Validate signature and validation arguments, and output appropriate error messages

This commit is contained in:
chubtub 2024-02-07 09:10:41 -05:00
parent adb1da93b4
commit fbf3de2517
3 changed files with 97 additions and 11 deletions

View File

@ -1,6 +1,7 @@
package hirs.swid; package hirs.swid;
import hirs.swid.utils.Commander; import hirs.swid.utils.Commander;
import hirs.swid.utils.CredentialArgumentValidator;
import hirs.swid.utils.TimestampArgumentValidator; import hirs.swid.utils.TimestampArgumentValidator;
import hirs.utils.rim.ReferenceManifestValidator; import hirs.utils.rim.ReferenceManifestValidator;
import com.beust.jcommander.JCommander; import com.beust.jcommander.JCommander;
@ -27,6 +28,7 @@ public class Main {
SwidTagGateway gateway; SwidTagGateway gateway;
ReferenceManifestValidator validator; ReferenceManifestValidator validator;
List<String> unknownOpts = commander.getUnknownOptions(); List<String> unknownOpts = commander.getUnknownOptions();
CredentialArgumentValidator credValidator;
if (!unknownOpts.isEmpty()) { if (!unknownOpts.isEmpty()) {
StringBuilder sb = new StringBuilder("Unknown options encountered: "); StringBuilder sb = new StringBuilder("Unknown options encountered: ");
@ -53,7 +55,6 @@ public class Main {
} }
String verifyFile = commander.getVerifyFile(); String verifyFile = commander.getVerifyFile();
String rimel = commander.getRimEventLog(); String rimel = commander.getRimEventLog();
String certificateFile = commander.getPublicCertificate();
String trustStore = commander.getTruststoreFile(); String trustStore = commander.getTruststoreFile();
validator.setRim(verifyFile); validator.setRim(verifyFile);
validator.setRimEventLog(rimel); validator.setRimEventLog(rimel);
@ -61,6 +62,13 @@ public class Main {
if (!certificateFile.isEmpty()) { if (!certificateFile.isEmpty()) {
System.out.println("A single cert cannot be used for verification. " + System.out.println("A single cert cannot be used for verification. " +
"The signing cert will be searched for in the trust store."); "The signing cert will be searched for in the trust store.");
credValidator = new CredentialArgumentValidator(trustStore,
"","", true);
if (credValidator.isValid()) {
validator.setTrustStoreFile(trustStore);
} else {
System.out.println(credValidator.getErrorMessage());
System.exit(1);
} }
if (validator.validateSwidtagFile(verifyFile)) { if (validator.validateSwidtagFile(verifyFile)) {
System.out.println("Successfully verified " + verifyFile); System.out.println("Successfully verified " + verifyFile);
@ -75,7 +83,6 @@ public class Main {
} }
String createType = commander.getCreateType().toUpperCase(); String createType = commander.getCreateType().toUpperCase();
String attributesFile = commander.getAttributesFile(); String attributesFile = commander.getAttributesFile();
String jksTruststoreFile = commander.getTruststoreFile();
String certificateFile = commander.getPublicCertificate(); String certificateFile = commander.getPublicCertificate();
String privateKeyFile = commander.getPrivateKeyFile(); String privateKeyFile = commander.getPrivateKeyFile();
boolean embeddedCert = commander.isEmbedded(); boolean embeddedCert = commander.isEmbedded();
@ -86,22 +93,26 @@ public class Main {
if (!attributesFile.isEmpty()) { if (!attributesFile.isEmpty()) {
gateway.setAttributesFile(attributesFile); gateway.setAttributesFile(attributesFile);
} }
if (!jksTruststoreFile.isEmpty()) { if (!rimEventLog.isEmpty()) {
gateway.setRimEventLog(rimEventLog);
} else {
System.out.println("Error: a support RIM is required!");
System.exit(1);
}
credValidator = new CredentialArgumentValidator("" ,
certificateFile, privateKeyFile, false);
if (defaultKey){
gateway.setDefaultCredentials(true); gateway.setDefaultCredentials(true);
gateway.setJksTruststoreFile(jksTruststoreFile); gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
} else if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) { } else if (credValidator.isValid()) {
gateway.setDefaultCredentials(false); gateway.setDefaultCredentials(false);
gateway.setPemCertificateFile(certificateFile); gateway.setPemCertificateFile(certificateFile);
gateway.setPemPrivateKeyFile(privateKeyFile); gateway.setPemPrivateKeyFile(privateKeyFile);
if (embeddedCert) { if (embeddedCert) {
gateway.setEmbeddedCert(true); gateway.setEmbeddedCert(true);
} }
} else if (defaultKey){
gateway.setDefaultCredentials(true);
gateway.setJksTruststoreFile(SwidTagConstants.DEFAULT_KEYSTORE_FILE);
} else { } else {
exitWithErrorCode("A private key (-k) and public certificate (-p) " + exitWithErrorCode(credValidator.getErrorMessage());
"are required, or the default key (-d) must be indicated.");
} }
if (rimEventLog.isEmpty()) { if (rimEventLog.isEmpty()) {
exitWithErrorCode("A support RIM is required."); exitWithErrorCode("A support RIM is required.");

View File

@ -64,7 +64,6 @@ import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException; import java.security.KeyException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.ArrayList; import java.util.ArrayList;

View File

@ -0,0 +1,76 @@
package hirs.swid.utils;
public class CredentialArgumentValidator {
private String truststoreFile;
private String certificateFile;
private String privateKeyFile;
private String format;
private boolean isValidating;
private String errorMessage;
private static final String PEM = "PEM";
public CredentialArgumentValidator(String truststoreFile,
String certificateFile,
String privateKeyFile,
boolean isValidating) {
this.truststoreFile = truststoreFile;
this.certificateFile = certificateFile;
this.privateKeyFile = privateKeyFile;
this.isValidating = isValidating;
errorMessage = "";
}
/**
* Getter for format property
*
* @return string
*/
public String getFormat() {
return format;
}
/**
* Getter for error message
*
* @return string
*/
public String getErrorMessage() {
return errorMessage;
}
/**
* This method checks for the following valid configurations of input arguments:
* 1.
* 2. truststore only for validating (PEM format)
* 3. certificate + private key for signing (PEM format)
* 4.
*
* @return true if the above are found, false otherwise
*/
public boolean isValid() {
if (isValidating) {
if (!truststoreFile.isEmpty()) {
format = PEM;
return true;
} else {
errorMessage = "Validation requires a valid truststore file.";
return false;
}
} else {
if (!certificateFile.isEmpty() && !privateKeyFile.isEmpty()) {
format = PEM;
return true;
} else {
if (certificateFile.isEmpty()) {
errorMessage = "A public certificate must be specified by \'-p\' " +
"for signing operations.";
}
if (privateKeyFile.isEmpty()) {
errorMessage = "A private key must be specified by \'-k\' " +
"for signing operations.";
}
return false;
}
}
}
}