ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-03-10 14:34:27 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #521 from nsacyber/issue-520

Browse Source 
[#520] Fixed credential input validation
This commit is contained in:
chubtub 2023-06-01 09:55:29 -04:00 committed by GitHub
commit 0df03f3561
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
View File

@ -28,16 +28,17 @@ public class Main {
System.out.println(commander.toString()); System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile(); String verifyFile = commander.getVerifyFile();
certificateFile = commander.getPublicCertificate(); certificateFile = commander.getPublicCertificate();
rimEventLogFile = commander.getRimEventLog(); privateKeyFile = commander.getPrivateKeyFile();
trustStoreFile = commander.getTruststoreFile(); trustStoreFile = commander.getTruststoreFile();
boolean defaultKey = commander.isDefaultKey(); boolean defaultKey = commander.isDefaultKey();
if (defaultKey) { if (defaultKey) {
validator.validateSwidTag(verifyFile, "DEFAULT"); validator.validateSwidTag(verifyFile, "DEFAULT");
} else { } else {
caValidator = new CredentialArgumentValidator(trustStoreFile, caValidator = new CredentialArgumentValidator(trustStoreFile,
certificateFile, "", "", "", true); certificateFile, privateKeyFile, "", "", true);
if (caValidator.isValid()) { if (caValidator.isValid()) {
validator.setTrustStoreFile(trustStoreFile); validator.setTrustStoreFile(trustStoreFile);
validator.validateSwidTag(verifyFile, caValidator.getFormat()); validator.validateSwidTag(verifyFile, caValidator.getFormat());
} else { } else {
System.out.println("Invalid combination of credentials given: " System.out.println("Invalid combination of credentials given: "

33
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java
View File

@ -47,33 +47,32 @@ public class CredentialArgumentValidator {
/** /**
* This method checks for the following valid configurations of input arguments: * This method checks for the following valid configurations of input arguments:
* 1. truststore + password + alias (JKS format) * 1. certificate only for validating (PEM format)
* 2. truststore + private key (PEM format) * 2. truststore only for validating (PEM format)
* 3. truststore only for validating (PEM format) * 3. certificate + private key for signing (PEM format)
* 4. certificate + private key (PEM format) * 4. truststore + private key for signing (PEM format)
* 5. certificate only for validating (PEM format)
* *
* @return true if the above are found, false otherwise * @return true if the above are found, false otherwise
*/ */
public boolean isValid() { public boolean isValid() {
if (!truststoreFile.isEmpty()) { if (isValidating) {
if (!password.isEmpty() && !alias.isEmpty()) { if (!truststoreFile.isEmpty() || !certificateFile.isEmpty()) {
format = JKS;
return true;
} else if (!privateKeyFile.isEmpty() || isValidating) {
format = PEM; format = PEM;
return true; return true;
} else { } else {
errorMessage = "A JKS truststore needs a password and alias; " + errorMessage = "Validation requires a public key certificate or truststore.";
"a PEM truststore needs a private key file.";
return false; return false;
} }
} else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
format = PEM;
return true;
} else { } else {
errorMessage = "A public certificate must be accompanied by a private key file."; if ((!truststoreFile.isEmpty() || !certificateFile.isEmpty())
return false; && !privateKeyFile.isEmpty()) {
format = PEM;
return true;
} else {
errorMessage = "Either a truststore or public certificate, " +
"accompanied by a matching private key, is required for signing.";
return false;
}
} }
} }
} }