Search in sources :

Example 1 with Sha1Digest

use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.

the class ReportsBO method getPcrLogReportForAssetTag.

private PcrLogReport getPcrLogReportForAssetTag(TblTaLog taLog, Integer hostId) {
    logger.debug("getPcrLogReportForAssetTag : Creating pcr log report for asset tag verification for host with uuid {}.", hostId);
    AssetTagCertBO atagCertBO = new AssetTagCertBO();
    MwAssetTagCertificate atagCert = atagCertBO.findValidAssetTagCertForHost(hostId);
    if (atagCert != null) {
        logger.debug("getPcrLogReportForAssetTag : Found a valid asset tag certificate for the host with white list value {}", atagCert.getPCREvent().toString());
        PcrLogReport manifest = new PcrLogReport();
        manifest.setName(Integer.parseInt(ASSET_TAG_PCR));
        manifest.setValue(taLog.getManifestValue());
        manifest.setWhiteListValue(new Sha1Digest(atagCert.getPCREvent()).toString());
        if (manifest.getValue().equalsIgnoreCase(manifest.getWhiteListValue())) {
            manifest.setTrustStatus(1);
        } else {
            manifest.setTrustStatus(0);
        }
        manifest.setVerifiedOn(new Date());
        return manifest;
    }
    return null;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate)

Example 2 with Sha1Digest

use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method importAssetTagCertificate.

//    public AssetTagCertBO(PersistenceManager pm) {
//        super(pm);
//    }
/**
     * This functions stores a new asset tag certificate that was provisioned by the Asset tag
     * provisioning service for a host.This certificate would be associated to the host for
     * which it was provisioned only when that host gets registered with Mt.Wilson
     * @param atagObj
     * @return 
     */
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
    boolean result;
    X509AttributeCertificate x509AttrCert;
    try {
        try {
            x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
        } catch (IllegalArgumentException ce) {
            log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
            throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
        }
        MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
        if (uuid != null && !uuid.isEmpty())
            atagCert.setUuid_hex(uuid);
        else
            atagCert.setUuid_hex(new UUID().toString());
        atagCert.setCertificate(atagObj.getCertificate());
        atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
        atagCert.setNotAfter(x509AttrCert.getNotAfter());
        atagCert.setNotBefore(x509AttrCert.getNotBefore());
        atagCert.setRevoked(false);
        //atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
        atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
        log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
        log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
        atagCert.setCreate_time(x509AttrCert.getSerialNumber());
        //atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
        // We are just writing some default value here, which would be changed when the host would be mapped to this
        // certificate.
        //atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
        Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
        Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
        atagCert.setPCREvent(expectedPcr.toByteArray());
        log.debug("assetTag writing cert to DB");
        //My.jpa().mwAssetTagCertificate().create(atagCert);
        MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
        mwAssetTagCertificateJpaController.create(atagCert);
        result = true;
        // here we need to check a config option, mtwilson.atag.associate.hosts.auto
        // now try to match a host to it
        log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
        AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
        request.setSha1OfAssetCert(atagCert.getSHA1Hash());
        //result = 
        mapAssetTagCertToHost(request);
    } catch (ASException ase) {
        log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) X509AttributeCertificate(com.intel.mtwilson.datatypes.X509AttributeCertificate) UUID(com.intel.mtwilson.util.io.UUID) MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) ASException(com.intel.mountwilson.as.common.ASException) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AssetTagCertAssociateRequest(com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)

Example 3 with Sha1Digest

use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.

the class Document method getEtag.

public String getEtag() {
    if (etag != null) {
        return etag;
    }
    if (modifiedOn != null) {
        String hex = Long.toHexString(modifiedOn.getTime());
        ByteArray byteArray = ByteArray.fromHex(hex);
        Sha1Digest digest = Sha1Digest.digestOf(byteArray.getBytes());
        return digest.toHexString();
    }
    return null;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) ByteArray(com.intel.mtwilson.util.io.ByteArray)

Example 4 with Sha1Digest

use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.

the class AssetTagCertBO method mapAssetTagCertToHostById.

/**
     * This function would be used to associate a asset tag certificate with the host for which it is 
     * provisioned for.  It requires you know the ID of the host it is to be associated with 
     * @param atagObj
     * @return 
     */
public boolean mapAssetTagCertToHostById(AssetTagCertAssociateRequest atagObj) {
    boolean result;
    log.debug("mapAssetTagCertToHostById");
    // Before we map the asset tag cert to the host, we first need to unmap any associations if it already exists
    try {
        unmapAssetTagCertFromHostById(atagObj);
        log.debug("Successfully unmapped the asset tag certificate assocation with host {}. ", atagObj.getHostID());
    } catch (Exception ex) {
        log.error("Error during unmap of asset tag cert from host with id {}. {}", atagObj.getHostID(), ex.getMessage());
    }
    try {
        // Find the asset tag certificate for the specified Sha256Hash value
        if (atagObj.getSha1OfAssetCert() != null) {
            //List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
            List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
            // List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
            if (atagCerts.isEmpty()) {
                log.error("mapAssetTagCertToHostById: The asset tag certificate does not exist");
                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            } else if (atagCerts.size() > 1) {
                log.error("mapAssetTagCertToHostById: There were multiple matches for the specified hash");
                throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
            } else {
                // Now that we have the asset tag identified, let us update the entry with the host ID for which it has
                // to be associated.
                MwAssetTagCertificate atagCert = atagCerts.get(0);
                atagCert.setHostID(atagObj.getHostID());
                // Now that the mapping is done, we need to calculate what the expected PCR value should be and put it in
                // the PCREvent column.
                Sha1Digest tag = Sha1Digest.digestOf(atagCert.getCertificate());
                log.debug("mapAssetTagCertToHostById : Sha1 Hash of the certificate with UUID {} is {}.", atagCert.getUuid(), tag.toString());
                Sha1Digest expectedHash = Sha1Digest.ZERO.extend(tag);
                log.debug("mapAssetTagCertToHostById : Final expected PCR for the certificate with UUID {} is {}.", atagCert.getUuid(), expectedHash.toString());
                atagCert.setPCREvent(expectedHash.toByteArray());
                //My.jpa().mwAssetTagCertificate().edit(atagCert);
                MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
                asert_tag.edit(atagCert);
                result = true;
            }
        } else {
            log.error("Sha1Hash for the asset tag is not specified.");
            throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
        }
    } catch (ASException ase) {
        log.error("Error during mapping of host to the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
        throw ase;
    } catch (Exception ex) {
        log.error("Unexpected error during mapping of host by id to the asset tag certificate. Error Details - {}.", ex.getMessage());
        throw new ASException(ex);
    }
    return result;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) MwAssetTagCertificateJpaController(com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController) ASException(com.intel.mountwilson.as.common.ASException) ApiException(com.intel.mtwilson.ApiException) CryptographyException(com.intel.mtwilson.crypto.CryptographyException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) MwAssetTagCertificate(com.intel.mtwilson.as.data.MwAssetTagCertificate) ASException(com.intel.mountwilson.as.common.ASException)

Example 5 with Sha1Digest

use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.

the class CertificateResultMapper method map.

@Override
public Certificate map(int i, ResultSet rs, StatementContext sc) throws SQLException {
    //        UUID uuid = UUID.valueOf(rs.getBytes("uuid")); // use this when uuid is a binary type in database
    byte[] content = rs.getBytes("certificate");
    Sha1Digest sha1 = Sha1Digest.valueOfHex(rs.getString("sha1"));
    Sha256Digest sha256 = Sha256Digest.valueOfHex(rs.getString("sha256"));
    //        Sha1Digest pcrEvent = Sha1Digest.valueOfHex(rs.getString("pcrEvent"));
    Certificate certificate = new Certificate();
    certificate.setId(UUID.valueOf(rs.getString("id")));
    certificate.setCertificate(content);
    certificate.setSha1(sha1);
    certificate.setSha256(sha256);
    //        certificate.setPcrEvent(pcrEvent);
    certificate.setSubject(rs.getString("subject"));
    certificate.setIssuer(rs.getString("issuer"));
    certificate.setNotBefore(rs.getTimestamp("notBefore"));
    certificate.setNotAfter(rs.getTimestamp("notAfter"));
    certificate.setRevoked(rs.getBoolean("revoked"));
    return certificate;
}
Also used : Sha1Digest(com.intel.mtwilson.util.crypto.Sha1Digest) Sha256Digest(com.intel.mtwilson.util.crypto.Sha256Digest) Certificate(com.intel.mtwilson.datatypes.Certificate)

Aggregations

Sha1Digest (com.intel.mtwilson.util.crypto.Sha1Digest)8 KeyManagementException (java.security.KeyManagementException)4 MwAssetTagCertificate (com.intel.mtwilson.as.data.MwAssetTagCertificate)3 IOException (java.io.IOException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 ASException (com.intel.mountwilson.as.common.ASException)2 ApiException (com.intel.mtwilson.ApiException)2 MwAssetTagCertificateJpaController (com.intel.mtwilson.as.controller.MwAssetTagCertificateJpaController)2 CryptographyException (com.intel.mtwilson.crypto.CryptographyException)2 KeyStoreException (java.security.KeyStoreException)2 SignatureException (java.security.SignatureException)2 AssetTagCertAssociateRequest (com.intel.mtwilson.datatypes.AssetTagCertAssociateRequest)1 Certificate (com.intel.mtwilson.datatypes.Certificate)1 X509AttributeCertificate (com.intel.mtwilson.datatypes.X509AttributeCertificate)1 Sha256Digest (com.intel.mtwilson.util.crypto.Sha256Digest)1 ByteArray (com.intel.mtwilson.util.io.ByteArray)1 UUID (com.intel.mtwilson.util.io.UUID)1 Measurement (com.intel.mtwilson.util.model.Measurement)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1