/*
* Copyright (C) 2013 Intel Corporation
* All rights reserved.
*/
package test.vendor.vmware;
import com.intel.mtwilson.My;
import com.intel.mtwilson.agent.HostAgent;
import com.intel.mtwilson.agent.HostAgentFactory;
import com.intel.mtwilson.as.data.TblHosts;
import com.intel.mtwilson.crypto.Aes128;
import com.intel.dcsg.cpg.crypto.CryptographyException;
import com.intel.mtwilson.util.DataCipher;
import com.intel.mtwilson.datatypes.TxtHostRecord;
import com.intel.mtwilson.model.Pcr;
import com.intel.mtwilson.model.PcrEventLog;
import com.intel.mtwilson.model.PcrManifest;
import com.intel.mtwilson.model.Sha1Digest;
import com.intel.mtwilson.util.ASDataCipher;
import com.intel.mtwilson.util.Aes128DataCipher;
import java.io.IOException;
import java.net.MalformedURLException;
import org.apache.commons.codec.binary.Base64;
import static org.junit.Assert.*;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* In order to run these tests, you need aikqverify set up on your machine. The
* following documentation is copied from TAHelper:
*
* In order to use the TAHelper, you need to have attestation-service.properties
* on your machine.
*
* Here are example properties that Jonathan has at
* C:/Intel/CloudSecurity/attestation-service.properties:
* *
com.intel.mountwilson.as.home=C:/Intel/CloudSecurity/AttestationServiceData/aikverifyhome
* com.intel.mountwilson.as.aikqverify.cmd=aikqverify.exe
* com.intel.mountwilson.as.openssl.cmd=openssl.bat
*
* The corresponding files must exist. From the above example:
*
* C:/Intel/CloudSecurity/AttestationServiceData/aikverifyhome
* C:/Intel/CloudSecurity/AttestationServiceData/aikverifyhome/data (can be
* empty, TAHelper will save files there)
* C:/Intel/CloudSecurity/AttestationServiceData/aikverifyhome/bin contains:
* aikqverify.exe, cygwin1.dll
*
*
* @author jbuhacoff
*/
public class TestVmwareHostAgent {
private transient Logger log = LoggerFactory.getLogger(getClass());
private static String hostname = "10.1.71.175";
private static String connection = "vmware:https://10.1.71.162:443/sdk;Administrator;intel123!;10.1.71.175";
// private static String hostname = "10.1.71.155";
// private static String connection = "vmware:https://10.1.71.87:443/sdk;Administrator;P@ssw0rd";
private static HostAgent agent;
@BeforeClass
public static void createHostAgent() throws IOException, CryptographyException {
agent = getAgent();
}
public static HostAgent getAgent() throws IOException, CryptographyException {
ASDataCipher.cipher = new Aes128DataCipher(new Aes128(Base64.decodeBase64(My.configuration().getDataEncryptionKeyBase64())));
// TblHosts.dataCipher = new DummyCipher();
TblHosts host = new TblHosts();
host.setName(hostname);
host.setTlsPolicyName("INSECURE");
host.setTlsKeystore(null);
host.setAddOnConnectionInfo(connection);
HostAgentFactory factory = new HostAgentFactory();
HostAgent hostAgent = factory.getHostAgent(host);
return hostAgent;
}
public static class DummyCipher implements DataCipher {
@Override
public String encryptString(String plaintext) {
return plaintext;
}
@Override
public String decryptString(String ciphertext) {
return ciphertext;
}
}
@Test
public void testGetPcrManifestFrom175() throws MalformedURLException, CryptographyException, IOException {
/*
TlsPolicy tlsPolicy = new TrustFirstCertificateTlsPolicy(new );
ConnectionString conn = new ConnectionString("vmware:https://10.1.71.162:443/sdk;Administrator;intel123!;10.1.71.175");
HostAgentFactory factory = new HostAgentFactory();
HostAgent hostAgent = factory.getHostAgent(conn, tlsPolicy);
*/
HostAgent agent = getAgent();
PcrManifest pcrManifest = agent.getPcrManifest();
for (int i = 0; i < 24; i++) {
PcrEventLog pcrEventLog = pcrManifest.getPcrEventLog(i);
if (pcrEventLog == null) {
log.debug("no event log for pcr {}", i);
}
}
}
/**
* Example quote request sent to trust agent:
*
* <?xml version="1.0" encoding="UTF-8"
* standalone="yes"?><quote_request><nonce>KDk7urTjoZHh3kqJd5wAGQ==</nonce><pcr_list>0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23</pcr_list></quote_request>
*
* Example response from trust agent:
*
* <client_request> <timestamp>Tue Apr 09 12:46:18 PDT
* 2013</timestamp><clientIp>fe80:0:0:0:21e:67ff:fe10:4460%4</clientIp><error_code>0</error_code><error_message>OK</error_message><aikcert>-----BEGIN
* CERTIFICATE-----MIICuzCCAaOgAwIBAgIGAT3v+sHdMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMMDkhJU19Qcml2
* YWN5X0NBMB4XDTEzMDQwOTE4MDcwMVoXDTIzMDQwOTE4MDcwMVowADCCASIwDQYJKoZIhvcNAQEB
* BQADggEPADCCAQoCggEBAMDta0nKMmwUAWReFPbNhDiw2NOOTuLj/zzuS8Q4Yqi/JF14dlLcYYnv
* xm0gaNTQEipzr7C9H7FoX8QnuMktx1rnH0dknXKwwMetvWjoHVm3miA8R8SHDMhhso09v6FHBimg
* SdhKpTUK3FNcp/gyw9es4dl/akG2namb501WMK8T07Rp9USPRBKrhUXwRSh8lrNKgZUf6Jtg8ZHC
* g5VHtiVCXKoYD3yrpWhfWq08jyZq/EhiO3AXF++euAlc/7WEU2Q7R3YWQUC2tBZ9Chg8tzdi+ekn
* BI7BpW0EdKmoVb0JrkujQaJH/H6BSLESRfNsbLSp2qc3ueAcaOeOiIVayoUCAwEAAaMiMCAwHgYD
* VR0RAQH/BBQwEoEQSElTIElkZW50aXR5IEtleTANBgkqhkiG9w0BAQUFAAOCAQEABbgddQMo2u97
* iEEvmPBgjjpLVz55n1keXyGk/wXEv3LcO9z60iwX2kpcetP+dtxSUS0UgK5FH0toqWo7UkW7T8I0
* chpMRi8BNAbMKZw3d4i8rCFrzd/Sx6WRMOehBQU/qUYzAKIrTE1RsbJRWY6K58SiLizEx8RItURZ
* DVkgxpYCeJqxJpmAxsmTfMKaNoCCB75ytaKu96/45t1Gp2ZUifv3uEnTwcRr+IkGS0OiJrdEZrjl
* G4He9p69/MomZ+Ob8xqsiElfEETXdpEgzxrlSF8raBLcG0xbdnTY9JnWpsnP059FwUj5HYaFXgfG
* vNaANw/v5hQcRpGMyp6AV1F6mw== -----END
* CERTIFICATE-----</aikcert><quote>AAP///8AAAHgiR6wtVa4P87xwQ8/pkZDReNPj5E6P3gPEaS0mWn8qoDNbjlXwzsida6OANejVsuKNFboNmiEafsEaZZlOj94DxGktJlp/KqAzW45V8M7InX3aBjNGB2oWBGT96FRj1v8qqharzPG6NpbnV+zrvzxRzorReAZtHrqOj94DxGktJlp/KqAzW45V8M7InU6P3gPEaS0mWn8qoDNbjlXwzsidQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL/D/9eUDpKBo+v9+k4EEoaaP1XYoUxrVzXb37vZJpJZR+o9opgnOf3bfxUwS43Vi2n+PT3NbeytJK1VEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcqTJzLVhtHj0cUkhNFYFOsBwnVXWZMAB7Fw7EXlIWkzwBNJyq7ES4b5AdTwPLU3wBFVXODY7zG1WvaHyD0SBKHM37dh2+0brl/6EFGSG1a9QbiWpMsmHQIJ6TO6n3Gm8WeQ/fVvtlq+YjMvkbxPgpyGAfJ9KRkZdVTdNLAqZPXMaoQaFtqdIJJ46D6Xjsics88q6NoRP0ZQ2dVwFOr8rId8+xQf9S74moh+YtpDGDRSMApuKTBid53OOHXqZFn9X9FQz9Cy+OFhQiQZQohsIBE3v9SxPFDgUcteY9CP83G/yVXN6fRUmCIT1jiwSR4FxDd7k7EDGFw53usim4sCB4Q==</quote></client_request>
*
* So here is the quote extracted from the above response:
* AAP///8AAAHgiR6wtVa4P87xwQ8/pkZDReNPj5E6P3gPEaS0mWn8qoDNbjlXwzsida6OANejVsuKNFboNmiEafsEaZZlOj94DxGktJlp/KqAzW45V8M7InX3aBjNGB2oWBGT96FRj1v8qqharzPG6NpbnV+zrvzxRzorReAZtHrqOj94DxGktJlp/KqAzW45V8M7InU6P3gPEaS0mWn8qoDNbjlXwzsidQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL/D/9eUDpKBo+v9+k4EEoaaP1XYoUxrVzXb37vZJpJZR+o9opgnOf3bfxUwS43Vi2n+PT3NbeytJK1VEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcqTJzLVhtHj0cUkhNFYFOsBwnVXWZMAB7Fw7EXlIWkzwBNJyq7ES4b5AdTwPLU3wBFVXODY7zG1WvaHyD0SBKHM37dh2+0brl/6EFGSG1a9QbiWpMsmHQIJ6TO6n3Gm8WeQ/fVvtlq+YjMvkbxPgpyGAfJ9KRkZdVTdNLAqZPXMaoQaFtqdIJJ46D6Xjsics88q6NoRP0ZQ2dVwFOr8rId8+xQf9S74moh+YtpDGDRSMApuKTBid53OOHXqZFn9X9FQz9Cy+OFhQiQZQohsIBE3v9SxPFDgUcteY9CP83G/yVXN6fRUmCIT1jiwSR4FxDd7k7EDGFw53usim4sCB4Q==
*
* And sample output from this method:
* *
Pcr 0 = 891eb0b556b83fcef1c10f3fa6464345e34f8f91 Pcr 1 =
* 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 Pcr 2 =
* ae8e00d7a356cb8a3456e836688469fb04699665 Pcr 3 =
* 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 Pcr 4 =
* f76818cd181da8581193f7a1518f5bfcaaa85aaf Pcr 5 =
* 33c6e8da5b9d5fb3aefcf1473a2b45e019b47aea Pcr 6 =
* 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 Pcr 7 =
* 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 Pcr 8 =
* 0000000000000000000000000000000000000000 Pcr 9 =
* 0000000000000000000000000000000000000000 Pcr 10 =
* 0000000000000000000000000000000000000000 Pcr 11 =
* 0000000000000000000000000000000000000000 Pcr 12 =
* 0000000000000000000000000000000000000000 Pcr 13 =
* 0000000000000000000000000000000000000000 Pcr 14 =
* 0000000000000000000000000000000000000000 Pcr 15 =
* 0000000000000000000000000000000000000000 Pcr 16 =
* 0000000000000000000000000000000000000000 Pcr 17 =
* bfc3ffd7940e9281a3ebfdfa4e0412869a3f55d8 Pcr 18 =
* a14c6b5735dbdfbbd926925947ea3da2982739fd Pcr 19 =
* db7f15304b8dd58b69fe3d3dcd6decad24ad5511 Pcr 20 =
* 0000000000000000000000000000000000000000 Pcr 21 =
* 0000000000000000000000000000000000000000 Pcr 22 =
* 0000000000000000000000000000000000000000 Pcr 23 =
* 0000000000000000000000000000000000000000
*
*
* @throws IOException
*/
@Test
public void getPcrManifestFromVmware() throws IOException {
PcrManifest pcrManifest = agent.getPcrManifest();
assertNotNull(pcrManifest);
for (int i = 0; i < 24; i++) {
Pcr pcr = pcrManifest.getPcr(i);
log.debug("Pcr {} = {}", i, pcr.getValue().toString());
}
}
/**
* Output: Event name: /b.b00 vmbTrustedBoot=true tboot=0x0x101a000
* no-auto-partition bootUUID=772753050c0a140bdfbf92e306b9793d Digest:
* 2213253cbdf7a0d8b3709e971e6beb7ea6a81a92 This matches what VMware sends
* in its HostTpmCommandEventDetails object: 2013-04-10 20:48:54,181 DEBUG
* [main] c.i.m.a.v.VMWare51Esxi51 [VMWare51Esxi51.java:68] Event
* com.vmware.vim25.HostTpmCommandEventDetails 2013-04-10 20:48:54,182 DEBUG
* [main] c.i.m.a.v.VMWare51Esxi51 [VMWare51Esxi51.java:81] Event name
* /b.b00 vmbTrustedBoot=true tboot=0x0x101a000 no-auto-partition
* bootUUID=772753050c0a140bdfbf92e306b9793d 2013-04-10 20:48:54,184 DEBUG
* [main] c.i.m.a.v.VMWare51Esxi51 [VMWare51Esxi51.java:116] Event Digest is
* 2213253CBDF7A0D8B3709E971E6BEB7EA6A81A92
*
*/
@Test
public void testTypicalCommandEventDigest() {
String eventName = "/b.b00 vmbTrustedBoot=true tboot=0x0x101a000 no-auto-partition bootUUID=772753050c0a140bdfbf92e306b9793d";
System.out.println("Event name: " + eventName);
System.out.println("Digest: " + Sha1Digest.valueOf(eventName.getBytes()).toString());
}
/**
* Example output:
* *
BIOS Name: null BIOS Version: S5500.86B.01.00.0060.090920111354 BIOS OEM:
* Intel Corporation VMM Name: null VMM Version: 799733 OS Name: VMware ESXi
* OS Version: 5.1.0 AIK Certificate: null
*
* @throws IOException
*/
@Test
public void getHostInformationFromVmware() throws IOException {
TxtHostRecord hostDetails = agent.getHostDetails();
log.debug("BIOS Name: {}", hostDetails.BIOS_Name);
log.debug("BIOS Version: {}", hostDetails.BIOS_Version);
log.debug("BIOS OEM: {}", hostDetails.BIOS_Oem);
log.debug("VMM Name: {}", hostDetails.VMM_Name);
log.debug("VMM Version: {}", hostDetails.VMM_Version);
log.debug("OS Name: {}", hostDetails.VMM_OSName);
log.debug("OS Version: {}", hostDetails.VMM_OSVersion);
log.debug("AIK Certificate: {}", hostDetails.AIK_Certificate);
log.debug("Processor Info: {}", hostDetails.Processor_Info);
}
}