diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
index 3ac934aa..6d1b8959 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@@ -1,113 +1,65 @@
package hirs.swid;
-import hirs.swid.utils.Commander;
-import hirs.swid.utils.TimestampArgumentValidator;
-import hirs.utils.rim.ReferenceManifestValidator;
+import hirs.swid.utils.CommandCreate;
+import hirs.swid.utils.CommandMain;
+import hirs.swid.utils.CommandPrint;
+import hirs.swid.utils.CommandSign;
+import hirs.swid.utils.CommandVerify;
import com.beust.jcommander.JCommander;
import lombok.extern.log4j.Log4j2;
import java.io.File;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@Log4j2
public class Main {
public static void main(String[] args) {
- Commander commander = new Commander();
- JCommander jc = JCommander.newBuilder().addObject(commander).build();
+ CommandMain mainCom = new CommandMain();
+ CommandCreate createCom = new CommandCreate();
+ CommandSign signCom = new CommandSign();
+ CommandVerify verifyCom = new CommandVerify();
+ CommandPrint printCom = new CommandPrint();
+ JCommander jc = JCommander.newBuilder()
+ .addObject(mainCom)
+ .addCommand("create", createCom)
+ .addCommand("sign", signCom)
+ .addCommand("verify", verifyCom)
+ .addCommand("print", printCom)
+ .build();
try {
jc.parse(args);
} catch (Exception e) {
exitWithErrorCode(e.getMessage());
}
- SwidTagGateway gateway;
- ReferenceManifestValidator validator;
- List<String> unknownOpts = commander.getUnknownOptions();
- if (!unknownOpts.isEmpty()) {
- StringBuilder sb = new StringBuilder("Unknown options encountered: ");
- for (String opt : unknownOpts) {
- sb.append(opt + ", ");
- }
- exitWithErrorCode(sb.substring(0,sb.lastIndexOf(",")));
- } else if (commander.isHelp()) {
- jc.usage();
- System.out.println(commander.printHelpExamples());
- } else if (commander.isVersion()) {
- try {
- byte[] content = Files.readAllBytes(Paths.get(SwidTagConstants.VERSION_FILE));
- String version = new String(content);
- System.out.println("TCG rimtool version: " + version);
- } catch (IOException e) {
- parseVersionFromJar();
- }
- } else {
- if (!commander.getVerifyFile().isEmpty()) {
- validator = new ReferenceManifestValidator();
- if (commander.isVerbose()) {
- System.out.println(commander.toString());
- }
- String verifyFile = commander.getVerifyFile();
- String rimel = commander.getRimEventLog();
- String certificateFile = commander.getPublicCertificate();
- String trustStore = commander.getTruststoreFile();
- validator.setRim(verifyFile);
- validator.setRimEventLog(rimel);
- validator.setTrustStoreFile(trustStore);
- if (validator.validateRim(certificateFile)) {
- System.out.println("Successfully verified " + verifyFile);
- } else {
- exitWithErrorCode("Failed to verify " + verifyFile);
- }
- } else {
- gateway = new SwidTagGateway();
- if (commander.isVerbose()) {
- System.out.println(commander.toString());
- }
- String createType = commander.getCreateType().toUpperCase();
- String attributesFile = commander.getAttributesFile();
- String certificateFile = commander.getPublicCertificate();
- String privateKeyFile = commander.getPrivateKeyFile();
- boolean embeddedCert = commander.isEmbedded();
- boolean defaultKey = commander.isDefaultKey();
- String rimEventLog = commander.getRimEventLog();
- switch (createType) {
- case "BASE":
- gateway.setAttributesFile(attributesFile);
- gateway.setRimEventLog(rimEventLog);
- if (defaultKey){
- gateway.setDefaultCredentials(true);
- gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
- } else {
- gateway.setDefaultCredentials(false);
- gateway.setPemCertificateFile(certificateFile);
- gateway.setPemPrivateKeyFile(privateKeyFile);
- if (embeddedCert) {
- gateway.setEmbeddedCert(true);
- }
- }
- List<String> timestampArguments = commander.getTimestampArguments();
- if (timestampArguments.size() > 0) {
- if (new TimestampArgumentValidator(timestampArguments).isValid()) {
- gateway.setTimestampFormat(timestampArguments.get(0));
- if (timestampArguments.size() > 1) {
- gateway.setTimestampArgument(timestampArguments.get(1));
- }
- } else {
- exitWithErrorCode("The provided timestamp argument(s) " +
- "is/are not valid.");
- }
- }
- gateway.generateSwidTag(commander.getOutFile());
- break;
- default:
- exitWithErrorCode("Create type not recognized.");
- }
- }
+ if (mainCom.isVersion()) {
+ parseVersionFromJar();
+ } else if(mainCom.isVerbose()) {
+ System.out.println("Rimtool in verbose mode.");
+ }
+ switch(jc.getParsedCommand()) {
+ case "create":
+ System.out.println("Create " + createCom.getOutFile()
+ + " using " + createCom.getAttributesFile()
+ + " and " + createCom.getRimEventLog());
+ break;
+ case "sign":
+ System.out.println("Sign " + signCom.getInFile()
+ + " with credentials " + signCom.getTruststore() + ", "
+ + signCom.getPublicCertificate() + ", "
+ + signCom.getPrivateKey());
+ break;
+ case "verify":
+ System.out.println("Verify " + verifyCom.getInFile()
+ + " with " + verifyCom.getRimEventLog() + " and "
+ + verifyCom.getTruststore());
+ break;
+ case "print":
+ System.out.println("Print " + printCom.getInFile());
+ break;
+ default:
+ System.out.println("No command given.");
}
}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandCreate.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandCreate.java
new file mode 100644
index 00000000..b15907bc
--- /dev/null
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandCreate.java
@@ -0,0 +1,21 @@
+package hirs.swid.utils;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.Parameters;
+import lombok.Getter;
+
+@Parameters(parametersValidators = CreateArgumentValidator.class)
+@Getter
+public class CommandCreate {
+ @Parameter(names = {"-a", "--attributes"}, validateWith = FileArgumentValidator.class,
+ description = "The configuration file holding attributes "
+ + "to populate the base RIM with. An example file can be found in /opt/rimtool/data.")
+ private String attributesFile = "";
+ @Parameter(names = {"-l", "--rimel"}, validateWith = FileArgumentValidator.class,
+ description = "The TCG eventlog file to use as a support RIM.")
+ private String rimEventLog = "";
+ @Parameter(names = {"-o", "--out"},
+ description = "The file to write the RIM out to. "
+ + "The RIM will be written to stdout by default.")
+ private String outFile = "";
+}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandMain.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandMain.java
new file mode 100644
index 00000000..8fe03ccc
--- /dev/null
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandMain.java
@@ -0,0 +1,44 @@
+package hirs.swid.utils;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.Parameters;
+import hirs.swid.SwidTagConstants;
+import lombok.Getter;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Commander is a class that handles the command line arguments for the SWID
+ * Tags gateway by implementing the JCommander package.
+ */
+@Parameters
+@Getter
+public class CommandMain {
+
+ @Parameter(description = "This parameter catches all unrecognized arguments.")
+ private List<String> unknownOptions = new ArrayList<>();
+ @Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
+ private boolean help;
+ @Parameter(names = {"--version"}, description = "Output the current version.")
+ private boolean version = false;
+ @Parameter(names = {"--verbose"}, description = "Control output verbosity.")
+ private boolean verbose = false;
+
+ public String printHelpExamples() {
+ StringBuilder sb = new StringBuilder();
+ sb.append("Create a base RIM: use the values in attributes.json; ");
+ sb.append("add support_rim.bin to the payload; ");
+ sb.append("sign it using privateKey.pem and cert.pem; embed cert.pem in the signature; ");
+ sb.append("add a RFC3852 timestamp; and write the data to base_rim.swidtag:\n\n");
+ sb.append("\t\t-c base -a attributes.json -l support_rim.bin "
+ + "-k privateKey.pem -p cert.pem -e --timestamp RFC3852 counterSignature.bin "
+ + "-o base_rim.swidtag\n\n\n");
+ sb.append("Validate base_rim.swidtag: "
+ + "the payload <File> is validated with support_rim.bin; "
+ + "and the signature is validated with ca.crt:\n\n");
+ sb.append("\t\t-v base_rim.swidtag -l support_rim.bin -t ca.crt\n\n\n");
+
+ return sb.toString();
+ }
+}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandPrint.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandPrint.java
new file mode 100644
index 00000000..d511bc12
--- /dev/null
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandPrint.java
@@ -0,0 +1,16 @@
+package hirs.swid.utils;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.Parameters;
+import lombok.Getter;
+
+@Parameters
+@Getter
+public class CommandPrint {
+ @Parameter(names = {"--in"},
+ validateWith = FileArgumentValidator.class,
+ description = "The path of the file to print")
+ private String inFile = "";
+ @Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
+ private boolean help;
+}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandSign.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandSign.java
new file mode 100644
index 00000000..e7d94880
--- /dev/null
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandSign.java
@@ -0,0 +1,40 @@
+package hirs.swid.utils;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.Parameters;
+import lombok.Getter;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Parameters
+@Getter
+public class CommandSign {
+ @Parameter(names = {"--in"}, validateWith = FileArgumentValidator.class,
+ description = "")
+ private String inFile = "";
+ @Parameter(names = {"-d", "--default-key"},
+ description = "Use the JKS keystore installed in /opt/rimtool/data.")
+ private boolean defaultKey = false;
+ @Parameter(names = {"-t", "--truststore"}, validateWith = FileArgumentValidator.class,
+ description = "The truststore to sign the base RIM created "
+ + "or to validate the signed base RIM.")
+ private String truststore = "";
+ @Parameter(names = {"-p", "--publicCertificate"},
+ validateWith = FileArgumentValidator.class,
+ description = "The public key certificate to embed in the base RIM created by "
+ + "this tool.")
+ private String publicCertificate = "";
+ @Parameter(names = {"-k", "--privateKeyFile"},
+ validateWith = FileArgumentValidator.class,
+ description = "The private key used to sign the base RIM created by this tool.")
+ private String privateKey = "";
+ @Parameter(names = {"-e", "--embed-cert"},
+ description = "Embed the provided certificate in the signed swidtag.")
+ private boolean embedded = false;
+ @Parameter(names = {"--timestamp"}, variableArity = true,
+ description = "Add a timestamp to the signature. " +
+ "Currently only RFC3339 and RFC3852 are supported:\n" +
+ "\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
+ private List<String> timestampArguments = new ArrayList<String>(2);
+}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandVerify.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandVerify.java
new file mode 100644
index 00000000..43839738
--- /dev/null
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CommandVerify.java
@@ -0,0 +1,20 @@
+package hirs.swid.utils;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.Parameters;
+import lombok.Getter;
+
+@Parameters(parametersValidators = VerifyArgumentValidator.class)
+@Getter
+public class CommandVerify {
+ @Parameter(names = {"--in"}, validateWith = FileArgumentValidator.class,
+ description = "")
+ private String inFile = "";
+ @Parameter(names = {"-l", "--rimel"}, validateWith = FileArgumentValidator.class,
+ description = "The TCG eventlog file to use as a support RIM.")
+ private String rimEventLog = "";
+ @Parameter(names = {"-t", "--truststore"}, validateWith = FileArgumentValidator.class,
+ description = "The truststore to sign the base RIM created "
+ + "or to validate the signed base RIM.")
+ private String truststore = "";
+}
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
deleted file mode 100644
index 70a09e17..00000000
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
+++ /dev/null
@@ -1,163 +0,0 @@
-package hirs.swid.utils;
-
-import com.beust.jcommander.Parameter;
-import com.beust.jcommander.Parameters;
-import hirs.swid.SwidTagConstants;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * Commander is a class that handles the command line arguments for the SWID
- * Tags gateway by implementing the JCommander package.
- */
-@Parameters(parametersValidators = {CreateArgumentValidator.class, VerifyArgumentValidator.class})
-public class Commander {
-
- @Parameter(description = "This parameter catches all unrecognized arguments.")
- private List<String> unknownOptions = new ArrayList<>();
- @Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
- private boolean help;
- @Parameter(names = {"-c", "--create"}, order = 0,
- description = "The type of RIM to create. A base RIM will be created by default.")
- private String createType = "";
- @Parameter(names = {"-v", "--verify"}, validateWith = FileArgumentValidator.class,
- description = "Specify a RIM file to verify.")
- private String verifyFile = "";
- @Parameter(names = {"-V", "--version"}, description = "Output the current version.")
- private boolean version = false;
- @Parameter(names = {"-a", "--attributes"}, validateWith = FileArgumentValidator.class,
- description = "The configuration file holding attributes "
- + "to populate the base RIM with. An example file can be found in /opt/rimtool/data.")
- private String attributesFile = "";
- @Parameter(names = {"-o", "--out"}, order = 2,
- description = "The file to write the RIM out to. "
- + "The RIM will be written to stdout by default.")
- private String outFile = "";
- @Parameter(names = {"--verbose"}, description = "Control output verbosity.")
- private boolean verbose = false;
- @Parameter(names = {"-t", "--truststore"}, validateWith = FileArgumentValidator.class,
- description = "The truststore to sign the base RIM created "
- + "or to validate the signed base RIM.")
- private String truststoreFile = "";
- @Parameter(names = {"-k", "--privateKeyFile"},
- validateWith = FileArgumentValidator.class,
- description = "The private key used to sign the base RIM created by this tool.")
- private String privateKeyFile = "";
- @Parameter(names = {"-p", "--publicCertificate"},
- validateWith = FileArgumentValidator.class,
- description = "The public key certificate to embed in the base RIM created by "
- + "this tool.")
- private String publicCertificate = "";
- @Parameter(names = {"-e", "--embed-cert"}, order = 7,
- description = "Embed the provided certificate in the signed swidtag.")
- private boolean embedded = false;
- @Parameter(names = {"-d", "--default-key"}, order = 8,
- description = "Use the JKS keystore installed in /opt/rimtool/data.")
- private boolean defaultKey = false;
- @Parameter(names = {"-l", "--rimel"}, validateWith = FileArgumentValidator.class,
- description = "The TCG eventlog file to use as a support RIM.")
- private String rimEventLog = "";
- @Parameter(names = {"--timestamp"}, order = 10, variableArity = true,
- description = "Add a timestamp to the signature. " +
- "Currently only RFC3339 and RFC3852 are supported:\n" +
- "\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
- private List<String> timestampArguments = new ArrayList<String>(2);
-
- public List<String> getUnknownOptions() {
- return unknownOptions;
- }
-
- public boolean isHelp() {
- return help;
- }
-
- public String getCreateType() {
- return createType;
- }
-
- public String getVerifyFile() {
- return verifyFile;
- }
-
- public boolean isVersion() {
- return version;
- }
- public boolean isVerbose() { return verbose; }
- public String getAttributesFile() {
- return attributesFile;
- }
-
- public String getOutFile() {
- return outFile;
- }
-
- public String getTruststoreFile() { return truststoreFile; }
-
- public String getPrivateKeyFile() {
- return privateKeyFile;
- }
-
- public String getPublicCertificate() {
- return publicCertificate;
- }
-
- public boolean isEmbedded() { return embedded; }
-
- public boolean isDefaultKey() { return defaultKey; }
-
- public String getRimEventLog() { return rimEventLog; }
-
- public List<String> getTimestampArguments() {
- return timestampArguments;
- }
-
- public String printHelpExamples() {
- StringBuilder sb = new StringBuilder();
- sb.append("Create a base RIM: use the values in attributes.json; ");
- sb.append("add support_rim.bin to the payload; ");
- sb.append("sign it using privateKey.pem and cert.pem; embed cert.pem in the signature; ");
- sb.append("add a RFC3852 timestamp; and write the data to base_rim.swidtag:\n\n");
- sb.append("\t\t-c base -a attributes.json -l support_rim.bin "
- + "-k privateKey.pem -p cert.pem -e --timestamp RFC3852 counterSignature.bin "
- + "-o base_rim.swidtag\n\n\n");
- sb.append("Validate base_rim.swidtag: "
- + "the payload <File> is validated with support_rim.bin; "
- + "and the signature is validated with ca.crt:\n\n");
- sb.append("\t\t-v base_rim.swidtag -l support_rim.bin -t ca.crt\n\n\n");
-
- return sb.toString();
- }
- public String toString() {
- StringBuilder sb = new StringBuilder();
- sb.append("Creating: " + this.getCreateType() + System.lineSeparator());
- sb.append("Using attributes file: " + this.getAttributesFile() + System.lineSeparator());
- sb.append("Write to: " + this.getOutFile() + System.lineSeparator());
- sb.append("Verify file: " + this.getVerifyFile() + System.lineSeparator());
- if (!this.getTruststoreFile().isEmpty()) {
- sb.append("Truststore file: " + this.getTruststoreFile() + System.lineSeparator());
- } else if (!this.getPrivateKeyFile().isEmpty() &&
- !this.getPublicCertificate().isEmpty()) {
- sb.append("Private key file: " + this.getPrivateKeyFile() + System.lineSeparator());
- sb.append("Public certificate: " + this.getPublicCertificate()
- + System.lineSeparator());
- sb.append("Embedded certificate: " + this.isEmbedded() + System.lineSeparator());
- } else if (this.isDefaultKey()){
- sb.append("Truststore file: default (" + SwidTagConstants.DEFAULT_KEYSTORE_FILE + ")"
- + System.lineSeparator());
- } else {
- sb.append("Signing credential: (none given)" + System.lineSeparator());
- }
- sb.append("Event log support RIM: " + this.getRimEventLog() + System.lineSeparator());
- List<String> timestampArguments = this.getTimestampArguments();
- if (timestampArguments.size() > 0) {
- sb.append("Timestamp format: " + timestampArguments.get(0));
- if (timestampArguments.size() == 2) {
- sb.append(", " + timestampArguments.get(1));
- }
- } else {
- sb.append("No timestamp included");
- }
- return sb.toString();
- }
-}