Search in sources :

Example 1 with UTF8NameValueMicroformat

use of com.intel.mtwilson.datatypes.UTF8NameValueMicroformat in project OpenAttestation by OpenAttestation.

the class CertificateRepository method create.

@Override
public //    @RequiresPermissions("tag_certificates:create") 
void create(Certificate item) {
    log.debug("Certificate:Create - Got request to create a new Certificate {}.", item.getId().toString());
    CertificateLocator locator = new CertificateLocator();
    locator.id = item.getId();
    try (CertificateDAO dao = TagJdbi.certificateDao()) {
        Certificate newCert = dao.findById(item.getId());
        if (newCert == null) {
            newCert = Certificate.valueOf(item.getCertificate());
            dao.insert(item.getId(), newCert.getCertificate(), newCert.getSha1().toHexString(), newCert.getSha256().toHexString(), newCert.getSubject(), newCert.getIssuer(), newCert.getNotBefore(), newCert.getNotAfter());
            log.debug("Certificate:Create - Created the Certificate {} successfully.", item.getId().toString());
        } else {
            log.error("Certificate:Create - Certificate {} will not be created since a duplicate Certificate already exists.", item.getId().toString());
            throw new RepositoryCreateConflictException(locator);
        }
    } catch (RepositoryException re) {
        throw re;
    } catch (Exception ex) {
        log.error("Certificate:Create - Error during certificate creation.", ex);
        throw new RepositoryCreateException(ex, locator);
    }
    //Store tag values from Certificate
    try {
        log.info("Tags from certificate will now be stored");
        KvAttributeRepository repository = new KvAttributeRepository();
        KvAttribute kvAttrib = new KvAttribute();
        if (kvAttrib == null || repository == null)
            log.debug("kvAttrib or repository Obj is null, unable to store certificate tags");
        else {
            List<Attribute> certAttributes = X509AttributeCertificate.valueOf(item.getCertificate()).getAttribute();
            for (Attribute attr : certAttributes) {
                for (ASN1Encodable value : attr.getAttributeValues()) {
                    if (attr.getAttrType().toString().equals(UTF8NameValueMicroformat.OID)) {
                        UTF8NameValueMicroformat microformat = new UTF8NameValueMicroformat(DERUTF8String.getInstance(value));
                        // Check if that tag with same value already exists
                        KvAttributeFilterCriteria criteria = new KvAttributeFilterCriteria();
                        criteria.nameEqualTo = microformat.getName();
                        criteria.valueEqualTo = microformat.getValue();
                        KvAttributeCollection results = repository.search(criteria);
                        if (results.getDocuments().isEmpty()) {
                            kvAttrib.setId(new UUID());
                            kvAttrib.setName(microformat.getName());
                            kvAttrib.setValue(microformat.getValue());
                            repository.create(kvAttrib);
                        } else
                            log.debug("Tag with Name:{} & Value:{} is already stored.", microformat.getName(), microformat.getValue());
                    }
                }
            }
        }
    } catch (Exception e) {
        log.error("Certificate:Create - Error during attribute scan", e);
    }
}
Also used : CertificateLocator(com.intel.mtwilson.datatypes.CertificateLocator) CertificateDAO(com.intel.mtwilson.tag.dao.jdbi.CertificateDAO) KvAttribute(com.intel.mtwilson.datatypes.KvAttribute) Attribute(org.bouncycastle.asn1.x509.Attribute) KvAttribute(com.intel.mtwilson.datatypes.KvAttribute) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException) RepositoryDeleteException(com.intel.mtwilson.tag.repository.RepositoryDeleteException) RepositoryStoreException(com.intel.mtwilson.tag.repository.RepositoryStoreException) RepositoryStoreConflictException(com.intel.mtwilson.tag.repository.RepositoryStoreConflictException) RepositoryRetrieveException(com.intel.mtwilson.tag.repository.RepositoryRetrieveException) RepositoryException(com.intel.mtwilson.tag.repository.RepositoryException) RepositorySearchException(com.intel.mtwilson.tag.repository.RepositorySearchException) RepositoryCreateConflictException(com.intel.mtwilson.tag.repository.RepositoryCreateConflictException) KvAttributeCollection(com.intel.mtwilson.datatypes.KvAttributeCollection) KvAttributeRepository(com.intel.mtwilson.tag.repository.KvAttributeRepository) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) KvAttributeFilterCriteria(com.intel.mtwilson.datatypes.KvAttributeFilterCriteria) UUID(com.intel.mtwilson.util.io.UUID) UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat) Certificate(com.intel.mtwilson.datatypes.Certificate) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) RepositoryCreateException(com.intel.mtwilson.tag.repository.RepositoryCreateException)

Example 2 with UTF8NameValueMicroformat

use of com.intel.mtwilson.datatypes.UTF8NameValueMicroformat in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createHostAttributes.

/*  works but not needed
        private List<Attribute> createStringAttributes(Map<String,String> attributes) throws ConfigurationException {
            ArrayList<Attribute> list = new ArrayList<Attribute>();
            for(Map.Entry<String,String> e : attributes.entrySet()) {
                Attribute attr = createStringAttribute(e.getKey(), e.getValue());
                list.add(attr);
            }
            return list;
        }
        * 
        */
// currently unused but probably works
/*
	private Attribute createComplexAttribute(String name, String xmlValue) throws ConfigurationException {
            SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
            Attribute attr = (Attribute) attrBuilder.buildObject();
            attr.setName(name);

            XMLObjectBuilder stringBuilder =  builderFactory.getBuilder(XSString.TYPE_NAME);
            XSAny attrValue = (XSAny) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
            attrValue.setTextContent(xmlValue);

            attr.getAttributeValues().add(attrValue);
            return attr;
	}
	*/
//        private final String DEFAULT_OID = "2.5.4.789.1";
private AttributeStatement createHostAttributes(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException {
    // Builder Attributes
    SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
    AttributeStatement attrStatement = (AttributeStatement) attrStatementBuilder.buildObject();
    // add host attributes (both for single host and multi-host assertions)
    attrStatement.getAttributes().add(createStringAttribute("Host_Name", host.getHostName().toString()));
    attrStatement.getAttributes().add(createStringAttribute("Host_Address", host.getIPAddress().toString()));
    //            attrStatement.getAttributes().add(createStringAttribute("Host_UUID", host.getUuid()));  
    //            attrStatement.getAttributes().add(createStringAttribute("Host_AIK_SHA1", host.getUuid()));  
    // Create the attribute statements that are trusted
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted", host.isBiosTrusted() && host.isVmmTrusted()));
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_BIOS", host.isBiosTrusted()));
    if (host.isBiosTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Name", host.getBios().getName()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Version", host.getBios().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_OEM", host.getBios().getOem()));
    }
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_VMM", host.isVmmTrusted()));
    if (host.isVmmTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("VMM_Name", host.getVmm().getName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_Version", host.getVmm().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSName", host.getVmm().getOsName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSVersion", host.getVmm().getOsVersion()));
    }
    //}
    if (tagCertificate != null) {
        // add the asset tag attestation status and if the status is trusted, then add all the attributes. In order to uniquely
        // identify all the asset tags on the client side, we will just append the text ATAG for all of them.
        attrStatement.getAttributes().add(createBooleanAttribute("Asset_Tag", host.isAssetTagTrusted()));
        attrStatement.getAttributes().add(createStringAttribute("Asset_Tag_Certificate_Sha1", Sha1Digest.digestOf(tagCertificate.getEncoded()).toString()));
        if (host.isAssetTagTrusted()) {
            // get all microformat attributes
            List<UTF8NameValueMicroformat> microformatAttributes = tagCertificate.getAttributes(UTF8NameValueMicroformat.class);
            for (UTF8NameValueMicroformat microformatAttribute : microformatAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + microformatAttribute.getName() + "]"), microformatAttribute.getValue()));
            }
            // get all name-valuesequence attributes
            List<UTF8NameValueSequence> nameValueSequenceAttributes = tagCertificate.getAttributes(UTF8NameValueSequence.class);
            for (UTF8NameValueSequence nameValueSequenceAttribute : nameValueSequenceAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + nameValueSequenceAttribute.getName() + "]"), StringUtils.join(nameValueSequenceAttribute.getValues(), ",")));
            }
            // all attributes including above and any other custom attributes will be available directly via the certificate
            attrStatement.getAttributes().add(createBase64BinaryAttribute("TagCertificate", tagCertificate.getEncoded()));
        } else {
            log.debug("Since Asset tag is not verified, no attributes would be added");
        }
    } else {
        log.debug("Since asset tag is not provisioned, asset tag attribute will not be added to the assertion.");
    }
    if (host.getAikCertificate() != null) {
        attrStatement.getAttributes().add(createStringAttribute("AIK_Certificate", host.getAikCertificate()));
    //attrStatement.getAttributes().add(createStringAttribute("AIK_SHA1", host.getAikSha1()));
    }
    if (vmMetaData != null && !vmMetaData.isEmpty()) {
        for (Map.Entry<String, String> entry : vmMetaData.entrySet()) {
            attrStatement.getAttributes().add(createStringAttribute(entry.getKey(), entry.getValue()));
        }
    }
    return attrStatement;
}
Also used : UTF8NameValueSequence(com.intel.mtwilson.datatypes.UTF8NameValueSequence) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) XSString(org.opensaml.xml.schema.XSString) UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)

Aggregations

UTF8NameValueMicroformat (com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)2 Certificate (com.intel.mtwilson.datatypes.Certificate)1 CertificateLocator (com.intel.mtwilson.datatypes.CertificateLocator)1 KvAttribute (com.intel.mtwilson.datatypes.KvAttribute)1 KvAttributeCollection (com.intel.mtwilson.datatypes.KvAttributeCollection)1 KvAttributeFilterCriteria (com.intel.mtwilson.datatypes.KvAttributeFilterCriteria)1 UTF8NameValueSequence (com.intel.mtwilson.datatypes.UTF8NameValueSequence)1 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1 CertificateDAO (com.intel.mtwilson.tag.dao.jdbi.CertificateDAO)1 KvAttributeRepository (com.intel.mtwilson.tag.repository.KvAttributeRepository)1 RepositoryCreateConflictException (com.intel.mtwilson.tag.repository.RepositoryCreateConflictException)1 RepositoryCreateException (com.intel.mtwilson.tag.repository.RepositoryCreateException)1 RepositoryDeleteException (com.intel.mtwilson.tag.repository.RepositoryDeleteException)1 RepositoryException (com.intel.mtwilson.tag.repository.RepositoryException)1 RepositoryRetrieveException (com.intel.mtwilson.tag.repository.RepositoryRetrieveException)1 RepositorySearchException (com.intel.mtwilson.tag.repository.RepositorySearchException)1 RepositoryStoreConflictException (com.intel.mtwilson.tag.repository.RepositoryStoreConflictException)1 RepositoryStoreException (com.intel.mtwilson.tag.repository.RepositoryStoreException)1 UUID (com.intel.mtwilson.util.io.UUID)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1