Skip to content

Commit

Permalink
Migrate javax.xml.bind to jakarta. Delete hirs.swid.xjc package and u…
Browse files Browse the repository at this point in the history 
…pdate SwidTagConstants class to reference hirs.utils.xjc.
  • Loading branch information
@chubtub
chubtub committed Nov 30, 2023
1 parent 96bd8b9 commit d325c04
Show file tree
Hide file tree
Showing 42 changed files with 107 additions and 5,664 deletions.
1 change: 0 additions & 1 deletion tools/tcg_rim_tool/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ dependencies {

testImplementation libs.testng
}

test {
testLogging.showStandardStreams true
}
Expand Down
6 changes: 3 additions & 3 deletions tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@
*/
public class SwidTagConstants {

public static final String DEFAULT_KEYSTORE_FILE = "/opt/hirs/rimtool/keystore.jks";
public static final String DEFAULT_KEYSTORE_FILE = "/opt/hirs/rimtool/data/keystore.jks";
public static final String DEFAULT_KEYSTORE_PASSWORD = "password";
public static final String DEFAULT_PRIVATE_KEY_ALIAS = "selfsigned";
public static final String DEFAULT_ATTRIBUTES_FILE = "/opt/hirs/rimtool/rim_fields.json";
public static final String DEFAULT_ATTRIBUTES_FILE = "/opt/hirs/rimtool/data/rim_fields.json";
public static final String DEFAULT_ENGLISH = "en";

public static final String SIGNATURE_ALGORITHM_RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

public static final String SCHEMA_PACKAGE = "hirs.swid.xjc";
public static final String SCHEMA_PACKAGE = "hirs.utils.xjc";
public static final String SCHEMA_LANGUAGE = XMLConstants.W3C_XML_SCHEMA_NS_URI;
public static final String SCHEMA_URL = "swid_schema.xsd";

Expand Down
178 changes: 104 additions & 74 deletions tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
package hirs.swid;

import hirs.swid.utils.HashSwid;
import hirs.swid.xjc.Directory;
import hirs.swid.xjc.Entity;
import hirs.swid.xjc.Link;
import hirs.swid.xjc.ObjectFactory;
import hirs.swid.xjc.ResourceCollection;
import hirs.swid.xjc.SoftwareIdentity;
import hirs.swid.xjc.SoftwareMeta;
import hirs.utils.xjc.Directory;
import hirs.utils.xjc.Entity;
import hirs.utils.xjc.Link;
import hirs.utils.xjc.ObjectFactory;
import hirs.utils.xjc.ResourceCollection;
import hirs.utils.xjc.SoftwareIdentity;
import hirs.utils.xjc.SoftwareMeta;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBElement;
import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.Marshaller;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
Expand Down Expand Up @@ -228,7 +228,7 @@ public void generateSwidTag(final String filename) {
configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY));
//File
hirs.swid.xjc.File file = createFile(
hirs.utils.xjc.File file = createFile(
configProperties.getJsonObject(SwidTagConstants.PAYLOAD)
.getJsonObject(SwidTagConstants.DIRECTORY)
.getJsonObject(SwidTagConstants.FILE));
Expand Down Expand Up @@ -489,15 +489,15 @@ private Directory createDirectory(final JsonObject jsonObject) {
}

/**
* This method creates a hirs.swid.xjc.File from an indirect payload type
* This method creates a hirs.utils.xjc.File from an indirect payload type
* using parameters read in from a properties file and then
* calculating the hash of a given event log support RIM.
*
* @param jsonObject the Properties object containing parameters from file
* @return File object created from the properties
*/
private hirs.swid.xjc.File createFile(JsonObject jsonObject) throws Exception {
hirs.swid.xjc.File file = objectFactory.createFile();
private hirs.utils.xjc.File createFile(JsonObject jsonObject) throws Exception {
hirs.utils.xjc.File file = objectFactory.createFile();
file.setName(jsonObject.getString(SwidTagConstants.NAME, ""));
Map<QName, String> attributes = file.getOtherAttributes();
String supportRimFormat = jsonObject.getString(SwidTagConstants.SUPPORT_RIM_FORMAT,
Expand Down Expand Up @@ -549,95 +549,125 @@ private void addNonNullAttribute(final Map<QName, String> attributes,
* This method signs a SoftwareIdentity with an xmldsig in compatibility mode.
* Current assumptions: digest method SHA256, signature method SHA256, enveloped signature
*/
private Document signXMLDocument(JAXBElement<SoftwareIdentity> swidTag) throws Exception {
private Document signXMLDocument(JAXBElement<SoftwareIdentity> swidTag) {
Document doc = null;
try {
doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
marshaller.marshal(swidTag, doc);
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
List xmlObjectList = null;
String signatureId = null;
} catch (ParserConfigurationException e) {
System.out.println("Error instantiating Document object for parsing swidtag: "
+ e.getMessage());
System.exit(1);
} catch (JAXBException e) {
System.out.println("Error while marshaling swidtag: " + e.getMessage());
e.printStackTrace();
System.exit(1);
}
XMLSignatureFactory sigFactory = XMLSignatureFactory.getInstance("DOM");
List xmlObjectList = null;
String signatureId = null;

Reference documentRef = sigFactory.newReference(
Reference documentRef = null;
try {
documentRef = sigFactory.newReference(
"",
sigFactory.newDigestMethod(DigestMethod.SHA256, null),
Collections.singletonList(sigFactory.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)),
null,
null
);
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
System.out.println("Error while creating enveloped signature Reference: "
+ e.getMessage());
System.exit(1);
}

List<Reference> refList = new ArrayList<Reference>();
refList.add(documentRef);
List<Reference> refList = new ArrayList<Reference>();
refList.add(documentRef);

if (!timestampFormat.isEmpty()) {
Reference timestampRef = sigFactory.newReference(
if (!timestampFormat.isEmpty()) {
Reference timestampRef = null;
try {
timestampRef = sigFactory.newReference(
"#TST",
sigFactory.newDigestMethod(DigestMethod.SHA256, null)
);
refList.add(timestampRef);
xmlObjectList = Collections.singletonList(createXmlTimestamp(doc, sigFactory));
signatureId = "RimSignature";
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
System.out.println("Error while creating timestamp Reference: "
+ e.getMessage());
System.exit(1);
}

SignedInfo signedInfo = sigFactory.newSignedInfo(
refList.add(timestampRef);
xmlObjectList = Collections.singletonList(createXmlTimestamp(doc, sigFactory));
signatureId = "RimSignature";
}
SignedInfo signedInfo = null;
try {
signedInfo = sigFactory.newSignedInfo(
sigFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
sigFactory.newSignatureMethod(SwidTagConstants.SIGNATURE_ALGORITHM_RSA_SHA256,
null),
refList
);
List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();

KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
PrivateKey privateKey;
CredentialParser cp = new CredentialParser();
if (defaultCredentials) {
cp.parseJKSCredentials(jksTruststoreFile);
privateKey = cp.getPrivateKey();
KeyName keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
keyInfoElements.add(keyName);
} else {
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
System.out.println("Error while creating SignedInfo: " + e.getMessage());
System.exit(1);
}
List<XMLStructure> keyInfoElements = new ArrayList<XMLStructure>();

KeyInfoFactory kiFactory = sigFactory.getKeyInfoFactory();
PrivateKey privateKey;
CredentialParser cp = new CredentialParser();
if (defaultCredentials) {
cp.parseJKSCredentials(jksTruststoreFile);
privateKey = cp.getPrivateKey();
KeyName keyName = null;
try {
keyName = kiFactory.newKeyName(cp.getCertificateSubjectKeyIdentifier());
} catch (IOException e) {
System.out.println("Error while getting SKID: " + e.getMessage());
System.exit(1);
}
keyInfoElements.add(keyName);
} else {
try {
cp.parsePEMCredentials(pemCertificateFile, pemPrivateKeyFile);
X509Certificate certificate = cp.getCertificate();
privateKey = cp.getPrivateKey();
if (embeddedCert) {
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
} else {
} catch (Exception e) {
System.out.println("Error while parsing PEM files: " + e.getMessage());
System.exit(1);
}
X509Certificate certificate = cp.getCertificate();
privateKey = cp.getPrivateKey();
if (embeddedCert) {
ArrayList<Object> x509Content = new ArrayList<Object>();
x509Content.add(certificate.getSubjectX500Principal().getName());
x509Content.add(certificate);
X509Data data = kiFactory.newX509Data(x509Content);
keyInfoElements.add(data);
} else {
try {
keyInfoElements.add(kiFactory.newKeyValue(certificate.getPublicKey()));
} catch (KeyException e) {
System.out.println("Error while creating KeyValue: " + e.getMessage());
}
}
KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements);

DOMSignContext context = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = sigFactory.newXMLSignature(
signedInfo,
keyinfo,
xmlObjectList,
signatureId,
null
);
}
KeyInfo keyinfo = kiFactory.newKeyInfo(keyInfoElements);

DOMSignContext context = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = sigFactory.newXMLSignature(
signedInfo,
keyinfo,
xmlObjectList,
signatureId,
null
);
try {
signature.sign(context);
} catch (FileNotFoundException e) {
System.out.println("Keystore not found! " + e.getMessage());
} catch (IOException e) {
System.out.println("Error loading keystore: " + e.getMessage());
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException |
ParserConfigurationException e) {
System.out.println(e.getMessage());
} catch (CertificateException e) {
System.out.println(e.getMessage());
} catch (JAXBException e) {
System.out.println("Error marshaling signed swidtag: " + e.getMessage());
} catch (MarshalException | XMLSignatureException e) {
System.out.println("Error while signing SoftwareIdentity: " + e.getMessage());
} catch (KeyException e) {
System.out.println("Public key algorithm not recognized or supported: "
+ e.getMessage());
System.out.println("Error while signing the swidtag: " + e.getMessage());
}

return doc;
Expand Down
97 changes: 0 additions & 97 deletions tools/tcg_rim_tool/src/main/java/hirs/swid/xjc/BaseElement.java
View file

This file was deleted.

Loading

0 comments on commit d325c04

Please sign in to comment.