Skip to content

Commit

Permalink
Clarified checkstyle changes and renamed some data structures for rea…
Browse files Browse the repository at this point in the history 
…dability or conformity to documentation
  • Loading branch information
@chubtub
chubtub committed Dec 10, 2024
1 parent e91c7a8 commit cb2ba1a
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 78 deletions.
40 changes: 16 additions & 24 deletions HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/PcrValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -62,17 +63,9 @@ public PcrValidator() {
* @param pcrValues RIM provided baseline PCRs
*/
public PcrValidator(final String[] pcrValues) {
baselinePcrs = new String[TPMMeasurementRecord.MAX_PCR_ID + 1];
System.arraycopy(pcrValues, 0, baselinePcrs, 0, TPMMeasurementRecord.MAX_PCR_ID + 1);
baselinePcrs = Arrays.copyOf(pcrValues, TPMMeasurementRecord.MAX_PCR_ID + 1);
}

/**
* Builds a string array of stored pcrs.
*
* @param pcrContent string representation of the pcr content
* @param algorithmLength length of the algorithm
* @return string array representation of the stored pcrs.
*/
public static String[] buildStoredPcrs(final String pcrContent, final int algorithmLength) {
// we have a full set of PCR values
String[] pcrSet = pcrContent.split("\\n");
Expand Down Expand Up @@ -149,7 +142,7 @@ public StringBuilder validatePcrs(final String[] storedPcrs,
}

if (!baselinePcrs[i].equals(storedPcrs[i])) {
log.error("{} =/= {}", baselinePcrs[i], storedPcrs[i]);
log.error(String.format("%s =/= %s", baselinePcrs[i], storedPcrs[i]));
sb.append(String.format(failureMsg, i));
}
}
Expand All @@ -163,36 +156,36 @@ public StringBuilder validatePcrs(final String[] storedPcrs,
* will ignore certin PCRs, Event Types and Event Variables present.
*
* @param tcgMeasurementLog Measurement log from the client
* @param eventValueMap The events stored as baseline to compare
* @param eventLogRecords The events stored as baseline to compare
* @param policySettings db entity that holds all of policy
* @return the events that didn't pass
*/
public List<TpmPcrEvent> validateTpmEvents(final TCGEventLog tcgMeasurementLog,
final Map<String, ReferenceDigestValue> eventValueMap,
final Map<String, ReferenceDigestValue> eventLogRecords,
final PolicySettings policySettings) {
List<TpmPcrEvent> tpmPcrEvents = new LinkedList<>();
for (TpmPcrEvent tpe : tcgMeasurementLog.getEventList()) {
if (policySettings.isIgnoreImaEnabled() && tpe.getPcrIndex() == IMA_PCR) {
log.info("IMA Ignored -> {}", tpe);
log.info(String.format("IMA Ignored -> %s", tpe));
} else if (policySettings.isIgnoretBootEnabled() && (tpe.getPcrIndex() >= TBOOT_PCR_START
&& tpe.getPcrIndex() <= TBOOT_PCR_END)) {
log.info("TBOOT Ignored -> {}", tpe);
log.info(String.format("TBOOT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (tpe.getPcrIndex() >= PXE_PCR_START
&& tpe.getPcrIndex() <= PXE_PCR_END)) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else {
if (policySettings.isIgnoreGptEnabled() && tpe.getEventTypeStr().contains(EVT_EFI_GPT)) {
log.info("GPT Ignored -> {}", tpe);
log.info(String.format("GPT Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_BOOT)
|| tpe.getEventTypeStr().contains(EVT_EFI_VAR))) {
log.info("OS Evt Ignored -> {}", tpe);
log.info(String.format("OS Evt Ignored -> %s", tpe));
} else if (policySettings.isIgnoreOsEvtEnabled() && (
tpe.getEventTypeStr().contains(EVT_EFI_CFG)
&& tpe.getEventContentStr().contains("SecureBoot"))) {
log.info("OS Evt Config Ignored -> {}", tpe);
log.info(String.format("OS Evt Config Ignored -> %s", tpe));
} else {
if (!eventValueMap.containsKey(tpe.getEventDigestStr())) {
if (!eventLogRecords.containsKey(tpe.getEventDigestStr())) {
tpmPcrEvents.add(tpe);
}
}
Expand Down Expand Up @@ -251,13 +244,12 @@ public boolean validateQuote(final byte[] tpmQuote, final String[] storedPcrs,
// other information.
String calculatedString = Hex.encodeHexString(
pcrInfoShort.getCalculatedDigest());
log.debug(
"Validating PCR information with the following:{}calculatedString = {}{}"
+ "quoteString = {}", System.lineSeparator(), calculatedString,
System.lineSeparator(), quoteString);
log.debug("Validating PCR information with the following:" +
System.lineSeparator() + "calculatedString = " + calculatedString +
System.lineSeparator() + "quoteString = " + quoteString);
validated = quoteString.contains(calculatedString);
if (!validated) {
log.warn("{} not found in {}", calculatedString, quoteString);
log.warn(calculatedString + " not found in " + quoteString);
}
} catch (NoSuchAlgorithmException naEx) {
log.error(naEx);
Expand Down
47 changes: 26 additions & 21 deletions ...va/hirs/attestationca/portal/page/controllers/ReferenceManifestDetailsPageController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,10 @@ public ReferenceManifestDetailsPageController(
* @throws CertificateException if a certificate doesn't parse.
*/
public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
final ReferenceManifestRepository
referenceManifestRepository,
final ReferenceDigestValueRepository
referenceDigestValueRepository,
final ReferenceManifestRepository referenceManifestRepository,
final ReferenceDigestValueRepository referenceDigestValueRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository
caCertificateRepository)
final CACredentialRepository caCertificateRepository)
throws IOException,
CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
Expand Down Expand Up @@ -141,14 +138,16 @@ public static HashMap<String, Object> getRimDetailInfo(final UUID uuid,
* @param certificateRepository the certificate manager.
* @param caCertificateRepository the certificate manager.
* @return mapping of the RIM information from the database.
* @throws java.io.IOException error for reading file bytes.
* @throws java.io.IOException error for reading file bytes.
* @throws NoSuchAlgorithmException If an unknown Algorithm is encountered.
* @throws CertificateException if a certificate doesn't parse.
*/
private static HashMap<String, Object> getBaseRimInfo(
final BaseReferenceManifest baseRim,
final ReferenceManifestRepository referenceManifestRepository,
final CertificateRepository certificateRepository,
final CACredentialRepository caCertificateRepository)
throws IOException {
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();

// Software Identity
Expand Down Expand Up @@ -258,8 +257,8 @@ private static HashMap<String, Object> getBaseRimInfo(
caCertificateRepository));
RIM_VALIDATOR.setTrustStore(truststore);
} catch (IOException e) {
log.error("Error building CA chain for {}: {}", caCert.getSubjectKeyIdentifier(),
e.getMessage());
log.error("Error building CA chain for " + caCert.getSubjectKeyIdentifier() + ": "
+ e.getMessage());
}
if (RIM_VALIDATOR.validateXmlSignature(caCert.getX509Certificate().getPublicKey(),
caCert.getSubjectKeyIdString(), caCert.getEncodedPublicKey())) {
Expand All @@ -270,7 +269,7 @@ private static HashMap<String, Object> getBaseRimInfo(
break;
}
} catch (SupplyChainValidatorException scvEx) {
log.error("Error verifying cert chain: {}", scvEx.getMessage());
log.error("Error verifying cert chain: " + scvEx.getMessage());
}
}
}
Expand All @@ -286,7 +285,7 @@ private static HashMap<String, Object> getBaseRimInfo(
}
}
} catch (NullPointerException npEx) {
log.warn("Unable to link signing certificate: {}", npEx.getMessage());
log.warn("Unable to link signing certificate: " + npEx.getMessage());
}
return data;
}
Expand All @@ -298,7 +297,7 @@ private static HashMap<String, Object> getBaseRimInfo(
* @return list of X509Certificates
*/
private static List<X509Certificate> convertCACsToX509Certificates(
final Set<CertificateAuthorityCredential> set)
Set<CertificateAuthorityCredential> set)
throws IOException {
ArrayList<X509Certificate> certs = new ArrayList<>(set.size());
for (CertificateAuthorityCredential cac : set) {
Expand Down Expand Up @@ -485,7 +484,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
final ReferenceDigestValueRepository referenceDigestValueRepository)
throws IOException, CertificateException, NoSuchAlgorithmException {
HashMap<String, Object> data = new HashMap<>();
LinkedList<TpmPcrEvent> livelogEvents = new LinkedList<>();
LinkedList<TpmPcrEvent> evidence = new LinkedList<>();
BaseReferenceManifest base = null;
List<SupportReferenceManifest> supports = new ArrayList<>();
SupportReferenceManifest baseSupport = null;
Expand All @@ -498,7 +497,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
data.put("validationResult", measurements.getOverallValidationResult());
data.put("swidBase", true);

List<ReferenceDigestValue> eventValues = new LinkedList<>();
List<ReferenceDigestValue> assertions = new LinkedList<>();
if (measurements.getDeviceName() != null) {
supports.addAll(referenceManifestRepository.byDeviceName(measurements
.getDeviceName()));
Expand All @@ -518,19 +517,19 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
data.put("associatedRim", base.getId());
}

eventValues.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
assertions.addAll(referenceDigestValueRepository.findBySupportRimId(baseSupport.getId()));
}
}

TCGEventLog measurementLog = new TCGEventLog(measurements.getRimBytes());
Map<String, ReferenceDigestValue> eventValueMap = new HashMap<>();

for (ReferenceDigestValue rdv : eventValues) {
eventValueMap.put(rdv.getDigestValue(), rdv);
for (ReferenceDigestValue record : assertions) {
eventValueMap.put(record.getDigestValue(), record);
}
for (TpmPcrEvent measurementEvent : measurementLog.getEventList()) {
if (!eventValueMap.containsKey(measurementEvent.getEventDigestStr())) {
livelogEvents.add(measurementEvent);
evidence.add(measurementEvent);
}
}

Expand All @@ -544,7 +543,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
String bootVariable;
String variablePrefix = "Variable Name:";
String variableSuffix = "UEFI_GUID";
for (TpmPcrEvent tpe : livelogEvents) {
for (TpmPcrEvent tpe : evidence) {
matchedEvents = new ArrayList<>();
for (TpmPcrEvent tpmPcrEvent : combinedBaselines) {
if (tpmPcrEvent.getEventType() == tpe.getEventType()) {
Expand All @@ -567,7 +566,7 @@ private static HashMap<String, Object> getMeasurementsRimInfo(
}

TCGEventLog logProcessor = new TCGEventLog(measurements.getRimBytes());
data.put("livelogEvents", livelogEvents);
data.put("livelogEvents", evidence);
data.put("events", logProcessor.getEventList());
getEventSummary(data, logProcessor.getEventList());

Expand Down Expand Up @@ -608,6 +607,12 @@ public ModelAndView initPage(final ReferenceManifestDetailsPageParams params,
String uuidError = "Failed to parse ID from: " + params.getId();
messages.addError(uuidError);
log.error(uuidError, iaEx);
} catch (CertificateException cEx) {
log.error(cEx);
} catch (NoSuchAlgorithmException nsEx) {
log.error(nsEx);
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(ex);
}
Expand Down
Loading

0 comments on commit cb2ba1a

Please sign in to comment.