diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java index 45066e8d..d25f779c 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/Main.java @@ -1,6 +1,7 @@ package hirs.swid; import hirs.swid.utils.Commander; +import hirs.swid.utils.CredentialArgumentValidator; import hirs.swid.utils.TimestampArgumentValidator; import hirs.utils.rim.ReferenceManifestValidator; import com.beust.jcommander.JCommander; @@ -27,6 +28,7 @@ public class Main { SwidTagGateway gateway; ReferenceManifestValidator validator; List unknownOpts = commander.getUnknownOptions(); + CredentialArgumentValidator credValidator; if (!unknownOpts.isEmpty()) { StringBuilder sb = new StringBuilder("Unknown options encountered: "); @@ -53,7 +55,6 @@ public class Main { } String verifyFile = commander.getVerifyFile(); String rimel = commander.getRimEventLog(); - String certificateFile = commander.getPublicCertificate(); String trustStore = commander.getTruststoreFile(); validator.setRim(verifyFile); validator.setRimEventLog(rimel); @@ -61,6 +62,13 @@ public class Main { if (!certificateFile.isEmpty()) { System.out.println("A single cert cannot be used for verification. " + "The signing cert will be searched for in the trust store."); + credValidator = new CredentialArgumentValidator(trustStore, + "","", true); + if (credValidator.isValid()) { + validator.setTrustStoreFile(trustStore); + } else { + System.out.println(credValidator.getErrorMessage()); + System.exit(1); } if (validator.validateSwidtagFile(verifyFile)) { System.out.println("Successfully verified " + verifyFile); @@ -75,7 +83,6 @@ public class Main { } String createType = commander.getCreateType().toUpperCase(); String attributesFile = commander.getAttributesFile(); - String jksTruststoreFile = commander.getTruststoreFile(); String certificateFile = commander.getPublicCertificate(); String privateKeyFile = commander.getPrivateKeyFile(); boolean embeddedCert = commander.isEmbedded(); @@ -86,22 +93,26 @@ public class Main { if (!attributesFile.isEmpty()) { gateway.setAttributesFile(attributesFile); } - if (!jksTruststoreFile.isEmpty()) { + if (!rimEventLog.isEmpty()) { + gateway.setRimEventLog(rimEventLog); + } else { + System.out.println("Error: a support RIM is required!"); + System.exit(1); + } + credValidator = new CredentialArgumentValidator("" , + certificateFile, privateKeyFile, false); + if (defaultKey){ gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(jksTruststoreFile); - } else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { + gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE); + } else if (credValidator.isValid()) { gateway.setDefaultCredentials(false); gateway.setPemCertificateFile(certificateFile); gateway.setPemPrivateKeyFile(privateKeyFile); if (embeddedCert) { gateway.setEmbeddedCert(true); } - } else if (defaultKey){ - gateway.setDefaultCredentials(true); - gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE); } else { - exitWithErrorCode("A private key (-k) and public certificate (-p) " + - "are required, or the default key (-d) must be indicated."); + exitWithErrorCode(credValidator.getErrorMessage()); } if (rimEventLog.isEmpty()) { exitWithErrorCode("A support RIM is required."); diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java index 0cd4ffc1..b9027b27 100644 --- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java @@ -64,7 +64,6 @@ import java.security.InvalidAlgorithmParameterException; import java.security.KeyException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.time.LocalDateTime; import java.util.ArrayList; diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java new file mode 100644 index 00000000..1b162349 --- /dev/null +++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/utils/CredentialArgumentValidator.java @@ -0,0 +1,76 @@ +package hirs.swid.utils; + +public class CredentialArgumentValidator { + private String truststoreFile; + private String certificateFile; + private String privateKeyFile; + private String format; + private boolean isValidating; + private String errorMessage; + private static final String PEM = "PEM"; + + public CredentialArgumentValidator(String truststoreFile, + String certificateFile, + String privateKeyFile, + boolean isValidating) { + this.truststoreFile = truststoreFile; + this.certificateFile = certificateFile; + this.privateKeyFile = privateKeyFile; + this.isValidating = isValidating; + errorMessage = ""; + } + + /** + * Getter for format property + * + * @return string + */ + public String getFormat() { + return format; + } + + /** + * Getter for error message + * + * @return string + */ + public String getErrorMessage() { + return errorMessage; + } + + /** + * This method checks for the following valid configurations of input arguments: + * 1. + * 2. truststore only for validating (PEM format) + * 3. certificate + private key for signing (PEM format) + * 4. + * + * @return true if the above are found, false otherwise + */ + public boolean isValid() { + if (isValidating) { + if (!truststoreFile.isEmpty()) { + format = PEM; + return true; + } else { + errorMessage = "Validation requires a valid truststore file."; + return false; + } + } else { + if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { + format = PEM; + return true; + } else { + if (certificateFile.isEmpty()) { + errorMessage = "A public certificate must be specified by \'-p\' " + + "for signing operations."; + } + if (privateKeyFile.isEmpty()) { + errorMessage = "A private key must be specified by \'-k\' " + + "for signing operations."; + } + return false; + } + } + } +}