nsacyber · cyrus-dev · Aug 30, 2021 · Aug 30, 2021
diff --git a/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java b/HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
@@ -321,21 +321,21 @@ public AppraisalStatus validateDeltaPlatformCredentialAttributes(
 
         // this needs to be a loop for all deltas, link to issue #110
         // check that they don't have the same serial number
-        for (PlatformCredential delta : deltaMapping.keySet()) {
+        for (PlatformCredential pc : deltaMapping.keySet()) {
             if (!basePlatformCredential.getPlatformSerial()
-                    .equals(delta.getPlatformSerial())) {
+                    .equals(pc.getPlatformSerial())) {
                 message = String.format("Base and Delta platform serial "
                                 + "numbers do not match (%s != %s)",
-                        delta.getPlatformSerial(),
+                        pc.getPlatformSerial(),
                         basePlatformCredential.getPlatformSerial());
                 LOGGER.error(message);
                 return new AppraisalStatus(FAIL, message);
             }
             // none of the deltas should have the serial number of the base
-            if (basePlatformCredential.getSerialNumber()
-                    .equals(delta.getSerialNumber())) {
+            if (!pc.isBase() && basePlatformCredential.getSerialNumber()
+                    .equals(pc.getSerialNumber())) {
                 message = String.format("Delta Certificate with same serial number as base. (%s)",
-                        delta.getSerialNumber());
+                        pc.getSerialNumber());
                 LOGGER.error(message);
                 return new AppraisalStatus(FAIL, message);
             }

diff --git a/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java b/HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java
@@ -99,6 +99,7 @@
         "javax.security.auth.*" })
 public class SupplyChainCredentialValidatorTest {
 
+    private static final String JSON_FILE = "/config/component-class.json";
     private static final String SAMPLE_PACCOR_OUTPUT_TXT = "sample_paccor_output.txt";
     private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT
             = "sample_paccor_output_not_specified_values.txt";
@@ -2028,29 +2029,41 @@ public final void testValidateDeltaPlatformCredentialAttributes()
         PlatformCredential delta1 = mock(PlatformCredential.class);
         PlatformCredential delta2 = mock(PlatformCredential.class);
 
-        ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"),
+        ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00010002"),
+                new DERUTF8String("Intel"),
                 new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
                 new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
-                ASN1Boolean.TRUE, new ArrayList<>(0));
-        ComponentIdentifier compId2 = new ComponentIdentifier(
+                ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
+                null);
+        ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00050004"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("Ethernet Connection I217-V-faulty"),
                 new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
-                ASN1Boolean.FALSE, new ArrayList<>(0));
-        ComponentIdentifier compId3 = new ComponentIdentifier(
+                ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
+                null);
+        ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00090002"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("82580 Gigabit Network Connection-faulty"),
                 new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
-                ASN1Boolean.FALSE, new ArrayList<>(0));
+                ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
+                null);
         ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
-                new ComponentClass(),
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00050004"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("Ethernet Connection I217-V"),
                 new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
                 ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
                 AttributeStatus.ADDED);
         ComponentIdentifierV2 deltaCompId3 = new ComponentIdentifierV2(
-                new ComponentClass(),
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00090002"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("82580 Gigabit Network Connection"),
                 new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
@@ -2060,6 +2073,7 @@ public final void testValidateDeltaPlatformCredentialAttributes()
         ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
         ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
         ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
+        ciV21Faulty.setComponentClass(compId2.getComponentClass());
         ciV21Faulty.setComponentModel(compId2.getComponentModel());
         ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
         ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
@@ -2068,6 +2082,7 @@ public final void testValidateDeltaPlatformCredentialAttributes()
         ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
         ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
         ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
+        ciV22Faulty.setComponentClass(compId3.getComponentClass());
         ciV22Faulty.setComponentModel(compId3.getComponentModel());
         ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
         ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
@@ -2094,17 +2109,17 @@ public final void testValidateDeltaPlatformCredentialAttributes()
         when(base.getManufacturer()).thenReturn("innotek GmbH");
         when(base.getModel()).thenReturn("VirtualBox");
         when(base.getVersion()).thenReturn("1.2");
-        when(base.getPlatformSerial()).thenReturn("0");
-        when(delta1.getPlatformSerial()).thenReturn("0");
-        when(delta2.getPlatformSerial()).thenReturn("0");
+        when(base.getPlatformSerial()).thenReturn("62UIAE5");
+        when(delta1.getPlatformSerial()).thenReturn("62UIAE5");
+        when(delta2.getPlatformSerial()).thenReturn("62UIAE5");
         when(base.getPlatformType()).thenReturn("base");
         when(delta1.getPlatformType()).thenReturn("delta");
         when(delta2.getPlatformType()).thenReturn("delta");
-        when(base.getSerialNumber()).thenReturn(BigInteger.ZERO);
-        when(delta1.getSerialNumber()).thenReturn(BigInteger.ONE);
-        when(delta2.getSerialNumber()).thenReturn(BigInteger.TEN);
-        when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.ZERO);
-        when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.ONE);
+        when(base.getSerialNumber()).thenReturn(BigInteger.valueOf(01));
+        when(delta1.getSerialNumber()).thenReturn(BigInteger.valueOf(39821));
+        when(delta2.getSerialNumber()).thenReturn(BigInteger.valueOf(39822));
+        when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(02));
+        when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(39821));
         when(base.getComponentIdentifiers()).thenReturn(compList);
         when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
         when(delta2.getComponentIdentifiers()).thenReturn(delta2List);
@@ -2129,9 +2144,9 @@ public final void testValidateDeltaPlatformCredentialAttributes()
         AppraisalStatus result = supplyChainCredentialValidator
                 .validateDeltaPlatformCredentialAttributes(delta2,
                         deviceInfoReport, base, chainCredentials);
-        Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
         Assert.assertEquals(result.getMessage(),
                 SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID);
+        Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
     }
 
     /**
@@ -2149,22 +2164,33 @@ public final void testValidateChainFailure()
         PlatformCredential base = mock(PlatformCredential.class);
         PlatformCredential delta1 = mock(PlatformCredential.class);
 
-        ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"),
+        ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00010002"),
+                new DERUTF8String("Intel"),
                 new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
                 new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
-                ASN1Boolean.TRUE, new ArrayList<>(0));
-        ComponentIdentifier compId2 = new ComponentIdentifier(
+                ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
+                null);
+        ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00050004"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("Ethernet Connection I217-V-faulty"),
                 new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
-                ASN1Boolean.FALSE, new ArrayList<>(0));
-        ComponentIdentifier compId3 = new ComponentIdentifier(
+                ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
+                null);
+        ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00090002"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("82580 Gigabit Network Connection-faulty"),
                 new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
-                ASN1Boolean.FALSE, new ArrayList<>(0));
+                ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
+                null);
         ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
-                new ComponentClass(),
+                new ComponentClass(Paths.get(this.getClass()
+                        .getResource(JSON_FILE).toURI()), "0x00050004"),
                 new DERUTF8String("Intel Corporation"),
                 new DERUTF8String("Ethernet Connection I217-V"),
                 new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
@@ -2231,12 +2257,8 @@ public final void testValidateChainFailure()
                         deviceInfoReport, base, chainCredentials);
         Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
         Assert.assertEquals(result.getMessage(),
-                "Delta Certificate with same serial number as base. (0)");
-//        Assert.assertEquals(result.getMessage(),
-//                "There are unmatched components:\n"
-//                        + "Manufacturer=Intel Corporation, Model=82580 "
-//                        + "Gigabit Network Connection-faulty, "
-//                        + "Serial=90:e2:ba:31:83:10, Revision=;\n");
+                "There are 1 unmatched components on the Platform Certificate:\n"
+                        + "COMPID=370101885;1");
     }
 
     /**

diff --git a/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt b/HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt
@@ -5,13 +5,22 @@
     },
     "COMPONENTS": [
         {
-            "MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
+            "COMPONENTCLASS": {
+                    "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
+                    "COMPONENTCLASSVALUE": "00010002"
+                },"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
         },
         {
-            "MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
+            "COMPONENTCLASS": {
+                    "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
+                    "COMPONENTCLASSVALUE": "00050004"
+                },"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
         },
         {
-            "MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
+            "COMPONENTCLASS": {
+                    "COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
+                    "COMPONENTCLASSVALUE": "00090002"
+                },"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
         }
     ],
     "PROPERTIES": [