Search in sources :

Example 11 with ASException

use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method revokeAssetTagCertificate.

/**
     * Updates the asset tag certificate entry and sets the revoked flag to true so that this
     * asset tag certificate will not be considered during attestation of the asset tag.
     * @param atagObj
     * @return 
     */
public boolean revokeAssetTagCertificate(AssetTagCertRevokeRequest atagObj, String uuid) {
    boolean result;
    List<MwAssetTagCertificate> atagCerts;
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (uuid != null && !uuid.isEmpty()) {
            log.debug("UUID {} is specified for revoking the asset tag certificate", uuid);
            //atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByUuid(uuid);
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByUuid(uuid);
        } else if (atagObj.getSha1OfAssetCert() != null) {
            log.error("SHA1 {} is specified for revoking the asset tag certificate", atagObj.getSha1OfAssetCert());
            //atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
        } else {
            log.error("Sha1 for the asset tag is not specified.");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        }
        if (atagCerts.isEmpty() || atagCerts.size() > 1) {
            log.warn("Either the asset tag certificate does not exist or there were multiple matches for the specified hash.");
            //                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            result = true;
        } else {
            // Now that we have the asset tag identified, set the revoked flag to true.
            MwAssetTagCertificate atagCert = atagCerts.get(0);
            atagCert.setRevoked(true);
            //My.jpa().mwAssetTagCertificate().edit(atagCert);
            MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            asert_tag.edit(atagCert);
            result = true;
        }
    } catch (ASException ase) {
        log.error("Error during revocation of the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during revocation of the new asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 12 with ASException

use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method unmapAssetTagCertFromHostById.

/**
     * This function removes the mapping between the host and the asset tag certificate. This needs to be 
     * instantiated when ever the host is deleted from Mt.Wilson.
     * 
     * For removing the mapping, the user need not specify the sha256Hash value. Only the hostID would be 
     * enough.
     * 
     * @param atagObj
     * @return 
     */
public boolean unmapAssetTagCertFromHostById(AssetTagCertAssociateRequest atagObj) {
    boolean result = false;
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (atagObj.getHostID() != 0) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(atagObj.getHostID());                
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByHostID(atagObj.getHostID());
            if (atagCerts.isEmpty()) {
                // There is nothing to unmap. So, we will just return back success
                log.info("The host is currently not mapped to any asset tag certificate. So, nothing to unmap.");
                return true;
            } else {
                // to be associated.
                for (MwAssetTagCertificate atagTempCert : atagCerts) {
                    // There is no need to validate during unmapping the asset tag request
                    // if (validateAssetTagCert(atagTempCert)) {
                    atagTempCert.setHostID(null);
                    //My.jpa().mwAssetTagCertificate().edit(atagTempCert);
                    MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
                    asert_tag.edit(atagTempCert);
                    log.debug("Successfully upmapped the host with id {} from the asset tag certificate.", atagObj.getHostID());
                    return true;
                //}
                }
            }
        } else {
            log.error("Host specified for the asset tag unmap request is not valid.");
            throw new ASException(ErrorCode.AS_HOST_SPECIFIED_IS_CURRENTLY_NOT_MAPPED_TO_ASSET_TAG_CERTIFICATE);
        }
    } catch (ASException ase) {
        log.error("Error during unmapping of the host from asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during unmapping of the host from asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 13 with ASException

use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.

the class HostBO method updateHost.

public String updateHost(TxtHost host) {
    try {
        // datatype.Hostname
        TblHosts tblHosts = getHostByName(host.getHostName());
        if (tblHosts == null) {
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, host.getHostName().toString());
        }
        getBiosAndVMM(host);
        //host (aik cert, manifest,etc)
        if (tblHosts.getTlsPolicyName() == null && tblHosts.getTlsPolicyName().isEmpty()) {
            // XXX new code to test
            tblHosts.setTlsPolicyName("TRUST_FIRST_CERTIFICATE");
        // XXX bug #497 the TxtHost object doesn't have the ssl
        // certificate and policy
        }
        tblHosts.setAddOnConnectionInfo(host.getAddOn_Connection_String());
        if (host.getHostName() != null) {
            tblHosts.setName(host.getHostName().toString());
        }
        if (host.getIPAddress() != null) {
            tblHosts.setIPAddress(host.getIPAddress().toString());
        }
        if (host.getPort() != null) {
            tblHosts.setPort(host.getPort());
        }
        log.info("Getting identity.");
        if (canFetchAIKCertificateForHost(host.getVmm().getName())) {
            // datatype.Vmm
            String certificate = getAIKCertificateForHost(tblHosts, host);
            tblHosts.setAIKCertificate(certificate);
        } else {
            // the
            if (vmmMleId.getId().intValue() != tblHosts.getVmmMleId().getId().intValue()) {
                log.info("VMM is updated. Update the host specific manifest");
                // BUG #497 added tblHosts parameter
                HashMap<String, ? extends IManifest> pcrMap = getHostPcrManifest(tblHosts, host);
            // Building objects and validating that manifests are
            // created ahead of create of host
            }
        }
        List<TblHostSpecificManifest> tblHostSpecificManifests = null;
        if (vmmMleId.getId().intValue() != tblHosts.getVmmMleId().getId().intValue()) {
            log.info("VMM is updated. Update the host specific manifest");
            HashMap<String, ? extends IManifest> pcrs = getHostPcrManifest(tblHosts, host);
            deleteHostSpecificManifest(tblHosts);
            if (vmmMleId.getRequiredManifestList().contains(MODULE_PCR)) {
                log.debug("Host specific modules would be retrieved from the host that extends into PCR 19.");
                // Added the Vendor parameter to the below function so that we can handle the host specific records differently for different types of hosts.
                String hostType = host.getVendor();
                tblHostSpecificManifests = createHostSpecificManifestRecords(vmmMleId, pcrs, hostType);
            } else {
                log.debug("Host specific modules will not be configured since PCR 19 is not selected for attestation");
            }
        }
        biosMleId = findBiosMleForHost(host);
        vmmMleId = findVmmMleForHost(host);
        log.info("Saving Host in database");
        tblHosts.setBiosMleId(biosMleId);
        tblHosts.setDescription(host.getDescription());
        tblHosts.setEmail(host.getEmail());
        if (host.getIPAddress() != null)
            // datatype.IPAddress
            tblHosts.setIPAddress(host.getIPAddress().toString());
        tblHosts.setPort(host.getPort());
        tblHosts.setVmmMleId(vmmMleId);
        tblHosts.setBios_mle_uuid_hex(biosMleId.getUuid_hex());
        tblHosts.setVmm_mle_uuid_hex(vmmMleId.getUuid_hex());
        log.info("Updating Host in database");
        getHostsJpaController().edit(tblHosts);
        if (tblHostSpecificManifests != null) {
            log.debug("Updating Host Specific Manifest in database");
            createHostSpecificManifest(tblHostSpecificManifests, tblHosts);
        }
    } catch (ASException ase) {
        throw ase;
    } catch (CryptographyException e) {
        throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
    } catch (Exception e) {
        throw new ASException(e);
    }
    // return new HostResponse(ErrorCode.OK);
    return "true";
}
Also used : CryptographyException(com.intel.mtwilson.crypto.CryptographyException) TblHosts(com.intel.mtwilson.as.data.TblHosts) TblHostSpecificManifest(com.intel.mtwilson.as.data.TblHostSpecificManifest) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) NoResultException(javax.persistence.NoResultException) NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException) IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Example 14 with ASException

use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.

the class HostBO method findVmmMleForHost.

private TblMle findVmmMleForHost(TxtHost host) throws IOException {
    TblMleJpaController tblMleJpaController = getMleJpaController();
    TblMle vmmMleId = tblMleJpaController.findVmmMle(host.getVmm().getName(), host.getVmm().getVersion(), host.getVmm().getOsName(), host.getVmm().getOsVersion());
    if (vmmMleId == null) {
        throw new ASException(ErrorCode.AS_VMM_INCORRECT, host.getVmm().getName(), host.getVmm().getVersion());
    }
    return vmmMleId;
}
Also used : TblMleJpaController(com.intel.mtwilson.as.controller.TblMleJpaController) TblMle(com.intel.mtwilson.as.data.TblMle) ASException(com.intel.mountwilson.as.common.ASException)

Example 15 with ASException

use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.

the class HostBO method checkForDuplicate.

private void checkForDuplicate(TxtHost host) throws CryptographyException {
    TblHostsJpaController tblHostsJpaController = getHostsJpaController();
    TblHosts tblHosts1 = tblHostsJpaController.findByName(host.getHostName().toString());
    TblHosts tblHosts2 = tblHostsJpaController.findByIPAddress(host.getIPAddress().toString());
    if (tblHosts1 != null) {
        throw new ASException(ErrorCode.AS_HOST_EXISTS, host.getHostName());
    }
    if (tblHosts2 != null) {
        throw new ASException(ErrorCode.AS_IPADDRESS_EXISTS, host.getIPAddress().toString());
    }
}
Also used : TblHostsJpaController(com.intel.mtwilson.as.controller.TblHostsJpaController) TblHosts(com.intel.mtwilson.as.data.TblHosts) ASException(com.intel.mountwilson.as.common.ASException)

Aggregations

ASException (com.intel.mountwilson.as.common.ASException)69 IOException (java.io.IOException)28 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)26 IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)20 NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)20 TblMle (com.intel.mtwilson.as.data.TblMle)20 NoResultException (javax.persistence.NoResultException)19 UnknownHostException (java.net.UnknownHostException)18 TblHosts (com.intel.mtwilson.as.data.TblHosts)17 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14 ASDataException (com.intel.mtwilson.as.controller.exceptions.ASDataException)12 KeyManagementException (java.security.KeyManagementException)10 MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)9 SignatureException (java.security.SignatureException)8 CertificateException (java.security.cert.CertificateException)8 WebApplicationException (javax.ws.rs.WebApplicationException)8 ConfigurationException (org.apache.commons.configuration.ConfigurationException)8 ApiException (com.intel.mtwilson.ApiException)7 MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)7 TblMleJpaController (com.intel.mtwilson.as.controller.TblMleJpaController)7