issue_896: first cut at changing the logic on the validator

nsacyber · Jan 27, 2025 · 50098de · 50098de
1 parent 03c6bbc
commit 50098de
Show file tree

Hide file tree

Showing 7 changed files with 140 additions and 65 deletions.
diff --git a/...in/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java b/...in/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java
@@ -6,6 +6,7 @@
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfigurationV1;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TBBSecurityAssertion;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.URIReference;
+import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
 import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.PlatformConfigurationV2;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
@@ -64,25 +65,30 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
      * TCPA Trusted Platform Endorsement.
      */
     public static final String CERTIFICATE_TYPE_1_2 = "TCPA Trusted Platform Endorsement";
+
     /**
      * TCG Trusted Platform Endorsement.
      */
     public static final String CERTIFICATE_TYPE_2_0 = "TCG Trusted Platform Endorsement";
     private static final int TCG_SPECIFICATION_LENGTH = 3;
+
     // These are Object Identifiers (OIDs) for sections in the credentials
     private static final String POLICY_QUALIFIER_CPSURI = "1.3.6.1.5.5.7.2.1";
     private static final String POLICY_QUALIFIER_USER_NOTICE = "1.3.6.1.5.5.7.2.2";
+
     // OID for TCG Attributes
     private static final String PLATFORM_MANUFACTURER = "2.23.133.2.4";
     private static final String PLATFORM_MODEL = "2.23.133.2.5";
     private static final String PLATFORM_VERSION = "2.23.133.2.6";
     private static final String PLATFORM_SERIAL = "2.23.133.2.23";
     private static final String PLATFORM_BASEBOARD_CHASSIS_COMBINED = "2.23.133.5.1.6";
+
     // OID for TCG Platform Class Common Attributes
     private static final String PLATFORM_MANUFACTURER_2_0 = "2.23.133.5.1.1";
     private static final String PLATFORM_MODEL_2_0 = "2.23.133.5.1.4";
     private static final String PLATFORM_VERSION_2_0 = "2.23.133.5.1.5";
     private static final String PLATFORM_SERIAL_2_0 = "2.23.133.5.1.6";
+
     // OID for Certificate Attributes
     private static final String TCG_PLATFORM_SPECIFICATION = "2.23.133.2.17";
     private static final String TPM_SECURITY_ASSERTION = "2.23.133.2.18";
@@ -582,8 +588,7 @@ public Map<String, Object> getAllAttributes()
                     break;
                 default:
                     // No class defined for this attribute
-                    log.warn("No class defined for attribute with OID: "
-                            + attr.getAttrType().getId());
+                    log.warn("No class defined for attribute with OID: {}", attr.getAttrType().getId());
                     break;
             }
         }
@@ -621,6 +626,24 @@ && getAttribute("platformConfiguration") instanceof PlatformConfiguration) {
         return null;
     }
 
+    /**
+     * Get the Version 2 Platform Configuration Attribute from the Platform Certificate.
+     *
+     * @return a map with the Version 2 Platform Configuration information.
+     * @throws IllegalArgumentException when there is a parsing error
+     * @throws IOException              when reading the certificate.
+     */
+    public PlatformConfigurationV2 getPlatformConfigurationV2()
+            throws IllegalArgumentException, IOException {
+
+        if (getAttribute("platformConfiguration") != null
+                && getAttribute("platformConfiguration") instanceof PlatformConfigurationV2) {
+            return (PlatformConfigurationV2) getAttribute("platformConfiguration");
+        }
+
+        return null;
+    }
+
     /**
      * Get the Platform Configuration URI Attribute from the Platform Certificate.
      *
@@ -695,9 +718,27 @@ public List<ComponentIdentifier> getComponentIdentifiers() {
                 return platformConfig.getComponentIdentifier();
             }
         } catch (IOException e) {
-            log.error("Unable to parse Platform Configuration from Credential or find"
+            log.error("Unable to parse Platform Configuration from Platform Credential or find"
                     + "component identifiers");
         }
         return Collections.emptyList();
     }
+
+    /**
+     * Get the list of version 2 component identifiers if there are any.
+     *
+     * @return the list of version 2 component identifiers if there are any
+     */
+    public List<ComponentIdentifierV2> getComponentIdentifiersV2() {
+        try {
+            PlatformConfigurationV2 platformConfigV2 = getPlatformConfigurationV2();
+            if (platformConfigV2 != null) {
+                return platformConfigV2.getComponentIdentifierV2();
+            }
+        } catch (IOException e) {
+            log.error("Unable to parse Platform Configuration Version 2 from Platform Credential or find"
+                    + "version 2 component identifiers");
+        }
+        return Collections.emptyList();
+    }
 }
diff --git a/.../hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java b/.../hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentClass.java
@@ -33,6 +33,10 @@
 
     private static final String SMBIOS_COMPONENT_REGISTRY = "2.23.133.18.3.3";
 
+    private static final String PCIE_BASED_COMPONENT_REGISTRY = "2.23.133.18.3.4";
+
+    private static final String STORAGE_COMPONENT_REGISTRY = "2.23.133.18.3.5";
+
     private static final Path WINDOWS_JSON_PATH = FileSystems.getDefault().getPath(
             "C:/", "ProgramData", "hirs", "aca", "default-properties", "component-class.json");
 
@@ -122,6 +126,8 @@ public ComponentClass(final String registryOid,
         this.registryType = switch (registryOid) {
             case TCG_COMPONENT_REGISTRY -> "TCG";
             case SMBIOS_COMPONENT_REGISTRY -> "SMBIOS";
+            case PCIE_BASED_COMPONENT_REGISTRY -> "PCIE";
+            case STORAGE_COMPONENT_REGISTRY -> "STORAGE";
             default -> UNKNOWN_STRING;
         };
 

diff --git a/...ttestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java b/...ttestationca/persist/entity/userdefined/certificate/attributes/PlatformConfiguration.java
@@ -14,11 +14,15 @@
  */
 @AllArgsConstructor
 public abstract class PlatformConfiguration {
-    private ArrayList<ComponentIdentifier> componentIdentifier = new ArrayList<>();
+
+    private List<ComponentIdentifier> componentIdentifier;
+
     @Getter
     @Setter
     private URIReference componentIdentifierUri;
-    private ArrayList<PlatformProperty> platformProperties = new ArrayList<>();
+
+    private List<PlatformProperty> platformProperties;
+
     @Getter
     @Setter
     private URIReference platformPropertiesUri;

diff --git a/...ationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java b/...ationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java
@@ -6,6 +6,8 @@
 import org.bouncycastle.asn1.ASN1TaggedObject;
 
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import java.util.stream.Collectors;
 
 /**
@@ -26,9 +28,10 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
     private static final int COMPONENT_IDENTIFIER_URI = 1;
     private static final int PLATFORM_PROPERTIES = 2;
     private static final int PLATFORM_PROPERTIES_URI = 3;
+    private List<ComponentIdentifierV2> componentIdentifierV2;
 
     /**
-     * Constructor given the SEQUENCE that contains Platform Configuration.
+     * Constructor given the SEQUENCE that contains version 2 Platform Configuration.
      *
      * @param sequence containing the the Platform Configuration.
      * @throws IllegalArgumentException if there was an error on the parsing
@@ -87,6 +90,21 @@ public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgume
         }
     }
 
+    /**
+     * @return a collection of version 2 component identifiers.
+     */
+    public List<ComponentIdentifierV2> getComponentIdentifierV2() {
+        return Collections.unmodifiableList(componentIdentifierV2);
+    }
+
+    /**
+     * @param componentIdentifierV2 list of version 2 component identifiers
+     */
+    public void setComponentIdentifierV2(
+            final List<ComponentIdentifierV2> componentIdentifierV2) {
+        this.componentIdentifierV2 = new ArrayList<>(componentIdentifierV2);
+    }
+
     /**
      * Creates a string representation of the Platform Configuration V2 object.
      *
@@ -96,9 +114,9 @@ public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgume
     public String toString() {
         StringBuilder sb = new StringBuilder();
         sb.append("PlatformConfiguration{");
-        sb.append("componentIdentifier=");
-        if (getComponentIdentifier().size() > 0) {
-            sb.append(getComponentIdentifier()
+        sb.append("componentIdentifierV2=");
+        if (!getComponentIdentifierV2().isEmpty()) {
+            sb.append(getComponentIdentifierV2()
                     .stream()
                     .map(Object::toString)
                     .collect(Collectors.joining(",")));
@@ -108,7 +126,7 @@ public String toString() {
             sb.append(getComponentIdentifierUri());
         }
         sb.append(", platformProperties=");
-        if (getPlatformProperties().size() > 0) {
+        if (!getPlatformProperties().isEmpty()) {
             sb.append(getPlatformProperties()
                     .stream()
                     .map(Object::toString)