Skip to content

Commit

Permalink
Detect replacement RIM bundle and process accordingly during FW provi…
Browse files Browse the repository at this point in the history 
…sioning

Handle replacement base and support RIMs in their respective logic blocks
  • Loading branch information
@chubtub
chubtub committed Sep 18, 2024
1 parent a123acc commit c37dd12
Show file tree
Hide file tree
Showing 2 changed files with 103 additions and 55 deletions.
154 changes: 102 additions & 52 deletions ...estationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

Expand Down Expand Up @@ -347,78 +349,49 @@ private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim cla
dv.getHw().getManufacturer(),
dv.getHw().getProductName());
BaseReferenceManifest dbBaseRim = null;
SupportReferenceManifest support;
SupportReferenceManifest support = null;
EventLogMeasurements measurements;
boolean isReplacement = false;
String replacementRimId = "";
String tagId = "";
String fileName = "";
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");

if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
try {
support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType(
Hex.encodeHexString(messageDigest.digest(logFile.toByteArray())),
ReferenceManifest.SUPPORT_RIM);
if (support == null) {
support = new SupportReferenceManifest(
String.format("%s.rimel",
defaultClientName),
logFile.toByteArray());
// this is a validity check
new TCGEventLog(support.getRimBytes());
// no issues, continue
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
support.getHexDecHash().substring(
support.getHexDecHash().length() - NUM_OF_VARIABLES)));
support.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(support);
} else if (support.isArchived()) {
List<ReferenceManifest> rims = referenceManifestRepository.findByArchiveFlag(false);
for (ReferenceManifest rim : rims) {
if (rim.isSupport() &&
rim.getTagId().equals(support.getTagId()) &&
rim.getCreateTime().after(support.getCreateTime())) {
support.setDeviceName(null);
support = (SupportReferenceManifest) rim;
support.setDeviceName(dv.getNw().getHostname());
}
}
if (support.isArchived()) {
throw new Exception("Unable to locate an unarchived support RIM.");
} else {
this.referenceManifestRepository.save(support);
}
}
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(String.format("Failed to load support rim: %s", ex.getMessage()));
}
}
} else {
log.warn(String.format("%s did not send support RIM file...",
dv.getNw().getHostname()));
}

if (dv.getSwidfileCount() > 0) {
for (ByteString swidFile : dv.getSwidfileList()) {
try {
dbBaseRim = (BaseReferenceManifest) referenceManifestRepository
.findByBase64Hash(Base64.getEncoder()
.encodeToString(messageDigest
.digest(swidFile.toByteArray())));
.encodeToString(messageDigest
.digest(swidFile.toByteArray())));
if (dbBaseRim == null) {
/*
Either the swidFile does not have a corresponding base RIM in the backend
or it was deleted. Check if there is a replacement by comparing tagId against
all other base RIMs, and then set the corresponding support rim's deviceName.
*/
dbBaseRim = new BaseReferenceManifest(
String.format("%s.swidtag",
defaultClientName),
swidFile.toByteArray());
List<BaseReferenceManifest> baseRims = referenceManifestRepository.findAllBaseRims();
for (BaseReferenceManifest bRim : baseRims) {
if (bRim.getTagId().equals(dbBaseRim.getTagId())) {
dbBaseRim = bRim;
replacementRimId = dbBaseRim.getAssociatedRim().toString();
isReplacement = true;
break;
}
}
dbBaseRim.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(dbBaseRim);
} else if (dbBaseRim.isArchived()) {
/*
This block accounts for RIMs that may have been soft-deleted (archived)
in an older version of the ACA.
*/
List<ReferenceManifest> rims = referenceManifestRepository.findByArchiveFlag(false);
for (ReferenceManifest rim : rims) {
if (rim.isBase() && rim.getTagId().equals(dbBaseRim.getTagId()) &&
Expand All @@ -430,7 +403,12 @@ private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim cla
}
if (dbBaseRim.isArchived()) {
throw new Exception("Unable to locate an unarchived base RIM.");
} else {
this.referenceManifestRepository.save(dbBaseRim);
}
} else {
dbBaseRim.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(dbBaseRim);
}
tagId = dbBaseRim.getTagId();
} catch (UnmarshalException e) {
Expand All @@ -444,6 +422,78 @@ private DeviceInfoReport parseDeviceInfo(final ProvisionerTpm2.IdentityClaim cla
dv.getNw().getHostname()));
}

if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) {
try {
support = (SupportReferenceManifest) referenceManifestRepository.findByHexDecHashAndRimType(
Hex.encodeHexString(messageDigest.digest(logFile.toByteArray())),
ReferenceManifest.SUPPORT_RIM);
if (support == null) {
/*
Either the logFile does not have a corresponding support RIM in the backend
or it was deleted. The support RIM for a replacement base RIM is handled
in the previous loop block.
*/
if (isReplacement) {
Optional<ReferenceManifest> replacementRim =
referenceManifestRepository.findById(UUID.fromString(replacementRimId));
if (replacementRim.isPresent()) {
support = (SupportReferenceManifest) replacementRim.get();
support.setDeviceName(dv.getNw().getHostname());
} else {
throw new Exception("Unable to locate support RIM " + replacementRimId);
}
} else {
support = new SupportReferenceManifest(
String.format("%s.rimel",
defaultClientName),
logFile.toByteArray());
// this is a validity check
new TCGEventLog(support.getRimBytes());
// no issues, continue
support.setPlatformManufacturer(dv.getHw().getManufacturer());
support.setPlatformModel(dv.getHw().getProductName());
support.setFileName(String.format("%s_[%s].rimel", defaultClientName,
support.getHexDecHash().substring(
support.getHexDecHash().length() - NUM_OF_VARIABLES)));
}
support.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(support);
} else if (support.isArchived()) {
/*
This block accounts for RIMs that may have been soft-deleted (archived)
in an older version of the ACA.
*/
List<ReferenceManifest> rims = referenceManifestRepository.findByArchiveFlag(false);
for (ReferenceManifest rim : rims) {
if (rim.isSupport() &&
rim.getTagId().equals(support.getTagId()) &&
rim.getCreateTime().after(support.getCreateTime())) {
support.setDeviceName(null);
support = (SupportReferenceManifest) rim;
support.setDeviceName(dv.getNw().getHostname());
}
}
if (support.isArchived()) {
throw new Exception("Unable to locate an unarchived support RIM.");
} else {
this.referenceManifestRepository.save(support);
}
} else {
support.setDeviceName(dv.getNw().getHostname());
this.referenceManifestRepository.save(support);
}
} catch (IOException ioEx) {
log.error(ioEx);
} catch (Exception ex) {
log.error(String.format("Failed to load support rim: %s", ex.getMessage()));
}
}
} else {
log.warn(String.format("%s did not send support RIM file...",
dv.getNw().getHostname()));
}

//update Support RIMs and Base RIMs.
for (ByteString swidFile : dv.getSwidfileList()) {
dbBaseRim = (BaseReferenceManifest) referenceManifestRepository
Expand Down
4 changes: 1 addition & 3 deletions ...main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,9 +239,7 @@ public RedirectView delete(@RequestParam final String id,
messages.addError(notFoundMessage);
log.warn(notFoundMessage);
} else {
// if support rim, update associated events
referenceManifest.archive();
referenceManifestRepository.save(referenceManifest);
referenceManifestRepository.delete(referenceManifest);
String deleteCompletedMessage = "RIM successfully deleted";
messages.addInfo(deleteCompletedMessage);
log.info(deleteCompletedMessage);
Expand Down

0 comments on commit c37dd12

Please sign in to comment.