* Made some minor tweaks to investigate supply chain validation report bug. The bug doesn't save the summary report for some unknown reason (no error currently appears). This change uses the device object to retrieve a RIM. Still need Attestation Certificate to pull PCRs from quote. A follow up issue will be created to move that functionality to a different object from the provisioner.
* Modified the hirs.data.persist package to have better fidelity into the objects necessary to create and maintain a baseline. the info objects will be next.
* This commit includes changes to the provisioner for what is sent up. Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236. The Provisioner sends up and updated list of pcrs that include 256, not just sha1. The validation and policy pages have been updated. A second pull request will be created to address parsing the information into a baseline.
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag. This code includes some additions from #217, slightly modified.
* This code update include changes to import, archive and delete a swidtag into the RIM object.
* Updated the code with additional checks on the uploaded file locations. Added the number associated with the PCR value to the detail page.
* This change fixes the bug that caused the rim detail page to go blank if the associated event log file associated with the resource file doesn't exist.
Co-authored-by: lareine <lareine@tycho.ncsc.mil>
* Some initial additions to the details page for displaying Rim information.
* Initial changes for uploading a rim file.
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag. This code includes some additions from #217, slightly modified.
* This code update include changes to import, archive and delete a swidtag into the RIM object.
* This commit consolidated the SwidTagGatway code and Constants into Reference Manifest.
* This is the final main push of code that will upload, process, store, retrive/delete and display the contents of a RIM swid tag.
* Interim commit for demo purposes.
* Updated Unit Tests
* This commit adds the unit tests that weren't added in the previous commit
* Updated code to reduce execution time when processing reference manifest objects.
* Updated code for better GUI performance.
* Removed previously added suppression entries.
* Added TCG Event Log Processing that converts TCG Event Logs to HIRS TPM Baselines
* Some minor formating, syntax and code refactoring updates.
* Updated checkstyle failures.
* String format was missing additional %s.
Co-authored-by: Cyrus <24922493+cyrus-dev@users.noreply.github.com>
* This commit fixes an error produced when provisioning when the certificate from a previous provision is deleted from the ACA. The error involves doing a look up for an existing certificate and getting nothing however this is due to not using the 'includeArchived' attribute for the Certificate Selector. Include Archived is used when manually uploading a certificate.
* Initial system test for TPM 1.2 emulator.
* Update .travis.yml file.
* Added system test: test_20_tpm_1_2_initial_provision
* Cleaned up files.
* Correct docker location
* Re-arranged system tests.
* Execute test_12_attestation_ca_portal_online for all current collectors.
* Clean up files.
* Cleaned up files.
* Cleaned up files.
* Cleaned up files.
* Cleaned up files
* Updated system test driver.
* Set logging properties to DEBUG.
* Commented out test_13_tpm_1_2_initial_provision. Need to fix it.
* Added additional code pulled from the original branch for these changes aik-field-additions.
* Updated code to include the TCG Credential Specification, which is a different version from the Platform specification.
* [#195] Components identified by Component Class will have hardware IDs translated to names
* Update TPM Docker images to latest PACCOR(v1.1.3r3). Comment out the
failing system tests caused by invalid input to PACCOR.
* This is a quick fix to ensure that a delta that is being uploaded has a holder serial number that exists in the database.
* Fixed syntax issues.
* Through further testing with delta certificates that had differing begin validity dates, the code to test the sorting failed. This push includes a fix that places the deltas in the proper order.
In addition, this code includes a placeholder for deltas that don't have an existing holder certificate in the database.
* Findbugs is a cumbersome COTS product that generates more hassle than help. Upon indicating 'dodgy' code about redundant null checks, that didn't exist, it then didn't like using non-short circuit operators to verify that both objects are not null. It then spells out what non-shorting curcuit operators do, without acknowledges that's what you mean to do.
* Initial changes to pull down the serial from the validation reports page and transfer them to the certificates details page. This will then allow the certificate details page to reference the serial numbers that are in failure.
* This is an attempt to transfer data from page to page via the certificate manager.
* Previous attempt didn't work, the manager isn't saving the summary. Switching to augmenting the database by adding a new column for platform credentials.
* These changes add identifying color to the components that fail validation in the base certificate. This code however does change the database by adding a new column to track the fails and pass to the classes that display the information.
* Updated the jsp display of the highlighted component to red background with a white foreground. Updated the index of the string parse to not use magic numbers.
* This pull request contains 2 main changes, the first is transferring the status text from the attributes failure to the icon specifically for platform trust chain validation. Then this removes the third column on the validation page that singles out the icons for the attribute status. In addition, this status is also rolled up to the summary status icon and displays the text there as well for all that have failed. This last change meant a change to the sizes of the columns in the database.
The validation of a single base certificate with an error was not handled in the code base. Due to the changes with the introduction of delta certifications, the validation was modified and only handled changes presented by the deltas and ignored errors in the base certificate. This commit modifies the code that if there is just a single base certificate that is bad and error is thrown.
* Updated code by removing a loop that wasn't necessary. It was supposed to filter out the deltas but this wasn't needed as the chain was established.
* The debug code was left in, this is now removed.
* This code change will add in the delta certficates to the platform validation check. The current base passes the policy check as long as the base is valid. The deltas are ignored. This is because the validation pulls in what is associated with a particular EK associated with the machine provisioning.
* This code adds functionality to check the delta certificates in a chain. The main operation validates that the delta belongs in that chain and then that the chain establishes correct component modification. No removes before an add, no add to a component that exists, no remove to a component that doesn't exist. The unit test was updated to not use any flat file certificate.
Closes#109
* Changes were made to the validation of a delta certificate based on newer information. There can be multiple bases and multiple leaves in a tree of associated certificates. However currently we don't have certificates to validate the entirety of the code to test.
* Updated the code to treat the platform attributes policy, if v2, against all in the chain rather than one at a time.
* Updated the default values of the component identifier and component info classes. The provisioner side of the process was updated to populate with Empty, the current ACA is using ---.
* Updated unit tests. For the supply chain validation, I updated the validation fail message to include additional information.
* Updated code for the component identifier classes to correct the default values that can be seen from either paccor or devices when data isn't specified.
* Removed unused variable and change package for the EMPTY variable.
* This issue updates the UI for the newest V2 information for platform attribute certificates. This first push has updates from #111 for items 1, 2 and 3a/b.
* Updated for additional changes.
* Updated example of numerated base to delta certificates linked on platform details page instead of using previous and next buttons.
* Updated code to unlink supply chain identifier number if that is the current page.
* A unit test was failing because of the next spec and how the certificate string mapper was being used. I added a null check before sending it to a selector. In addition I updated the selector to print the actual variable name that of the field value failing for better clarity when it fails.
* Updated variable name to reflect changes in the issue around labeling certificates vs credentials.
