Search in sources :

Example 1 with HostAgent

use of com.intel.mtwilson.agent.HostAgent in project OpenAttestation by OpenAttestation.

the class HostBO method addHost.

public String addHost(TxtHost host) {
    String certificate = null;
    String location = null;
    String ipAddress = null;
    HashMap<String, ? extends IManifest> pcrMap = null;
    try {
        ipAddress = InetAddress.getByName(host.getHostName().toString()).getHostAddress();
        if (!ipAddress.equalsIgnoreCase(host.getIPAddress().toString())) {
            throw new ASException(ErrorCode.AS_HOST_IPADDRESS_NOT_MATCHED, host.getHostName().toString(), host.getIPAddress().toString());
        }
        checkForDuplicate(host);
        getBiosAndVMM(host);
        log.info("Getting Server Identity.");
        TblHosts tblHosts = new TblHosts();
        tblHosts.setTlsPolicyName("TRUST_FIRST_CERTIFICATE");
        tblHosts.setTlsKeystore(null);
        tblHosts.setAddOnConnectionInfo(host.getAddOn_Connection_String());
        if (host.getHostName() != null) {
            tblHosts.setName(host.getHostName().toString());
        }
        if (host.getIPAddress() != null) {
            tblHosts.setIPAddress(host.getIPAddress().toString());
        }
        if (host.getPort() != null) {
            tblHosts.setPort(host.getPort());
        } else {
            throw new ASException(ErrorCode.PORT_MISSING, host.getHostName().toString(), host.getIPAddress().toString());
        }
        if (canFetchAIKCertificateForHost(host.getVmm().getName())) {
            // datatype.Vmm
            if (!host.getAddOn_Connection_String().toLowerCase().contains("citrix")) {
                certificate = getAIKCertificateForHost(tblHosts, host);
                // we have to check that the aik certificate was signed by a trusted privacy ca
                X509Certificate hostAikCert = X509Util.decodePemCertificate(certificate);
                hostAikCert.checkValidity();
                // read privacy ca certificate
                InputStream privacyCaIn = new FileInputStream(ResourceFinder.getFile("PrivacyCA.cer"));
                // XXX TODO currently we only support one privacy CA cert...
                // in the future we should read a PEM format file with possibly multiple trusted privacy ca certs
                X509Certificate privacyCaCert = X509Util.decodeDerCertificate(IOUtils.toByteArray(privacyCaIn));
                IOUtils.closeQuietly(privacyCaIn);
                privacyCaCert.checkValidity();
                // verify the trusted privacy ca signed this aik cert
                hostAikCert.verify(privacyCaCert.getPublicKey());
            // NoSuchAlgorithmException,InvalidKeyException,NoSuchProviderException,SignatureException
            }
        } else {
            // ESX host so get the location for the host and store in the table
            pcrMap = getHostPcrManifest(tblHosts, host);
            // BUG #497 sending both the new TblHosts record and the TxtHost object just to get the TlsPolicy into
            // the initial call so that with the trust_first_certificate policy we will obtain the host certificate now while adding it
            log.info("Getting location for host from VCenter");
            location = getLocation(pcrMap);
        }
        HostAgentFactory factory = new HostAgentFactory();
        HostAgent agent = factory.getHostAgent(tblHosts);
        log.info("Saving Host in database with TlsPolicyName {} and TlsKeystoreLength {}", tblHosts.getTlsPolicyName(), tblHosts.getTlsKeystore() == null ? "null" : tblHosts.getTlsKeystore().length);
        Map<String, String> attributes = agent.getHostAttributes();
        String hostUuidAttr = attributes.get("Host_UUID");
        //if ((attributes != null) && (!attributes.isEmpty()) && (hostUuidAttr != null))
        if (!attributes.isEmpty() && hostUuidAttr != null)
            tblHosts.setHardwareUuid(hostUuidAttr.toLowerCase().trim());
        //                        
        log.debug("Saving the host details in the DB");
        // retrieve the complete manifest and get module info inserted into database
        // We only handle module info for PCR 19
        HashMap<String, ? extends IManifest> pcrs = getHostPcrManifest(tblHosts, host);
        List<TblHostSpecificManifest> tblHostSpecificManifests = null;
        if (vmmMleId.getRequiredManifestList().contains(MODULE_PCR)) {
            if (pcrs != null) {
                PcrManifest pcr19 = (PcrManifest) pcrs.get(MODULE_PCR);
                addModuleWhiteList(pcr19, tblHosts, host, hostUuidAttr);
                log.info("Host specific modules would be retrieved from the host that extends into PCR 19.");
                String hostType = host.getVendor();
                tblHostSpecificManifests = createHostSpecificManifestRecords(vmmMleId, pcrs, hostType);
            }
        } else {
            log.info("Host specific modules will not be configured since PCR 19 is not selected for attestation");
        }
        //saveHostInDatabase(tblHosts, host, certificate, location, pcrMap);
        biosMleId = findBiosMleForHost(host);
        vmmMleId = findVmmMleForHost(host);
        saveHostInDatabase(tblHosts, host, certificate, location, pcrMap, tblHostSpecificManifests, biosMleId, vmmMleId);
        // Now that the host has been registered successfully, let us see if there is an asset tag certificated configured for the host
        // to which the host has to be associated
        //attributes);
        associateAssetTagCertForHost(host, agent.getHostAttributes(), tblHosts);
    } catch (ASException ase) {
        throw ase;
    } catch (CryptographyException e) {
        throw new ASException(e, ErrorCode.AS_ENCRYPTION_ERROR, e.getCause() == null ? e.getMessage() : e.getCause().getMessage());
    } catch (Exception e) {
        log.debug("beggining stack trace --------------");
        e.printStackTrace();
        log.debug("end stack trace --------------");
        throw new ASException(e);
    }
    return "true";
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) X509Certificate(java.security.cert.X509Certificate) FileInputStream(java.io.FileInputStream) ASException(com.intel.mountwilson.as.common.ASException) NoResultException(javax.persistence.NoResultException) NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException) IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) PcrManifest(com.intel.mountwilson.manifest.data.PcrManifest) TblHosts(com.intel.mtwilson.as.data.TblHosts) TblHostSpecificManifest(com.intel.mtwilson.as.data.TblHostSpecificManifest) HostAgent(com.intel.mtwilson.agent.HostAgent) HostAgentFactory(com.intel.mtwilson.agent.HostAgentFactory) ASException(com.intel.mountwilson.as.common.ASException)

Aggregations

ASException (com.intel.mountwilson.as.common.ASException)1 PcrManifest (com.intel.mountwilson.manifest.data.PcrManifest)1 HostAgent (com.intel.mtwilson.agent.HostAgent)1 HostAgentFactory (com.intel.mtwilson.agent.HostAgentFactory)1 IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)1 NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)1 TblHostSpecificManifest (com.intel.mtwilson.as.data.TblHostSpecificManifest)1 TblHosts (com.intel.mtwilson.as.data.TblHosts)1 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 UnknownHostException (java.net.UnknownHostException)1 X509Certificate (java.security.cert.X509Certificate)1 NoResultException (javax.persistence.NoResultException)1