ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-02-11 13:35:19 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add validation of support RIM in payload

Browse Source
This commit is contained in:
chubtub 2020-06-15 09:54:57 -04:00
parent c69affd4f6
commit 64ddc39c2c
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -75,6 +75,7 @@ import java.math.BigInteger;
import hirs.swid.xjc.Directory; import hirs.swid.xjc.Directory;
import hirs.swid.xjc.Entity; import hirs.swid.xjc.Entity;
import hirs.swid.xjc.Link; import hirs.swid.xjc.Link;
import hirs.swid.xjc.Meta;
import hirs.swid.xjc.ObjectFactory; import hirs.swid.xjc.ObjectFactory;
import hirs.swid.xjc.ResourceCollection; import hirs.swid.xjc.ResourceCollection;
import hirs.swid.xjc.SoftwareIdentity; import hirs.swid.xjc.SoftwareIdentity;
@ -229,6 +230,8 @@ public class SwidTagGateway {
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString()); System.out.println(si.toString());
Element file = (Element) document.getElementsByTagName("File").item(0);
validateFile(file);
System.out.println("Signature core validity: " + validateSignedXMLDocument(document)); System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
return true; return true;
} }
@ -430,7 +433,22 @@ public class SwidTagGateway {
return file; return file;
} }
/** /**
* This method validates a hirs.swid.xjc.File from an indirect payload
*/
private boolean validateFile(Element file) {
String filepath = file.getAttribute(SwidTagConstants.NAME);
System.out.println("Support rim found at " + filepath);
if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) {
System.out.println("Support RIM hash verified!");
return true;
} else {
System.out.println("Support RIM hash does not match Base RIM!");
return false;
}
}
/**
* This method creates a hirs.swid.xjc.File from a direct payload type. * This method creates a hirs.swid.xjc.File from a direct payload type.
* *
* @param jsonObject * @param jsonObject

6
tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
View File

@ -44,10 +44,8 @@ public class TestSwidTagGateway {
@Test @Test
public void testCreateBaseWithCert() throws URISyntaxException { public void testCreateBaseWithCert() throws URISyntaxException {
gateway.setDefaultCredentials(false); gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile( gateway.setPemCertificateFile(certificateFile);
Paths.get(this.getClass().getResource(certificateFile).toURI()).toString()); gateway.setPemPrivateKeyFile(privateKeyFile);
gateway.setPemPrivateKeyFile(
Paths.get(this.getClass().getResource(privateKeyFile).toURI()).toString());
gateway.generateSwidTag(DEFAULT_OUTPUT); gateway.generateSwidTag(DEFAULT_OUTPUT);
expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_WITH_CERT); expectedFile = (InputStream) TestSwidTagGateway.class.getClassLoader().getResourceAsStream(DEFAULT_WITH_CERT);
Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT)); Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));