mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Upgrade JCommander to support global argument validation. Replace CredentialArgumentValidator with CreateArgumentValidator.
This commit is contained in:
parent
5445278723
commit
6b76d873e6
@ -25,7 +25,7 @@ dependencyResolutionManagement {
|
|||||||
library('jakarta-servlet', 'org.glassfish.web:jakarta.servlet.jsp.jstl:3.0.0')
|
library('jakarta-servlet', 'org.glassfish.web:jakarta.servlet.jsp.jstl:3.0.0')
|
||||||
library('jakarta-api', 'jakarta.persistence:jakarta.persistence-api:3.1.0')
|
library('jakarta-api', 'jakarta.persistence:jakarta.persistence-api:3.1.0')
|
||||||
library('jakarta-xml', 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0')
|
library('jakarta-xml', 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0')
|
||||||
library('jcommander', 'com.beust:jcommander:1.82')
|
library('jcommander', 'org.jcommander:jcommander:1.83')
|
||||||
library('hibernate-core', 'org.hibernate:hibernate-core:6.1.7.Final')
|
library('hibernate-core', 'org.hibernate:hibernate-core:6.1.7.Final')
|
||||||
library('jackson-core', 'com.fasterxml.jackson.core', 'jackson-core').versionRef('jackson')
|
library('jackson-core', 'com.fasterxml.jackson.core', 'jackson-core').versionRef('jackson')
|
||||||
library('jackson-databind', 'com.fasterxml.jackson.core', 'jackson-databind').versionRef('jackson')
|
library('jackson-databind', 'com.fasterxml.jackson.core', 'jackson-databind').versionRef('jackson')
|
||||||
|
@ -28,7 +28,6 @@ public class Main {
|
|||||||
SwidTagGateway gateway;
|
SwidTagGateway gateway;
|
||||||
ReferenceManifestValidator validator;
|
ReferenceManifestValidator validator;
|
||||||
List<String> unknownOpts = commander.getUnknownOptions();
|
List<String> unknownOpts = commander.getUnknownOptions();
|
||||||
CredentialArgumentValidator credValidator;
|
|
||||||
|
|
||||||
if (!unknownOpts.isEmpty()) {
|
if (!unknownOpts.isEmpty()) {
|
||||||
StringBuilder sb = new StringBuilder("Unknown options encountered: ");
|
StringBuilder sb = new StringBuilder("Unknown options encountered: ");
|
||||||
@ -58,13 +57,7 @@ public class Main {
|
|||||||
String trustStore = commander.getTruststoreFile();
|
String trustStore = commander.getTruststoreFile();
|
||||||
validator.setRim(verifyFile);
|
validator.setRim(verifyFile);
|
||||||
validator.setRimEventLog(rimel);
|
validator.setRimEventLog(rimel);
|
||||||
credValidator = new CredentialArgumentValidator(trustStore,
|
validator.setTrustStoreFile(trustStore);
|
||||||
"","", true);
|
|
||||||
if (credValidator.isValid()) {
|
|
||||||
validator.setTrustStoreFile(trustStore);
|
|
||||||
} else {
|
|
||||||
exitWithErrorCode(credValidator.getErrorMessage());
|
|
||||||
}
|
|
||||||
if (validator.validateSwidtagFile(verifyFile)) {
|
if (validator.validateSwidtagFile(verifyFile)) {
|
||||||
System.out.println("Successfully verified " + verifyFile);
|
System.out.println("Successfully verified " + verifyFile);
|
||||||
} else {
|
} else {
|
||||||
@ -86,20 +79,16 @@ public class Main {
|
|||||||
case "BASE":
|
case "BASE":
|
||||||
gateway.setAttributesFile(attributesFile);
|
gateway.setAttributesFile(attributesFile);
|
||||||
gateway.setRimEventLog(rimEventLog);
|
gateway.setRimEventLog(rimEventLog);
|
||||||
credValidator = new CredentialArgumentValidator("" ,
|
|
||||||
certificateFile, privateKeyFile, false);
|
|
||||||
if (defaultKey){
|
if (defaultKey){
|
||||||
gateway.setDefaultCredentials(true);
|
gateway.setDefaultCredentials(true);
|
||||||
gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
|
gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
|
||||||
} else if (credValidator.isValid()) {
|
} else {
|
||||||
gateway.setDefaultCredentials(false);
|
gateway.setDefaultCredentials(false);
|
||||||
gateway.setPemCertificateFile(certificateFile);
|
gateway.setPemCertificateFile(certificateFile);
|
||||||
gateway.setPemPrivateKeyFile(privateKeyFile);
|
gateway.setPemPrivateKeyFile(privateKeyFile);
|
||||||
if (embeddedCert) {
|
if (embeddedCert) {
|
||||||
gateway.setEmbeddedCert(true);
|
gateway.setEmbeddedCert(true);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
exitWithErrorCode(credValidator.getErrorMessage());
|
|
||||||
}
|
}
|
||||||
List<String> timestampArguments = commander.getTimestampArguments();
|
List<String> timestampArguments = commander.getTimestampArguments();
|
||||||
if (timestampArguments.size() > 0) {
|
if (timestampArguments.size() > 0) {
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package hirs.swid.utils;
|
package hirs.swid.utils;
|
||||||
|
|
||||||
import com.beust.jcommander.Parameter;
|
import com.beust.jcommander.Parameter;
|
||||||
|
import com.beust.jcommander.Parameters;
|
||||||
import hirs.swid.SwidTagConstants;
|
import hirs.swid.SwidTagConstants;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@ -10,39 +11,40 @@ import java.util.List;
|
|||||||
* Commander is a class that handles the command line arguments for the SWID
|
* Commander is a class that handles the command line arguments for the SWID
|
||||||
* Tags gateway by implementing the JCommander package.
|
* Tags gateway by implementing the JCommander package.
|
||||||
*/
|
*/
|
||||||
|
@Parameters(parametersValidators = CreateArgumentValidator.class)
|
||||||
public class Commander {
|
public class Commander {
|
||||||
|
|
||||||
@Parameter(description = "This parameter catches all unrecognized arguments.")
|
@Parameter(description = "This parameter catches all unrecognized arguments.")
|
||||||
private List<String> unknownOptions = new ArrayList<>();
|
private List<String> unknownOptions = new ArrayList<>();
|
||||||
@Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
|
@Parameter(names = {"-h", "--help"}, help = true, description = "Print this help text.")
|
||||||
private boolean help;
|
private boolean help;
|
||||||
@Parameter(names = {"-c", "--create \"base\""}, order = 0,
|
@Parameter(names = {"-c", "--create"}, order = 0,
|
||||||
description = "The type of RIM to create. A base RIM will be created by default.")
|
description = "The type of RIM to create. A base RIM will be created by default.")
|
||||||
private String createType = "";
|
private String createType = "";
|
||||||
@Parameter(names = {"-v", "--verify <path>"}, validateWith = FileArgumentValidator.class,
|
@Parameter(names = {"-v", "--verify"}, validateWith = FileArgumentValidator.class,
|
||||||
description = "Specify a RIM file to verify.")
|
description = "Specify a RIM file to verify.")
|
||||||
private String verifyFile = "";
|
private String verifyFile = "";
|
||||||
@Parameter(names = {"-V", "--version"}, description = "Output the current version.")
|
@Parameter(names = {"-V", "--version"}, description = "Output the current version.")
|
||||||
private boolean version = false;
|
private boolean version = false;
|
||||||
@Parameter(names = {"-a", "--attributes <path>"}, validateWith = FileArgumentValidator.class,
|
@Parameter(names = {"-a", "--attributes"}, validateWith = FileArgumentValidator.class,
|
||||||
description = "The configuration file holding attributes "
|
description = "The configuration file holding attributes "
|
||||||
+ "to populate the base RIM with. An example file can be found in /opt/rimtool/data.")
|
+ "to populate the base RIM with. An example file can be found in /opt/rimtool/data.")
|
||||||
private String attributesFile = "";
|
private String attributesFile = "";
|
||||||
@Parameter(names = {"-o", "--out <path>"}, order = 2,
|
@Parameter(names = {"-o", "--out"}, order = 2,
|
||||||
description = "The file to write the RIM out to. "
|
description = "The file to write the RIM out to. "
|
||||||
+ "The RIM will be written to stdout by default.")
|
+ "The RIM will be written to stdout by default.")
|
||||||
private String outFile = "";
|
private String outFile = "";
|
||||||
@Parameter(names = {"--verbose"}, description = "Control output verbosity.")
|
@Parameter(names = {"--verbose"}, description = "Control output verbosity.")
|
||||||
private boolean verbose = false;
|
private boolean verbose = false;
|
||||||
@Parameter(names = {"-t", "--truststore <path>"}, validateWith = FileArgumentValidator.class,
|
@Parameter(names = {"-t", "--truststore"}, validateWith = FileArgumentValidator.class,
|
||||||
description = "The truststore to sign the base RIM created "
|
description = "The truststore to sign the base RIM created "
|
||||||
+ "or to validate the signed base RIM.")
|
+ "or to validate the signed base RIM.")
|
||||||
private String truststoreFile = "";
|
private String truststoreFile = "";
|
||||||
@Parameter(names = {"-k", "--privateKeyFile <path>"},
|
@Parameter(names = {"-k", "--privateKeyFile"},
|
||||||
validateWith = FileArgumentValidator.class,
|
validateWith = FileArgumentValidator.class,
|
||||||
description = "The private key used to sign the base RIM created by this tool.")
|
description = "The private key used to sign the base RIM created by this tool.")
|
||||||
private String privateKeyFile = "";
|
private String privateKeyFile = "";
|
||||||
@Parameter(names = {"-p", "--publicCertificate <path>"},
|
@Parameter(names = {"-p", "--publicCertificate"},
|
||||||
validateWith = FileArgumentValidator.class,
|
validateWith = FileArgumentValidator.class,
|
||||||
description = "The public key certificate to embed in the base RIM created by "
|
description = "The public key certificate to embed in the base RIM created by "
|
||||||
+ "this tool.")
|
+ "this tool.")
|
||||||
@ -53,7 +55,7 @@ public class Commander {
|
|||||||
@Parameter(names = {"-d", "--default-key"}, order = 8,
|
@Parameter(names = {"-d", "--default-key"}, order = 8,
|
||||||
description = "Use the JKS keystore installed in /opt/rimtool/data.")
|
description = "Use the JKS keystore installed in /opt/rimtool/data.")
|
||||||
private boolean defaultKey = false;
|
private boolean defaultKey = false;
|
||||||
@Parameter(names = {"-l", "--rimel <path>"}, validateWith = FileArgumentValidator.class,
|
@Parameter(names = {"-l", "--rimel"}, validateWith = FileArgumentValidator.class,
|
||||||
description = "The TCG eventlog file to use as a support RIM.")
|
description = "The TCG eventlog file to use as a support RIM.")
|
||||||
private String rimEventLog = "";
|
private String rimEventLog = "";
|
||||||
@Parameter(names = {"--timestamp"}, order = 10, variableArity = true,
|
@Parameter(names = {"--timestamp"}, order = 10, variableArity = true,
|
||||||
|
@ -0,0 +1,82 @@
|
|||||||
|
package hirs.swid.utils;
|
||||||
|
|
||||||
|
import com.beust.jcommander.IParametersValidator;
|
||||||
|
import com.beust.jcommander.ParameterException;
|
||||||
|
import lombok.extern.log4j.Log4j2;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class handles validating all arguments in the context of a create+sign function.
|
||||||
|
* The input arguments are checked that --verify is not also selected and that all
|
||||||
|
* required inputs for --create are present.
|
||||||
|
*/
|
||||||
|
@Log4j2
|
||||||
|
public class CreateArgumentValidator implements IParametersValidator {
|
||||||
|
String[] requiredArgs = {"--attributes", "--rimel"};
|
||||||
|
String errorMessage = "";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method validates the input parameter map.
|
||||||
|
* @param parameters
|
||||||
|
* Name-value-pairs of all parameters (e.g. "-host":"localhost").
|
||||||
|
*
|
||||||
|
* @throws ParameterException
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void validate(Map<String, Object> parameters) throws ParameterException {
|
||||||
|
if (isValueNotNull(parameters,"--create")) {
|
||||||
|
if (isValueNotNull(parameters,"--verify")) {
|
||||||
|
errorMessage += "Create and verify cannot be called together. ";
|
||||||
|
} else {
|
||||||
|
for (String arg : requiredArgs) {
|
||||||
|
if (!isValueNotNull(parameters, arg)) {
|
||||||
|
errorMessage += arg + " is required to create and sign a base RIM. ";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
validateSigningCredentials(parameters);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!errorMessage.isEmpty()) {
|
||||||
|
throw new ParameterException(errorMessage);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method checks the given key for a null value
|
||||||
|
* @param parameters map
|
||||||
|
* @param key the key to check
|
||||||
|
* @return true if not null, else false
|
||||||
|
*/
|
||||||
|
private boolean isValueNotNull(Map<String, Object> parameters, String key) {
|
||||||
|
Object object = parameters.get(key);
|
||||||
|
if (object == null) {
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void validateSigningCredentials(Map<String, Object> parameters) {
|
||||||
|
if (isValueNotNull(parameters, "--default-key") &&
|
||||||
|
(isValueNotNull(parameters, "--privateKeyFile") ||
|
||||||
|
isValueNotNull(parameters, "--publicCertificate"))) {
|
||||||
|
errorMessage += "Too many signing credentials given, either choose --default-key OR " +
|
||||||
|
"provide --privateKeyFile and --publicCertificate";
|
||||||
|
} else if (!isValueNotNull(parameters, "--default-key") &&
|
||||||
|
!isValueNotNull(parameters, "--privateKeyFile") &&
|
||||||
|
!isValueNotNull(parameters, "--publicCertificate")) {
|
||||||
|
errorMessage += "No signing credentials given, either choose --default-key OR " +
|
||||||
|
"provide --privateKeyFile and --publicCertificate";
|
||||||
|
} else {
|
||||||
|
if (!(isValueNotNull(parameters, "--privateKeyFile") &&
|
||||||
|
isValueNotNull(parameters, "--publicCertificate"))) {
|
||||||
|
if (isValueNotNull(parameters, "--privateKeyFile")) {
|
||||||
|
errorMessage += "A signing certificate is missing. ";
|
||||||
|
} else {
|
||||||
|
errorMessage += "A private key is missing. ";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user