diff --git a/component-samples/demo/aio/WEB-INF/web.xml b/component-samples/demo/aio/WEB-INF/web.xml
index a775d9a8e..1bf60b139 100644
--- a/component-samples/demo/aio/WEB-INF/web.xml
+++ b/component-samples/demo/aio/WEB-INF/web.xml
@@ -216,6 +216,19 @@
/api/v1/mfg/vouchers/*
+
+ MfgVoucher
+ org.fidoalliance.fdo.protocol.api.RestApiServlet
+
+ Api-Class
+ org.fidoalliance.fdo.protocol.api.EkVoucher
+
+
+
+ EkVoucher
+ /api/v1/mfg/ekcert/*
+
+
CertificateApi
org.fidoalliance.fdo.protocol.api.RestApiServlet
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
index a777bfb31..8c583410f 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java
@@ -22,6 +22,7 @@
import java.util.Optional;
import org.apache.commons.codec.binary.Hex;
import org.fidoalliance.fdo.protocol.db.FdoSysModuleExtra;
+import org.fidoalliance.fdo.protocol.db.ManufacturingInfoStorageFunction;
import org.fidoalliance.fdo.protocol.db.OnboardConfigSupplier;
import org.fidoalliance.fdo.protocol.dispatch.CertSignatureFunction;
import org.fidoalliance.fdo.protocol.dispatch.CredReuseFunction;
@@ -373,6 +374,7 @@ protected void doAppStart(DispatchMessage request, DispatchMessage response) thr
ManufacturingInfo mfgInfo = Mapper.INSTANCE.readValue(appStart.getManufacturingInfo(),
ManufacturingInfo.class);
+
SimpleStorage storage = createVoucher(mfgInfo, request.getProtocolVersion());
SessionManager manager = getWorker(SessionManager.class);
@@ -435,6 +437,9 @@ protected void doSetHmac(DispatchMessage request, DispatchMessage response) thro
VoucherStorageFunction storageFunction = getWorker(VoucherStorageFunction.class);
storageFunction.apply(info.getSerialNumber(), voucher);
+ ManufacturingInfoStorageFunction infoStore = new ManufacturingInfoStorageFunction();
+ infoStore.store(info.getSerialNumber(), info.getEndorsementKey());
+
//save the voucher
response.setMessage(Mapper.INSTANCE.writeValue(new DiDone()));
manager.expireSession(request.getAuthToken().get());
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
new file mode 100644
index 000000000..7476af2cd
--- /dev/null
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/api/EkVoucher.java
@@ -0,0 +1,37 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.api;
+
+import org.fidoalliance.fdo.protocol.*;
+import org.fidoalliance.fdo.protocol.dispatch.ManufacturerKeySupplier;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Get API for Manufacturing voucher.
+ */
+public class EkVoucher extends RestApi {
+ protected static final LoggerService logger = new LoggerService(EkVoucher.class);
+
+
+ @Override
+ public void doGet() throws Exception {
+
+ String path = getLastSegment();
+ logger.info("Manufacturing Voucher SerialNo: " + path);
+
+ ManufacturedVoucher mfgVoucher = getSession().get(ManufacturedVoucher.class, path);
+ if (mfgVoucher == null) {
+ logger.warn("Mfg voucher is null");
+ throw new NotFoundException(path);
+ }
+ String text = Arrays.toString(mfgVoucher.getEkData());
+ getResponse().setContentType(HttpUtils.HTTP_PLAIN_TEXT);
+ getResponse().getWriter().print(text);
+ }
+}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
new file mode 100644
index 000000000..5a760be78
--- /dev/null
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/db/ManufacturingInfoStorageFunction.java
@@ -0,0 +1,40 @@
+// Copyright 2022 Intel Corporation
+// SPDX-License-Identifier: Apache 2.0
+
+package org.fidoalliance.fdo.protocol.db;
+
+import org.fidoalliance.fdo.protocol.Mapper;
+import org.fidoalliance.fdo.protocol.api.NotFoundException;
+import org.fidoalliance.fdo.protocol.dispatch.VoucherStorageFunction;
+import org.fidoalliance.fdo.protocol.entity.ManufacturedVoucher;
+import org.fidoalliance.fdo.protocol.message.ManufacturingInfo;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucher;
+import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
+import org.hibernate.Session;
+import org.hibernate.Transaction;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.UUID;
+
+public class ManufacturingInfoStorageFunction {
+
+
+ public void store(String serialNo, byte[] endorsementKey) throws IOException {
+ Session session = HibernateUtil.getSessionFactory().openSession();
+ try {
+ ManufacturedVoucher mfgVoucher = session.get(ManufacturedVoucher.class, serialNo);
+ if (mfgVoucher == null) {
+ throw new NotFoundException(serialNo);
+ }
+ Transaction trans = session.beginTransaction();
+ mfgVoucher.setEkData(endorsementKey);
+ session.saveOrUpdate(mfgVoucher);
+ trans.commit();
+ } catch (NotFoundException e) {
+ throw new RuntimeException(e);
+ } finally {
+ session.close();
+ }
+ }
+}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
index 180c75e65..d7a33c90e 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/entity/ManufacturedVoucher.java
@@ -29,6 +29,11 @@ public class ManufacturedVoucher {
@Temporal(TemporalType.TIMESTAMP)
private Date createdOn;
+ @Lob
+ @Column(name = "ekData", length = 65535, nullable = false)
+ private byte[] ekData;
+
+
public String getSerialNo() {
return serialNo;
}
@@ -41,6 +46,15 @@ public Date getCreatedOn() {
return createdOn;
}
+ public byte[] getEkData() {
+ return ekData;
+ }
+
+ public void setEkData(byte[] ekData) {
+ this.ekData = ekData;
+ }
+
+
public void setSerialNo(String id) {
this.serialNo = id;
}
diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
index 98fe20e8d..118d75a34 100644
--- a/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
+++ b/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/ManufacturingInfo.java
@@ -13,7 +13,7 @@
@JsonPropertyOrder(
{"keyType", "keyEnc", "serialNumber", "deviceInfo", "certInfo",
- "onDieDeviceCertChain", "testSignature", "testSigMaroePrefix"}
+ "onDieDeviceCertChain", "endorsementKey", "testSignature", "testSigMaroePrefix"}
)
@JsonSerialize(using = ManufacturingInfoSerializer.class)
@JsonDeserialize(using = ManufacturingInfoDeserializer.class)
@@ -40,6 +40,9 @@ public class ManufacturingInfo {
@JsonProperty("onDieDeviceCertChain")
private byte[] onDieDeviceCertChain;
+ @JsonProperty("endorsementKey")
+ private byte[] endorsementKey;
+
@JsonProperty("testSignature")
private byte[] testSignature;
@@ -76,6 +79,11 @@ public byte[] getOnDieDeviceCertChain() {
return onDieDeviceCertChain;
}
+ @JsonIgnore
+ public byte[] getEndorsementKey() {
+ return endorsementKey;
+ }
+
@JsonIgnore
public byte[] getTestSignature() {
return testSignature;
@@ -116,6 +124,11 @@ public void setOnDieDeviceCertChain(byte[] onDieDeviceCertChain) {
this.onDieDeviceCertChain = onDieDeviceCertChain;
}
+ @JsonIgnore
+ public void setEndorsementKey(byte[] endorsementKey) {
+ this.endorsementKey = endorsementKey;
+ }
+
@JsonIgnore
public void setTestSignature(byte[] testSignature) {
this.testSignature = testSignature;