Skip to content

Commit

Permalink
Merge pull request #886 from nsacyber/v3_issue-879
Browse files Browse the repository at this point in the history 
[#879] Additional renaming and checkstyle  changes
  • Loading branch information
@iadgovuser26
iadgovuser26 authored Dec 13, 2024
2 parents 02f684d + 6af53fe commit ad09669
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 68 deletions.
33 changes: 16 additions & 17 deletions HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -62,8 +63,7 @@ public PcrValidator() {
* @param pcrValues RIM provided baseline PCRs
*/
public PcrValidator(final String[] pcrValues) {
baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1);
baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1);
}

/**
Expand Down Expand Up @@ -149,7 +149,7 @@ public StringBuilder validatePcrs(final String[] storedPcrs,
}

if (!baselinePcrs[i].equals(storedPcrs[i])) {
log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]);
log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i]));
sb.append(String.format(failureMsg, i));
}
}
Expand All @@ -163,36 +163,36 @@ public StringBuilder validatePcrs(final String[] storedPcrs,
* will ignore certin PCRs, Event Types and Event Variables present.
*
* @param tcgMeasurementLog Measurement log from the client
* @param eventValueMap The events stored as baseline to compare
* @param eventLogRecords The events stored as baseline to compare
* @param policySettings db entity that holds all of policy
* @return the events that didn't pass
*/
public List<TpmPcrEvent> validateTpmEvents(final TCGEventLog tcgMeasurementLog,
final Map<String, ReferenceDigestValue> eventValueMap,
final Map<String, ReferenceDigestValue> eventLogRecords,
final PolicySettings policySettings) {
List<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) {
log.info("IMA Ignored -> {}", tpe);
log.info(String.format("IMA Ignored -> %s", tpe));
} else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START
&& tpe.getPcrIndex() <= TBOOT_PCR_END)) {
log.info("TBOOT Ignored -> {}", tpe);
log.info(String.format("TBOOT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START
&& tpe.getPcrIndex() <= PXE_PCR_END)) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else {
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
log.info("GPT Ignored -> {}", tpe);
log.info(String.format("GPT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
&& tpe.getEventContentStr().contains("SecureBoot"))) {
log.info("OS Evt Config Ignored -> {}", tpe);
log.info(String.format("OS Evt Config Ignored -> %s", tpe));
} else {
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) {
tpmPcrEvents.add(tpe);
}
}
Expand Down Expand Up @@ -251,13 +251,12 @@ public boolean validateQuote(final byte[] tpmQuote, final String[] storedPcrs,
// other information.
String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest());
log.debug(
"Validating PCR information with the following:{}calculatedString = {}{}"
+ "quoteString = {}", System.lineSeparator(), calculatedString,
System.lineSeparator(), quoteString);
log.debug("Validating PCR information with the following:"
+ System.lineSeparator() + "calculatedString = " + calculatedString
+ System.lineSeparator() + "quoteString = " + quoteString);
validated = quoteString.contains(calculatedString);
if (!validated) {
log.warn("{} not found in {}", calculatedString, quoteString);
log.warn(calculatedString + " not found in " + quoteString);
}
} catch (NoSuchAlgorithmException naEx) {
log.error(naEx);
Expand Down
50 changes: 28 additions & 22 deletions ...va/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,14 +97,12 @@ public ReferenceManifestDetailsPageController(
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository
caCertificateRepository)
public static HashMap<String, Object> getRimDetailInfo(
final UUID uuid,
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository caCertificateRepository)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
Expand Down Expand Up @@ -141,14 +139,16 @@ public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
* @param certificateRepository the certificate manager.
* @param caCertificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestRepository referenceManifestRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository caCertificateRepository)
throws IOException {
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();

// Software Identity
Expand Down Expand Up @@ -258,8 +258,8 @@ private static HashMap<String, Object> getBaseRimInfo(
caCertificateRepository));
RIM_VALIDATOR.setTrustStore(truststore);
} catch (IOException e) {
log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(),
e.getMessage());
log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": "
+ e.getMessage());
}
if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
Expand All @@ -270,7 +270,7 @@ private static HashMap<String, Object> getBaseRimInfo(
break;
}
} catch (SupplyChainValidatorException scvEx) {
log.error("Error verifying cert chain: {}", scvEx.getMessage());
log.error("Error verifying cert chain: " + scvEx.getMessage());
}
}
}
Expand All @@ -286,7 +286,7 @@ private static HashMap<String, Object> getBaseRimInfo(
}
}
} catch (NullPointerException npEx) {
log.warn("Unable to link signing certificate: {}", npEx.getMessage());
log.warn("Unable to link signing certificate: " + npEx.getMessage());
}
return data;
}
Expand Down Expand Up @@ -485,7 +485,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
final ReferenceDigestValueRepository referenceDigestValueRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
LinkedList<TpmPcrEvent> evidence = new LinkedList<>();
BaseReferenceManifest base = null;
List<SupportReferenceManifest> supports = new ArrayList<>();
SupportReferenceManifest baseSupport = null;
Expand All @@ -498,7 +498,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
data.put("validationResult", measurements.getOverallValidationResult());
data.put("swidBase", true);

List<ReferenceDigestValue> eventValues = new LinkedList<>();
List<ReferenceDigestValue> assertions = new LinkedList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
Expand All @@ -518,19 +518,19 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
data.put("associatedRim", base.getId());
}

eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
}
}

TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();

for (ReferenceDigestValue rdv : eventValues) {
eventValueMap.put(rdv.getDigestValue(), rdv);
for (ReferenceDigestValue record : assertions) {
eventValueMap.put(record.getDigestValue(), record);
}
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
livelogEvents.add(measurementEvent);
evidence.add(measurementEvent);
}
}

Expand All @@ -544,7 +544,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
String bootVariable;
String variablePrefix = "Variable Name:";
String variableSuffix = "UEFI_GUID";
for (TpmPcrEvent tpe : livelogEvents) {
for (TpmPcrEvent tpe : evidence) {
matchedEvents = new ArrayList<>();
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
Expand All @@ -567,7 +567,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
}

TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes());
data.put("livelogEvents", livelogEvents);
data.put("livelogEvents", evidence);
data.put("events", logProcessor.getEventList());
getEventSummary(data, logProcessor.getEventList());

Expand Down Expand Up @@ -608,6 +608,12 @@ public ModelAndView initPage(final ReferenceManifestDetailsPageParams params,
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
log.error(uuidError, iaEx);
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException nsEx) {
log.error(nsEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(ex);
}
Expand Down
Loading

0 comments on commit ad09669

Please sign in to comment.