Examples with IManifest com.intel.mountwilson.manifest.data.IManifest used on opensource projects

Example 1 with IManifest

use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.

the class ReportsBO method getHostAttestationReport.

// BUG #497 XXX TODO needs rewrite to use HostAgentFactory and HostAgent interfaces
public String getHostAttestationReport(Hostname hostName) {
    XMLOutputFactory xof = XMLOutputFactory.newInstance();
    XMLStreamWriter xtw;
    StringWriter sw = new StringWriter();
    IManifestStrategy manifestStrategy;
    IManifestStrategyFactory strategyFactory;
    HashMap<String, ? extends IManifest> pcrManifestMap = null;
    TblHosts tblHosts = null;
    String attestationReport = "";
    try {
        tblHosts = getTblHostsJpaController().findByName(hostName.toString());
        if (tblHosts == null) {
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, hostName.toString());
        }
        manifestStrategy = getManifestStrategy(tblHosts);
        // BUG #497  this is now obtained by IntelHostAgent using TAHelper's getQuoteInformationForHost which is what was called by TrustAgentManifestStrategy.getManifest()
        pcrManifestMap = manifestStrategy.getManifest(tblHosts);
    } catch (ASException aex) {
        throw aex;
    } catch (CryptographyException e) {
        throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    try {
        // XXX BUG #497 this entire section in try{}catch{} has  moved to TAHelper and used by IntelHostAgent
        // We need to check if the host supports TPM or not. Only way we can do it
        // using the host table contents is by looking at the AIK Certificate. Based
        // on this flag we generate the attestation report.
        boolean tpmSupport = true;
        String hostType = tblHosts.getVmmMleId().getName();
        if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
            tpmSupport = false;
        }
        // xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
        xtw = xof.createXMLStreamWriter(sw);
        xtw.writeStartDocument();
        xtw.writeStartElement("Host_Attestation_Report");
        xtw.writeAttribute("Host_Name", hostName.toString());
        xtw.writeAttribute("Host_VMM", hostType);
        xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
        if (tpmSupport == true) {
            ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
            pcrMFList.addAll(pcrManifestMap.values());
            for (IManifest pcrInfo : pcrMFList) {
                PcrManifest pInfo = (PcrManifest) pcrInfo;
                xtw.writeStartElement("PCRInfo");
                xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
                xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
                xtw.writeEndElement();
            }
        } else {
            xtw.writeStartElement("PCRInfo");
            xtw.writeAttribute("Error", "Host does not support TPM.");
            xtw.writeEndElement();
        }
        xtw.writeEndElement();
        xtw.writeEndDocument();
        xtw.flush();
        xtw.close();
        attestationReport = sw.toString();
    } catch (Exception ex) {
        throw new ASException(ex);
    }
    return attestationReport;
}

Example 2 with IManifest

use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.

the class HostTrustBO method verifyTrust.

private boolean verifyTrust(TblHosts host, TblMle mle, HashMap<String, ? extends IManifest> pcrManifestMap, HashMap<String, ? extends IManifest> gkvPcrManifestMap) {
    boolean response = true;
    if (gkvPcrManifestMap.size() <= 0) {
        throw new ASException(ErrorCode.AS_MISSING_MANIFEST, mle.getName(), mle.getVersion());
    }
    for (String pcr : gkvPcrManifestMap.keySet()) {
        if (pcrManifestMap.containsKey(pcr)) {
            IManifest pcrMf = pcrManifestMap.get(pcr);
            boolean trustStatus = pcrMf.verify(gkvPcrManifestMap.get(pcr));
            log.info(String.format("PCR %s Host Trust status %s", pcr, String.valueOf(trustStatus)));
            /*
                 * Log to database
                 */
            logTrustStatus(host, mle, pcrMf);
            if (!trustStatus) {
                response = false;
            }
        } else {
            log.info(String.format("PCR %s not found in manifest.", pcr));
            throw new ASException(ErrorCode.AS_PCR_NOT_FOUND, pcr);
        }
    }
    return response;
}

Example 3 with IManifest

use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.

the class HostTrustBOTest method testGetTrustStatus.

@Test
public void testGetTrustStatus() throws Exception {
    TblHosts tblHosts = mockGetHostByIpAddress();
    doReturn(tblHosts).when(hostTrustBO).getHostByIpAddress(SERVER_NAME);
    //get pcrMap 
    HashMap<String, IManifest> pcrManifestMap = new HashMap<String, IManifest>();
    pcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
    pcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
    doReturn(pcrManifestMap).when(manifestStrategy).getManifest(tblHosts);
    //get gkv for given host
    HashMap<String, IManifest> gkvBiosPcrManifestMap = new HashMap<String, IManifest>();
    HashMap<String, IManifest> gkvVmmPcrManifestMap = new HashMap<String, IManifest>();
    gkvBiosPcrManifestMap.put("0", new PcrManifest(0, "31B97D97B4679917EC3C1D943635693FFBAB4143"));
    gkvVmmPcrManifestMap.put("18", new PcrManifest(18, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"));
    doReturn(gkvBiosPcrManifestMap).when(gkvStrategy).getBiosGoodKnownManifest(anyString(), anyString(), anyString());
    doReturn(gkvVmmPcrManifestMap).when(gkvStrategy).getVmmGoodKnownManifest(anyString(), anyString(), anyString(), anyString(), any(Integer.class));
    doNothing().when(taLogJpaController).create(any(TblTaLog.class));
    HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(SERVER_NAME));
    assertNotNull(trustStatus);
    assertTrue(trustStatus.bios);
    assertTrue(trustStatus.vmm);
}

Example 4 with IManifest

use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.

the class PcrGKVStrategyTest method getPcrManifestMap.

private HashMap<String, ? extends IManifest> getPcrManifestMap(TblMle mle) {
    HashMap<String, IManifest> pcrManifests = new HashMap<String, IManifest>();
    for (TblPcrManifest pcrMf : mle.getTblPcrManifestCollection()) {
        pcrMf = pcrManifestJpaController.findPcrManifestById(pcrMf.getId());
        pcrManifests.put(pcrMf.getName().trim(), new PcrManifest(Integer.valueOf(pcrMf.getName()), pcrMf.getValue().trim()));
    }
    return pcrManifests;
}

Example 5 with IManifest

use of com.intel.mountwilson.manifest.data.IManifest in project OpenAttestation by OpenAttestation.

the class TAHelper method getHostAttestationReport.

// hostName == internetAddress.toString() or Hostname.toString() or IPAddress.toString()
// vmmName == tblHosts.getVmmMleId().getName()
public String getHostAttestationReport(String hostName, HashMap<String, PcrManifest> pcrManifestMap, String vmmName) throws Exception {
    XMLOutputFactory xof = XMLOutputFactory.newInstance();
    XMLStreamWriter xtw;
    StringWriter sw = new StringWriter();
    /*
            // We need to check if the host supports TPM or not. Only way we can do it
            // using the host table contents is by looking at the AIK Certificate. Based
            // on this flag we generate the attestation report.
            boolean tpmSupport = true;
            String hostType = "";

            if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
                tpmSupport = false;
            }
            * */
    // XXX   assuming it supports TPM since it's trust agent and we got a pcr manifest (which we only get from getQuoteInformationFromHost if the tpm quote was verified, which means we saved the AIK certificate when we did that)
    boolean tpmSupport = true;
    // xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
    xtw = xof.createXMLStreamWriter(sw);
    xtw.writeStartDocument();
    xtw.writeStartElement("Host_Attestation_Report");
    xtw.writeAttribute("Host_Name", hostName);
    xtw.writeAttribute("Host_VMM", vmmName);
    xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
    if (tpmSupport == true) {
        ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
        pcrMFList.addAll(pcrManifestMap.values());
        for (IManifest pcrInfo : pcrMFList) {
            PcrManifest pInfo = (PcrManifest) pcrInfo;
            xtw.writeStartElement("PCRInfo");
            xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
            xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
            xtw.writeEndElement();
        }
    } else {
        xtw.writeStartElement("PCRInfo");
        xtw.writeAttribute("Error", "Host does not support TPM.");
        xtw.writeEndElement();
    }
    xtw.writeEndElement();
    xtw.writeEndDocument();
    xtw.flush();
    xtw.close();
    String attestationReport = sw.toString();
    return attestationReport;
}