Search in sources :

Example 11 with MwAssetTagCertificate

use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method findValidAssetTagCertForHost.

public MwAssetTagCertificate findValidAssetTagCertForHost(Integer hostID) {
    try {
        // So if the host has been provisioned multiple times, we will pick up the latest one.
        if (hostID != 0) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(hostID);
            MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostID(hostID);
            if (atagCerts.isEmpty()) {
                log.info("Asset tag certificate has not been provisioned for the host with ID : {}.", hostID);
                return null;
            } else {
                // Ideally there should be only one that is valid.
                for (MwAssetTagCertificate atagTempCert : atagCerts) {
                    if (validateAssetTagCert(atagTempCert)) {
                        log.debug("Valid asset tag certificate found for host with ID {}.", hostID);
                        return atagTempCert;
                    }
                }
                log.info("No valid asset tag certificate found for host with ID {}.", hostID);
            }
        } else {
            log.error("ID specified for the host is not valid.");
            throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
        }
    } catch (ASException ase) {
        log.error("Error during querying of valid asset tag certificate using host ID. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during querying of valid asset tag certificate using host ID. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return null;
}
Also used : MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 12 with MwAssetTagCertificate

use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method mapAssetTagCertToHost.

/**
     * This function would be used to associate a asset tag certificate with the host for which it is 
     * provisioned for.  It does not require you know the ID of the host you are associating to.  
     * Here you are giving the hash of the cert to the code and letting it find a matching host
     * @param atagObj
     * @return true if host was found, false if not
     */
public boolean mapAssetTagCertToHost(AssetTagCertAssociateRequest atagObj) throws CryptographyException {
    boolean result = false;
    log.debug("mapAssetTagCertToHost");
    AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
    if (atagObj.getSha1OfAssetCert() != null) {
        log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagObj.getSha1OfAssetCert()));
        //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
        MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
        List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
        // List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
        if (atagCerts.isEmpty()) {
            log.error("mapAssetTagCertToHost: The asset tag certificate does not exist");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        } else if (atagCerts.size() > 1) {
            log.error("mapAssetTagCertToHost: There were multiple matches for the specified hash");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        } else {
            MwAssetTagCertificate atagCert = atagCerts.get(0);
            request.setSha1OfAssetCert(atagCert.getSHA1Hash());
            String uuid = atagCert.getUuid().toLowerCase().trim();
            log.debug("searching using " + uuid);
            //TblHosts tblHost = My.jpa().mwHosts().findByHwUUID(uuid);
            TblHostsJpaController tblHostsJpaController = new TblHostsJpaController(getEntityManagerFactory());
            TblHosts tblHost = tblHostsJpaController.findByHwUUID(uuid);
            if (tblHost != null) {
                log.debug("found host matching uuid of cert, going to assoicate with host id = " + tblHost.getId());
                request.setHostID(tblHost.getId());
                //atagObj.setHostID(tblHost.getId());
                result = mapAssetTagCertToHostById(request);
            } else {
                log.debug("found no matching uuid of cert");
                result = false;
            }
        }
    }
    return result;
}
Also used : TblHostsJpaController(com.intel.mtwilson.as.controller.TblHostsJpaController) TblHosts(com.intel.mtwilson.as.data.TblHosts) MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)

Example 13 with MwAssetTagCertificate

use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method mapAssetTagCertToHostById.

/**
     * This function would be used to associate a asset tag certificate with the host for which it is 
     * provisioned for.  It requires you know the ID of the host it is to be associated with 
     * @param atagObj
     * @return 
     */
public boolean mapAssetTagCertToHostById(AssetTagCertAssociateRequest atagObj) {
    boolean result;
    log.debug("mapAssetTagCertToHostById");
    // Before we map the asset tag cert to the host, we first need to unmap any associations if it already exists
    try {
        unmapAssetTagCertFromHostById(atagObj);
        log.debug("Successfully unmapped the asset tag certificate assocation with host {}. ", atagObj.getHostID());
    } catch (Exception ex) {
        log.error("Error during unmap of asset tag cert from host with id {}. {}", atagObj.getHostID(), ex.getMessage());
    }
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (atagObj.getSha1OfAssetCert() != null) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            // List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
            if (atagCerts.isEmpty()) {
                log.error("mapAssetTagCertToHostById: The asset tag certificate does not exist");
                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            } else if (atagCerts.size() > 1) {
                log.error("mapAssetTagCertToHostById: There were multiple matches for the specified hash");
                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            } else {
                // Now that we have the asset tag identified, let us update the entry with the host ID for which it has
                // to be associated.
                MwAssetTagCertificate atagCert = atagCerts.get(0);
                atagCert.setHostID(atagObj.getHostID());
                // Now that the mapping is done, we need to calculate what the expected PCR value should be and put it in
                // the PCREvent column.
                Sha1Digest tag = Sha1Digest.digestOf(atagCert.getCertificate());
                log.debug("mapAssetTagCertToHostById : Sha1 Hash of the certificate with UUID {} is {}.", atagCert.getUuid(), tag.toString());
                Sha1Digest expectedHash = Sha1Digest.ZERO.extend(tag);
                log.debug("mapAssetTagCertToHostById : Final expected PCR for the certificate with UUID {} is {}.", atagCert.getUuid(), expectedHash.toString());
                atagCert.setPCREvent(expectedHash.toByteArray());
                //My.jpa().mwAssetTagCertificate().edit(atagCert);
                MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
                asert_tag.edit(atagCert);
                result = true;
            }
        } else {
            log.error("Sha1Hash for the asset tag is not specified.");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        }
    } catch (ASException ase) {
        log.error("Error during mapping of host to the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during mapping of host by id to the asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException)

Example 14 with MwAssetTagCertificate

use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.

the class HostBO method associateAssetTagCertForHost.

/**
     * 
     * @param host 
     */
private void associateAssetTagCertForHost(TxtHost host, Map<String, String> hostAttributes, TblHosts tblHost) {
    String hostUUID;
    try {
        log.debug("Starting the procedure to map the asset tag certificate for host {}.", host.getHostName().toString());
        // present.
        if (hostAttributes != null && hostAttributes.containsKey("Host_UUID")) {
            hostUUID = hostAttributes.get("Host_UUID");
        } else {
            log.info("Since UUID for the host {} is not specified, asset tag would not be configured.", host.getHostName().toString());
            return;
        }
        // Now that we have a valid host UUID, let us search for an entry in the db.
        AssetTagCertBO atagCertBO = new AssetTagCertBO();
        MwAssetTagCertificate atagCert = atagCertBO.findValidAssetTagCertForHost(hostUUID);
        if (atagCert != null) {
            log.debug("Found a valid asset tag certificate for the host {} with UUID {}.", host.getHostName().toString(), hostUUID);
            //TblHosts tblHost = My.jpa().mwHosts().findByName(host.getHostName().toString());
            if (tblHost != null) {
                AssetTagCertAssociateRequest atagMapRequest = new AssetTagCertAssociateRequest();
                atagMapRequest.setSha1OfAssetCert(atagCert.getSHA1Hash());
                atagMapRequest.setHostID(tblHost.getId());
                boolean mapAssetTagCertToHost = atagCertBO.mapAssetTagCertToHostById(atagMapRequest);
                if (mapAssetTagCertToHost)
                    log.info("Successfully mapped the asset tag certificate with UUID {} to host {}", atagCert.getUuid(), tblHost.getName());
                else
                    log.info("No valid asset tag certificate configured for the host {}.", tblHost.getName());
            }
        } else {
            log.info("No valid asset tag certificate configured for the host {}.", host.getHostName().toString());
        }
    } catch (Exception ex) {
        // Log the error and return back.
        log.info("Error during asset tag configuration for the host {}. Details: {}.", host.getHostName().toString(), ex.getMessage());
    }
}
Also used : MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) NoResultException(javax.persistence.NoResultException) NonexistentEntityException(com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException) IllegalOrphanException(com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Example 15 with MwAssetTagCertificate

use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.

the class HostTrustBO method verifyAssetTagCert.

private MwAssetTagCertificate verifyAssetTagCert(TblHosts tblHosts) {
    try {
        log.debug("Checking if there are any asset tag certificates mapped to host with ID : {}", tblHosts.getId());
        // Load the asset tag certificate only if it is associated and valid.
        AssetTagCertBO atagCertBO = new AssetTagCertBO();
        MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getId());
        log.info("atagCertBO.findValidAssetTagCertForHost(" + tblHosts.getId() + ")");
        if (atagCertForHost != null) {
            log.debug("Asset tag certificate is associated to host {} with status {}.", tblHosts.getName(), atagCertForHost.getRevoked());
            return atagCertForHost;
        } else {
            log.debug("Asset tag certificate is either not associated or valid for host {}.", tblHosts.getName());
        }
    } catch (Exception ex) {
        log.error("Exception when looking up the asset tag whitelist.", ex);
        // We cannot do anything ... just log the error and proceed
        log.info("Error during look up of asset tag certificates for the host {}", tblHosts.getName());
        return null;
    }
    return null;
}
Also used : AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) WebApplicationException(javax.ws.rs.WebApplicationException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Aggregations

MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)16 ASException (com.intel.mountwilson.as.common.ASException)11 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)10 IOException (java.io.IOException)10 MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)7 ApiException (com.intel.mtwilson.ApiException)6 KeyManagementException (java.security.KeyManagementException)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 SignatureException (java.security.SignatureException)6 CertificateException (java.security.cert.CertificateException)6 UnknownHostException (java.net.UnknownHostException)4 AssetTagCertBO (com.intel.mtwilson.as.business.AssetTagCertBO)3 Sha1Digest (com.intel.mtwilson.util.crypto.Sha1Digest)3 EntityManager (javax.persistence.EntityManager)3 WebApplicationException (javax.ws.rs.WebApplicationException)3 ConfigurationException (org.apache.commons.configuration.ConfigurationException)3 NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)2 TblHosts (com.intel.mtwilson.as.data.TblHosts)2 TblSamlAssertion (com.intel.mtwilson.as.data.TblSamlAssertion)2 AssetTagCertAssociateRequest (com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)2