Merge pull request #262 from nsacyber/issue-257

[#257] Changes for 2.0 beta
This commit is contained in:
iadgovuser26 2020-06-16 09:08:54 -04:00 committed by GitHub
commit 908c49e54f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 177 additions and 94 deletions

View File

@ -6,10 +6,8 @@ repositories {
} }
dependencies { dependencies {
compile libs.minimal_json compile 'com.eclipsesource.minimal-json:minimal-json:0.9.5', 'com.beust:jcommander:1.72', 'org.bouncycastle:bcmail-jdk15on:1.59'
compile libs.jcommander testCompile 'org.testng:testng:6.8.8'
compile libs.bouncy_castle
testCompile libs.testng
} }
jar { jar {

View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns2:SoftwareIdentity xmlns:ns2="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true">
<Signature>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>gLCM4kz8qvB6JkV+yDnv3KzqEloiSsBik2OeyBOSw/A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>a+kmQfOSpSaMnazRJIOq2349Iuskpan4vh0N4dobjJ8Tb3lPjf97YiqgFsoSm5uydOPXs/lkN51g
Ox9CCBZ2bquDuuBPpAq5IQ3wZ28G+DYzva+pz7EHKge3gIRzMKjCyDx4bjn+3GUeg+A4KNHNcUfi
qkDVi3245/4IC/nIzm6a+3qVqsYH4mLqp1yO/Xbuqvkc5X0GobGIO6EOhXxuBii6O7GGv+cIVp3v
Xdd9zIwFVedeqeYextz5EDzDNHittmtNd+KEl0N3/45aXGDiRFiuiNy/sf7KR+wutbwJV7RlaDN7
QEaanCXCs6h5PehTh8EDEE9atceBS7IBje0dtw==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</ns2:SoftwareIdentity>

View File

@ -6,7 +6,7 @@ pushd $SCRIPT_DIR
name="tcg_rim_tool" name="tcg_rim_tool"
tar -cf $name.tar build.gradle gradle* src/ docs/ tar -cf $name.tar build.gradle gradle* src/ docs/ rim_fields.json keystore.jks
gzip $name.tar gzip $name.tar
if [ -d rpmbuild ]; then if [ -d rpmbuild ]; then
rm -rf rpmbuild rm -rf rpmbuild

View File

@ -52,8 +52,11 @@ public class CredentialParser {
publicKey = certificate.getPublicKey(); publicKey = certificate.getPublicKey();
} }
public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws FileNotFoundException { public void parsePEMCredentials(String certificateFile, String privateKeyFile) throws CertificateException, FileNotFoundException {
certificate = parsePEMCertificate(certificateFile); certificate = parsePEMCertificate(certificateFile);
if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
throw new CertificateException("Signing certificate cannot be self-signed!");
}
privateKey = parsePEMPrivateKey(privateKeyFile, "RSA"); privateKey = parsePEMPrivateKey(privateKeyFile, "RSA");
publicKey = certificate.getPublicKey(); publicKey = certificate.getPublicKey();
} }

View File

@ -21,8 +21,8 @@ public class Main {
if (!commander.getVerifyFile().isEmpty()) { if (!commander.getVerifyFile().isEmpty()) {
System.out.println(commander.toString()); System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile(); String verifyFile = commander.getVerifyFile();
String publicCertificate = commander.getPublicCertificate(); //String publicCertificate = commander.getPublicCertificate();
if (!verifyFile.isEmpty() && !publicCertificate.isEmpty()) { if (!verifyFile.isEmpty()) {
try { try {
gateway.validateSwidTag(verifyFile); gateway.validateSwidTag(verifyFile);
} catch (IOException e) { } catch (IOException e) {
@ -30,7 +30,7 @@ public class Main {
System.exit(1); System.exit(1);
} }
} else { } else {
System.out.println("Need both a RIM file to validate and a public certificate to validate with!"); System.out.println("Need a RIM file to validate!");
System.exit(1); System.exit(1);
} }
} else { } else {
@ -39,6 +39,7 @@ public class Main {
String attributesFile = commander.getAttributesFile(); String attributesFile = commander.getAttributesFile();
String certificateFile = commander.getPublicCertificate(); String certificateFile = commander.getPublicCertificate();
String privateKeyFile = commander.getPrivateKeyFile(); String privateKeyFile = commander.getPrivateKeyFile();
String rimEventLog = commander.getRimEventLog();
switch (createType) { switch (createType) {
case "BASE": case "BASE":
if (!attributesFile.isEmpty()) { if (!attributesFile.isEmpty()) {
@ -49,12 +50,14 @@ public class Main {
gateway.setPemCertificateFile(certificateFile); gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile); gateway.setPemPrivateKeyFile(privateKeyFile);
} }
if (rimEventLog.isEmpty()) {
System.out.println("Error: a support RIM is required!");
System.exit(1);
} else {
gateway.setRimEventLog(rimEventLog);
}
gateway.generateSwidTag(commander.getOutFile()); gateway.generateSwidTag(commander.getOutFile());
break; break;
case "EVENTLOG":
break;
case "PCR":
break;
} }
} }
} }

View File

@ -15,7 +15,7 @@ public class SwidTagConstants {
public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks"; public static final String DEFAULT_KEYSTORE_PATH = "keystore.jks";
public static final String DEFAULT_KEYSTORE_PASSWORD = "password"; public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned"; public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
public static final String DEFAULT_ATTRIBUTES_FILE = "/etc/hirs/rim_fields.json"; public static final String DEFAULT_ATTRIBUTES_FILE = "rim_fields.json";
public static final String DEFAULT_ENGLISH = "en"; public static final String DEFAULT_ENGLISH = "en";
public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

View File

@ -42,6 +42,7 @@ import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import hirs.swid.utils.HashSwid;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
@ -59,6 +60,8 @@ import java.nio.file.Files;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.*; import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
@ -72,6 +75,7 @@ import java.math.BigInteger;
import hirs.swid.xjc.Directory; import hirs.swid.xjc.Directory;
import hirs.swid.xjc.Entity; import hirs.swid.xjc.Entity;
import hirs.swid.xjc.Link; import hirs.swid.xjc.Link;
import hirs.swid.xjc.Meta;
import hirs.swid.xjc.ObjectFactory; import hirs.swid.xjc.ObjectFactory;
import hirs.swid.xjc.ResourceCollection; import hirs.swid.xjc.ResourceCollection;
import hirs.swid.xjc.SoftwareIdentity; import hirs.swid.xjc.SoftwareIdentity;
@ -100,6 +104,7 @@ public class SwidTagGateway {
private boolean defaultCredentials; private boolean defaultCredentials;
private String pemPrivateKeyFile; private String pemPrivateKeyFile;
private String pemCertificateFile; private String pemCertificateFile;
private String rimEventLog;
/** /**
* Default constructor initializes jaxbcontext, marshaller, and unmarshaller * Default constructor initializes jaxbcontext, marshaller, and unmarshaller
@ -142,13 +147,22 @@ public class SwidTagGateway {
this.pemPrivateKeyFile = pemPrivateKeyFile; this.pemPrivateKeyFile = pemPrivateKeyFile;
} }
/** Setter for certificate file in PEM format /**
* Setter for certificate file in PEM format
* @param pemCertificateFile * @param pemCertificateFile
*/ */
public void setPemCertificateFile(String pemCertificateFile) { public void setPemCertificateFile(String pemCertificateFile) {
this.pemCertificateFile = pemCertificateFile; this.pemCertificateFile = pemCertificateFile;
} }
/**
* Setter for event log support RIM
* @param rimEventLog
*/
public void setRimEventLog(String rimEventLog) {
this.rimEventLog = rimEventLog;
}
/** /**
* This method generates a base RIM from the values in a JSON file. * This method generates a base RIM from the values in a JSON file.
* *
@ -174,10 +188,7 @@ public class SwidTagGateway {
createSoftwareMeta(configProperties.get(SwidTagConstants.META).asObject())); createSoftwareMeta(configProperties.get(SwidTagConstants.META).asObject()));
swidTag.getEntityOrEvidenceOrLink().add(meta); swidTag.getEntityOrEvidenceOrLink().add(meta);
//File //File
hirs.swid.xjc.File file = createFile( hirs.swid.xjc.File file = createFile();
configProperties.get(SwidTagConstants.PAYLOAD).asObject()
.get(SwidTagConstants.DIRECTORY).asObject()
.get(SwidTagConstants.FILE).asObject());
//Directory //Directory
Directory directory = createDirectory( Directory directory = createDirectory(
configProperties.get(SwidTagConstants.PAYLOAD).asObject() configProperties.get(SwidTagConstants.PAYLOAD).asObject()
@ -219,6 +230,8 @@ public class SwidTagGateway {
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString()); System.out.println(si.toString());
Element file = (Element) document.getElementsByTagName("File").item(0);
validateFile(file);
System.out.println("Signature core validity: " + validateSignedXMLDocument(document)); System.out.println("Signature core validity: " + validateSignedXMLDocument(document));
return true; return true;
} }
@ -405,13 +418,42 @@ public class SwidTagGateway {
return directory; return directory;
} }
/** /**
* This method creates a hirs.swid.xjc.File from three arguments, then calculates * This method creates a hirs.swid.xjc.File from an indirect payload type by
* and stores its hash as an attribute in itself. * calculating the hash of a given event log support RIM.
*/
private hirs.swid.xjc.File createFile() {
hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(rimEventLog);
File rimEventLogFile = new File(rimEventLog);
file.setSize(new BigInteger(Long.toString(rimEventLogFile.length())));
Map<QName, String> attributes = file.getOtherAttributes();
addNonNullAttribute(attributes, _SHA256_HASH, HashSwid.get256Hash(rimEventLog));
return file;
}
/**
* This method validates a hirs.swid.xjc.File from an indirect payload
*/
private boolean validateFile(Element file) {
String filepath = file.getAttribute(SwidTagConstants.NAME);
System.out.println("Support rim found at " + filepath);
if (HashSwid.get256Hash(filepath).equals(file.getAttribute(_SHA256_HASH.getPrefix() + ":" + _SHA256_HASH.getLocalPart()))) {
System.out.println("Support RIM hash verified!");
return true;
} else {
System.out.println("Support RIM hash does not match Base RIM!");
return false;
}
}
/**
* This method creates a hirs.swid.xjc.File from a direct payload type.
* *
* @param jsonObject * @param jsonObject
* @return hirs.swid.xjc.File object from File object * @return hirs.swid.xjc.File object from File object
*/ *
private hirs.swid.xjc.File createFile(JsonObject jsonObject) { private hirs.swid.xjc.File createFile(JsonObject jsonObject) {
hirs.swid.xjc.File file = objectFactory.createFile(); hirs.swid.xjc.File file = objectFactory.createFile();
file.setName(jsonObject.getString(SwidTagConstants.NAME, "")); file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
@ -423,7 +465,7 @@ public class SwidTagGateway {
addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, "")); addNonNullAttribute(attributes, SwidTagConstants._SUPPORT_RIM_URI_GLOBAL, jsonObject.getString(SwidTagConstants.SUPPORT_RIM_URI_GLOBAL, ""));
return file; return file;
} }*/
private void addNonNullAttribute(Map<QName, String> attributes, QName key, String value) { private void addNonNullAttribute(Map<QName, String> attributes, QName key, String value) {
if (!value.isEmpty()) { if (!value.isEmpty()) {
@ -492,6 +534,8 @@ public class SwidTagGateway {
System.out.println(e.getMessage()); System.out.println(e.getMessage());
} catch (KeyException e) { } catch (KeyException e) {
System.out.println("Error setting public key in KeyValue: " + e.getMessage()); System.out.println("Error setting public key in KeyValue: " + e.getMessage());
} catch (CertificateException e) {
System.out.println(e.getMessage());
} catch (JAXBException e) { } catch (JAXBException e) {
System.out.println("Error marshaling signed swidtag: " + e.getMessage()); System.out.println("Error marshaling signed swidtag: " + e.getMessage());
} catch (MarshalException | XMLSignatureException e) { } catch (MarshalException | XMLSignatureException e) {
@ -622,7 +666,8 @@ public class SwidTagGateway {
*/ */
private Document removeXMLWhitespace(String path) throws IOException { private Document removeXMLWhitespace(String path) throws IOException {
TransformerFactory tf = TransformerFactory.newInstance(); TransformerFactory tf = TransformerFactory.newInstance();
Source source = new StreamSource(new File("identity_transform.xslt")); Source source = new StreamSource(
SwidTagGateway.class.getClassLoader().getResourceAsStream("identity_transform.xslt"));
Document document = null; Document document = null;
File input = new File(path); File input = new File(path);
if (input.length() > 0) { if (input.length() > 0) {

View File

@ -35,10 +35,10 @@ public class Commander {
description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " + description = "The public key certificate used to verify a RIM file or to embed in a signed RIM. " +
"A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.") "A signed RIM generated by this tool by default will not show the signing certificate without this parameter present.")
private String publicCertificate = ""; private String publicCertificate = "";
/*
@Parameter(names = {"-l", "--rimel <path>"}, order = 6, @Parameter(names = {"-l", "--rimel <path>"}, order = 6,
description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.") description = "The TCG eventlog file to use as a support RIM. By default the last system eventlog will be used.")
private String rimEventLog = ""; private String rimEventLog = "";
/*
@Parameter(names = {"-t", "--rimpcr <path>"}, order = 7, @Parameter(names = {"-t", "--rimpcr <path>"}, order = 7,
description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.") description = "The file containing TPM PCR values to use as a support RIM. By default the current platform TPM will be used.")
private String rimPcrs = ""; private String rimPcrs = "";
@ -76,11 +76,9 @@ public class Commander {
public String getPublicCertificate() { public String getPublicCertificate() {
return publicCertificate; return publicCertificate;
} }
/*
public String getRimEventLog() {
return rimEventLog;
}
public String getRimEventLog() { return rimEventLog; }
/*
public String getRimPcrs() { public String getRimPcrs() {
return rimPcrs; return rimPcrs;
} }
@ -98,10 +96,10 @@ public class Commander {
sb.append("Create a base RIM using the values in attributes.json; " + sb.append("Create a base RIM using the values in attributes.json; " +
"sign it with the default keystore, alias, and password;\n"); "sign it with the default keystore, alias, and password;\n");
sb.append("and write the data to base_rim.swidtag:\n\n"); sb.append("and write the data to base_rim.swidtag:\n\n");
sb.append("\t\t-c base -a attributes.json -o base_rim.swidtag\n\n\n"); sb.append("\t\t-c base -a attributes.json -l support_rim.swidtag -o base_rim.swidtag\n\n\n");
sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n"); sb.append("Create a base RIM using the default attribute values; sign it using privateKey.pem;\n");
sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n"); sb.append("and write the data to console output, to include cert.pem in the signature block:\n\n");
sb.append("\t\t-c base -k privateKey.pem -p cert.pem\n\n\n"); sb.append("\t\t-c base -l support_rim.swidtag -k privateKey.pem -p cert.pem\n\n\n");
return sb.toString(); return sb.toString();
} }
@ -113,8 +111,8 @@ public class Commander {
sb.append("Verify file: " + getVerifyFile() + System.lineSeparator()); sb.append("Verify file: " + getVerifyFile() + System.lineSeparator());
sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator()); sb.append("Private key file: " + getPrivateKeyFile() + System.lineSeparator());
sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator()); sb.append("Public certificate: " + getPublicCertificate() + System.lineSeparator());
/*
sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator()); sb.append("Event log support RIM: " + getRimEventLog() + System.lineSeparator());
/*
sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator()); sb.append("TPM PCRs support RIM: " + getRimPcrs() + System.lineSeparator());
sb.append("Base RIM to be signed: " + getToBeSigned() + System.lineSeparator()); sb.append("Base RIM to be signed: " + getToBeSigned() + System.lineSeparator());
sb.append("External signature file: " + getSignatureData() + System.lineSeparator()); sb.append("External signature file: " + getSignatureData() + System.lineSeparator());

View File

@ -4,6 +4,8 @@ import java.io.BufferedInputStream;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Base64; import java.util.Base64;
@ -24,8 +26,8 @@ public class HashSwid {
* @param value * @param value
* @return * @return
*/ */
public static String get256Hash(String value) { public static String get256Hash(String filepath) {
return getHashValue(value, SHA256); return getHashValue(filepath, SHA256);
} }
/** /**
@ -33,8 +35,8 @@ public class HashSwid {
* @param value * @param value
* @return * @return
*/ */
public String get384Hash(String value) { public String get384Hash(String filepath) {
return getHashValue(value, SHA384); return getHashValue(filepath, SHA384);
} }
/** /**
@ -42,24 +44,28 @@ public class HashSwid {
* @param value * @param value
* @return * @return
*/ */
public String get512Hash(String value) { public String get512Hash(String filepath) {
return getHashValue(value, SHA512); return getHashValue(filepath, SHA512);
} }
/** /**
* This method creates the hash based on the provided algorithm and salt * This method creates the hash based on the provided algorithm and salt
* only accessible through helper methods. * only accessible through helper methods.
* *
* @param value string object to hash * This method assumes an input file that is small enough to read in its
* entirety. Large files should be handled similarly to the public static
* getHashValue() below.
*
* @param filepath file contents to hash
* @param salt random value to make the hash stronger * @param salt random value to make the hash stronger
* @param sha the algorithm to use for the hash * @param sha the algorithm to use for the hash
* @return * @return
*/ */
private static String getHashValue(String value, String sha) { private static String getHashValue(String filepath, String sha) {
String resultString = null; String resultString = null;
try { try {
MessageDigest md = MessageDigest.getInstance(sha); MessageDigest md = MessageDigest.getInstance(sha);
byte[] bytes = md.digest(value.getBytes(ENCODING)); byte[] bytes = md.digest(Files.readAllBytes(Paths.get(filepath)));
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
for (int i = 0; i < bytes.length; i++) { for (int i = 0; i < bytes.length; i++) {
@ -68,6 +74,8 @@ public class HashSwid {
resultString = sb.toString(); resultString = sb.toString();
} catch (UnsupportedEncodingException | NoSuchAlgorithmException grex) { } catch (UnsupportedEncodingException | NoSuchAlgorithmException grex) {
System.out.println(grex.getMessage()); System.out.println(grex.getMessage());
} catch (IOException e) {
System.out.println("Error reading in file to hash: " + e.getMessage());
} }
return resultString; return resultString;

View File

@ -5,7 +5,9 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.file.Paths;
import java.util.Scanner; import java.util.Scanner;
import java.net.URISyntaxException;
import org.testng.Assert; import org.testng.Assert;
import org.testng.annotations.BeforeClass; import org.testng.annotations.BeforeClass;
@ -19,11 +21,13 @@ public class TestSwidTagGateway {
private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag"; private final String DEFAULT_NO_CERT = "generated_no_cert.swidtag";
private final String certificateFile = "RimSignCert.pem"; private final String certificateFile = "RimSignCert.pem";
private final String privateKeyFile = "privateRimKey.pem"; private final String privateKeyFile = "privateRimKey.pem";
private final String supportRimFile = "TpmLog.bin";
private InputStream expectedFile; private InputStream expectedFile;
@BeforeClass @BeforeClass
public void setUp() throws Exception { public void setUp() throws Exception {
gateway = new SwidTagGateway(); gateway = new SwidTagGateway();
gateway.setRimEventLog(supportRimFile);
} }
@AfterClass @AfterClass
@ -38,7 +42,7 @@ public class TestSwidTagGateway {
* -c base -k privateRimKey.pem -p RimSignCert.pem * -c base -k privateRimKey.pem -p RimSignCert.pem
*/ */
@Test @Test
public void testCreateBaseWithCert() { public void testCreateBaseWithCert() throws URISyntaxException {
gateway.setDefaultCredentials(false); gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(certificateFile); gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile); gateway.setPemPrivateKeyFile(privateKeyFile);

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI
UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z
MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu
UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk
SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
/nBaccZDOjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cx
j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ
ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM
PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n
us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s
8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA
A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo
KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib
NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz
O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ
0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
crTLeyFynlKxuCfDnr1SAHDM65BY
-----END CERTIFICATE-----

Binary file not shown.

View File

@ -5,7 +5,7 @@
<Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/> <Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
<Payload> <Payload>
<Directory name="iotBase"> <Directory name="iotBase">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/> <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
</Directory> </Directory>
</Payload> </Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue> <DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg <SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue> y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName> <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue> <KeyValue>

View File

@ -5,7 +5,7 @@
<Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/> <Meta xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" rim:bindingSpec="IOT RIM" rim:bindingSpecVersion="1.2" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:rimLinkHash="88f21d8e44d4271149297404df91caf207130bfa116582408abd04ede6db7f51"/>
<Payload> <Payload>
<Directory name="iotBase"> <Directory name="iotBase">
<File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="688e293e3ccb522f6cf8a027c9ade7960f84bd0bf3a0b99812bc1fa498a2db8d" name="Example.com.iotBase.bin" size="15400"/> <File xmlns:SHA256="http://www.w3.org/2001/04/xmlenc#sha256" SHA256:hash="8c6eb10211067d48734c393de37b52303658492457e6222e23dafa6b52486022" name="TpmLog.bin" size="7549"/>
</Directory> </Directory>
</Payload> </Payload>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>e3V54WPCVKryiRHONI37GttXgePQDEYz1GGPcpity5E=</DigestValue> <DigestValue>h/jXVVy84NklF+ym8qeNfDEohLKKNLhr35iZ6vage7M=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>OMPKPXsLr0wbtQuUTlGAD9W0fkqmw8XJ3nQHc/LsRpzCZWdN/xtfxe3JleLbXcUt4PItqj1uB5Eg <SignatureValue>huu759PPTMaugu+6/c3JAv/Cb6eCiRxK5i5Mx2IpptDDjbDh9P1931KPEivmG8eZHgbGRFDgUviB
8iBWyBSy+WJYvsoROjLjZ1sUQ92jMdCO69uBjaIihn1HS2H/YnB4trjc92AUIdhoJZt9KF90IlJQ qHcvd4A8KpIdx1GfebPBGBVqnAHvIgAQp1ZOMFIjtYsJTFKrwG12Yc7uA8qdGLCXZ8OlEvim3P/9
zu3HTmQfeRYs/c6Ck1k3bL1jnyWoNzhBqCuPYrZtPbv9opVP0YOxM5IjRkRgkZIDgYbh1k4WXw8O VECXziVXAaEdC4IlaAt86XfbK+z5r2hFKSErYJZws45x1oZcBVXo9wZd7x0EyU0rMTGQbV5QbDsP
/iIMZuVJDfKQJSNCTAZsIbUatGDQc/nOihLHdI90wG8zu9amgrl1AEKzH8z864Fan5uuXolfAaak LOuWmG2t9jlR7Yu7gxJbhFrPJdI/Q6+JsmsnqKB47dVtXCp84lrlZg48S/nZ0OC62EmEHvzilx4C
sLJl6RPCNcp+JNCXMMZiS8bmYPQnVJc1ze0I1A==</SignatureValue> y2fM/M0LbkZc5Ms8HD92YBsNF3UL3bHxnJT+YQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<X509Data> <X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName> <X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>

View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCndZVhpEkbsQAG
NsB2oNhlcVJNXWcdj06X0Dn5by3nHAFcGvJkIZbEREavkCvIpY/F36rOOP5wWnHG
Qzo3XyMSFAjH8IRl48QmqmW4E7nDbBMQ57uGq0xq2qAMMx4NHFS4ik/wsY/TS+HX
DIMUV7D3R3129Pdtwu8WHdrdqn1tObpoGo+6nkJenOvAhTbBl+CQPK1hUGb7xseQ
xpSuCk3Iz7kECDbOX8WrDSqi2Noavs/Nsf66sK9oZsosw+haRUsiAATxDD3wdN+h
hIUcLtVhDJKvMiKdo4EVKBWJHvaQd6YfaVaMNB4eJjRUig+KT+NVUimNZ7rPN5nZ
LrpD8uaNAgMBAAECggEAcnG8npd9U0x7HMQMcsZoPaPdwHvF/gCzkLNA+8RM1bZh
A4ZzA5WlCQs0V8Wq9pyXjn7Wp8txsG1PdlT5k2AUgsVoXuR0R4IKyvYHQG9StEjH
GvWURmwJdLlnSg8hSYqEJ/52taNUDO6+MI8fgiaQDd8w0ryF4OCpLy9GJdnfkGYZ
Ayemb3USFUdj/S67NVqxnvAfFMM5FqkKGhkoy7wBRgO6eOeJvoTq8LMiPiponwwF
DW409ZStbrk1f1Oszst/UvFUWA9BdDfeoPmFR61y3eB5zlMQG8Mhr2v5hvkj9TPX
FU4Fm4EzZ1h/60cdWoP6XYCP7F2NqZ8N8u4UBQNAIQKBgQDcGIw5GJEvRF+FFTTR
hYatMRn80DGTVjdT32MgajdKx05OWxBmQsFob34fiSnr0wAXPJeDXG4ruMBE2bSk
EC8rCO08G8ihQoH8x0cvuERe1fpVWk3RWNucVGIiJSEXAIwWrlYZLTfYd5GqBkPE
OQxxo4MtOyqeHmVH1mOywk9ABQKBgQDCxt95luzqQZV9Xl78QQvOIbjOdHLjY23Z
yp8sGt9birL/WZ33TCRgmH1e61BdrSqO7Om/ail2Y59XM5UU6kLbDj0IgmOPTsrJ
JmIVf8r3bKltVUaLePgr4yex7dmtHRH8OkLXKnE0RCO0kCi9kJMB12yE3pWxk+Pu
zztQd3a66QKBgBNJd2g9deONe01fOVyu9clRhzR3ThDaOkj4R2h8xlGgO4V0R3Ce
ovIy6vt6epj2yYg/wAs720+rhfXCmijSXj/ILXnZ+W/gMyHimKNe42boG2LFYhJZ
Vg1R+7OAS3EHlD8ckeDs7Hrkp3gdymx0j1mZ+ZHKIIbwpPFxoRT2IBm9AoGBAI0Z
bIK0puP8psKvPrgWluq42xwUl7XKLaX8dtqIjQ3PqGP7E8g2TJP9Y7UDWrDB5Xas
gZi821R8Ts3o/DKukcgGxIgJjP4f4h9dwug4L1yWRxaBFB2tgHqqj/MBjxMtX/4M
Zqdgg6mNQyBm3lyVAynuWRrX9DE0JYa2cQ2VvVkhAoGBAMBv/oT813w00759PmkO
Uxv3LXTJuYBbq0Rmga25jN3ow8LrGQdSVg7F/af3I5KUF7mLiegDy1pkRfauyXH7
+WhEqnf86vDrzPpytDMxinWOQZusCqeWHb+nuVTuL3Fv+GxEdwVGYI/7lFJ7B//h
P5rU93ZoYY7sWcGVqaaEkMRU
-----END PRIVATE KEY-----

View File

@ -16,17 +16,25 @@ This tool will generate a root RIM file for PC clients in accordance with the sc
%prep %prep
%setup -q -c -n %{name} %setup -q -c -n %{name}
%pre
rm -f /opt/hirs/rimtool/%{name}*.jar
%build %build
./gradlew build ./gradlew build
%install %install
mkdir -p %{buildroot}/opt/hirs/rim/ mkdir -p %{buildroot}/opt/hirs/rimtool/
cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rim/ cp build/libs/%{name}-%{version}.jar %{buildroot}/opt/hirs/rimtool/
cp ./rim_fields.json %{buildroot}/opt/hirs/rimtool/
cp ./keystore.jks %{buildroot}/opt/hirs/rimtool/
%files %files
/opt/hirs/rim/%{name}-%{version}.jar /opt/hirs/rimtool/%{name}-%{version}.jar
/opt/hirs/rimtool/rim_fields.json
/opt/hirs/rimtool/keystore.jks
%changelog %changelog
* Mon Jun 15 2020 chubtub
- First release
* Mon Jan 6 2020 chubtub * Mon Jan 6 2020 chubtub
- First change - First change