use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method revokeAssetTagCertificate.
/**
* Updates the asset tag certificate entry and sets the revoked flag to true so that this
* asset tag certificate will not be considered during attestation of the asset tag.
* @param atagObj
* @return
*/
public boolean revokeAssetTagCertificate(AssetTagCertRevokeRequest atagObj, String uuid) {
boolean result;
List<MwAssetTagCertificate> atagCerts;
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (uuid != null && !uuid.isEmpty()) {
log.debug("UUID {} is specified for revoking the asset tag certificate", uuid);
//atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByUuid(uuid);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByUuid(uuid);
} else if (atagObj.getSha1OfAssetCert() != null) {
log.error("SHA1 {} is specified for revoking the asset tag certificate", atagObj.getSha1OfAssetCert());
//atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
} else {
log.error("Sha1 for the asset tag is not specified.");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
}
if (atagCerts.isEmpty() || atagCerts.size() > 1) {
log.warn("Either the asset tag certificate does not exist or there were multiple matches for the specified hash.");
// throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
result = true;
} else {
// Now that we have the asset tag identified, set the revoked flag to true.
MwAssetTagCertificate atagCert = atagCerts.get(0);
atagCert.setRevoked(true);
//My.jpa().mwAssetTagCertificate().edit(atagCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagCert);
result = true;
}
} catch (ASException ase) {
log.error("Error during revocation of the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during revocation of the new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method unmapAssetTagCertFromHostById.
/**
* This function removes the mapping between the host and the asset tag certificate. This needs to be
* instantiated when ever the host is deleted from Mt.Wilson.
*
* For removing the mapping, the user need not specify the sha256Hash value. Only the hostID would be
* enough.
*
* @param atagObj
* @return
*/
public boolean unmapAssetTagCertFromHostById(AssetTagCertAssociateRequest atagObj) {
boolean result = false;
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (atagObj.getHostID() != 0) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(atagObj.getHostID());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByHostID(atagObj.getHostID());
if (atagCerts.isEmpty()) {
// There is nothing to unmap. So, we will just return back success
log.info("The host is currently not mapped to any asset tag certificate. So, nothing to unmap.");
return true;
} else {
// to be associated.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
// There is no need to validate during unmapping the asset tag request
// if (validateAssetTagCert(atagTempCert)) {
atagTempCert.setHostID(null);
//My.jpa().mwAssetTagCertificate().edit(atagTempCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagTempCert);
log.debug("Successfully upmapped the host with id {} from the asset tag certificate.", atagObj.getHostID());
return true;
//}
}
}
} else {
log.error("Host specified for the asset tag unmap request is not valid.");
throw new ASException(ErrorCode.AS_HOST_SPECIFIED_IS_CURRENTLY_NOT_MAPPED_TO_ASSET_TAG_CERTIFICATE);
}
} catch (ASException ase) {
log.error("Error during unmapping of the host from asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during unmapping of the host from asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostBO method updateHost.
public String updateHost(TxtHost host) {
try {
// datatype.Hostname
TblHosts tblHosts = getHostByName(host.getHostName());
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, host.getHostName().toString());
}
getBiosAndVMM(host);
//host (aik cert, manifest,etc)
if (tblHosts.getTlsPolicyName() == null && tblHosts.getTlsPolicyName().isEmpty()) {
// XXX new code to test
tblHosts.setTlsPolicyName("TRUST_FIRST_CERTIFICATE");
// XXX bug #497 the TxtHost object doesn't have the ssl
// certificate and policy
}
tblHosts.setAddOnConnectionInfo(host.getAddOn_Connection_String());
if (host.getHostName() != null) {
tblHosts.setName(host.getHostName().toString());
}
if (host.getIPAddress() != null) {
tblHosts.setIPAddress(host.getIPAddress().toString());
}
if (host.getPort() != null) {
tblHosts.setPort(host.getPort());
}
log.info("Getting identity.");
if (canFetchAIKCertificateForHost(host.getVmm().getName())) {
// datatype.Vmm
String certificate = getAIKCertificateForHost(tblHosts, host);
tblHosts.setAIKCertificate(certificate);
} else {
// the
if (vmmMleId.getId().intValue() != tblHosts.getVmmMleId().getId().intValue()) {
log.info("VMM is updated. Update the host specific manifest");
// BUG #497 added tblHosts parameter
HashMap<String, ? extends IManifest> pcrMap = getHostPcrManifest(tblHosts, host);
// Building objects and validating that manifests are
// created ahead of create of host
}
}
List<TblHostSpecificManifest> tblHostSpecificManifests = null;
if (vmmMleId.getId().intValue() != tblHosts.getVmmMleId().getId().intValue()) {
log.info("VMM is updated. Update the host specific manifest");
HashMap<String, ? extends IManifest> pcrs = getHostPcrManifest(tblHosts, host);
deleteHostSpecificManifest(tblHosts);
if (vmmMleId.getRequiredManifestList().contains(MODULE_PCR)) {
log.debug("Host specific modules would be retrieved from the host that extends into PCR 19.");
// Added the Vendor parameter to the below function so that we can handle the host specific records differently for different types of hosts.
String hostType = host.getVendor();
tblHostSpecificManifests = createHostSpecificManifestRecords(vmmMleId, pcrs, hostType);
} else {
log.debug("Host specific modules will not be configured since PCR 19 is not selected for attestation");
}
}
biosMleId = findBiosMleForHost(host);
vmmMleId = findVmmMleForHost(host);
log.info("Saving Host in database");
tblHosts.setBiosMleId(biosMleId);
tblHosts.setDescription(host.getDescription());
tblHosts.setEmail(host.getEmail());
if (host.getIPAddress() != null)
// datatype.IPAddress
tblHosts.setIPAddress(host.getIPAddress().toString());
tblHosts.setPort(host.getPort());
tblHosts.setVmmMleId(vmmMleId);
tblHosts.setBios_mle_uuid_hex(biosMleId.getUuid_hex());
tblHosts.setVmm_mle_uuid_hex(vmmMleId.getUuid_hex());
log.info("Updating Host in database");
getHostsJpaController().edit(tblHosts);
if (tblHostSpecificManifests != null) {
log.debug("Updating Host Specific Manifest in database");
createHostSpecificManifest(tblHostSpecificManifests, tblHosts);
}
} catch (ASException ase) {
throw ase;
} catch (CryptographyException e) {
throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
} catch (Exception e) {
throw new ASException(e);
}
// return new HostResponse(ErrorCode.OK);
return "true";
}
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostBO method findVmmMleForHost.
private TblMle findVmmMleForHost(TxtHost host) throws IOException {
TblMleJpaController tblMleJpaController = getMleJpaController();
TblMle vmmMleId = tblMleJpaController.findVmmMle(host.getVmm().getName(), host.getVmm().getVersion(), host.getVmm().getOsName(), host.getVmm().getOsVersion());
if (vmmMleId == null) {
throw new ASException(ErrorCode.AS_VMM_INCORRECT, host.getVmm().getName(), host.getVmm().getVersion());
}
return vmmMleId;
}
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostBO method checkForDuplicate.
private void checkForDuplicate(TxtHost host) throws CryptographyException {
TblHostsJpaController tblHostsJpaController = getHostsJpaController();
TblHosts tblHosts1 = tblHostsJpaController.findByName(host.getHostName().toString());
TblHosts tblHosts2 = tblHostsJpaController.findByIPAddress(host.getIPAddress().toString());
if (tblHosts1 != null) {
throw new ASException(ErrorCode.AS_HOST_EXISTS, host.getHostName());
}
if (tblHosts2 != null) {
throw new ASException(ErrorCode.AS_IPADDRESS_EXISTS, host.getIPAddress().toString());
}
}
Aggregations