Example 1 with PcrEventLog
use of com.intel.mtwilson.util.model.PcrEventLog in project OpenAttestation by OpenAttestation.
the class HostBO method createHostSpecificManifestRecords.
private List<TblHostSpecificManifest> createHostSpecificManifestRecords(TblMle vmmMleId, HashMap<String, ? extends IManifest> pcrManifest, String hostType) throws IOException {
List<TblHostSpecificManifest> tblHostSpecificManifests = new ArrayList<>();
if (vmmMleId.getRequiredManifestList().contains(MODULE_PCR) && pcrManifest != null) {
PcrManifest pcrMf19 = (PcrManifest) pcrManifest.get(MODULE_PCR);
if (pcrMf19.containsPcrEventLog(19)) {
PcrEventLog pcrEventLog = pcrMf19.getPcrEventLog(19);
if (pcrEventLog != null) {
for (Measurement m : pcrEventLog.getEventLog()) {
if (m != null && m.getInfo() != null && (!m.getInfo().isEmpty())) {
m.getInfo().get("EventName");
m.getInfo().get("ComponentName");
if (hostType.equals("intel") && m.getInfo().get("EventName") != null) {
log.debug("Adding host specific manifest for event " + m.getInfo().get("EventName") + ": field=" + m.getLabel() + " component=" + m.getInfo().get("ComponentName"));
log.debug("Querying manifest for event: " + m.getInfo().get("EventName") + ": MLE_ID=" + vmmMleId.getId() + " component=" + m.getInfo().get("ComponentName"));
// For open source XEN and KVM both the modules that get extended to PCR 19 should be added into the host specific table
//TblModuleManifest tblModuleManifest = My.jpa().mwModuleManifest().findByMleNameEventName(vmmMleId.getId(), m.getInfo().get("ComponentName"), m.getInfo().get("EventName"));
TblModuleManifestJpaController tblModuleManifestJpaController = getModuleJpaController();
TblModuleManifest tblModuleManifest = tblModuleManifestJpaController.findByMleNameEventName(vmmMleId.getId(), m.getInfo().get("ComponentName"), m.getInfo().get("EventName"));
TblHostSpecificManifest tblHostSpecificManifest = new TblHostSpecificManifest();
tblHostSpecificManifest.setDigestValue(m.getValue().toString());
tblHostSpecificManifest.setModuleManifestID(tblModuleManifest);
tblHostSpecificManifests.add(tblHostSpecificManifest);
}
}
}
}
} else {
log.warn("No PCR 19 found.SO not saving host specific manifest.");
}
} else {
log.warn("It is not possible to get PCR 19 info. Unable to perform database insertion");
}
return tblHostSpecificManifests;
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
PcrManifest(com.intel.mountwilson.manifest.data.PcrManifest)
TblModuleManifestJpaController(com.intel.mtwilson.as.controller.TblModuleManifestJpaController)
TblHostSpecificManifest(com.intel.mtwilson.as.data.TblHostSpecificManifest)
ArrayList(java.util.ArrayList)
TblModuleManifest(com.intel.mtwilson.as.data.TblModuleManifest)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
Example 2 with PcrEventLog
use of com.intel.mtwilson.util.model.PcrEventLog in project OpenAttestation by OpenAttestation.
the class HostBO method addModuleWhiteList.
private void addModuleWhiteList(PcrManifest pcr19, TblHosts tblHosts, TxtHost host, String uuid) {
try {
TblModuleManifestJpaController tblModuleManifestJpa = getModuleJpaController();
TblMleJpaController tblMleJpa = getMleJpaController();
TblEventTypeJpaController tblEventJpa = getEventJpaController();
TblPackageNamespaceJpaController tblPackageJpa = getPackageJpaController();
TblEventType tblEvent;
TblMle tblMle = tblMleJpa.findTblMleByUUID(uuid);
TblPackageNamespace nsPackNS;
if (tblMle == null) {
try {
// First check if the entry exists in the MLE table.
tblMle = getMleDetails(host.getVmm().getName(), host.getVmm().getVersion(), host.getVmm().getOsName(), host.getVmm().getOsVersion(), "");
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_MLE_DOES_NOT_EXIST, host.getVmm().getName(), host.getVmm().getVersion());
}
}
if (tblMle == null) {
log.error("MLE specified is not found in the DB");
throw new ASException(ErrorCode.WS_MLE_RETRIEVAL_ERROR, this.getClass().getSimpleName());
}
String eventName;
String componentName;
// String fullComponentName = "";
String fullComponentName;
String digest;
String packageName;
String packageVendor;
String packageVersion;
String extendedtoPCR;
boolean useHostSpecificDigest;
try {
// Before we insert the record, we need the identity for the event name
if (pcr19.containsPcrEventLog(19)) {
PcrEventLog pcrEventLog = pcr19.getPcrEventLog(19);
if (pcrEventLog != null) {
for (Measurement m : pcrEventLog.getEventLog()) {
extendedtoPCR = m.getInfo().get("ExtendedToPCR");
if (extendedtoPCR != null) {
if (extendedtoPCR.equals("19")) {
//tblEvent = tblEventJpa.findEventTypeByName(m.getInfo().get("EventName"));
eventName = m.getInfo().get("EventName");
componentName = m.getInfo().get("ComponentName");
packageName = String.valueOf(m.getInfo().get("PackageName"));
packageVendor = String.valueOf(m.getInfo().get("PackageVendor"));
packageVersion = String.valueOf(m.getInfo().get("PackageVersion"));
extendedtoPCR = String.valueOf(m.getInfo().get("ExtendedToPCR"));
digest = String.valueOf(m.getValue());
useHostSpecificDigest = Boolean.valueOf(m.getInfo().get("UseHostSpecificDigest"));
try {
// Before we insert the record, we need the identity for the event name
tblEvent = tblEventJpa.findEventTypeByName(eventName);
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST, eventName);
}
validateNull("EventName", eventName);
validateNull("ComponentName", componentName);
// corresponds to VMware, then we will append the event type fieldName to the component name. Otherwise we won't
if (eventName.contains("Vim25")) {
fullComponentName = tblEvent.getFieldName() + "." + componentName;
} else {
fullComponentName = componentName;
}
Integer componentID = tblModuleManifestJpa.findByMleIdEventId(tblMle.getId(), fullComponentName, tblEvent.getId());
if (componentID != null && componentID != 0) {
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_ALREADY_EXISTS, componentName);
}
try {
// Since there will be only one entry for now, we will just hardcode it for now.
// TO-DO: See if we can change this.
// Nov-12,2013: Changed to use the function that accepts the ID instead of the name for better
// performance.
nsPackNS = tblPackageJpa.findByName("Standard_Global_NS");
} catch (NoResultException nre) {
throw new ASException(ErrorCode.WS_NAME_SPACE_DOES_NOT_EXIST);
}
TblModuleManifest newModuleRecord = new TblModuleManifest();
if (uuid != null && !uuid.isEmpty()) {
newModuleRecord.setUuid_hex(uuid);
} else {
newModuleRecord.setUuid_hex(new UUID().toString());
}
newModuleRecord.setMleId(tblMle);
newModuleRecord.setMle_uuid_hex(tblMle.getUuid_hex());
newModuleRecord.setEventID(tblEvent);
newModuleRecord.setNameSpaceID(nsPackNS);
newModuleRecord.setComponentName(fullComponentName);
newModuleRecord.setDigestValue(digest);
newModuleRecord.setPackageName(packageName);
newModuleRecord.setPackageVendor(packageVendor);
newModuleRecord.setPackageVersion(packageVersion);
newModuleRecord.setUseHostSpecificDigestValue(useHostSpecificDigest);
newModuleRecord.setExtendedToPCR(extendedtoPCR);
newModuleRecord.setDescription("");
tblModuleManifestJpa.create(newModuleRecord);
// break;
}
}
}
}
}
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST);
}
} catch (ASException ase) {
throw ase;
} catch (Exception e) {
// throw new ASException(ErrorCode.SYSTEM_ERROR, "Exception while adding Module white list data. " + e.getMessage(), e);
// throw new ASException(e);
log.error("Error during Module whitelist creation.", e);
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_CREATE_ERROR, e.getClass().getSimpleName());
}
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
TblMleJpaController(com.intel.mtwilson.as.controller.TblMleJpaController)
TblPackageNamespaceJpaController(com.intel.mtwilson.as.controller.TblPackageNamespaceJpaController)
TblMle(com.intel.mtwilson.as.data.TblMle)
TblModuleManifest(com.intel.mtwilson.as.data.TblModuleManifest)
NoResultException(javax.persistence.NoResultException)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
ASException(com.intel.mountwilson.as.common.ASException)
NoResultException(javax.persistence.NoResultException)
NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)
IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblEventTypeJpaController(com.intel.mtwilson.as.controller.TblEventTypeJpaController)
TblEventType(com.intel.mtwilson.as.data.TblEventType)
TblModuleManifestJpaController(com.intel.mtwilson.as.controller.TblModuleManifestJpaController)
UUID(com.intel.mtwilson.util.io.UUID)
TblPackageNamespace(com.intel.mtwilson.as.data.TblPackageNamespace)
ASException(com.intel.mountwilson.as.common.ASException)
Example 3 with PcrEventLog
use of com.intel.mtwilson.util.model.PcrEventLog in project OpenAttestation by OpenAttestation.
the class TAHelper method verifyQuoteAndGetPcr.
// BUG #497 need to rewrite this to return List<Pcr> ... the Pcr.equals() does same as (actually more than) IManifest.verify() because Pcr ensures the index is the same and IManifest does not! and also it is less redundant, because this method returns Map< pcr index as string, manifest object containing pcr index and value >
private HashMap<String, PcrManifest> verifyQuoteAndGetPcr(String sessionId, String eventLog) {
//Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
HashMap<String, PcrManifest> pcrMp = new HashMap<String, PcrManifest>();
String setUpFile;
log.info("verifyQuoteAndGetPcr for session {}", sessionId);
//log.info( "Command: {}",command);
//List<String> result = CommandUtil.runCommand(command,true,"VerifyQuote");
String certFileName = aikverifyhome + File.separator + getCertFileName(sessionId);
//2. verification
try {
setUpFile = ResourceFinder.getFile("attestation-service.properties").getAbsolutePath();
String fileLocation = setUpFile.substring(0, setUpFile.indexOf("attestation-service.properties"));
String PrivacyCaCertFileName = "PrivacyCA.cer";
//X509Certificate machineCertificate = pemToX509Certificate(certFileName);
//X509Certificate machineCertificate = certFromFile(certFileName);
certFromFile(certFileName);
//X509Certificate pcaCert = certFromFile(fileLocation + PrivacyCaCertFileName);
certFromFile(fileLocation + PrivacyCaCertFileName);
log.info("passed the verification");
} catch (Exception e) {
log.error("Machine certificate was not signed by the privacy CA." + e.toString());
throw new RuntimeException(e);
}
String nonceFileName = aikverifyhome + File.separator + getNonceFileName(sessionId);
String quoteFileName = aikverifyhome + File.separator + getQuoteFileName(sessionId);
String rsaPubkeyFileName = aikverifyhome + File.separator + getRSAPubkeyFileName(sessionId);
List<String> result = aikqverify(nonceFileName, rsaPubkeyFileName, quoteFileName);
for (String pcrString : result) {
String[] parts = pcrString.trim().split(" ");
if (parts.length == 2) {
String pcrNumber = parts[0].trim().replaceAll(pcrNumberUntaint, "").replaceAll("\n", "");
String pcrValue = parts[1].trim().replaceAll(pcrValueUntaint, "").replaceAll("\n", "");
boolean validPcrNumber = pcrNumberPattern.matcher(pcrNumber).matches();
boolean validPcrValue = pcrValuePattern.matcher(pcrValue).matches();
if (validPcrNumber && validPcrValue) {
log.info("Result PCR " + pcrNumber + ": " + pcrValue);
pcrMp.put(pcrNumber, new PcrManifest(Integer.parseInt(pcrNumber), pcrValue));
}
} else {
log.warn("Result PCR invalid");
}
}
//</modules>
if (eventLog != null) {
log.debug("About to start processing eventLog");
try {
XMLInputFactory xif = XMLInputFactory.newInstance();
StringReader sr = new StringReader(eventLog);
XMLStreamReader reader = xif.createXMLStreamReader(sr);
int extendedToPCR = -1;
String digestValue = "";
String componentName = "";
while (reader.hasNext()) {
if (reader.getEventType() == XMLStreamConstants.START_ELEMENT && reader.getLocalName().equalsIgnoreCase("module")) {
reader.next();
// Get the PCR Number to which the module is extended to
if (reader.getLocalName().equalsIgnoreCase("pcrNumber")) {
extendedToPCR = Integer.parseInt(reader.getElementText());
}
reader.next();
// Get the Module name
if (reader.getLocalName().equalsIgnoreCase("name")) {
componentName = reader.getElementText();
}
reader.next();
// Get the Module hash value
if (reader.getLocalName().equalsIgnoreCase("value")) {
digestValue = reader.getElementText();
}
boolean useHostSpecificDigest = false;
if (ArrayUtils.contains(openSourceHostSpecificModules, componentName)) {
useHostSpecificDigest = true;
}
// Attach the PcrEvent logs to the corresponding pcr indexes.
// Note: Since we will not be processing the even logs for 17 & 18, we will ignore them for now.
Measurement m = convertHostTpmEventLogEntryToMeasurement(extendedToPCR, componentName, digestValue, useHostSpecificDigest);
if (pcrMp.containsKey(String.valueOf(extendedToPCR))) {
if (pcrMp.get(String.valueOf(extendedToPCR)).containsPcrEventLog(extendedToPCR)) {
pcrMp.get(String.valueOf(extendedToPCR)).getPcrEventLog(extendedToPCR).getEventLog().add(m);
} else {
PcrIndex pcrIndex = new PcrIndex(extendedToPCR);
ArrayList<Measurement> list = new ArrayList<Measurement>();
list.add(m);
PcrEventLog eventlog = new PcrEventLog(pcrIndex, list);
pcrMp.get(String.valueOf(extendedToPCR)).setPcrEventLog(eventlog);
//pcrMf.setPcrEventLog(new PcrEventLog(new PcrIndex(extendedToPCR), list));
}
}
}
reader.next();
}
} catch (FactoryConfigurationError | XMLStreamException | NumberFormatException ex) {
//log.error(ex.getMessage(), ex);
throw new IllegalStateException("Invalid measurement log", ex);
}
}
return pcrMp;
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
ASException(com.intel.mountwilson.as.common.ASException)
KeyStoreException(java.security.KeyStoreException)
XMLStreamException(javax.xml.stream.XMLStreamException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
PcrIndex(com.intel.mtwilson.util.model.PcrIndex)
XMLStreamException(javax.xml.stream.XMLStreamException)
PcrManifest(com.intel.mountwilson.manifest.data.PcrManifest)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Aggregations
Measurement (com.intel.mtwilson.util.model.Measurement)3
PcrEventLog (com.intel.mtwilson.util.model.PcrEventLog)3
ASException (com.intel.mountwilson.as.common.ASException)2
PcrManifest (com.intel.mountwilson.manifest.data.PcrManifest)2
TblModuleManifestJpaController (com.intel.mtwilson.as.controller.TblModuleManifestJpaController)2
TblModuleManifest (com.intel.mtwilson.as.data.TblModuleManifest)2
UnknownHostException (java.net.UnknownHostException)2
ArrayList (java.util.ArrayList)2
TblEventTypeJpaController (com.intel.mtwilson.as.controller.TblEventTypeJpaController)1
TblMleJpaController (com.intel.mtwilson.as.controller.TblMleJpaController)1
TblPackageNamespaceJpaController (com.intel.mtwilson.as.controller.TblPackageNamespaceJpaController)1
IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)1
NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)1
TblEventType (com.intel.mtwilson.as.data.TblEventType)1
TblHostSpecificManifest (com.intel.mtwilson.as.data.TblHostSpecificManifest)1
TblMle (com.intel.mtwilson.as.data.TblMle)1
TblPackageNamespace (com.intel.mtwilson.as.data.TblPackageNamespace)1
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)1
UUID (com.intel.mtwilson.util.io.UUID)1
PcrIndex (com.intel.mtwilson.util.model.PcrIndex)1
