use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.
the class ReportsBO method getPcrLogReportForAssetTag.
private PcrLogReport getPcrLogReportForAssetTag(TblTaLog taLog, Integer hostId) {
logger.debug("getPcrLogReportForAssetTag : Creating pcr log report for asset tag verification for host with uuid {}.", hostId);
AssetTagCertBO atagCertBO = new AssetTagCertBO();
MwAssetTagCertificate atagCert = atagCertBO.findValidAssetTagCertForHost(hostId);
if (atagCert != null) {
logger.debug("getPcrLogReportForAssetTag : Found a valid asset tag certificate for the host with white list value {}", atagCert.getPCREvent().toString());
PcrLogReport manifest = new PcrLogReport();
manifest.setName(Integer.parseInt(ASSET_TAG_PCR));
manifest.setValue(taLog.getManifestValue());
manifest.setWhiteListValue(new Sha1Digest(atagCert.getPCREvent()).toString());
if (manifest.getValue().equalsIgnoreCase(manifest.getWhiteListValue())) {
manifest.setTrustStatus(1);
} else {
manifest.setTrustStatus(0);
}
manifest.setVerifiedOn(new Date());
return manifest;
}
return null;
}
use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method importAssetTagCertificate.
// public AssetTagCertBO(PersistenceManager pm) {
// super(pm);
// }
/**
* This functions stores a new asset tag certificate that was provisioned by the Asset tag
* provisioning service for a host.This certificate would be associated to the host for
* which it was provisioned only when that host gets registered with Mt.Wilson
* @param atagObj
* @return
*/
public boolean importAssetTagCertificate(AssetTagCertCreateRequest atagObj, String uuid) {
boolean result;
X509AttributeCertificate x509AttrCert;
try {
try {
x509AttrCert = X509AttributeCertificate.valueOf(atagObj.getCertificate());
} catch (IllegalArgumentException ce) {
log.error("Error during retrieval of a new asset tag certificate. Error Details - {}.", ce.getMessage());
throw new ASException(ce, ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE, ce.getMessage());
}
MwAssetTagCertificate atagCert = new MwAssetTagCertificate();
if (uuid != null && !uuid.isEmpty())
atagCert.setUuid_hex(uuid);
else
atagCert.setUuid_hex(new UUID().toString());
atagCert.setCertificate(atagObj.getCertificate());
atagCert.setUuid(x509AttrCert.getSubject().toLowerCase());
atagCert.setNotAfter(x509AttrCert.getNotAfter());
atagCert.setNotBefore(x509AttrCert.getNotBefore());
atagCert.setRevoked(false);
//atagCert.setSHA1Hash(Sha1Digest.digestOf(atagObj.getCertificate()).toByteArray());
atagCert.setSHA1Hash(Sha1Digest.digestOf(x509AttrCert.getEncoded()).toByteArray());
log.debug("Certificate creation time is {}", x509AttrCert.getSerialNumber());
log.debug("Certificate SHA1 is {}", Sha1Digest.digestOf(x509AttrCert.getEncoded()).toHexString());
atagCert.setCreate_time(x509AttrCert.getSerialNumber());
//atagCert.setSHA256Hash(Sha256Digest.digestOf(atagObj.getCertificate()).toByteArray()); // not used with TPM 1.2
// We are just writing some default value here, which would be changed when the host would be mapped to this
// certificate.
//atagCert.setPCREvent(Sha1Digest.digestOf(atagCert.getSHA1Hash()).toByteArray());
Sha1Digest sha1D = Sha1Digest.digestOf(atagObj.getCertificate());
Sha1Digest expectedPcr = Sha1Digest.ZERO.extend(Sha1Digest.digestOf(sha1D.toBase64().getBytes()));
atagCert.setPCREvent(expectedPcr.toByteArray());
log.debug("assetTag writing cert to DB");
//My.jpa().mwAssetTagCertificate().create(atagCert);
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
mwAssetTagCertificateJpaController.create(atagCert);
result = true;
// here we need to check a config option, mtwilson.atag.associate.hosts.auto
// now try to match a host to it
log.debug("trying to associate tag to existing host using " + Hex.encodeHexString(atagCert.getSHA1Hash()));
AssetTagCertAssociateRequest request = new AssetTagCertAssociateRequest();
request.setSha1OfAssetCert(atagCert.getSHA1Hash());
//result =
mapAssetTagCertToHost(request);
} catch (ASException ase) {
log.error("Error during creation of a new asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during creation of a new asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.
the class Document method getEtag.
public String getEtag() {
if (etag != null) {
return etag;
}
if (modifiedOn != null) {
String hex = Long.toHexString(modifiedOn.getTime());
ByteArray byteArray = ByteArray.fromHex(hex);
Sha1Digest digest = Sha1Digest.digestOf(byteArray.getBytes());
return digest.toHexString();
}
return null;
}
use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.
the class AssetTagCertBO method mapAssetTagCertToHostById.
/**
* This function would be used to associate a asset tag certificate with the host for which it is
* provisioned for. It requires you know the ID of the host it is to be associated with
* @param atagObj
* @return
*/
public boolean mapAssetTagCertToHostById(AssetTagCertAssociateRequest atagObj) {
boolean result;
log.debug("mapAssetTagCertToHostById");
// Before we map the asset tag cert to the host, we first need to unmap any associations if it already exists
try {
unmapAssetTagCertFromHostById(atagObj);
log.debug("Successfully unmapped the asset tag certificate assocation with host {}. ", atagObj.getHostID());
} catch (Exception ex) {
log.error("Error during unmap of asset tag cert from host with id {}. {}", atagObj.getHostID(), ex.getMessage());
}
try {
// Find the asset tag certificate for the specified Sha256Hash value
if (atagObj.getSha1OfAssetCert() != null) {
//List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
MwAssetTagCertificateJpaController mwAssetTagCertificateJpaController = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
List<MwAssetTagCertificate> atagCerts = mwAssetTagCertificateJpaController.findAssetTagCertificateBySha1Hash(atagObj.getSha1OfAssetCert());
// List<MwAssetTagCertificate> atagCerts = My.jpa().mwAssetTagCertificate().findAssetTagCertificatesByHostUUID("494cb5dc-a3e1-4e46-9b52-e694349b1654");
if (atagCerts.isEmpty()) {
log.error("mapAssetTagCertToHostById: The asset tag certificate does not exist");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else if (atagCerts.size() > 1) {
log.error("mapAssetTagCertToHostById: There were multiple matches for the specified hash");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
} else {
// Now that we have the asset tag identified, let us update the entry with the host ID for which it has
// to be associated.
MwAssetTagCertificate atagCert = atagCerts.get(0);
atagCert.setHostID(atagObj.getHostID());
// Now that the mapping is done, we need to calculate what the expected PCR value should be and put it in
// the PCREvent column.
Sha1Digest tag = Sha1Digest.digestOf(atagCert.getCertificate());
log.debug("mapAssetTagCertToHostById : Sha1 Hash of the certificate with UUID {} is {}.", atagCert.getUuid(), tag.toString());
Sha1Digest expectedHash = Sha1Digest.ZERO.extend(tag);
log.debug("mapAssetTagCertToHostById : Final expected PCR for the certificate with UUID {} is {}.", atagCert.getUuid(), expectedHash.toString());
atagCert.setPCREvent(expectedHash.toByteArray());
//My.jpa().mwAssetTagCertificate().edit(atagCert);
MwAssetTagCertificateJpaController asert_tag = new MwAssetTagCertificateJpaController(getEntityManagerFactory());
asert_tag.edit(atagCert);
result = true;
}
} else {
log.error("Sha1Hash for the asset tag is not specified.");
throw new ASException(ErrorCode.AS_INVALID_ASSET_TAG_CERTIFICATE_HASH);
}
} catch (ASException ase) {
log.error("Error during mapping of host to the asset tag certificate. Error Details - {}:{}.", ase.getErrorCode(), ase.getErrorMessage());
throw ase;
} catch (Exception ex) {
log.error("Unexpected error during mapping of host by id to the asset tag certificate. Error Details - {}.", ex.getMessage());
throw new ASException(ex);
}
return result;
}
use of com.intel.mtwilson.util.crypto.Sha1Digest in project OpenAttestation by OpenAttestation.
the class CertificateResultMapper method map.
@Override
public Certificate map(int i, ResultSet rs, StatementContext sc) throws SQLException {
// UUID uuid = UUID.valueOf(rs.getBytes("uuid")); // use this when uuid is a binary type in database
byte[] content = rs.getBytes("certificate");
Sha1Digest sha1 = Sha1Digest.valueOfHex(rs.getString("sha1"));
Sha256Digest sha256 = Sha256Digest.valueOfHex(rs.getString("sha256"));
// Sha1Digest pcrEvent = Sha1Digest.valueOfHex(rs.getString("pcrEvent"));
Certificate certificate = new Certificate();
certificate.setId(UUID.valueOf(rs.getString("id")));
certificate.setCertificate(content);
certificate.setSha1(sha1);
certificate.setSha256(sha256);
// certificate.setPcrEvent(pcrEvent);
certificate.setSubject(rs.getString("subject"));
certificate.setIssuer(rs.getString("issuer"));
certificate.setNotBefore(rs.getTimestamp("notBefore"));
certificate.setNotAfter(rs.getTimestamp("notAfter"));
certificate.setRevoked(rs.getBoolean("revoked"));
return certificate;
}
Aggregations