Commit Graph

325 Commits

Author SHA1 Message Date
Cyrus
35c63efe19
[#24] Implementation of Component Class field (#114)
* This is new code that parses a new field in the upcoming TCG spec for the platform components fields. The new field indicates the type of hardware (ex Memory - DDR3). This information wasn't provided before so it wasn't always clear what the component was. The new information is provided in a json file. A unit test was created to test the different variations. This commit does not include hooks in the base code to use this class yet. This commit is mainly to include the added library and correct bug and checkstyle issues associated with the new code.

Closes #24

* Removed duplicate CONSTANT variable.

* Added newline

* Added Newline

* Updated variable names for json object.

* Fixed line length style error.
2019-03-25 11:14:19 -04:00
Cyrus
3ae32b6777
[#106] Platform Configuration v2 (#112)
* These changes are the beginning stage for spec 2 changes to the platform configuration section of the attributes platform certificate.

* Updated typos and corrected check style errors.

* Updating Platform Credential Unit test from #24

* Added unit test resource
2019-03-25 11:13:09 -04:00
apldev2
c83b3c2de5
Merge pull request #100 from nsacyber/update-provisioner-installation
Updates to allow for TPM 2.0 quote.
2019-03-08 15:07:00 -05:00
apldev4
efbd22812d Updates to allow for TPM 2.0 quote. 2019-03-08 14:33:06 -05:00
Cyrus
df72603476 [#96] Validation tooltip update (#98)
* Updating code to list what specifically is unmatched for platform components on the validation page when there is a failure.

* Updates include a small shift for the policy page, putting the correct order for setting them (top to bottom).  Updated unit tests for the additional text that now appears on the tool tip for the validation failure icon.
2019-02-27 11:03:46 -05:00
Cyrus
aeebd068f5 [#72] Supply Chain Validator fix and update (#94)
* This fix correct an IllegalStateException for the SupplyChainValider when all policy settings are true.  When trying to remove a value from the iterator in the validator, the item was null and caused this issue.  This also takes out the Platform Serial as a required field.

Closes #72

* checking in a small change that puts back in a line for checking the serial number.  It has been changed from FAIL to PASS however.

* Committing updated changes.

* Committing test certs for changes.

* Updated unit tests

* Fixing travis checkstyle for URISyntaxException missing from UnitTests
2019-02-25 10:37:11 -05:00
Cyrus
30caf57edb [#19] General Name/DN equals functionality (#93)
* Adding new class GeneralNames, I will be changing it to adjust to the bc class as to not confuse the two.  This class takes the subject string and parse out the information for comparsion.

* Adding file I didn't have tracked in the previous commit.

* Updating code to handle the instance of multiple organization units.

* A null exception was being thrown from the unit tests for the organization unit variable.

* Add some comments

* continued testing and updates are needed.

* Cleanup - removed excess commented code and debug lines.

* Updating code base to use X500Name for name compares, removing GeneralNamesParser.java file as it is not necessary

* Updated for final changes.

* Modification to previous changes per request on github.  Separated out compare method into its own class and created unit tests.
2019-02-19 10:26:25 -05:00
Cyrus
3a31631c59 [#91] Add Authority Information Access to Issuer field of Attribute Certificates (#92)
* Updated code base for Attribute Certificates.  They are currently not showing Authority Information Access in the Issuer field on the certificate details page.  The code was not written to handle this
or to set it.

* Updated unit tests to test Authority Info Access and Key Identifier.

* Adding extra certificates to be used in the new tests.

* Updated unit test, the new tests were missing the @Test parameter.
2019-02-19 10:16:39 -05:00
apldev3
a6f5a48307
[#69] Add null checks to Component Identifier Serial/Revision Trimming (#70) 2019-01-06 22:06:46 -05:00
apldev2
634d09ff5d Add selector for Endorsement Credential and Platform Credential Deletion (#66)
Adds a selector method to retrieve ECs and PCs by their associated device
so they can be deleted.
2018-12-14 12:02:03 -05:00
Cyrus
6624296abe [#43] Additional certificate fields to display
* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

* Made some fixes to the platform class print out.  Needs to print out string representation of the value.

* Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

* This change adds in additional information about the certificate, which include the public key and signature algoritms and their sizes, the key usage and extended key usage, the certificate version number for EK and CA certs and the issuer section expanded with Auth Key Id and Auth Info Access.

Made some fixes to the platform class print out.  Needs to print out string representation of the value.

Additional changes for the certificate details page.  Going over the spec determining what should be shown and what should be hidden if no information is specified.

Small updates to code commits and statements

* Stashing changes.

* Correcting some unit test fail instances.  The PC Test fails because the tested cert is not updated to new (constantly changing) specs.  Not just on the value but also on the value type.

* Fixing git merge meta data.

* Updates to include the Authority Key information as a set rather than just one item.  Using a bouncy castle defined class.

* Reversed the type of variable the public key value returns so that the unit test for it doesn't have to change.  The type wasn't important, it was a convenience decision.

* Adding changes based on review comments from @apldev3.

* Made changes based on github review comments.

* Additional changes for github comments

* Updated the code for the public key size on CA and EK certificates.  There was a previous issue with 4 additional bytes being included in the size.

* Some more changes for Github comments
2018-12-13 09:30:10 -05:00
Michael Tsai
e2e07a3ec2 TPMBaseline.isEmpty() method, activated tests
Added unit test for TPMBaseline.isEmpty(). Change exception type thrown in generator class

Added unit tests to account for both an empty and a non-empty baseline object

Checkstyle changes
2018-12-07 10:03:19 -05:00
apldev2
02cb30ad6d Add changes for device deletion.
Changes data structures to facilitate deletion of devices
from the DB and all other entries with foreign key relationships.
2018-12-04 17:25:35 -05:00
apldev1
3c5a657c17 [#55] Add displayTitle to Alert
These changes simply add a field called
'displayTitle' to the Alert class to hold
a human-readable title for each Alert instance.

Closes #55.
2018-11-30 15:20:01 -05:00
apldev1
c12cb135f1 [#49] Modify getPolicy behavior to reflect use
DBPolicyManager's getPolicy(appraiser, device) has historically
returned the default policy for an appraiser if none is defined
in the device group that the given device belongs to.  However,
this behavior does not in fact support the current use of devices,
groups, and policies; in the case where a group has no policy
assigned for a type of appraiser, the system is in a state
where that type of appraisal will not occur for devices in
a given group.  To better reflect desired behavior, the method
now returns null if a policy is not explicitly set for
the given (appraiser, device group) pair.

Closes #49.
2018-11-08 10:53:31 -05:00
apldev4
0586afb9d8
[#41] Provisioners use PACCOR for device info collection. (#45)
The provisioners used to shell out using different tools
to collect device info. Now they both use PACCOR instead.
2018-11-07 14:54:48 -05:00
apldev1
2d0806e5a8 [#33] IMA baselines can match measurements based solely on hashes (#34)
ImaAcceptableRecordBaseline and its subclasses have been updated to include
a containsHashes method to be able to match IMA measurement records
based solely on their hashes.  Supporting classes have been
updated or created as necessary.

Additionally, the set of path equivalencies as specified in the IMA
policy have been updated to include additional entries.

Closes #33.
2018-11-01 10:47:33 -04:00
apldev3
17b1426288 [#27] Fix TPMSecurityAssertions Parsing in EndorsementCredential (#31) 2018-10-23 11:40:49 -04:00
apldev3
f192ce5826 [#23] Update HIRS Utils and ACA to handle certificate padding (#26) 2018-10-18 14:34:52 -04:00
Taruan Matthews
916638be03 Updating the certificate details page to display the Holder information and include a link to the associated Endorsement Certificate. 2018-10-04 10:08:05 -04:00
apldev3
00b1c913e4 [#12] Setup basic Travis CI build 2018-09-26 13:18:51 -04:00
apldev1
eced951933 [#10] Fix representation of zero-valued hashes
Zero-value hashes, and hashes of no data, are now
considered as matches to equal values instead of
treating them as 'unknown'.
2018-09-24 11:18:45 -04:00
apldev3
bdbc85ef4d [#3] Ensure ACA and TPM2 Provisioner handle versioning correctly 2018-09-17 12:28:05 -04:00
apldev3
12f770080a [#1] Add support for processing ECC certificates as part of the trust chain 2018-09-13 13:09:48 -04:00
apldev4
d7e44b8310 Initial release 2018-09-06 09:47:33 -04:00