Search in sources :

Example 6 with AssetTagCertBO

use of com.intel.mtwilson.as.business.AssetTagCertBO in project OpenAttestation by OpenAttestation.

the class HostTrustBO method getTrustWithSaml.

/**
     * Returns a multi-host SAML assertion.  It's similar to getTrustWithSaml(TblHosts,String)
     * but it does NOT save the generated SAML assertion.
     */
public String getTrustWithSaml(Collection<TblHosts> tblHostsCollection) {
    try {
        //String location = hostTrustBO.getHostLocation(new Hostname(hostName)).location; // example: "San Jose"
        //HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(hostName)); // example:  BIOS:1,VMM:1
        ArrayList<TxtHostWithAssetTag> hostList = new ArrayList<>();
        for (TblHosts tblHosts : tblHostsCollection) {
            // these 3 lines equivalent of getHostWithTrust without a host-specific saml assertion table record to update 
            HostTrustStatus trust = getTrustStatus(tblHosts, tblHosts.getUuid_hex());
            TxtHostRecord data = createTxtHostRecord(tblHosts);
            TxtHost host = new TxtHost(data, trust);
            // We need to add the Asset tag related data only if the host is provisioned for it. This is done
            // by verifying in the asset tag certificate table. 
            X509AttributeCertificate tagCertificate;
            AssetTagCertBO atagCertBO = new AssetTagCertBO();
            MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
            if (atagCertForHost != null) {
                tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
            } else {
                tagCertificate = null;
            }
            /*
                // We will check if the asset-tag was verified successfully for the host. If so, we need to retrieve
                // all the attributes for that asset-tag and send it to the saml generator.
                X509AttributeCertificate tagCertificate = null; 
                if (host.isAssetTagTrusted()) {
                    AssetTagCertBO atagCertBO = new AssetTagCertBO();
                    MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
                    if (atagCertForHost != null) {
                        tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
//                        atags.add(new AttributeOidAndValue("UUID", atagCertForHost.getUuid())); // should already be the "Subject" attribute of the certificate, if not then we need to get it from one of the cert attributes
                    }
                }*/
            TxtHostWithAssetTag hostWithAssetTag = new TxtHostWithAssetTag(host, tagCertificate);
            hostList.add(hostWithAssetTag);
        }
        SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertions(hostList);
        log.debug("Expiry {}", samlAssertion.expiry_ts.toString());
        return samlAssertion.assertion;
    } catch (ASException e) {
        // We override that here to give more specific codes when possible:
        if (e.getErrorCode().equals(ErrorCode.AS_HOST_NOT_FOUND)) {
            throw new WebApplicationException(Status.NOT_FOUND);
        }
        /*
             * if( e.getErrorCode().equals(ErrorCode.TA_ERROR)) { throw new
             * WebApplicationException(Status.INTERNAL_SERVER_ERROR); }
             *
             */
        throw e;
    } catch (Exception ex) {
        // throw new ASException( e);
        log.error("Error during retrieval of host trust status.", ex);
        throw new ASException(ErrorCode.AS_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
    }
}
Also used : TxtHostWithAssetTag(com.intel.mtwilson.saml.TxtHostWithAssetTag) WebApplicationException(javax.ws.rs.WebApplicationException) SamlAssertion(com.intel.mtwilson.saml.SamlAssertion) TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion) AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO) ArrayList(java.util.ArrayList) ASException(com.intel.mountwilson.as.common.ASException) WebApplicationException(javax.ws.rs.WebApplicationException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) TblHosts(com.intel.mtwilson.as.data.TblHosts) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException)

Aggregations

AssetTagCertBO (com.intel.mtwilson.as.business.AssetTagCertBO)6 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)4 ASException (com.intel.mountwilson.as.common.ASException)3 MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)3 IOException (java.io.IOException)3 UnknownHostException (java.net.UnknownHostException)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 ConfigurationException (org.apache.commons.configuration.ConfigurationException)3 TblSamlAssertion (com.intel.mtwilson.as.data.TblSamlAssertion)2 SamlAssertion (com.intel.mtwilson.saml.SamlAssertion)2 Consumes (javax.ws.rs.Consumes)2 Produces (javax.ws.rs.Produces)2 TblHosts (com.intel.mtwilson.as.data.TblHosts)1 AssetTagCertAssociateRequest (com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)1 Certificate (com.intel.mtwilson.datatypes.Certificate)1 CertificateCollection (com.intel.mtwilson.datatypes.CertificateCollection)1 CertificateFilterCriteria (com.intel.mtwilson.datatypes.CertificateFilterCriteria)1 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1 TxtHostWithAssetTag (com.intel.mtwilson.saml.TxtHostWithAssetTag)1 TagCertificateAuthority (com.intel.mtwilson.tag.TagCertificateAuthority)1