chubtub
|
88015df551
|
Checkstyle: unused import
|
2021-01-14 13:19:17 -05:00 |
|
Cyrus
|
859fdbef83
|
Added a null check for the platformCredentials in the issued certificate attribute helper so that NPEs aren't thrown.
|
2021-01-14 12:48:53 -05:00 |
|
Cyrus
|
164a43f056
|
These are unit tests that were not run on the merge request #327 for issue 308. The unit tests uses certificate (EC and 2 CAs) that don't match for SKI to AKI or issuer string fields. The O= field isn't required and the code in #327 was changed to use SKI first then a sorted RDN list. See #327. A note was left in the unit tests that the test certs need to be updated.`
|
2021-01-14 12:41:29 -05:00 |
|
Cyrus
|
85254d9c44
|
Removed null assignment that isn't used
|
2021-01-05 08:14:18 -05:00 |
|
Cyrus
|
6dd948c828
|
Added a null check for the endorsement credential for the tpm 1.2
|
2020-12-18 06:58:18 -05:00 |
|
Cyrus
|
a7eae2fd77
|
Test out an potential exception
|
2020-12-17 13:09:03 -05:00 |
|
Cyrus
|
62c7ca2d90
|
This PR is to address issue #308. The ACA was pulling Issuer Certificates using the organization RDN of the subject string and getting this from the issuer string of the EC or PC. This presents a problem because it isn't a required field. The organization field cannot be null or empty. Pulling objects from a DB using null or empty would produce bad results. The main change of this issue (which has not been full tested) is pulling using the AKI for the db lookup. If this fails, instead of falling back on potentially left out fields like the O= RDN, the ACA takes the issuer/subject fields, breaks them apart and sorts them based on the key. It also changes the case. This way the lookup can be assured to match in case of some random situation in which the issuer or subject field don't match because RDN keys are just in different positions of the string.
|
2020-12-11 14:47:46 -05:00 |
|
Cyrus
|
a07fbbd847
|
In a previous pull request, the reference manifest manager was not called to update the unarchived base rim. So it appears to never have been uploaded.
|
2020-12-02 11:46:42 -05:00 |
|
Cyrus
|
7d49f63a9b
|
Merge branch 'master' into multiple-rim-upload
|
2020-12-02 11:05:12 -05:00 |
|
Cyrus
|
70662bddec
|
Updated how the bios measurement file is uploaded. Changed the code to pull the string from the properties file instead of a hard link in the code.
|
2020-12-01 11:13:41 -05:00 |
|
Cyrus
|
9534d6650f
|
Merge branch 'master' into platform_cert_missing_fix
|
2020-12-01 09:47:45 -05:00 |
|
Cyrus
|
6eefb393a3
|
Updated the code to pull all the files from a swid tag file directory and a rim log file directory, instead of a single file.
|
2020-11-30 14:16:57 -05:00 |
|
Cyrus
|
857f1eb0ff
|
There was a pull for an object that would be null without any RIMs uploaded.
|
2020-11-30 10:11:25 -05:00 |
|
Cyrus
|
749a3a2317
|
When the provisioner sends the rim swidtag and the rimel and they already exists in the db but are archived, they don't unarchive them so they never show up on the RIM page. This change fixes that.
|
2020-11-25 10:06:56 -05:00 |
|
Cyrus
|
2b41720ded
|
Merge branch 'master' into update-component-failure-highlight
|
2020-11-17 15:24:27 -05:00 |
|
Cyrus
|
4291059142
|
Updated the break line option for failed string during firmware validation.
|
2020-11-16 12:39:57 -05:00 |
|
Cyrus
|
6eeb630a75
|
This PR addresses the bugs identified in #314. Due to previous changes to the RIM upload process, the suppor RIM was not being updated properly when manually uploaded.
Closes #314
|
2020-11-12 13:45:38 -05:00 |
|
Cyrus
|
67b70a386d
|
Added method to combine the manufacturer and the model as an identifier for the component.
|
2020-11-10 10:04:46 -05:00 |
|
Cyrus
|
e8f5107137
|
Updating code to use a different format for identifying failed components.
|
2020-11-09 13:59:19 -05:00 |
|
Cyrus
|
9aa2c6a46d
|
Merge branch 'master' into client-display-log-mismatch
|
2020-11-06 09:17:38 -05:00 |
|
chubtub
|
623da2ce80
|
Overload RIM validator class for faster signature checking
|
2020-11-05 14:13:50 -05:00 |
|
Cyrus
|
c7ffb1c57d
|
Merge branch 'master' into client-display-log-mismatch
|
2020-11-05 12:39:35 -05:00 |
|
chubtub
|
d096aebe12
|
Add support RIM and signature validation checks to SupplyChainValidationServiceImpl class
|
2020-11-05 11:27:41 -05:00 |
|
Cyrus
|
24e460e0c4
|
This is a refactore that changes BiosMeasurements into EventLogMeasurements for evolving naming convention updates.
|
2020-10-26 11:09:26 -04:00 |
|
Cyrus
|
d7ade70b5c
|
This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline.
|
2020-10-22 13:32:30 -04:00 |
|
Cyrus
|
3df6eff549
|
Removed debug code
|
2020-10-19 13:20:27 -04:00 |
|
Cyrus
|
96970142cb
|
This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim.
|
2020-10-19 13:06:44 -04:00 |
|
Cyrus
|
2c97666bb9
|
This commit adds code to pull the bios measurements file to the ACA
|
2020-10-13 13:51:14 -04:00 |
|
Cyrus
|
f9b0ce413d
|
This commit adds minor tweaks. The first updates the post install script to overwrite, rather than append, the file names to the tcg boot properties file. The next tweak properly loads the Base and Support RIM from the provisioning process into the DB.
|
2020-10-13 11:42:50 -04:00 |
|
Cyrus
|
4b0bb2df91
|
This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag.
|
2020-10-09 10:48:17 -04:00 |
|
Cyrus
|
3f57b0ab81
|
This is the initial code set up to pull the log file from the provisioner and send it to the ACA. Task 1 of #238.
|
2020-10-07 09:37:53 -04:00 |
|
Cyrus
|
17728d3019
|
Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display.
|
2020-10-06 07:42:15 -04:00 |
|
Cyrus
|
b42dfb577f
|
The manufacturer look up for a RIM was inadequate. This change pulls down all RIMs and searches for the base RIM that matches instead of just pulling down a RIM by Manufacturer.
|
2020-10-05 11:37:38 -04:00 |
|
Cyrus
|
89fbaa0517
|
PCR policy matching wasn't propertly failing because the baseline from the support RIM was not properly populating.
|
2020-10-05 10:44:18 -04:00 |
|
Cyrus
|
653acd270e
|
With the changes to how the ReferenceManifest is represented in the code and the previous firmware validation PR update, this branch wasn't properly updated for quote validation. The code was still pulling information for the baseline from an old source that wouldn't work anymore. Therefore all validations for the quote failed. The update now pulls the baseline information from the support RIM which is now stored in the database.
|
2020-10-01 12:14:29 -04:00 |
|
Cyrus
|
cb4dc0aa7f
|
Corrected checkstyles warning
|
2020-09-30 12:26:46 -04:00 |
|
Cyrus
|
35dcc226a6
|
Updated and fixed the difference in the code from the master branch merge
|
2020-09-30 11:33:28 -04:00 |
|
Cyrus
|
89dd2084c2
|
Merge branch 'master' into rimel-delete-details
|
2020-09-30 10:03:27 -04:00 |
|
Cyrus
|
f4aed453f8
|
Additional visual changes
|
2020-09-30 10:02:33 -04:00 |
|
Cyrus
|
2b57207445
|
Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action.
|
2020-09-30 07:51:27 -04:00 |
|
Cyrus
|
3636782987
|
This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable
|
2020-09-24 09:58:10 -04:00 |
|
Cyrus
|
1ed02e72b2
|
This last commit corrects the database error. The code attempts to save a new supplychainvalidationsummary it needs to be a supplychainvalidation recreation to create new primary keys.
|
2020-09-09 07:03:31 -04:00 |
|
Cyrus
|
0291b96ca8
|
Updated code should be able to print one summary
|
2020-08-28 14:02:40 -04:00 |
|
Cyrus
|
792a248ba0
|
This code finishes up validating the pcrs against the provided tpm quote. However this will cause a second summary object to display if firmware validation is enabled. This is because the summary manager isn't able to get or update the previously saved summary.
|
2020-08-28 12:24:02 -04:00 |
|
Cyrus
|
5fe19c5904
|
Updated the code to compare the composite hash and the calculated value.
|
2020-08-28 07:14:27 -04:00 |
|
Cyrus
|
0ab91b9b41
|
All bugs are fixed. The SupplyChainValidationSummary wasn't getting pulled from the DB.
|
2020-08-27 12:11:12 -04:00 |
|
Cyrus
|
905f12052d
|
This is the next stage of changes that doesn't cause a 404 error. This has a compile error because the PCRPolicy class references PCRComposite and PCRInfoShort. Both of the later classes had changes to add new constructors, and these new constructors are the source of the problem.
|
2020-08-26 07:54:39 -04:00 |
|
Cyrus
|
ee294e4562
|
SupplyCahinValidationService did not like the additions of a method returning a SupplyChainValidation, switched to Summary and it worked. This was the cause of the DB crashing.
|
2020-08-25 11:36:37 -04:00 |
|
Cyrus
|
48f4f9a654
|
This could was not tested against a tpm 1.2 environment. The branch was failing on Travis because there was a timeout request from the provision to the aca, however no error from the aca could be shown. However the problem is occurring when the tpm 1.2 provision is attempting to save an issued attestation certificate. This part of the code touches the code changes for the 2.0 updates. The variable pcrValues is null when the 1.2 process is called and therefore when Files.write method is called, the pcrValues.getBytes call is throwing a null pointer exception. This code checks for that condition before operating over the code.
|
2020-07-29 13:54:41 -04:00 |
|
Cyrus
|
2e4ecb6829
|
Updated code for the device pcrs. The provisioner now sends everything associated with the tpm_pcrlist. The ACA stores the full list in a flat file then pulls that file when validating the firmware policy is enabled.
|
2020-07-27 13:58:22 -04:00 |
|