Validate signature and validation arguments, and output appropriate error messages

This commit is contained in:
chubtub 2024-02-07 09:10:41 -05:00
parent d5221e91a4
commit c3aaba5eba
3 changed files with 101 additions and 22 deletions

View File

@ -1,6 +1,7 @@
package hirs.swid; package hirs.swid;
import hirs.swid.utils.Commander; import hirs.swid.utils.Commander;
import hirs.swid.utils.CredentialArgumentValidator;
import hirs.swid.utils.TimestampArgumentValidator; import hirs.swid.utils.TimestampArgumentValidator;
import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.rim.ReferenceManifestValidator;
import com.beust.jcommander.JCommander; import com.beust.jcommander.JCommander;
@ -21,6 +22,7 @@ public class Main {
jc.parse(args); jc.parse(args);
SwidTagGateway gateway; SwidTagGateway gateway;
ReferenceManifestValidator validator; ReferenceManifestValidator validator;
CredentialArgumentValidator credValidator;
if (commander.isHelp()) { if (commander.isHelp()) {
jc.usage(); jc.usage();
@ -39,19 +41,22 @@ public class Main {
System.out.println(commander.toString()); System.out.println(commander.toString());
String verifyFile = commander.getVerifyFile(); String verifyFile = commander.getVerifyFile();
String rimel = commander.getRimEventLog(); String rimel = commander.getRimEventLog();
String certificateFile = commander.getPublicCertificate();
String trustStore = commander.getTruststoreFile(); String trustStore = commander.getTruststoreFile();
if (!verifyFile.isEmpty()) { if (!verifyFile.isEmpty()) {
validator.setRim(verifyFile); validator.setRim(verifyFile);
if (!rimel.isEmpty()) { if (!rimel.isEmpty()) {
validator.setRimEventLog(rimel); validator.setRimEventLog(rimel);
} else {
System.out.println("A support RIM is required for validation.");
System.exit(1);
} }
if (!trustStore.isEmpty()) { credValidator = new CredentialArgumentValidator(trustStore,
"","", true);
if (credValidator.isValid()) {
validator.setTrustStoreFile(trustStore); validator.setTrustStoreFile(trustStore);
} } else {
if (!certificateFile.isEmpty()) { System.out.println(credValidator.getErrorMessage());
System.out.println("A single cert cannot be used for verification. " + System.exit(1);
"The signing cert will be searched for in the trust store.");
} }
if (validator.validateSwidtagFile(verifyFile)) { if (validator.validateSwidtagFile(verifyFile)) {
System.out.println("Successfully verified " + verifyFile); System.out.println("Successfully verified " + verifyFile);
@ -68,7 +73,6 @@ public class Main {
System.out.println(commander.toString()); System.out.println(commander.toString());
String createType = commander.getCreateType().toUpperCase(); String createType = commander.getCreateType().toUpperCase();
String attributesFile = commander.getAttributesFile(); String attributesFile = commander.getAttributesFile();
String jksTruststoreFile = commander.getTruststoreFile();
String certificateFile = commander.getPublicCertificate(); String certificateFile = commander.getPublicCertificate();
String privateKeyFile = commander.getPrivateKeyFile(); String privateKeyFile = commander.getPrivateKeyFile();
boolean embeddedCert = commander.isEmbedded(); boolean embeddedCert = commander.isEmbedded();
@ -79,30 +83,28 @@ public class Main {
if (!attributesFile.isEmpty()) { if (!attributesFile.isEmpty()) {
gateway.setAttributesFile(attributesFile); gateway.setAttributesFile(attributesFile);
} }
if (!jksTruststoreFile.isEmpty()) { if (!rimEventLog.isEmpty()) {
gateway.setRimEventLog(rimEventLog);
} else {
System.out.println("Error: a support RIM is required!");
System.exit(1);
}
credValidator = new CredentialArgumentValidator("" ,
certificateFile, privateKeyFile, false);
if (defaultKey){
gateway.setDefaultCredentials(true); gateway.setDefaultCredentials(true);
gateway.setJksTruststoreFile(jksTruststoreFile); gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
} else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { } else if (credValidator.isValid()) {
gateway.setDefaultCredentials(false); gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(certificateFile); gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile); gateway.setPemPrivateKeyFile(privateKeyFile);
if (embeddedCert) { if (embeddedCert) {
gateway.setEmbeddedCert(true); gateway.setEmbeddedCert(true);
} }
} else if (defaultKey){
gateway.setDefaultCredentials(true);
gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
} else { } else {
System.out.println("A private key (-k) and public certificate (-p) " + System.out.println(credValidator.getErrorMessage());
"are required, or the default key (-d) must be indicated.");
System.exit(1); System.exit(1);
} }
if (rimEventLog.isEmpty()) {
System.out.println("Error: a support RIM is required!");
System.exit(1);
} else {
gateway.setRimEventLog(rimEventLog);
}
List<String> timestampArguments = commander.getTimestampArguments(); List<String> timestampArguments = commander.getTimestampArguments();
if (timestampArguments.size() > 0) { if (timestampArguments.size() > 0) {
if (new TimestampArgumentValidator(timestampArguments).isValid()) { if (new TimestampArgumentValidator(timestampArguments).isValid()) {
@ -118,6 +120,8 @@ public class Main {
break; break;
default: default:
System.out.println("No create type given, nothing to do"); System.out.println("No create type given, nothing to do");
System.exit(1);
} }
} }
} }

View File

@ -64,7 +64,6 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException; import java.security.KeyException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.ArrayList; import java.util.ArrayList;

View File

@ -0,0 +1,76 @@
package hirs.swid.utils;
public class CredentialArgumentValidator {
private String truststoreFile;
private String certificateFile;
private String privateKeyFile;
private String format;
private boolean isValidating;
private String errorMessage;
private static final String PEM = "PEM";
public CredentialArgumentValidator(String truststoreFile,
String certificateFile,
String privateKeyFile,
boolean isValidating) {
this.truststoreFile = truststoreFile;
this.certificateFile = certificateFile;
this.privateKeyFile = privateKeyFile;
this.isValidating = isValidating;
errorMessage = "";
}
/**
* Getter for format property
*
* @return string
*/
public String getFormat() {
return format;
}
/**
* Getter for error message
*
* @return string
*/
public String getErrorMessage() {
return errorMessage;
}
/**
* This method checks for the following valid configurations of input arguments:
* 1.
* 2. truststore only for validating (PEM format)
* 3. certificate + private key for signing (PEM format)
* 4.
*
* @return true if the above are found, false otherwise
*/
public boolean isValid() {
if (isValidating) {
if (!truststoreFile.isEmpty()) {
format = PEM;
return true;
} else {
errorMessage = "Validation requires a valid truststore file.";
return false;
}
} else {
if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
format = PEM;
return true;
} else {
if (certificateFile.isEmpty()) {
errorMessage = "A public certificate must be specified by \'-p\' " +
"for signing operations.";
}
if (privateKeyFile.isEmpty()) {
errorMessage = "A private key must be specified by \'-k\' " +
"for signing operations.";
}
return false;
}
}
}
}