Implement --privateKeyFile and --publicCertificate in JCommander

This commit is contained in:
chubtub 2020-03-12 16:34:34 -04:00
parent 030ce39613
commit 0123a081a8
6 changed files with 297 additions and 138 deletions

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI
UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z
MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu
UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk
SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
/nBaccZDOjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cx
j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ
ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM
PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n
us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s
8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA
A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo
KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib
NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz
O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ
0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
crTLeyFynlKxuCfDnr1SAHDM65BY
-----END CERTIFICATE-----

View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCndZVhpEkbsQAG
NsB2oNhlcVJNXWcdj06X0Dn5by3nHAFcGvJkIZbEREavkCvIpY/F36rOOP5wWnHG
Qzo3XyMSFAjH8IRl48QmqmW4E7nDbBMQ57uGq0xq2qAMMx4NHFS4ik/wsY/TS+HX
DIMUV7D3R3129Pdtwu8WHdrdqn1tObpoGo+6nkJenOvAhTbBl+CQPK1hUGb7xseQ
xpSuCk3Iz7kECDbOX8WrDSqi2Noavs/Nsf66sK9oZsosw+haRUsiAATxDD3wdN+h
hIUcLtVhDJKvMiKdo4EVKBWJHvaQd6YfaVaMNB4eJjRUig+KT+NVUimNZ7rPN5nZ
LrpD8uaNAgMBAAECggEAcnG8npd9U0x7HMQMcsZoPaPdwHvF/gCzkLNA+8RM1bZh
A4ZzA5WlCQs0V8Wq9pyXjn7Wp8txsG1PdlT5k2AUgsVoXuR0R4IKyvYHQG9StEjH
GvWURmwJdLlnSg8hSYqEJ/52taNUDO6+MI8fgiaQDd8w0ryF4OCpLy9GJdnfkGYZ
Ayemb3USFUdj/S67NVqxnvAfFMM5FqkKGhkoy7wBRgO6eOeJvoTq8LMiPiponwwF
DW409ZStbrk1f1Oszst/UvFUWA9BdDfeoPmFR61y3eB5zlMQG8Mhr2v5hvkj9TPX
FU4Fm4EzZ1h/60cdWoP6XYCP7F2NqZ8N8u4UBQNAIQKBgQDcGIw5GJEvRF+FFTTR
hYatMRn80DGTVjdT32MgajdKx05OWxBmQsFob34fiSnr0wAXPJeDXG4ruMBE2bSk
EC8rCO08G8ihQoH8x0cvuERe1fpVWk3RWNucVGIiJSEXAIwWrlYZLTfYd5GqBkPE
OQxxo4MtOyqeHmVH1mOywk9ABQKBgQDCxt95luzqQZV9Xl78QQvOIbjOdHLjY23Z
yp8sGt9birL/WZ33TCRgmH1e61BdrSqO7Om/ail2Y59XM5UU6kLbDj0IgmOPTsrJ
JmIVf8r3bKltVUaLePgr4yex7dmtHRH8OkLXKnE0RCO0kCi9kJMB12yE3pWxk+Pu
zztQd3a66QKBgBNJd2g9deONe01fOVyu9clRhzR3ThDaOkj4R2h8xlGgO4V0R3Ce
ovIy6vt6epj2yYg/wAs720+rhfXCmijSXj/ILXnZ+W/gMyHimKNe42boG2LFYhJZ
Vg1R+7OAS3EHlD8ckeDs7Hrkp3gdymx0j1mZ+ZHKIIbwpPFxoRT2IBm9AoGBAI0Z
bIK0puP8psKvPrgWluq42xwUl7XKLaX8dtqIjQ3PqGP7E8g2TJP9Y7UDWrDB5Xas
gZi821R8Ts3o/DKukcgGxIgJjP4f4h9dwug4L1yWRxaBFB2tgHqqj/MBjxMtX/4M
Zqdgg6mNQyBm3lyVAynuWRrX9DE0JYa2cQ2VvVkhAoGBAMBv/oT813w00759PmkO
Uxv3LXTJuYBbq0Rmga25jN3ow8LrGQdSVg7F/af3I5KUF7mLiegDy1pkRfauyXH7
+WhEqnf86vDrzPpytDMxinWOQZusCqeWHb+nuVTuL3Fv+GxEdwVGYI/7lFJ7B//h
P5rU93ZoYY7sWcGVqaaEkMRU
-----END PRIVATE KEY-----

View File

@ -0,0 +1,156 @@
package hirs.swid;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.util.encoders.Base64;
import java.io.*;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
public class CredentialParser {
private static final String X509 = "X.509";
private static final String JKS = "JKS";
private static final String PEM = "PEM";
private X509Certificate certificate;
private PrivateKey privateKey;
private PublicKey publicKey;
public X509Certificate getCertificate() {
return certificate;
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public PublicKey getPublicKey() {
return publicKey;
}
public void parseJKSCredentials() {
KeyStore.PrivateKeyEntry privateKeyEntry =
parseKeystorePrivateKey(SwidTagConstants.DEFAULT_KEYSTORE_PATH,
SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
certificate = (X509Certificate) privateKeyEntry.getCertificate();
privateKey = privateKeyEntry.getPrivateKey();
publicKey = certificate.getPublicKey();
}
public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws FileNotFoundException {
certificate = parsePEMCertificate(certificateFile);
/*User input on algorithm???*/
privateKey = parsePEMPrivateKey(privateKeyFile, "RSA");
publicKey = certificate.getPublicKey();
}
/**
* This method returns the X509Certificate found in a PEM file.
* @param filename
* @return
* @throws FileNotFoundException
*/
private X509Certificate parsePEMCertificate(String filename) throws FileNotFoundException {
X509Certificate certificate = null;
try {
FileInputStream fis = new FileInputStream(filename);
BufferedInputStream bis = new BufferedInputStream(fis);
CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
while (bis.available() > 0) {
certificate = (X509Certificate) certificateFactory.generateCertificate(bis);
}
} catch (CertificateException e) {
System.out.println("Error in certificate factory: " + e.getMessage());
} catch (IOException e) {
System.out.println("Error reading from input stream: " + e.getMessage());
}
return certificate;
}
/**
* This method extracts the private key from a PEM file.
* @param filename
* @return
*/
private PrivateKey parsePEMPrivateKey(String filename, String algorithm) {
PrivateKey privateKey = null;
try {
File file = new File(filename);
FileInputStream fis = new FileInputStream(file);
DataInputStream dis = new DataInputStream(fis);
byte[] key = new byte[(int) file.length()];
dis.readFully(key);
dis.close();
String privateKeyStr = new String(key);
privateKeyStr = privateKeyStr.replace("-----BEGIN PRIVATE KEY-----\n", "");
privateKeyStr = privateKeyStr.replace("-----END PRIVATE KEY-----", "");
Base64 base64 = new Base64();
byte[] decodedKey = base64.decode(privateKeyStr);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decodedKey);
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
privateKey = keyFactory.generatePrivate(spec);
} catch (FileNotFoundException e) {
System.out.println("Unable to locate private key file: " + filename);
} catch (NoSuchAlgorithmException e) {
System.out.println("Unable to instantiate KeyFactory with algorithm: " + algorithm);
} catch (IOException e) {
System.out.println("IOException: " + e.getMessage());
} catch (InvalidKeySpecException e) {
System.out.println("Error instantiating PKCS8EncodedKeySpec object: " + e.getMessage());
}
return privateKey;
}
/**
* This method returns the private key in a JKS keystore.
* @param keystoreFile
* @param alias
* @param password
* @return KeyStore.PrivateKeyEntry
*/
private KeyStore.PrivateKeyEntry parseKeystorePrivateKey(String keystoreFile, String alias, String password) {
KeyStore keystore = null;
KeyStore.PrivateKeyEntry privateKey = null;
try {
keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream(keystoreFile), password.toCharArray());
privateKey = (KeyStore.PrivateKeyEntry) keystore.getEntry(alias,
new KeyStore.PasswordProtection(password.toCharArray()));
} catch (FileNotFoundException e) {
System.out.println("Cannot locate keystore " + keystoreFile);
} catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | IOException e) {
e.printStackTrace();
}
return privateKey;
}
/**
* Utility method for extracting the subjectKeyIdentifier from an X509Certificate.
* The subjectKeyIdentifier is stored as a DER-encoded octet and will be converted to a String.
* @return
*/
public String getCertificateSubjectKeyIdentifier() throws IOException {
String decodedValue = null;
byte[] extension = certificate.getExtensionValue(SwidTagConstants.CERTIFICATE_SUBJECT_KEY_IDENTIFIER);
if (extension != null) {
decodedValue = JcaX509ExtensionUtils.parseExtensionValue(extension).toString();
}
return decodedValue;
}
}

View File

@ -3,6 +3,7 @@ package hirs.swid;
import hirs.swid.utils.Commander;
import com.beust.jcommander.JCommander;
import java.io.FileNotFoundException;
import java.io.IOException;
public class Main {
@ -16,44 +17,43 @@ public class Main {
if (commander.isHelp()) {
jc.usage();
System.out.println(commander.printHelpExamples());
} else if (!commander.getVerifyFile().isEmpty()) {
System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile();
String publicCertificate = commander.getPublicCertificate();
if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) {
try {
gateway.validateSwidTag(verifyFile);
} catch (IOException e) {
System.out.println("Error validating RIM file: " + e.getMessage());
} else {
if (!commander.getVerifyFile().isEmpty()) {
System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile();
String publicCertificate = commander.getPublicCertificate();
if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) {
try {
gateway.validateSwidTag(verifyFile);
} catch (IOException e) {
System.out.println("Error validating RIM file: " + e.getMessage());
}
} else {
System.out.println("Need both a RIM file to validate and a public certificate to validate with!");
}
} else {
System.out.println("Need both a RIM file to validate and a public certificate to validate with!");
}
} else {
System.out.println(commander.toString());
String createType = commander.getCreateType().toUpperCase();
String attributesFile = commander.getAttributesFile();
String privateKeyFile = commander.getPrivateKeyFile();
String alias = commander.getAlias();
String privateKeyPassword = commander.getPrivateKeyPassword();
switch (createType) {
case "BASE":
if (!attributesFile.isEmpty()) {
gateway.setAttributesFile(attributesFile);
}
if (!privateKeyFile.isEmpty() &&
!alias.isEmpty() &&
!privateKeyPassword.isEmpty()) {
gateway.setKeystoreFile(privateKeyFile);
gateway.setPrivateKeyAlias(alias);
gateway.setPrivateKeyPassword(privateKeyPassword);
}
gateway.generateSwidTag(commander.getOutFile());
break;
case "EVENTLOG":
break;
case "PCR":
break;
System.out.println(commander.toString());
String createType = commander.getCreateType().toUpperCase();
String attributesFile = commander.getAttributesFile();
String certificateFile = commander.getPublicCertificate();
String privateKeyFile = commander.getPrivateKeyFile();
switch (createType) {
case "BASE":
if (!attributesFile.isEmpty()) {
gateway.setAttributesFile(attributesFile);
}
if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile);
}
gateway.generateSwidTag(commander.getOutFile());
break;
case "EVENTLOG":
break;
case "PCR":
break;
}
}
}
}

View File

@ -41,7 +41,6 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
@ -52,7 +51,6 @@ import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.nio.charset.StandardCharsets;
@ -60,7 +58,6 @@ import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@ -114,15 +111,9 @@ public class SwidTagGateway {
private Marshaller marshaller;
private Unmarshaller unmarshaller;
private String attributesFile;
/**
* The keystoreFile is used in signXMLDocument() to pass in the keystore path.
* The same method requires the keystore password and the alias of the private key,
* which would need to be passed in if not using the default keystore.
*/
private String keystoreFile;
private String privateKeyAlias;
private String privateKeyPassword;
private boolean showCert;
private boolean defaultCredentials;
private String pemPrivateKeyFile;
private String pemCertificateFile;
/**
* Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -133,10 +124,8 @@ public class SwidTagGateway {
marshaller = jaxbContext.createMarshaller();
unmarshaller = jaxbContext.createUnmarshaller();
attributesFile = SwidTagConstants.DEFAULT_ATTRIBUTES_FILE;
keystoreFile = SwidTagConstants.DEFAULT_KEYSTORE_PATH;
privateKeyAlias = SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS;
privateKeyPassword = SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD;
showCert = false;
defaultCredentials = true;
pemCertificateFile = "";
} catch (JAXBException e) {
System.out.println("Error initializing jaxbcontext: " + e.getMessage());
}
@ -151,35 +140,27 @@ public class SwidTagGateway {
}
/**
* Setter for String holding keystore path
* @param keystoreFile
* Setter for boolean governing signing credentials
* @param defaultCredentials
* @return
*/
public void setKeystoreFile(String keystoreFile) {
this.keystoreFile = keystoreFile;
public void setDefaultCredentials(boolean defaultCredentials) {
this.defaultCredentials = defaultCredentials;
}
/**
* Setter for String holding private key alias
* @param privateKeyAlias
* Setter for private key file in PEM format
* @param pemPrivateKeyFile
*/
public void setPrivateKeyAlias(String privateKeyAlias) {
this.privateKeyAlias = privateKeyAlias;
public void setPemPrivateKeyFile(String pemPrivateKeyFile) {
this.pemPrivateKeyFile = pemPrivateKeyFile;
}
/**
* Setter for String holding private key password
* @param privateKeyPassword
/** Setter for certificate file in PEM format
* @param pemCertificateFile
*/
public void setPrivateKeyPassword(String privateKeyPassword) {
this.privateKeyPassword = privateKeyPassword;
}
/**
* Setter for boolean to display certificate block in xml signature
* @param showCert
*/
public void setShowCert(boolean showCert) {
this.showCert = showCert;
public void setPemCertificateFile(String pemCertificateFile) {
this.pemCertificateFile = pemCertificateFile;
}
/**
@ -614,39 +595,45 @@ public class SwidTagGateway {
sigFactory.newSignatureMethod(SwidTagConstants.SIGNATURE_ALGORITHM_RSA_SHA256, null),
Collections.singletonList(reference)
);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream(keystoreFile), privateKeyPassword.toCharArray());
KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) keystore.getEntry(privateKeyAlias,
new KeyStore.PasswordProtection(privateKeyPassword.toCharArray()));
X509Certificate certificate = (X509Certificate) privateKey.getCertificate();
PublicKey publicKey = certificate.getPublicKey();
List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();
KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
KeyName keyName = kiFactory.newKeyName(getCertificateSubjectKeyIdentifier(certificate));
PrivateKey privateKey;
PublicKey publicKey;
CredentialParser cp = new CredentialParser();
if (defaultCredentials) {
cp.parseJKSCredentials();
privateKey = cp.getPrivateKey();
publicKey = cp.getPublicKey();
} else {
cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile);
X509Certificate certificate = cp.getCertificate();
privateKey = cp.getPrivateKey();
publicKey = cp.getPublicKey();
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
}
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
keyInfoElements.add(keyName);
KeyValue keyValue = kiFactory.newKeyValue(publicKey);
keyInfoElements.add(keyValue);
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements);
doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
marshaller.marshal(swidTag, doc);
DOMSignContext context = new DOMSignContext(privateKey.getPrivateKey(), doc.getDocumentElement());
DOMSignContext context = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyinfo);
signature.sign(context);
} catch (FileNotFoundException e) {
System.out.println("Keystore not found! " + e.getMessage());
} catch (IOException e) {
System.out.println("Error loading keystore: " + e.getMessage());
} catch (NoSuchAlgorithmException | KeyStoreException | InvalidAlgorithmParameterException |
ParserConfigurationException | UnrecoverableEntryException e) {
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException |
ParserConfigurationException e) {
System.out.println(e.getMessage());
} catch (CertificateException e) {
System.out.println("Certificate error: " + e.getMessage());
} catch (KeyException e) {
System.out.println("Error setting public key in KeyValue: " + e.getMessage());
} catch (JAXBException e) {
@ -730,22 +717,6 @@ public class SwidTagGateway {
}
}
/**
* Utility method for extracting the subjectKeyIdentifier from an X509Certificate.
* The subjectKeyIdentifier is stored as a DER-encoded octet and will be converted to a String.
* @param certificate
* @return
*/
private String getCertificateSubjectKeyIdentifier(X509Certificate certificate) throws IOException {
String decodedValue = null;
byte[] extension = certificate.getExtensionValue(SwidTagConstants.CERTIFICATE_SUBJECT_KEY_IDENTIFIER);
if (extension != null) {
decodedValue = JcaX509ExtensionUtils.parseExtensionValue(extension).toString();
}
return decodedValue;
}
/**
* Given an input swidtag at [path] parse any PCRs in the payload into an InputStream object.
* This method will be used in a following pull request.

View File

@ -16,43 +16,36 @@ public class Commander {
@Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
private boolean help;
@Parameter(names = {"-c", "--create"}, order = 0,
@Parameter(names = {"-c", "--create \"base|eventlog|pcr\""}, order = 0,
description = "The type of RIM to create. A base RIM will be created by default.")
private String createType = "";//other possible values: "eventlog" and "pcr"
@Parameter(names = {"-a", "--attributes"}, order = 1,
@Parameter(names = {"-a", "--attributes <path>"}, order = 1,
description = "The configuration file holding attributes to populate the base RIM with.")
private String attributesFile = "";
@Parameter(names = {"-o", "--out"}, order = 2,
@Parameter(names = {"-o", "--out <path>"}, order = 2,
description = "The file to write the RIM out to. The RIM will be written to stdout by default.")
private String outFile = "";
@Parameter(names = {"-v", "--verify"}, order = 3,
@Parameter(names = {"-v", "--verify <path>"}, order = 3,
description = "Specify a RIM file to verify.")
private String verifyFile = "";
@Parameter(names = {"-k", "--privateKeyFile"}, order = 4,
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 4,
description = "File containing the private key used to sign the base RIM created by the create function.")
private String privateKeyFile = "";
@Parameter(names = {"--alias"}, order = 5,
description = "The alias of the private key")
private String alias = "";
@Parameter(names = {"--password"}, order = 6,
description = "Password for the private key", password = true)
private String privateKeyPassword = "";
@Parameter(names = {"-p", "--publicCertificate"}, order = 7,
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 5,
description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
"A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
private String publicCertificate = "";
@Parameter(names = {"-l", "--rimel"}, order = 8,
@Parameter(names = {"-l", "--rimel <path>"}, order = 6,
description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
private String rimEventLog = "";
@Parameter(names = {"-t", "--rimpcr"}, order = 9,
@Parameter(names = {"-t", "--rimpcr <path>"}, order = 7,
description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.")
private String rimPcrs = "";
//@Parameter(names = {}, order = 8, description = "")
private String toBeSigned = "";
@Parameter(names = {"-s", "--addSignatureData"}, order = 10,
description = "Specify, in order, <originalBaseRIM>, <signatureFile>, <outputFile>. The signature data in <signatureFile> will be" +
"combined with the data in <originalBaseRIM> and written to <outputFile>, or will overwrite <originalBaseRIM> if <outputFile>" +
"is not given.")
@Parameter(names = {"-s", "--addSignatureData <originalBaseRIM> <signatureFile> <outputFile>"}, order = 8,
description = "The signature data in <signatureFile> will be combined with the data in <originalBaseRIM>" +
"and written to <outputFile>, or will overwrite <originalBaseRIM> if <outputFile> is not given.")
private String signatureData = "";
public boolean isHelp() {
@ -79,14 +72,6 @@ public class Commander {
return privateKeyFile;
}
public String getAlias() {
return alias;
}
public String getPrivateKeyPassword() {
return privateKeyPassword;
}
public String getPublicCertificate() {
return publicCertificate;
}
@ -113,10 +98,9 @@ public class Commander {
"sign it with the default keystore, alias, and password;\n");
sb.append("and write the data to base_rim.swidtag:\n\n");
sb.append("\t\t-c base -a attributes.json -o base_rim.swidtag\n\n\n");
sb.append("Create a base RIM using the default attribute values; " +
"sign it using privateKey in my_keystore.jks after prompting for the password;\n");
sb.append("and write the data to console output, to include the public certificate in the signature block:\n\n");
sb.append("\t\t-c base -k my_keystore.jks --alias privateKey --password -p my_cert.ca\n\n\n");
sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n");
sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n");
sb.append("\t\t-c base -k privateKey.pem -p cert.pem\n\n\n");
return sb.toString();
}
@ -127,8 +111,6 @@ public class Commander {
sb.append("Write to: " + getOutFile() + System.lineSeparator());
sb.append("Verify file: " + getVerifyFile() + System.lineSeparator());
sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator());
sb.append("Private key alias: " + getAlias() + System.lineSeparator());
sb.append("Private key password: " + getPrivateKeyPassword() + System.lineSeparator());
sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator());
sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator());
sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator());