In ReferenceManifestValidator, set the truststore for swidtag XML files, and check if it has already been set for signature validation; removed a duplicate digest command for calculating file hashes.

2025-02-20 17:52:47 +00:00 · 2023-12-14 13:25:25 -05:00 · 2023-12-14 13:25:25 -05:00 · 6c5a17a2f7
commit 6c5a17a2f7
parent 2ab1e548ce
2 changed files with 6 additions and 2 deletions
--- a/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
+++ b/HIRS_Utils/src/main/java/hirs/utils/rim/ReferenceManifestValidator.java
@ -210,7 +210,7 @@ public class ReferenceManifestValidator {
                log.error("Cannot validate RIM, signature element not found!");
                return false;
            }
-            if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
+            if (trustStore == null && trustStoreFile != null && !trustStoreFile.isEmpty()) {
                trustStore = parseCertificatesFromPem(trustStoreFile);
            }
            NodeList certElement = rim.getElementsByTagName("X509Certificate");
@ -251,6 +251,9 @@ public class ReferenceManifestValidator {
     */
    public boolean validateSwidtagFile(String path) {
        Element fileElement = (Element) rim.getElementsByTagName("File").item(0);
+        if (trustStoreFile != null && !trustStoreFile.isEmpty()) {
+            trustStore = parseCertificatesFromPem(trustStoreFile);
+        }
        X509Certificate signingCert = null;
        try {
            signingCert = getCertFromTruststore();
@ -337,7 +340,7 @@ public class ReferenceManifestValidator {
    private String getHashValue(final String filepath, final String sha) {
        try {
            MessageDigest md = MessageDigest.getInstance(sha);
-            byte[] bytes = md.digest(Files.readAllBytes(Paths.get(filepath)));
+            byte[] bytes = Files.readAllBytes(Paths.get(filepath));
            return getHashValue(bytes, sha);
        } catch (NoSuchAlgorithmException e) {
            log.warn(e.getMessage());
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java
@ -28,6 +28,7 @@ public class Main {
                String certificateFile = commander.getPublicCertificate();
                String trustStore = commander.getTruststoreFile();
                if (!verifyFile.isEmpty()) {
+                    validator.setRim(verifyFile);
                    if (!rimel.isEmpty()) {
                        validator.setRimEventLog(rimel);
                    }