Example 1 with IManifestStrategy
use of com.intel.mountwilson.manifest.IManifestStrategy in project OpenAttestation by OpenAttestation.
the class ReportsBO method getHostAttestationReport.
// BUG #497 XXX TODO needs rewrite to use HostAgentFactory and HostAgent interfaces
public String getHostAttestationReport(Hostname hostName) {
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter xtw;
StringWriter sw = new StringWriter();
IManifestStrategy manifestStrategy;
IManifestStrategyFactory strategyFactory;
HashMap<String, ? extends IManifest> pcrManifestMap = null;
TblHosts tblHosts = null;
String attestationReport = "";
try {
tblHosts = getTblHostsJpaController().findByName(hostName.toString());
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
}
manifestStrategy = getManifestStrategy(tblHosts);
// BUG #497 this is now obtained by IntelHostAgent using TAHelper's getQuoteInformationForHost which is what was called by TrustAgentManifestStrategy.getManifest()
pcrManifestMap = manifestStrategy.getManifest(tblHosts);
} catch (ASException aex) {
throw aex;
} catch (CryptographyException e) {
throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
} catch (Exception ex) {
throw new ASException(ex);
}
try {
// XXX BUG #497 this entire section in try{}catch{} has moved to TAHelper and used by IntelHostAgent
// We need to check if the host supports TPM or not. Only way we can do it
// using the host table contents is by looking at the AIK Certificate. Based
// on this flag we generate the attestation report.
boolean tpmSupport = true;
String hostType = tblHosts.getVmmMleId().getName();
if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
tpmSupport = false;
}
// xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
xtw = xof.createXMLStreamWriter(sw);
xtw.writeStartDocument();
xtw.writeStartElement("Host_Attestation_Report");
xtw.writeAttribute("Host_Name", hostName.toString());
xtw.writeAttribute("Host_VMM", hostType);
xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
if (tpmSupport == true) {
ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
pcrMFList.addAll(pcrManifestMap.values());
for (IManifest pcrInfo : pcrMFList) {
PcrManifest pInfo = (PcrManifest) pcrInfo;
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
xtw.writeEndElement();
}
} else {
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("Error", "Host does not support TPM.");
xtw.writeEndElement();
}
xtw.writeEndElement();
xtw.writeEndDocument();
xtw.flush();
xtw.close();
attestationReport = sw.toString();
} catch (Exception ex) {
throw new ASException(ex);
}
return attestationReport;
}
Also used :
IManifestStrategy(com.intel.mountwilson.manifest.IManifestStrategy)
XMLOutputFactory(javax.xml.stream.XMLOutputFactory)
IManifestStrategyFactory(com.intel.mountwilson.manifest.IManifestStrategyFactory)
ASException(com.intel.mountwilson.as.common.ASException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
StringWriter(java.io.StringWriter)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
PcrManifest(com.intel.mountwilson.manifest.data.PcrManifest)
TblPcrManifest(com.intel.mtwilson.as.data.TblPcrManifest)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
TblHosts(com.intel.mtwilson.as.data.TblHosts)
ASException(com.intel.mountwilson.as.common.ASException)
IManifest(com.intel.mountwilson.manifest.data.IManifest)
Example 2 with IManifestStrategy
use of com.intel.mountwilson.manifest.IManifestStrategy in project OpenAttestation by OpenAttestation.
the class HostTrustBO method getTrustStatus.
/**
*
* @param hostName must not be null
* @return
*/
public HostTrustStatus getTrustStatus(Hostname hostName) {
HashMap<String, ? extends IManifest> pcrManifestMap;
HashMap<String, ? extends IManifest> gkvBiosPcrManifestMap, gkvVmmPcrManifestMap;
if (hostName == null) {
throw new IllegalArgumentException("missing hostname");
}
TblHosts tblHosts = null;
try {
tblHosts = getHostByIpAddress(InetAddress.getByName(hostName.toString()).getHostAddress());
} catch (UnknownHostException e) {
throw new ASException(e);
}
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
}
log.info("VMM name for host is {}", tblHosts.getVmmMleId().getName());
log.info("OS name for host is {}", tblHosts.getVmmMleId().getOsId().getName());
// bug #538 first check if the host supports tpm
HostAgentFactory factory = new HostAgentFactory();
HostAgent agent = factory.getHostAgent(tblHosts);
if (!agent.isTpmAvailable()) {
//Bug 510 add a blank row in the ta log for this host. this is so the host does not report mle's incorrectly.
logBlankTrustStatus(tblHosts);
throw new ASException(ErrorCode.AS_INTEL_TXT_NOT_ENABLED, hostName.toString());
}
IManifestStrategy manifestStrategy = getManifestStrategy(tblHosts);
try {
long start = System.currentTimeMillis();
pcrManifestMap = manifestStrategy.getManifest(tblHosts);
log.info("Manifest Time {}", (System.currentTimeMillis() - start));
} catch (ASException e) {
throw e;
} catch (Exception e) {
throw new ASException(e);
}
long start = System.currentTimeMillis();
log.info("PCRS from the VMM host {}", pcrManifestMap);
/**
* Get GKV for the given host
*
*/
IGKVStrategy gkvStrategy = getGkvStrategy(tblHosts);
gkvBiosPcrManifestMap = gkvStrategy.getBiosGoodKnownManifest(tblHosts.getBiosMleId().getName(), tblHosts.getBiosMleId().getVersion(), tblHosts.getBiosMleId().getOemId().getName());
gkvVmmPcrManifestMap = gkvStrategy.getVmmGoodKnownManifest(tblHosts.getVmmMleId().getName(), tblHosts.getVmmMleId().getVersion(), tblHosts.getVmmMleId().getOsId().getName(), tblHosts.getVmmMleId().getOsId().getVersion(), tblHosts.getId());
/**
* Verify trust
*
*/
log.info("tblHosts.getId()" + tblHosts.getId());
log.info("tblHosts.getIPAddress()" + tblHosts.getIPAddress());
HostTrustStatus trust = verifyTrust(tblHosts, pcrManifestMap, gkvBiosPcrManifestMap, gkvVmmPcrManifestMap);
log.info("Verfication Time {}", (System.currentTimeMillis() - start));
return trust;
}
Also used :
IManifestStrategy(com.intel.mountwilson.manifest.IManifestStrategy)
UnknownHostException(java.net.UnknownHostException)
ASException(com.intel.mountwilson.as.common.ASException)
WebApplicationException(javax.ws.rs.WebApplicationException)
ConfigurationException(org.apache.commons.configuration.ConfigurationException)
CryptographyException(com.intel.mtwilson.crypto.CryptographyException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
TblHosts(com.intel.mtwilson.as.data.TblHosts)
IGKVStrategy(com.intel.mtwilson.as.business.trust.gkv.IGKVStrategy)
ASException(com.intel.mountwilson.as.common.ASException)
Aggregations
ASException (com.intel.mountwilson.as.common.ASException)2
IManifestStrategy (com.intel.mountwilson.manifest.IManifestStrategy)2
TblHosts (com.intel.mtwilson.as.data.TblHosts)2
CryptographyException (com.intel.mtwilson.crypto.CryptographyException)2
IOException (java.io.IOException)2
IManifestStrategyFactory (com.intel.mountwilson.manifest.IManifestStrategyFactory)1
IManifest (com.intel.mountwilson.manifest.data.IManifest)1
PcrManifest (com.intel.mountwilson.manifest.data.PcrManifest)1
IGKVStrategy (com.intel.mtwilson.as.business.trust.gkv.IGKVStrategy)1
TblPcrManifest (com.intel.mtwilson.as.data.TblPcrManifest)1
StringWriter (java.io.StringWriter)1
UnknownHostException (java.net.UnknownHostException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
XMLOutputFactory (javax.xml.stream.XMLOutputFactory)1
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)1
ConfigurationException (org.apache.commons.configuration.ConfigurationException)1
