use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.
the class ReportsBO method getHostAttestationReport.
// BUG #497 XXX TODO needs rewrite to use HostAgentFactory and HostAgent interfaces
public String getHostAttestationReport(Hostname hostName) {
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter xtw;
StringWriter sw = new StringWriter();
IManifestStrategy manifestStrategy;
IManifestStrategyFactory strategyFactory;
HashMap<String, ? extends IManifest> pcrManifestMap = null;
TblHosts tblHosts = null;
String attestationReport = "";
try {
tblHosts = getTblHostsJpaController().findByName(hostName.toString());
if (tblHosts == null) {
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
}
manifestStrategy = getManifestStrategy(tblHosts);
// BUG #497 this is now obtained by IntelHostAgent using TAHelper's getQuoteInformationForHost which is what was called by TrustAgentManifestStrategy.getManifest()
pcrManifestMap = manifestStrategy.getManifest(tblHosts);
} catch (ASException aex) {
throw aex;
} catch (CryptographyException e) {
throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
} catch (Exception ex) {
throw new ASException(ex);
}
try {
// XXX BUG #497 this entire section in try{}catch{} has moved to TAHelper and used by IntelHostAgent
// We need to check if the host supports TPM or not. Only way we can do it
// using the host table contents is by looking at the AIK Certificate. Based
// on this flag we generate the attestation report.
boolean tpmSupport = true;
String hostType = tblHosts.getVmmMleId().getName();
if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
tpmSupport = false;
}
// xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
xtw = xof.createXMLStreamWriter(sw);
xtw.writeStartDocument();
xtw.writeStartElement("Host_Attestation_Report");
xtw.writeAttribute("Host_Name", hostName.toString());
xtw.writeAttribute("Host_VMM", hostType);
xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
if (tpmSupport == true) {
ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
pcrMFList.addAll(pcrManifestMap.values());
for (IManifest pcrInfo : pcrMFList) {
PcrManifest pInfo = (PcrManifest) pcrInfo;
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
xtw.writeEndElement();
}
} else {
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("Error", "Host does not support TPM.");
xtw.writeEndElement();
}
xtw.writeEndElement();
xtw.writeEndDocument();
xtw.flush();
xtw.close();
attestationReport = sw.toString();
} catch (Exception ex) {
throw new ASException(ex);
}
return attestationReport;
}
use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.
the class HostTrustBO method verifyTrust.
private boolean verifyTrust(TblHosts host, TblMle mle, HashMap<String, ? extends IManifest> pcrManifestMap, HashMap<String, ? extends IManifest> gkvPcrManifestMap) {
boolean response = true;
if (gkvPcrManifestMap.size() <= 0) {
throw new ASException(ErrorCode.AS_MISSING_MANIFEST, mle.getName(), mle.getVersion());
}
for (String pcr : gkvPcrManifestMap.keySet()) {
if (pcrManifestMap.containsKey(pcr)) {
IManifest pcrMf = pcrManifestMap.get(pcr);
boolean trustStatus = pcrMf.verify(gkvPcrManifestMap.get(pcr));
log.info(String.format("PCR %s Host Trust status %s", pcr, String.valueOf(trustStatus)));
/*
* Log to database
*/
logTrustStatus(host, mle, pcrMf);
if (!trustStatus) {
response = false;
}
} else {
log.info(String.format("PCR %s not found in manifest.", pcr));
throw new ASException(ErrorCode.AS_PCR_NOT_FOUND, pcr);
}
}
return response;
}
use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.
the class HostTrustBOTest method testGetTrustStatus.
@Test
public void testGetTrustStatus() throws Exception {
TblHosts tblHosts = mockGetHostByIpAddress();
doReturn(tblHosts).when(hostTrustBO).getHostByIpAddress(SERVER_NAME);
//get pcrMap
HashMap<String, IManifest> pcrManifestMap = new HashMap<String, IManifest>();
pcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
pcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
doReturn(pcrManifestMap).when(manifestStrategy).getManifest(tblHosts);
//get gkv for given host
HashMap<String, IManifest> gkvBiosPcrManifestMap = new HashMap<String, IManifest>();
HashMap<String, IManifest> gkvVmmPcrManifestMap = new HashMap<String, IManifest>();
gkvBiosPcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
gkvVmmPcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
doReturn(gkvBiosPcrManifestMap).when(gkvStrategy).getBiosGoodKnownManifest(anyString(), anyString(), anyString());
doReturn(gkvVmmPcrManifestMap).when(gkvStrategy).getVmmGoodKnownManifest(anyString(), anyString(), anyString(), anyString(), any(Integer.class));
doNothing().when(taLogJpaController).create(any(TblTaLog.class));
HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(SERVER_NAME));
assertNotNull(trustStatus);
assertTrue(trustStatus.bios);
assertTrue(trustStatus.vmm);
}
use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.
the class PcrGKVStrategyTest method getPcrManifestMap.
private HashMap<String, ? extends IManifest> getPcrManifestMap(TblMle mle) {
HashMap<String, IManifest> pcrManifests = new HashMap<String, IManifest>();
for (TblPcrManifest pcrMf : mle.getTblPcrManifestCollection()) {
pcrMf = pcrManifestJpaController.findPcrManifestById(pcrMf.getId());
pcrManifests.put(pcrMf.getName().trim(), new PcrManifest(Integer.valueOf(pcrMf.getName()), pcrMf.getValue().trim()));
}
return pcrManifests;
}
use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.
the class TAHelper method getHostAttestationReport.
// hostName == internetAddress.toString() or Hostname.toString() or IPAddress.toString()
// vmmName == tblHosts.getVmmMleId().getName()
public String getHostAttestationReport(String hostName, HashMap<String, PcrManifest> pcrManifestMap, String vmmName) throws Exception {
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter xtw;
StringWriter sw = new StringWriter();
/*
// We need to check if the host supports TPM or not. Only way we can do it
// using the host table contents is by looking at the AIK Certificate. Based
// on this flag we generate the attestation report.
boolean tpmSupport = true;
String hostType = "";
if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
tpmSupport = false;
}
* */
// XXX assuming it supports TPM since it's trust agent and we got a pcr manifest (which we only get from getQuoteInformationFromHost if the tpm quote was verified, which means we saved the AIK certificate when we did that)
boolean tpmSupport = true;
// xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
xtw = xof.createXMLStreamWriter(sw);
xtw.writeStartDocument();
xtw.writeStartElement("Host_Attestation_Report");
xtw.writeAttribute("Host_Name", hostName);
xtw.writeAttribute("Host_VMM", vmmName);
xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
if (tpmSupport == true) {
ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
pcrMFList.addAll(pcrManifestMap.values());
for (IManifest pcrInfo : pcrMFList) {
PcrManifest pInfo = (PcrManifest) pcrInfo;
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
xtw.writeEndElement();
}
} else {
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("Error", "Host does not support TPM.");
xtw.writeEndElement();
}
xtw.writeEndElement();
xtw.writeEndDocument();
xtw.flush();
xtw.close();
String attestationReport = sw.toString();
return attestationReport;
}
Aggregations