mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-04-07 19:34:27 +00:00
Add support to commandline interface for secondary signatures
This commit is contained in:
chubtub
parent
63a240c2ec
commit
379e1e1ce5
@ -16,6 +16,7 @@ public class Main {
|
||||
SwidTagGateway gateway;
|
||||
SwidTagValidator validator;
|
||||
CredentialArgumentValidator caValidator;
|
||||
String rimEventLogFile, trustStoreFile, certificateFile, privateKeyFile;
|
||||
|
||||
if (commander.isHelp()) {
|
||||
jc.usage();
|
||||
@ -25,18 +26,17 @@ public class Main {
|
||||
validator = new SwidTagValidator();
|
||||
System.out.println(commander.toString());
|
||||
String verifyFile = commander.getVerifyFile();
|
||||
String rimel = commander.getRimEventLog();
|
||||
String certificateFile = commander.getPublicCertificate();
|
||||
String trustStore = commander.getTruststoreFile();
|
||||
certificateFile = commander.getPublicCertificate();
|
||||
rimEventLogFile = commander.getRimEventLog();
|
||||
trustStoreFile = commander.getTruststoreFile();
|
||||
boolean defaultKey = commander.isDefaultKey();
|
||||
validator.setRimEventLog(rimel);
|
||||
if (defaultKey) {
|
||||
validator.validateSwidTag(verifyFile, "DEFAULT");
|
||||
} else {
|
||||
caValidator = new CredentialArgumentValidator(trustStore,
|
||||
caValidator = new CredentialArgumentValidator(trustStoreFile,
|
||||
certificateFile, "", "", "", true);
|
||||
if (caValidator.isValid()) {
|
||||
validator.setTrustStoreFile(trustStore);
|
||||
validator.setTrustStoreFile(trustStoreFile);
|
||||
validator.validateSwidTag(verifyFile, caValidator.getFormat());
|
||||
} else {
|
||||
System.out.println("Invalid combination of credentials given: "
|
||||
@ -47,16 +47,18 @@ public class Main {
|
||||
} else {
|
||||
gateway = new SwidTagGateway();
|
||||
System.out.println(commander.toString());
|
||||
String createType = commander.getCreateType().toUpperCase();
|
||||
String attributesFile = commander.getAttributesFile();
|
||||
String truststoreFile = commander.getTruststoreFile();
|
||||
String certificateFile = commander.getPublicCertificate();
|
||||
String privateKeyFile = commander.getPrivateKeyFile();
|
||||
rimEventLogFile = commander.getRimEventLog();
|
||||
trustStoreFile = commander.getTruststoreFile();
|
||||
certificateFile = commander.getPublicCertificate();
|
||||
privateKeyFile = commander.getPrivateKeyFile();
|
||||
boolean embeddedCert = commander.isEmbedded();
|
||||
boolean defaultKey = commander.isDefaultKey();
|
||||
String rimEventLog = commander.getRimEventLog();
|
||||
switch (createType) {
|
||||
case "BASE":
|
||||
if (!commander.getSignFile().isEmpty()) {
|
||||
|
||||
} else {
|
||||
String createType = commander.getCreateType().toUpperCase();
|
||||
String attributesFile = commander.getAttributesFile();
|
||||
if (createType.equals("BASE")) {
|
||||
if (!attributesFile.isEmpty()) {
|
||||
gateway.setAttributesFile(attributesFile);
|
||||
}
|
||||
@ -65,10 +67,10 @@ public class Main {
|
||||
gateway.setTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
|
||||
} else {
|
||||
gateway.setDefaultCredentials(false);
|
||||
caValidator = new CredentialArgumentValidator(truststoreFile,
|
||||
caValidator = new CredentialArgumentValidator(trustStoreFile,
|
||||
certificateFile, privateKeyFile, "", "", false);
|
||||
if (caValidator.isValid()) {
|
||||
gateway.setTruststoreFile(truststoreFile);
|
||||
gateway.setTruststoreFile(trustStoreFile);
|
||||
gateway.setPemCertificateFile(certificateFile);
|
||||
gateway.setPemPrivateKeyFile(privateKeyFile);
|
||||
} else {
|
||||
@ -80,7 +82,7 @@ public class Main {
|
||||
gateway.setEmbeddedCert(true);
|
||||
}
|
||||
}
|
||||
gateway.setRimEventLog(rimEventLog);
|
||||
gateway.setRimEventLog(rimEventLogFile);
|
||||
List<String> timestampArguments = commander.getTimestampArguments();
|
||||
if (timestampArguments.size() > 0) {
|
||||
if (new TimestampArgumentValidator(timestampArguments).isValid()) {
|
||||
@ -93,10 +95,30 @@ public class Main {
|
||||
}
|
||||
}
|
||||
gateway.generateSwidTag(commander.getOutFile());
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
System.out.println("No create type given, nothing to do");
|
||||
System.exit(1);
|
||||
}
|
||||
}
|
||||
if (!trustStoreFile.isEmpty()) {
|
||||
gateway.setDefaultCredentials(true);
|
||||
gateway.setJksTruststoreFile(trustStoreFile);
|
||||
} else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
|
||||
gateway.setDefaultCredentials(false);
|
||||
gateway.setPemCertificateFile(certificateFile);
|
||||
gateway.setPemPrivateKeyFile(privateKeyFile);
|
||||
if (embeddedCert) {
|
||||
gateway.setEmbeddedCert(true);
|
||||
}
|
||||
} else if (defaultKey) {
|
||||
gateway.setDefaultCredentials(true);
|
||||
gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
|
||||
} else {
|
||||
System.out.println("A private key (-k) and public certificate (-p) " +
|
||||
"are required, or the default key (-d) must be indicated.");
|
||||
System.exit(1);
|
||||
}
|
||||
gateway.generateSwidTag(commander.getOutFile());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,30 +25,33 @@ public class Commander {
|
||||
description = "The file to write the RIM out to. "
|
||||
+ "The RIM will be written to stdout by default.")
|
||||
private String outFile = "";
|
||||
@Parameter(names = {"-v", "--verify <path>"}, order = 3,
|
||||
@Parameter(names = {"-s", "--sign <path>"}, order = 3,
|
||||
description = "Specify a RIM file to append a signature to.")
|
||||
private String signFile = "";
|
||||
@Parameter(names = {"-v", "--verify <path>"}, order = 4,
|
||||
description = "Specify a RIM file to verify.")
|
||||
private String verifyFile = "";
|
||||
@Parameter(names = {"-t", "--truststore <path>"}, order = 4,
|
||||
@Parameter(names = {"-t", "--truststore <path>"}, order = 5,
|
||||
description = "The truststore to sign the base RIM created "
|
||||
+ "or to validate the signed base RIM.")
|
||||
private String truststoreFile = "";
|
||||
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5,
|
||||
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 6,
|
||||
description = "The private key used to sign the base RIM created by this tool.")
|
||||
private String privateKeyFile = "";
|
||||
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 6,
|
||||
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 7,
|
||||
description = "The public key certificate to embed in the base RIM created by "
|
||||
+ "this tool.")
|
||||
private String publicCertificate = "";
|
||||
@Parameter(names = {"-e", "--embed-cert"}, order = 7,
|
||||
@Parameter(names = {"-e", "--embed-cert"}, order = 8,
|
||||
description = "Embed the provided certificate in the signed swidtag.")
|
||||
private boolean embedded = false;
|
||||
@Parameter(names = {"-d", "--default-key"}, order = 8,
|
||||
@Parameter(names = {"-d", "--default-key"}, order = 9,
|
||||
description = "Use keystore.jks from the rimtool installation to sign.")
|
||||
private boolean defaultKey = false;
|
||||
@Parameter(names = {"-l", "--rimel <path>"}, order = 9, required = true,
|
||||
@Parameter(names = {"-l", "--rimel <path>"}, order = 10, required = true,
|
||||
description = "The TCG eventlog file to use as a support RIM.")
|
||||
private String rimEventLog = "";
|
||||
@Parameter(names = {"--timestamp"}, order = 10, variableArity = true,
|
||||
@Parameter(names = {"--timestamp"}, order = 11, variableArity = true,
|
||||
description = "Add a timestamp to the signature. " +
|
||||
"Currently only RFC3339 and RFC3852 are supported:\n" +
|
||||
"\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
|
||||
@ -70,6 +73,10 @@ public class Commander {
|
||||
return outFile;
|
||||
}
|
||||
|
||||
public String getSignFile() {
|
||||
return signFile;
|
||||
}
|
||||
|
||||
public String getVerifyFile() {
|
||||
return verifyFile;
|
||||
}
|
||||
@ -111,13 +118,17 @@ public class Commander {
|
||||
"\n\n\n");
|
||||
sb.append("Create a base RIM using the default attribute values; ");
|
||||
sb.append("sign it using privateKey.pem; embed cert.pem in the signature block; ");
|
||||
sb.append("and write the data to console output:\n\n");
|
||||
sb.append("and write the data to console stdout:\n\n");
|
||||
sb.append("\t\t-c base -l support_rim.bin -k privateKey.pem -p cert.pem -e\n\n\n");
|
||||
sb.append("Create a base RIM using the values in attributes.json; " +
|
||||
"sign it with the default keystore; add a RFC3852 timestamp; ");
|
||||
sb.append("and write the data to base_rim.swidtag:\n\n");
|
||||
sb.append("\t\t-c base -a attributes.json -d -l support_rim.bin " +
|
||||
"--timestamp RFC3852 counterSignature.bin -o base_rim.swidtag\n\n\n");
|
||||
sb.append("Add another signature to a signed base RIM using privateKey.pem; ");
|
||||
sb.append("embed cert.pem in the signature block; ");
|
||||
sb.append("and write the output to console stdout:\n\n");
|
||||
sb.append("\t\t-s signed_base_rim.swidtag -k privateKey.pem -p cert.pem -e\n\n\n");
|
||||
sb.append("Validate a base RIM using an external support RIM to override the ");
|
||||
sb.append("payload file:\n\n");
|
||||
sb.append("\t\t-v base_rim.swidtag -l support_rim.bin\n\n\n");
|
||||
@ -133,6 +144,7 @@ public class Commander {
|
||||
sb.append("Creating: " + this.getCreateType() + System.lineSeparator());
|
||||
sb.append("Using attributes file: " + this.getAttributesFile() + System.lineSeparator());
|
||||
sb.append("Write to: " + this.getOutFile() + System.lineSeparator());
|
||||
sb.append("Signing file: " + this.getSignFile() + System.lineSeparator());
|
||||
sb.append("Verify file: " + this.getVerifyFile() + System.lineSeparator());
|
||||
if (this.isDefaultKey()) {
|
||||
sb.append("Truststore file: default (" + SwidTagConstants.DEFAULT_KEYSTORE_FILE + ")"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user