-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
ImaAcceptableRecordBaseline and its subclasses have been updated to include a containsHashes method to be able to match IMA measurement records based solely on their hashes. Supporting classes have been updated or created as necessary. Additionally, the set of path equivalencies as specified in the IMA policy have been updated to include additional entries. Closes #33.
- Loading branch information
Showing
17 changed files
with
769 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package hirs.ima.matching; | ||
|
||
import com.google.common.base.Preconditions; | ||
import hirs.data.persist.IMABaselineRecord; | ||
import hirs.data.persist.IMAMeasurementRecord; | ||
import hirs.data.persist.IMAPolicy; | ||
import hirs.data.persist.ImaBaseline; | ||
import hirs.data.persist.ReportMatchStatus; | ||
|
||
import java.util.Collection; | ||
import java.util.Set; | ||
|
||
/** | ||
* This class extends the base matching functionality of {@link ImaRecordMatcher} to | ||
* compare {@link IMAMeasurementRecord}s against a collection of {@link IMABaselineRecord}s | ||
* based solely on their hashes. | ||
*/ | ||
public class ImaAcceptableHashRecordMatcher extends ImaRecordMatcher<IMABaselineRecord> { | ||
/** | ||
* Construct a new ImaAcceptablePathAndHashRecordMatcher. | ||
* | ||
* @param records the baseline records to use for matching | ||
* @param imaPolicy the IMA policy to reference during matching; its partial path and path | ||
* equivalence settings influence matching behavior | ||
* @param imaBaseline the IMA baseline these records were sourced from; this is only used to | ||
*/ | ||
public ImaAcceptableHashRecordMatcher( | ||
final Collection<IMABaselineRecord> records, | ||
final IMAPolicy imaPolicy, | ||
final ImaBaseline imaBaseline) { | ||
super(records, imaPolicy, imaBaseline); | ||
} | ||
|
||
/** | ||
* Returns an IMAMatchStatus indicating whether the given {@link IMAMeasurementRecord} is | ||
* contained within the originally provided {@link IMABaselineRecord}s. | ||
* | ||
* @param record the record to look up | ||
* @return an IMAMatchStatus indicating whether the record is a match or unknown to | ||
* the given baseline records | ||
*/ | ||
@Override | ||
public IMAMatchStatus<IMABaselineRecord> contains(final IMAMeasurementRecord record) { | ||
Preconditions.checkArgument(record != null, "Cannot match on null record."); | ||
|
||
final Set<IMABaselineRecord> matchingRecords = getRelatedBaselineRecordsByHash(record); | ||
|
||
if (matchingRecords.isEmpty()) { | ||
return new IMAMatchStatus<>(record, ReportMatchStatus.UNKNOWN, getImaBaseline()); | ||
} | ||
|
||
return new IMAMatchStatus<>( | ||
record, | ||
ReportMatchStatus.MATCH, | ||
matchingRecords, | ||
getImaBaseline() | ||
); | ||
} | ||
} |
Oops, something went wrong.