Added CLI arg to control hiding/showing signature cert (default=hide)

2024-12-18 20:47:58 +00:00 · 2020-02-25 14:13:08 -05:00 · 2020-02-25 14:13:08 -05:00 · 094efb37df
commit 094efb37df
parent 6dd9615ee0
4 changed files with 63 additions and 17 deletions
--- a/tools/tcg_rim_tool/keystore.jks
+++ b/tools/tcg_rim_tool/keystore.jks
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@ -21,15 +21,14 @@ public class Main {
            if (commander.isAttributesGiven()) {
                gateway.setAttributesFile(commander.getAttributesFile());
            }
-/*            if (commander.isKeystoreGiven()) {
-
+            if (commander.isKeystoreGiven()) {
+                gateway.setKeystoreFile(commander.getKeystore());
            }
-*/
+            if (commander.isShowCert()) {
+                gateway.setShowCert(true);
+            }
+
            if (commander.create()) {
-                String keystore = commander.getKeystore();
-                if (!keystore.isEmpty()) {
-                    //set keystore for gateway if given
-                }
                // parsing the arguments detected a create parameter (-c)
                gateway.generateSwidTag(commander.getCreateOutFile());
            }
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
@ -139,6 +139,13 @@ public class SwidTagGateway {
    private Marshaller marshaller;
    private Unmarshaller unmarshaller;
    private String attributesFile;
+    /**
+     * The keystoreFile is used in signXMLDocument() to pass in the keystore path.
+     * The same method requires the keystore password and the alias of the private key,
+     * which would need to be passed in if not using the default keystore.
+     */
+    private String keystoreFile;
+    private boolean showCert;

    /**
     * Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -149,15 +156,37 @@ public class SwidTagGateway {
            marshaller = jaxbContext.createMarshaller();
            unmarshaller = jaxbContext.createUnmarshaller();
            attributesFile = SwidTagConstants.DEFAULT_ATTRIBUTES_FILE;
+            keystoreFile = SwidTagConstants.DEFAULT_KEYSTORE_PATH;
+            showCert = false;
        } catch (JAXBException e) {
            System.out.println("Error initializing jaxbcontext: " + e.getMessage());
        }
    }

+    /**
+     * Setter for String holding attributes file path
+     * @param attributesFile
+     */
    public void setAttributesFile(String attributesFile) {
        this.attributesFile = attributesFile;
    }

+    /**
+     * Setter for String holding keystore path
+     * @param keystore
+     */
+    public void setKeystoreFile(String keystoreFile) {
+        this.keystoreFile = keystoreFile;
+    }
+
+    /**
+     * Setter for boolean to display certificate block in xml signature
+     * @param showCert
+     */
+    public void setShowCert(boolean showCert) {
+        this.showCert = showCert;
+    }
+
    /**
     * default generator method that has no parameters
     */
@ -628,14 +657,16 @@ public class SwidTagGateway {
                    Collections.singletonList(reference)
            );
            KeyStore keystore = KeyStore.getInstance("JKS");
-            keystore.load(new FileInputStream(SwidTagConstants.DEFAULT_KEYSTORE_PATH), SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
+            keystore.load(new FileInputStream(keystoreFile), SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD.toCharArray());
            KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) keystore.getEntry(SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
                    new KeyStore.PasswordProtection(SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD.toCharArray()));
            X509Certificate certificate = (X509Certificate) privateKey.getCertificate();
            KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
            ArrayList<Object> x509Content = new ArrayList<Object>();
            x509Content.add(certificate.getSubjectX500Principal().getName());
-            x509Content.add(certificate);
+            if (showCert) {
+                x509Content.add(certificate);
+            }
            X509Data data = kiFactory.newX509Data(x509Content);
            KeyInfo keyinfo = kiFactory.newKeyInfo(Collections.singletonList(data));

--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
@ -19,9 +19,8 @@ public class Commander {
    private static final String HELP_STRING = "help";
    private static final String PARSE_STRING = "parse";
    private static final String ATTRIBUTES_STRING = "attributes";
-    private static final String KEY_STRING = "key";
-    private static final String PRIVATE_KEY_STRING = "privatekey";
-    private static final String CERT_STRING = "cert";
+    private static final String KEYSTORE_STRING = "keystore";
+    private static final String SHOW_CERT_STRING = "show-cert";

    private boolean hasArguments = false;
    private boolean validate = false;
@ -29,6 +28,7 @@ public class Commander {
    private boolean parse = false;
    private boolean attributesGiven = false;
    private boolean keystoreGiven = false;
+    private boolean showCert = false;

    private String validateFile;
    private String createOutFile = "";
@ -106,10 +106,15 @@ public class Commander {
                	parse = true;
                	parseFile = args[++i];
                	break;
-                case FULL_COMMAND_PREFIX + KEY_STRING:
+/*
+                case FULL_COMMAND_PREFIX + KEYSTORE_STRING:
                case COMMAND_PREFIX + "k":
                    keystore = args[++i];
                    break;
+*/
+                case FULL_COMMAND_PREFIX + SHOW_CERT_STRING:
+                    showCert = true;
+                    break;
                case FULL_COMMAND_PREFIX + HELP_STRING:
                case COMMAND_PREFIX + "h":
                default:
@ -223,6 +228,14 @@ public class Commander {
        return keystore;
    }

+    /**
+     * Getter for boolean to show certificate data or not
+     * @return
+     */
+    public boolean isShowCert() {
+        return showCert;
+    }
+
    /**
     * Default no parameter help method.
     */
@ -250,10 +263,13 @@ public class Commander {
                + "   \t\t\t\tvalidates it against the schema at\n"
                + "   \t\t\t\thttp://standards.iso.org/iso/19770/-2/2015/schema.xsd\n\n");
        sb.append("   -p, --parse <file>\t\tParse the given swidtag's payload\n\n");
-/*        sb.append("   -k, --key\t\t\tSpecify the credential and its location to use\n"
-                + "   \t-privatekey <file>\tfor digital signatures\n"
-                + "   \t-cert <file>\n\n");
-*/        sb.append("   -h, --help, <no args>\tPrints this command help information.\n");
+/*
+        sb.append("   -k, --keystore <file>\tSpecify the keystore and its location to use\n"
+                + "   \t\t\t\tfor digital signatures\n");
+ */
+        sb.append("   --show-cert\t\t\tPrint the certificate in the signature block of\n"
+                + "   \t\t\t\tthe base RIM\n\n");
+        sb.append("   -h, --help, <no args>\tPrints this command help information.\n");
        sb.append("   \t\t\t\tListing no command arguments will also\n"
                + "   \t\t\t\tprint this help text.\n\n");
        sb.append("Example commands: \n"