Add a validator class for credential argument input

2024-12-19 04:58:00 +00:00 · 2023-02-17 00:13:39 -05:00 · 2023-02-17 00:13:39 -05:00 · 53a4816dec
commit 53a4816dec
parent 12338e40c2
3 changed files with 84 additions and 10 deletions
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
@ -45,8 +45,6 @@ import java.util.List;
 */
 public class CredentialParser {
    private static final String X509 = "X.509";
-    private static final String JKS = "JKS";
-    private static final String PEM = "PEM";
    private static final String DEFAULT_ALGORITHM = "RSA";
    private static final String PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----";
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@ -2,6 +2,7 @@ package hirs.swid;

 import hirs.swid.utils.Commander;
 import com.beust.jcommander.JCommander;
+import hirs.swid.utils.CredentialArgumentValidator;
 import hirs.swid.utils.TimestampArgumentValidator;

 import java.util.List;
@ -14,6 +15,7 @@ public class Main {
        jc.parse(args);
        SwidTagGateway gateway;
        SwidTagValidator validator;
+        CredentialArgumentValidator caValidator;

        if (commander.isHelp()) {
            jc.usage();
@ -63,16 +65,17 @@ public class Main {
                            gateway.setTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
                        } else {
                            gateway.setDefaultCredentials(false);
-                            gateway.setTruststoreFile(truststoreFile);
-                            gateway.setPemCertificateFile(certificateFile);
-                            gateway.setPemPrivateKeyFile(privateKeyFile);
-/*
-                            if () {
-                                System.out.println("Signing credentials must be provided " +
-                                        "if not using defaults");
+                            caValidator = new CredentialArgumentValidator(truststoreFile,
+                                    certificateFile, privateKeyFile,"","", false);
+                            if (caValidator.isValid()) {
+                                gateway.setTruststoreFile(truststoreFile);
+                                gateway.setPemCertificateFile(certificateFile);
+                                gateway.setPemPrivateKeyFile(privateKeyFile);
+                            } else {
+                                System.out.println("Invalid combination of credentials given: "
+                                        + caValidator.getErrorMessage());
                                System.exit(1);
                            }
-*/
                            if (embeddedCert) {
                                gateway.setEmbeddedCert(true);
                            }
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java
@ -0,0 +1,73 @@
+package hirs.swid.utils;
+
+public class CredentialArgumentValidator {
+    private String truststoreFile;
+    private String certificateFile;
+    private String privateKeyFile;
+    private String password;
+    private String alias;
+    private String format;
+    private boolean isValidating;
+    private String errorMessage;
+    private static final String JKS = "JKS";
+    private static final String PEM = "PEM";
+
+    public CredentialArgumentValidator(String truststoreFile,
+                                       String certificateFile,
+                                       String privateKeyFile,
+                                       String password,
+                                       String alias,
+                                       boolean isValidating) {
+        this.truststoreFile = truststoreFile;
+        this.certificateFile = certificateFile;
+        this.privateKeyFile = privateKeyFile;
+        this.password = password;
+        this.alias = alias;
+        this.isValidating = isValidating;
+        errorMessage = "";
+    }
+
+    /**
+     * Getter for format property
+     * @return string
+     */
+    public String getFormat() { return format; }
+
+    /**
+     * Getter for error message
+     * @return string
+     */
+    public String getErrorMessage() { return errorMessage; }
+
+    /**
+     * This method checks for the following valid configurations of input arguments:
+     * 1. truststore + password + alias (JKS format)
+     * 2. truststore + private key (PEM format)
+     * 3. truststore only for validating (PEM format)
+     * 4. certificate + private key (PEM format)
+     * 5. certificate only for validating (PEM format)
+     *
+     * @return true if the above are found, false otherwise
+     */
+    public boolean isValid() {
+        if (!truststoreFile.isEmpty()) {
+            if (!password.isEmpty() && !alias.isEmpty()) {
+                format = JKS;
+                return true;
+            } else if (!privateKeyFile.isEmpty() || isValidating) {
+                format = PEM;
+                return true;
+            } else {
+                errorMessage = "A JKS truststore needs a password and alias; " +
+                        "a PEM truststore needs a private key file.";
+                return false;
+            }
+        } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
+            format = PEM;
+            return true;
+        } else {
+            errorMessage = "A public certificate must be accompanied by a private key file.";
+            return false;
+        }
+    }
+}