From 64ddc39c2c0a0b779c12897945b7f81097ec8778 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Mon, 15 Jun 2020 09:54:57 -0400 Subject: [PATCH] Add validation of support RIM in payload --- .../main/java/hirs/swid/SwidTagGateway.java | 20 ++++++++++++++++++- .../java/hirs/swid/TestSwidTagGateway.java | 6 ++---- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 05ac3b27..f57e875d 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -75,6 +75,7 @@ import java.math.BigInteger; import hirs.swid.xjc.Directory; import hirs.swid.xjc.Entity; import hirs.swid.xjc.Link; +import hirs.swid.xjc.Meta; import hirs.swid.xjc.ObjectFactory; import hirs.swid.xjc.ResourceCollection; import hirs.swid.xjc.SoftwareIdentity; @@ -229,6 +230,8 @@ public class SwidTagGateway { si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); System.out.println(si.toString()); + Element file = (Element) document.getElementsByTagName("File").item(0); + validateFile(file); System.out.println("Signature core validity: " + validateSignedXMLDocument(document)); return true; } @@ -430,7 +433,22 @@ public class SwidTagGateway { return file; } - /** + /** + * This method validates a hirs.swid.xjc.File from an indirect payload + */ + private boolean validateFile(Element file) { + String filepath = file.getAttribute(SwidTagConstants.NAME); + System.out.println("Support rim found at " + filepath); + if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) { + System.out.println("Support RIM hash verified!"); + return true; + } else { + System.out.println("Support RIM hash does not match Base RIM!"); + return false; + } + } + + /** * This method creates a hirs.swid.xjc.File from a direct payload type. * * @param jsonObject diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java index a50cc0e3..5088f876 100644 --- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java +++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java @@ -44,10 +44,8 @@ public class TestSwidTagGateway { @Test public void testCreateBaseWithCert() throws URISyntaxException { gateway.setDefaultCredentials(false); - gateway.setPemCertificateFile( - Paths.get(this.getClass().getResource(certificateFile).toURI()).toString()); - gateway.setPemPrivateKeyFile( - Paths.get(this.getClass().getResource(privateKeyFile).toURI()).toString()); + gateway.setPemCertificateFile(certificateFile); + gateway.setPemPrivateKeyFile(privateKeyFile); gateway.generateSwidTag(DEFAULT_OUTPUT); expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_WITH_CERT); Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));