Skip to content

[#1090] Fix ACA Provisioning Issue When Using ECC Key#1127

Draft
ThatSilentCoder wants to merge 30 commits intomainfrom
v3.1_issue_1090-fix-aca-provision-using-ecc-key
Draft

[#1090] Fix ACA Provisioning Issue When Using ECC Key#1127
ThatSilentCoder wants to merge 30 commits intomainfrom
v3.1_issue_1090-fix-aca-provision-using-ecc-key

Conversation

@ThatSilentCoder
Copy link
Collaborator

@ThatSilentCoder ThatSilentCoder commented Mar 6, 2026
edited
Loading

Description

Fix exceptions caused by provisioning against the ACA that is setup using the ECC key parameter in the setup script.

Test Instructions:

  1. Remove your local setup of the ACA using the follwing commands:

On Linux:

sudo package/linux/aca/aca_remove_setup.sh

On Windows (Powershell 7 Core in Admin mode):

package\win\aca\aca_remove_setup.ps1
  1. Setup the ACA to use ECC keys as follows:

On Linux:

sudo package/linux/aca/aca_setup.sh -aa ecc -u

On Windows (Powershell 7 Core in Admin mode):

package\win\aca\aca_setup.ps1 -aa ecc -u
  1. If everything is configured correctly, run the ACA.
  2. Run the provisioner against the ACA for different policy settings: no policy enabled, platform credential
    validation enabled, endorsement credential validation enabled, firmware validation enabled.
  3. Verify that for each policy setting, assuming you've uploaded the correct certificates/RIMS up to the ACA per policy, the provisioning succeeds and that the ACA produces two issued certificates.
  4. Verify that for each policy setting, no exceptions/errors are thrown in the console/logs.

Issues This PR Addresses:

Closes #1090

@ThatSilentCoder
v3.1_issue_1090: First cut of the fixing the ecc provisioning issue.
8964f31
@ThatSilentCoder
v3.1_issue_1090: Added a new property that keeps track of the algorit…
331328b 
…hm used throughout the application (prop has been added to the app.properties for both win and linux machines), deleted a repo that wasnt being used anywhere, changed the name of the rest controller and service class, re-wrote the workflow from rest controller to backend since it was setup incorrectly. Provisioning is sort-of crypto-agile. It can parse the rsa key without an issue, now need to work on doing the same for the ecc key.
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
553ba00
@ThatSilentCoder
v3.1_issue_1090: Figuring out how to parse the ecc key from the bytes…
879ec7e 
… array. Fixing up some warnings for the shell scripts.
@ThatSilentCoder
v3.1_issue_1090: Fixing warnings/errors pointed out by shell plugin i…
9d14600 
…n bash scripts. Took care of a majority of them.
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
f7969bc
@ThatSilentCoder
v3.1_issue_1090: Fixed a lot of tests. Removed a lot of unused method…
4f1e778 
…s in the utils class.
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
cc01535
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
40bd091
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
45471b0
@ThatSilentCoder
v3.1_issue_1090: SLowly but surely making progress.
6527bc0
@ThatSilentCoder
v3.1_issue_1090: Merged main into local branch.
6169988
@ThatSilentCoder
v3.1_issue_1090: Going to have to complete a function that makes cred…
ac90e40 
…ential using ecc. Fixed the enum class. Removed throws exception decorator from methods. Made abstract processor abstract. Might consider ditching the abstract processor and placing them in a utils class. This might be a bit more complicated than we imagined.
@ThatSilentCoder
v3.1_issue_1090: Just to quiet spotbug error.
b3b0259
@ThatSilentCoder
v3.1_issue_1090: Changed variable names in the provisionutils parser …
ad14f48 
…methods, moved the restconrtoller, service and service impl to a package that makes sense for these classes, deleted abstract processor, moved methods that pertain to each procressor to their respective processor and moved any common utilities to a util function. Might need to change the way we extract the public key algorithm for this to work properly.
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
9da7763
@ThatSilentCoder
v3.1_issue_1090: Converted helper class to service, started creating …
a0a49b4 
…services to reduce the lines of code in some of the bigger processors (and to separate responsibilities). Removed public key algorithm property in app.properties. Can now extract algo from the alg id inside of a byte array. Added a new property to Public Key Algorithm enum.
@ThatSilentCoder
v3.1_issue_1090: Made some name changes to the service classes, refac…
fc79f20 
…tored the device info processor service so now there isnt one huge monolith that handles the device info parsing. Will take on more refactoring for other intricate parts in future commits.
@ThatSilentCoder
v3.1_issue_1120: Finished refactoring the identityclaimprocessor. nee…
72393a2 
…ed to figure how to remove componetinforepo completely since it is only being used once. Same with device repo.
@ThatSilentCoder
v3.1_issue_1090: Fixed the error that is mentioned in the issue. Will…
a190682 
… need to add algo param to the powershell scripts so this works on windows and will have to address scenarios where the ak and ek keys are not rsa keys. currently have a method that handles that situation but will need to figure out how to implement that issue.
@ThatSilentCoder ThatSilentCoder linked an issue Mar 6, 2026 that may be closed by this pull request
Fix ACA provision using ecc key #1090
Open
@ThatSilentCoder ThatSilentCoder added the enhancement Improving on an implemented feature label Mar 6, 2026
@ThatSilentCoder ThatSilentCoder added the refactor Code improvements, restructuring, or cleanup without changing external behavior. label Mar 10, 2026
@ThatSilentCoder
v3.1_issue_1127: Adding the setup ecc keys param to the powershell sc…
b368c91 
…ripts slowly but surely. Renamed some functions in the service/helper classes.
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
ac0ec5c
@ThatSilentCoder
v3.1_issue1127: Can now add rsa,ecc properties to the spring file whe…
5e57027 
…n params are set. Corrrected language/presentation of help menu for both bash and ps scripts.
@ThatSilentCoder
v3.1_issue1127: Finished modifying powershell scripts to accept the t…
7fb5757 
…a, aa, and da parameters and can now set the ecc and rsa configs based on the provided alg param. Corrected spelling, syntax errors, and other minor things to ensure these scripts can be run without any issues.
@ThatSilentCoder
Piped output of write-output to WriteAndLog function
1c796c5
iadgovuser29 and others added 3 commits March 13, 2026 09:16
@iadgovuser29 @ThatSilentCoder
MSBuild should build msi on fips systems; better version reporting (#…
35be596 
…1132)
@ThatSilentCoder
Merge branch 'main' into v3.1_issue_1090-fix-aca-provision-using-ecc-key
fb47a66
@ThatSilentCoder
v3.1_issue_1127: Created a new service class for the tpm state. Refac…
335c42c 
…toring the cert request processor service. Refactored PS setup script and formatted ps1 scripts. Will work on the method that takes ak and ek ecc key and should be done with draft PR.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement Improving on an implemented feature refactor Code improvements, restructuring, or cleanup without changing external behavior.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix ACA provision using ecc key

2 participants

@ThatSilentCoder @iadgovuser29