mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Clean up javadocs; change System.out.println to log messages
This commit is contained in:
chubtub
parent
54f3e4bfca
commit
1947b70a1b
@ -248,10 +248,11 @@ public class ReferenceManifestValidator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This method validates a signed swidtag XML file.
|
* This method validates the rim with a public key cert.
|
||||||
* @param path to the swidtag XML
|
* @param signingCertPath to the public key certificate used to sign the rim
|
||||||
|
* @return true if both the file element and signature are valid, false otherwise
|
||||||
*/
|
*/
|
||||||
public boolean validateSwidtagFile(String signingCertPath) {
|
public boolean validateRim(String signingCertPath) {
|
||||||
Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
|
Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
|
||||||
/*
|
/*
|
||||||
if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
|
if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
|
||||||
@ -263,19 +264,19 @@ public class ReferenceManifestValidator {
|
|||||||
*/
|
*/
|
||||||
X509Certificate signingCert = parseCertificatesFromPem(signingCertPath).get(0);
|
X509Certificate signingCert = parseCertificatesFromPem(signingCertPath).get(0);
|
||||||
if (signingCert == null) {
|
if (signingCert == null) {
|
||||||
return failWithError("Unable to locate the signing cert in the provided " +
|
return failWithError("Unable to parse the signing cert from " + signingCertPath);
|
||||||
"truststore " + trustStoreFile);
|
|
||||||
}
|
}
|
||||||
String subjectKeyIdentifier = "";
|
String subjectKeyIdentifier = "";
|
||||||
try {
|
try {
|
||||||
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(signingCert);
|
subjectKeyIdentifier = getCertificateSubjectKeyIdentifier(signingCert);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
return failWithError("Error while parsing certificate data: " + e.getMessage());
|
return failWithError("Error while parsing SKID: " + e.getMessage());
|
||||||
}
|
}
|
||||||
return validateXmlSignature(signingCert.getPublicKey(),
|
|
||||||
subjectKeyIdentifier,
|
boolean isSignatureValid = validateXmlSignature(signingCert.getPublicKey(),
|
||||||
signingCert.getPublicKey().getEncoded())
|
subjectKeyIdentifier,
|
||||||
&& validateFile(fileElement);
|
signingCert.getPublicKey().getEncoded());
|
||||||
|
return isSignatureValid && validateFile(fileElement);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -304,11 +305,10 @@ public class ReferenceManifestValidator {
|
|||||||
} else {
|
} else {
|
||||||
filepath = file.getAttribute(SwidTagConstants.NAME);
|
filepath = file.getAttribute(SwidTagConstants.NAME);
|
||||||
}
|
}
|
||||||
System.out.println("Support rim found at " + filepath);
|
|
||||||
if (getHashValue(filepath, "SHA256").equals(
|
if (getHashValue(filepath, "SHA256").equals(
|
||||||
file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" +
|
file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" +
|
||||||
SwidTagConstants._SHA256_HASH.getLocalPart()))) {
|
SwidTagConstants._SHA256_HASH.getLocalPart()))) {
|
||||||
System.out.println("Support RIM hash verified!" + System.lineSeparator());
|
log.info("Support RIM hash verified for " + filepath);
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
return failWithError("Support RIM hash does not match Base RIM!");
|
return failWithError("Support RIM hash does not match Base RIM!");
|
||||||
@ -435,11 +435,10 @@ public class ReferenceManifestValidator {
|
|||||||
if (isCertChainValid(embeddedCert)) {
|
if (isCertChainValid(embeddedCert)) {
|
||||||
publicKey = ((X509Certificate) embeddedCert).getPublicKey();
|
publicKey = ((X509Certificate) embeddedCert).getPublicKey();
|
||||||
signingCert = embeddedCert;
|
signingCert = embeddedCert;
|
||||||
System.out.println("Certificate chain validity: true");
|
log.info("Certificate chain valid.");
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println("Certificate chain invalid: "
|
log.error("Certificate chain invalid: " + e.getMessage());
|
||||||
+ e.getMessage());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -449,15 +448,17 @@ public class ReferenceManifestValidator {
|
|||||||
if (isPublicKeyTrusted(pk)) {
|
if (isPublicKeyTrusted(pk)) {
|
||||||
publicKey = pk;
|
publicKey = pk;
|
||||||
try {
|
try {
|
||||||
System.out.println("Certificate chain validity: "
|
if (isCertChainValid(signingCert)) {
|
||||||
+ isCertChainValid(signingCert));
|
log.info("Certificate chain valid.");
|
||||||
|
} else {
|
||||||
|
log.error("Certificate chain invalid.");
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println("Certificate chain invalid: "
|
log.error("Certificate chain invalid: " + e.getMessage());
|
||||||
+ e.getMessage());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (KeyException e) {
|
} catch (KeyException e) {
|
||||||
System.out.println("Unable to convert KeyValue data to PK.");
|
log.error("Unable to convert KeyValue data to PK.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (publicKey != null) {
|
if (publicKey != null) {
|
||||||
@ -670,9 +671,9 @@ public class ReferenceManifestValidator {
|
|||||||
}
|
}
|
||||||
bis.close();
|
bis.close();
|
||||||
} catch (CertificateException e) {
|
} catch (CertificateException e) {
|
||||||
System.out.println("Error in certificate factory: " + e.getMessage());
|
log.error("Error in certificate factory: " + e.getMessage());
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
System.out.println("Error reading from input stream: " + e.getMessage());
|
log.error("Error reading from input stream: " + e.getMessage());
|
||||||
} finally {
|
} finally {
|
||||||
try {
|
try {
|
||||||
if (fis != null) {
|
if (fis != null) {
|
||||||
@ -682,7 +683,7 @@ public class ReferenceManifestValidator {
|
|||||||
bis.close();
|
bis.close();
|
||||||
}
|
}
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
System.out.println("Error closing input stream: " + e.getMessage());
|
log.warn("Error closing input stream: " + e.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,6 @@
|
|||||||
package hirs.swid;
|
package hirs.swid;
|
||||||
|
|
||||||
import hirs.swid.utils.Commander;
|
import hirs.swid.utils.Commander;
|
||||||
import hirs.swid.utils.CredentialArgumentValidator;
|
|
||||||
import hirs.swid.utils.TimestampArgumentValidator;
|
import hirs.swid.utils.TimestampArgumentValidator;
|
||||||
import hirs.utils.rim.ReferenceManifestValidator;
|
import hirs.utils.rim.ReferenceManifestValidator;
|
||||||
import com.beust.jcommander.JCommander;
|
import com.beust.jcommander.JCommander;
|
||||||
@ -59,7 +58,7 @@ public class Main {
|
|||||||
validator.setRim(verifyFile);
|
validator.setRim(verifyFile);
|
||||||
validator.setRimEventLog(rimel);
|
validator.setRimEventLog(rimel);
|
||||||
validator.setTrustStoreFile(trustStore);
|
validator.setTrustStoreFile(trustStore);
|
||||||
if (validator.validateSwidtagFile(certificateFile)) {
|
if (validator.validateRim(certificateFile)) {
|
||||||
System.out.println("Successfully verified " + verifyFile);
|
System.out.println("Successfully verified " + verifyFile);
|
||||||
} else {
|
} else {
|
||||||
exitWithErrorCode("Failed to verify " + verifyFile);
|
exitWithErrorCode("Failed to verify " + verifyFile);
|
||||||
|
|||||||
@ -70,7 +70,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResourceAsStream(BASE_USER_CERT);
|
.getResourceAsStream(BASE_USER_CERT);
|
||||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -90,7 +90,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResourceAsStream(BASE_USER_CERT_EMBED);
|
.getResourceAsStream(BASE_USER_CERT_EMBED);
|
||||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -106,7 +106,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResourceAsStream(BASE_DEFAULT_CERT);
|
.getResourceAsStream(BASE_DEFAULT_CERT);
|
||||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -124,7 +124,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResourceAsStream(BASE_RFC3339_TIMESTAMP);
|
.getResourceAsStream(BASE_RFC3339_TIMESTAMP);
|
||||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -142,7 +142,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResourceAsStream(BASE_RFC3852_TIMESTAMP);
|
.getResourceAsStream(BASE_RFC3852_TIMESTAMP);
|
||||||
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(DEFAULT_OUTPUT));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -155,7 +155,7 @@ public class TestSwidTagGateway {
|
|||||||
.getResource(BASE_USER_CERT).getPath();
|
.getResource(BASE_USER_CERT).getPath();
|
||||||
System.out.println("Validating file at " + filepath);
|
System.out.println("Validating file at " + filepath);
|
||||||
validator.setRim(DEFAULT_OUTPUT);
|
validator.setRim(DEFAULT_OUTPUT);
|
||||||
Assert.assertTrue(validator.validateSwidtagFile(filepath));
|
Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user