use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method findValidAssetTagCertForHost.
public MwAssetTagCertificate findValidAssetTagCertForHost(Integer hostID) {
try {
// So if the host has been provisioned multiple times, we will pick up the latest one.
if (hostID != 0) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostID(hostID);
MwAssetTagCertificateJpaController assetTagController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = assetTagController.findAssetTagCertificatesByHostID(hostID);
if (atagCerts.isEmpty()) {
log.info("Asset tag certificate has not been provisioned for the host with ID : {}.", hostID);
return null;
} else {
// Ideally there should be only one that is valid.
for (MwAssetTagCertificate atagTempCert : atagCerts) {
if (validateAssetTagCert(atagTempCert)) {
log.debug("Valid asset tag certificate found for host with ID {}.", hostID);
return atagTempCert;
}
}
log.info("No valid asset tag certificate found for host with ID {}.", hostID);
}
} else {
log.error("ID specified for the host is not valid.");
throw new ASException(ErrorCode.AS_HOST_NOT_FOUND);
}
} catch (ASException ase) {
log.error("Error during querying of valid asset tag certificate using host ID. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during querying of valid asset tag certificate using host ID. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return null;
}
use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method mapAssetTagCertToHost.
/**
* This function would be used to associate a asset tag certificate with the host for which it is
* provisioned for. It does not require you know the ID of the host you are associating to.
* Here you are giving the hash of the cert to the code and letting it find a matching host
* @param atagObj
* @return true if host was found, false if not
*/
public boolean mapAssetTagCertToHost(AssetTagCertAssociateRequest atagObj) throws CryptographyException {
boolean result = false;
log.debug("mapAssetTagCertToHost");
AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
if (atagObj.getSha1OfAssetCert() != null) {
log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagObj.getSha1OfAssetCert()));
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
// List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
if (atagCerts.isEmpty()) {
log.error("mapAssetTagCertToHost: The asset tag certificate does not exist");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else if (atagCerts.size() > 1) {
log.error("mapAssetTagCertToHost: There were multiple matches for the specified hash");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else {
MwAssetTagCertificate atagCert = atagCerts.get(0);
request.setSha1OfAssetCert(atagCert.getSHA1Hash());
String uuid = atagCert.getUuid().toLowerCase().trim();
log.debug("searching using " + uuid);
//TblHosts tblHost = My.jpa().mwHosts().findByHwUUID(uuid);
TblHostsJpaController tblHostsJpaController = new TblHostsJpaController(getEntityManagerFactory());
TblHosts tblHost = tblHostsJpaController.findByHwUUID(uuid);
if (tblHost != null) {
log.debug("found host matching uuid of cert, going to assoicate with host id = " + tblHost.getId());
request.setHostID(tblHost.getId());
//atagObj.setHostID(tblHost.getId());
result = mapAssetTagCertToHostById(request);
} else {
log.debug("found no matching uuid of cert");
result = false;
}
}
}
return result;
}
use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method mapAssetTagCertToHostById.
/**
* This function would be used to associate a asset tag certificate with the host for which it is
* provisioned for. It requires you know the ID of the host it is to be associated with
* @param atagObj
* @return
*/
public boolean mapAssetTagCertToHostById(AssetTagCertAssociateRequest atagObj) {
boolean result;
log.debug("mapAssetTagCertToHostById");
// Before we map the asset tag cert to the host, we first need to unmap any associations if it already exists
try {
unmapAssetTagCertFromHostById(atagObj);
log.debug("Successfully unmapped the asset tag certificate assocation with host {}. ", atagObj.getHostID());
} catch (Exception ex) {
log.error("Error during unmap of asset tag cert from host with id {}. {}", atagObj.getHostID(), ex.getMessage());
}
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (atagObj.getSha1OfAssetCert() != null) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
// List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
if (atagCerts.isEmpty()) {
log.error("mapAssetTagCertToHostById: The asset tag certificate does not exist");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else if (atagCerts.size() > 1) {
log.error("mapAssetTagCertToHostById: There were multiple matches for the specified hash");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else {
// Now that we have the asset tag identified, let us update the entry with the host ID for which it has
// to be associated.
MwAssetTagCertificate atagCert = atagCerts.get(0);
atagCert.setHostID(atagObj.getHostID());
// Now that the mapping is done, we need to calculate what the expected PCR value should be and put it in
// the PCREvent column.
Sha1Digest tag = Sha1Digest.digestOf(atagCert.getCertificate());
log.debug("mapAssetTagCertToHostById : Sha1 Hash of the certificate with UUID {} is {}.", atagCert.getUuid(), tag.toString());
Sha1Digest expectedHash = Sha1Digest.ZERO.extend(tag);
log.debug("mapAssetTagCertToHostById : Final expected PCR for the certificate with UUID {} is {}.", atagCert.getUuid(), expectedHash.toString());
atagCert.setPCREvent(expectedHash.toByteArray());
//My.jpa().mwAssetTagCertificate().edit(atagCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagCert);
result = true;
}
} else {
log.error("Sha1Hash for the asset tag is not specified.");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
}
} catch (ASException ase) {
log.error("Error during mapping of host to the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during mapping of host by id to the asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.
the class HostBO method associateAssetTagCertForHost.
/**
*
* @param host
*/
private void associateAssetTagCertForHost(TxtHost host, Map<String, String> hostAttributes, TblHosts tblHost) {
String hostUUID;
try {
log.debug("Starting the procedure to map the asset tag certificate for host {}.", host.getHostName().toString());
// present.
if (hostAttributes != null && hostAttributes.containsKey("Host_UUID")) {
hostUUID = hostAttributes.get("Host_UUID");
} else {
log.info("Since UUID for the host {} is not specified, asset tag would not be configured.", host.getHostName().toString());
return;
}
// Now that we have a valid host UUID, let us search for an entry in the db.
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCert = atagCertBO.findValidAssetTagCertForHost(hostUUID);
if (atagCert != null) {
log.debug("Found a valid asset tag certificate for the host {} with UUID {}.", host.getHostName().toString(), hostUUID);
//TblHosts tblHost = My.jpa().mwHosts().findByName(host.getHostName().toString());
if (tblHost != null) {
AssetTagCertAssociateRequest atagMapRequest = new AssetTagCertAssociateRequest();
atagMapRequest.setSha1OfAssetCert(atagCert.getSHA1Hash());
atagMapRequest.setHostID(tblHost.getId());
boolean mapAssetTagCertToHost = atagCertBO.mapAssetTagCertToHostById(atagMapRequest);
if (mapAssetTagCertToHost)
log.info("Successfully mapped the asset tag certificate with UUID {} to host {}", atagCert.getUuid(), tblHost.getName());
else
log.info("No valid asset tag certificate configured for the host {}.", tblHost.getName());
}
} else {
log.info("No valid asset tag certificate configured for the host {}.", host.getHostName().toString());
}
} catch (Exception ex) {
// Log the error and return back.
log.info("Error during asset tag configuration for the host {}. Details: {}.", host.getHostName().toString(), ex.getMessage());
}
}
use of com.intel.mtwilson.as.data.MwAssetTagCertificate in project OpenAttestation by OpenAttestation.
the class HostTrustBO method verifyAssetTagCert.
private MwAssetTagCertificate verifyAssetTagCert(TblHosts tblHosts) {
try {
log.debug("Checking if there are any asset tag certificates mapped to host with ID : {}", tblHosts.getId());
// Load the asset tag certificate only if it is associated and valid.
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getId());
log.info("atagCertBO.findValidAssetTagCertForHost(" + tblHosts.getId() + ")");
if (atagCertForHost != null) {
log.debug("Asset tag certificate is associated to host {} with status {}.", tblHosts.getName(), atagCertForHost.getRevoked());
return atagCertForHost;
} else {
log.debug("Asset tag certificate is either not associated or valid for host {}.", tblHosts.getName());
}
} catch (Exception ex) {
log.error("Exception when looking up the asset tag whitelist.", ex);
// We cannot do anything ... just log the error and proceed
log.info("Error during look up of asset tag certificates for the host {}", tblHosts.getName());
return null;
}
return null;
}
Aggregations