Example 16 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostBO method addModuleWhiteList.
private void addModuleWhiteList(PcrManifest pcr19, TblHosts tblHosts, TxtHost host, String uuid) {
try {
TblModuleManifestJpaController tblModuleManifestJpa = getModuleJpaController();
TblMleJpaController tblMleJpa = getMleJpaController();
TblEventTypeJpaController tblEventJpa = getEventJpaController();
TblPackageNamespaceJpaController tblPackageJpa = getPackageJpaController();
TblEventType tblEvent;
TblMle tblMle = tblMleJpa.findTblMleByUUID(uuid);
TblPackageNamespace nsPackNS;
if (tblMle == null) {
try {
// First check if the entry exists in the MLE table.
tblMle = getMleDetails(host.getVmm().getName(), host.getVmm().getVersion(), host.getVmm().getOsName(), host.getVmm().getOsVersion(), "");
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_MLE_DOES_NOT_EXIST, host.getVmm().getName(), host.getVmm().getVersion());
}
}
if (tblMle == null) {
log.error("MLE specified is not found in the DB");
throw new ASException(ErrorCode.WS_MLE_RETRIEVAL_ERROR, this.getClass().getSimpleName());
}
String eventName;
String componentName;
// String fullComponentName = "";
String fullComponentName;
String digest;
String packageName;
String packageVendor;
String packageVersion;
String extendedtoPCR;
boolean useHostSpecificDigest;
try {
// Before we insert the record, we need the identity for the event name
if (pcr19.containsPcrEventLog(19)) {
PcrEventLog pcrEventLog = pcr19.getPcrEventLog(19);
if (pcrEventLog != null) {
for (Measurement m : pcrEventLog.getEventLog()) {
extendedtoPCR = m.getInfo().get("ExtendedToPCR");
if (extendedtoPCR != null) {
if (extendedtoPCR.equals("19")) {
//tblEvent = tblEventJpa.findEventTypeByName(m.getInfo().get("EventName"));
eventName = m.getInfo().get("EventName");
componentName = m.getInfo().get("ComponentName");
packageName = String.valueOf(m.getInfo().get("PackageName"));
packageVendor = String.valueOf(m.getInfo().get("PackageVendor"));
packageVersion = String.valueOf(m.getInfo().get("PackageVersion"));
extendedtoPCR = String.valueOf(m.getInfo().get("ExtendedToPCR"));
digest = String.valueOf(m.getValue());
useHostSpecificDigest = Boolean.valueOf(m.getInfo().get("UseHostSpecificDigest"));
try {
// Before we insert the record, we need the identity for the event name
tblEvent = tblEventJpa.findEventTypeByName(eventName);
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST, eventName);
}
validateNull("EventName", eventName);
validateNull("ComponentName", componentName);
// corresponds to VMware, then we will append the event type fieldName to the component name. Otherwise we won't
if (eventName.contains("Vim25")) {
fullComponentName = tblEvent.getFieldName() + "." + componentName;
} else {
fullComponentName = componentName;
}
Integer componentID = tblModuleManifestJpa.findByMleIdEventId(tblMle.getId(), fullComponentName, tblEvent.getId());
if (componentID != null && componentID != 0) {
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_ALREADY_EXISTS, componentName);
}
try {
// Since there will be only one entry for now, we will just hardcode it for now.
// TO-DO: See if we can change this.
// Nov-12,2013: Changed to use the function that accepts the ID instead of the name for better
// performance.
nsPackNS = tblPackageJpa.findByName("Standard_Global_NS");
} catch (NoResultException nre) {
throw new ASException(ErrorCode.WS_NAME_SPACE_DOES_NOT_EXIST);
}
TblModuleManifest newModuleRecord = new TblModuleManifest();
if (uuid != null && !uuid.isEmpty()) {
newModuleRecord.setUuid_hex(uuid);
} else {
newModuleRecord.setUuid_hex(new UUID().toString());
}
newModuleRecord.setMleId(tblMle);
newModuleRecord.setMle_uuid_hex(tblMle.getUuid_hex());
newModuleRecord.setEventID(tblEvent);
newModuleRecord.setNameSpaceID(nsPackNS);
newModuleRecord.setComponentName(fullComponentName);
newModuleRecord.setDigestValue(digest);
newModuleRecord.setPackageName(packageName);
newModuleRecord.setPackageVendor(packageVendor);
newModuleRecord.setPackageVersion(packageVersion);
newModuleRecord.setUseHostSpecificDigestValue(useHostSpecificDigest);
newModuleRecord.setExtendedToPCR(extendedtoPCR);
newModuleRecord.setDescription("");
tblModuleManifestJpa.create(newModuleRecord);
// break;
}
}
}
}
}
} catch (NoResultException nre) {
throw new ASException(nre, ErrorCode.WS_EVENT_TYPE_DOES_NOT_EXIST);
}
} catch (ASException ase) {
throw ase;
} catch (Exception e) {
// throw new ASException(ErrorCode.SYSTEM_ERROR, "Exception while adding Module white list data. " + e.getMessage(), e);
// throw new ASException(e);
log.error("Error during Module whitelist creation.", e);
throw new ASException(ErrorCode.WS_MODULE_WHITELIST_CREATE_ERROR, e.getClass().getSimpleName());
}
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
TblMleJpaController(com.intel.mtwilson.as.controller.TblMleJpaController)
TblPackageNamespaceJpaController(com.intel.mtwilson.as.controller.TblPackageNamespaceJpaController)
TblMle(com.intel.mtwilson.as.data.TblMle)
TblModuleManifest(com.intel.mtwilson.as.data.TblModuleManifest)
NoResultException(javax.persistence.NoResultException)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
ASException(com.intel.mountwilson.as.common.ASException)
NoResultException(javax.persistence.NoResultException)
NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)
IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblEventTypeJpaController(com.intel.mtwilson.as.controller.TblEventTypeJpaController)
TblEventType(com.intel.mtwilson.as.data.TblEventType)
TblModuleManifestJpaController(com.intel.mtwilson.as.controller.TblModuleManifestJpaController)
UUID(com.intel.mtwilson.util.io.UUID)
TblPackageNamespace(com.intel.mtwilson.as.data.TblPackageNamespace)
ASException(com.intel.mountwilson.as.common.ASException)
Example 17 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostTrustBO method getTrustWithSaml.
public String getTrustWithSaml(TblHosts tblHosts, String hostId, String hostAttestationUuid) {
try {
//String location = hostTrustBO.getHostLocation(new Hostname(hostName)).location; // example: "San Jose"
//HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(hostName)); // example: BIOS:1,VMM:1
TblSamlAssertion tblSamlAssertion = new TblSamlAssertion();
TxtHost host = getHostWithTrust(tblHosts, hostId, tblSamlAssertion);
tblSamlAssertion.setAssertionUuid(hostAttestationUuid);
tblSamlAssertion.setBiosTrust(host.isBiosTrusted());
tblSamlAssertion.setVmmTrust(host.isVmmTrusted());
// We need to add the Asset tag related data only if the host is provisioned for it. This is done
// by verifying in the asset tag certificate table.
X509AttributeCertificate tagCertificate;
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblSamlAssertion.getHostId().getId());
if (atagCertForHost != null) {
log.debug("Host has been provisioned in the system with a TAG.");
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
} else {
log.debug("Host has not been provisioned in the system with a TAG.");
tagCertificate = null;
}
// if (tblHosts.getBindingKeyCertificate() != null && !tblHosts.getBindingKeyCertificate().isEmpty()) {
// host.setBindingKeyCertificate(tblHosts.getBindingKeyCertificate());
// }
SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertion(host, tagCertificate, null);
// We will check if the asset-tag was verified successfully for the host. If so, we need to retrieve
// all the attributes for that asset-tag and send it to the saml generator.
/* X509AttributeCertificate tagCertificate = null;
if (host.isAssetTagTrusted()) {
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblSamlAssertion.getHostId().getId());
if (atagCertForHost != null) {
tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
// atags.add(new AttributeOidAndValue("UUID", atagCertForHost.getUuid())); // should already be the "Subject" attribute of the certificate, if not then we need to get it from one of the cert attributes
}
}
SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertion(host, tagCertificate);
*/
log.debug("Expiry {}", samlAssertion.expiry_ts.toString());
tblSamlAssertion.setSaml(samlAssertion.assertion);
tblSamlAssertion.setExpiryTs(samlAssertion.expiry_ts);
tblSamlAssertion.setCreatedTs(samlAssertion.created_ts);
// TrustReport hostTrustReport = getTrustReportForHost(tblHosts, tblHosts.getName());
// tblSamlAssertion.setTrustReport(mapper.writeValueAsString(hostTrustReport));
// logTrustReport(tblHosts, hostTrustReport); // Need to cache the attestation report ### v1 requirement to log to mw_ta_log
getSamlAssertionJpaController().create(tblSamlAssertion);
return samlAssertion.assertion;
} catch (ASException e) {
// We override that here to give more specific codes when possible:
if (e.getErrorCode().equals(ErrorCode.AS_HOST_NOT_FOUND)) {
throw new WebApplicationException(Status.NOT_FOUND);
}
/*
* if( e.getErrorCode().equals(ErrorCode.TA_ERROR)) { throw new
* WebApplicationException(Status.INTERNAL_SERVER_ERROR); }
*
*/
throw e;
} catch (Exception ex) {
// throw new ASException( e);
log.error("Error during retrieval of host trust status.", ex);
throw new ASException(ErrorCode.AS_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
}
}
Also used :
WebApplicationException(javax.ws.rs.WebApplicationException)
SamlAssertion(com.intel.mtwilson.saml.SamlAssertion)
TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion)
AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO)
TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion)
MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)
ASException(com.intel.mountwilson.as.common.ASException)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 18 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostTrustBO method addHostLocation.
/**
* Author: Sudhir
*
* Add a new location mapping entry into the table.
*
* @param hlObj
* @return
*/
public Boolean addHostLocation(HostLocation hlObj) {
TblLocationPcrJpaController locJpaController = new TblLocationPcrJpaController(getEntityManagerFactory());
try {
if (hlObj != null && !hlObj.white_list_value.isEmpty()) {
TblLocationPcr locPCR = locJpaController.findTblLocationPcrByPcrValueEx(hlObj.white_list_value);
if (locPCR != null) {
log.info(String.format("An entry already existing in the location table for the white list specified [%s | %s]", locPCR.getLocation(), hlObj.white_list_value));
if (locPCR.getLocation().equals(hlObj.location)) {
// No need to do anything. Just exit.
return true;
} else {
// Need to update the entry
log.info(String.format("Updating the location value for the white list specified to %s.", hlObj.location));
locPCR.setLocation(hlObj.location);
locJpaController.edit(locPCR);
}
} else {
// Add a new entry for the location mapping table.
locPCR = new TblLocationPcr();
locPCR.setLocation(hlObj.location);
locPCR.setPcrValue(hlObj.white_list_value);
locJpaController.create(locPCR);
log.info(String.format("Successfully added a new location value %s with white list %s.", hlObj.location, hlObj.white_list_value));
}
}
} catch (ASException e) {
throw e;
} catch (Exception e) {
throw new ASException(e);
}
return true;
}
Also used :
TblLocationPcrJpaController(com.intel.mtwilson.as.controller.TblLocationPcrJpaController)
TblLocationPcr(com.intel.mtwilson.as.data.TblLocationPcr)
ASException(com.intel.mountwilson.as.common.ASException)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
Example 19 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostTrustBO method verifyTrust.
private boolean verifyTrust(TblHosts host, TblMle mle, HashMap<String, ? extends IManifest> pcrManifestMap, HashMap<String, ? extends IManifest> gkvPcrManifestMap) {
boolean response = true;
if (gkvPcrManifestMap.size() <= 0) {
throw new ASException(ErrorCode.AS_MISSING_MANIFEST, mle.getName(), mle.getVersion());
}
for (String pcr : gkvPcrManifestMap.keySet()) {
if (pcrManifestMap.containsKey(pcr)) {
IManifest pcrMf = pcrManifestMap.get(pcr);
boolean trustStatus = pcrMf.verify(gkvPcrManifestMap.get(pcr));
log.info(String.format("PCR %s Host Trust status %s", pcr, String.valueOf(trustStatus)));
/*
* Log to database
*/
logTrustStatus(host, mle, pcrMf);
if (!trustStatus) {
response = false;
}
} else {
log.info(String.format("PCR %s not found in manifest.", pcr));
throw new ASException(ErrorCode.AS_PCR_NOT_FOUND, pcr);
}
}
return response;
}
Also used :
ASException(com.intel.mountwilson.as.common.ASException)
IManifest(com.intel.mountwilson.manifest.data.IManifest)
Example 20 with ASException
use of com.intel.mountwilson.as.common.ASException in project OpenAttestation by OpenAttestation.
the class HostTrustBO method getTrustStatus.
/**
*
* @param hostName must not be null
* @return
*/
public HostTrustStatus getTrustStatus(Hostname hostName) {
HashMap<String, ? extends IManifest> pcrManifestMap;
HashMap<String, ? extends IManifest> gkvBiosPcrManifestMap, gkvVmmPcrManifestMap;
if (hostName == null) {
throw new IllegalArgumentException("missing hostname");
}
TblHosts tblHosts = null;
try {
tblHosts = getHostByIpAddress(InetAddress.getByName(hostName.toString()).getHostAddress());
} catch (UnknownHostException e) {
throw new ASException(e);
}
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
}
log.info("VMM name for host is {}", tblHosts.getVmmMleId().getName());
log.info("OS name for host is {}", tblHosts.getVmmMleId().getOsId().getName());
// bug #538 first check if the host supports tpm
HostAgentFactory factory = new HostAgentFactory();
HostAgent agent = factory.getHostAgent(tblHosts);
if (!agent.isTpmAvailable()) {
//Bug 510 add a blank row in the ta log for this host. this is so the host does not report mle's incorrectly.
logBlankTrustStatus(tblHosts);
throw new ASException(ErrorCode.AS_INTEL_TXT_NOT_ENABLED, hostName.toString());
}
IManifestStrategy manifestStrategy = getManifestStrategy(tblHosts);
try {
long start = System.currentTimeMillis();
pcrManifestMap = manifestStrategy.getManifest(tblHosts);
log.info("Manifest Time {}", (System.currentTimeMillis() - start));
} catch (ASException e) {
throw e;
} catch (Exception e) {
throw new ASException(e);
}
long start = System.currentTimeMillis();
log.info("PCRS from the VMM host {}", pcrManifestMap);
/**
* Get GKV for the given host
*
*/
IGKVStrategy gkvStrategy = getGkvStrategy(tblHosts);
gkvBiosPcrManifestMap = gkvStrategy.getBiosGoodKnownManifest(tblHosts.getBiosMleId().getName(), tblHosts.getBiosMleId().getVersion(), tblHosts.getBiosMleId().getOemId().getName());
gkvVmmPcrManifestMap = gkvStrategy.getVmmGoodKnownManifest(tblHosts.getVmmMleId().getName(), tblHosts.getVmmMleId().getVersion(), tblHosts.getVmmMleId().getOsId().getName(), tblHosts.getVmmMleId().getOsId().getVersion(), tblHosts.getId());
/**
* Verify trust
*
*/
log.info("tblHosts.getId()" + tblHosts.getId());
log.info("tblHosts.getIPAddress()" + tblHosts.getIPAddress());
HostTrustStatus trust = verifyTrust(tblHosts, pcrManifestMap, gkvBiosPcrManifestMap, gkvVmmPcrManifestMap);
log.info("Verfication Time {}", (System.currentTimeMillis() - start));
return trust;
}
Also used :
IManifestStrategy(com.intel.mountwilson.manifest.IManifestStrategy)
UnknownHostException(java.net.UnknownHostException)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblHosts(com.intel.mtwilson.as.data.TblHosts)
IGKVStrategy(com.intel.mtwilson.as.business.trust.gkv.IGKVStrategy)
ASException(com.intel.mountwilson.as.common.ASException)
Aggregations
ASException (com.intel.mountwilson.as.common.ASException)69
IOException (java.io.IOException)28
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)26
IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)20
NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)20
TblMle (com.intel.mtwilson.as.data.TblMle)20
NoResultException (javax.persistence.NoResultException)19
UnknownHostException (java.net.UnknownHostException)18
TblHosts (com.intel.mtwilson.as.data.TblHosts)17
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)14
ASDataException (com.intel.mtwilson.as.controller.exceptions.ASDataException)12
KeyManagementException (java.security.KeyManagementException)10
MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)9
SignatureException (java.security.SignatureException)8
CertificateException (java.security.cert.CertificateException)8
WebApplicationException (javax.ws.rs.WebApplicationException)8
ConfigurationException (org.apache.commons.configuration.ConfigurationException)8
ApiException (com.intel.mtwilson.ApiException)7
MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)7
TblMleJpaController (com.intel.mtwilson.as.controller.TblMleJpaController)7
