Search in sources :

Example 41 with TblHosts

use of com.intel.mtwilson.as.data.TblHosts in project OpenAttestation by OpenAttestation.

the class HostTrustBO method getTrustWithCache.

public HostTrust getTrustWithCache(String host, Boolean forceVerify) {
    log.info("Getting trust for host: " + host + " Force verify flag: " + forceVerify);
    try {
        if (forceVerify != true) {
            TblHosts tblHosts = getHostByName(new Hostname(host));
            if (tblHosts != null) {
                TblTaLog tblTaLog = new TblTaLogJpaController(getEntityManagerFactory()).getHostTALogEntryBefore(tblHosts.getId(), getCacheStaleAfter());
                if (tblTaLog != null)
                    return getHostTrustObj(tblTaLog);
            } else {
                throw new ASException(ErrorCode.AS_HOST_NOT_FOUND, host);
            }
        }
        log.info("Getting trust status from host.");
        HostTrustStatus status = getTrustStatus(new Hostname(host));
        HostTrust hostTrust = new HostTrust(ErrorCode.OK, "OK");
        hostTrust.setBiosStatus((status.bios) ? 1 : 0);
        hostTrust.setVmmStatus((status.vmm) ? 1 : 0);
        hostTrust.setIpAddress(host);
        return hostTrust;
    } catch (ASException e) {
        log.error("Error while getting trust for host " + host, e);
        return new HostTrust(e.getErrorCode(), e.getErrorMessage(), host, null, null);
    } catch (Exception e) {
        log.error("Error while getting trust for host " + host, e);
        return new HostTrust(ErrorCode.SYSTEM_ERROR, new AuthResponse(ErrorCode.SYSTEM_ERROR, e.getMessage()).getErrorMessage(), host, null, null);
    }
}
Also used : TblTaLogJpaController(com.intel.mtwilson.as.controller.TblTaLogJpaController) TblTaLog(com.intel.mtwilson.as.data.TblTaLog) TblHosts(com.intel.mtwilson.as.data.TblHosts) Hostname(com.intel.mtwilson.util.net.Hostname) ASException(com.intel.mountwilson.as.common.ASException) ASException(com.intel.mountwilson.as.common.ASException) WebApplicationException(javax.ws.rs.WebApplicationException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException)

Example 42 with TblHosts

use of com.intel.mtwilson.as.data.TblHosts in project OpenAttestation by OpenAttestation.

the class HostTrustBO method getTrustWithSaml.

/**
     * Returns a multi-host SAML assertion.  It's similar to getTrustWithSaml(TblHosts,String)
     * but it does NOT save the generated SAML assertion.
     */
public String getTrustWithSaml(Collection<TblHosts> tblHostsCollection) {
    try {
        //String location = hostTrustBO.getHostLocation(new Hostname(hostName)).location; // example: "San Jose"
        //HostTrustStatus trustStatus = hostTrustBO.getTrustStatus(new Hostname(hostName)); // example:  BIOS:1,VMM:1
        ArrayList<TxtHostWithAssetTag> hostList = new ArrayList<>();
        for (TblHosts tblHosts : tblHostsCollection) {
            // these 3 lines equivalent of getHostWithTrust without a host-specific saml assertion table record to update 
            HostTrustStatus trust = getTrustStatus(tblHosts, tblHosts.getUuid_hex());
            TxtHostRecord data = createTxtHostRecord(tblHosts);
            TxtHost host = new TxtHost(data, trust);
            // We need to add the Asset tag related data only if the host is provisioned for it. This is done
            // by verifying in the asset tag certificate table. 
            X509AttributeCertificate tagCertificate;
            AssetTagCertBO atagCertBO = new AssetTagCertBO();
            MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
            if (atagCertForHost != null) {
                tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
            } else {
                tagCertificate = null;
            }
            /*
                // We will check if the asset-tag was verified successfully for the host. If so, we need to retrieve
                // all the attributes for that asset-tag and send it to the saml generator.
                X509AttributeCertificate tagCertificate = null; 
                if (host.isAssetTagTrusted()) {
                    AssetTagCertBO atagCertBO = new AssetTagCertBO();
                    MwAssetTagCertificate atagCertForHost = atagCertBO.findValidAssetTagCertForHost(tblHosts.getHardwareUuid());
                    if (atagCertForHost != null) {
                        tagCertificate = X509AttributeCertificate.valueOf(atagCertForHost.getCertificate());
//                        atags.add(new AttributeOidAndValue("UUID", atagCertForHost.getUuid())); // should already be the "Subject" attribute of the certificate, if not then we need to get it from one of the cert attributes
                    }
                }*/
            TxtHostWithAssetTag hostWithAssetTag = new TxtHostWithAssetTag(host, tagCertificate);
            hostList.add(hostWithAssetTag);
        }
        SamlAssertion samlAssertion = getSamlGenerator().generateHostAssertions(hostList);
        log.debug("Expiry {}", samlAssertion.expiry_ts.toString());
        return samlAssertion.assertion;
    } catch (ASException e) {
        // We override that here to give more specific codes when possible:
        if (e.getErrorCode().equals(ErrorCode.AS_HOST_NOT_FOUND)) {
            throw new WebApplicationException(Status.NOT_FOUND);
        }
        /*
             * if( e.getErrorCode().equals(ErrorCode.TA_ERROR)) { throw new
             * WebApplicationException(Status.INTERNAL_SERVER_ERROR); }
             *
             */
        throw e;
    } catch (Exception ex) {
        // throw new ASException( e);
        log.error("Error during retrieval of host trust status.", ex);
        throw new ASException(ErrorCode.AS_HOST_TRUST_ERROR, ex.getClass().getSimpleName());
    }
}
Also used : TxtHostWithAssetTag(com.intel.mtwilson.saml.TxtHostWithAssetTag) WebApplicationException(javax.ws.rs.WebApplicationException) SamlAssertion(com.intel.mtwilson.saml.SamlAssertion) TblSamlAssertion(com.intel.mtwilson.as.data.TblSamlAssertion) AssetTagCertBO(com.intel.mtwilson.as.business.AssetTagCertBO) ArrayList(java.util.ArrayList) ASException(com.intel.mountwilson.as.common.ASException) WebApplicationException(javax.ws.rs.WebApplicationException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) TblHosts(com.intel.mtwilson.as.data.TblHosts) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException)

Aggregations

TblHosts (com.intel.mtwilson.as.data.TblHosts)42 ASException (com.intel.mountwilson.as.common.ASException)17 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)15 EntityManager (javax.persistence.EntityManager)14 NonexistentEntityException (com.intel.mtwilson.as.controller.exceptions.NonexistentEntityException)13 IOException (java.io.IOException)12 UnknownHostException (java.net.UnknownHostException)11 IllegalOrphanException (com.intel.mtwilson.as.controller.exceptions.IllegalOrphanException)10 ArrayList (java.util.ArrayList)10 TblMle (com.intel.mtwilson.as.data.TblMle)9 TblPcrManifest (com.intel.mtwilson.as.data.TblPcrManifest)9 NoResultException (javax.persistence.NoResultException)8 TblHostsJpaController (com.intel.mtwilson.as.controller.TblHostsJpaController)7 TblTaLog (com.intel.mtwilson.as.data.TblTaLog)6 EntityNotFoundException (javax.persistence.EntityNotFoundException)6 Query (javax.persistence.Query)6 CriteriaQuery (javax.persistence.criteria.CriteriaQuery)6 Hostname (com.intel.mtwilson.util.net.Hostname)5 Matchers.anyString (org.mockito.Matchers.anyString)5 ASDataException (com.intel.mtwilson.as.controller.exceptions.ASDataException)4