Commit Graph

179 Commits

Author SHA1 Message Date
Cyrus
48c934d35f
Merge pull request #347 from nsacyber/serial-number-display-fix
Serial Number Display Fix
2021-04-02 06:10:53 -04:00
chubtub
8727a9b210
Merge pull request #339 from nsacyber/issue-336
[#336] Script to download ACAPortal validation reports
2021-03-30 09:49:03 -04:00
Cyrus
44632e8e04 Updated the code for authority serial number and serial number for the general info for any certificate to no longer use the getLong method of the Big Integer object. This truncated the value. Instead, the new code uses the Hex.toHexString method from bouncy castle. 2021-03-30 08:06:26 -04:00
Cyrus
4911742c7a This is a checkout of some changes to the resource management for swid tags so that the file name listed is associated with the stored support RIMS. 2021-03-30 06:35:14 -04:00
Cyrus
f2308f2955 Updated the isIssuer and the containsAll to allow the reason for the platform certificate failure isn't that the issuer is missing but that the issuer available fails the public key on the details page for certificates 2021-03-26 10:32:19 -04:00
Cyrus
a6c6fbfb31 Made some changes for using just the RIM Hash to pull support rims from the database to associated with the swid tag. Changed the rim hash from and int to a string. 2021-03-25 13:28:31 -04:00
Cyrus
2110b7e94d Merge branch 'rim_digest_store' into event-digest-update 2021-03-23 11:31:42 -04:00
Cyrus
108748fb2a Undid some code and change the Digest Value class into a table in the database. This code then updates those values when a provision is initiated. At this time, that is all it does. 2021-03-19 11:01:25 -04:00
Cyrus
6e8086c59e This is a change to the details page handler for the RIM files. The rimel files that are uploaded by themselves are not updated with manufacturer or model information, and the controllers are referencing that information when looking up database information. This causes a null exception and a funky output on the screen. This commit fixes this issue. 2021-03-17 10:39:39 -04:00
Cyrus
53cb300063 This is an initial commit with changes that add new classes for digest reference matching. 2021-03-17 10:23:08 -04:00
chubtub
175d2238d2 Add ACA address as option 3rd commandline parameter. Handle case where no reports are available or selected for download. 2021-03-16 11:09:58 -04:00
chubtub
7064c00c0b Detect component failures in delta certs for validation reports 2021-03-16 10:18:06 -04:00
chubtub
3d13b8b72f Add column in csv file for platform cert issuer for each component identifier 2021-03-16 09:16:45 -04:00
chubtub
c0a056b987 Script to download the validation report(s) from the ACAPortal from the command line. 2021-03-11 11:51:26 -05:00
chubtub
a380db58fa
Merge pull request #328 from nsacyber/issue-281
Validation report file
2021-03-11 10:56:00 -05:00
Cyrus
c66f4f7648
Merge pull request #334 from nsacyber/Unmatched-component-refactor
Unmatched component refactor
2021-03-09 13:07:16 -05:00
Cyrus
28f0fdb3e1
Merge pull request #309 from nsacyber/aic-policy-rule
[#169] AIC policy rule
2021-03-09 10:52:01 -05:00
Cyrus
763dcbd975 These are changes that were made in the system-tests-test that resolved the issues in the first TPM 2.0 system tests on travis. 2021-03-04 08:01:18 -05:00
Cyrus
6e470e2b04 Updated the wording for the policy setting page. 2021-02-23 13:27:43 -05:00
Cyrus
a5184f5a5b Final changes that adds in the additional setting for the renewal period threshold. This value indicates that if the end validity has been reached for the current issued attestation certificate, then don't generate one. However if we are within the number of days set by the threshold, then generate the certificate before it expires. The default is 1 year from the end validity. 2021-02-23 10:17:56 -05:00
Cyrus
9c3dfe16b1 Modified the policy page controller by adding a new method to work on a form request from the policy page for enabling the generate issued attestation certificate based on a time frame rather than never or on each provision. 2021-02-16 10:30:21 -05:00
Cyrus
a41d1484e1 Updated the printing of the event number for the failed events. This is to match them with the event number on the support rim page. Support rim page starts at 1 but the method used on the failure page starts at 0. Also while investigating this issue, I noted that the coloring of the failure event disappears after the first viewing of that page. This was fixed. The conditions to check for an error were being ignored after the first load. 2021-02-12 09:01:35 -05:00
Cyrus
dcf0ec8101 Merge branch 'master' into aic-policy-rule 2021-02-11 14:13:28 -05:00
chubtub
847bad5201 Update verification date 2021-02-10 09:54:06 -05:00
chubtub
95bf9d9317 Updated SN, component data, and CSV output format. 2021-02-09 09:39:46 -05:00
chubtub
177e307a17 Add input formatting and validation to client and server side. Close dialog box on submission. 2021-02-09 09:39:43 -05:00
chubtub
4acfbf3026 Single download link for the entire page. Added date range begin and end fields. Pass timestamp to controller to filter reports. Format file in CSV. 2021-02-09 09:39:42 -05:00
chubtub
3cd9e06f97 Add user input fields to modal dialog. Handle user input, collect device report data, and write to local file. 2021-02-09 09:39:42 -05:00
chubtub
bb6cbfe871 Front end change: display modal dialog for user input on download link click. 2021-02-09 09:39:42 -05:00
chubtub
18ec7d4a5b Controller changes: Pull platform credential for device and parse info 2021-02-09 09:39:42 -05:00
chubtub
a4d639925e Frontend changes: download link to validation report 2021-02-09 09:39:42 -05:00
Cyrus
5e4dc8ce82 Merge branch 'master' into Unmatched-component-refactor 2021-02-08 15:23:21 -05:00
Cyrus
4999c96685 Updated code to correct situations that were not linking up with properly for delta and platform certificate component validation. 2021-02-05 16:10:15 -05:00
Cyrus
677716fa08 Merge branch 'master' into Unmatched-component-refactor 2021-02-04 08:51:31 -05:00
Cyrus
2d9bbe1bd7 initial commit 2021-02-01 11:24:20 -05:00
Cyrus
fa6b64d38a Removed unused statement 2021-01-08 07:20:18 -05:00
Cyrus
e0ae088401 Remove error statement 2021-01-08 07:07:16 -05:00
Cyrus
43c9f04d60 Updated some of the checks for the search text for the summary. 2021-01-07 16:00:56 -05:00
Cyrus
f361a49a74 Resovled the issue of the DBX variable not showing up under the correct category when present. The search for the DB variable also checks the DBX so it never actually hit the DBX if statement.` 2021-01-07 13:40:40 -05:00
Cyrus
ab8d30ee82 Corrected the missing boot order entry on the page and updated how the boot variables are searched for. However, DBX is still not showing up. 2021-01-07 09:48:04 -05:00
Cyrus
08c0daf9be Initial Commit 2021-01-06 15:45:50 -05:00
Cyrus
c181665ad9
Merge pull request #326 from nsacyber/issue-324
[#324]  Update filenames when downloading (RIM)
2021-01-05 11:12:25 -05:00
Cyrus
90a6e75f59 Removed unused import 2021-01-04 08:56:41 -05:00
Cyrus
7028810707 This latest push should have the code that'll highlight the components based on a string rather than the serial number. This also adds additional checks for the validity begin date of the delta not matching or being before the base. It also checks that they don't have the same certificate serial number. 2020-12-30 08:41:47 -05:00
Cyrus
640966ae8c Removed debug statement 2020-12-14 11:40:04 -05:00
Cyrus
62c7ca2d90 This PR is to address issue #308. The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string. 2020-12-11 14:47:46 -05:00
Cyrus
209024c12a Cleaned up some comments and code. 2020-12-07 09:47:54 -05:00
Cyrus
e64c6cf772 Merge branch 'master' into aic-policy-rule 2020-12-03 13:34:29 -05:00
Cyrus
e32e9412d8 Merge branch 'master' into Unmatched-component-refactor 2020-12-03 13:20:12 -05:00
Cyrus
b56fb73801 Updated the file to just use the fileName from the ReferenceManifest for the downloaded name. 2020-12-02 19:40:50 -05:00
Cyrus
9433c97dc9 The code now uses a combination of the class value and the platform manufacturer and model to identify mismatches. This now highlights the failured components 2020-11-25 08:02:45 -05:00
Cyrus
781dc92d95 Added a bug fix for support rim and base rim display. If the Support RIM was uploaded, separately, first, then the Base; the base RIM details page would display a linked Support RIM but no expected PCR values. 2020-11-24 10:13:00 -05:00
Cyrus
fbdcf83840 Continued refactoring to update the failed components part of the attribute validation. The delta mapping needs to be reworked to not use serials. 2020-11-23 14:46:29 -05:00
Cyrus
fddc65e6cf Simplified the code to do the same thing 2020-11-20 09:50:57 -05:00
Cyrus
91fbc7cfd2 Initial commit, that adds an additional check to the file being uploaded to the rim page to ensure that it is a valid file. 2020-11-20 09:42:37 -05:00
Cyrus
2b41720ded Merge branch 'master' into update-component-failure-highlight 2020-11-17 15:24:27 -05:00
Cyrus
1339f2b63c
Merge pull request #315 from nsacyber/rim_display_error
[#314] Support RIM bug fixes
2020-11-17 09:34:34 -05:00
chubtub
e3b5d164a3 Add SKI to front end. Extract PK from base RIM to validate signature if not found in db 2020-11-16 16:43:11 -08:00
Cyrus
6eeb630a75 This PR addresses the bugs identified in #314. Due to previous changes to the RIM upload process, the suppor RIM was not being updated properly when manually uploaded.
Closes #314
2020-11-12 13:45:38 -05:00
Cyrus
f7912908e0 Final changes to be tested against component failures 2020-11-12 09:58:18 -05:00
Cyrus
bdb32d13ad initial commit 2020-11-09 12:45:36 -05:00
Cyrus
967d9a0030 Merge branch 'master' into aic-policy-rule 2020-11-09 07:24:33 -05:00
Cyrus
e152ba1a33 Updated the indenting for the coloring of mismatched log entries. 2020-11-06 11:26:38 -05:00
Cyrus
9aa2c6a46d Merge branch 'master' into client-display-log-mismatch 2020-11-06 09:17:38 -05:00
Cyrus
ed7dea3706 Merge branch 'master' into aic-policy-rule 2020-11-06 06:42:44 -05:00
Cyrus
b2bf3013fc Git merge didn't update the refactor of BiosMeasurement to EventLogMeasurements 2020-11-05 13:36:35 -05:00
chubtub
302ffd81ee Load Schema object in ReferenceManifestValidator class with controller class instantiation to save time 2020-11-05 11:07:17 -05:00
chubtub
24cf71642d Add validation for support RIM hash and base RIM signature. 2020-11-05 11:07:17 -05:00
Cyrus
1dd64ad44b Moved Generate policy option. 2020-10-29 12:28:10 -04:00
Cyrus
e1c3a1fc0f Initial Commit 2020-10-29 08:58:37 -04:00
Cyrus
eed8e94c29 Some html tweaks were made to the display and search functionality of the RIM event log page. 2020-10-26 07:56:24 -04:00
Cyrus
70c4d5aeff Updated margins for log matching 2020-10-23 11:50:45 -04:00
Cyrus
2ef00cd5d6 Cleaned up css/html code for a cleaner and easier display layout 2020-10-23 08:37:41 -04:00
Cyrus
d7ade70b5c This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline. 2020-10-22 13:32:30 -04:00
Cyrus
96970142cb This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim. 2020-10-19 13:06:44 -04:00
Cyrus
4b0bb2df91 This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag. 2020-10-09 10:48:17 -04:00
Cyrus
17728d3019 Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display. 2020-10-06 07:42:15 -04:00
Cyrus
89dd2084c2 Merge branch 'master' into rimel-delete-details 2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8 Additional visual changes 2020-09-30 10:02:33 -04:00
Cyrus
2b57207445 Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action. 2020-09-30 07:51:27 -04:00
Cyrus
2cb7c26fc3 Simplified names of initialData fields for RIM details page/controller 2020-09-29 06:27:43 -04:00
Cyrus
778380f70c This should finish off the code changes for issues #280. 2020-09-25 08:57:12 -04:00
Cyrus
3636782987 This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable 2020-09-24 09:58:10 -04:00
Cyrus
be4d4adb84 Updated line length over 100 characters 2020-09-21 08:35:39 -04:00
Cyrus
c18124e5ac Firmware validation produces 2 summaries. However, they both shouldn't be displayed. Added the restriction on the page controller to not display archived summaries. 2020-09-21 08:19:39 -04:00
Cyrus
39cfaa5fac After discussion, the concept of a Support RIM was clarified and because of this the ReferenceManifest.java file has to be updated to treat the Support rim similarly to the Base (which is a binary file vs an XML file). This initial code push is the beginning of that 2020-09-21 07:34:07 -04:00
Cyrus
6ae95da3a0 Merge branch 'master' into aca-test-validation 2020-07-29 09:47:41 -04:00
Cyrus
2b2e7c744b Updated the messaging for an invalid swid tag file and added .log as another type of tmp log file to extension to accept. 2020-07-29 09:27:15 -04:00
Cyrus
29789e2fbe Updated Reference Manifest Page Controller so that the files being uploaded are properly handled. Swid tag files that ended with 'new' were being saved as if they were tpm log files. Updated how the code detects the type of file so that bin/rim/rimel are tested for and saved while anything else is processed as a swid tag. 2020-07-28 11:53:47 -04:00
Cyrus
3e9d26f598 This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database. 2020-07-17 12:44:31 -04:00
Cyrus
dbbcca8718 Updated error text for file not found and column header for RIM payloads. 2020-06-26 08:33:38 -04:00
Cyrus
e763461e46 Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag. 2020-06-25 08:47:51 -04:00
Cyrus
d41cb46468
[#260] RIM validation report page links (#264)
* Made some minor tweaks to investigate supply chain validation report bug.  The bug doesn't save the summary report for some unknown reason (no error currently appears).  This change uses the device object to retrieve a RIM.  Still need Attestation Certificate to pull PCRs from quote.  A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
Cyrus
6a62002b05
[#265] IMA/TBoot PCR ignore policy (#271)
* Updated code to include an official policy to ignore IMA and TBoot.  The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
iadgovuser26
f2fd7f31bd conflict resoltion step 1 2020-06-10 14:04:23 -04:00
Cyrus
da5bc217ef
[#236] Firmware validation update part 2 (#259)
* Modified the hirs.data.persist package to have better fidelity into the objects necessary to create and maintain a baseline.  the info objects will be next.
2020-06-10 11:17:45 -04:00
iadgovuser26
f24c53f6c6 Added support for obtaining event and content data. Removed TCGLogProcessor. 2020-05-13 08:06:58 -04:00
iadgovuser26
7a9dc26df5 Added TCG Event Processing. 2020-05-01 09:18:14 -04:00
Cyrus
2805df9f8b
[#236] Firmware validation update part 1 (#243)
* This commit includes changes to the provisioner for what is sent up.  Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236.  The Provisioner sends up and updated list of pcrs that include 256, not just sha1.  The validation and policy pages have been updated.  A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
21db725815
[#230] Update RIM details page to display PCRs (#233)
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag.  This code includes some additions from #217, slightly modified.

* This code update include changes to import, archive and delete a swidtag into the RIM object.

* Updated the code with additional checks on the uploaded file locations.  Added the number associated with the PCR value to the detail page.

* This change fixes the bug that caused the rim detail page to go blank if the associated event log file associated with the resource file doesn't exist.

Co-authored-by: lareine <lareine@tycho.ncsc.mil>
2020-03-06 07:06:09 -05:00