ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-29 15:44:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add validation of support RIM in payload

Browse Source
This commit is contained in:
chubtub 2020-06-15 09:54:57 -04:00
parent c69affd4f6
commit 64ddc39c2c
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -75,6 +75,7 @@ import java.math.BigInteger;
import hirs.swid.xjc.Directory;
import hirs.swid.xjc.Entity;
import hirs.swid.xjc.Link;
import hirs.swid.xjc.Meta;
import hirs.swid.xjc.ObjectFactory;
import hirs.swid.xjc.ResourceCollection;
import hirs.swid.xjc.SoftwareIdentity;
@ -229,6 +230,8 @@ public class SwidTagGateway {
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString());
Element file = (Element) document.getElementsByTagName("File").item(0);
validateFile(file);
System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
return true;
}
@ -430,7 +433,22 @@ public class SwidTagGateway {
return file;
}
/**
/**
* This method validates a hirs.swid.xjc.File from an indirect payload
*/
private boolean validateFile(Element file) {
String filepath = file.getAttribute(SwidTagConstants.NAME);
System.out.println("Support rim found at " + filepath);
if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) {
System.out.println("Support RIM hash verified!");
return true;
} else {
System.out.println("Support RIM hash does not match Base RIM!");
return false;
}
}
/**
* This method creates a hirs.swid.xjc.File from a direct payload type.
*
* @param jsonObject

6
tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
View File

@ -44,10 +44,8 @@ public class TestSwidTagGateway {
@Test
public void testCreateBaseWithCert() throws URISyntaxException {
gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(
Paths.get(this.getClass().getResource(certificateFile).toURI()).toString());
gateway.setPemPrivateKeyFile(
Paths.get(this.getClass().getResource(privateKeyFile).toURI()).toString());
gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile);
gateway.generateSwidTag(DEFAULT_OUTPUT);
expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_WITH_CERT);
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));