From 00d3846dfe8b77a06919dff166736d10b0d0056f Mon Sep 17 00:00:00 2001
From: chubtub <43381989+chubtub@users.noreply.github.com>
Date: Mon, 9 Nov 2020 15:23:56 -0500
Subject: [PATCH] Remove default keystore file constant, this file is now an
 input parameter.

---
 .../main/java/hirs/swid/CredentialParser.java |   4 +-
 .../src/main/java/hirs/swid/Main.java         |   6 ++-
 .../main/java/hirs/swid/SwidTagConstants.java |   1 -
 .../main/java/hirs/swid/SwidTagGateway.java   |  50 +++++++++++++++---
 .../main/java/hirs/swid/SwidTagValidator.java |  18 +++++--
 .../main/java/hirs/swid/utils/Commander.java  |  11 ++--
 .../java/hirs/swid/TestSwidTagGateway.java    |   4 +-
 .../src/test/resources/keystore.jks           | Bin 0 -> 2290 bytes
 8 files changed, 76 insertions(+), 18 deletions(-)
 create mode 100644 tools/tcg_rim_tool/src/test/resources/keystore.jks

diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
index e4ca291a..0defcb80 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
@@ -50,9 +50,9 @@ public class CredentialParser {
         return publicKey;
     }
 
-    public void parseJKSCredentials() {
+    public void parseJKSCredentials(String jksKeystore) {
         KeyStore.PrivateKeyEntry privateKeyEntry =
-                parseKeystorePrivateKey(SwidTagConstants.DEFAULT_KEYSTORE_PATH,
+                parseKeystorePrivateKey(jksKeystore,
                         SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
                         SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
         certificate = (X509Certificate) privateKeyEntry.getCertificate();
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
index fd269b4b..f1d2c540 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@@ -47,6 +47,7 @@ public class Main {
                 System.out.println(commander.toString());
                 String createType = commander.getCreateType().toUpperCase();
                 String attributesFile = commander.getAttributesFile();
+                String jksKeystoreFile = commander.getKeystoreFile();
                 String certificateFile = commander.getPublicCertificate();
                 String privateKeyFile = commander.getPrivateKeyFile();
                 String rimEventLog = commander.getRimEventLog();
@@ -55,7 +56,10 @@ public class Main {
                         if (!attributesFile.isEmpty()) {
                             gateway.setAttributesFile(attributesFile);
                         }
-                        if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
+                        if (!jksKeystoreFile.isEmpty()) {
+                            gateway.setDefaultCredentials(true);
+                            gateway.setJksKeystoreFile(jksKeystoreFile);
+                        } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
                             gateway.setDefaultCredentials(false);
                             gateway.setPemCertificateFile(certificateFile);
                             gateway.setPemPrivateKeyFile(privateKeyFile);
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
index 9572018f..6d5721de 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
@@ -12,7 +12,6 @@ import javax.xml.namespace.QName;
  */
 public class SwidTagConstants {
 
-    public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
     public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
     public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
     public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
index 09a8ca0b..46a90026 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
@@ -4,7 +4,13 @@ import com.eclipsesource.json.Json;
 import com.eclipsesource.json.JsonObject;
 import com.eclipsesource.json.ParseException;
 import hirs.swid.utils.HashSwid;
-import hirs.swid.xjc.*;
+import hirs.swid.xjc.Directory;
+import hirs.swid.xjc.Entity;
+import hirs.swid.xjc.Link;
+import hirs.swid.xjc.ObjectFactory;
+import hirs.swid.xjc.ResourceCollection;
+import hirs.swid.xjc.SoftwareIdentity;
+import hirs.swid.xjc.SoftwareMeta;
 import org.w3c.dom.Document;
 
 import javax.xml.bind.JAXBContext;
@@ -13,24 +19,47 @@ import javax.xml.bind.JAXBException;
 import javax.xml.bind.Marshaller;
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyName;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.*;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
+import java.io.BufferedReader;
 import java.io.File;
-import java.io.*;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.*;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -51,6 +80,7 @@ public class SwidTagGateway {
     private Marshaller marshaller;
     private String attributesFile;
     private boolean defaultCredentials;
+    private String jksKeystoreFile;
     private String pemPrivateKeyFile;
     private String pemCertificateFile;
     private String rimEventLog;
@@ -88,6 +118,12 @@ public class SwidTagGateway {
         this.defaultCredentials = defaultCredentials;
     }
 
+    /**
+     * Setter for JKS keystore file
+     * @param jksKeystoreFile
+     */
+    public void setJksKeystoreFile(String jksKeystoreFile) { this.jksKeystoreFile = jksKeystoreFile; }
+
     /**
      * Setter for private key file in PEM format
      * @param pemPrivateKeyFile
@@ -404,7 +440,7 @@ public class SwidTagGateway {
             PublicKey publicKey;
             CredentialParser cp = new CredentialParser();
             if (defaultCredentials) {
-                cp.parseJKSCredentials();
+                cp.parseJKSCredentials(jksKeystoreFile);
                 privateKey = cp.getPrivateKey();
                 publicKey = cp.getPublicKey();
                 KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
index 74c5165e..7c580dae 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
@@ -10,20 +10,29 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.UnmarshalException;
 import javax.xml.bind.Unmarshaller;
-import javax.xml.crypto.*;
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.XMLSignatureException;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.dom.DOMValidateContext;
 import javax.xml.crypto.dsig.keyinfo.KeyInfo;
 import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.xml.transform.*;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMResult;
 import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Key;
@@ -31,6 +40,9 @@ import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Iterator;
 
+/**
+ * This class handles validating base Reference Integrity Manifest files.
+ */
 public class SwidTagValidator {
     private Unmarshaller unmarshaller;
     private String rimEventLog;
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
index 2fb0652d..d267d59e 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
@@ -28,14 +28,17 @@ public class Commander {
     @Parameter(names = {"-v", "--verify <path>"}, order = 3,
             description = "Specify a RIM file to verify.")
     private String verifyFile = "";
-    @Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 4,
+    @Parameter(names = {"--keystore <path>"}, order = 4,
+            description = "JKS keystore containing a private key to sign the base RIM created by the create function.")
+    private String keystoreFile = "";
+    @Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5,
             description = "File containing the private key used to sign the base RIM created by the create function.")
     private String privateKeyFile = "";
-    @Parameter(names = {"-p", "--publicCertificate <path>"}, order = 5,
+    @Parameter(names = {"-p", "--publicCertificate <path>"}, order = 6,
             description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
                     "A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
     private String publicCertificate = "";
-    @Parameter(names = {"-l", "--rimel <path>"}, order = 6,
+    @Parameter(names = {"-l", "--rimel <path>"}, order = 7,
             description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
     private String rimEventLog = "";
 /*
@@ -69,6 +72,8 @@ public class Commander {
         return verifyFile;
     }
 
+    public String getKeystoreFile() { return keystoreFile; }
+
     public String getPrivateKeyFile() {
         return privateKeyFile;
     }
diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
index 2b420ac6..93883d67 100644
--- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
@@ -21,6 +21,7 @@ public class TestSwidTagGateway {
 	private final String DEFAULT_WITH_CERT = "generated_with_cert.swidtag";
 	private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
 	private final String ATTRIBUTES_FILE = TestSwidTagGateway.class.getClassLoader().getResource("rim_fields.json").getPath();
+	private final String JKS_KEYSTORE_FILE = TestSwidTagGateway.class.getClassLoader().getResource("keystore.jks").getPath();
 	private final String SIGNING_CERT_FILE = TestSwidTagGateway.class.getClassLoader().getResource("RimSignCert.pem").getPath();
 	private final String PRIVATE_KEY_FILE = TestSwidTagGateway.class.getClassLoader().getResource("privateRimKey.pem").getPath();
 	private final String SUPPORT_RIM_FILE = TestSwidTagGateway.class.getClassLoader().getResource("TpmLog.bin").getPath();
@@ -48,7 +49,7 @@ public class TestSwidTagGateway {
 	 * where RimSignCert.pem has the AIA extension.
 	 */
 	@Test
-	public void testCreateBaseWithCert() throws URISyntaxException {
+	public void testCreateBaseWithCert() {
 		gateway.setDefaultCredentials(false);
 		gateway.setPemCertificateFile(SIGNING_CERT_FILE);
 		gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE);
@@ -64,6 +65,7 @@ public class TestSwidTagGateway {
 	@Test
 	public void testCreateBaseWithoutCert() {
 		gateway.setDefaultCredentials(true);
+		gateway.setJksKeystoreFile(JKS_KEYSTORE_FILE);
 		gateway.generateSwidTag(DEFAULT_OUTPUT);
 		expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_NO_CERT);
 		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
diff --git a/tools/tcg_rim_tool/src/test/resources/keystore.jks b/tools/tcg_rim_tool/src/test/resources/keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..2877d7f4c9d5c1f8d1b80c74e05e60b1e1652a2b
GIT binary patch
literal 2290
zcmbtVc{J1w7oLsGn906Gh6s`Pp=`ZTjU^${$XX&pNTDocna|iswvg1=!<1#LV=}g3
z@Fs+$?E8`_JIV4=-}%n_|M$oJ<9Y5q=dR~IyUblC2n2%c8~C>&9^mdeK5%xrhjZAc
z-2eV~Uj_tXfdB;9E^wF?agr4b1It3Vz+e^-i~ySlupF90qB{>7dBx0D1`ekmc?WOq
zEr`l#rq)U|Aw*{}j3m8}qCFp$uAtdNUt_mlnr!6OGOcOq540d7+0EfV(a4DmEf=%p
zt6RJPdU&R1w#(%aAzj#Z4jChnSa|HtSkCUTXoMfY%ucR+n3~KjnSvd!87;HlrC&{O
z>2J>z7wYv)x>mK)-(DXkrsuBh5;)%D{q$rNjhy8yQ&M0avprSx^+{1Ev2|tAJ<7&g
zGqjVu7E>n0I%!lSu5f?g=PD%7MF~Yt*VrhD#;To~J%d`>Xz;I-&2*&XKc*FX2F46y
z%afw|Ac#qSkqv+QK;J5Mi1g1dzj7%qInN^QS<kKOiwa}}U_tuy0KJlVOuZa|A219v
z$Um|pyBHU1<$WpbzWvSm+2FF}dGhBz*t}PFcqf{zVk0p#S|?Af!N!gL)NV2vRwHj)
zj^ACY8c0?pr4f5@Lsd|G#5m^1S=#ODAN2RA9!+<~J<Vnb;)GM{C?DS)4nlL{9FJ<@
zdeGYB2Y8TfIMLU+qDgNUW^7Mv>5$K)8<wZ%TR(C+N@@#N;Z9`t37#idC}>>I`KtJ`
zUK4*)NVTSa;?lR34js0oxa*SJr#(5OB)hH6qT~k?FGe!YwXV8msMk4__lT_HKYs5r
zc9au(%tf@PpXQv~puxXYQbxSL$B)YxdyYtOc?Zja9HwW-=*tbG>n0v&OA7dNUKPVK
z;dK|S>eRo&o9LyEt+srRs*?*awsgF<VII@9KRg8p1-H@an%5r{jFGYH)s}MhZXSfl
zz~pIJ@0GME|EeC&?M&sxHCzSv7fn_4s68p-f$|CPGqJZ<jo*wo2-<VZSngOyD@hI3
z{RD}8ufMuQJ0t2+o5;rJ71LMK79Mv65?EZcvRBkY7_vP4;k#|GibOLqk|scGdF;Ea
zXk_XOG;3t3E_-O%Do9%Jqa1d$i>8i`Y$C_bryHowTQVKT`Y(ZWzVnHSl>5V<mqzF1
zS4G(Elp_1{Rgr<OtqU^^gkLVy706y2{Freo!fV^_%ATo!ROI<eOe7wj&_;5Lm+q@8
z+w2bU&p+p_yXq>9f+Qw+dHR?LTrV2;yIopO?H)tVXF{^8O8w3c+s_4L&*>L*2biXl
zO^PLb2>MTn3}tMon&0*3X3$%{S87v|)fUWI#;EQLXyw&`ooJEUVo}d-C(YjH5)O`g
zocn3IZNUHyP(wL=hV>D{uNt3i2e}L2gx)aDXPMf0UUc<wt@z{@PV;Ryc5LmkWY@l#
zp^goy*NGfvtmFkL$mD5xS#M>Jpads%a^b&HXXVRBsnUT9?6L@1So_e?*-E_|bHjsv
zZD>tt>A*o(of6N`n)UY;#IBA?3wFsTgrF>{65^Nq_)0eKHJk3l<4@TnP9C4m%DbGz
z?`0T-Kjjp!&}XFKx^;YfYFp)O)|q&@9Dbz6-8O|vZ^rs@6#IC#cq!Kcexa(nQKf6i
zd5F-qscbru$l28t|2eI3QahVOX<XshBImuE;oG|vS}3D80iM*EgUDzJR)?uXy{!>6
zNsNf1Qv;l>L#OWC(w7{i>24Z@Csj>l?O|htqo+F3_xQ$jDK-9<JEcY8EgiiKYq-eh
z{AH#m0$<8QdlXz#8zg!z-p=2KjYhYdc2;+jysXeY6|hBFZU6lpSuEtw0O}wRG#4O1
zGXVl5G6M<$Lm+U_VqkIZg^(jZ0Te4-HtbT^1_}&jX8{4%6xjhdE7T0e$^$X`A7Dd5
zu3u2(-2bTi9t84`j<21Y`(2zO7r=4Aup`+_Fqpf}xO)#3xdF}t3W|jPHwbe9KntLh
z06<w$QBh4%QAx>40Hq872jC9`Z2sS*!oZO~Nx5-<Dw8+WH<JG?3!VT0EdK8<_mu!j
z0CRx$c?5(227~gvlI(Kyg~=dRm3r@tew>G?(G4e&*efYr>Ob$FnmG!#5n6UQmfWPR
zTO4<?H8-|-gw&z7>u%-2z-Xx2N^tYCwJe6<CYq#3I0{cS{VosZ%)78RhAv+-kjiM(
zQ7k3Oc#$02V=(p^8O&>5vY{8?y}IGn_=8{M>kuixO`Up2D3(gRc=P4A`cRdIl+n1q
z3hhiBe=%C(7|)6jMy;LIFgBGA+vYbY*{uGrLbaVA$h*{%;yaFi%h6}8bPU8nuqEWV
z#fKxAA)!a*KiMG@ij~A)We4${;EP1B$N9V#b-w=OG#V{+8XLtCWjtYKDih;G?Nm+u
zB2UFEPsc!@U=TR_KHvt3><>}oFpM9@t1wKN=>oFEUXj3ILdnL=h2@$CK=i;Z0TTrH
z|HG@BNnsAW_OR{ho_QSg*NuBG=*eoo4@ZOt1_3|-`#~%R3<ia;)&o2TKoW)o5Ugzb
zip;`t2nzl8O7;(Le<ffLu3wnONNr)0CO)DpZ4$a{k{WzS)tkMN=Kd?JRjc>RQ*{Rp
zzjz-?b2uS`yc>{~!#u=IGspMsNxgwQ)M9Oxfxig}?$eshZxk~k#aI7@w_phAVXWlT
zH`7j+r6>u%ItH`o5fdvov<u9c+ZD=H;KdRSF|nK<sRK_=N+jaLs6I`-9^^`0|FW~Y
z32Rh}`(nR*Zal2>h2RLfM~B~#bRng9jmsE_i_@_Df;;I{lWHkovi7|7;g{|l>B5L2
zdD>Q6z4A*Crv3bh*l0r>r4{_^t>++B2)UGEme!WgI`?GR2D0cJ{mrxdz27lUqA8go
jO()V!LGJC};w%DUvMt_eO1|oUKT&5*!YtcZPrLsE4Iu|3

literal 0
HcmV?d00001