mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-02-20 09:46:14 +00:00
Remove default keystore file constant, this file is now an input parameter.
This commit is contained in:
chubtub
parent
3e35fe4524
commit
00d3846dfe
@ -50,9 +50,9 @@ public class CredentialParser {
|
||||
return publicKey;
|
||||
}
|
||||
|
||||
public void parseJKSCredentials() {
|
||||
public void parseJKSCredentials(String jksKeystore) {
|
||||
KeyStore.PrivateKeyEntry privateKeyEntry =
|
||||
parseKeystorePrivateKey(SwidTagConstants.DEFAULT_KEYSTORE_PATH,
|
||||
parseKeystorePrivateKey(jksKeystore,
|
||||
SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
|
||||
SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
|
||||
certificate = (X509Certificate) privateKeyEntry.getCertificate();
|
||||
|
||||
@ -47,6 +47,7 @@ public class Main {
|
||||
System.out.println(commander.toString());
|
||||
String createType = commander.getCreateType().toUpperCase();
|
||||
String attributesFile = commander.getAttributesFile();
|
||||
String jksKeystoreFile = commander.getKeystoreFile();
|
||||
String certificateFile = commander.getPublicCertificate();
|
||||
String privateKeyFile = commander.getPrivateKeyFile();
|
||||
String rimEventLog = commander.getRimEventLog();
|
||||
@ -55,7 +56,10 @@ public class Main {
|
||||
if (!attributesFile.isEmpty()) {
|
||||
gateway.setAttributesFile(attributesFile);
|
||||
}
|
||||
if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
|
||||
if (!jksKeystoreFile.isEmpty()) {
|
||||
gateway.setDefaultCredentials(true);
|
||||
gateway.setJksKeystoreFile(jksKeystoreFile);
|
||||
} else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
|
||||
gateway.setDefaultCredentials(false);
|
||||
gateway.setPemCertificateFile(certificateFile);
|
||||
gateway.setPemPrivateKeyFile(privateKeyFile);
|
||||
|
||||
@ -12,7 +12,6 @@ import javax.xml.namespace.QName;
|
||||
*/
|
||||
public class SwidTagConstants {
|
||||
|
||||
public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
|
||||
public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
|
||||
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
|
||||
public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";
|
||||
|
||||
@ -4,7 +4,13 @@ import com.eclipsesource.json.Json;
|
||||
import com.eclipsesource.json.JsonObject;
|
||||
import com.eclipsesource.json.ParseException;
|
||||
import hirs.swid.utils.HashSwid;
|
||||
import hirs.swid.xjc.*;
|
||||
import hirs.swid.xjc.Directory;
|
||||
import hirs.swid.xjc.Entity;
|
||||
import hirs.swid.xjc.Link;
|
||||
import hirs.swid.xjc.ObjectFactory;
|
||||
import hirs.swid.xjc.ResourceCollection;
|
||||
import hirs.swid.xjc.SoftwareIdentity;
|
||||
import hirs.swid.xjc.SoftwareMeta;
|
||||
import org.w3c.dom.Document;
|
||||
|
||||
import javax.xml.bind.JAXBContext;
|
||||
@ -13,24 +19,47 @@ import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Marshaller;
|
||||
import javax.xml.crypto.MarshalException;
|
||||
import javax.xml.crypto.XMLStructure;
|
||||
import javax.xml.crypto.dsig.*;
|
||||
import javax.xml.crypto.dsig.CanonicalizationMethod;
|
||||
import javax.xml.crypto.dsig.DigestMethod;
|
||||
import javax.xml.crypto.dsig.Reference;
|
||||
import javax.xml.crypto.dsig.SignedInfo;
|
||||
import javax.xml.crypto.dsig.Transform;
|
||||
import javax.xml.crypto.dsig.XMLSignature;
|
||||
import javax.xml.crypto.dsig.XMLSignatureException;
|
||||
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||||
import javax.xml.crypto.dsig.dom.DOMSignContext;
|
||||
import javax.xml.crypto.dsig.keyinfo.*;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyName;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyValue;
|
||||
import javax.xml.crypto.dsig.keyinfo.X509Data;
|
||||
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
|
||||
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
|
||||
import javax.xml.namespace.QName;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.transform.*;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
import javax.xml.transform.Source;
|
||||
import javax.xml.transform.Transformer;
|
||||
import javax.xml.transform.TransformerConfigurationException;
|
||||
import javax.xml.transform.TransformerException;
|
||||
import javax.xml.transform.TransformerFactory;
|
||||
import javax.xml.transform.dom.DOMSource;
|
||||
import javax.xml.transform.stream.StreamResult;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.*;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.*;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.KeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
@ -51,6 +80,7 @@ public class SwidTagGateway {
|
||||
private Marshaller marshaller;
|
||||
private String attributesFile;
|
||||
private boolean defaultCredentials;
|
||||
private String jksKeystoreFile;
|
||||
private String pemPrivateKeyFile;
|
||||
private String pemCertificateFile;
|
||||
private String rimEventLog;
|
||||
@ -88,6 +118,12 @@ public class SwidTagGateway {
|
||||
this.defaultCredentials = defaultCredentials;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter for JKS keystore file
|
||||
* @param jksKeystoreFile
|
||||
*/
|
||||
public void setJksKeystoreFile(String jksKeystoreFile) { this.jksKeystoreFile = jksKeystoreFile; }
|
||||
|
||||
/**
|
||||
* Setter for private key file in PEM format
|
||||
* @param pemPrivateKeyFile
|
||||
@ -404,7 +440,7 @@ public class SwidTagGateway {
|
||||
PublicKey publicKey;
|
||||
CredentialParser cp = new CredentialParser();
|
||||
if (defaultCredentials) {
|
||||
cp.parseJKSCredentials();
|
||||
cp.parseJKSCredentials(jksKeystoreFile);
|
||||
privateKey = cp.getPrivateKey();
|
||||
publicKey = cp.getPublicKey();
|
||||
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
|
||||
|
||||
@ -10,20 +10,29 @@ import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.UnmarshalException;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import javax.xml.crypto.*;
|
||||
import javax.xml.crypto.AlgorithmMethod;
|
||||
import javax.xml.crypto.KeySelector;
|
||||
import javax.xml.crypto.KeySelectorException;
|
||||
import javax.xml.crypto.KeySelectorResult;
|
||||
import javax.xml.crypto.MarshalException;
|
||||
import javax.xml.crypto.XMLCryptoContext;
|
||||
import javax.xml.crypto.XMLStructure;
|
||||
import javax.xml.crypto.dsig.XMLSignature;
|
||||
import javax.xml.crypto.dsig.XMLSignatureException;
|
||||
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||||
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
||||
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
|
||||
import javax.xml.crypto.dsig.keyinfo.X509Data;
|
||||
import javax.xml.transform.*;
|
||||
import javax.xml.transform.Source;
|
||||
import javax.xml.transform.Transformer;
|
||||
import javax.xml.transform.TransformerConfigurationException;
|
||||
import javax.xml.transform.TransformerException;
|
||||
import javax.xml.transform.TransformerFactory;
|
||||
import javax.xml.transform.dom.DOMResult;
|
||||
import javax.xml.transform.stream.StreamSource;
|
||||
import javax.xml.validation.Schema;
|
||||
import javax.xml.validation.SchemaFactory;
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.Key;
|
||||
@ -31,6 +40,9 @@ import java.security.PublicKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Iterator;
|
||||
|
||||
/**
|
||||
* This class handles validating base Reference Integrity Manifest files.
|
||||
*/
|
||||
public class SwidTagValidator {
|
||||
private Unmarshaller unmarshaller;
|
||||
private String rimEventLog;
|
||||
|
||||
@ -28,14 +28,17 @@ public class Commander {
|
||||
@Parameter(names = {"-v", "--verify <path>"}, order = 3,
|
||||
description = "Specify a RIM file to verify.")
|
||||
private String verifyFile = "";
|
||||
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 4,
|
||||
@Parameter(names = {"--keystore <path>"}, order = 4,
|
||||
description = "JKS keystore containing a private key to sign the base RIM created by the create function.")
|
||||
private String keystoreFile = "";
|
||||
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5,
|
||||
description = "File containing the private key used to sign the base RIM created by the create function.")
|
||||
private String privateKeyFile = "";
|
||||
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 5,
|
||||
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 6,
|
||||
description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
|
||||
"A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
|
||||
private String publicCertificate = "";
|
||||
@Parameter(names = {"-l", "--rimel <path>"}, order = 6,
|
||||
@Parameter(names = {"-l", "--rimel <path>"}, order = 7,
|
||||
description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
|
||||
private String rimEventLog = "";
|
||||
/*
|
||||
@ -69,6 +72,8 @@ public class Commander {
|
||||
return verifyFile;
|
||||
}
|
||||
|
||||
public String getKeystoreFile() { return keystoreFile; }
|
||||
|
||||
public String getPrivateKeyFile() {
|
||||
return privateKeyFile;
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ public class TestSwidTagGateway {
|
||||
private final String DEFAULT_WITH_CERT = "generated_with_cert.swidtag";
|
||||
private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
|
||||
private final String ATTRIBUTES_FILE = TestSwidTagGateway.class.getClassLoader().getResource("rim_fields.json").getPath();
|
||||
private final String JKS_KEYSTORE_FILE = TestSwidTagGateway.class.getClassLoader().getResource("keystore.jks").getPath();
|
||||
private final String SIGNING_CERT_FILE = TestSwidTagGateway.class.getClassLoader().getResource("RimSignCert.pem").getPath();
|
||||
private final String PRIVATE_KEY_FILE = TestSwidTagGateway.class.getClassLoader().getResource("privateRimKey.pem").getPath();
|
||||
private final String SUPPORT_RIM_FILE = TestSwidTagGateway.class.getClassLoader().getResource("TpmLog.bin").getPath();
|
||||
@ -48,7 +49,7 @@ public class TestSwidTagGateway {
|
||||
* where RimSignCert.pem has the AIA extension.
|
||||
*/
|
||||
@Test
|
||||
public void testCreateBaseWithCert() throws URISyntaxException {
|
||||
public void testCreateBaseWithCert() {
|
||||
gateway.setDefaultCredentials(false);
|
||||
gateway.setPemCertificateFile(SIGNING_CERT_FILE);
|
||||
gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE);
|
||||
@ -64,6 +65,7 @@ public class TestSwidTagGateway {
|
||||
@Test
|
||||
public void testCreateBaseWithoutCert() {
|
||||
gateway.setDefaultCredentials(true);
|
||||
gateway.setJksKeystoreFile(JKS_KEYSTORE_FILE);
|
||||
gateway.generateSwidTag(DEFAULT_OUTPUT);
|
||||
expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_NO_CERT);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
|
||||
BIN
tools/tcg_rim_tool/src/test/resources/keystore.jks
Normal file
BIN
tools/tcg_rim_tool/src/test/resources/keystore.jks
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user