Remove default keystore file constant, this file is now an input parameter.

tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java

@@ -50,9 +50,9 @@ public class CredentialParser {
         return publicKey;
     }
 
-    public void parseJKSCredentials() {
+    public void parseJKSCredentials(String jksKeystore) {
         KeyStore.PrivateKeyEntry privateKeyEntry =
-                parseKeystorePrivateKey(SwidTagConstants.DEFAULT_KEYSTORE_PATH,
+                parseKeystorePrivateKey(jksKeystore,
                         SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
                         SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
         certificate = (X509Certificate) privateKeyEntry.getCertificate();

tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java

@@ -47,6 +47,7 @@ public class Main {
                 System.out.println(commander.toString());
                 String createType = commander.getCreateType().toUpperCase();
                 String attributesFile = commander.getAttributesFile();
+                String jksKeystoreFile = commander.getKeystoreFile();
                 String certificateFile = commander.getPublicCertificate();
                 String privateKeyFile = commander.getPrivateKeyFile();
                 String rimEventLog = commander.getRimEventLog();
@@ -55,7 +56,10 @@ public class Main {
                         if (!attributesFile.isEmpty()) {
                             gateway.setAttributesFile(attributesFile);
                         }
-                        if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
+                        if (!jksKeystoreFile.isEmpty()) {
+                            gateway.setDefaultCredentials(true);
+                            gateway.setJksKeystoreFile(jksKeystoreFile);
+                        } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
                             gateway.setDefaultCredentials(false);
                             gateway.setPemCertificateFile(certificateFile);
                             gateway.setPemPrivateKeyFile(privateKeyFile);

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java

@@ -12,7 +12,6 @@ import javax.xml.namespace.QName;
  */
 public class SwidTagConstants {
 
-    public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
     public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
     public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
     public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java

@@ -4,7 +4,13 @@ import com.eclipsesource.json.Json;
 import com.eclipsesource.json.JsonObject;
 import com.eclipsesource.json.ParseException;
 import hirs.swid.utils.HashSwid;
-import hirs.swid.xjc.*;
+import hirs.swid.xjc.Directory;
+import hirs.swid.xjc.Entity;
+import hirs.swid.xjc.Link;
+import hirs.swid.xjc.ObjectFactory;
+import hirs.swid.xjc.ResourceCollection;
+import hirs.swid.xjc.SoftwareIdentity;
+import hirs.swid.xjc.SoftwareMeta;
 import org.w3c.dom.Document;
 
 import javax.xml.bind.JAXBContext;
@@ -13,24 +19,47 @@ import javax.xml.bind.JAXBException;
 import javax.xml.bind.Marshaller;
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
-import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyName;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.*;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
+import java.io.BufferedReader;
 import java.io.File;
-import java.io.*;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.security.*;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -51,6 +80,7 @@ public class SwidTagGateway {
     private Marshaller marshaller;
     private String attributesFile;
     private boolean defaultCredentials;
+    private String jksKeystoreFile;
     private String pemPrivateKeyFile;
     private String pemCertificateFile;
     private String rimEventLog;
@@ -88,6 +118,12 @@ public class SwidTagGateway {
         this.defaultCredentials = defaultCredentials;
     }
 
+    /**
+     * Setter for JKS keystore file
+     * @param jksKeystoreFile
+     */
+    public void setJksKeystoreFile(String jksKeystoreFile) { this.jksKeystoreFile = jksKeystoreFile; }
+
     /**
      * Setter for private key file in PEM format
      * @param pemPrivateKeyFile
@@ -404,7 +440,7 @@ public class SwidTagGateway {
             PublicKey publicKey;
             CredentialParser cp = new CredentialParser();
             if (defaultCredentials) {
-                cp.parseJKSCredentials();
+                cp.parseJKSCredentials(jksKeystoreFile);
                 privateKey = cp.getPrivateKey();
                 publicKey = cp.getPublicKey();
                 KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java

@@ -10,20 +10,29 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.UnmarshalException;
 import javax.xml.bind.Unmarshaller;
-import javax.xml.crypto.*;
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelector;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dsig.XMLSignature;
 import javax.xml.crypto.dsig.XMLSignatureException;
 import javax.xml.crypto.dsig.XMLSignatureFactory;
 import javax.xml.crypto.dsig.dom.DOMValidateContext;
 import javax.xml.crypto.dsig.keyinfo.KeyInfo;
 import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.xml.transform.*;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMResult;
 import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Key;
@@ -31,6 +40,9 @@ import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Iterator;
 
+/**
+ * This class handles validating base Reference Integrity Manifest files.
+ */
 public class SwidTagValidator {
     private Unmarshaller unmarshaller;
     private String rimEventLog;

tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java

@@ -28,14 +28,17 @@ public class Commander {
     @Parameter(names = {"-v", "--verify <path>"}, order = 3,
             description = "Specify a RIM file to verify.")
     private String verifyFile = "";
-    @Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 4,
+    @Parameter(names = {"--keystore <path>"}, order = 4,
+            description = "JKS keystore containing a private key to sign the base RIM created by the create function.")
+    private String keystoreFile = "";
+    @Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5,
             description = "File containing the private key used to sign the base RIM created by the create function.")
     private String privateKeyFile = "";
-    @Parameter(names = {"-p", "--publicCertificate <path>"}, order = 5,
+    @Parameter(names = {"-p", "--publicCertificate <path>"}, order = 6,
             description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
                     "A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
     private String publicCertificate = "";
-    @Parameter(names = {"-l", "--rimel <path>"}, order = 6,
+    @Parameter(names = {"-l", "--rimel <path>"}, order = 7,
             description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
     private String rimEventLog = "";
 /*
@@ -69,6 +72,8 @@ public class Commander {
         return verifyFile;
     }
 
+    public String getKeystoreFile() { return keystoreFile; }
+
     public String getPrivateKeyFile() {
         return privateKeyFile;
     }

tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java

@@ -21,6 +21,7 @@ public class TestSwidTagGateway {
 	private final String DEFAULT_WITH_CERT = "generated_with_cert.swidtag";
 	private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
 	private final String ATTRIBUTES_FILE = TestSwidTagGateway.class.getClassLoader().getResource("rim_fields.json").getPath();
+	private final String JKS_KEYSTORE_FILE = TestSwidTagGateway.class.getClassLoader().getResource("keystore.jks").getPath();
 	private final String SIGNING_CERT_FILE = TestSwidTagGateway.class.getClassLoader().getResource("RimSignCert.pem").getPath();
 	private final String PRIVATE_KEY_FILE = TestSwidTagGateway.class.getClassLoader().getResource("privateRimKey.pem").getPath();
 	private final String SUPPORT_RIM_FILE = TestSwidTagGateway.class.getClassLoader().getResource("TpmLog.bin").getPath();
@@ -48,7 +49,7 @@ public class TestSwidTagGateway {
 	 * where RimSignCert.pem has the AIA extension.
 	 */
 	@Test
-	public void testCreateBaseWithCert() throws URISyntaxException {
+	public void testCreateBaseWithCert() {
 		gateway.setDefaultCredentials(false);
 		gateway.setPemCertificateFile(SIGNING_CERT_FILE);
 		gateway.setPemPrivateKeyFile(PRIVATE_KEY_FILE);
@@ -64,6 +65,7 @@ public class TestSwidTagGateway {
 	@Test
 	public void testCreateBaseWithoutCert() {
 		gateway.setDefaultCredentials(true);
+		gateway.setJksKeystoreFile(JKS_KEYSTORE_FILE);
 		gateway.generateSwidTag(DEFAULT_OUTPUT);
 		expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_NO_CERT);
 		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));