Example 1 with PcrIndex
use of com.intel.mtwilson.util.model.PcrIndex in project OpenAttestation by OpenAttestation.
the class TAHelper method verifyQuoteAndGetPcr.
// BUG #497 need to rewrite this to return List<Pcr> ... the Pcr.equals() does same as (actually more than) IManifest.verify() because Pcr ensures the index is the same and IManifest does not! and also it is less redundant, because this method returns Map< pcr index as string, manifest object containing pcr index and value >
private HashMap<String, PcrManifest> verifyQuoteAndGetPcr(String sessionId, String eventLog) {
//Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
HashMap<String, PcrManifest> pcrMp = new HashMap<String, PcrManifest>();
String setUpFile;
log.info("verifyQuoteAndGetPcr for session {}", sessionId);
//log.info( "Command: {}",command);
//List<String> result = CommandUtil.runCommand(command,true,"VerifyQuote");
String certFileName = aikverifyhome + File.separator + getCertFileName(sessionId);
//2. verification
try {
setUpFile = ResourceFinder.getFile("attestation-service.properties").getAbsolutePath();
String fileLocation = setUpFile.substring(0, setUpFile.indexOf("attestation-service.properties"));
String PrivacyCaCertFileName = "PrivacyCA.cer";
//X509Certificate machineCertificate = pemToX509Certificate(certFileName);
//X509Certificate machineCertificate = certFromFile(certFileName);
certFromFile(certFileName);
//X509Certificate pcaCert = certFromFile(fileLocation + PrivacyCaCertFileName);
certFromFile(fileLocation + PrivacyCaCertFileName);
log.info("passed the verification");
} catch (Exception e) {
log.error("Machine certificate was not signed by the privacy CA." + e.toString());
throw new RuntimeException(e);
}
String nonceFileName = aikverifyhome + File.separator + getNonceFileName(sessionId);
String quoteFileName = aikverifyhome + File.separator + getQuoteFileName(sessionId);
String rsaPubkeyFileName = aikverifyhome + File.separator + getRSAPubkeyFileName(sessionId);
List<String> result = aikqverify(nonceFileName, rsaPubkeyFileName, quoteFileName);
for (String pcrString : result) {
String[] parts = pcrString.trim().split(" ");
if (parts.length == 2) {
String pcrNumber = parts[0].trim().replaceAll(pcrNumberUntaint, "").replaceAll("\n", "");
String pcrValue = parts[1].trim().replaceAll(pcrValueUntaint, "").replaceAll("\n", "");
boolean validPcrNumber = pcrNumberPattern.matcher(pcrNumber).matches();
boolean validPcrValue = pcrValuePattern.matcher(pcrValue).matches();
if (validPcrNumber && validPcrValue) {
log.info("Result PCR " + pcrNumber + ": " + pcrValue);
pcrMp.put(pcrNumber, new PcrManifest(Integer.parseInt(pcrNumber), pcrValue));
}
} else {
log.warn("Result PCR invalid");
}
}
//</modules>
if (eventLog != null) {
log.debug("About to start processing eventLog");
try {
XMLInputFactory xif = XMLInputFactory.newInstance();
StringReader sr = new StringReader(eventLog);
XMLStreamReader reader = xif.createXMLStreamReader(sr);
int extendedToPCR = -1;
String digestValue = "";
String componentName = "";
while (reader.hasNext()) {
if (reader.getEventType() == XMLStreamConstants.START_ELEMENT && reader.getLocalName().equalsIgnoreCase("module")) {
reader.next();
// Get the PCR Number to which the module is extended to
if (reader.getLocalName().equalsIgnoreCase("pcrNumber")) {
extendedToPCR = Integer.parseInt(reader.getElementText());
}
reader.next();
// Get the Module name
if (reader.getLocalName().equalsIgnoreCase("name")) {
componentName = reader.getElementText();
}
reader.next();
// Get the Module hash value
if (reader.getLocalName().equalsIgnoreCase("value")) {
digestValue = reader.getElementText();
}
boolean useHostSpecificDigest = false;
if (ArrayUtils.contains(openSourceHostSpecificModules, componentName)) {
useHostSpecificDigest = true;
}
// Attach the PcrEvent logs to the corresponding pcr indexes.
// Note: Since we will not be processing the even logs for 17 & 18, we will ignore them for now.
Measurement m = convertHostTpmEventLogEntryToMeasurement(extendedToPCR, componentName, digestValue, useHostSpecificDigest);
if (pcrMp.containsKey(String.valueOf(extendedToPCR))) {
if (pcrMp.get(String.valueOf(extendedToPCR)).containsPcrEventLog(extendedToPCR)) {
pcrMp.get(String.valueOf(extendedToPCR)).getPcrEventLog(extendedToPCR).getEventLog().add(m);
} else {
PcrIndex pcrIndex = new PcrIndex(extendedToPCR);
ArrayList<Measurement> list = new ArrayList<Measurement>();
list.add(m);
PcrEventLog eventlog = new PcrEventLog(pcrIndex, list);
pcrMp.get(String.valueOf(extendedToPCR)).setPcrEventLog(eventlog);
//pcrMf.setPcrEventLog(new PcrEventLog(new PcrIndex(extendedToPCR), list));
}
}
}
reader.next();
}
} catch (FactoryConfigurationError | XMLStreamException | NumberFormatException ex) {
//log.error(ex.getMessage(), ex);
throw new IllegalStateException("Invalid measurement log", ex);
}
}
return pcrMp;
}
Also used :
Measurement(com.intel.mtwilson.util.model.Measurement)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
PcrEventLog(com.intel.mtwilson.util.model.PcrEventLog)
ASException(com.intel.mountwilson.as.common.ASException)
KeyStoreException(java.security.KeyStoreException)
XMLStreamException(javax.xml.stream.XMLStreamException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
CertificateException(java.security.cert.CertificateException)
UnknownHostException(java.net.UnknownHostException)
PcrIndex(com.intel.mtwilson.util.model.PcrIndex)
XMLStreamException(javax.xml.stream.XMLStreamException)
PcrManifest(com.intel.mountwilson.manifest.data.PcrManifest)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Aggregations
ASException (com.intel.mountwilson.as.common.ASException)1
PcrManifest (com.intel.mountwilson.manifest.data.PcrManifest)1
Measurement (com.intel.mtwilson.util.model.Measurement)1
PcrEventLog (com.intel.mtwilson.util.model.PcrEventLog)1
PcrIndex (com.intel.mtwilson.util.model.PcrIndex)1
UnknownHostException (java.net.UnknownHostException)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
SignatureException (java.security.SignatureException)1
CertificateException (java.security.cert.CertificateException)1
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
FactoryConfigurationError (javax.xml.stream.FactoryConfigurationError)1
XMLInputFactory (javax.xml.stream.XMLInputFactory)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
XMLStreamReader (javax.xml.stream.XMLStreamReader)1
