chubtub
7d8df398e7
Controller class for returning TPM Event data to jsp
2022-02-17 13:08:06 -05:00
chubtub
b1d4ef7c1e
Front end changes for new TPM Events page
2022-02-17 13:08:06 -05:00
chubtub
565ccd6758
Add support rim link to frontend.
2022-02-16 16:05:37 -05:00
chubtub
1d57ab0d09
Revert "Decode the event content for display on the frontend."
...
This reverts commit 2671a572ba
.
2022-02-16 11:17:25 -05:00
chubtub
2671a572ba
Decode the event content for display on the frontend.
2022-02-14 17:24:33 -05:00
Cyrus
81068850bd
Added change to the null condition check for the policy threshold
2022-02-14 14:46:15 -05:00
Cyrus
caa2a7c55b
Removed the RIM controller tests
2022-02-14 10:26:07 -05:00
Cyrus
1f2be7ce18
Updated the live log information if the base and support rim are not
...
uploaded together.
2022-02-11 08:01:28 -05:00
Cyrus
b5d01a3997
Merge branch 'issue-395' of https://github.com/nsacyber/HIRS into issue-395
2022-02-03 13:47:44 -05:00
Cyrus
6d4ee92b5f
Updated the code to properly assign the base rim ID to the tpm events
...
link and updated the image for the nav bar tpm events
2022-02-03 12:04:12 -05:00
chubtub
79a132e74f
Merge branch 'issue-395' of github.com:nsacyber/HIRS into issue-395
2022-02-02 10:40:50 -05:00
chubtub
862387230a
Rename tpm-events to rim-database. Add link to index page.
2022-02-02 10:39:22 -05:00
Cyrus
c5e3823acd
The event selector was removed. It was not needed, but the event
...
manager was modified to pull the right data.
2022-02-02 09:28:35 -05:00
Cyrus
035efad9d2
Updated code allows the tpm event table to be searched and information
...
updated when the swidtag is added.
2022-01-31 14:11:36 -05:00
chubtub
ea6bb48d06
Merge branch 'master' into issue-395
2022-01-27 10:58:16 -05:00
chubtub
9150d2d2d8
Add link to Base RIM
2022-01-26 17:41:58 -05:00
chubtub
c4b6aca667
Merge branch 'issue-395' of github.com:nsacyber/HIRS into issue-395
2022-01-24 14:35:01 -05:00
Cyrus
f503457bd4
Refactored the Reference Digest code so that the ReferenceDigestValue
...
table is accessible and upated the contoller for the getOrderedList.
2022-01-21 06:29:53 -05:00
Cyrus
9b133231a2
Temporary removal of policy page option for LDevID generation
2022-01-11 10:05:27 -05:00
Cyrus
6d8392da45
Prelminary changes to remove ReferenceDigestRecord as a database object.
2022-01-11 10:02:38 -05:00
chubtub
fc7d8b5dd1
Merge branch 'master' into issue-395
2022-01-07 09:36:50 -05:00
chubtub
a71e7130ab
WIP: frontend hangs while getting records from backend
2022-01-04 11:07:18 -05:00
iadgovuser26
bf8ef387c1
Merge pull request #407 from nsacyber/issue-381
...
[#381 ] Update RIM validation in ACA
2021-12-16 10:39:58 -05:00
iadgovuser29
a5c5a3ac60
Add additional location for pci.ids file and fix checkstyle issues from
...
previous commit.
2021-12-02 12:28:41 -05:00
iadgovuser26
f8e549a458
Merge pull request #399 from nsacyber/certificate-bulk-download
...
Bulk Certificate Download
2021-12-02 11:04:40 -05:00
chubtub
d183504a3f
Merge branch 'master' into issue-381
2021-11-10 10:08:42 -05:00
Cyrus
0934b3106f
Merge pull request #420 from nsacyber/base-rim-link-fix
...
RimLinkHash Fix
2021-11-10 10:06:11 -05:00
Cyrus
70d92c4b38
Merge pull request #417 from nsacyber/issue-404
...
[#404 ] PXE Policy options
2021-11-10 10:05:52 -05:00
Cyrus
04b050de15
The rimlinkhash meta information wasn't linking up with the associated swidtag. This is because the wrong hash look up was being used. Previously when the hexDecHash and base64Hash were implemented, the main focus was on the rimel and not the swidtag.
2021-11-10 09:50:17 -05:00
Cyrus
2d9fb19d38
Updated the new polices after doing a bit of testing to make sure that they do ignore when there is a failure on that specific bit.
2021-11-10 07:27:33 -05:00
chubtub
0c233ae771
Set signature validity so that the ACA can report accurately
2021-11-08 14:51:38 -05:00
chubtub
3a6be133eb
Checkstyle changes
2021-11-08 14:51:38 -05:00
chubtub
962ca45bb7
Modify ACA RIM validation to search for a signing cert if the base RIM does not have an embedded cert. Validate the ca chain of the found signing cert.
2021-11-08 14:46:04 -05:00
Cyrus
bd5d905990
Updated the code to include bulk downloads for issued, eks.
2021-11-04 15:55:55 -04:00
Cyrus
2b7b4bfdd1
Updated the labeling for the Trust chain and platform certificates. The import label is removed and the download icon moved next to the import button. Added the same functionality to the RIMs.
2021-10-29 15:42:57 -04:00
Cyrus
aae6845730
Initial Commit. This adds the visual object to the policy page.
2021-10-29 14:55:23 -04:00
Cyrus
b0835d1cf5
Changed the compare to the hash value for the file instead of the filename.
2021-10-27 08:58:51 -04:00
Cyrus
bb6ec6cc4b
The rim hash validation icon is coming up red when both base and support RIMs are loaded. This fixes that issue.
2021-10-26 11:09:36 -04:00
chubtub
0b4febf53b
WIP: frontend hangs while getting records from backend
2021-10-20 14:57:52 -04:00
Cyrus
8f2290300e
The wrong hash was use for the look up
2021-10-18 09:53:59 -04:00
Cyrus
9492c680da
There was an checkstyles error that needed to be corrected.
2021-10-12 08:41:45 -04:00
Cyrus
ee7befca81
This initial commit adds the ability to download all platform credentials and trust chain credentials from their respective pages in a bulk zip.
2021-10-08 16:35:40 -04:00
chubtub
324865b434
Merge branch 'master' into issue-395
2021-10-06 15:01:02 -04:00
chubtub
84a2ff723c
Controller class for returning TPM Event data to jsp
2021-10-06 15:00:23 -04:00
chubtub
386d467016
Front end changes for new TPM Events page
2021-10-05 14:56:27 -04:00
Cyrus
e51f01d52e
Changed DevID to LDevID on the policy page and removed the Attestation reference for LDevID
2021-10-04 10:37:02 -04:00
Cyrus
f8a3ccd962
This is an initial commit updates the policy page. Adds additional policies for generating a DevID. The underlying code doesn't actually generate one yet. But the SupplyChainPolicy holds the flags.
2021-09-17 07:55:44 -04:00
iadgovuser26
6a11cb35ce
Delete HIRS_ACA_UsersGuide_1.0.3.pdf
...
Removed older version of the users guide.
2021-08-26 11:31:14 -04:00
iadgovuser26
3e4a09753f
Add files via upload
...
Added TCG Rim Tool Users Guide and TCG Event Log Users Guide.
2021-08-26 11:28:29 -04:00
Cyrus
cac913af11
Updated the component class to no longer use ints but instead use only Strings
2021-07-01 12:49:35 -04:00
Cyrus
5c448057d4
Merge branch 'master' into fm-validation-pass-link
2021-06-28 12:15:47 -04:00
Cyrus
bdbe9332bc
Resolved the merge conflicts.
2021-06-28 12:04:54 -04:00
Cyrus
b6f4c294d1
Some finaly changes to the failed event display
2021-06-28 10:30:45 -04:00
Cyrus
8a9e5059d8
Minor visual updates to the event log failure page
2021-06-25 13:00:20 -04:00
chubtub
93f212a193
Modify ReferenceManifestDetailsPageController class to include cert path check in reporting RIM signature validity.
2021-06-25 11:40:08 -04:00
Cyrus
94930e981a
Finished updating the title for the new page
2021-06-21 15:51:31 -04:00
Cyrus
b06025a71f
Updated the Event Log Measurements class to use a hash for lookup
2021-06-17 12:52:28 -04:00
Cyrus
c523dda558
Some additional minor changes that are to address the event log being the object that is linked when the firmware validation passes.
2021-06-15 09:15:55 -04:00
Cyrus
1ec644eccc
Added an additional catch statement to the parsing of Certificates that are PEM in case of a DecoderException for Base64.decode method. Instead of going to a blank page with the error, the ACA catches the exception and states on the page in which the file was uploaded to.
2021-06-10 11:19:38 -04:00
Cyrus
9c060dec55
Updated event log measurements to pass in the overall result status. However display isn't printing out correctly.
2021-06-09 11:07:11 -04:00
Cyrus
218002a3c2
Merge remote-tracking branch 'origin/digest-implement-final' into fm-validation-pass-link
2021-06-08 22:19:52 -04:00
Cyrus
8a258f2b76
Updated some text associated with the rimType
2021-05-28 08:48:40 -04:00
Cyrus
0e8e88b536
This commit has updated changes that save both a base64 and a hex dec value of the RIM file hash to the database. Depending on what is needed, they are used to pull either the base or support RIM. Also fixed the link for the rimlinkhash on the details page.
2021-05-27 13:46:43 -04:00
lareine
93b65edae4
added new version of the HIRS ACA Users Guide
2021-05-24 15:55:56 -04:00
Cyrus
efa2cada2d
Updated the Rel Link References for the swid tag details pages. The previous set up didn't discern between a tag id and an actual url.
2021-05-21 06:40:06 -04:00
Cyrus
5162f7b187
Updated the details page for RIMs to check if the rim hash link entry exists, if not don't display valid check.
2021-05-21 05:56:21 -04:00
chubtub
59dff64af4
Support for -j|--json option to output validation report data in JSON format. Add shorthand options for script parameters and update help menu.
2021-05-20 12:06:20 -04:00
Cyrus
65d596a756
Some additional updates that included deviceNames as a means to pull RIM information. In addition updated the display of the failures, adding filters for like events from the baseline.
2021-05-20 06:26:07 -04:00
Cyrus
ddc36d81f4
This set of code changes deals with the displaying of failed digests values from the validation process. The way there were displayed before was going to be unsustainable because event numbers will never match up. There for a direct compare to a failed event would never be accurate.
2021-05-17 12:44:03 -04:00
chubtub
da7e1de7f3
Support -m|--manufacturer and -s|--serial filter options from commandline in controller class.
2021-05-11 13:06:37 -04:00
Cyrus
3b33bd60b8
The main change in this commit adjusts how the base and support rim are pulled for validation in the environment with multiple Base and Support RIMs per device/manufacturer/model.
2021-05-11 09:44:10 -04:00
Cyrus
1b06d956b4
Updated how the swidtags and support files are updated when imported.
2021-05-07 10:57:19 -04:00
Cyrus
5acc393541
This commit adds several changes that updates how the RIM files are accessed and made accessible from the DB as well as what is shown visually when there is a validation failure and the measurement log is shown.
2021-05-06 08:43:26 -04:00
chubtub
12d03ea2ea
Support --system-only and --component-only options from commandline in controller class.
2021-05-05 12:54:43 -04:00
Cyrus
1d33054577
Merge pull request #350 from nsacyber/ignore-gpt-events
...
[#349 ] Ignore GPT PCR
2021-05-04 10:14:53 -04:00
Cyrus
5a040483da
Fixed a checkstyle issue
2021-04-14 15:35:22 -04:00
Cyrus
85d8f0342e
Fixed up the PMD issue
2021-04-14 14:52:45 -04:00
Cyrus
b52b8101a6
The new policy setting is supposed to be default on.
2021-04-14 14:23:43 -04:00
Cyrus
523bae8f9d
This set of code adds an additional policy to the page for the GPT PCR. Details for the change can be found in issue #349 .
2021-04-14 13:55:52 -04:00
Cyrus
d80e6d309b
Updated how the error checking for the digest failure is handled for the details page.
2021-04-14 11:17:10 -04:00
Cyrus
5a82e48b61
Merge branch 'master' into event-digest-update
2021-04-13 08:50:42 -04:00
Cyrus
e70e019c6b
This commit has some changes to how patch and supplemental are handled. It adds some flags to the Record and Value objects to note that data has been processed so that multiple entries aren't created.
2021-04-13 07:45:52 -04:00
Cyrus
760f246096
Merge pull request #342 from nsacyber/rim_digest_store
...
[#341 ] RIM Event Digest Store
2021-04-13 07:45:17 -04:00
Cyrus
c46aa2b48b
Merge pull request #348 from nsacyber/certificate-failure-fidelity
...
Certificate Failure Fidelity
2021-04-09 14:15:43 -04:00
Cyrus
6d435f9783
This commit adds some changes to the details page for RIMs so that the patch or supplemental RIM doesn't display "file not found" for the expected pcr values section
2021-04-09 12:27:55 -04:00
Cyrus
ea5b85b703
Updated the code to now display the var swidtag and rimel. However there are issues with the examples. This commit has fixes for how the pcr values are pulled for display on the base RIM page.
2021-04-02 06:34:47 -04:00
Cyrus
48c934d35f
Merge pull request #347 from nsacyber/serial-number-display-fix
...
Serial Number Display Fix
2021-04-02 06:10:53 -04:00
chubtub
8727a9b210
Merge pull request #339 from nsacyber/issue-336
...
[#336 ] Script to download ACAPortal validation reports
2021-03-30 09:49:03 -04:00
Cyrus
44632e8e04
Updated the code for authority serial number and serial number for the general info for any certificate to no longer use the getLong method of the Big Integer object. This truncated the value. Instead, the new code uses the Hex.toHexString method from bouncy castle.
2021-03-30 08:06:26 -04:00
Cyrus
4911742c7a
This is a checkout of some changes to the resource management for swid tags so that the file name listed is associated with the stored support RIMS.
2021-03-30 06:35:14 -04:00
Cyrus
f2308f2955
Updated the isIssuer and the containsAll to allow the reason for the platform certificate failure isn't that the issuer is missing but that the issuer available fails the public key on the details page for certificates
2021-03-26 10:32:19 -04:00
Cyrus
a6c6fbfb31
Made some changes for using just the RIM Hash to pull support rims from the database to associated with the swid tag. Changed the rim hash from and int to a string.
2021-03-25 13:28:31 -04:00
Cyrus
2110b7e94d
Merge branch 'rim_digest_store' into event-digest-update
2021-03-23 11:31:42 -04:00
Cyrus
108748fb2a
Undid some code and change the Digest Value class into a table in the database. This code then updates those values when a provision is initiated. At this time, that is all it does.
2021-03-19 11:01:25 -04:00
Cyrus
6e8086c59e
This is a change to the details page handler for the RIM files. The rimel files that are uploaded by themselves are not updated with manufacturer or model information, and the controllers are referencing that information when looking up database information. This causes a null exception and a funky output on the screen. This commit fixes this issue.
2021-03-17 10:39:39 -04:00
Cyrus
53cb300063
This is an initial commit with changes that add new classes for digest reference matching.
2021-03-17 10:23:08 -04:00
chubtub
175d2238d2
Add ACA address as option 3rd commandline parameter. Handle case where no reports are available or selected for download.
2021-03-16 11:09:58 -04:00
chubtub
7064c00c0b
Detect component failures in delta certs for validation reports
2021-03-16 10:18:06 -04:00
chubtub
3d13b8b72f
Add column in csv file for platform cert issuer for each component identifier
2021-03-16 09:16:45 -04:00
chubtub
c0a056b987
Script to download the validation report(s) from the ACAPortal from the command line.
2021-03-11 11:51:26 -05:00
chubtub
a380db58fa
Merge pull request #328 from nsacyber/issue-281
...
Validation report file
2021-03-11 10:56:00 -05:00
Cyrus
c66f4f7648
Merge pull request #334 from nsacyber/Unmatched-component-refactor
...
Unmatched component refactor
2021-03-09 13:07:16 -05:00
Cyrus
28f0fdb3e1
Merge pull request #309 from nsacyber/aic-policy-rule
...
[#169 ] AIC policy rule
2021-03-09 10:52:01 -05:00
Cyrus
763dcbd975
These are changes that were made in the system-tests-test that resolved the issues in the first TPM 2.0 system tests on travis.
2021-03-04 08:01:18 -05:00
Cyrus
6e470e2b04
Updated the wording for the policy setting page.
2021-02-23 13:27:43 -05:00
Cyrus
a5184f5a5b
Final changes that adds in the additional setting for the renewal period threshold. This value indicates that if the end validity has been reached for the current issued attestation certificate, then don't generate one. However if we are within the number of days set by the threshold, then generate the certificate before it expires. The default is 1 year from the end validity.
2021-02-23 10:17:56 -05:00
Cyrus
9c3dfe16b1
Modified the policy page controller by adding a new method to work on a form request from the policy page for enabling the generate issued attestation certificate based on a time frame rather than never or on each provision.
2021-02-16 10:30:21 -05:00
Cyrus
a41d1484e1
Updated the printing of the event number for the failed events. This is to match them with the event number on the support rim page. Support rim page starts at 1 but the method used on the failure page starts at 0. Also while investigating this issue, I noted that the coloring of the failure event disappears after the first viewing of that page. This was fixed. The conditions to check for an error were being ignored after the first load.
2021-02-12 09:01:35 -05:00
Cyrus
dcf0ec8101
Merge branch 'master' into aic-policy-rule
2021-02-11 14:13:28 -05:00
chubtub
847bad5201
Update verification date
2021-02-10 09:54:06 -05:00
chubtub
95bf9d9317
Updated SN, component data, and CSV output format.
2021-02-09 09:39:46 -05:00
chubtub
177e307a17
Add input formatting and validation to client and server side. Close dialog box on submission.
2021-02-09 09:39:43 -05:00
chubtub
4acfbf3026
Single download link for the entire page. Added date range begin and end fields. Pass timestamp to controller to filter reports. Format file in CSV.
2021-02-09 09:39:42 -05:00
chubtub
3cd9e06f97
Add user input fields to modal dialog. Handle user input, collect device report data, and write to local file.
2021-02-09 09:39:42 -05:00
chubtub
bb6cbfe871
Front end change: display modal dialog for user input on download link click.
2021-02-09 09:39:42 -05:00
chubtub
18ec7d4a5b
Controller changes: Pull platform credential for device and parse info
2021-02-09 09:39:42 -05:00
chubtub
a4d639925e
Frontend changes: download link to validation report
2021-02-09 09:39:42 -05:00
Cyrus
4999c96685
Updated code to correct situations that were not linking up with properly for delta and platform certificate component validation.
2021-02-05 16:10:15 -05:00
Cyrus
677716fa08
Merge branch 'master' into Unmatched-component-refactor
2021-02-04 08:51:31 -05:00
Cyrus
fa6b64d38a
Removed unused statement
2021-01-08 07:20:18 -05:00
Cyrus
e0ae088401
Remove error statement
2021-01-08 07:07:16 -05:00
Cyrus
43c9f04d60
Updated some of the checks for the search text for the summary.
2021-01-07 16:00:56 -05:00
Cyrus
f361a49a74
Resovled the issue of the DBX variable not showing up under the correct category when present. The search for the DB variable also checks the DBX so it never actually hit the DBX if statement.`
2021-01-07 13:40:40 -05:00
Cyrus
ab8d30ee82
Corrected the missing boot order entry on the page and updated how the boot variables are searched for. However, DBX is still not showing up.
2021-01-07 09:48:04 -05:00
Cyrus
08c0daf9be
Initial Commit
2021-01-06 15:45:50 -05:00
Cyrus
c181665ad9
Merge pull request #326 from nsacyber/issue-324
...
[#324 ] Update filenames when downloading (RIM)
2021-01-05 11:12:25 -05:00
Cyrus
90a6e75f59
Removed unused import
2021-01-04 08:56:41 -05:00
Cyrus
7028810707
This latest push should have the code that'll highlight the components based on a string rather than the serial number. This also adds additional checks for the validity begin date of the delta not matching or being before the base. It also checks that they don't have the same certificate serial number.
2020-12-30 08:41:47 -05:00
Cyrus
640966ae8c
Removed debug statement
2020-12-14 11:40:04 -05:00
Cyrus
62c7ca2d90
This PR is to address issue #308 . The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string.
2020-12-11 14:47:46 -05:00
Cyrus
209024c12a
Cleaned up some comments and code.
2020-12-07 09:47:54 -05:00
Cyrus
e64c6cf772
Merge branch 'master' into aic-policy-rule
2020-12-03 13:34:29 -05:00
Cyrus
e32e9412d8
Merge branch 'master' into Unmatched-component-refactor
2020-12-03 13:20:12 -05:00
Cyrus
b56fb73801
Updated the file to just use the fileName from the ReferenceManifest for the downloaded name.
2020-12-02 19:40:50 -05:00
Cyrus
9433c97dc9
The code now uses a combination of the class value and the platform manufacturer and model to identify mismatches. This now highlights the failured components
2020-11-25 08:02:45 -05:00
Cyrus
781dc92d95
Added a bug fix for support rim and base rim display. If the Support RIM was uploaded, separately, first, then the Base; the base RIM details page would display a linked Support RIM but no expected PCR values.
2020-11-24 10:13:00 -05:00
Cyrus
fbdcf83840
Continued refactoring to update the failed components part of the attribute validation. The delta mapping needs to be reworked to not use serials.
2020-11-23 14:46:29 -05:00
Cyrus
fddc65e6cf
Simplified the code to do the same thing
2020-11-20 09:50:57 -05:00
Cyrus
91fbc7cfd2
Initial commit, that adds an additional check to the file being uploaded to the rim page to ensure that it is a valid file.
2020-11-20 09:42:37 -05:00
Cyrus
2b41720ded
Merge branch 'master' into update-component-failure-highlight
2020-11-17 15:24:27 -05:00
Cyrus
1339f2b63c
Merge pull request #315 from nsacyber/rim_display_error
...
[#314 ] Support RIM bug fixes
2020-11-17 09:34:34 -05:00
chubtub
e3b5d164a3
Add SKI to front end. Extract PK from base RIM to validate signature if not found in db
2020-11-16 16:43:11 -08:00
Cyrus
6eeb630a75
This PR addresses the bugs identified in #314 . Due to previous changes to the RIM upload process, the suppor RIM was not being updated properly when manually uploaded.
...
Closes #314
2020-11-12 13:45:38 -05:00
Cyrus
f7912908e0
Final changes to be tested against component failures
2020-11-12 09:58:18 -05:00
Cyrus
bdb32d13ad
initial commit
2020-11-09 12:45:36 -05:00
Cyrus
967d9a0030
Merge branch 'master' into aic-policy-rule
2020-11-09 07:24:33 -05:00
Cyrus
e152ba1a33
Updated the indenting for the coloring of mismatched log entries.
2020-11-06 11:26:38 -05:00
Cyrus
9aa2c6a46d
Merge branch 'master' into client-display-log-mismatch
2020-11-06 09:17:38 -05:00
Cyrus
ed7dea3706
Merge branch 'master' into aic-policy-rule
2020-11-06 06:42:44 -05:00
Cyrus
b2bf3013fc
Git merge didn't update the refactor of BiosMeasurement to EventLogMeasurements
2020-11-05 13:36:35 -05:00
chubtub
302ffd81ee
Load Schema object in ReferenceManifestValidator class with controller class instantiation to save time
2020-11-05 11:07:17 -05:00
chubtub
24cf71642d
Add validation for support RIM hash and base RIM signature.
2020-11-05 11:07:17 -05:00
Cyrus
1dd64ad44b
Moved Generate policy option.
2020-10-29 12:28:10 -04:00
Cyrus
e1c3a1fc0f
Initial Commit
2020-10-29 08:58:37 -04:00
Cyrus
eed8e94c29
Some html tweaks were made to the display and search functionality of the RIM event log page.
2020-10-26 07:56:24 -04:00
Cyrus
70c4d5aeff
Updated margins for log matching
2020-10-23 11:50:45 -04:00
Cyrus
2ef00cd5d6
Cleaned up css/html code for a cleaner and easier display layout
2020-10-23 08:37:41 -04:00
Cyrus
d7ade70b5c
This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline.
2020-10-22 13:32:30 -04:00
Cyrus
96970142cb
This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim.
2020-10-19 13:06:44 -04:00
Cyrus
4b0bb2df91
This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag.
2020-10-09 10:48:17 -04:00
Cyrus
17728d3019
Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display.
2020-10-06 07:42:15 -04:00
Cyrus
89dd2084c2
Merge branch 'master' into rimel-delete-details
2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8
Additional visual changes
2020-09-30 10:02:33 -04:00
Cyrus
2b57207445
Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action.
2020-09-30 07:51:27 -04:00
Cyrus
2cb7c26fc3
Simplified names of initialData fields for RIM details page/controller
2020-09-29 06:27:43 -04:00
Cyrus
778380f70c
This should finish off the code changes for issues #280 .
2020-09-25 08:57:12 -04:00
Cyrus
3636782987
This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable
2020-09-24 09:58:10 -04:00
Cyrus
be4d4adb84
Updated line length over 100 characters
2020-09-21 08:35:39 -04:00
Cyrus
c18124e5ac
Firmware validation produces 2 summaries. However, they both shouldn't be displayed. Added the restriction on the page controller to not display archived summaries.
2020-09-21 08:19:39 -04:00
Cyrus
39cfaa5fac
After discussion, the concept of a Support RIM was clarified and because of this the ReferenceManifest.java file has to be updated to treat the Support rim similarly to the Base (which is a binary file vs an XML file). This initial code push is the beginning of that
2020-09-21 07:34:07 -04:00
Cyrus
6ae95da3a0
Merge branch 'master' into aca-test-validation
2020-07-29 09:47:41 -04:00
Cyrus
2b2e7c744b
Updated the messaging for an invalid swid tag file and added .log as another type of tmp log file to extension to accept.
2020-07-29 09:27:15 -04:00
Cyrus
29789e2fbe
Updated Reference Manifest Page Controller so that the files being uploaded are properly handled. Swid tag files that ended with 'new' were being saved as if they were tpm log files. Updated how the code detects the type of file so that bin/rim/rimel are tested for and saved while anything else is processed as a swid tag.
2020-07-28 11:53:47 -04:00
Cyrus
3e9d26f598
This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database.
2020-07-17 12:44:31 -04:00
Cyrus
dbbcca8718
Updated error text for file not found and column header for RIM payloads.
2020-06-26 08:33:38 -04:00
Cyrus
e763461e46
Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag.
2020-06-25 08:47:51 -04:00
Cyrus
d41cb46468
[ #260 ] RIM validation report page links ( #264 )
...
* Made some minor tweaks to investigate supply chain validation report bug. The bug doesn't save the summary report for some unknown reason (no error currently appears). This change uses the device object to retrieve a RIM. Still need Attestation Certificate to pull PCRs from quote. A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
Cyrus
6a62002b05
[ #265 ] IMA/TBoot PCR ignore policy ( #271 )
...
* Updated code to include an official policy to ignore IMA and TBoot. The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
iadgovuser26
f2fd7f31bd
conflict resoltion step 1
2020-06-10 14:04:23 -04:00
Cyrus
da5bc217ef
[ #236 ] Firmware validation update part 2 ( #259 )
...
* Modified the hirs.data.persist package to have better fidelity into the objects necessary to create and maintain a baseline. the info objects will be next.
2020-06-10 11:17:45 -04:00
iadgovuser26
f24c53f6c6
Added support for obtaining event and content data. Removed TCGLogProcessor.
2020-05-13 08:06:58 -04:00
iadgovuser26
7a9dc26df5
Added TCG Event Processing.
2020-05-01 09:18:14 -04:00
Cyrus
2805df9f8b
[ #236 ] Firmware validation update part 1 ( #243 )
...
* This commit includes changes to the provisioner for what is sent up. Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236 . The Provisioner sends up and updated list of pcrs that include 256, not just sha1. The validation and policy pages have been updated. A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
21db725815
[ #230 ] Update RIM details page to display PCRs ( #233 )
...
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag. This code includes some additions from #217 , slightly modified.
* This code update include changes to import, archive and delete a swidtag into the RIM object.
* Updated the code with additional checks on the uploaded file locations. Added the number associated with the PCR value to the detail page.
* This change fixes the bug that caused the rim detail page to go blank if the associated event log file associated with the resource file doesn't exist.
Co-authored-by: lareine <lareine@tycho.ncsc.mil>
2020-03-06 07:06:09 -05:00
Cyrus
5dbbbafafe
Updated a check on the SERIAL_INDEX in certificate string map builder. ( #235 )
2020-03-06 07:04:13 -05:00
Cyrus
4a6115f443
[ #212 ] Added functionality to process and display RIM files. ( #226 )
...
* Some initial additions to the details page for displaying Rim information.
* Initial changes for uploading a rim file.
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag. This code includes some additions from #217 , slightly modified.
* This code update include changes to import, archive and delete a swidtag into the RIM object.
* This commit consolidated the SwidTagGatway code and Constants into Reference Manifest.
* This is the final main push of code that will upload, process, store, retrive/delete and display the contents of a RIM swid tag.
* Interim commit for demo purposes.
* Updated Unit Tests
* This commit adds the unit tests that weren't added in the previous commit
* Updated code to reduce execution time when processing reference manifest objects.
* Updated code for better GUI performance.
* Removed previously added suppression entries.
2020-02-21 11:16:46 -05:00
Cyrus
84a76608f3
[ #198 ] Reference Integrity Manifest Page List ( #210 )
...
* Initial commit of changes to display RIM information.
2020-01-10 13:47:17 -05:00
Cyrus
81e13831b2
[ #202 ] Certificate fail to save upon deletion during provisioning FIXED ( #206 )
...
* This commit fixes an error produced when provisioning when the certificate from a previous provision is deleted from the ACA. The error involves doing a look up for an existing certificate and getting nothing however this is due to not using the 'includeArchived' attribute for the Certificate Selector. Include Archived is used when manually uploading a certificate.
2020-01-06 08:17:04 -05:00
Cyrus
09aafa8041
[ #168 ] Additional fields added to the Issued AC ( #201 )
...
* Added additional code pulled from the original branch for these changes aik-field-additions.
* Updated code to include the TCG Credential Specification, which is a different version from the Platform specification.
2019-11-13 10:46:00 -05:00
busaboy1340
00287725da
[ #194 ] Update TPM Provisioner Docker images with latest PACCOR (v1.1.3r3) ( #200 )
...
* [#195 ] Components identified by Component Class will have hardware IDs translated to names
* Update TPM Docker images to latest PACCOR(v1.1.3r3). Comment out the
failing system tests caused by invalid input to PACCOR.
2019-11-07 09:37:06 -05:00
Cyrus
f73d65c952
[ #181 ] Delta holder validation ( #186 )
...
* This is a quick fix to ensure that a delta that is being uploaded has a holder serial number that exists in the database.
* Fixed syntax issues.
* Through further testing with delta certificates that had differing begin validity dates, the code to test the sorting failed. This push includes a fix that places the deltas in the proper order.
In addition, this code includes a placeholder for deltas that don't have an existing holder certificate in the database.
* Findbugs is a cumbersome COTS product that generates more hassle than help. Upon indicating 'dodgy' code about redundant null checks, that didn't exist, it then didn't like using non-short circuit operators to verify that both objects are not null. It then spells out what non-shorting curcuit operators do, without acknowledges that's what you mean to do.
2019-08-29 13:35:41 -04:00
Cyrus
9318c22549
[ #167 ] Component color failure ( #185 )
...
* Initial changes to pull down the serial from the validation reports page and transfer them to the certificates details page. This will then allow the certificate details page to reference the serial numbers that are in failure.
* This is an attempt to transfer data from page to page via the certificate manager.
* Previous attempt didn't work, the manager isn't saving the summary. Switching to augmenting the database by adding a new column for platform credentials.
* These changes add identifying color to the components that fail validation in the base certificate. This code however does change the database by adding a new column to track the fails and pass to the classes that display the information.
* Updated the jsp display of the highlighted component to red background with a white foreground. Updated the index of the string parse to not use magic numbers.
2019-08-29 11:45:22 -04:00
Cyrus
c3e02825f4
[ #181 ] Validation systemcheck fix ( #182 )
...
* The base certificate is getting a failure when the delta fixed the problem. The code is being modified to ignore the attribute validation of the base certificate and redo the trust chain check. The code now has a cleaner platform evaluation set up and store.
2019-08-21 10:52:40 -04:00
Cyrus
7cfabe756d
[ #166 ] Validation icon swap ( #173 )
...
* This pull request contains 2 main changes, the first is transferring the status text from the attributes failure to the icon specifically for platform trust chain validation. Then this removes the third column on the validation page that singles out the icons for the attribute status. In addition, this status is also rolled up to the summary status icon and displays the text there as well for all that have failed. This last change meant a change to the sizes of the columns in the database.
The validation of a single base certificate with an error was not handled in the code base. Due to the changes with the introduction of delta certifications, the validation was modified and only handled changes presented by the deltas and ignored errors in the base certificate. This commit modifies the code that if there is just a single base certificate that is bad and error is thrown.
2019-08-02 09:41:44 -04:00
Cyrus
a8e2c5cc6e
[ #163 ] Delta issuer validation ( #164 )
...
* This code change will add in the delta certficates to the platform validation check. The current base passes the policy check as long as the base is valid. The deltas are ignored. This is because the validation pulls in what is associated with a particular EK associated with the machine provisioning.
2019-06-24 13:01:32 -04:00
Cyrus
e69bb48799
Similar to the #154 issue, adding multiple delta platform certificates was blocked because there wasn't a check on if the certificate was a base or not. ( #157 )
2019-06-11 06:59:38 -04:00
Cyrus
ecd0ab5708
Modified the request class that handles uploading, deleting and other associated ACA actions, to only delete multiple associated certificates if the certificate being deleted is a base platform certificate. ( #155 )
2019-06-06 11:07:56 -04:00
Cyrus
157dcb649d
[ #109 ] Delta Chain Validation ( #151 )
...
* This code adds functionality to check the delta certificates in a chain. The main operation validates that the delta belongs in that chain and then that the chain establishes correct component modification. No removes before an add, no add to a component that exists, no remove to a component that doesn't exist. The unit test was updated to not use any flat file certificate.
Closes #109
* Changes were made to the validation of a delta certificate based on newer information. There can be multiple bases and multiple leaves in a tree of associated certificates. However currently we don't have certificates to validate the entirety of the code to test.
* Updated the code to treat the platform attributes policy, if v2, against all in the chain rather than one at a time.
2019-06-04 14:07:35 -04:00
Cyrus
75b84c8801
[ #133 ] Multiple base restriction ( #152 )
...
* Updated the page request controller to check if the platform certificate being uploaded is a part a chain that already exists in the DB. If so, throw an error.
* Updated code for unit test errors.
* This commit is to close #134 . #133 and #134 are quick changes that modify the same file and use the same added method to pull in deltas associated with the platform serial number. This addition adds the feature to delete the chain if the base is deleted.
2019-06-03 10:37:26 -04:00
Cyrus
567847b3aa
Updated the jsp to correct the comment tags for content and jsp tag. ( #147 )
2019-05-22 12:07:44 -04:00