Merge pull request #521 from nsacyber/issue-520

[#520] Fixed credential input validation
2024-12-20 21:43:18 +00:00 · 2023-06-01 09:55:29 -04:00 · 2023-06-01 09:55:29 -04:00 · 0df03f3561
commit 0df03f3561
parent c1dcd5cd23 38ddfaba27
2 changed files with 19 additions and 19 deletions
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@ -28,16 +28,17 @@ public class Main {
                System.out.println(commander.toString());
                String verifyFile = commander.getVerifyFile();
                certificateFile = commander.getPublicCertificate();
-                rimEventLogFile = commander.getRimEventLog();
+                privateKeyFile = commander.getPrivateKeyFile();
                trustStoreFile = commander.getTruststoreFile();
                boolean defaultKey = commander.isDefaultKey();
                if (defaultKey) {
                    validator.validateSwidTag(verifyFile, "DEFAULT");
                } else {
                    caValidator = new CredentialArgumentValidator(trustStoreFile,
-                            certificateFile, "", "", "", true);
+                            certificateFile, privateKeyFile, "", "", true);
                    if (caValidator.isValid()) {
                        validator.setTrustStoreFile(trustStoreFile);
+
                        validator.validateSwidTag(verifyFile, caValidator.getFormat());
                    } else {
                        System.out.println("Invalid combination of credentials given: "
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java
@ -47,33 +47,32 @@ public class CredentialArgumentValidator {

    /**
     * This method checks for the following valid configurations of input arguments:
-     * 1. truststore + password + alias (JKS format)
-     * 2. truststore + private key (PEM format)
-     * 3. truststore only for validating (PEM format)
-     * 4. certificate + private key (PEM format)
-     * 5. certificate only for validating (PEM format)
+     * 1. certificate only for validating (PEM format)
+     * 2. truststore only for validating (PEM format)
+     * 3. certificate + private key for signing (PEM format)
+     * 4. truststore + private key for signing (PEM format)
     *
     * @return true if the above are found, false otherwise
     */
    public boolean isValid() {
-        if (!truststoreFile.isEmpty()) {
-            if (!password.isEmpty() && !alias.isEmpty()) {
-                format = JKS;
-                return true;
-            } else if (!privateKeyFile.isEmpty() || isValidating) {
+        if (isValidating) {
+            if (!truststoreFile.isEmpty() || !certificateFile.isEmpty()) {
                format = PEM;
                return true;
            } else {
-                errorMessage = "A JKS truststore needs a password and alias; " +
-                        "a PEM truststore needs a private key file.";
+                errorMessage = "Validation requires a public key certificate or truststore.";
                return false;
            }
-        } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
-            format = PEM;
-            return true;
        } else {
-            errorMessage = "A public certificate must be accompanied by a private key file.";
-            return false;
+            if ((!truststoreFile.isEmpty() || !certificateFile.isEmpty())
+                    && !privateKeyFile.isEmpty()) {
+                format = PEM;
+                return true;
+            } else {
+                errorMessage = "Either a truststore or public certificate, " +
+                        "accompanied by a matching private key, is required for signing.";
+                return false;
+            }
        }
    }
 }