175 Commits

Author	SHA1	Message	Date
Cyrus	4911742c7a	This is a checkout of some changes to the resource management for swid tags so that the file name listed is associated with the stored support RIMS.	2021-03-30 06:35:14 -04:00
Cyrus	a6c6fbfb31	Made some changes for using just the RIM Hash to pull support rims from the database to associated with the swid tag. Changed the rim hash from and int to a string.	2021-03-25 13:28:31 -04:00
Cyrus	c290ba25be	Modified how unmatched log events are tested. Now it uses the reference event value from the database.	2021-03-23 13:13:17 -04:00
Cyrus	108748fb2a	Undid some code and change the Digest Value class into a table in the database. This code then updates those values when a provision is initiated. At this time, that is all it does.	2021-03-19 11:01:25 -04:00
Cyrus	53cb300063	This is an initial commit with changes that add new classes for digest reference matching.	2021-03-17 10:23:08 -04:00
Cyrus	9134e2ab9d	Merge branch 'master' into rim_digest_store	2021-03-12 07:33:47 -05:00
Cyrus	accbc422e7	This adds the additional classes	2021-03-11 10:56:19 -05:00
Cyrus	19aa3c27a1	initial commit with the structures that are to be set up	2021-03-11 10:55:22 -05:00
Cyrus	c66f4f7648	Merge pull request #334 from nsacyber/Unmatched-component-refactor ... Unmatched component refactor	2021-03-09 13:07:16 -05:00
Cyrus	9008972fbc	Cleared all build errors	2021-03-08 06:43:10 -05:00
Cyrus	0e3eabc34f	Removed unused import	2021-03-08 06:31:31 -05:00
Cyrus	bd5bca58ea	I have modified the code to correct handle the situation in which the device has more components than the certificate and I have taken steps to make the system test GOOD pass for test A6, A7 and A8.	2021-03-05 15:36:29 -05:00
Cyrus	763dcbd975	These are changes that were made in the system-tests-test that resolved the issues in the first TPM 2.0 system tests on travis.	2021-03-04 08:01:18 -05:00
Cyrus	8a571f1788	When a delta has the component that is bad, not the base, it wasn't highlighting. This is because the component failures wasn't be updated and then the certificate needed to be updated as well.	2021-02-25 06:59:56 -05:00
Cyrus	a5184f5a5b	Final changes that adds in the additional setting for the renewal period threshold. This value indicates that if the end validity has been reached for the current issued attestation certificate, then don't generate one. However if we are within the number of days set by the threshold, then generate the certificate before it expires. The default is 1 year from the end validity.	2021-02-23 10:17:56 -05:00
Cyrus	dcf0ec8101	Merge branch 'master' into aic-policy-rule	2021-02-11 14:13:28 -05:00
Cyrus	9917fadef7	On a previous commit, I removed a piece of code that checked the base credential first. Because the delta fixed a problem in the base, the base failed before the delta was checked. This was completely removed. On a test that we had previously done, the test passes when it should fail because there is only a base, so that check isn't being done. This change reintroduces the check but in a different location with flags for when there is a delta present.	2021-02-09 13:30:37 -05:00
Cyrus	69cd06df3b	Merging error didn't include the update to Assert.State	2021-02-09 06:54:31 -05:00
Cyrus	5e4dc8ce82	Merge branch 'master' into Unmatched-component-refactor	2021-02-08 15:23:21 -05:00
Cyrus	7b79ceb07a	Found the issue with the component being removed that doesn't have a proper serial number and adding one with it. The code was revalidating the base in the attributes enabled flag. This was unncessary.	2021-02-08 14:25:10 -05:00
Cyrus	4999c96685	Updated code to correct situations that were not linking up with properly for delta and platform certificate component validation.	2021-02-05 16:10:15 -05:00
Cyrus	677716fa08	Merge branch 'master' into Unmatched-component-refactor	2021-02-04 08:51:31 -05:00
Cyrus	447c817839	Updated the lists for the left over components.	2021-02-02 12:57:55 -05:00
Cyrus	2d9bbe1bd7	initial commit	2021-02-01 11:24:20 -05:00
Cyrus	8d6a697a23	Removed some unnecessary comments	2021-01-28 08:08:12 -05:00
Cyrus	653bfddc6d	Updated some code and took out things that didin't need to be in the official build for unit tests	2021-01-21 07:40:55 -05:00
Cyrus	5589096443	Cleaned up some stuff I found during code compare in github.	2021-01-20 13:23:51 -05:00
Cyrus	acc022d784	Finalized clean up.	2021-01-20 13:05:43 -05:00
Cyrus	e9eef0e5b3	Updated the code to go through the serial numbers that are valid numbers verus generic filler. Tested against the provisioner.	2021-01-20 08:00:24 -05:00
Cyrus	fa12614221	Testing out new code	2021-01-14 10:34:27 -05:00
Cyrus	beb1ccbee3	Updated a supply chain validation check for delta certificates. Updated the check for duplicate base platform certificates when storing them for the same device and updated the begin validity date for the delta vs the base check.	2021-01-12 12:26:54 -05:00
Cyrus	fcb496686c	This includes some refactoring of the component identifier.	2021-01-11 13:24:49 -05:00
Cyrus	7028810707	This latest push should have the code that'll highlight the components based on a string rather than the serial number. This also adds additional checks for the validity begin date of the delta not matching or being before the base. It also checks that they don't have the same certificate serial number.	2020-12-30 08:41:47 -05:00
Cyrus	1db52cebf9	This is a stopping point because the code can't be fully worked out because the data (certificates) aren't correct.	2020-12-17 07:24:51 -05:00
Cyrus	8fa5dfdd9e	Removed unused imports	2020-12-14 10:57:35 -05:00
Cyrus	62c7ca2d90	This PR is to address issue #308. The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string.	2020-12-11 14:47:46 -05:00
Cyrus	e64c6cf772	Merge branch 'master' into aic-policy-rule	2020-12-03 13:34:29 -05:00
Cyrus	e32e9412d8	Merge branch 'master' into Unmatched-component-refactor	2020-12-03 13:20:12 -05:00
Cyrus	a32d3a5f02	Remove comments	2020-12-01 09:46:05 -05:00
Cyrus	29b7d466cd	Updated wording in validation for failed trust store	2020-11-30 09:23:10 -05:00
Cyrus	9433c97dc9	The code now uses a combination of the class value and the platform manufacturer and model to identify mismatches. This now highlights the failured components	2020-11-25 08:02:45 -05:00
Cyrus	ffbcebbf11	Found the issue with the isMatch class not working. The component class string for the class value has a pound sign.	2020-11-24 09:12:00 -05:00
Cyrus	fbdcf83840	Continued refactoring to update the failed components part of the attribute validation. The delta mapping needs to be reworked to not use serials.	2020-11-23 14:46:29 -05:00
Cyrus	2b41720ded	Merge branch 'master' into update-component-failure-highlight	2020-11-17 15:24:27 -05:00
chubtub	e3b5d164a3	Add SKI to front end. Extract PK from base RIM to validate signature if not found in db	2020-11-16 16:43:11 -08:00
Cyrus	e8f5107137	Updating code to use a different format for identifying failed components.	2020-11-09 13:59:19 -05:00
Cyrus	bdb32d13ad	initial commit	2020-11-09 12:45:36 -05:00
Cyrus	967d9a0030	Merge branch 'master' into aic-policy-rule	2020-11-09 07:24:33 -05:00
Cyrus	9aa2c6a46d	Merge branch 'master' into client-display-log-mismatch	2020-11-06 09:17:38 -05:00
Cyrus	ed7dea3706	Merge branch 'master' into aic-policy-rule	2020-11-06 06:42:44 -05:00