Examples with PcrManifest com.intel.mountwilson.manifest.data.PcrManifest used on opensource projects

Example 1 with PcrManifest

use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.

the class ReportsBO method getHostAttestationReport.

// BUG #497 XXX TODO needs rewrite to use HostAgentFactory and HostAgent interfaces
public String getHostAttestationReport(Hostname hostName) {
    XMLOutputFactory xof = XMLOutputFactory.newInstance();
    XMLStreamWriter xtw;
    StringWriter sw = new StringWriter();
    IManifestStrategy manifestStrategy;
    IManifestStrategyFactory strategyFactory;
    HashMap<String, ? extends IManifest> pcrManifestMap = null;
    TblHosts tblHosts = null;
    String attestationReport = "";
    try {
        tblHosts = getTblHostsJpaController().findByName(hostName.toString());
        if (tblHosts == null) {
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
        }
        manifestStrategy = getManifestStrategy(tblHosts);
        // BUG #497  this is now obtained by IntelHostAgent using TAHelper's getQuoteInformationForHost which is what was called by TrustAgentManifestStrategy.getManifest()
        pcrManifestMap = manifestStrategy.getManifest(tblHosts);
    } catch (ASException aex) {
        throw aex;
    } catch (CryptographyException e) {
        throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    try {
        // XXX BUG #497 this entire section in try{}catch{} has  moved to TAHelper and used by IntelHostAgent
        // We need to check if the host supports TPM or not. Only way we can do it
        // using the host table contents is by looking at the AIK Certificate. Based
        // on this flag we generate the attestation report.
        boolean tpmSupport = true;
        String hostType = tblHosts.getVmmMleId().getName();
        if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
            tpmSupport = false;
        }
        // xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
        xtw = xof.createXMLStreamWriter(sw);
        xtw.writeStartDocument();
        xtw.writeStartElement("Host_Attestation_Report");
        xtw.writeAttribute("Host_Name", hostName.toString());
        xtw.writeAttribute("Host_VMM", hostType);
        xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
        if (tpmSupport == true) {
            ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
            pcrMFList.addAll(pcrManifestMap.values());
            for (IManifest pcrInfo : pcrMFList) {
                PcrManifest pInfo = (PcrManifest) pcrInfo;
                xtw.writeStartElement("PCRInfo");
                xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
                xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
                xtw.writeEndElement();
            }
        } else {
            xtw.writeStartElement("PCRInfo");
            xtw.writeAttribute("Error", "Host does not support TPM.");
            xtw.writeEndElement();
        }
        xtw.writeEndElement();
        xtw.writeEndDocument();
        xtw.flush();
        xtw.close();
        attestationReport = sw.toString();
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    return attestationReport;
}

Example 2 with PcrManifest

use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.

the class HostBO method createHostSpecificManifestRecords.

private List<TblHostSpecificManifest> createHostSpecificManifestRecords(TblMle vmmMleId, HashMap<String, ? extends IManifest> pcrManifest, String hostType) throws IOException {
    List<TblHostSpecificManifest> tblHostSpecificManifests = new ArrayList<>();
    if (vmmMleId.getRequiredManifestList().contains(MODULE_PCR) && pcrManifest != null) {
        PcrManifest pcrMf19 = (PcrManifest) pcrManifest.get(MODULE_PCR);
        if (pcrMf19.containsPcrEventLog(19)) {
            PcrEventLog pcrEventLog = pcrMf19.getPcrEventLog(19);
            if (pcrEventLog != null) {
                for (Measurement m : pcrEventLog.getEventLog()) {
                    if (m != null && m.getInfo() != null && (!m.getInfo().isEmpty())) {
                        m.getInfo().get("EventName");
                        m.getInfo().get("ComponentName");
                        if (hostType.equals("intel") && m.getInfo().get("EventName") != null) {
                            log.debug("Adding host specific manifest for event " + m.getInfo().get("EventName") + ": field=" + m.getLabel() + " component=" + m.getInfo().get("ComponentName"));
                            log.debug("Querying manifest for event: " + m.getInfo().get("EventName") + ": MLE_ID=" + vmmMleId.getId() + " component=" + m.getInfo().get("ComponentName"));
                            // For open source XEN and KVM both the modules that get extended to PCR 19 should be added into the host specific table
                            //TblModuleManifest tblModuleManifest = My.jpa().mwModuleManifest().findByMleNameEventName(vmmMleId.getId(), m.getInfo().get("ComponentName"),  m.getInfo().get("EventName"));
                            TblModuleManifestJpaController tblModuleManifestJpaController = getModuleJpaController();
                            TblModuleManifest tblModuleManifest = tblModuleManifestJpaController.findByMleNameEventName(vmmMleId.getId(), m.getInfo().get("ComponentName"), m.getInfo().get("EventName"));
                            TblHostSpecificManifest tblHostSpecificManifest = new TblHostSpecificManifest();
                            tblHostSpecificManifest.setDigestValue(m.getValue().toString());
                            tblHostSpecificManifest.setModuleManifestID(tblModuleManifest);
                            tblHostSpecificManifests.add(tblHostSpecificManifest);
                        }
                    }
                }
            }
        } else {
            log.warn("No PCR 19 found.SO not saving host specific manifest.");
        }
    } else {
        log.warn("It is not possible to get PCR 19 info. Unable to perform database insertion");
    }
    return tblHostSpecificManifests;
}

Example 3 with PcrManifest

use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.

the class HostTrustBO method logTrustStatus.

private void logTrustStatus(TblHosts host, TblMle mle, IManifest manifest) {
    Date today = new Date(System.currentTimeMillis());
    PcrManifest pcrManifest = (PcrManifest) manifest;
    TblTaLog taLog = new TblTaLog();
    taLog.setHostID(host.getId());
    taLog.setMleId(mle.getId());
    taLog.setManifestName(String.valueOf(pcrManifest.getPcrNumber()));
    taLog.setManifestValue(pcrManifest.getPcrValue());
    taLog.setTrustStatus(pcrManifest.getVerifyStatus());
    taLog.setUpdatedOn(today);
    getTblTaLogJpaController().create(taLog);
}

Example 4 with PcrManifest

use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.

the class HostTrustBOTest method testGetTrustStatus.

@Test
public void testGetTrustStatus() throws Exception {
    TblHosts tblHosts = mockGetHostByIpAddress();
    doReturn(tblHosts).when(hostTrustBO).getHostByIpAddress(SERVER_NAME);
    //get pcrMap 
    HashMap<String, IManifest> pcrManifestMap = new HashMap<String, IManifest>();
    pcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
    pcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
    doReturn(pcrManifestMap).when(manifestStrategy).getManifest(tblHosts);
    //get gkv for given host
    HashMap<String, IManifest> gkvBiosPcrManifestMap = new HashMap<String, IManifest>();
    HashMap<String, IManifest> gkvVmmPcrManifestMap = new HashMap<String, IManifest>();
    gkvBiosPcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
    gkvVmmPcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
    doReturn(gkvBiosPcrManifestMap).when(gkvStrategy).getBiosGoodKnownManifest(anyString(), anyString(), anyString());
    doReturn(gkvVmmPcrManifestMap).when(gkvStrategy).getVmmGoodKnownManifest(anyString(), anyString(), anyString(), anyString(), any(Integer.class));
    doNothing().when(taLogJpaController).create(any(TblTaLog.class));
    HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(SERVER_NAME));
    assertNotNull(trustStatus);
    assertTrue(trustStatus.bios);
    assertTrue(trustStatus.vmm);
}

Example 5 with PcrManifest

use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.

the class PcrGKVStrategyTest method getPcrManifestMap.

private HashMap<String, ? extends IManifest> getPcrManifestMap(TblMle mle) {
    HashMap<String, IManifest> pcrManifests = new HashMap<String, IManifest>();
    for (TblPcrManifest pcrMf : mle.getTblPcrManifestCollection()) {
        pcrMf = pcrManifestJpaController.findPcrManifestById(pcrMf.getId());
        pcrManifests.put(pcrMf.getName().trim(), new PcrManifest(Integer.valueOf(pcrMf.getName()), pcrMf.getValue().trim()));
    }
    return pcrManifests;
}