mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Clean up javadocs; change System.out.println to log messages
This commit is contained in:
chubtub
parent
54f3e4bfca
commit
1947b70a1b
@ -248,10 +248,11 @@ public class ReferenceManifestValidator {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method validates a signed swidtag XML file.
|
||||
* @param path to the swidtag XML
|
||||
* This method validates the rim with a public key cert.
|
||||
* @param signingCertPath to the public key certificate used to sign the rim
|
||||
* @return true if both the file element and signature are valid, false otherwise
|
||||
*/
|
||||
public boolean validateSwidtagFile(String signingCertPath) {
|
||||
public boolean validateRim(String signingCertPath) {
|
||||
Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
|
||||
/*
|
||||
if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
|
||||
@ -263,19 +264,19 @@ public class ReferenceManifestValidator {
|
||||
*/
|
||||
X509Certificate signingCert = parseCertificatesFromPem(signingCertPath).get(0);
|
||||
if (signingCert == null) {
|
||||
return failWithError("Unable to locate the signing cert in the provided " +
|
||||
"truststore " + trustStoreFile);
|
||||
return failWithError("Unable to parse the signing cert from " + signingCertPath);
|
||||
}
|
||||
String subjectKeyIdentifier = "";
|
||||
try {
|
||||
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(signingCert);
|
||||
} catch (IOException e) {
|
||||
return failWithError("Error while parsing certificate data: " + e.getMessage());
|
||||
return failWithError("Error while parsing SKID: " + e.getMessage());
|
||||
}
|
||||
return validateXmlSignature(signingCert.getPublicKey(),
|
||||
subjectKeyIdentifier,
|
||||
signingCert.getPublicKey().getEncoded())
|
||||
&& validateFile(fileElement);
|
||||
|
||||
boolean isSignatureValid = validateXmlSignature(signingCert.getPublicKey(),
|
||||
subjectKeyIdentifier,
|
||||
signingCert.getPublicKey().getEncoded());
|
||||
return isSignatureValid && validateFile(fileElement);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -304,11 +305,10 @@ public class ReferenceManifestValidator {
|
||||
} else {
|
||||
filepath = file.getAttribute(SwidTagConstants.NAME);
|
||||
}
|
||||
System.out.println("Support rim found at " + filepath);
|
||||
if (getHashValue(filepath, "SHA256").equals(
|
||||
file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" +
|
||||
SwidTagConstants._SHA256_HASH.getLocalPart()))) {
|
||||
System.out.println("Support RIM hash verified!" + System.lineSeparator());
|
||||
log.info("Support RIM hash verified for " + filepath);
|
||||
return true;
|
||||
} else {
|
||||
return failWithError("Support RIM hash does not match Base RIM!");
|
||||
@ -435,11 +435,10 @@ public class ReferenceManifestValidator {
|
||||
if (isCertChainValid(embeddedCert)) {
|
||||
publicKey = ((X509Certificate) embeddedCert).getPublicKey();
|
||||
signingCert = embeddedCert;
|
||||
System.out.println("Certificate chain validity: true");
|
||||
log.info("Certificate chain valid.");
|
||||
}
|
||||
} catch (Exception e) {
|
||||
System.out.println("Certificate chain invalid: "
|
||||
+ e.getMessage());
|
||||
log.error("Certificate chain invalid: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -449,15 +448,17 @@ public class ReferenceManifestValidator {
|
||||
if (isPublicKeyTrusted(pk)) {
|
||||
publicKey = pk;
|
||||
try {
|
||||
System.out.println("Certificate chain validity: "
|
||||
+ isCertChainValid(signingCert));
|
||||
if (isCertChainValid(signingCert)) {
|
||||
log.info("Certificate chain valid.");
|
||||
} else {
|
||||
log.error("Certificate chain invalid.");
|
||||
}
|
||||
} catch (Exception e) {
|
||||
System.out.println("Certificate chain invalid: "
|
||||
+ e.getMessage());
|
||||
log.error("Certificate chain invalid: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
} catch (KeyException e) {
|
||||
System.out.println("Unable to convert KeyValue data to PK.");
|
||||
log.error("Unable to convert KeyValue data to PK.");
|
||||
}
|
||||
}
|
||||
if (publicKey != null) {
|
||||
@ -670,9 +671,9 @@ public class ReferenceManifestValidator {
|
||||
}
|
||||
bis.close();
|
||||
} catch (CertificateException e) {
|
||||
System.out.println("Error in certificate factory: " + e.getMessage());
|
||||
log.error("Error in certificate factory: " + e.getMessage());
|
||||
} catch (IOException e) {
|
||||
System.out.println("Error reading from input stream: " + e.getMessage());
|
||||
log.error("Error reading from input stream: " + e.getMessage());
|
||||
} finally {
|
||||
try {
|
||||
if (fis != null) {
|
||||
@ -682,7 +683,7 @@ public class ReferenceManifestValidator {
|
||||
bis.close();
|
||||
}
|
||||
} catch (IOException e) {
|
||||
System.out.println("Error closing input stream: " + e.getMessage());
|
||||
log.warn("Error closing input stream: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
package hirs.swid;
|
||||
|
||||
import hirs.swid.utils.Commander;
|
||||
import hirs.swid.utils.CredentialArgumentValidator;
|
||||
import hirs.swid.utils.TimestampArgumentValidator;
|
||||
import hirs.utils.rim.ReferenceManifestValidator;
|
||||
import com.beust.jcommander.JCommander;
|
||||
@ -59,7 +58,7 @@ public class Main {
|
||||
validator.setRim(verifyFile);
|
||||
validator.setRimEventLog(rimel);
|
||||
validator.setTrustStoreFile(trustStore);
|
||||
if (validator.validateSwidtagFile(certificateFile)) {
|
||||
if (validator.validateRim(certificateFile)) {
|
||||
System.out.println("Successfully verified " + verifyFile);
|
||||
} else {
|
||||
exitWithErrorCode("Failed to verify " + verifyFile);
|
||||
|
||||
@ -70,7 +70,7 @@ public class TestSwidTagGateway {
|
||||
.getResourceAsStream(BASE_USER_CERT);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -90,7 +90,7 @@ public class TestSwidTagGateway {
|
||||
.getResourceAsStream(BASE_USER_CERT_EMBED);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -106,7 +106,7 @@ public class TestSwidTagGateway {
|
||||
.getResourceAsStream(BASE_DEFAULT_CERT);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -124,7 +124,7 @@ public class TestSwidTagGateway {
|
||||
.getResourceAsStream(BASE_RFC3339_TIMESTAMP);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -142,7 +142,7 @@ public class TestSwidTagGateway {
|
||||
.getResourceAsStream(BASE_RFC3852_TIMESTAMP);
|
||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -155,7 +155,7 @@ public class TestSwidTagGateway {
|
||||
.getResource(BASE_USER_CERT).getPath();
|
||||
System.out.println("Validating file at " + filepath);
|
||||
validator.setRim(DEFAULT_OUTPUT);
|
||||
Assert.assertTrue(validator.validateSwidtagFile(filepath));
|
||||
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user