This repository has been archived by the owner on Nov 10, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
VerificationProcess.java
199 lines (164 loc) · 7.72 KB
/
VerificationProcess.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
package eu.lightest.verifier.controller;
import com.google.common.io.Files;
import eu.lightest.horn.Interpreter;
import eu.lightest.horn.exceptions.HornFailedException;
import eu.lightest.verifier.ATVConfiguration;
import eu.lightest.verifier.model.GitRepositoryState;
import eu.lightest.verifier.model.precheck.Precheck;
import eu.lightest.verifier.model.report.BufferedFileReportObserver;
import eu.lightest.verifier.model.report.Report;
import eu.lightest.verifier.model.report.ReportStatus;
import eu.lightest.verifier.model.tpl.TplApiListener;
import eu.lightest.verifier.model.transaction.TransactionContainer;
import iaik.security.provider.IAIK;
import iaik.xml.crypto.XSecProvider;
import org.apache.log4j.Logger;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
/**
* Main interface to the Automated Trust Verifier (ATV).
* <p>
* Used to verify the given transaction with respect to the given TPL trust policy.
*/
public class VerificationProcess {
public static final int STATUS_FAIL = 0;
public static final int STATUS_OK = 1;
private static Logger logger = Logger.getLogger(VerificationProcess.class);
private Report report;
private File transaction_file;
private File policy_file;
private TransactionContainer transaction;
private TplApiListener callback;
private boolean prechecksPassed = false;
/**
* Initialize Automated Trust Verifier (ATV).
*
* @param inputTransaction a LIGHTest transaction (e.g. ASIC container, signed XML/PDF document, etc.).
* @param inputPolicy a trust policy (in TPL format).
* @param report {@link Report} object used to retrieve the verification report.
*/
public VerificationProcess(File inputTransaction, File inputPolicy, Report report) {
this.transaction_file = inputTransaction;
this.policy_file = inputPolicy;
this.report = report;
reportVersion();
}
public boolean isPrechecksPassed() {
return this.prechecksPassed;
}
private void reportVersion() {
String buildVersion = "";
try {
buildVersion = GitRepositoryState.get().getBuildVersion();
} catch(IOException | NullPointerException e) {
e.printStackTrace();
}
this.report.addLine("LIGHTest ATV " + buildVersion);
}
/**
* Verify the configured transaction with respect to the configured TPL trust policy.
* <p>
* Configure the class via its constructor first.
* If a {@link Report} was set, the verification report can be retrieved using it.
*
* @return result of the verification. <code>true</code> iff the given policy can be fulfilled.
*/
public Boolean verify() {
IAIK.addAsProvider(true);
XSecProvider.addAsProvider(true);
if(!runPrechecks()) {
this.report.addLine("Pre-checks failed, ATV halted.", ReportStatus.FAILED);
return false;
}
//Transaction transaction = TransactionFactory.getTransaction(this.transaction_file);
this.callback = new TplApiListener(this.transaction_file, this.report);
Interpreter interpreter = new Interpreter(this.callback);
Interpreter.recordRPxTranscript = ATVConfiguration.get().getBoolean("tpl_recordRPxTranscript", false);
Interpreter.recordRPxTranscriptLocation = ATVConfiguration.get().getString("tpl_recordRPxTranscript_path", "/tmp/lightest_rpx_transcript");
String main_pred = ATVConfiguration.get().getString("tpl_main_predicate", "accept(Form).");
String main_var = ATVConfiguration.get().getString("tpl_main_predicate_variable", "Form");
//String[] params = {this.policy_file.getAbsolutePath(), main_pred, main_var};
if(!isMainValid(main_pred, main_var, this.policy_file)) {
return false;
}
boolean status = false;
String tplFilePath = this.policy_file.getAbsolutePath();
String query = main_pred;
String inputVariable = main_var;
try {
status = interpreter.run(tplFilePath, query, inputVariable);
} catch(HornFailedException e) {
this.report.addLine("Interpreter Error: " + e.getClass().getTypeName() + " (" + e.getMessage() + ").", ReportStatus.FAILED);
VerificationProcess.logger.error("Interpreter Error", e);
return false;
} catch(Exception e) {
this.report.addLine("Fatal Error: " + e.getClass().getTypeName() + " (" + e.getMessage() + "), see log.", ReportStatus.FAILED);
VerificationProcess.logger.error("Fatal Error", e);
return false;
}
return status;
}
private boolean isMainValid(String mainPred, String mainVar, File pathToPolicy) {
if(!mainPred.contains(mainVar)) {
this.report.addLine(" Main Predicate (" + mainPred + ") does not contain Variable: " + mainVar + ".", ReportStatus.FAILED);
return false;
}
String policy;
try {
policy = Files.toString(pathToPolicy, Charset.defaultCharset());
} catch(IOException e) {
this.report.addLine("Error loading Policy: " + e.getMessage(), ReportStatus.FAILED);
return false;
}
if(mainPred.endsWith(".")) {
mainPred = mainPred.substring(0, mainPred.length() - 1);
}
if(!policy.contains(mainPred)) {
this.report.addLine("Policy does not contain Main Predicate: " + mainPred + "", ReportStatus.FAILED);
return false;
}
return true;
}
private boolean runPrechecks() {
Precheck precheck = new Precheck(this.transaction_file, this.policy_file, this.report);
return this.prechecksPassed = precheck.runAllChecks();
}
/**
* Starts the verification process and returns the result.
* <p>
* To get a more detailed verification result, use {@link Report} provided to the constructor,
* e.g. with {@link BufferedFileReportObserver}.
* <p>
* This method is used to get the verification result in form of a status code.
* If you need a status value, use {@link #checkTransactionForAPI(String)} instead.
*
* @return {@link #STATUS_FAIL} (0) or {@link #STATUS_OK} (1).
*/
public int checkTransactionForAPI() {
Boolean verify = verify();
return verify == true ? VerificationProcess.STATUS_OK : VerificationProcess.STATUS_FAIL;
}
/**
* Starts the verification process and returns the requested status value.
* <p>
* To get a more detailed verification result, use {@link Report} provided to the constructor,
* e.g. with {@link BufferedFileReportObserver}.
* <p>
* This method is used to retrieve a status value, e.g. a level stored by an involved format parser.
* If you don't need a specific field, use {@link #checkTransactionForAPI()} instead.
* <p>
* For a list of possible status values, consult the documentation of the involved format parsers.
*
* @param desiredStatusValue Name of the desired status value.
* @return Iff the verification succeeded, the value of the status value requested via the <code>desiredStatusValue</code> parameter. If the verification failed, <code>null</code> is returned.
*/
public String checkTransactionForAPI(String desiredStatusValue) {
Boolean verify = verify();
if(verify == true && this.callback != null) {
return this.callback.getReturnValue(desiredStatusValue);
}
// else:
return null;
}
}