use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method findValidAssetTagCertForHost.
/**
* Finds a valid asset tag certificate for the specified host.
* @param uuid
* @return
*/
public MwAssetTagCertificate findValidAssetTagCertForHost(String uuid) {
uuid = uuid.replace("\n", "");
try {
// So if the host has been provisioned multiple times, we will pick up the latest one.
if (uuid != null && !uuid.isEmpty()) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
if (atagCerts.isEmpty()) {
log.info("Asset tag certificate has not been provisioned for the host with UUID : {}.", uuid);
return null;
} else {
// For each of the asset tag certs that are returned back, we need to validate the certificate first.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
if (validateAssetTagCert(atagTempCert)) {
log.debug("Valid asset tag certificate found for host with UUID {}.", uuid);
return atagTempCert;
}
}
log.info("No valid asset tag certificate found for host with UUID {}.", uuid);
return null;
}
} else {
log.error("UUID specified for the host is not valid.");
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
}
} catch (ASException ase) {
log.error("Error during querying of valid asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during querying of valid asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
}
use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method importAssetTagCertificate.
// public AssetTagCertBO(PersistenceManager pm) {
// super(pm);
// }
/**
* This functions stores a new asset tag certificate that was provisioned by the Asset tag
* provisioning service for a host.This certificate would be associated to the host for
* which it was provisioned only when that host gets registered with Mt.Wilson
* @param atagObj
* @return
*/
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
boolean result;
X509AttributeCertificate x509AttrCert;
try {
try {
x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
} catch (IllegalArgumentException ce) {
log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
}
MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
if (uuid != null && !uuid.isEmpty())
atagCert.setUuid_hex(uuid);
else
atagCert.setUuid_hex(new UUID().toString());
atagCert.setCertificate(atagObj.getCertificate());
atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
atagCert.setNotAfter(x509AttrCert.getNotAfter());
atagCert.setNotBefore(x509AttrCert.getNotBefore());
atagCert.setRevoked(false);
//atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
atagCert.setCreate_time(x509AttrCert.getSerialNumber());
//atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
// We are just writing some default value here, which would be changed when the host would be mapped to this
// certificate.
//atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
atagCert.setPCREvent(expectedPcr.toByteArray());
log.debug("assetTag writing cert to DB");
//My.jpa().mwAssetTagCertificate().create(atagCert);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
mwAssetTagCertificateJpaController.create(atagCert);
result = true;
// here we need to check a config option, mtwilson.atag.associate.hosts.auto
// now try to match a host to it
log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
request.setSha1OfAssetCert(atagCert.getSHA1Hash());
//result =
mapAssetTagCertToHost(request);
} catch (ASException ase) {
log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method revokeAssetTagCertificate.
/**
* Updates the asset tag certificate entry and sets the revoked flag to true so that this
* asset tag certificate will not be considered during attestation of the asset tag.
* @param atagObj
* @return
*/
public boolean revokeAssetTagCertificate(AssetTagCertRevokeRequest atagObj, String uuid) {
boolean result;
List<MwAssetTagCertificate> atagCerts;
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (uuid != null && !uuid.isEmpty()) {
log.debug("UUID {} is specified for revoking the asset tag certificate", uuid);
//atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByUuid(uuid);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByUuid(uuid);
} else if (atagObj.getSha1OfAssetCert() != null) {
log.error("SHA1 {} is specified for revoking the asset tag certificate", atagObj.getSha1OfAssetCert());
//atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
} else {
log.error("Sha1 for the asset tag is not specified.");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
}
if (atagCerts.isEmpty() || atagCerts.size() > 1) {
log.warn("Either the asset tag certificate does not exist or there were multiple matches for the specified hash.");
// throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
result = true;
} else {
// Now that we have the asset tag identified, set the revoked flag to true.
MwAssetTagCertificate atagCert = atagCerts.get(0);
atagCert.setRevoked(true);
//My.jpa().mwAssetTagCertificate().edit(atagCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagCert);
result = true;
}
} catch (ASException ase) {
log.error("Error during revocation of the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during revocation of the new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method unmapAssetTagCertFromHostById.
/**
* This function removes the mapping between the host and the asset tag certificate. This needs to be
* instantiated when ever the host is deleted from Mt.Wilson.
*
* For removing the mapping, the user need not specify the sha256Hash value. Only the hostID would be
* enough.
*
* @param atagObj
* @return
*/
public boolean unmapAssetTagCertFromHostById(AssetTagCertAssociateRequest atagObj) {
boolean result = false;
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (atagObj.getHostID() != 0) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(atagObj.getHostID());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByHostID(atagObj.getHostID());
if (atagCerts.isEmpty()) {
// There is nothing to unmap. So, we will just return back success
log.info("The host is currently not mapped to any asset tag certificate. So, nothing to unmap.");
return true;
} else {
// to be associated.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
// There is no need to validate during unmapping the asset tag request
// if (validateAssetTagCert(atagTempCert)) {
atagTempCert.setHostID(null);
//My.jpa().mwAssetTagCertificate().edit(atagTempCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagTempCert);
log.debug("Successfully upmapped the host with id {} from the asset tag certificate.", atagObj.getHostID());
return true;
//}
}
}
} else {
log.error("Host specified for the asset tag unmap request is not valid.");
throw new ASException(ErrorCode.AS_HOST_SPECIFIED_IS_CURRENTLY_NOT_MAPPED_TO_ASSET_TAG_CERTIFICATE);
}
} catch (ASException ase) {
log.error("Error during unmapping of the host from asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during unmapping of the host from asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method findValidAssetTagCertForHost.
public MwAssetTagCertificate findValidAssetTagCertForHost(Integer hostID) {
try {
// So if the host has been provisioned multiple times, we will pick up the latest one.
if (hostID != 0) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(hostID);
MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostID(hostID);
if (atagCerts.isEmpty()) {
log.info("Asset tag certificate has not been provisioned for the host with ID : {}.", hostID);
return null;
} else {
// Ideally there should be only one that is valid.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
if (validateAssetTagCert(atagTempCert)) {
log.debug("Valid asset tag certificate found for host with ID {}.", hostID);
return atagTempCert;
}
}
log.info("No valid asset tag certificate found for host with ID {}.", hostID);
}
} else {
log.error("ID specified for the host is not valid.");
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
}
} catch (ASException ase) {
log.error("Error during querying of valid asset tag certificate using host ID. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during querying of valid asset tag certificate using host ID. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return null;
}
Aggregations