From 9d35b3c17a49d10e0102c928ea3960c38c7bd661 Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Thu, 13 Apr 2023 00:14:15 -0400 Subject: [PATCH] Modify gateway class to generate a detached signature for a signed swidtag. Created new unit test and updated test resource files. --- .../src/main/java/hirs/swid/Main.java | 64 +++++++------------ .../main/java/hirs/swid/SwidTagGateway.java | 17 +---- .../main/java/hirs/swid/utils/Commander.java | 3 +- .../swid/utils/FileArgumentValidator.java | 24 +++++++ .../java/hirs/swid/TestSwidTagGateway.java | 18 ++++++ .../resources/generated_default_cert.swidtag | 14 ++-- .../generated_timestamp_rfc3339.swidtag | 14 ++-- .../generated_timestamp_rfc3852.swidtag | 14 ++-- .../resources/generated_user_cert.swidtag | 14 ++-- .../generated_user_cert_embed.swidtag | 14 ++-- 10 files changed, 104 insertions(+), 92 deletions(-) create mode 100644 tools/tcg_rim_tool/src/main/java/hirs/swid/utils/FileArgumentValidator.java diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java index 7f8f38d8..65ea328f 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java @@ -54,8 +54,28 @@ public class Main { privateKeyFile = commander.getPrivateKeyFile(); boolean embeddedCert = commander.isEmbedded(); boolean defaultKey = commander.isDefaultKey(); + String outputFile = commander.getOutFile(); + if (!trustStoreFile.isEmpty()) { + gateway.setDefaultCredentials(true); + gateway.setJksTruststoreFile(trustStoreFile); + } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { + gateway.setDefaultCredentials(false); + gateway.setPemCertificateFile(certificateFile); + gateway.setPemPrivateKeyFile(privateKeyFile); + if (embeddedCert) { + gateway.setEmbeddedCert(true); + } + } else if (defaultKey) { + gateway.setDefaultCredentials(true); + gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE); + } else { + System.out.println("A private key (-k) and public certificate (-p) " + + "are required, or the default key (-d) must be indicated."); + System.exit(1); + } if (!commander.getSignFile().isEmpty()) { - + Document doc = gateway.signXMLDocument(commander.getSignFile()); + gateway.writeSwidTagFile(doc, outputFile); } else { String createType = commander.getCreateType().toUpperCase(); String attributesFile = commander.getAttributesFile(); @@ -95,51 +115,11 @@ public class Main { System.exit(1); } } - gateway.generateSwidTag(commander.getOutFile()); } else { System.out.println("No create type given, nothing to do"); System.exit(1); } - } - if (!trustStoreFile.isEmpty()) { - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(trustStoreFile); - } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { - gateway.setDefaultCredentials(false); - gateway.setPemCertificateFile(certificateFile); - gateway.setPemPrivateKeyFile(privateKeyFile); - if (embeddedCert) { - gateway.setEmbeddedCert(true); - } - } else if (defaultKey) { - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE); - } else { - System.out.println("A private key (-k) and public certificate (-p) " + - "are required, or the default key (-d) must be indicated."); - System.exit(1); - } - if (!commander.getSignFile().isEmpty()) { - Document doc = gateway.signXMLDocument(commander.getSignFile()); - gateway.writeSwidTagFile(doc, ""); - } else { - String createType = commander.getCreateType().toUpperCase(); - String attributesFile = commander.getAttributesFile(); - if (createType.equals("BASE")) { - if (!attributesFile.isEmpty()) { - gateway.setAttributesFile(attributesFile); - } - if (!rimEventLogFile.isEmpty()) { - gateway.setRimEventLog(rimEventLogFile); - } else { - System.out.println("Error: a support RIM is required!"); - System.exit(1); - } - } else { - System.out.println("No create type given, nothing to do"); - System.exit(1); - } - gateway.generateSwidTag(commander.getOutFile()); + gateway.generateSwidTag(outputFile); } } } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 1469326f..81f8043b 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -600,7 +600,6 @@ public class SwidTagGateway { .getNamedItem("id").getNodeValue(); //Create signature with a reference to SoftwareIdentity id - System.out.println("Referencing SoftwareIdentity with id " + softwareIdentityId); XMLSignatureFactory sigFactory = null; SignedInfo signedInfo = null; try { @@ -655,17 +654,8 @@ public class SwidTagGateway { } KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements); - Document detachedSignature = null; - try { - detachedSignature = DocumentBuilderFactory.newInstance() - .newDocumentBuilder().newDocument(); - } catch (ParserConfigurationException e) { - System.out.println("Error creating new document object: " + e.getMessage()); - } - detachedSignature.setXmlVersion("1.0"); - detachedSignature.appendChild(detachedSignature.createElement("root")); - DOMSignContext context = new DOMSignContext(privateKey, - detachedSignature.getDocumentElement()); + Document detachedSignature = db.newDocument(); + DOMSignContext context = new DOMSignContext(privateKey, detachedSignature); context.setIdAttributeNS(softwareIdentity, null, "id"); XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyinfo); try { @@ -674,9 +664,8 @@ public class SwidTagGateway { System.out.println("Error while signing SoftwareIdentity"); e.printStackTrace(); } - System.out.println("Detached signature: " + detachedSignature); - return swidTag; + return detachedSignature; } /** diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java index 3e07f517..da985dc9 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java @@ -26,7 +26,8 @@ public class Commander { + "The RIM will be written to stdout by default.") private String outFile = ""; @Parameter(names = {"-s", "--sign "}, order = 3, - description = "Specify a RIM file to append a signature to.") + validateWith = FileArgumentValidator.class, + description = "Generate a detached signature for the file at ") private String signFile = ""; @Parameter(names = {"-v", "--verify "}, order = 4, description = "Specify a RIM file to verify.") diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/FileArgumentValidator.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/FileArgumentValidator.java new file mode 100644 index 00000000..6ead93cc --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/FileArgumentValidator.java @@ -0,0 +1,24 @@ +package hirs.swid.utils; + +import com.beust.jcommander.IParameterValidator; +import com.beust.jcommander.ParameterException; + +import java.io.File; +import java.io.IOException; + +public class FileArgumentValidator implements IParameterValidator { + public void validate(String name, String value) throws ParameterException { + try { + File file = new File(value); + if (!file.isFile()) { + throw new ParameterException("Invalid file path: " + value + + ". Please verify file path."); + } + } catch (NullPointerException e) { + throw new ParameterException("File path cannot be null: " + e.getMessage()); + } catch (SecurityException e) { + throw new ParameterException("Read access denied for " + value + + ", please verify permissions."); + } + } +} diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java index 4d4960b3..4b462004 100644 --- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java +++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import org.w3c.dom.Document; public class TestSwidTagGateway { private SwidTagGateway gateway; @@ -162,6 +163,23 @@ public class TestSwidTagGateway { Assert.assertTrue(validator.validateSwidTag(DEFAULT_OUTPUT, "DEFAULT")); } + /** + * This test corresponds to the arguments: + * -s -d + */ + @Test + public void testCreateDetachedSignature() { + try { + String signFilePath = TestSwidTagGateway.class.getClassLoader() + .getResource(BASE_RFC3852_TIMESTAMP).getPath(); + gateway.setDefaultCredentials(true); + Document doc = gateway.signXMLDocument(signFilePath); + gateway.writeSwidTagFile(doc, DEFAULT_OUTPUT); + } catch (Exception e) { + e.printStackTrace(); + } + } + /** * This method compares two files by bytes to determine if they are the same or not. * diff --git a/tools/tcg_rim_tool/src/test/resources/generated_default_cert.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_default_cert.swidtag index 855718c1..834d9a2b 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_default_cert.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_default_cert.swidtag @@ -1,5 +1,5 @@ - + @@ -17,14 +17,14 @@ - DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE= + f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A= - ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1 -QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC -tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K -nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR -9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg== + GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx +se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew +hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF +hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY +qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ== 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 diff --git a/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3339.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3339.swidtag index cee8c323..13538603 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3339.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3339.swidtag @@ -1,5 +1,5 @@ - + @@ -17,18 +17,18 @@ - DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE= + f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A= j8sqX9NGt8DAPOvbhXKAT648BGdPnQnblai1PYDUryE= - N8QB5dMLnSLaDuCO8Ds/9nPlJGzsF1HJCthEXDXPrMTpfWBwmsVTqtNwoGzHIXlx8HDdDcfTLa3j -3rfFmDZNMqv6+6jjjJZerpN6XyWHGaVjVuPiNGmafE5SajTg53+6KlWXTGs3kcbbV5cTtjASz/A0 -cz9gBYTwYXmWA3+V0USLA0MNYzPkKp83eDnizbrkGx824NU9qG1DetVFfZqotWoTGJ1Wz4J8D1yR -wUILS0DbtZalCNVv3kw9raIRKQ/CjlDztfP1SgiNuXu6IaVZKoVG9HGp3s8pQvFPHr0HD2sNrAkx -twKcg3XIzGrTc22Y2TYw9Dk3NxumQSp4kve6ow== + RvpLLE0rAaZrj54xy3Ki1GJ3csJI5lzshcpQQz7M5dn56Wo1ShfQR7OqGN1ZMULAtYsR0vtt9UFk +3JuB1/tsA1KuT5sNTR6ZbOCaMGfV448ufbY48Vbk8Bs+2N0mZuuD3IUwARlbjXxZwb/k1GnkGVKS +jneEK2dJ6Ktk8+XOLhoFd1JZqpz9Qv7s53GMtQc/QC18vrmUZDW5HABMCtZRpylGjBsP/Mabakb4 +Nr4veMqhEMGVm2UpYY3171nTCjerxrf0jXsLZoTbJdJtyjo9ihCbjzYUOG361liQ3k63jVfPQbDl +460jU4v+45L/sWNRUi29VBtgia7xAkQ3IdmSPA== 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 diff --git a/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3852.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3852.swidtag index d78d0b8c..5abb4248 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3852.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_timestamp_rfc3852.swidtag @@ -1,5 +1,5 @@ - + @@ -17,18 +17,18 @@ - DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE= + f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A= KC51x7iXfEjDYEieFP1lktWNGP6eCWpXe5/sr3V8PlU= - M6a+lIU7vIQmO0By/WCtocI4qzk4R4oXtduEpeyOfIH/xOTKkDI7E17v6dywLd7psZSKMPw8lRqp -AZCBvsU6zDXzLsAakO2ydmH2i5POWNArUq+GRw9KDnNPZWanmRSqjpV2mEjfx84IF2MaqXDPng1q -JrzKN8f00uHM+eOmXktyiBhJR9gT+htceMzAEzk8qeWCg6o6wFMx0JR1lUbGOXe070DtZCR7I0iQ -0iZfnNzMzuRf2GHw6aKnSyGwdr1pUeoxEVGR5jkY8a7mT/0mt+8kVq4FL1gikrSOzvotoZ+dGb0Q -JjzA2IgK+ti/Tc/FpLYKefXQwcVSUY+CD/HCvA== + kXHqmvPCDdlUrgxKVKNXy9xmYmrMiIunv/Rc4gaho2Cm6G46BYBcjfBFkKtvvKxt+iRwk2d0JxLA ++4oACcnUqrvfsP8WLUttrZmWvVWFcZ0WjVaqp06NVLK4for/XpJ0SQQQdO+PmEEgLzyZtydYl8n0 +tdFe9jAmIQD+DZmuHPE/abHvzCmCHgbfogHpkcoeDzT0FQu7Tvxyvae92F3jr2E/Tnt2pF9plxa0 +WZ+5WDmQ4gI+8DXETGxBhSMaR3GOvN+eFOyOUq/OzLs+T7UaOHLtmZHWKYWdBQa3j49VUREGu601 +qOAHjj9sJYSVuyrzDka6brY756ib6e7f1xwphw== 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 diff --git a/tools/tcg_rim_tool/src/test/resources/generated_user_cert.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_user_cert.swidtag index b9588ce9..4bdde8f2 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_user_cert.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_user_cert.swidtag @@ -1,5 +1,5 @@ - + @@ -17,14 +17,14 @@ - DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE= + f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A= - ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1 -QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC -tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K -nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR -9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg== + GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx +se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew +hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF +hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY +qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ== 2fdeb8e7d030a2209daa01861a964fedecf2bcc1 diff --git a/tools/tcg_rim_tool/src/test/resources/generated_user_cert_embed.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_user_cert_embed.swidtag index 5f0d13e5..a2fcadf6 100644 --- a/tools/tcg_rim_tool/src/test/resources/generated_user_cert_embed.swidtag +++ b/tools/tcg_rim_tool/src/test/resources/generated_user_cert_embed.swidtag @@ -1,5 +1,5 @@ - + @@ -17,14 +17,14 @@ - DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE= + f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A= - ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1 -QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC -tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K -nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR -9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg== + GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx +se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew +hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF +hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY +qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ== CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US