Example 6 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class ReportsBO method getAttestationReport.
public AttestationReport getAttestationReport(Hostname hostName, Boolean failureOnly) throws NumberFormatException, IOException {
AttestationReport attestationReport = new AttestationReport();
TblHosts tblHosts = null;
try {
// datatype.Hostname
tblHosts = getTblHostsJpaController().findByName(hostName.toString());
} catch (CryptographyException e) {
throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
}
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
}
Date lastStatusTs = getTblTaLogJpaController().findLastStatusTs(tblHosts.getId());
if (lastStatusTs != null) {
List<TblTaLog> logs = getTblTaLogJpaController().findLogsByHostId(tblHosts.getId(), lastStatusTs);
com.intel.mountwilson.as.hostmanifestreport.data.HostType hostType = new com.intel.mountwilson.as.hostmanifestreport.data.HostType();
// datatype.Hostname
hostType.setName(hostName.toString());
if (logs != null) {
for (TblTaLog log : logs) {
boolean value = (failureOnly && log.getTrustStatus() == false);
if (!failureOnly || value) {
if (log.getManifestName().equalsIgnoreCase(ASSET_TAG_PCR)) {
attestationReport.getPcrLogs().add(getPcrLogReportForAssetTag(log, tblHosts.getId()));
} else {
attestationReport.getPcrLogs().add(getPcrManifestLog(tblHosts, log, failureOnly));
}
}
}
}
}
return attestationReport;
}
Also used :
TblTaLog(com.intel.mtwilson.as.data.TblTaLog)
HostType(com.intel.mountwilson.as.hosttrustreport.data.HostType)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
TblHosts(com.intel.mtwilson.as.data.TblHosts)
ASException(com.intel.mountwilson.as.common.ASException)
Example 7 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class BulkHostTrustBO method getBulkTrustSaml.
public String getBulkTrustSaml(Set<String> hosts, boolean forceVerify) {
try {
Set<HostQuoteSaml> tasks = new HashSet<>();
//ArrayList<Future<?>> taskStatus = new ArrayList<>();
List<String> results = new ArrayList<>();
for (String host : hosts) {
HostQuoteSaml task = new HostQuoteSaml(hostTrustBO, host, forceVerify);
task.getTrustWithSaml();
tasks.add(task);
// Future<?> status = scheduler.submit(task);
//taskStatus.add(status);
}
for (HostQuoteSaml task : tasks) {
if (task.getResult() == null) {
results.add(task.getTimeoutResult());
} else if (task.isError()) {
// already an error response
results.add(task.getResult());
} else {
results.add(task.getResult());
}
}
//String report = String.format("<Hosts>%s</Hosts>", StringUtils.join(results, ""));
String report = StringUtils.join(results, "");
return report;
} catch (Exception ex) {
// throw new ASException(ex);
// Bug: 1038 - prevent leaks in error messages to client
log.error("Error during bulk host trust retrieval.", ex);
throw new ASException(ErrorCode.AS_BULK_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
}
}
Also used :
ArrayList(java.util.ArrayList)
ASException(com.intel.mountwilson.as.common.ASException)
TimeoutException(java.util.concurrent.TimeoutException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
ASException(com.intel.mountwilson.as.common.ASException)
HashSet(java.util.HashSet)
Example 8 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method findValidAssetTagCertForHost.
/**
* Finds a valid asset tag certificate for the specified host.
* @param uuid
* @return
*/
public MwAssetTagCertificate findValidAssetTagCertForHost(String uuid) {
uuid = uuid.replace("\n", "");
try {
// So if the host has been provisioned multiple times, we will pick up the latest one.
if (uuid != null && !uuid.isEmpty()) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
if (atagCerts.isEmpty()) {
log.info("Asset tag certificate has not been provisioned for the host with UUID : {}.", uuid);
return null;
} else {
// For each of the asset tag certs that are returned back, we need to validate the certificate first.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
if (validateAssetTagCert(atagTempCert)) {
log.debug("Valid asset tag certificate found for host with UUID {}.", uuid);
return atagTempCert;
}
}
log.info("No valid asset tag certificate found for host with UUID {}.", uuid);
return null;
}
} else {
log.error("UUID specified for the host is not valid.");
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
}
} catch (ASException ase) {
log.error("Error during querying of valid asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during querying of valid asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
}
Also used :
MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
ASException(com.intel.mountwilson.as.common.ASException)
ApiException(com.intel.mtwilson.ApiException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 9 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method validateAssetTagCert.
/**
* Validates the asset tag certificate and returns back true/false accordingly.
*
* @param atagObj
* @return
*/
private boolean validateAssetTagCert(MwAssetTagCertificate atagObj) {
boolean isValid = false;
try {
// First let us verify if the revoked flag is set
if (atagObj.getRevoked() == true)
return false;
// X509AttributeCertificate provides a helper function that validates both the dates and the signature.
// For that we need to first get the CA certificate that signed the Attribute Certificate. We need to
// extract this from the PEM file list and pass it to the helper function
X509AttributeCertificate atagAttrCertForHost = X509AttributeCertificate.valueOf(atagObj.getCertificate());
List<X509Certificate> atagCaCerts = null;
////////////////
FileDAO fileDao;
try {
fileDao = TagJdbi.fileDao();
File cacertFile = fileDao.findByName("cacerts");
if (cacertFile == null) {
log.error("Error loading the cacert pem file to extract the CA certificate(s).");
} else {
atagCaCerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
//IOUtils.closeQuietly(atagCaIn);
log.debug("Added {} certificates from AssetTagCA.pem", atagCaCerts.size());
// cacerts = X509Util.decodePemCertificates(new String(cacertFile.getContent(), "UTF-8"));
}
} catch (Exception e) {
log.error("Cannot load cacerts", e);
atagCaCerts = null;
}
// The below isValid function verifies both the signature and the dates.
if (atagCaCerts != null) {
for (X509Certificate atagCACert : atagCaCerts) {
if (atagAttrCertForHost.isValid(atagCACert))
return true;
}
}
} catch (Exception ex) {
throw new ASException(ex);
}
return isValid;
}
Also used :
FileDAO(com.intel.mtwilson.tag.dao.jdbi.FileDAO)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
File(com.intel.mtwilson.datatypes.File)
X509Certificate(java.security.cert.X509Certificate)
ASException(com.intel.mountwilson.as.common.ASException)
ApiException(com.intel.mtwilson.ApiException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ASException(com.intel.mountwilson.as.common.ASException)
Example 10 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method importAssetTagCertificate.
// public AssetTagCertBO(PersistenceManager pm) {
// super(pm);
// }
/**
* This functions stores a new asset tag certificate that was provisioned by the Asset tag
* provisioning service for a host.This certificate would be associated to the host for
* which it was provisioned only when that host gets registered with Mt.Wilson
* @param atagObj
* @return
*/
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
boolean result;
X509AttributeCertificate x509AttrCert;
try {
try {
x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
} catch (IllegalArgumentException ce) {
log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
}
MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
if (uuid != null && !uuid.isEmpty())
atagCert.setUuid_hex(uuid);
else
atagCert.setUuid_hex(new UUID().toString());
atagCert.setCertificate(atagObj.getCertificate());
atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
atagCert.setNotAfter(x509AttrCert.getNotAfter());
atagCert.setNotBefore(x509AttrCert.getNotBefore());
atagCert.setRevoked(false);
//atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
atagCert.setCreate_time(x509AttrCert.getSerialNumber());
//atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
// We are just writing some default value here, which would be changed when the host would be mapped to this
// certificate.
//atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
atagCert.setPCREvent(expectedPcr.toByteArray());
log.debug("assetTag writing cert to DB");
//My.jpa().mwAssetTagCertificate().create(atagCert);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
mwAssetTagCertificateJpaController.create(atagCert);
result = true;
// here we need to check a config option, mtwilson.atag.associate.hosts.auto
// now try to match a host to it
log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
request.setSha1OfAssetCert(atagCert.getSHA1Hash());
//result =
mapAssetTagCertToHost(request);
} catch (ASException ase) {
log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
Also used :
Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest)
X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate)
UUID(com.intel.mtwilson.util.io.UUID)
MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)
ASException(com.intel.mountwilson.as.common.ASException)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
ApiException(com.intel.mtwilson.ApiException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)
Aggregations
ASException (com.intel.mountwilson.as.common.ASException)69
IOException (java.io.IOException)28
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)26
IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)20
NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)20
TblMle (com.intel.mtwilson.as.data.TblMle)20
NoResultException (javax.persistence.NoResultException)19
UnknownHostException (java.net.UnknownHostException)18
TblHosts (com.intel.mtwilson.as.data.TblHosts)17
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
ASDataException (com.intel.mtwilson.as.controller.exceptions.ASDataException)12
KeyManagementException (java.security.KeyManagementException)10
MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)9
SignatureException (java.security.SignatureException)8
CertificateException (java.security.cert.CertificateException)8
WebApplicationException (javax.ws.rs.WebApplicationException)8
ConfigurationException (org.apache.commons.configuration.ConfigurationException)8
ApiException (com.intel.mtwilson.ApiException)7
MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)7
TblMleJpaController (com.intel.mtwilson.as.controller.TblMleJpaController)7
