Modify gateway class to detect JKS or PEM truststore for creating base RIMs

tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java

@@ -12,8 +12,24 @@ import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.DecoderException;
 
-import java.io.*;
-import java.security.*;
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.UnrecoverableEntryException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -22,7 +38,8 @@ import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.List;
 
 /**
- * This class parses private key, public key, and certificate for use in their respective java.security objects.
+ * This class parses private key, public key, and certificates for use in
+ * their respective java.security objects.
  */
 public class CredentialParser {
     private static final String X509 = "X.509";
@@ -54,16 +71,37 @@ public class CredentialParser {
         return publicKey;
     }
 
-    public void parseJKSCredentials(String jksKeystore) {
+    /**
+     * This method parses the X509 signing cert, private key, and public key from
+     * a JKS truststore.
+     * @param jksKeystore the truststore file
+     */
+    public void parseJKSCredentials(String jksKeystore, String alias, String password) {
         KeyStore.PrivateKeyEntry privateKeyEntry =
-                parseKeystorePrivateKey(jksKeystore,
-                        SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
-                        SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
+                parseKeystorePrivateKey(jksKeystore, alias, password);
         certificate = (X509Certificate) privateKeyEntry.getCertificate();
         privateKey = privateKeyEntry.getPrivateKey();
         publicKey = certificate.getPublicKey();
     }
 
+    /**
+     * Convenience method for parsing the cert and keys of the default JKS.
+     */
+    public void parseDefaultCredentials() {
+        parseJKSCredentials(SwidTagConstants.DEFAULT_KEYSTORE_FILE,
+                            SwidTagConstants.DEFAULT_PRIVATE_KEY_ALIAS,
+                            SwidTagConstants.DEFAULT_KEYSTORE_PASSWORD);
+    }
+
+    /**
+     * This method returns the X509Certificate object from a PEM truststore.
+     * @param truststore the PEM truststore
+     * @return a list of X509 certs
+     */
+    public List<X509Certificate> parseCertsFromPEM(String truststore)     {
+        return parsePEMCertificates(truststore);
+    }
+
     public void parsePEMCredentials(String certificateFile, String privateKeyFile)
             throws Exception {
         certificate = parsePEMCertificates(certificateFile).get(0);
@@ -96,17 +134,6 @@ public class CredentialParser {
         }
     }
 
-    /**
-     * This method returns the X509Certificate object from a PEM certificate file.
-     * @param certificateFile
-     * @return
-     * @throws FileNotFoundException
-     */
-    public List<X509Certificate> parseCertsFromPEM(String certificateFile)
-            throws FileNotFoundException {
-        return parsePEMCertificates(certificateFile);
-    }
-
     /**
      * This method returns the X509Certificate found in a PEM file.
      * Unchecked typcase warnings are suppressed because the CertificateFactory
@@ -237,7 +264,9 @@ public class CredentialParser {
      * @param password
      * @return KeyStore.PrivateKeyEntry
      */
-    private KeyStore.PrivateKeyEntry parseKeystorePrivateKey(String keystoreFile, String alias, String password) {
+    private KeyStore.PrivateKeyEntry parseKeystorePrivateKey(String keystoreFile,
+                                                             String alias,
+                                                             String password) {
         KeyStore keystore = null;
         KeyStore.PrivateKeyEntry privateKey = null;
         try {
@@ -247,7 +276,8 @@ public class CredentialParser {
                     new KeyStore.PasswordProtection(password.toCharArray()));
         } catch (FileNotFoundException e) {
             System.out.println("Cannot locate keystore " + keystoreFile);
-        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | IOException e) {
+        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException |
+                CertificateException | IOException e) {
             e.printStackTrace();
         }
 

tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java

@@ -3,8 +3,6 @@ package hirs.swid;
 import hirs.swid.utils.Commander;
 import com.beust.jcommander.JCommander;
 
-import java.io.IOException;
-
 public class Main {
 
     public static void main(String[] args) {
@@ -46,7 +44,7 @@ public class Main {
                 System.out.println(commander.toString());
                 String createType = commander.getCreateType().toUpperCase();
                 String attributesFile = commander.getAttributesFile();
-                String jksTruststoreFile = commander.getTruststoreFile();
+                String truststoreFile = commander.getTruststoreFile();
                 String certificateFile = commander.getPublicCertificate();
                 String privateKeyFile = commander.getPrivateKeyFile();
                 boolean embeddedCert = commander.isEmbedded();
@@ -57,23 +55,21 @@ public class Main {
                         if (!attributesFile.isEmpty()) {
                             gateway.setAttributesFile(attributesFile);
                         }
-                        if (!jksTruststoreFile.isEmpty()) {
-                            gateway.setDefaultCredentials(true);
-                            gateway.setJksTruststoreFile(jksTruststoreFile);
-                        } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
+                        if (!defaultKey) {
                             gateway.setDefaultCredentials(false);
-                            gateway.setPemCertificateFile(certificateFile);
-                            gateway.setPemPrivateKeyFile(privateKeyFile);
-                            if (embeddedCert) {
-                                gateway.setEmbeddedCert(true);
+                            if (!truststoreFile.isEmpty()) {
+                                gateway.setTruststoreFile(truststoreFile);
+                            } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
+                                gateway.setPemCertificateFile(certificateFile);
+                                gateway.setPemPrivateKeyFile(privateKeyFile);
+                                if (embeddedCert) {
+                                    gateway.setEmbeddedCert(true);
+                                }
+                            } else {
+                                System.out.println("Signing credentials must be provided " +
+                                        "if not using defaults");
+                                System.exit(1);
                             }
-                        } else if (defaultKey){
-                            gateway.setDefaultCredentials(true);
-                            gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
-                        } else {
-                            System.out.println("A private key (-k) and public certificate (-p) " +
-                                    "are required, or the default key (-d) must be indicated.");
-                            System.exit(1);
                         }
                         if (rimEventLog.isEmpty()) {
                             System.out.println("Error: a support RIM is required!");

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java

@@ -75,7 +75,7 @@ public class SwidTagGateway {
     private Marshaller marshaller;
     private String attributesFile;
     private boolean defaultCredentials;
-    private String jksTruststoreFile;
+    private String truststoreFile;
     private String pemPrivateKeyFile;
     private String pemCertificateFile;
     private boolean embeddedCert;
@@ -91,6 +91,7 @@ public class SwidTagGateway {
             marshaller = jaxbContext.createMarshaller();
             attributesFile = SwidTagConstants.DEFAULT_ATTRIBUTES_FILE;
             defaultCredentials = true;
+            truststoreFile = SwidTagConstants.DEFAULT_KEYSTORE_FILE;
             pemCertificateFile = "";
             embeddedCert = false;
             rimEventLog = "";
@@ -120,12 +121,12 @@ public class SwidTagGateway {
     }
 
     /**
-     * Setter for JKS keystore file
+     * Setter for keystore file
      *
-     * @param jksTruststoreFile
+     * @param truststoreFile
      */
-    public void setJksTruststoreFile(final String jksTruststoreFile) {
-        this.jksTruststoreFile = jksTruststoreFile;
+    public void setTruststoreFile(final String truststoreFile) {
+        this.truststoreFile = truststoreFile;
     }
 
     /**
@@ -545,11 +546,13 @@ public class SwidTagGateway {
             PrivateKey privateKey;
             CredentialParser cp = new CredentialParser();
             if (defaultCredentials) {
-                cp.parseJKSCredentials(jksTruststoreFile);
+                cp.parseDefaultCredentials();
                 privateKey = cp.getPrivateKey();
                 KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
                 keyInfoElements.add(keyName);
             } else {
+                //If JKS or PEM...
+
                 cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile);
                 X509Certificate certificate = cp.getCertificate();
                 privateKey = cp.getPrivateKey();

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java

@@ -204,8 +204,6 @@ public class SwidTagValidator {
             cp.setCertificate(signingCert);
             System.out.println(System.lineSeparator() + cp.getCertificateAuthorityInfoAccess());
             return signatureIsValid;
-        } catch (FileNotFoundException e) {
-            System.out.println("Error parsing truststore: " + e.getMessage());
         } catch (NoSuchAlgorithmException e) {
             System.out.println("Error instantiating a KeyFactory to generate pk: "
                     + e.getMessage());

tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java

@@ -92,7 +92,7 @@ public class TestSwidTagGateway {
 	@Test
 	public void testCreateBaseDefaultCert() {
 		gateway.setDefaultCredentials(true);
-		gateway.setJksTruststoreFile(JKS_KEYSTORE_FILE);
+		gateway.setTruststoreFile(JKS_KEYSTORE_FILE);
 		gateway.generateSwidTag(DEFAULT_OUTPUT);
 		expectedFile = TestSwidTagGateway.class.getClassLoader()
 				.getResourceAsStream(BASE_DEFAULT_CERT);