Example 1 with UUID
use of com.intel.mtwilson.util.io.UUID in project OpenAttestation by OpenAttestation.
the class X509AttributeCertificate method valueOf.
/**
*
* @param encodedCertificate
* @return
*/
@JsonCreator
public static X509AttributeCertificate valueOf(@JsonProperty("encoded") byte[] encodedCertificate) {
X509AttributeCertificate result = new X509AttributeCertificate(encodedCertificate);
X509AttributeCertificateHolder cert;
try {
cert = new X509AttributeCertificateHolder(encodedCertificate);
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
// calls toString() on each X500Name so we get the default representation; we can do it ourselves for custom display; output example: CN=Attr CA,OU=CPG,OU=DCSG,O=Intel,ST=CA,C=US
log.debug("issuer: {}", StringUtils.join(cert.getIssuer().getNames(), "; "));
// but expected to be only one
result.issuer = StringUtils.join(cert.getIssuer().getNames(), "; ");
// output example: 1
log.debug("serial number: {}", cert.getSerialNumber().toString());
result.serialNumber = cert.getSerialNumber();
// output example: 2.25=#041092a71a228c174522a18bfd3ed3d00b39
log.debug("holder: {}", StringUtils.join(cert.getHolder().getEntityNames(), ", "));
// now let's get the UUID specifically out of this
log.debug("holder has {} entity names", cert.getHolder().getEntityNames().length);
for (X500Name entityName : cert.getHolder().getEntityNames()) {
log.debug("holder entity name has {} rdns", entityName.getRDNs().length);
for (RDN rdn : entityName.getRDNs()) {
log.debug("entity rdn is multivalued? {}", rdn.isMultiValued());
AttributeTypeAndValue attr = rdn.getFirst();
if (attr.getType().toString().equals(OID.HOST_UUID)) {
UUID uuid = UUID.valueOf(DEROctetString.getInstance(attr.getValue()).getOctets());
log.debug("holder uuid: {}", uuid);
// example: 33766a63-5c55-4461-8a84-5936577df450
result.subject = uuid.toString();
}
}
}
// if we ddin't identify the UUID, just display the subject same way we did the issuer... concat all the entity names. example: 2.25=#041033766a635c5544618a845936577df450 (notice that in the value, there's a #0410 prepended to the uuid 33766a635c5544618a845936577df450)
if (result.subject == null) {
result.subject = StringUtils.join(cert.getHolder().getEntityNames(), "; ");
}
// output example: Thu Aug 08 15:21:13 PDT 2013
log.debug("not before: {}", cert.getNotBefore());
// output example: Sun Sep 08 15:21:13 PDT 2013
log.debug("not after: {}", cert.getNotAfter());
result.notBefore = cert.getNotBefore();
result.notAfter = cert.getNotAfter();
Attribute[] attributes = cert.getAttributes();
result.tags1 = new ArrayList<UTF8NameValueMicroformat>();
result.tags2 = new ArrayList<UTF8NameValueSequence>();
result.tagsOther = new ArrayList<ASN1Encodable>();
for (Attribute attr : attributes) {
log.debug("attr {} is {}", attr.hashCode(), attr.toString());
result.attributes.add(attr);
for (ASN1Encodable value : attr.getAttributeValues()) {
// result.tags.add(new AttributeOidAndValue(attr.getAttrType().toString(), DERUTF8String.getInstance(value).getString()));
if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
// our values are just UTF-8 strings but if you use new String(value.getEncoded()) you will get two extra spaces at the beginning of the string
log.debug("name-value microformat attribute: {}", DERUTF8String.getInstance(value).getString());
UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
log.debug("name-value microformat attribute (2) name {} value {}", microformat.getName(), microformat.getValue());
result.tags1.add(microformat);
} else if (attr.getAttrType().toString().equals(UTF8NameValueSequence.OID)) {
UTF8NameValueSequence sequence = new UTF8NameValueSequence(ASN1Sequence.getInstance(value));
String name = sequence.getName();
List<String> values = sequence.getValues();
log.debug("name-values asn.1 attribute {} values {}", name, values);
result.tags2.add(sequence);
} else {
log.debug("unrecognzied attribute type {}", attr.getAttrType().toString());
result.tagsOther.add(value);
}
/*
* output examples:
* attribute: 1.3.6.1.4.1.99999.1.1.1.1 is US
* attribute: 1.3.6.1.4.1.99999.2.2.2.2 is CA
* attribute: 1.3.6.1.4.1.99999.3.3.3.3 is Folsom
*/
}
}
log.debug("valueOf ok");
return result;
}
Also used :
Attribute(org.bouncycastle.asn1.x509.Attribute)
X509AttributeCertificateHolder(org.bouncycastle.cert.X509AttributeCertificateHolder)
IOException(java.io.IOException)
X500Name(org.bouncycastle.asn1.x500.X500Name)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
AttributeTypeAndValue(org.bouncycastle.asn1.x500.AttributeTypeAndValue)
ArrayList(java.util.ArrayList)
List(java.util.List)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
UUID(com.intel.mtwilson.util.io.UUID)
RDN(org.bouncycastle.asn1.x500.RDN)
JsonCreator(org.codehaus.jackson.annotate.JsonCreator)
Example 2 with UUID
use of com.intel.mtwilson.util.io.UUID in project OpenAttestation by OpenAttestation.
the class AbstractJsonapiResource method createJsonapiCollection.
/**
* Add an item to the collection. Input Content-Type is
* application/vnd.api+json Output Content-Type is application/vnd.api+json
*
* The input must represent a collection of items to add, even if the
* collection only contains a single item.
*
*
* @param collection
* @return
*/
@POST
@Consumes({ MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_JSON })
public C createJsonapiCollection(C collection) {
log.debug("createCollection");
ValidationUtil.validate(collection);
// this behavior of autmoatically generating uuids if client didn't provide could be implemented in one place and reused in all create() methods... the utility could accept a DocumentCollection and set the ids...
for (T item : collection.getDocuments()) {
if (item.getId() == null) {
item.setId(new UUID());
}
getRepository().create(item);
}
return collection;
}Example 3 with UUID
use of com.intel.mtwilson.util.io.UUID in project OpenAttestation by OpenAttestation.
the class CertificateRepository method create.
@Override
public // @RequiresPermissions("tag_certificates:create")
void create(Certificate item) {
log.debug("Certificate:Create - Got request to create a new Certificate {}.", item.getId().toString());
CertificateLocator locator = new CertificateLocator();
locator.id = item.getId();
try (CertificateDAO dao = TagJdbi.certificateDao()) {
Certificate newCert = dao.findById(item.getId());
if (newCert == null) {
newCert = Certificate.valueOf(item.getCertificate());
dao.insert(item.getId(), newCert.getCertificate(), newCert.getSha1().toHexString(), newCert.getSha256().toHexString(), newCert.getSubject(), newCert.getIssuer(), newCert.getNotBefore(), newCert.getNotAfter());
log.debug("Certificate:Create - Created the Certificate {} successfully.", item.getId().toString());
} else {
log.error("Certificate:Create - Certificate {} will not be created since a duplicate Certificate already exists.", item.getId().toString());
throw new RepositoryCreateConflictException(locator);
}
} catch (RepositoryException re) {
throw re;
} catch (Exception ex) {
log.error("Certificate:Create - Error during certificate creation.", ex);
throw new RepositoryCreateException(ex, locator);
}
//Store tag values from Certificate
try {
log.info("Tags from certificate will now be stored");
KvAttributeRepository repository = new KvAttributeRepository();
KvAttribute kvAttrib = new KvAttribute();
if (kvAttrib == null || repository == null)
log.debug("kvAttrib or repository Obj is null, unable to store certificate tags");
else {
List<Attribute> certAttributes = X509AttributeCertificate.valueOf(item.getCertificate()).getAttribute();
for (Attribute attr : certAttributes) {
for (ASN1Encodable value : attr.getAttributeValues()) {
if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
// Check if that tag with same value already exists
KvAttributeFilterCriteria criteria = new KvAttributeFilterCriteria();
criteria.nameEqualTo = microformat.getName();
criteria.valueEqualTo = microformat.getValue();
KvAttributeCollection results = repository.search(criteria);
if (results.getDocuments().isEmpty()) {
kvAttrib.setId(new UUID());
kvAttrib.setName(microformat.getName());
kvAttrib.setValue(microformat.getValue());
repository.create(kvAttrib);
} else
log.debug("Tag with Name:{} & Value:{} is already stored.", microformat.getName(), microformat.getValue());
}
}
}
}
} catch (Exception e) {
log.error("Certificate:Create - Error during attribute scan", e);
}
}
Also used :
CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator)
CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)
KvAttribute(com.intel.mtwilson.datatypes.KvAttribute)
Attribute(org.bouncycastle.asn1.x509.Attribute)
KvAttribute(com.intel.mtwilson.datatypes.KvAttribute)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)
RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)
RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException)
RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException)
RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException)
RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException)
RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException)
RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException)
RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)
KvAttributeCollection(com.intel.mtwilson.datatypes.KvAttributeCollection)
KvAttributeRepository(com.intel.mtwilson.tag.repository.KvAttributeRepository)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
KvAttributeFilterCriteria(com.intel.mtwilson.datatypes.KvAttributeFilterCriteria)
UUID(com.intel.mtwilson.util.io.UUID)
UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)
Certificate(com.intel.mtwilson.datatypes.Certificate)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)
Example 4 with UUID
use of com.intel.mtwilson.util.io.UUID in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method importAssetTagCertificate.
// public AssetTagCertBO(PersistenceManager pm) {
// super(pm);
// }
/**
* This functions stores a new asset tag certificate that was provisioned by the Asset tag
* provisioning service for a host.This certificate would be associated to the host for
* which it was provisioned only when that host gets registered with Mt.Wilson
* @param atagObj
* @return
*/
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
boolean result;
X509AttributeCertificate x509AttrCert;
try {
try {
x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
} catch (IllegalArgumentException ce) {
log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
}
MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
if (uuid != null && !uuid.isEmpty())
atagCert.setUuid_hex(uuid);
else
atagCert.setUuid_hex(new UUID().toString());
atagCert.setCertificate(atagObj.getCertificate());
atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
atagCert.setNotAfter(x509AttrCert.getNotAfter());
atagCert.setNotBefore(x509AttrCert.getNotBefore());
atagCert.setRevoked(false);
//atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
atagCert.setCreate_time(x509AttrCert.getSerialNumber());
//atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
// We are just writing some default value here, which would be changed when the host would be mapped to this
// certificate.
//atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
atagCert.setPCREvent(expectedPcr.toByteArray());
log.debug("assetTag writing cert to DB");
//My.jpa().mwAssetTagCertificate().create(atagCert);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
mwAssetTagCertificateJpaController.create(atagCert);
result = true;
// here we need to check a config option, mtwilson.atag.associate.hosts.auto
// now try to match a host to it
log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
request.setSha1OfAssetCert(atagCert.getSHA1Hash());
//result =
mapAssetTagCertToHost(request);
} catch (ASException ase) {
log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
Also used :
Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
UUID(com.intel.mtwilson.util.io.UUID)
MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)
ASException(com.intel.mountwilson.as.common.ASException)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
ApiException(com.intel.mtwilson.ApiException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)
Example 5 with UUID
use of com.intel.mtwilson.util.io.UUID in project OpenAttestation by OpenAttestation.
the class HostBO method addModuleWhiteList.
private void addModuleWhiteList(PcrManifest pcr19, TblHosts tblHosts, TxtHost host, String uuid) {
try {
TblModuleManifestJpaController tblModuleManifestJpa = getModuleJpaController();
TblMleJpaController tblMleJpa = getMleJpaController();
TblEventTypeJpaController tblEventJpa = getEventJpaController();
TblPackageNamespaceJpaController tblPackageJpa = getPackageJpaController();
TblEventType tblEvent;
TblMle tblMle = tblMleJpa.findTblMleByUUID(uuid);
TblPackageNamespace nsPackNS;
if (tblMle == null) {
try {
// First check if the entry exists in the MLE table.
tblMle = getMleDetails(host.getVmm().getName(), host.getVmm().getVersion(), host.getVmm().getOsName(), host.getVmm().getOsVersion(), "");
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_MLE_DOES_NOT_EXIST, host.getVmm().getName(), host.getVmm().getVersion());
}
}
if (tblMle == null) {
log.error("MLE specified is not found in the DB");
throw new ASException(ErrorCode.WS_MLE_RETRIEVAL_ERROR, this.getClass().getSimpleName());
}
String eventName;
String componentName;
// String fullComponentName = "";
String fullComponentName;
String digest;
String packageName;
String packageVendor;
String packageVersion;
String extendedtoPCR;
boolean useHostSpecificDigest;
try {
// Before we insert the record, we need the identity for the event name
if (pcr19.containsPcrEventLog(19)) {
PcrEventLog pcrEventLog = pcr19.getPcrEventLog(19);
if (pcrEventLog != null) {
for (Measurement m : pcrEventLog.getEventLog()) {
extendedtoPCR = m.getInfo().get("ExtendedToPCR");
if (extendedtoPCR != null) {
if (extendedtoPCR.equals("19")) {
//tblEvent = tblEventJpa.findEventTypeByName(m.getInfo().get("EventName"));
eventName = m.getInfo().get("EventName");
componentName = m.getInfo().get("ComponentName");
packageName = String.valueOf(m.getInfo().get("PackageName"));
packageVendor = String.valueOf(m.getInfo().get("PackageVendor"));
packageVersion = String.valueOf(m.getInfo().get("PackageVersion"));
extendedtoPCR = String.valueOf(m.getInfo().get("ExtendedToPCR"));
digest = String.valueOf(m.getValue());
useHostSpecificDigest = Boolean.valueOf(m.getInfo().get("UseHostSpecificDigest"));
try {
// Before we insert the record, we need the identity for the event name
tblEvent = tblEventJpa.findEventTypeByName(eventName);
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST, eventName);
}
validateNull("EventName", eventName);
validateNull("ComponentName", componentName);
// corresponds to VMware, then we will append the event type fieldName to the component name. Otherwise we won't
if (eventName.contains("Vim25")) {
fullComponentName = tblEvent.getFieldName() + "." + componentName;
} else {
fullComponentName = componentName;
}
Integer componentID = tblModuleManifestJpa.findByMleIdEventId(tblMle.getId(), fullComponentName, tblEvent.getId());
if (componentID != null && componentID != 0) {
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_ALREADY_EXISTS, componentName);
}
try {
// Since there will be only one entry for now, we will just hardcode it for now.
// TO-DO: See if we can change this.
// Nov-12,2013: Changed to use the function that accepts the ID instead of the name for better
// performance.
nsPackNS = tblPackageJpa.findByName("Standard_Global_NS");
} catch (NoResultException nre) {
throw new ASException(ErrorCode.WS_NAME_SPACE_DOES_NOT_EXIST);
}
TblModuleManifest newModuleRecord = new TblModuleManifest();
if (uuid != null && !uuid.isEmpty()) {
newModuleRecord.setUuid_hex(uuid);
} else {
newModuleRecord.setUuid_hex(new UUID().toString());
}
newModuleRecord.setMleId(tblMle);
newModuleRecord.setMle_uuid_hex(tblMle.getUuid_hex());
newModuleRecord.setEventID(tblEvent);
newModuleRecord.setNameSpaceID(nsPackNS);
newModuleRecord.setComponentName(fullComponentName);
newModuleRecord.setDigestValue(digest);
newModuleRecord.setPackageName(packageName);
newModuleRecord.setPackageVendor(packageVendor);
newModuleRecord.setPackageVersion(packageVersion);
newModuleRecord.setUseHostSpecificDigestValue(useHostSpecificDigest);
newModuleRecord.setExtendedToPCR(extendedtoPCR);
newModuleRecord.setDescription("");
tblModuleManifestJpa.create(newModuleRecord);
// break;
}
}
}
}
}
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST);
}
} catch (ASException ase) {
throw ase;
} catch (Exception e) {
// throw new ASException(ErrorCode.SYSTEM_ERROR, "Exception while adding Module white list data. " + e.getMessage(), e);
// throw new ASException(e);
log.error("Error during Module whitelist creation.", e);
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_CREATE_ERROR, e.getClass().getSimpleName());
}
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
TblMleJpaController(com.intel.mtwilson.as.controller.TblMleJpaController)
TblPackageNamespaceJpaController(com.intel.mtwilson.as.controller.TblPackageNamespaceJpaController)
TblMle(com.intel.mtwilson.as.data.TblMle)
TblModuleManifest(com.intel.mtwilson.as.data.TblModuleManifest)
NoResultException(javax.persistence.NoResultException)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
ASException(com.intel.mountwilson.as.common.ASException)
NoResultException(javax.persistence.NoResultException)
NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)
IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblEventTypeJpaController(com.intel.mtwilson.as.controller.TblEventTypeJpaController)
TblEventType(com.intel.mtwilson.as.data.TblEventType)
TblModuleManifestJpaController(com.intel.mtwilson.as.controller.TblModuleManifestJpaController)
UUID(com.intel.mtwilson.util.io.UUID)
TblPackageNamespace(com.intel.mtwilson.as.data.TblPackageNamespace)
ASException(com.intel.mountwilson.as.common.ASException)
Aggregations
UUID (com.intel.mtwilson.util.io.UUID)11
ASException (com.intel.mountwilson.as.common.ASException)4
X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)3
IOException (java.io.IOException)3
TblMle (com.intel.mtwilson.as.data.TblMle)2
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)2
Certificate (com.intel.mtwilson.datatypes.Certificate)2
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)2
Attribute (org.bouncycastle.asn1.x509.Attribute)2
ApiException (com.intel.mtwilson.ApiException)1
MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)1
TblEventTypeJpaController (com.intel.mtwilson.as.controller.TblEventTypeJpaController)1
TblHostsJpaController (com.intel.mtwilson.as.controller.TblHostsJpaController)1
TblMleJpaController (com.intel.mtwilson.as.controller.TblMleJpaController)1
TblModuleManifestJpaController (com.intel.mtwilson.as.controller.TblModuleManifestJpaController)1
TblPackageNamespaceJpaController (com.intel.mtwilson.as.controller.TblPackageNamespaceJpaController)1
IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)1
NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)1
MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)1
TblEventType (com.intel.mtwilson.as.data.TblEventType)1
