chain Validator fix and update (#94)
* This fix correct an IllegalStateException for the SupplyChainValider when all policy settings are true.  When trying to remove a value from the iterator in the validator, the item was null and caused this issue.  This also takes out the Platform Serial as a required field.

Closes #72

* checking in a small change that puts back in a line for checking the serial number.  It has been changed from FAIL to PASS however.

* Committing updated changes.

* Committing test certs for changes.

* Updated unit tests

* Fixing travis checkstyle for URISyntaxException missing from UnitTests
2019-02-25 10:37:11 -05:00
iadgovuser26
f2bee8f9cc
Added Users Guide to the Quick Links section 2019-02-22 14:10:27 -05:00
apldev3
5eeebabcc2 [#90] Add Amazon Linux Package test to Travis CI 2019-02-22 13:06:49 -05:00
Michael Tsai
a2e6feb15b Modify build scripts to accept building on Amazon Linux 2019-02-21 16:36:04 -05:00
Cyrus
30caf57edb [#19] General Name/DN equals functionality (#93)
* Adding new class GeneralNames, I will be changing it to adjust to the bc class as to not confuse the two.  This class takes the subject string and parse out the information for comparsion.

* Adding file I didn't have tracked in the previous commit.

* Updating code to handle the instance of multiple organization units.

* A null exception was being thrown from the unit tests for the organization unit variable.

* Add some comments

* continued testing and updates are needed.

* Cleanup - removed excess commented code and debug lines.

* Updating code base to use X500Name for name compares, removing GeneralNamesParser.java file as it is not necessary

* Updated for final changes.

* Modification to previous changes per request on github.  Separated out compare method into its own class and created unit tests.
2019-02-19 10:26:25 -05:00
Cyrus
3a31631c59 [#91] Add Authority Information Access to Issuer field of Attribute Certificates (#92)
* Updated code base for Attribute Certificates.  They are currently not showing Authority Information Access in the Issuer field on the certificate details page.  The code was not written to handle this
or to set it.

* Updated unit tests to test Authority Info Access and Key Identifier.

* Adding extra certificates to be used in the new tests.

* Updated unit test, the new tests were missing the @Test parameter.
2019-02-19 10:16:39 -05:00
apldev3
2e926d633e
[#87] Combine Packaging and System Tests into One Travis Test Phase (#89) 2019-02-05 12:07:47 -05:00
apldev3
ec8c4b5c3e
[#71] Dockerize TPM 1.2 Provisioner and Integrate with Docker Compose (#77)
* [#71] Initial Dockerization of TPM 1.2 Provisioner

* Fix permissions on new script

* Fix current bugs

* [#71] Try a new direction for setting up TPM 1.2 Provisioner Testing

* [#71] Attempt to the latest version of Trousers on Travis CI VM for 1.2 Provisioner support

* [#71] Try IBM TPM 1.2 Emulator

* [#71] Move towards cleaning up work

* [#71] Update TPM1.2 Provisioner Docker to work with Docker Compose in Systems Test

* [#71] Get TPM 1.2 Provisioner to provision successfully in Docker container

* Update system tests script to include TPM 1.2 Provisioner container

* [#71] Separate TPM 1.2 and 2.0 Provisioner System Tests

* [#71] Pipe TPM Emulator log output to file to clear up system test output
2019-02-04 14:26:54 -05:00
busaboy1340
afd5fd29e4
[#82] Systems Tests not Reporting Failure Correctly (#83)
* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.

* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.

* Test failing system tests report correctly in Travis.

* Test successful system tests report correctly in Travis.
2019-02-01 06:00:10 -05:00
apldev4
bce78c0122 [#78] hirs-provisioner-tpm2 on path after installation. (#84)
There was a problem in the rpm-post-install.sh script
that ran as part of the CentOS7 rpm installation where
a link was being created called libcurl.so which pointed
to libcurl.so.4. If the link could not be created because
it already existed, the script would quit before finishing
and never place hirs-provisioner-tpm2 in a directory on
the PATH.

The proper solution was to link hirs-provisioner against
libcurl.so.4 so that it is clear which version of the API
was compiled against. This was not happening because
we were linking against a version of curl build by the CPR
project which was not properly embedding the SONAME in the
shared object file. By linking instead against the shared
object file distributed in the development package of
libcurl, hirs-provisioner-tpm2 now looks for libcurl.so.4
rather than the generic libcurl.so. This will prevent our
executable from breaking if libcurl.so gets updated to point
to a newer version of libcurl that uses a different API.

Closes #78.
2019-01-31 11:50:43 -05:00
iadgovuser26
51b03bb209 Incremented VERSION to 1.0.3 (#81) 2019-01-28 17:08:01 -05:00
apldev2
b40094373b Fix Style Issue in Build (#76)
A couple of variables had conflicting names and the inner scope was
shadowing the outer. Style checker was complaining. Deleted one inner
definition and renamed another variable.
2019-01-23 17:01:59 -05:00
busaboy1340
17d7dbd6f7
#67 Add systems tests for HIRS Provisioner TPM 2.0 (#73)
* Added System Tests.

* Cleaned up scripts

* Cleaned up system tests.

* Cleaned up system tests.

* Cleaned up system tests.

* Updated system tests.

* Code review updates.
2019-01-15 12:46:06 -05:00
apldev3
05a78a3d79
[#46] Setup Travis for HIRS Integration Tests (#68)
* [#46] Ensure Travis mounts repository rather than clones it in Docker

* [#46] Containerize HIRS ACA and prep ACA container for Integration Tests

* [#46] Containerize HIRS TPM2Provisioner and prep TPM2Provisioner container for Integration Tests

* [#46] Replace localinstall with install

* [#46] Prevent rebuilding of packages unnecessarily

* [#46] Finish initial docker compose setup for integration tests

* [#46] Allow for detection of complete Integration Environment Setup

* [#46] Fix Travis CI to allow for detecting Integ Test Environ Stand-Up

* [#46] Fix Initial Integration Test Script

* [#46] Troubleshoot Integration Test script
2019-01-07 15:28:53 -05:00
iadgovuser26
64c532ff2f [#54] ACA Users guide (#57)
* Added the ACA Users Guide

* Updated the installation notes on the ACA portal help page

* changed format of user guide from pdf to doc

* [#54] Edit ACA Users Guide

* Updated the ACA Install and User Guide

* Added the ACA Users Guide.

Updated the ACA install Notes and added the ACA User Guide.
2019-01-07 11:28:23 -05:00
apldev3
a6f5a48307
[#69] Add null checks to Component Identifier Serial/Revision Trimming (#70) 2019-01-06 22:06:46 -05:00
apldev2
634d09ff5d Add selector for Endorsement Credential and Platform Credential Deletion (#66)
Adds a selector method to retrieve ECs and PCs by their associated device
so they can be deleted.
2018-12-14 12:02:03 -05:00
Cyrus
6624296abe [#43] Additional certificate fields to display
* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

* Made some fixes to the platform class print out.  Needs to print out string representation of the value.

* Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

Made some fixes to the platform class print out.  Needs to print out string representation of the value.

Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

Small updates to code commits and statements

* Stashing changes.

* Correcting some unit test fail instances.  The PC Test fails because the tested cert is not updated to new (constantly changing) specs.  Not just on the value but also on the value type.

* Fixing git merge meta data.

* Updates to include the Authority Key information as a set rather than just one item.  Using a bouncy castle defined class.

* Reversed the type of variable the public key value returns so that the unit test for it doesn't have to change.  The type wasn't important, it was a convenience decision.

* Adding changes based on review comments from @apldev3.

* Made changes based on github review comments.

* Additional changes for github comments

* Updated the code for the public key size on CA and EK certificates.  There was a previous issue with 4 additional bytes being included in the size.

* Some more changes for Github comments
2018-12-13 09:30:10 -05:00
apldev4
6f99a10ad3 [#62] Cleaned up preprocessor file expansion.
There were unnecessary references to file paths in the executable.
2018-12-11 16:23:51 -05:00
apldev3
74728c6e0d
Replace Refs of yum localinstall with yum install
There is no functional difference between `yum install` and `yum localinstall`, however the former is preferred for modern conventions' sake.
2018-12-11 15:48:56 -05:00
Michael Tsai
e2e07a3ec2 TPMBaseline.isEmpty() method, activated tests
Added unit test for TPMBaseline.isEmpty(). Change exception type thrown in generator class

Added unit tests to account for both an empty and a non-empty baseline object

Checkstyle changes
2018-12-07 10:03:19 -05:00
apldev2
02cb30ad6d Add changes for device deletion.
Changes data structures to facilitate deletion of devices
from the DB and all other entries with foreign key relationships.
2018-12-04 17:25:35 -05:00
apldev1
3c5a657c17 [#55] Add displayTitle to Alert
These changes simply add a field called
'displayTitle' to the Alert class to hold
a human-readable title for each Alert instance.

Closes #55.
2018-11-30 15:20:01 -05:00
apldev3
c4bc52bd42
[#52] Make TPM2 Provisioner check for a running Resource Manager (#53)
[#52] Make TPM2 Provisioner check for a running Resource Manager
2018-11-26 16:45:22 -05:00
apldev1
c12cb135f1 [#49] Modify getPolicy behavior to reflect use
DBPolicyManager's getPolicy(appraiser, device) has historically
returned the default policy for an appraiser if none is defined
in the device group that the given device belongs to.  However,
this behavior does not in fact support the current use of devices,
groups, and policies; in the case where a group has no policy
assigned for a type of appraiser, the system is in a state
where that type of appraisal will not occur for devices in
a given group.  To better reflect desired behavior, the method
now returns null if a policy is not explicitly set for
the given (appraiser, device group) pair.

Closes #49.
2018-11-08 10:53:31 -05:00
apldev4
0586afb9d8
[#41] Provisioners use PACCOR for device info collection. (#45)
The provisioners used to shell out using different tools
to collect device info. Now they both use PACCOR instead.
2018-11-07 14:54:48 -05:00
apldev3
f8b9dfe582 [#47] Prevent deletion of external dependencies for TPM 2.0 Provisioner (#48) 2018-11-07 10:45:42 -05:00
apldev3
f769da4b15 [#32] Add package stage to Travis Build 2018-11-02 13:18:09 -04:00
iadgovuser26
d1bdf95696
Updated for release 1.0.2 2018-11-01 13:35:21 -04:00
apldev1
2d0806e5a8 [#33] IMA baselines can match measurements based solely on hashes (#34)
ImaAcceptableRecordBaseline and its subclasses have been updated to include
a containsHashes method to be able to match IMA measurement records
based solely on their hashes.  Supporting classes have been
updated or created as necessary.

Additionally, the set of path equivalencies as specified in the IMA
policy have been updated to include additional entries.

Closes #33.
2018-11-01 10:47:33 -04:00
apldev3
37ba6de3cd [#7] Ensure Ubuntu support pending end-user installation of supported TPM2 Libraries 2018-11-01 09:47:40 -04:00
apldev3
ce380db48c [#38] ACA checks uploaded EK Certs if one is not provided during provisioning 2018-11-01 09:30:01 -04:00
iadgovuser26
90d7f40fda
Merge pull request #37 from nsacyber/issue-36
[#36] TPM Provisioner status output
2018-10-31 14:02:44 -04:00
apldev3
87be5a396b [#25] Make ACA exception handling more descriptive 2018-10-31 09:26:20 -04:00