Merge pull request #512 from nsacyber/issue-501

[#501] Support for detached signatures
This commit is contained in:
chubtub 2023-05-22 12:25:49 -04:00 committed by GitHub
commit c1dcd5cd23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 312 additions and 78 deletions

View File

@ -4,6 +4,7 @@ import com.beust.jcommander.JCommander;
import hirs.swid.utils.Commander; import hirs.swid.utils.Commander;
import hirs.swid.utils.CredentialArgumentValidator; import hirs.swid.utils.CredentialArgumentValidator;
import hirs.swid.utils.TimestampArgumentValidator; import hirs.swid.utils.TimestampArgumentValidator;
import org.w3c.dom.Document;
import java.util.List; import java.util.List;
@ -16,6 +17,7 @@ public class Main {
SwidTagGateway gateway; SwidTagGateway gateway;
SwidTagValidator validator; SwidTagValidator validator;
CredentialArgumentValidator caValidator; CredentialArgumentValidator caValidator;
String rimEventLogFile, trustStoreFile, certificateFile, privateKeyFile;
if (commander.isHelp()) { if (commander.isHelp()) {
jc.usage(); jc.usage();
@ -25,18 +27,17 @@ public class Main {
validator = new SwidTagValidator(); validator = new SwidTagValidator();
System.out.println(commander.toString()); System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile(); String verifyFile = commander.getVerifyFile();
String rimel = commander.getRimEventLog(); certificateFile = commander.getPublicCertificate();
String certificateFile = commander.getPublicCertificate(); rimEventLogFile = commander.getRimEventLog();
String trustStore = commander.getTruststoreFile(); trustStoreFile = commander.getTruststoreFile();
boolean defaultKey = commander.isDefaultKey(); boolean defaultKey = commander.isDefaultKey();
validator.setRimEventLog(rimel);
if (defaultKey) { if (defaultKey) {
validator.validateSwidTag(verifyFile, "DEFAULT"); validator.validateSwidTag(verifyFile, "DEFAULT");
} else { } else {
caValidator = new CredentialArgumentValidator(trustStore, caValidator = new CredentialArgumentValidator(trustStoreFile,
certificateFile, "", "", "", true); certificateFile, "", "", "", true);
if (caValidator.isValid()) { if (caValidator.isValid()) {
validator.setTrustStoreFile(trustStore); validator.setTrustStoreFile(trustStoreFile);
validator.validateSwidTag(verifyFile, caValidator.getFormat()); validator.validateSwidTag(verifyFile, caValidator.getFormat());
} else { } else {
System.out.println("Invalid combination of credentials given: " System.out.println("Invalid combination of credentials given: "
@ -47,16 +48,20 @@ public class Main {
} else { } else {
gateway = new SwidTagGateway(); gateway = new SwidTagGateway();
System.out.println(commander.toString()); System.out.println(commander.toString());
String createType = commander.getCreateType().toUpperCase(); rimEventLogFile = commander.getRimEventLog();
String attributesFile = commander.getAttributesFile(); trustStoreFile = commander.getTruststoreFile();
String truststoreFile = commander.getTruststoreFile(); certificateFile = commander.getPublicCertificate();
String certificateFile = commander.getPublicCertificate(); privateKeyFile = commander.getPrivateKeyFile();
String privateKeyFile = commander.getPrivateKeyFile();
boolean embeddedCert = commander.isEmbedded(); boolean embeddedCert = commander.isEmbedded();
boolean defaultKey = commander.isDefaultKey(); boolean defaultKey = commander.isDefaultKey();
String rimEventLog = commander.getRimEventLog(); String outputFile = commander.getOutFile();
switch (createType) { if (!commander.getSignFile().isEmpty()) {
case "BASE": Document doc = gateway.signXMLDocument(commander.getSignFile());
gateway.writeSwidTagFile(doc, outputFile);
} else {
String createType = commander.getCreateType().toUpperCase();
String attributesFile = commander.getAttributesFile();
if (createType.equals("BASE")) {
if (!attributesFile.isEmpty()) { if (!attributesFile.isEmpty()) {
gateway.setAttributesFile(attributesFile); gateway.setAttributesFile(attributesFile);
} }
@ -65,10 +70,10 @@ public class Main {
gateway.setTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE); gateway.setTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
} else { } else {
gateway.setDefaultCredentials(false); gateway.setDefaultCredentials(false);
caValidator = new CredentialArgumentValidator(truststoreFile, caValidator = new CredentialArgumentValidator(trustStoreFile,
certificateFile, privateKeyFile, "", "", false); certificateFile, privateKeyFile, "", "", false);
if (caValidator.isValid()) { if (caValidator.isValid()) {
gateway.setTruststoreFile(truststoreFile); gateway.setTruststoreFile(trustStoreFile);
gateway.setPemCertificateFile(certificateFile); gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile); gateway.setPemPrivateKeyFile(privateKeyFile);
} else { } else {
@ -80,7 +85,7 @@ public class Main {
gateway.setEmbeddedCert(true); gateway.setEmbeddedCert(true);
} }
} }
gateway.setRimEventLog(rimEventLog); gateway.setRimEventLog(rimEventLogFile);
List<String> timestampArguments = commander.getTimestampArguments(); List<String> timestampArguments = commander.getTimestampArguments();
if (timestampArguments.size() > 0) { if (timestampArguments.size() > 0) {
if (new TimestampArgumentValidator(timestampArguments).isValid()) { if (new TimestampArgumentValidator(timestampArguments).isValid()) {
@ -92,10 +97,11 @@ public class Main {
System.exit(1); System.exit(1);
} }
} }
gateway.generateSwidTag(commander.getOutFile()); } else {
break;
default:
System.out.println("No create type given, nothing to do"); System.out.println("No create type given, nothing to do");
System.exit(1);
}
gateway.generateSwidTag(outputFile);
} }
} }
} }

View File

@ -10,6 +10,9 @@ import hirs.swid.xjc.SoftwareIdentity;
import hirs.swid.xjc.SoftwareMeta; import hirs.swid.xjc.SoftwareMeta;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import javax.json.Json; import javax.json.Json;
import javax.json.JsonException; import javax.json.JsonException;
@ -41,6 +44,7 @@ import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec; import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.namespace.QName; import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys; import javax.xml.transform.OutputKeys;
@ -57,7 +61,9 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.StringReader;
import java.math.BigInteger; import java.math.BigInteger;
import java.net.URI;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException; import java.security.InvalidAlgorithmParameterException;
@ -310,6 +316,7 @@ public class SwidTagGateway {
if (!tagId.isEmpty()) { if (!tagId.isEmpty()) {
swidTag.setTagId(tagId); swidTag.setTagId(tagId);
} }
swidTag.getOtherAttributes().put(new QName("id"), tagId);
swidTag.setTagVersion(new BigInteger( swidTag.setTagVersion(new BigInteger(
jsonObject.getString(SwidTagConstants.TAGVERSION, "0"))); jsonObject.getString(SwidTagConstants.TAGVERSION, "0")));
swidTag.setVersion(jsonObject.getString(SwidTagConstants.VERSION, "0.0")); swidTag.setVersion(jsonObject.getString(SwidTagConstants.VERSION, "0.0"));
@ -549,6 +556,120 @@ public class SwidTagGateway {
} }
} }
private void printXmlAttributes(Node node) {
org.w3c.dom.NamedNodeMap attributes = node.getAttributes();
if (attributes.getLength() <= 0) {
System.out.println("No attributes in this node");
} else {
for (int i = 0; i < attributes.getLength(); i++) {
System.out.println("SoftwareIdentity attribute: " + attributes.item(i).getNodeName());
}
}
}
public Document signXMLDocument(String signFile) {
//Read signFile contents
String xmlToSign = "";
URI fileUri = new File(signFile).toURI();
try {
byte[] fileContents = Files.readAllBytes(Paths.get(signFile));
xmlToSign = new String(fileContents); //safe to assume default charset??
} catch (IOException e) {
System.out.println("Error reading contents of " + signFile);
System.exit(1);
}
//Parse SoftwareIdentity id
Document swidTag = null;
DocumentBuilder db = null;
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(false);
db = dbf.newDocumentBuilder();
} catch (ParserConfigurationException e) {
System.out.println("Error instantiating DocumentBuilder object: " + e.getMessage());
System.exit(1);
}
try {
swidTag = db.parse(new InputSource(new StringReader(xmlToSign)));
} catch (IOException | SAXException e) {
System.out.println("Error parsing XML from " + signFile);
System.exit(1);
}
Element softwareIdentity = (Element) swidTag.getElementsByTagName(
SwidTagConstants.SOFTWARE_IDENTITY).item(0);
String softwareIdentityId = softwareIdentity.getAttributes()
.getNamedItem("id").getNodeValue();
//Create signature with a reference to SoftwareIdentity id
XMLSignatureFactory sigFactory = null;
SignedInfo signedInfo = null;
try {
sigFactory = XMLSignatureFactory.getInstance("DOM");
//ref must be distinguished from existing <Reference URI="">
Reference ref = sigFactory.newReference(fileUri.toString(),
sigFactory.newDigestMethod(DigestMethod.SHA256, null));
signedInfo = sigFactory.newSignedInfo(
sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
sigFactory.newSignatureMethod(SwidTagConstants.SIGNATURE_ALGORITHM_RSA_SHA256,
null),
Collections.singletonList(ref)
);
} catch (InvalidAlgorithmParameterException e) {
System.out.println("Digest method parameters are invalid: " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
System.out.println("The digest algorithm could not be found: " + e.getMessage());
}
List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();
KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
PrivateKey privateKey = null;
CredentialParser cp = new CredentialParser();
try {
if (defaultCredentials) {
cp.parseDefaultCredentials();
privateKey = cp.getPrivateKey();
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
keyInfoElements.add(keyName);
} else {
cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile);
X509Certificate certificate = cp.getCertificate();
privateKey = cp.getPrivateKey();
if (embeddedCert) {
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
} else {
keyInfoElements.add(kiFactory.newKeyValue(certificate.getPublicKey()));
}
}
} catch (IOException e) {
System.out.println("Error getting SKID from signing credentials: " + e.getMessage());
} catch (KeyException e) {
System.out.println("Public key algorithm not recognized or supported: "
+ e.getMessage());
} catch (Exception e) {
e.printStackTrace();
}
KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements);
Document detachedSignature = db.newDocument();
DOMSignContext context = new DOMSignContext(privateKey, detachedSignature);
context.setIdAttributeNS(softwareIdentity, null, "id");
XMLSignature signature = sigFactory.newXMLSignature(signedInfo, keyinfo);
try {
signature.sign(context);
} catch (MarshalException | XMLSignatureException e) {
System.out.println("Error while signing SoftwareIdentity");
e.printStackTrace();
}
return detachedSignature;
}
/** /**
* This method signs a SoftwareIdentity with an xmldsig in compatibility mode. * This method signs a SoftwareIdentity with an xmldsig in compatibility mode.
* Current assumptions: digest method SHA256, signature method SHA256, enveloped signature * Current assumptions: digest method SHA256, signature method SHA256, enveloped signature
@ -617,6 +738,8 @@ public class SwidTagGateway {
X509Data data = kiFactory.newX509Data(x509Content); X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data); keyInfoElements.add(data);
} else { } else {
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
keyInfoElements.add(keyName);
keyInfoElements.add(kiFactory.newKeyValue(certificate.getPublicKey())); keyInfoElements.add(kiFactory.newKeyValue(certificate.getPublicKey()));
} }
} }

View File

@ -5,6 +5,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
@ -26,6 +27,9 @@ import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo; import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source; import javax.xml.transform.Source;
import javax.xml.transform.Transformer; import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException; import javax.xml.transform.TransformerConfigurationException;
@ -38,6 +42,9 @@ import javax.xml.validation.SchemaFactory;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.StringReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.Key; import java.security.Key;
import java.security.KeyException; import java.security.KeyException;
@ -112,18 +119,31 @@ public class SwidTagValidator {
Document document = unmarshallSwidTag(path); Document document = unmarshallSwidTag(path);
Element softwareIdentity = Element softwareIdentity =
(Element) document.getElementsByTagName("SoftwareIdentity").item(0); (Element) document.getElementsByTagName("SoftwareIdentity").item(0);
StringBuilder si = new StringBuilder("Base RIM detected:\n"); Element signature = (Element) document.getElementsByTagName("Signature").item(0);
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n"); if (signature != null && softwareIdentity == null) {
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n"); return validateDetachedSignature(document, format);
System.out.println(si.toString()); } else if (signature != null && softwareIdentity != null) {
Element file = (Element) document.getElementsByTagName("File").item(0); StringBuilder si = new StringBuilder("Base RIM detected:\n");
si.append("SoftwareIdentity name: " + softwareIdentity.getAttribute("name") + "\n");
si.append("SoftwareIdentity tagId: " + softwareIdentity.getAttribute("tagId") + "\n");
System.out.println(si.toString());
return validateEnvelopedSignature(document, format);
} else {
System.out.println("Invalid xml for validation, please verify " + path);
}
return false;
}
private boolean validateEnvelopedSignature(Document doc, String format) {
Element file = (Element) doc.getElementsByTagName("File").item(0);
try { try {
validateFile(file); validateFile(file);
} catch (Exception e) { } catch (Exception e) {
System.out.println(e.getMessage()); System.out.println(e.getMessage());
return false; return false;
} }
boolean swidtagValidity = validateSignedXMLDocument(document, format); boolean swidtagValidity = validateSignedXMLDocument(doc, format);
if (swidtagValidity) { if (swidtagValidity) {
System.out.println("Signature core validity: true"); System.out.println("Signature core validity: true");
return true; return true;
@ -133,6 +153,34 @@ public class SwidTagValidator {
} }
} }
private boolean validateDetachedSignature(Document doc, String format) {
/* DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = null;
Document doc = null;
byte[] fileContents = new byte[0];
try {
fileContents = Files.readAllBytes(Paths.get(path));
} catch (IOException e) {
System.out.println("Error reading " + path + " for validation");
}
String xmlString = new String(fileContents);
try {
db = dbf.newDocumentBuilder();
doc = db.parse(path);
} catch (ParserConfigurationException e) {
System.out.println("Error instantiating DocumentBuilder object: " + e.getMessage());
} catch (SAXException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (IllegalArgumentException e) {
System.out.println("Tried to parse a null file at " + path);
}
*/
return validateSignedXMLDocument(doc, format);
}
/** /**
* This method validates a hirs.swid.xjc.File from an indirect payload * This method validates a hirs.swid.xjc.File from an indirect payload
*/ */

View File

@ -25,30 +25,34 @@ public class Commander {
description = "The file to write the RIM out to. " description = "The file to write the RIM out to. "
+ "The RIM will be written to stdout by default.") + "The RIM will be written to stdout by default.")
private String outFile = ""; private String outFile = "";
@Parameter(names = {"-v", "--verify <path>"}, order = 3, @Parameter(names = {"-s", "--sign <path>"}, order = 3,
validateWith = FileArgumentValidator.class,
description = "Generate a detached signature for the file at <path>")
private String signFile = "";
@Parameter(names = {"-v", "--verify <path>"}, order = 4,
description = "Specify a RIM file to verify.") description = "Specify a RIM file to verify.")
private String verifyFile = ""; private String verifyFile = "";
@Parameter(names = {"-t", "--truststore <path>"}, order = 4, @Parameter(names = {"-t", "--truststore <path>"}, order = 5,
description = "The truststore to sign the base RIM created " description = "The truststore to sign the base RIM created "
+ "or to validate the signed base RIM.") + "or to validate the signed base RIM.")
private String truststoreFile = ""; private String truststoreFile = "";
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5, @Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 6,
description = "The private key used to sign the base RIM created by this tool.") description = "The private key used to sign the base RIM created by this tool.")
private String privateKeyFile = ""; private String privateKeyFile = "";
@Parameter(names = {"-p", "--publicCertificate <path>"}, order = 6, @Parameter(names = {"-p", "--publicCertificate <path>"}, order = 7,
description = "The public key certificate to embed in the base RIM created by " description = "The public key certificate to embed in the base RIM created by "
+ "this tool.") + "this tool.")
private String publicCertificate = ""; private String publicCertificate = "";
@Parameter(names = {"-e", "--embed-cert"}, order = 7, @Parameter(names = {"-e", "--embed-cert"}, order = 8,
description = "Embed the provided certificate in the signed swidtag.") description = "Embed the provided certificate in the signed swidtag.")
private boolean embedded = false; private boolean embedded = false;
@Parameter(names = {"-d", "--default-key"}, order = 8, @Parameter(names = {"-d", "--default-key"}, order = 9,
description = "Use default signing credentials.") description = "Use keystore.jks from the rimtool installation to sign.")
private boolean defaultKey = false; private boolean defaultKey = false;
@Parameter(names = {"-l", "--rimel <path>"}, order = 9, required = true, @Parameter(names = {"-l", "--rimel <path>"}, order = 10, required = true,
description = "The TCG eventlog file to use as a support RIM.") description = "The TCG eventlog file to use as a support RIM.")
private String rimEventLog = ""; private String rimEventLog = "";
@Parameter(names = {"--timestamp"}, order = 10, variableArity = true, @Parameter(names = {"--timestamp"}, order = 11, variableArity = true,
description = "Add a timestamp to the signature. " + description = "Add a timestamp to the signature. " +
"Currently only RFC3339 and RFC3852 are supported:\n" + "Currently only RFC3339 and RFC3852 are supported:\n" +
"\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>") "\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
@ -70,6 +74,10 @@ public class Commander {
return outFile; return outFile;
} }
public String getSignFile() {
return signFile;
}
public String getVerifyFile() { public String getVerifyFile() {
return verifyFile; return verifyFile;
} }
@ -111,13 +119,17 @@ public class Commander {
"\n\n\n"); "\n\n\n");
sb.append("Create a base RIM using the default attribute values; "); sb.append("Create a base RIM using the default attribute values; ");
sb.append("sign it using privateKey.pem; embed cert.pem in the signature block; "); sb.append("sign it using privateKey.pem; embed cert.pem in the signature block; ");
sb.append("and write the data to console output:\n\n"); sb.append("and write the data to console stdout:\n\n");
sb.append("\t\t-c base -l support_rim.bin -k privateKey.pem -p cert.pem -e\n\n\n"); sb.append("\t\t-c base -l support_rim.bin -k privateKey.pem -p cert.pem -e\n\n\n");
sb.append("Create a base RIM using the values in attributes.json; " + sb.append("Create a base RIM using the values in attributes.json; " +
"sign it with the default keystore; add a RFC3852 timestamp; "); "sign it with the default keystore; add a RFC3852 timestamp; ");
sb.append("and write the data to base_rim.swidtag:\n\n"); sb.append("and write the data to base_rim.swidtag:\n\n");
sb.append("\t\t-c base -a attributes.json -d -l support_rim.bin " + sb.append("\t\t-c base -a attributes.json -d -l support_rim.bin " +
"--timestamp RFC3852 counterSignature.bin -o base_rim.swidtag\n\n\n"); "--timestamp RFC3852 counterSignature.bin -o base_rim.swidtag\n\n\n");
sb.append("Add another signature to a signed base RIM using privateKey.pem; ");
sb.append("embed cert.pem in the signature block; ");
sb.append("and write the output to console stdout:\n\n");
sb.append("\t\t-s signed_base_rim.swidtag -k privateKey.pem -p cert.pem -e\n\n\n");
sb.append("Validate a base RIM using an external support RIM to override the "); sb.append("Validate a base RIM using an external support RIM to override the ");
sb.append("payload file:\n\n"); sb.append("payload file:\n\n");
sb.append("\t\t-v base_rim.swidtag -l support_rim.bin\n\n\n"); sb.append("\t\t-v base_rim.swidtag -l support_rim.bin\n\n\n");
@ -133,6 +145,7 @@ public class Commander {
sb.append("Creating: " + this.getCreateType() + System.lineSeparator()); sb.append("Creating: " + this.getCreateType() + System.lineSeparator());
sb.append("Using attributes file: " + this.getAttributesFile() + System.lineSeparator()); sb.append("Using attributes file: " + this.getAttributesFile() + System.lineSeparator());
sb.append("Write to: " + this.getOutFile() + System.lineSeparator()); sb.append("Write to: " + this.getOutFile() + System.lineSeparator());
sb.append("Signing file: " + this.getSignFile() + System.lineSeparator());
sb.append("Verify file: " + this.getVerifyFile() + System.lineSeparator()); sb.append("Verify file: " + this.getVerifyFile() + System.lineSeparator());
if (this.isDefaultKey()) { if (this.isDefaultKey()) {
sb.append("Truststore file: default (" + SwidTagConstants.DEFAULT_KEYSTORE_FILE + ")" sb.append("Truststore file: default (" + SwidTagConstants.DEFAULT_KEYSTORE_FILE + ")"

View File

@ -0,0 +1,24 @@
package hirs.swid.utils;
import com.beust.jcommander.IParameterValidator;
import com.beust.jcommander.ParameterException;
import java.io.File;
import java.io.IOException;
public class FileArgumentValidator implements IParameterValidator {
public void validate(String name, String value) throws ParameterException {
try {
File file = new File(value);
if (!file.isFile()) {
throw new ParameterException("Invalid file path: " + value +
". Please verify file path.");
}
} catch (NullPointerException e) {
throw new ParameterException("File path cannot be null: " + e.getMessage());
} catch (SecurityException e) {
throw new ParameterException("Read access denied for " + value +
", please verify permissions.");
}
}
}

View File

@ -9,6 +9,7 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import org.w3c.dom.Document;
public class TestSwidTagGateway { public class TestSwidTagGateway {
private SwidTagGateway gateway; private SwidTagGateway gateway;
@ -162,6 +163,24 @@ public class TestSwidTagGateway {
Assert.assertTrue(validator.validateSwidTag(DEFAULT_OUTPUT, "DEFAULT")); Assert.assertTrue(validator.validateSwidTag(DEFAULT_OUTPUT, "DEFAULT"));
} }
/**
* This test corresponds to the arguments:
* -s <signed swidtag> -d
*/
@Test
public void testCreateDetachedSignature() {
try {
String signFilePath = TestSwidTagGateway.class.getClassLoader()
.getResource(BASE_RFC3852_TIMESTAMP).getPath();
gateway.setDefaultCredentials(true);
Document doc = gateway.signXMLDocument(signFilePath);
gateway.writeSwidTagFile(doc, DEFAULT_OUTPUT);
validator.validateSwidTag(DEFAULT_OUTPUT, "DEFAULT");
} catch (Exception e) {
e.printStackTrace();
}
}
/** /**
* This method compares two files by bytes to determine if they are the same or not. * This method compares two files by bytes to determine if they are the same or not.
* *

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1&#13; <SignatureValue>GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx&#13;
QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC&#13; se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew&#13;
tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K&#13; hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF&#13;
nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR&#13; hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY&#13;
9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg==</SignatureValue> qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName> <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
</KeyInfo> </KeyInfo>

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,18 +17,18 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
<Reference URI="#TST"> <Reference URI="#TST">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>j8sqX9NGt8DAPOvbhXKAT648BGdPnQnblai1PYDUryE=</DigestValue> <DigestValue>j8sqX9NGt8DAPOvbhXKAT648BGdPnQnblai1PYDUryE=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>N8QB5dMLnSLaDuCO8Ds/9nPlJGzsF1HJCthEXDXPrMTpfWBwmsVTqtNwoGzHIXlx8HDdDcfTLa3j&#13; <SignatureValue>RvpLLE0rAaZrj54xy3Ki1GJ3csJI5lzshcpQQz7M5dn56Wo1ShfQR7OqGN1ZMULAtYsR0vtt9UFk&#13;
3rfFmDZNMqv6+6jjjJZerpN6XyWHGaVjVuPiNGmafE5SajTg53+6KlWXTGs3kcbbV5cTtjASz/A0&#13; 3JuB1/tsA1KuT5sNTR6ZbOCaMGfV448ufbY48Vbk8Bs+2N0mZuuD3IUwARlbjXxZwb/k1GnkGVKS&#13;
cz9gBYTwYXmWA3+V0USLA0MNYzPkKp83eDnizbrkGx824NU9qG1DetVFfZqotWoTGJ1Wz4J8D1yR&#13; jneEK2dJ6Ktk8+XOLhoFd1JZqpz9Qv7s53GMtQc/QC18vrmUZDW5HABMCtZRpylGjBsP/Mabakb4&#13;
wUILS0DbtZalCNVv3kw9raIRKQ/CjlDztfP1SgiNuXu6IaVZKoVG9HGp3s8pQvFPHr0HD2sNrAkx&#13; Nr4veMqhEMGVm2UpYY3171nTCjerxrf0jXsLZoTbJdJtyjo9ihCbjzYUOG361liQ3k63jVfPQbDl&#13;
twKcg3XIzGrTc22Y2TYw9Dk3NxumQSp4kve6ow==</SignatureValue> 460jU4v+45L/sWNRUi29VBtgia7xAkQ3IdmSPA==</SignatureValue>
<KeyInfo> <KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName> <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
</KeyInfo> </KeyInfo>

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,18 +17,18 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
<Reference URI="#TST"> <Reference URI="#TST">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>KC51x7iXfEjDYEieFP1lktWNGP6eCWpXe5/sr3V8PlU=</DigestValue> <DigestValue>KC51x7iXfEjDYEieFP1lktWNGP6eCWpXe5/sr3V8PlU=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>M6a+lIU7vIQmO0By/WCtocI4qzk4R4oXtduEpeyOfIH/xOTKkDI7E17v6dywLd7psZSKMPw8lRqp&#13; <SignatureValue>kXHqmvPCDdlUrgxKVKNXy9xmYmrMiIunv/Rc4gaho2Cm6G46BYBcjfBFkKtvvKxt+iRwk2d0JxLA&#13;
AZCBvsU6zDXzLsAakO2ydmH2i5POWNArUq+GRw9KDnNPZWanmRSqjpV2mEjfx84IF2MaqXDPng1q&#13; +4oACcnUqrvfsP8WLUttrZmWvVWFcZ0WjVaqp06NVLK4for/XpJ0SQQQdO+PmEEgLzyZtydYl8n0&#13;
JrzKN8f00uHM+eOmXktyiBhJR9gT+htceMzAEzk8qeWCg6o6wFMx0JR1lUbGOXe070DtZCR7I0iQ&#13; tdFe9jAmIQD+DZmuHPE/abHvzCmCHgbfogHpkcoeDzT0FQu7Tvxyvae92F3jr2E/Tnt2pF9plxa0&#13;
0iZfnNzMzuRf2GHw6aKnSyGwdr1pUeoxEVGR5jkY8a7mT/0mt+8kVq4FL1gikrSOzvotoZ+dGb0Q&#13; WZ+5WDmQ4gI+8DXETGxBhSMaR3GOvN+eFOyOUq/OzLs+T7UaOHLtmZHWKYWdBQa3j49VUREGu601&#13;
JjzA2IgK+ti/Tc/FpLYKefXQwcVSUY+CD/HCvA==</SignatureValue> qOAHjj9sJYSVuyrzDka6brY756ib6e7f1xwphw==</SignatureValue>
<KeyInfo> <KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName> <KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
</KeyInfo> </KeyInfo>

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1&#13; <SignatureValue>GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx&#13;
QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC&#13; se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew&#13;
tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K&#13; hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF&#13;
nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR&#13; hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY&#13;
9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg==</SignatureValue> qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<X509Data> <X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName> <X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,15 +17,16 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1&#13; <SignatureValue>GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx&#13;
QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC&#13; se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew&#13;
tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K&#13; hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF&#13;
nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR&#13; hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY&#13;
9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg==</SignatureValue> qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue> <KeyValue>
<RSAKeyValue> <RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx&#13; <Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx&#13;

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en"> <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" corpus="false" id="94f6b457-9ac9-4d35-9b3f-78804173b65as" name="Example.com BIOS" patch="false" supplemental="false" tagId="94f6b457-9ac9-4d35-9b3f-78804173b65as" tagVersion="0" version="01" versionScheme="multipartnumeric" xml:lang="en">
<Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/> <Entity name="Example Inc" regid="http://Example.com" role="softwareCreator tagCreator"/>
<Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/> <Link href="https://Example.com/support/ProductA/firmware/installfiles" rel="installationmedia"/>
<Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/> <Meta xmlns:n8060="http://csrc.nist.gov/ns/swid/2015-extensions/1.0" xmlns:rim="https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model" n8060:colloquialVersion="Firmware_2019" n8060:edition="12" n8060:product="ProductA" n8060:revision="r2" rim:PayloadType="direct" rim:bindingSpec="PC Client RIM" rim:bindingSpecVersion="1.2" rim:firmwareManufacturerId="00213022" rim:firmwareManufacturerStr="BIOSVendorA" rim:firmwareModel="A0" rim:firmwareVersion="12" rim:pcURIGlobal="https://Example.com/support/ProductA/" rim:pcURIlocal="/boot/tcg/manifest/switag/" rim:platformManufacturerId="00201234" rim:platformManufacturerStr="Example.com" rim:platformModel="ProductA" rim:platformVersion="01"/>
@ -17,14 +17,14 @@
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms> </Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>DJMc0n3VHHwU+F3HNpiY/l3EMcjRZAQOYlrjhD5v9qE=</DigestValue> <DigestValue>f3ulvid12X4b4EqgAQrriXwqvqlNd1GXoSf/wI+zf2A=</DigestValue>
</Reference> </Reference>
</SignedInfo> </SignedInfo>
<SignatureValue>ojJ6v8ToxLWWekCKmBoZ+Yg2V4MYMPbKB9FjDs/QG/AMP+LKjnb55Z7FSLhC8+CvvShKPAoS9mv1&#13; <SignatureValue>GbvVCBhCDBa1Oz0HereVan1VzqFnkhQbG/QvYAtaPwWCpqtVqSTla0dvEW8LFKJtoLpE8ZQopshx&#13;
QepwI17NEqbfnC1U4WH0u578A3J6wiHMXIDnIQqKAAXb8v2c/wjMDArzFl8CXmDA7HUDIt+3C4VC&#13; se53rd9Z4aR2ok7VKfhtFV6LCNseyvmzWypqzCvLaG0net7EpMCixj8i0A5e4zaAEgt5Jqg1Acew&#13;
tA598YY7o0Hf6hK5qO8oWGQxXUKfpUwvtGLxHpbDWYFuVSPa+uk6OTzutt/QyzTERzxyO9Le1i6K&#13; hAY8XSnz9/e0EuzC3s9QlWSZHBtSvqlWUhsSVThf9KyHE3F/bwUGmEg6QdtREAr3c2jNK+LEN5MF&#13;
nrpzh4lgHn6EfGs6HR1ffdHQ069q0bE61zDx0VC18nK9DmszW6p6FlMzApiTVW/4PiVt+dSFeVGR&#13; hx64fG/WLRaAkw0lEWnBbjCdiB1ao+1G/c9yzxUQ82EriJdRBYjuRVmMlIOFRtYqe7oc5148pAAY&#13;
9///OdtxcoBCeofDDFPRyO+s+kY1pXd92Q3nfg==</SignatureValue> qhol4MYlrmdjg9aW+2nv4KHHSDIhVgAAwRNJoQ==</SignatureValue>
<KeyInfo> <KeyInfo>
<X509Data> <X509Data>
<X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName> <X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>