Search in sources :

Example 1 with MwAssetTagCertificateJpaController

use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method findValidAssetTagCertForHost.

/**
     * Finds a valid asset tag certificate for the specified host.
     * @param uuid
     * @return 
     */
public MwAssetTagCertificate findValidAssetTagCertForHost(String uuid) {
    uuid = uuid.replace("\n", "");
    try {
        // So if the host has been provisioned multiple times, we will pick up the latest one.
        if (uuid != null && !uuid.isEmpty()) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
            MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostUUID(uuid.toLowerCase());
            if (atagCerts.isEmpty()) {
                log.info("Asset tag certificate has not been provisioned for the host with UUID : {}.", uuid);
                return null;
            } else {
                // For each of the asset tag certs that are returned back, we need to validate the certificate first.
                for (MwAssetTagCertificate atagTempCert : atagCerts) {
                    if (validateAssetTagCert(atagTempCert)) {
                        log.debug("Valid asset tag certificate found for host with UUID {}.", uuid);
                        return atagTempCert;
                    }
                }
                log.info("No valid asset tag certificate found for host with UUID {}.", uuid);
                return null;
            }
        } else {
            log.error("UUID specified for the host is not valid.");
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
        }
    } catch (ASException ase) {
        log.error("Error during querying of valid asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during querying of valid asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 2 with MwAssetTagCertificateJpaController

use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method importAssetTagCertificate.

//    public AssetTagCertBO(PersistenceManager pm) {
//        super(pm);
//    }
/**
     * This functions stores a new asset tag certificate that was provisioned by the Asset tag
     * provisioning service for a host.This certificate would be associated to the host for
     * which it was provisioned only when that host gets registered with Mt.Wilson
     * @param atagObj
     * @return 
     */
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
    boolean result;
    X509AttributeCertificate x509AttrCert;
    try {
        try {
            x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
        } catch (IllegalArgumentException ce) {
            log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
            throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
        }
        MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
        if (uuid != null && !uuid.isEmpty())
            atagCert.setUuid_hex(uuid);
        else
            atagCert.setUuid_hex(new UUID().toString());
        atagCert.setCertificate(atagObj.getCertificate());
        atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
        atagCert.setNotAfter(x509AttrCert.getNotAfter());
        atagCert.setNotBefore(x509AttrCert.getNotBefore());
        atagCert.setRevoked(false);
        //atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
        atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
        log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
        log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
        atagCert.setCreate_time(x509AttrCert.getSerialNumber());
        //atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
        // We are just writing some default value here, which would be changed when the host would be mapped to this
        // certificate.
        //atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
        Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
        Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
        atagCert.setPCREvent(expectedPcr.toByteArray());
        log.debug("assetTag writing cert to DB");
        //My.jpa().mwAssetTagCertificate().create(atagCert);
        MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
        mwAssetTagCertificateJpaController.create(atagCert);
        result = true;
        // here we need to check a config option, mtwilson.atag.associate.hosts.auto
        // now try to match a host to it
        log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
        AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
        request.setSha1OfAssetCert(atagCert.getSHA1Hash());
        //result = 
        mapAssetTagCertToHost(request);
    } catch (ASException ase) {
        log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) UUID(com.intel.mtwilson.util.io.UUID) MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) ASException(com.intel.mountwilson.as.common.ASException) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)

Example 3 with MwAssetTagCertificateJpaController

use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method revokeAssetTagCertificate.

/**
     * Updates the asset tag certificate entry and sets the revoked flag to true so that this
     * asset tag certificate will not be considered during attestation of the asset tag.
     * @param atagObj
     * @return 
     */
public boolean revokeAssetTagCertificate(AssetTagCertRevokeRequest atagObj, String uuid) {
    boolean result;
    List<MwAssetTagCertificate> atagCerts;
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (uuid != null && !uuid.isEmpty()) {
            log.debug("UUID {} is specified for revoking the asset tag certificate", uuid);
            //atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByUuid(uuid);
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByUuid(uuid);
        } else if (atagObj.getSha1OfAssetCert() != null) {
            log.error("SHA1 {} is specified for revoking the asset tag certificate", atagObj.getSha1OfAssetCert());
            //atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
        } else {
            log.error("Sha1 for the asset tag is not specified.");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        }
        if (atagCerts.isEmpty() || atagCerts.size() > 1) {
            log.warn("Either the asset tag certificate does not exist or there were multiple matches for the specified hash.");
            //                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            result = true;
        } else {
            // Now that we have the asset tag identified, set the revoked flag to true.
            MwAssetTagCertificate atagCert = atagCerts.get(0);
            atagCert.setRevoked(true);
            //My.jpa().mwAssetTagCertificate().edit(atagCert);
            MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            asert_tag.edit(atagCert);
            result = true;
        }
    } catch (ASException ase) {
        log.error("Error during revocation of the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during revocation of the new asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 4 with MwAssetTagCertificateJpaController

use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method unmapAssetTagCertFromHostById.

/**
     * This function removes the mapping between the host and the asset tag certificate. This needs to be 
     * instantiated when ever the host is deleted from Mt.Wilson.
     * 
     * For removing the mapping, the user need not specify the sha256Hash value. Only the hostID would be 
     * enough.
     * 
     * @param atagObj
     * @return 
     */
public boolean unmapAssetTagCertFromHostById(AssetTagCertAssociateRequest atagObj) {
    boolean result = false;
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (atagObj.getHostID() != 0) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(atagObj.getHostID());                
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificatesByHostID(atagObj.getHostID());
            if (atagCerts.isEmpty()) {
                // There is nothing to unmap. So, we will just return back success
                log.info("The host is currently not mapped to any asset tag certificate. So, nothing to unmap.");
                return true;
            } else {
                // to be associated.
                for (MwAssetTagCertificate atagTempCert : atagCerts) {
                    // There is no need to validate during unmapping the asset tag request
                    // if (validateAssetTagCert(atagTempCert)) {
                    atagTempCert.setHostID(null);
                    //My.jpa().mwAssetTagCertificate().edit(atagTempCert);
                    MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
                    asert_tag.edit(atagTempCert);
                    log.debug("Successfully upmapped the host with id {} from the asset tag certificate.", atagObj.getHostID());
                    return true;
                //}
                }
            }
        } else {
            log.error("Host specified for the asset tag unmap request is not valid.");
            throw new ASException(ErrorCode.AS_HOST_SPECIFIED_IS_CURRENTLY_NOT_MAPPED_TO_ASSET_TAG_CERTIFICATE);
        }
    } catch (ASException ase) {
        log.error("Error during unmapping of the host from asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during unmapping of the host from asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 5 with MwAssetTagCertificateJpaController

use of com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method findValidAssetTagCertForHost.

public MwAssetTagCertificate findValidAssetTagCertForHost(Integer hostID) {
    try {
        // So if the host has been provisioned multiple times, we will pick up the latest one.
        if (hostID != 0) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(hostID);
            MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostID(hostID);
            if (atagCerts.isEmpty()) {
                log.info("Asset tag certificate has not been provisioned for the host with ID : {}.", hostID);
                return null;
            } else {
                // Ideally there should be only one that is valid.
                for (MwAssetTagCertificate atagTempCert : atagCerts) {
                    if (validateAssetTagCert(atagTempCert)) {
                        log.debug("Valid asset tag certificate found for host with ID {}.", hostID);
                        return atagTempCert;
                    }
                }
                log.info("No valid asset tag certificate found for host with ID {}.", hostID);
            }
        } else {
            log.error("ID specified for the host is not valid.");
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
        }
    } catch (ASException ase) {
        log.error("Error during querying of valid asset tag certificate using host ID. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during querying of valid asset tag certificate using host ID. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return null;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

ASException (com.intel.mountwilson.as.common.ASException)7 MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)7 MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)7 ApiException (com.intel.mtwilson.ApiException)6 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)6 IOException (java.io.IOException)6 KeyManagementException (java.security.KeyManagementException)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 SignatureException (java.security.SignatureException)6 CertificateException (java.security.cert.CertificateException)6 AssetTagCertAssociateRequest (com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)2 Sha1Digest (com.intel.mtwilson.util.crypto.Sha1Digest)2 TblHostsJpaController (com.intel.mtwilson.as.controller.TblHostsJpaController)1 TblHosts (com.intel.mtwilson.as.data.TblHosts)1 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1 UUID (com.intel.mtwilson.util.io.UUID)1