From ed2797735ee92c2369be4e21e644e1d4622cccfd Mon Sep 17 00:00:00 2001 From: chubtub <43381989+chubtub@users.noreply.github.com> Date: Wed, 21 Sep 2022 10:52:32 -0400 Subject: [PATCH] Modify gateway class to insert a timestamp according to user selected format --- .../main/java/hirs/swid/SwidTagConstants.java | 10 ++-- .../main/java/hirs/swid/SwidTagGateway.java | 55 +++++++++++++------ 2 files changed, 42 insertions(+), 23 deletions(-) diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java index 218578e8..96773ca4 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java @@ -71,6 +71,7 @@ public class SwidTagConstants { public static final String TPM_PCR_ASSERTION = "TPM_PCR_Assertion"; public static final String SUPPORT_RIM_FORMAT_MISSING = "supportRIMFormat missing"; public static final String SUPPORT_RIM_URI_GLOBAL = "supportRIMURIGlobal"; + public static final String DATETIME = "dateTime"; public static final String NIST_NS = "http://csrc.nist.gov/ns/swid/2015-extensions/1.0"; public static final String TCG_NS = "https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model"; @@ -79,8 +80,8 @@ public class SwidTagConstants { public static final String N8060_PFX = "n8060"; public static final String RIM_PFX = "rim"; - public static final String RCF3161_PFX = "rcf3161"; - public static final String RCF3339_PFX = "rcf3339"; + public static final String RFC3161_PFX = "rcf3161"; + public static final String RFC3339_PFX = "rcf3339"; public static final QName _SHA256_HASH = new QName( "http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256"); @@ -132,9 +133,6 @@ public class SwidTagConstants { NIST_NS, "envVarSuffix", N8060_PFX); public static final QName _N8060_PATHSEPARATOR = new QName( NIST_NS, "pathSeparator", N8060_PFX); -/* - public static final QName = new QName(); - public static final QName = new QName(); -*/ + public static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2"; } diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 6a6b9681..83b7c756 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -552,22 +552,6 @@ public class SwidTagGateway { null ); - //Create TimeStamp element - Element timeStampElement = doc.createElement("TimeStamp"); - /* - This line is for demonstration purposes only! - Must be replaced with a call to a trusted timestamp authority (TSA). - */ - timeStampElement.setAttribute("dateTime", LocalDateTime.now().toString()); - - DOMStructure timestampObject = new DOMStructure(timeStampElement); - SignatureProperty signatureProperty = sigFactory.newSignatureProperty( - Collections.singletonList(timestampObject), "RimSignature", "TST" - ); - SignatureProperties signatureProperties = sigFactory.newSignatureProperties( - Collections.singletonList(signatureProperty), null); - XMLObject xmlObject = sigFactory.newXMLObject( - Collections.singletonList(signatureProperties), null,null,null); Reference timestampRef = sigFactory.newReference( "#TST", sigFactory.newDigestMethod(DigestMethod.SHA256, null) @@ -611,7 +595,7 @@ public class SwidTagGateway { XMLSignature signature = sigFactory.newXMLSignature( signedInfo, keyinfo, - Collections.singletonList(xmlObject), + Collections.singletonList(createXmlTimestamp(doc, sigFactory)), "RimSignature", null ); @@ -636,4 +620,41 @@ public class SwidTagGateway { return doc; } + + /** + * This method creates a timestamp element and populates it with data according to + * the RFC format set in timestampFormat. The element is returned within an XMLObject. + * @param doc the Document representing the XML to be signed + * @param sigFactory the SignatureFactory object + * @return an XMLObject containing the timestamp element + */ + private XMLObject createXmlTimestamp(Document doc, XMLSignatureFactory sigFactory) { + Element timeStampElement = doc.createElement("TimeStamp"); + switch (timestampFormat) { + case "RFC3161": + timeStampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns:" + SwidTagConstants.RFC3161_PFX, + SwidTagConstants.RFC3161_NS); + timeStampElement.setAttribute(SwidTagConstants.DATETIME, + "Base64 blob here"); + break; + case "RFC3339": + timeStampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns:" + SwidTagConstants.RFC3339_PFX, + SwidTagConstants.RFC3339_NS); + timeStampElement.setAttribute(SwidTagConstants.DATETIME, + LocalDateTime.now().toString()); + break; + } + DOMStructure timestampObject = new DOMStructure(timeStampElement); + SignatureProperty signatureProperty = sigFactory.newSignatureProperty( + Collections.singletonList(timestampObject), "RimSignature", "TST" + ); + SignatureProperties signatureProperties = sigFactory.newSignatureProperties( + Collections.singletonList(signatureProperty), null); + XMLObject xmlObject = sigFactory.newXMLObject( + Collections.singletonList(signatureProperties), null,null,null); + + return xmlObject; + } }