def _sign(self, binary_to_sign, image_tosign_filename, cert_folder): c_path.create_dir(cert_folder) c_misc.store_data_to_file(image_tosign_filename, binary_to_sign) sig_package = signerutils.getSigPackage(cert_folder) if sig_package is not None: tosign_file_binary = c_misc.load_data_from_file( image_tosign_filename) [signature, cert_chain_list] = signerutils.\ readSigFromZip(sig_package) if self.validate_sig(tosign_file_binary, signature, cert_chain_list) is False: raise ExternalSignerError( self.MESG_INVALID_SIG.format(image_tosign_filename, sig_package)) else: raise ExternalSignerError( self.MESG_ASKUSERTOSIGN.format(image_tosign_filename, cert_folder)) signer_output = self._get_signer_output(signature, cert_chain_list) self._cleanup(cert_folder) return signer_output
def get_parser(imageinfo, validating=False, signing=False, prefix_override=None, file_exists=True, parsegens=None, sign_attr=False): # Get source image path image_path = imageinfo.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) # Get the parser mbn_parsegen_class = lookup_parsegen_class(imageinfo) if mbn_parsegen_class is None: parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type) else: parser = parsegen_mgr.get_parser(mbn_parsegen_class.get_plugin_id()) data = load_data_from_file(image_path) if file_exists else None return parser(data, imageinfo=imageinfo, debug_dir=imageinfo.dest_image.debug_dir_parsegen, debug_prefix=(prefix_override if prefix_override is not None else image_base), debug_suffix=image_ext, validating=validating, signing=signing, parsegens=parsegens, sign_attr=sign_attr)
def get_parser(imageinfo, validating=False, signing=False, prefix_override=None, file_exists=True, parsegens=None, sign_attr=False): # Import within this method import os from sectools.common.utils.c_misc import load_data_from_file # Get source image path image_path = imageinfo.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) # Get the parser parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type) data = load_data_from_file(image_path) if file_exists else None return parser(data, imageinfo=imageinfo, debug_dir=imageinfo.dest_image.debug_dir_parsegen, debug_prefix=prefix_override if prefix_override is not None else image_base, debug_suffix=image_ext, validating=validating, signing=signing, parsegens=parsegens, sign_attr=sign_attr)
def get_parser(imageinfo): # Import within this method import os from sectools.common.utils.c_misc import load_data_from_file # Get source image path image_path = imageinfo.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) # Check parser exists file_type = imageinfo.image_type.file_type if file_type not in PARSEGENS: raise RuntimeError('Parser unavailable for file type: ' + str(file_type) + '\n' ' ' + 'Available file types are: ' + str(PARSEGENS.keys())) # Get the parser parser = PARSEGENS[file_type] return parser(load_data_from_file(image_path), imageinfo=imageinfo, debug_dir=imageinfo.dest_image.debug_dir_parsegen, debug_prefix=image_base, debug_suffix=image_ext)
def _pil_split(self, src, prefix): from sectools.common.parsegen.elf.format import ParseGenElf, pack_phdrs, PF_OS_SEGMENT_HASH # Load the data p_obj = ParseGenElf(load_data_from_file(src)) # File names elfhdr = prefix + '.mdt' # Cleanup for eachpattern in [elfhdr, (prefix + '.b*')]: import glob for eachfile in glob.glob(eachpattern): try: os.remove(eachfile) except Exception: pass # Create the mdt data elfdata = p_obj.ehdr.pack() + pack_phdrs(p_obj.phdrs) # Dump the segments for idx, phdr in enumerate(p_obj.phdrs): path = prefix + ('.b%02d' % idx) store_data_to_file(path, p_obj.segments[phdr]) if phdr.f_os_segment_type == PF_OS_SEGMENT_HASH: elfdata += p_obj.segments[phdr] # Dump the final elfhdr mdt store_data_to_file(elfhdr, elfdata)
def pil_split(src, prefix): from sectools.common.parsegen.elf.format import ParseGenElf, pack_phdrs, PF_OS_SEGMENT_HASH # Load the data p_obj = ParseGenElf(load_data_from_file(src)) # File names elfhdr = prefix + '.mdt' # Cleanup for eachpattern in [elfhdr, (prefix + '.b*')]: import glob for eachfile in glob.glob(eachpattern): try: os.remove(eachfile) except Exception: pass # Create the mdt data elfdata = p_obj.ehdr.pack() + pack_phdrs(p_obj.phdrs) # Dump the segments for idx, phdr in enumerate(p_obj.phdrs): path = prefix + ('.b%02d' % idx) store_data_to_file(path, p_obj.segments[phdr]) if phdr.f_os_segment_type == PF_OS_SEGMENT_HASH: elfdata += p_obj.segments[phdr] # Dump the final elfhdr mdt store_data_to_file(elfhdr, elfdata)
def _generate_pkcs11_cfg(self, token_driver_home): pkcs11_cfg_template_data = ensure_str(c_misc.load_data_from_file(self.PKCS11_CFG_TEMPLATE)) pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data, "token_driver_home", token_driver_home, isMandatory=True) return c_path.create_tmp_file(data=pkcs11_cfg_data)
def _generate_pkcs11_cfg(self, token_driver_home): pkcs11_cfg_template_data = c_misc.load_data_from_file( self.PKCS11_CFG_TEMPLATE) pkcs11_cfg_data = signerutils.macro_replace(pkcs11_cfg_template_data, "token_driver_home", token_driver_home, isMandatory=True) return utility_functions.store_data_to_temp_file(pkcs11_cfg_data)
def get_metabuild_log(self): data = [] logdir = os.path.dirname(self.log) ufc_log = c_path.join(logdir, UFC_LOG) regenerate_log = c_path.join(logdir, REGENERATE_BUID_LOG) buildloading_log = c_path.join(logdir, FASTBOOT_COMPLETE_LOG) metabuild_log = c_path.join(logdir, META_BUILD_LOG) # remove meta build log from previous session if c_path.validate_file(metabuild_log): os.remove(metabuild_log) data.append('Meta build log:\n') if c_path.validate_file(ufc_log): data.append(SECTION_BREAK) data.append('Step 1: UltraFastCopy meta build') data.append('Meta Build: ' + self.meta_build_path) data.append(SECTION_BREAK) data.append(load_data_from_file(ufc_log)) else: data.append('meta build copy skipped') data.append(SECTION_BREAK) if c_path.validate_file(regenerate_log): data.append(SECTION_BREAK) data.append('Step 2: Meta build regeneration') data.append('Meta Build: ' + logdir) data.append('Image Build:' + self.image_build_path) data.append(SECTION_BREAK) data.append(load_data_from_file(regenerate_log)) else: data.append('meta build regeneration skipped') data.append(SECTION_BREAK) if c_path.validate_file(buildloading_log): data.append(SECTION_BREAK) data.append('Step 3: Meta build loading') data.append('Meta Build: ' + logdir) data.append(SECTION_BREAK) data.append(load_data_from_file(buildloading_log)) store_data_to_file(metabuild_log, "\n".join(data)) return metabuild_log
def log_contains(self, string): isPresent = False log_path = os.path.join(self.args.output_dir, TOOL_NAME + "_log.txt") if c_path.validate_file(log_path): log_data = c_misc.load_data_from_file(log_path) if log_data.find(string) > 0: isPresent = True return isPresent
def generate(self): """Generate the secdat file based on the configs which have been setup. :param str secdat: the path to the secdat file to be generated. """ retval_gen, reterr_gen = self._verify_generate() if not retval_gen: raise RuntimeError(reterr_gen) # Get the version from config file ucp = self._config_parser ucp_file_version = ucp.get_secdat_file_version() ucp_fuse_version = ucp.get_secdat_fuse_version() ucp_file_info = ucp.get_secdat_file_info() version_dir = self.get_version_dir(ucp_file_version) #-------------------------------------------------------------------------------------------------------- # Setting input_secdat path: # @ if input given as -s # @ if sec.dat exists in the keyprovision_output #-------------------------------------------------------------------------------------------------------- in_secdat = None # Checking self secdat if in_secdat is None: try: in_secdat = self.secdat except Exception: pass # Checking common secdat if in_secdat is None: common_secdat = c_path.join(self.output_dir, defines.COMMON_DIR, version_dir, defines.SEC_DAT) if os.path.isfile(common_secdat): in_secdat = common_secdat # Create list of output secdat out_secdats = [] IO = namedtuple('IO', 'in_data out_path') out_secdats.append(IO(None, c_path.join(self.output_dir, self.FEATURE_DIR, version_dir, defines.SEC_DAT))) out_secdats.append(IO(load_data_from_file(in_secdat) if in_secdat else None, c_path.join(self.output_dir, defines.COMMON_DIR, version_dir, defines.SEC_DAT))) # Generate the secdats: for secdat in out_secdats: out_dir = os.path.dirname(secdat.out_path) c_path.create_dir(out_dir) secdat_obj = secdat_pg(self.SECDAT_SEGMENT_TYPE, secdat.in_data) secdat_obj.data_model = self.data_model secdat_obj.write(secdat.out_path, ucp_file_version, ucp_fuse_version, ucp_file_info) self.dump_debug_data_model(self.data_model, out_dir) self.dump_debug_secdat(secdat_obj, out_dir) logger.info('Secdat generated at: ' + secdat.out_path) self.secdat = c_path.join(self.output_dir, self.FEATURE_DIR, version_dir, defines.SEC_DAT)
def _generate_attestation_certificate_extensions(self, attestation_certificate_extensions_path, tcg_min, tcg_max): v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_tcg_config(tcg_min, tcg_max) v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new) return v3_attest_file_temp
def _generate_attestation_certificate_extensions( self, attestation_certificate_extensions_path, tcg_min, tcg_max): v3_attest_file = c_misc.load_data_from_file( attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_tcg_config(tcg_min, tcg_max) v3_attest_file_temp = utility_functions.store_data_to_temp_file( v3_attest_file_new) return v3_attest_file_temp
def __init__(self, cert_blob=None, path=None, allow_missing_ou=False): self.allow_missing_ou = allow_missing_ou if cert_blob is not None: self.cert_blob = cert_blob elif path is not None: self.cert_blob = c_misc.load_data_from_file(path) else: raise RuntimeError("cert_blob and path cannot be both None") self.certificate_text = crypto.cert.get_text(self.cert_blob) self.asn1_text = crypto.cert.get_asn1_text(self.cert_blob)
def _generate_attestation_certificate_extensions(self, attestation_certificate_extensions_path, oid_name, min_str, max_str): v3_attest_file = c_misc.load_data_from_file(attestation_certificate_extensions_path) v3_attest_file_new = v3_attest_file + \ self._generate_oid_config(oid_name, min_str, max_str) v3_attest_file_temp = utility_functions.store_data_to_temp_file(v3_attest_file_new) return v3_attest_file_temp
def sign(self, signingpackage_fname, outputdir): signaturepackage_binary = None cmds = self._getCmds(signingpackage_fname, outputdir) cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server" logger.info("Connecting to {0}".format(cass_server)) output = self._executeCmds(cmds) logger.debug(output) signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH) if os.path.isfile(signaturepackage_filepath): logger.info("Signature package retrieved from server.") signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath) return signaturepackage_binary
def __init__(self, cert_blob=None, path=None): if cert_blob is not None: self.cert_blob = cert_blob elif path is not None: self.cert_blob = c_misc.load_data_from_file(path) else: raise RuntimeError("cert_blob and path cannot be both None") self.certificate_text = crypto_functions.get_certificate_text_from_binary(self.cert_blob) self.asn1_text = crypto_functions.get_asn1_text_from_binary(self.cert_blob) self.tcg_min, self.tcg_max = self._get_oid(self.asn1_text, name="tcg") self.fid_min, self.fid_max = self._get_oid(self.asn1_text, name="feature_id")
def sign(self, signingpackage_fname, outputdir): signaturepackage_binary = None cmds = self._getCmds(signingpackage_fname, outputdir) cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server" logger.info("Connecting to {0}".format(cass_server)) output = self._executeCmds(cmds) logger.debug(output) signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH) if os.path.isfile(signaturepackage_filepath): logger.info("Signature package retrieved from server.") signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath) #clean up path, filename = os.path.split(signaturepackage_filepath) shutil.rmtree(path) return signaturepackage_binary
def get_parser(imageinfo): # Import within this method import os from sectools.common.utils.c_misc import load_data_from_file # Get source image path image_path = imageinfo.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) # Get the parser parser = parsegen_mgr.get_parser(imageinfo.image_type.file_type) return parser(load_data_from_file(image_path), imageinfo=imageinfo, debug_dir=imageinfo.dest_image.debug_dir_parsegen, debug_prefix=image_base, debug_suffix=image_ext)
def sign(self, signingpackage_fname, outputdir): signaturepackage_binary = None cmds = self._getCmds(signingpackage_fname, outputdir) cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server" logger.info("Connecting to {0}".format(cass_server)) logger.debug("Executing commands: \n'" + "\n".join(cmds) + "'\n") output = self._executeCmds(cmds) logger.debug(output) signaturepackage_filepath = os.path.join(outputdir, self.SIGNATUREPACKPAGE_RELPATH) if os.path.isfile(signaturepackage_filepath): logger.info("Signature package retrieved from server: " + c_path.normalize(signaturepackage_filepath)) signaturepackage_binary = c_misc.load_data_from_file(signaturepackage_filepath) # clean up path, filename = os.path.split(signaturepackage_filepath) shutil.rmtree(path) return signaturepackage_binary
def get_cert_list(self, num_root_certs): save_index = self.cert_mrc_index cert_list = [] for i in range(0, num_root_certs): self.cert_mrc_index = i cert_path = self.get_root_cert() if os.path.isfile(cert_path) is False: err_str = "certificate_path does not exist: {0}!".format(cert_path) raise RuntimeError(err_str) cert = c_misc.load_data_from_file(cert_path) cert_list.append(cert) self.cert_mrc_index = save_index return cert_list
def sign(self): signature_package_response = None self._get_cmds() cass_server = self.cass_signer_attributes.server.host if self.cass_signer_attributes.server else "default CASS server" logger.info("Connecting to {0}".format(cass_server)) output = self._execute_cmds() logger.debug(output) signature_package_file_path = os.path.join( self.output_dir, self.SIGNATURE_PACKPAGE_REL_PATH) if os.path.isfile(signature_package_file_path): logger.info("Signature package retrieved from server: " + c_path.normalize(signature_package_file_path)) signature_package_response = c_misc.load_data_from_file( signature_package_file_path) # clean up path, filename = os.path.split(signature_package_file_path) shutil.rmtree(path) return signature_package_response
def get_rootcerts(self): root_cert_list = [] for i in range(0, self.general_properties.num_root_certs): config_cert_name = self.cert_config.multirootcert.root_cert_name root_cert_path_to_replace = os.path.join(self.cert_config.multirootcert.directory, config_cert_name) root_cert_path = self.replace_macros( root_cert_path_to_replace, exponent=str(self.signing_attributes.exponent), key_size=str(self.general_properties.key_size), index=str(i)) if os.path.isfile(root_cert_path) is False: err_str = "certificate_path does not exist: {0}!".format(root_cert_path) raise RuntimeError(err_str) root_cert = c_misc.load_data_from_file(root_cert_path) root_cert_list.append(root_cert) logger.debug('Package root cert {0}: {1}'.format(i, root_cert_path)) return root_cert_list
def _get_rootcerts_from_config(self, cert_config, num_root_certs): root_cert_list = [] if cert_config.multirootcert: for i in range(0, num_root_certs): config_cert_name = cert_config.multirootcert.root_cert_name cert_name = signerutils.macro_replace(config_cert_name, "index", str(i), isMandatory=True) root_cert_path = os.path.join( cert_config.multirootcert.directory, cert_name) if os.path.isfile(root_cert_path) is False: err_str = "certificate_path does not exist: {0}!".format( root_cert_path) raise RuntimeError(err_str) root_cert = c_misc.load_data_from_file(root_cert_path) root_cert_list.append(root_cert) logger.debug('Package root cert {0}: {1}'.format( i, root_cert_path)) return root_cert_list
def get_parser(imageinfo): # Import within this method import os from sectools.common.utils.c_misc import load_data_from_file # Get source image path image_path = imageinfo.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) # Check parser exists file_type = imageinfo.image_type.file_type if file_type not in PARSEGENS: raise RuntimeError('Parser unavailable for file type: ' + str(file_type) + '\n' ' ' + 'Available file types are: ' + str(PARSEGENS.keys())) # Get the parser parser = PARSEGENS[file_type] return parser(load_data_from_file(image_path), imageinfo=imageinfo, debug_dir=imageinfo.dest_image.debug_dir_parsegen, debug_prefix=image_base, debug_suffix=image_ext)
def get_rootcerts(self): root_cert_list = [] for i in range(0, self.general_properties.num_root_certs): config_cert_name = self.cert_config.multirootcert.root_cert_name root_cert_path_to_replace = os.path.join( self.cert_config.multirootcert.directory, config_cert_name) root_cert_path = self.replace_macros( root_cert_path_to_replace, exponent=str(self.signing_attributes.exponent), key_size=str(self.general_properties.key_size), index=str(i)) if os.path.isfile(root_cert_path) is False: err_str = "certificate_path does not exist: {0}!".format( root_cert_path) raise RuntimeError(err_str) root_cert = c_misc.load_data_from_file(root_cert_path) root_cert_list.append(root_cert) logger.debug('Package root cert {0}: {1}'.format( i, root_cert_path)) return root_cert_list
def _create_parsegen_obj(self, image, validating=False, signing=False, file_exists=True, parsegens=None, sign_attr=False): c_path.create_debug_dir(image.dest_image.debug_dir_parsegen) image_path = image.src_image.image_path image_name = os.path.basename(image_path) image_base, image_ext = os.path.splitext(image_name) data = load_data_from_file(image_path) if file_exists else None parsegen = ElfMbnV3Base(data, imageinfo=image, debug_dir=image.dest_image.debug_dir_parsegen, debug_prefix=image_base, debug_suffix=image_ext, validating=validating, signing=signing, parsegens=parsegens, sign_attr=sign_attr) # Check if parsegen authority settings are correct parsegen.authority = self.authority parsegen.validate_authority() return parsegen
def read_from_file(self, file_path): self.set_data(load_data_from_file(file_path))
def _validate_generation(self, dp_file): """Validate the generation """ reterr = [] # Set the debug params if self.debug: debug_dir = c_path.join(self.output_dir, defines.DEST_DEBUG_DIR) debug_prefix, debug_suffix = os.path.splitext( os.path.basename(c_path.join(self.output_dir, 'dp.dat'))) else: debug_dir, debug_prefix, debug_suffix = None, None, None dbgpelfparser = ParseGenDbgpElf( data=load_data_from_file(dp_file), version=self._config_parser.root.file_properties.revision, debug_dir=debug_dir, debug_prefix=debug_prefix, debug_suffix=debug_suffix, elf_class=None) # Validate against the debugpolicy config file if self._config_parser: if dbgpelfparser.dbgpparser.header.version != self._config_parser.root.file_properties.revision: reterr.append( 'Revision mismatch ' '' + 'Debugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.version) + '' + ' Config File: ' + str(self._config_parser.root.file_properties.revision)) logger.error(reterr) return if getattr(dbgpelfparser.dbgpparser.header, 'sernum_start', None) is not None and \ dbgpelfparser.dbgpparser.header.sernum_start != self._config_parser.root.file_properties.serial_number_start: reterr.append( 'Serial Number Start mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.sernum_start) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. serial_number_start)) if getattr(dbgpelfparser.dbgpparser.header, 'sernum_end', None) is not None and \ dbgpelfparser.dbgpparser.header.sernum_end != self._config_parser.root.file_properties.serial_number_end: reterr.append('Serial Number End mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.sernum_end) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. serial_number_end)) if dbgpelfparser.dbgpparser.header.flags != self._config_parser.root.file_properties.flags: reterr.append( 'Flags mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.flags) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties.flags)) if self._config_parser.root.file_properties.image_bit_map is not None: if dbgpelfparser.dbgpparser.header.imagebit_map != self._config_parser.root.file_properties.image_bit_map: reterr.append( 'Image Bit Map mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.imagebit_map) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. image_bit_map)) if self._config_parser.root.file_properties.image_bit_map is None: if getattr(dbgpelfparser.dbgpparser.header, 'imagebit_map', None) is not None: if dbgpelfparser.dbgpparser.header.imagebit_map != 0: if dbgpelfparser.dbgpparser.header.imagebit_map != self._config_parser.root.file_properties.image_bit_map: reterr.append('Image Bit Map mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header. imagebit_map) + '' + '\nConfig File: ' + str(self._config_parser.root. file_properties.image_bit_map)) if self._config_parser.root.file_properties.image_id_list is not None: if len(self._config_parser.root.file_properties.image_id_list. image_id) == 0: for i in range( len( list(dbgpelfparser.dbgpparser.header. imgid_array))): if list(dbgpelfparser.dbgpparser.header.imgid_array )[i] != 0: reterr.append( 'Image ID Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.imgid_array ) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. image_id_list.image_id + list([0] * (32 - len(self._config_parser.root. file_properties. image_id_list.image_id))))) break else: for i in range( len(self._config_parser.root.file_properties. image_id_list.image_id)): if list( dbgpelfparser.dbgpparser.header.imgid_array )[i] != self._config_parser.root.file_properties.image_id_list.image_id[ i]: reterr.append( 'Image ID Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.imgid_array ) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. image_id_list.image_id + list([0] * (32 - len(self._config_parser.root. file_properties. image_id_list.image_id))))) break if self._config_parser.root.file_properties.image_id_list is None: if getattr(dbgpelfparser.dbgpparser.header, 'imgid_count', None) is not None: if dbgpelfparser.dbgpparser.header.imgid_count != 0: reterr.append( 'Image ID Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.imgid_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. image_id_list)) if dbgpelfparser.dbgpparser.header.rootcerthash_array[:dbgpelfparser.dbgpparser.header.rootcerthash_count] != \ [x.lower() for x in self._config_parser.root.file_properties.root_cert_hash_list.root_cert_hash]: reterr.append( 'Root Certificate Hash Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.rootcerthash_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. root_cert_hash_list.root_cert_hash)) if getattr(dbgpelfparser.dbgpparser.header, 'serial_num_array', None) is not None: if len(self._config_parser.root.file_properties. serial_num_list.serial_num) == 0: reterr.append( 'Serial Number Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header.serial_num_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. serial_num_list.serial_num + list([0] * (200 - len(self._config_parser.root.file_properties. serial_num_list.serial_num))))) else: for i in range( len(self._config_parser.root.file_properties. serial_num_list.serial_num)): if list( dbgpelfparser.dbgpparser.header. serial_num_array )[i] != self._config_parser.root.file_properties.serial_num_list.serial_num[ i]: reterr.append( 'Serial Number Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header. serial_num_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. serial_num_list.serial_num + list([0] * (200 - len(self._config_parser.root. file_properties.serial_num_list. serial_num))))) break if self._config_parser.root.file_properties.root_cert_hash_qc_list is not None: if len(self._config_parser.root.file_properties. root_cert_hash_qc_list.root_cert_hash_qc) == 0: for i in range( len( list(dbgpelfparser.dbgpparser.header. rootcerthash_qc_array))): if list(dbgpelfparser.dbgpparser.header. rootcerthash_qc_array)[i] != 0: reterr.append( 'Root Certificate Hash QC Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header. rootcerthash_qc_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. root_cert_hash_qc_list.root_cert_hash_qc + list([0] * (4 - len( self._config_parser.root. file_properties.root_cert_hash_qc_list. root_cert_hash_qc))))) break else: for i in range( len(self._config_parser.root.file_properties. root_cert_hash_qc_list.root_cert_hash_qc)): if list( dbgpelfparser.dbgpparser.header. rootcerthash_qc_array )[i].lower( ) != self._config_parser.root.file_properties.root_cert_hash_qc_list.root_cert_hash_qc[ i].lower(): reterr.append( 'Root Certificate Hash QC Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header. rootcerthash_qc_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. root_cert_hash_qc_list.root_cert_hash_qc + list([0] * (4 - len( self._config_parser.root. file_properties.root_cert_hash_qc_list. root_cert_hash_qc))))) break if self._config_parser.root.file_properties.root_cert_hash_qc_list is None: if getattr(dbgpelfparser.dbgpparser.header, 'rootcerthash_qc_count', None) is not None: if dbgpelfparser.dbgpparser.header.rootcerthash_qc_count != 0: reterr.append( 'Root Certificate Hash QC Array mismatch ' '' + ':- \nDebugpolicy File: ' + str(dbgpelfparser.dbgpparser.header. rootcerthash_qc_array) + '' + '\nConfig File: ' + str(self._config_parser.root.file_properties. root_cert_hash_qc_list)) if reterr: if len(reterr) > 1: reterr = [(' ' + str(idx + 1) + '. ' + error) for idx, error in enumerate(reterr)] reterr = 'Following errors were found during validation:\n\n' + '\n'.join( reterr) else: reterr = reterr[0] logger.error(reterr) else: logger.info( 'Validation of debugpolicy file against debugpolicy config file is Successful!' )