ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-06-23 17:17:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove KeyValue element from signed swidtag. Update error message for missing signer cert. Update version number.

Browse Source
This commit is contained in:
chubtub
2021-07-20 11:04:38 -04:00
parent 8958085b60
commit d2d2b9a494
8 changed files with 11 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/tcg_rim_tool/build.gradle
View File

@ -1,5 +1,5 @@
apply plugin: 'java'
version = '2.0.0'
version = '2.1.0'
repositories {
mavenCentral()

2
tools/tcg_rim_tool/scripts/rimtool.sh
View File

@ -3,6 +3,6 @@
# Calls the the_tcg_rim_tool and passes in parameters
scriptDir=$(dirname -- "$(readlink -f -- "${BASH_SOURCE[0]}")")
baseDir=${scriptDir%/*}
jar="tcg_rim_tool-2.0.0.jar";
jar="tcg_rim_tool-2.1.0.jar";
java -jar $baseDir/$jar "$@"

7
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View File

@ -437,27 +437,22 @@ public class SwidTagGateway {
KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
PrivateKey privateKey;
PublicKey publicKey;
CredentialParser cp = new CredentialParser();
if (defaultCredentials) {
cp.parseJKSCredentials(jksTruststoreFile);
privateKey = cp.getPrivateKey();
publicKey = cp.getPublicKey();
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
keyInfoElements.add(keyName);
} else {
cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile);
X509Certificate certificate = cp.getCertificate();
privateKey = cp.getPrivateKey();
publicKey = cp.getPublicKey();
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
}
KeyValue keyValue = kiFactory.newKeyValue(publicKey);
keyInfoElements.add(keyValue);
KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements);
doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
@ -472,8 +467,6 @@ public class SwidTagGateway {
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException |
ParserConfigurationException e) {
System.out.println(e.getMessage());
} catch (KeyException e) {
System.out.println("Error setting public key in KeyValue: " + e.getMessage());
} catch (CertificateException e) {
System.out.println(e.getMessage());
} catch (JAXBException e) {

9
tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
View File

@ -177,7 +177,8 @@ public class SwidTagValidator {
}
}
if (signingCert == null) {
System.out.println("Signing certificate not found for validation!");
System.out.println("Issuer certificate with subject key identifier = "
+ skId + " not found");
System.exit(1);
}
context = new DOMValidateContext(signingCert.getPublicKey(), nodes.item(0));
@ -290,7 +291,11 @@ public class SwidTagValidator {
} catch (NoSuchProviderException e) {
throw new Exception("Error with BouncyCastleProvider: " + e.getMessage());
} catch (SignatureException e) {
throw new Exception("Error with signature: " + e.getMessage());
String error = "Error with signature: " + e.getMessage()
+ System.lineSeparator()
+ "Certificate needed for verification is missing: "
+ signer.getSubjectX500Principal().getName();
throw new Exception(error);
} catch (CertificateException e) {
throw new Exception("Encoding error: " + e.getMessage());
}

2
tools/tcg_rim_tool/src/main/java/hirs/swid/utils/Commander.java
View File

@ -28,7 +28,7 @@ public class Commander {
@Parameter(names = {"-t", "--truststore <path>"}, order = 4,
description = "The truststore to sign the base RIM created "
+ "or to validate the signed base RIM.")
private String truststoreFile = "/opt/hirs/rimtool/keystore.jks";
private String truststoreFile = "";
@Parameter(names = {"-k", "--privateKeyFile <path>"}, order = 5,
description = "The private key used to sign the base RIM created by this tool.")
private String privateKeyFile = "";

10
tools/tcg_rim_tool/src/test/resources/generated_no_cert.swidtag
View File

@ -27,16 +27,6 @@ FsmPWKJb6FYcsHFbHO/Uw1hSokbAGcWWTshEOqvKHMa8UVkrFMUPnrnMtdyJqZlhDBrZHNi4rWth&#13
TNjlqJ/wq61Ons45MFG9bIscVbnd+XxFHx8Skw==</SignatureValue>
<KeyInfo>
<KeyName>2fdeb8e7d030a2209daa01861a964fedecf2bcc1</KeyName>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx&#13;
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9&#13;
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q&#13;
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW&#13;
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

10
tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
View File

@ -47,16 +47,6 @@ BzAChhlodHRwczovL2V4YW1wbGUuY29tL2NlcnRzMA0GCSqGSIb3DQEBCwUAA4IBAQDpKx5oQlkS&#13
cIEQ5OqfpdFrV3De238RhMH6J4xePSidnFpfBc6FrdyDI1A8eRFz36I4xfVL3ZnJP/+j+NE4q6yz&#13;
5VGvm0npLO394ZihtsI1sRAR8ORJ</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>p3WVYaRJG7EABjbAdqDYZXFSTV1nHY9Ol9A5+W8t5xwBXBryZCGWxERGr5AryKWPxd+qzjj+cFpx&#13;
xkM6N18jEhQIx/CEZePEJqpluBO5w2wTEOe7hqtMatqgDDMeDRxUuIpP8LGP00vh1wyDFFew90d9&#13;
dvT3bcLvFh3a3ap9bTm6aBqPup5CXpzrwIU2wZfgkDytYVBm+8bHkMaUrgpNyM+5BAg2zl/Fqw0q&#13;
otjaGr7PzbH+urCvaGbKLMPoWkVLIgAE8Qw98HTfoYSFHC7VYQySrzIinaOBFSgViR72kHemH2lW&#13;
jDQeHiY0VIoPik/jVVIpjWe6zzeZ2S66Q/LmjQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</SoftwareIdentity>

2
tools/tcg_rim_tool/tcg_rim_tool.spec
View File

@ -1,5 +1,5 @@
Name: tcg_rim_tool
Version: 2.0.0
Version: 2.1.0
Release: 1%{?dist}
Summary: A java command-line tool to create PC client root RIM