use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.
the class CitrixHostAgent method getHostAttestationReport.
public String getHostAttestationReport(String pcrList) throws IOException {
String attestationReport = "";
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter xtw;
StringWriter sw = new StringWriter();
try {
xtw = xof.createXMLStreamWriter(sw);
xtw.writeStartDocument();
xtw.writeStartElement("Host_Attestation_Report");
xtw.writeAttribute("Host_Name", this.client.hostIpAddress);
xtw.writeAttribute("vCenterVersion", "5.0");
xtw.writeAttribute("HostVersion", "5.0");
//xtw.writeAttribute("TXT_Support", tpmSupport.toString());
HashMap<String, PcrManifest> pcrMap = client.getQuoteInformationForHost(pcrList);
Iterator it = pcrMap.entrySet().iterator();
while (it.hasNext()) {
Map.Entry pairs = (Map.Entry) it.next();
xtw.writeStartElement("PCRInfo");
PcrManifest pcr = (PcrManifest) pairs.getValue();
xtw.writeAttribute("ComponentName", Integer.toString(pcr.getPcrNumber()));
xtw.writeAttribute("DigestValue", pcr.getPcrValue());
xtw.writeEndElement();
// avoids a ConcurrentModificationException
it.remove();
}
xtw.writeEndElement();
xtw.writeEndDocument();
xtw.flush();
xtw.close();
attestationReport = sw.toString();
} catch (XMLStreamException ex) {
// Logger.getLogger(CitrixHostAgent.class.getName()).log(Level.SEVERE, null, ex);
log.error("Cannot get host attestation report", ex);
}
log.debug("getHostAttestationReport report:" + attestationReport);
return attestationReport;
}
use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.
the class IntelHostAgent method getHostAttestationReport.
@Override
public String getHostAttestationReport(String pcrList) throws IOException {
if (vendorHostReport != null) {
return vendorHostReport;
}
// if( vmmName == null ) { getHostDetails(); } // XXX host details API is not part of core so you have to get it another way
try {
TAHelper helper = new TAHelper();
HashMap<String, PcrManifest> pcrMap = helper.getQuoteInformationForHost(hostAddress.toString(), trustAgentClient, pcrList);
vendorHostReport = helper.getHostAttestationReport(hostAddress.toString(), pcrMap, vmmName);
log.debug("Host attestation report for {}", hostAddress);
log.debug(vendorHostReport);
return vendorHostReport;
} catch (Exception e) {
throw new IOException(e);
}
}
use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.
the class IntelHostAgent method getManifest.
@Override
public HashMap<String, ? extends IManifest> getManifest() {
if (manifestMap != null) {
return manifestMap;
} else {
try {
TAHelper helper = new TAHelper();
HashMap<String, PcrManifest> pcrMap = helper.getQuoteInformationForHost(hostAddress.toString(), trustAgentClient, "0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23");
manifestMap = pcrMap;
} catch (Exception e) {
//throw new IOException(e);
log.error(e.getMessage());
}
return manifestMap;
}
}
use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.
the class TAHelper method verifyQuoteAndGetPcr.
// BUG #497 need to rewrite this to return List<Pcr> ... the Pcr.equals() does same as (actually more than) IManifest.verify() because Pcr ensures the index is the same and IManifest does not! and also it is less redundant, because this method returns Map< pcr index as string, manifest object containing pcr index and value >
private HashMap<String, PcrManifest> verifyQuoteAndGetPcr(String sessionId, String eventLog) {
//Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
HashMap<String, PcrManifest> pcrMp = new HashMap<String, PcrManifest>();
String setUpFile;
log.info("verifyQuoteAndGetPcr for session {}", sessionId);
//log.info( "Command: {}",command);
//List<String> result = CommandUtil.runCommand(command,true,"VerifyQuote");
String certFileName = aikverifyhome + File.separator + getCertFileName(sessionId);
//2. verification
try {
setUpFile = ResourceFinder.getFile("attestation-service.properties").getAbsolutePath();
String fileLocation = setUpFile.substring(0, setUpFile.indexOf("attestation-service.properties"));
String PrivacyCaCertFileName = "PrivacyCA.cer";
//X509Certificate machineCertificate = pemToX509Certificate(certFileName);
//X509Certificate machineCertificate = certFromFile(certFileName);
certFromFile(certFileName);
//X509Certificate pcaCert = certFromFile(fileLocation + PrivacyCaCertFileName);
certFromFile(fileLocation + PrivacyCaCertFileName);
log.info("passed the verification");
} catch (Exception e) {
log.error("Machine certificate was not signed by the privacy CA." + e.toString());
throw new RuntimeException(e);
}
String nonceFileName = aikverifyhome + File.separator + getNonceFileName(sessionId);
String quoteFileName = aikverifyhome + File.separator + getQuoteFileName(sessionId);
String rsaPubkeyFileName = aikverifyhome + File.separator + getRSAPubkeyFileName(sessionId);
List<String> result = aikqverify(nonceFileName, rsaPubkeyFileName, quoteFileName);
for (String pcrString : result) {
String[] parts = pcrString.trim().split(" ");
if (parts.length == 2) {
String pcrNumber = parts[0].trim().replaceAll(pcrNumberUntaint, "").replaceAll("\n", "");
String pcrValue = parts[1].trim().replaceAll(pcrValueUntaint, "").replaceAll("\n", "");
boolean validPcrNumber = pcrNumberPattern.matcher(pcrNumber).matches();
boolean validPcrValue = pcrValuePattern.matcher(pcrValue).matches();
if (validPcrNumber && validPcrValue) {
log.info("Result PCR " + pcrNumber + ": " + pcrValue);
pcrMp.put(pcrNumber, new PcrManifest(Integer.parseInt(pcrNumber), pcrValue));
}
} else {
log.warn("Result PCR invalid");
}
}
//</modules>
if (eventLog != null) {
log.debug("About to start processing eventLog");
try {
XMLInputFactory xif = XMLInputFactory.newInstance();
StringReader sr = new StringReader(eventLog);
XMLStreamReader reader = xif.createXMLStreamReader(sr);
int extendedToPCR = -1;
String digestValue = "";
String componentName = "";
while (reader.hasNext()) {
if (reader.getEventType() == XMLStreamConstants.START_ELEMENT && reader.getLocalName().equalsIgnoreCase("module")) {
reader.next();
// Get the PCR Number to which the module is extended to
if (reader.getLocalName().equalsIgnoreCase("pcrNumber")) {
extendedToPCR = Integer.parseInt(reader.getElementText());
}
reader.next();
// Get the Module name
if (reader.getLocalName().equalsIgnoreCase("name")) {
componentName = reader.getElementText();
}
reader.next();
// Get the Module hash value
if (reader.getLocalName().equalsIgnoreCase("value")) {
digestValue = reader.getElementText();
}
boolean useHostSpecificDigest = false;
if (ArrayUtils.contains(openSourceHostSpecificModules, componentName)) {
useHostSpecificDigest = true;
}
// Attach the PcrEvent logs to the corresponding pcr indexes.
// Note: Since we will not be processing the even logs for 17 & 18, we will ignore them for now.
Measurement m = convertHostTpmEventLogEntryToMeasurement(extendedToPCR, componentName, digestValue, useHostSpecificDigest);
if (pcrMp.containsKey(String.valueOf(extendedToPCR))) {
if (pcrMp.get(String.valueOf(extendedToPCR)).containsPcrEventLog(extendedToPCR)) {
pcrMp.get(String.valueOf(extendedToPCR)).getPcrEventLog(extendedToPCR).getEventLog().add(m);
} else {
PcrIndex pcrIndex = new PcrIndex(extendedToPCR);
ArrayList<Measurement> list = new ArrayList<Measurement>();
list.add(m);
PcrEventLog eventlog = new PcrEventLog(pcrIndex, list);
pcrMp.get(String.valueOf(extendedToPCR)).setPcrEventLog(eventlog);
//pcrMf.setPcrEventLog(new PcrEventLog(new PcrIndex(extendedToPCR), list));
}
}
}
reader.next();
}
} catch (FactoryConfigurationError | XMLStreamException | NumberFormatException ex) {
//log.error(ex.getMessage(), ex);
throw new IllegalStateException("Invalid measurement log", ex);
}
}
return pcrMp;
}
use of com.intel.mountwilson.manifest.data.PcrManifest in project OpenAttestation by OpenAttestation.
the class TAHelper method getHostAttestationReport.
// hostName == internetAddress.toString() or Hostname.toString() or IPAddress.toString()
// vmmName == tblHosts.getVmmMleId().getName()
public String getHostAttestationReport(String hostName, HashMap<String, PcrManifest> pcrManifestMap, String vmmName) throws Exception {
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter xtw;
StringWriter sw = new StringWriter();
/*
// We need to check if the host supports TPM or not. Only way we can do it
// using the host table contents is by looking at the AIK Certificate. Based
// on this flag we generate the attestation report.
boolean tpmSupport = true;
String hostType = "";
if (tblHosts.getAIKCertificate() == null || tblHosts.getAIKCertificate().isEmpty()) {
tpmSupport = false;
}
* */
// XXX assuming it supports TPM since it's trust agent and we got a pcr manifest (which we only get from getQuoteInformationFromHost if the tpm quote was verified, which means we saved the AIK certificate when we did that)
boolean tpmSupport = true;
// xtw = xof.createXMLStreamWriter(new FileWriter("c:\\temp\\nb_xml.xml"));
xtw = xof.createXMLStreamWriter(sw);
xtw.writeStartDocument();
xtw.writeStartElement("Host_Attestation_Report");
xtw.writeAttribute("Host_Name", hostName);
xtw.writeAttribute("Host_VMM", vmmName);
xtw.writeAttribute("TXT_Support", String.valueOf(tpmSupport));
if (tpmSupport == true) {
ArrayList<IManifest> pcrMFList = new ArrayList<IManifest>();
pcrMFList.addAll(pcrManifestMap.values());
for (IManifest pcrInfo : pcrMFList) {
PcrManifest pInfo = (PcrManifest) pcrInfo;
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("ComponentName", String.valueOf(pInfo.getPcrNumber()));
xtw.writeAttribute("DigestValue", pInfo.getPcrValue().toUpperCase());
xtw.writeEndElement();
}
} else {
xtw.writeStartElement("PCRInfo");
xtw.writeAttribute("Error", "Host does not support TPM.");
xtw.writeEndElement();
}
xtw.writeEndElement();
xtw.writeEndDocument();
xtw.flush();
xtw.close();
String attestationReport = sw.toString();
return attestationReport;
}
Aggregations