TakeOwnership.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.trustagent.setup;

import com.intel.mtwilson.setup.AbstractSetupTask;
import com.intel.mtwilson.trustagent.TrustagentConfiguration;
import com.intel.mtwilson.trustagent.niarl.Util;
import gov.niarl.his.privacyca.TpmModule;
import gov.niarl.his.privacyca.TpmUtils;

/**
 * 
 * @author jbuhacoff
 */
public class TakeOwnership extends AbstractSetupTask {

    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(TakeOwnership.class);
    private TrustagentConfiguration config;
    private String tpmOwnerSecret;

    @Override
    protected void configure() throws Exception {
        // tpm owner password must have already been generated
        config = new TrustagentConfiguration(getConfiguration());
        tpmOwnerSecret = config.getTpmOwnerSecretHex();
        log.debug("TakeOwnership tpmOwnerSecret = {}", tpmOwnerSecret);
        if (tpmOwnerSecret == null || tpmOwnerSecret.isEmpty()) {
            configuration("TPM owner secret must be configured to take ownership");
        }
    }

    @Override
    protected void validate() throws Exception {
        if (!Util.isOwner(config.getTpmOwnerSecret())) {
            validation("Trust Agent is not the TPM owner");
        }
    }

    @Override
    protected void execute() throws Exception {
        // Take Ownership
        byte[] nonce1 = TpmUtils.createRandomBytes(20);
        try {
            TpmModule.takeOwnership(config.getTpmOwnerSecret(), nonce1);
        } catch (TpmModule.TpmModuleException e) {
            if( e.getErrorCode() != null && e.getErrorCode() == 4 ) {
                log.info("Ownership is already taken");
            }
            else {
                throw e;
            }
        }
    }
}