Commit Graph

64 Commits

Author SHA1 Message Date
Cyrus
e152ba1a33 Updated the indenting for the coloring of mismatched log entries. 2020-11-06 11:26:38 -05:00
Cyrus
9aa2c6a46d Merge branch 'master' into client-display-log-mismatch 2020-11-06 09:17:38 -05:00
Cyrus
b2bf3013fc Git merge didn't update the refactor of BiosMeasurement to EventLogMeasurements 2020-11-05 13:36:35 -05:00
chubtub
302ffd81ee Load Schema object in ReferenceManifestValidator class with controller class instantiation to save time 2020-11-05 11:07:17 -05:00
chubtub
24cf71642d Add validation for support RIM hash and base RIM signature. 2020-11-05 11:07:17 -05:00
Cyrus
eed8e94c29 Some html tweaks were made to the display and search functionality of the RIM event log page. 2020-10-26 07:56:24 -04:00
Cyrus
70c4d5aeff Updated margins for log matching 2020-10-23 11:50:45 -04:00
Cyrus
2ef00cd5d6 Cleaned up css/html code for a cleaner and easier display layout 2020-10-23 08:37:41 -04:00
Cyrus
d7ade70b5c This branch takes the validated status of a failed event log matching from the bios measurements on the client and displays what failed on the support RIM page and the fail validation icon, if log mismatch, links to a bios measurments page that displays the events that didn't match next to baseline. 2020-10-22 13:32:30 -04:00
Cyrus
96970142cb This commit includes a completed rewrite of the ReferenceManifestSelector framework. Like the previous rewrite, it was easier and made more sense to create addition classes ands that are specific to a type of RIM (base, support, measurement) for referencing in the DB. Once this was rewritten the code was modified to validate the measurement against the support rim. 2020-10-19 13:06:44 -04:00
Cyrus
4b0bb2df91 This commit updates the provisioner to pull the rim and swidtag locations from a properties file that will be created during the post install process. The provisioner then pulls the values and sends them to the ACA. The ACA currently just prints out the content and saves the swidtag. 2020-10-09 10:48:17 -04:00
Cyrus
17728d3019 Updated the error message for no associated RIM not found, cleaned up display of the event content and adjusted the column of the digest display. 2020-10-06 07:42:15 -04:00
Cyrus
89dd2084c2 Merge branch 'master' into rimel-delete-details 2020-09-30 10:03:27 -04:00
Cyrus
f4aed453f8 Additional visual changes 2020-09-30 10:02:33 -04:00
Cyrus
2b57207445 Updated the Tag Version and version fields for Base and Support rims. In addition, adjusted the lay out of the support rim table so that the events column isn't as long. Instead, the full content shows up in an hover action. 2020-09-30 07:51:27 -04:00
Cyrus
2cb7c26fc3 Simplified names of initialData fields for RIM details page/controller 2020-09-29 06:27:43 -04:00
Cyrus
778380f70c This should finish off the code changes for issues #280. 2020-09-25 08:57:12 -04:00
Cyrus
3636782987 This commit adds functionality to display tpm even log information to the support RIM display page. Outstanding issues to implement: 1) add link to base from support RIM, 2) make event table scrollable 2020-09-24 09:58:10 -04:00
Cyrus
be4d4adb84 Updated line length over 100 characters 2020-09-21 08:35:39 -04:00
Cyrus
c18124e5ac Firmware validation produces 2 summaries. However, they both shouldn't be displayed. Added the restriction on the page controller to not display archived summaries. 2020-09-21 08:19:39 -04:00
Cyrus
39cfaa5fac After discussion, the concept of a Support RIM was clarified and because of this the ReferenceManifest.java file has to be updated to treat the Support rim similarly to the Base (which is a binary file vs an XML file). This initial code push is the beginning of that 2020-09-21 07:34:07 -04:00
Cyrus
6ae95da3a0 Merge branch 'master' into aca-test-validation 2020-07-29 09:47:41 -04:00
Cyrus
2b2e7c744b Updated the messaging for an invalid swid tag file and added .log as another type of tmp log file to extension to accept. 2020-07-29 09:27:15 -04:00
Cyrus
29789e2fbe Updated Reference Manifest Page Controller so that the files being uploaded are properly handled. Swid tag files that ended with 'new' were being saved as if they were tpm log files. Updated how the code detects the type of file so that bin/rim/rimel are tested for and saved while anything else is processed as a swid tag. 2020-07-28 11:53:47 -04:00
Cyrus
3e9d26f598 This code changes how the ACA handles a pcr list provided by the provisioner. The provisioner also is changed to send all supported algorithms and no longer delimits them with a + sign. The ACA is now set up to cycle through the entire list until is matches the baseline found in the rim associated log file. Currently the code is having issues saving the larger list of pcr values. It is too big for the database. 2020-07-17 12:44:31 -04:00
Cyrus
dbbcca8718 Updated error text for file not found and column header for RIM payloads. 2020-06-26 08:33:38 -04:00
Cyrus
e763461e46 Updated RIM Details page to display File Not Found when the associated event log has not been uploaded with the swid tag. 2020-06-25 08:47:51 -04:00
Cyrus
d41cb46468
[#260] RIM validation report page links (#264)
* Made some minor tweaks to investigate supply chain validation report bug.  The bug doesn't save the summary report for some unknown reason (no error currently appears).  This change uses the device object to retrieve a RIM.  Still need Attestation Certificate to pull PCRs from quote.  A follow up issue will be created to move that functionality to a different object from the provisioner.
2020-06-23 13:24:34 -04:00
Cyrus
6a62002b05
[#265] IMA/TBoot PCR ignore policy (#271)
* Updated code to include an official policy to ignore IMA and TBoot.  The policies will disable if firmware validation is disabled.
2020-06-23 12:48:06 -04:00
iadgovuser26
f2fd7f31bd conflict resoltion step 1 2020-06-10 14:04:23 -04:00
Cyrus
da5bc217ef
[#236] Firmware validation update part 2 (#259)
* Modified the hirs.data.persist package to have better fidelity into the objects necessary to create and maintain a baseline.  the info objects will be next.
2020-06-10 11:17:45 -04:00
iadgovuser26
f24c53f6c6 Added support for obtaining event and content data. Removed TCGLogProcessor. 2020-05-13 08:06:58 -04:00
iadgovuser26
7a9dc26df5 Added TCG Event Processing. 2020-05-01 09:18:14 -04:00
Cyrus
2805df9f8b
[#236] Firmware validation update part 1 (#243)
* This commit includes changes to the provisioner for what is sent up.  Originally only SHA256 was being used, this change includes both.
* This last commit cover the items 2-4 in issue #236.  The Provisioner sends up and updated list of pcrs that include 256, not just sha1.  The validation and policy pages have been updated.  A second pull request will be created to address parsing the information into a baseline.
2020-03-27 10:13:37 -04:00
Cyrus
21db725815
[#230] Update RIM details page to display PCRs (#233)
* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag.  This code includes some additions from #217, slightly modified.

* This code update include changes to import, archive and delete a swidtag into the RIM object.

* Updated the code with additional checks on the uploaded file locations.  Added the number associated with the PCR value to the detail page.

* This change fixes the bug that caused the rim detail page to go blank if the associated event log file associated with the resource file doesn't exist.

Co-authored-by: lareine <lareine@tycho.ncsc.mil>
2020-03-06 07:06:09 -05:00
Cyrus
5dbbbafafe
Updated a check on the SERIAL_INDEX in certificate string map builder. (#235) 2020-03-06 07:04:13 -05:00
Cyrus
4a6115f443
[#212] Added functionality to process and display RIM files. (#226)
* Some initial additions to the details page for displaying Rim information.

* Initial changes for uploading a rim file.

* This is an update to the display of the Reference Integrity Manifest code base that'll allow a user to upload a swidtag.  This code includes some additions from #217, slightly modified.

* This code update include changes to import, archive and delete a swidtag into the RIM object.

* This commit consolidated the SwidTagGatway code and Constants into Reference Manifest.

* This is the final main push of code that will upload, process, store, retrive/delete and display the contents of a RIM swid tag.

* Interim commit for demo purposes.

* Updated Unit Tests

* This commit adds the unit tests that weren't added in the previous commit

* Updated code to reduce execution time when processing reference manifest objects.

* Updated code for better GUI performance.

* Removed previously added suppression entries.
2020-02-21 11:16:46 -05:00
Cyrus
84a76608f3
[#198] Reference Integrity Manifest Page List (#210)
* Initial commit of changes to display RIM information.
2020-01-10 13:47:17 -05:00
Cyrus
81e13831b2
[#202] Certificate fail to save upon deletion during provisioning FIXED (#206)
* This commit fixes an error produced when provisioning when the certificate from a previous provision is deleted from the ACA.  The error involves doing a look up for an existing certificate and getting nothing however this is due to not using the 'includeArchived' attribute for the Certificate Selector.  Include Archived is used when manually uploading a certificate.
2020-01-06 08:17:04 -05:00
Cyrus
09aafa8041
[#168] Additional fields added to the Issued AC (#201)
* Added additional code pulled from the original branch for these changes aik-field-additions.
* Updated code to include the TCG Credential Specification, which is a different version from the Platform specification.
2019-11-13 10:46:00 -05:00
busaboy1340
00287725da
[#194] Update TPM Provisioner Docker images with latest PACCOR (v1.1.3r3) (#200)
* [#195] Components identified by Component Class will have hardware IDs translated to names

* Update TPM Docker images to latest PACCOR(v1.1.3r3). Comment out the
failing system tests caused by invalid input to PACCOR.
2019-11-07 09:37:06 -05:00
Cyrus
f73d65c952
[#181] Delta holder validation (#186)
* This is a quick fix to ensure that a delta that is being uploaded has a holder serial number that exists in the database.

* Fixed syntax issues.

* Through further testing with delta certificates that had differing begin validity dates, the code to test the sorting failed.  This push includes a fix that places the deltas in the proper order.

In addition, this code includes a placeholder for deltas that don't have an existing holder certificate in the database.

* Findbugs is a cumbersome COTS product that generates more hassle than help.  Upon indicating 'dodgy' code about redundant null checks, that didn't exist, it then didn't like using non-short circuit operators to verify that both objects are not null.  It then spells out what non-shorting curcuit operators do, without acknowledges that's what you mean to do.
2019-08-29 13:35:41 -04:00
Cyrus
9318c22549
[#167] Component color failure (#185)
* Initial changes to pull down the serial from the validation reports page and transfer them to the certificates details page.  This will then allow the certificate details page to reference the serial numbers that are in failure.

* This is an attempt to transfer data from page to page via the certificate manager.

* Previous attempt didn't work, the manager isn't saving the summary.  Switching to augmenting the database by adding a new column for platform credentials.

* These changes add identifying color to the components that fail validation in the base certificate.  This code however does change the database by adding a new column to track the fails and pass to the classes that display the information.

* Updated the jsp display of the highlighted component to red background with a white foreground.  Updated the index of the string parse to not use magic numbers.
2019-08-29 11:45:22 -04:00
Cyrus
c3e02825f4
[#181] Validation systemcheck fix (#182)
* The base certificate is getting a failure when the delta fixed the problem.  The code is being modified to ignore the attribute validation of the base certificate and redo the trust chain check.  The code now has a cleaner platform evaluation set up and store.
2019-08-21 10:52:40 -04:00
Cyrus
7cfabe756d
[#166] Validation icon swap (#173)
* This pull request contains 2 main changes, the first is transferring the status text from the attributes failure to the icon specifically for platform trust chain validation.  Then this removes the third column on the validation page that singles out the icons for the attribute status.  In addition, this status is also rolled up to the summary status icon and displays the text there as well for all that have failed.  This last change meant a change to the sizes of the columns in the database.

The validation of a single base certificate with an error was not handled in the code base.  Due to the changes with the introduction of delta certifications, the validation was modified and only handled changes presented by the deltas and ignored errors in the base certificate.  This commit modifies the code that if there is just a single base certificate that is bad and error is thrown.
2019-08-02 09:41:44 -04:00
Cyrus
a8e2c5cc6e
[#163] Delta issuer validation (#164)
* This code change will add in the delta certficates to the platform validation check.  The current base passes the policy check as long as the base is valid.  The deltas are ignored.  This is because the validation pulls in what is associated with a particular EK associated with the machine provisioning.
2019-06-24 13:01:32 -04:00
Cyrus
e69bb48799
Similar to the #154 issue, adding multiple delta platform certificates was blocked because there wasn't a check on if the certificate was a base or not. (#157) 2019-06-11 06:59:38 -04:00
Cyrus
ecd0ab5708
Modified the request class that handles uploading, deleting and other associated ACA actions, to only delete multiple associated certificates if the certificate being deleted is a base platform certificate. (#155) 2019-06-06 11:07:56 -04:00
Cyrus
157dcb649d
[#109] Delta Chain Validation (#151)
* This code adds functionality to check the delta certificates in a chain. The main operation validates that the delta belongs in that chain and then that the chain establishes correct component modification. No removes before an add, no add to a component that exists, no remove to a component that doesn't exist. The unit test was updated to not use any flat file certificate.

Closes #109

* Changes were made to the validation of a delta certificate based on newer information.  There can be multiple bases and multiple leaves in a tree of associated certificates.  However currently we don't have certificates to validate the entirety of the code to test.

* Updated the code to treat the platform attributes policy, if v2, against all in the chain rather than one at a time.
2019-06-04 14:07:35 -04:00
Cyrus
75b84c8801
[#133] Multiple base restriction (#152)
* Updated the page request controller to check if the platform certificate being uploaded is a part a chain that already exists in the DB.  If so, throw an error.

* Updated code for unit test errors.

* This commit is to close #134.  #133 and #134 are quick changes that modify the same file and use the same added method to pull in deltas associated with the platform serial number.  This addition adds the feature to delete the chain if the base is deleted.
2019-06-03 10:37:26 -04:00