mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 18:56:29 +00:00
Added support for RFC2315
This commit is contained in:
parent
c1dcd5cd23
commit
ef44c8d970
@ -76,11 +76,13 @@ public class SwidTagConstants {
|
||||
public static final String TCG_NS = "https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model";
|
||||
public static final String RFC3852_NS = "https://www.ietf.org/rfc/rfc3852.txt";
|
||||
public static final String RFC3339_NS = "https://www.ietf.org/rfc/rfc3339.txt";
|
||||
public static final String RFC2315_NS = "https://www.ietf.org/rfc/rfc2315.txt";
|
||||
|
||||
public static final String N8060_PFX = "n8060";
|
||||
public static final String RIM_PFX = "rim";
|
||||
public static final String RFC3852_PFX = "rcf3852";
|
||||
public static final String RFC3339_PFX = "rcf3339";
|
||||
public static final String RFC2315_PFX = "rcf2315";
|
||||
|
||||
public static final QName _SHA256_HASH = new QName(
|
||||
"http://www.w3.org/2001/04/xmlenc#sha256", HASH, "SHA256");
|
||||
|
@ -194,7 +194,7 @@ public class SwidTagGateway {
|
||||
}
|
||||
|
||||
/**
|
||||
* Setter for timestamp input - RFC3852 + file or RFC3339 + value
|
||||
* Setter for timestamp input - RFC3852|RFC2315 + file or RFC3339 + value
|
||||
*
|
||||
* @param timestampArgument
|
||||
*/
|
||||
@ -786,6 +786,20 @@ public class SwidTagGateway {
|
||||
private XMLObject createXmlTimestamp(Document doc, XMLSignatureFactory sigFactory) {
|
||||
Element timeStampElement = doc.createElement("TimeStamp");
|
||||
switch (timestampFormat.toUpperCase()) {
|
||||
case "RFC2315":
|
||||
try {
|
||||
byte[] counterSignature = Base64.getEncoder().encode(
|
||||
Files.readAllBytes(Paths.get(timestampArgument)));
|
||||
timeStampElement.setAttributeNS("http://www.w3.org/2000/xmlns/",
|
||||
"xmlns:" + SwidTagConstants.RFC2315_PFX,
|
||||
SwidTagConstants.RFC2315_NS);
|
||||
timeStampElement.setAttribute(SwidTagConstants.DATETIME,
|
||||
new String(counterSignature));
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
System.exit(1);
|
||||
}
|
||||
break;
|
||||
case "RFC3852":
|
||||
try {
|
||||
byte[] counterSignature = Base64.getEncoder().encode(
|
||||
|
@ -54,7 +54,7 @@ public class Commander {
|
||||
private String rimEventLog = "";
|
||||
@Parameter(names = {"--timestamp"}, order = 11, variableArity = true,
|
||||
description = "Add a timestamp to the signature. " +
|
||||
"Currently only RFC3339 and RFC3852 are supported:\n" +
|
||||
"Currently RFC3339, RFC3852, and RFC2315 (PKCS7) formats are supported:\n" +
|
||||
"\tRFC3339 [yyyy-MM-ddThh:mm:ssZ]\n\tRFC3852 <counterSignature.bin>")
|
||||
private List<String> timestampArguments = new ArrayList<String>(2);
|
||||
|
||||
|
@ -14,7 +14,7 @@ public class TimestampArgumentValidator {
|
||||
|
||||
/**
|
||||
* This class handles validation of the --timestamp commandline parameter.
|
||||
* Currently only RFC3339 and RFC3852 formats are supported.
|
||||
* Currently RFC3339, RFC3852, and RFC2315 (PKCS7) formats are supported.
|
||||
*
|
||||
* @param args list of arguments from command line
|
||||
*/
|
||||
@ -29,15 +29,17 @@ public class TimestampArgumentValidator {
|
||||
*/
|
||||
public boolean isValid() {
|
||||
if (isExactlyOneFormat(args)) {
|
||||
if (args.get(0).equalsIgnoreCase("RFC3852")) {
|
||||
if (args.get(0).equalsIgnoreCase("RFC3852") ||
|
||||
args.get(0).equalsIgnoreCase("RFC2315")) {
|
||||
if (args.size() > 1) {
|
||||
if (isRfc3852FileValid(args.get(1))) {
|
||||
if (isCountersignatureFileValid(args.get(1))) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
} else if (args.size() == 1) {
|
||||
System.out.println("Countersignature file is required for RFC3852 timestamps");
|
||||
System.out.println("Countersignature file is required for " +
|
||||
"RFC3852 and RFC2315 (PKCS7) timestamps");
|
||||
return false;
|
||||
}
|
||||
} else if (args.get(0).equalsIgnoreCase("RFC3339")) {
|
||||
@ -59,25 +61,26 @@ public class TimestampArgumentValidator {
|
||||
}
|
||||
|
||||
/**
|
||||
* This method ensures that exactly one of RFC3339 and RFC3852 are specified.
|
||||
* This method ensures that exactly one format is specified.
|
||||
*
|
||||
* @param args list of command line arguments
|
||||
* @return true if exactly one format is specified, false otherwise
|
||||
*/
|
||||
private boolean isExactlyOneFormat(List<String> args) {
|
||||
Pattern pattern = Pattern.compile("(R|r)(F|f)(C|c)(3339|3852)");
|
||||
Pattern pattern = Pattern.compile("(R|r)(F|f)(C|c)(3339|3852|2315)");
|
||||
String format = args.get(0);
|
||||
Matcher formatMatcher = pattern.matcher(format);
|
||||
|
||||
if (!formatMatcher.matches()) {
|
||||
System.out.println("Invalid timestamp format specified, expected RFC3339 or RFC3852.");
|
||||
System.out.println("Invalid timestamp format specified. " +
|
||||
"Please choose from RFC3339, RFC3852, or RFC2315.");
|
||||
return false;
|
||||
}
|
||||
if (args.size() == 2) {
|
||||
String argument = args.get(1);
|
||||
Matcher argumentMatcher = pattern.matcher(argument);
|
||||
if (argumentMatcher.matches()) {
|
||||
System.out.println("Exactly one timestamp format must be specified.");
|
||||
System.out.println("Only one timestamp format may be specified at a time.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -108,7 +111,7 @@ public class TimestampArgumentValidator {
|
||||
* @param file the counter signature
|
||||
* @return true if file exists and is valid, false otherwise
|
||||
*/
|
||||
private boolean isRfc3852FileValid(String file) {
|
||||
private boolean isCountersignatureFileValid(String file) {
|
||||
if (file != null && !file.isEmpty()) {
|
||||
try {
|
||||
Files.readAllBytes(Paths.get(file));
|
||||
@ -117,7 +120,8 @@ public class TimestampArgumentValidator {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
System.out.println("RFC3852 requires a filename input of the countersignature file.");
|
||||
System.out.println("RFC3852 and RFC2315 (PKCS7) formats require " +
|
||||
"a filename input of the countersignature file.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
Loading…
Reference in New Issue
Block a user