Skip to content

Commit

Permalink
Merge branch 'Unmatched-component-refactor' into v2.0.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@chubtub
chubtub committed Feb 10, 2021
2 parents 847bad5 + 9917fad commit 2b5c4ae
Show file tree
Hide file tree
Showing 14 changed files with 662 additions and 292 deletions.
14 changes: 6 additions & 8 deletions ...testationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,6 @@
*/
public abstract class AbstractAttestationCertificateAuthority
implements AttestationCertificateAuthority {

/**
* Logger instance for for subclass instances.
*/
Expand All @@ -122,21 +121,18 @@ public abstract class AbstractAttestationCertificateAuthority
* Number of bytes to include in the TPM2.0 nonce.
*/
public static final int NONCE_LENGTH = 20;

private static final int SEED_LENGTH = 32;
private static final int MAX_SECRET_LENGTH = 32;
private static final int RSA_MODULUS_LENGTH = 256;
private static final int AES_KEY_LENGTH_BYTES = 16;
private static final int HMAC_KEY_LENGTH_BYTES = 32;
private static final int HMAC_SIZE_LENGTH_BYTES = 2;
private static final int TPM2_CREDENTIAL_BLOB_SIZE = 392;

// Constants used to parse out the ak name from the ak public data. Used in generateAkName
private static final String AK_NAME_PREFIX = "000b";
private static final String AK_NAME_HASH_PREFIX =
"0001000b00050072000000100014000b0800000000000100";
private static final String TPM_SIGNATURE_ALG = "sha";

private static final int MAC_BYTES = 6;

/**
Expand Down Expand Up @@ -165,7 +161,6 @@ public abstract class AbstractAttestationCertificateAuthority
* certificates issued by this ACA are valid for.
*/
private final Integer validDays;

private final CertificateManager certificateManager;
private final ReferenceManifestManager referenceManifestManager;
private final DeviceRegister deviceRegister;
Expand Down Expand Up @@ -395,7 +390,6 @@ private IdentityResponseEnvelope generateIdentityResponseEnvelopeAndStoreIssuedC
*/
@Override
public byte[] processIdentityClaimTpm2(final byte[] identityClaim) {

LOG.debug("Got identity claim");

if (ArrayUtils.isEmpty(identityClaim)) {
Expand All @@ -412,9 +406,13 @@ public byte[] processIdentityClaimTpm2(final byte[] identityClaim) {
RSAPublicKey ekPub = parsePublicKey(claim.getEkPublicArea().toByteArray());
AppraisalStatus.Status validationResult = AppraisalStatus.Status.FAIL;

validationResult = doSupplyChainValidation(claim, ekPub);
if (validationResult == AppraisalStatus.Status.PASS) {
try {
validationResult = doSupplyChainValidation(claim, ekPub);
} catch (Exception ex) {
LOG.error(ex.getMessage());
}

if (validationResult == AppraisalStatus.Status.PASS) {
RSAPublicKey akPub = parsePublicKey(claim.getAkPublicArea().toByteArray());
byte[] nonce = generateRandomBytes(NONCE_LENGTH);
ByteString blobStr = tpm20MakeCredential(ekPub, akPub, nonce);
Expand Down
2 changes: 1 addition & 1 deletion HIRS_AttestationCA/src/main/java/hirs/attestationca/CredentialManagementHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ public static PlatformCredential storePlatformCredential(
if (!certificates.isEmpty()) {
// found associated certificates
for (PlatformCredential pc : certificates) {
if (pc.isBase()) {
if (pc.isBase() && platformCredential.isBase()) {
// found a base in the database associated with
// parsed certificate
LOG.error(String.format("Base certificate stored"
Expand Down
204 changes: 102 additions & 102 deletions ...estationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java
View file

Large diffs are not rendered by default.

11 changes: 0 additions & 11 deletions ...ain/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,17 +153,6 @@ public ModelAndView initPage(@PathVariable("certificateType") final String certi

return mav;
}
/**
* TODO
* 1. add flag for rim validation dependent on pc attribute flag DONE
* 2. create tpmbaseline on upload of rimel file (DONE?)
* a. add device id? though one won't exist yet
* 3. validation
* a. looks for baseline
* b. if it doesn't find one, looks for rim
* a. creates baseline if it exists
* c. validates after reading rimel, if it finds one.
*/

/**
* Queries for the list of Certificates and returns a data table response
Expand Down
1 change: 0 additions & 1 deletion ...va/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,6 @@ private static HashMap<String, Object> getBaseRimInfo(
for (CertificateAuthorityCredential cert : certificates) {
if (Arrays.equals(cert.getEncodedPublicKey(),
RIM_VALIDATOR.getPublicKey().getEncoded())) {
LOGGER.info("Found matching cert!");
data.put("issuerID", cert.getId().toString());
}
}
Expand Down
18 changes: 16 additions & 2 deletions ...ionCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,7 @@ public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
.select(certificateManager)
.byEntityId(uuid)
.getCertificate();

if (certificate != null) {
data.putAll(getGeneralCertificateInfo(certificate, certificateManager));
data.put("credentialType", certificate.getCredentialType());
Expand Down Expand Up @@ -357,8 +358,10 @@ public static HashMap<String, Object> getPlatformInformation(final UUID uuid,
data.put("x509Version", certificate.getX509CredentialVersion());
//CPSuri
data.put("CPSuri", certificate.getCPSuri());
//component failure
data.put("failures", certificate.getComponentFailures());

if (!certificate.getComponentFailures().isEmpty()) {
data.put("failures", certificate.getComponentFailures());
}

//Get platform Configuration values and set map with it
PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration();
Expand Down Expand Up @@ -397,6 +400,17 @@ public int compare(final PlatformCredential obj1,
});

data.put("chainCertificates", chainCertificates);

if (!certificate.isBase()) {
for (PlatformCredential pc : chainCertificates) {
if (pc.isBase()) {
if (!pc.getComponentFailures().isEmpty()) {
data.put("failures", pc.getComponentFailures());
}
break;
}
}
}
}
} else {
String notFoundMessage = "Unable to find Platform Certificate "
Expand Down
2 changes: 1 addition & 1 deletion HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -614,7 +614,7 @@
<div class="panel-body">
<div id="componentIdentifier" class="row">
<c:forEach items="${initialData.componentsIdentifier}" var="component">
<c:set var="combined" value="${component.getComponentManufacturer()}${component.getComponentModel()}" scope="page"/>
<c:set var="combined" value="${component.hashCode()}" scope="page"/>
<div class="component col col-md-4">
<div class="panel panel-default">
<c:choose>
Expand Down
30 changes: 30 additions & 0 deletions HIRS_Utils/src/main/java/hirs/data/persist/AppraisalStatus.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,29 @@ public enum Status {
private Status appStatus;

private String message;
private String additionalInfo;

/**
* Default constructor. Set appraisal status and description.
* @param appStatus status of appraisal
* @param message description of result
*/
public AppraisalStatus(final Status appStatus, final String message) {
this(appStatus, message, "");
}

/**
* Default constructor. Set appraisal status and description.
* @param appStatus status of appraisal
* @param message description of result
* @param additionalInfo any additional information needed to
* be passed on
*/
public AppraisalStatus(final Status appStatus, final String message,
final String additionalInfo) {
this.appStatus = appStatus;
this.message = message;
this.additionalInfo = additionalInfo;
}

/**
Expand Down Expand Up @@ -74,4 +88,20 @@ public String getMessage() {
public void setMessage(final String message) {
this.message = message;
}

/**
* Getter for additional information during validation.
* @return string of additional information
*/
public String getAdditionalInfo() {
return additionalInfo;
}

/**
* Setter for any additional information.
* @param additionalInfo the string of additional information
*/
public void setAdditionalInfo(final String additionalInfo) {
this.additionalInfo = additionalInfo;
}
}
13 changes: 2 additions & 11 deletions HIRS_Utils/src/main/java/hirs/data/persist/certificate/PlatformCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,25 +380,16 @@ public String getCredentialType() {
/**
* Get the type of platform certificate.
*
* @return the TCG platform type { base | delta }
* @return flag for base certificate
*/
public boolean isBase() {
return platformBase;
}

/**
* Flag that indicates this PC has or can have a chain of delta
* certificates.
* @return status of the chain
*/
public boolean isDeltaChain() {
return isDeltaChain;
}

/**
* Getter for the string representation of the platform type.
*
* @return Delta or Base
* @return the TCG platform type { base | delta }
*/
public String getPlatformType() {
return platformChainType;
Expand Down
14 changes: 14 additions & 0 deletions HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentClass.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ public class ComponentClass {
private String category;
private String component;
private int componentIdentifier;
private String classValueString;

/**
* Default class constructor.
Expand Down Expand Up @@ -83,6 +84,11 @@ public ComponentClass(final String componentIdentifier) {
*/
public ComponentClass(final Path componentClassPath, final String componentIdentifier) {
this(componentClassPath, getComponentIntValue(componentIdentifier));
if (componentIdentifier != null && componentIdentifier.contains("#")) {
this.classValueString = componentIdentifier.replaceAll("#", "");
} else {
this.classValueString = componentIdentifier;
}
}

/**
Expand Down Expand Up @@ -142,6 +148,14 @@ public final int getValue() {
return componentIdentifier;
}

/**
* Getter for the Component Class Value as a string.
* @return String representation of the class.
*/
public final String getClassValueString() {
return classValueString;
}

/**
* This is the main way this class will be referenced and how it
* will be displayed on the portal.
Expand Down
43 changes: 43 additions & 0 deletions HIRS_Utils/src/main/java/hirs/data/persist/certificate/attributes/ComponentIdentifier.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;

Expand Down Expand Up @@ -73,6 +74,7 @@ public class ComponentIdentifier {
private ASN1ObjectIdentifier componentManufacturerId;
private ASN1Boolean fieldReplaceable;
private List<ComponentAddress> componentAddress;
private boolean validationResult = true;

/**
* Default constructor.
Expand Down Expand Up @@ -263,6 +265,24 @@ public boolean isVersion2() {
return false;
}

/**
* Holds the status of the validation process for attributes
* specific to this instance.
* @return true is passed, false if failed.
*/
public boolean isValidationResult() {
return validationResult;
}

/**
* Sets the flag for the validation status for this instance
* of the attribute.
* @param validationResult validation flag.
*/
public void setValidationResult(final boolean validationResult) {
this.validationResult = validationResult;
}

/**
* Get all the component addresses inside the sequence.
*
Expand All @@ -288,6 +308,29 @@ public static List<ComponentAddress> retrieveComponentAddress(final ASN1Sequence
return Collections.unmodifiableList(addresses);
}

@Override
public int hashCode() {
return Objects.hash(componentManufacturer, componentModel,
componentSerial, componentRevision);
}

@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}

if (obj instanceof ComponentIdentifier) {
ComponentIdentifier testCi = (ComponentIdentifier) obj;
return testCi.getComponentManufacturer().equals(this.getComponentManufacturer())
&& testCi.getComponentModel().equals(this.getComponentModel())
&& testCi.getComponentSerial().equals(this.getComponentSerial())
&& testCi.getComponentRevision().equals(this.getComponentRevision());
} else {
return false;
}
}

@Override
public String toString() {
StringBuilder sb = new StringBuilder();
Expand Down
18 changes: 18 additions & 0 deletions ...tils/src/main/java/hirs/data/persist/certificate/attributes/V2/ComponentIdentifierV2.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,14 @@ public final boolean isRemoved() {
return getAttributeStatus() == AttributeStatus.REMOVED;
}

/**
* @return true if the component status wasn't set.
*/
public final boolean isEmpty() {
return (getAttributeStatus() == AttributeStatus.EMPTY_STATUS)
|| (getAttributeStatus() == null);
}

/**
* @return indicates the type of platform certificate.
*/
Expand All @@ -243,6 +251,16 @@ public boolean isVersion2() {
return true;
}

@Override
public boolean equals(final Object obj) {
return super.equals(obj);
}

@Override
public int hashCode() {
return super.hashCode();
}

@Override
public String toString() {
StringBuilder sb = new StringBuilder();
Expand Down
Loading

0 comments on commit 2b5c4ae

Please sign in to comment.