From 81df68b2c91759c109f75511c5b38f5fb5acd95a Mon Sep 17 00:00:00 2001
From: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Date: Tue, 22 Dec 2020 14:39:02 +0100
Subject: Add tests for CSAR security validation.

Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I25784be4d87ac8c4b0e82f42851ee96ac75e6b71
Issue-ID: VNFSDK-714
---
 .../vnfsdk-refrepo/csar/invalid_with_security.csar | Bin 0 -> 10824 bytes
 tests/vnfsdk-refrepo/csar_validation_tests.robot   |  50 ++++++++++++++++++++-
 .../resources/vnfsdk_properties.robot              |  12 +++++
 3 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 tests/vnfsdk-refrepo/csar/invalid_with_security.csar

diff --git a/tests/vnfsdk-refrepo/csar/invalid_with_security.csar b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar
new file mode 100644
index 00000000..c2560bd5
Binary files /dev/null and b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar differ
diff --git a/tests/vnfsdk-refrepo/csar_validation_tests.robot b/tests/vnfsdk-refrepo/csar_validation_tests.robot
index 9994d567..a7c2c402 100644
--- a/tests/vnfsdk-refrepo/csar_validation_tests.robot
+++ b/tests/vnfsdk-refrepo/csar_validation_tests.robot
@@ -10,6 +10,7 @@ Perform vnf refrepo healthcheck
     ${response}=    Get Request    refrepo   /PackageResource/healthcheck
     Should Be Equal As Strings  ${response.status_code}     200
 
+
 Validate correct, no security CSAR
     [Documentation]    Valid CSAR with no security should PASS validation and should return no error
 
@@ -18,13 +19,60 @@ Validate correct, no security CSAR
     # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
     ${response}=   Remove String    ${response}    \\\\    \\u003c    \\u003e   \\"
     ${json_response}=    evaluate    json.loads('''${response}''')    json
-    Should Be Equal As Strings    ${json_response[0]["results"]["criteria"]}   PASS
+    Should Be Equal As Strings    ${json_response[0]["results"]["criteria"]}   ${OPERATION_STATUS_PASS}
     FOR   ${resault}  IN  @{json_response[0]["results"]["results"]}
         Should Be Equal As Strings   ${resault["errors"]}   []
         Should Be Equal As Strings   ${resault["passed"]}   True
+        run keyword if  "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+        ...  Should Be Equal As Strings   ${resault["warnings"]}   ${expected_valid_no_security_warnings}
+    END
+
+
+Validate secure CSAR with invalid certificate
+    [Documentation]    Valid CSAR with cms signature in manifest file and certificate in TOSCA, containing individual signatures for multiple artifacts, using common certificate and individual certificate
+
+    ${response}=   Validate CSAR usign Post request   ${csar_invalid_with_security}   ${execute_security_csar_validation}
+    # Removing strings that are causing errors during evaluation,
+    # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
+    ${response}=   Remove String    ${response}    \\\\    \\u003c    \\u003e   \\"
+    ${json_response}=    evaluate    json.loads('''${response}''')    json
+    Should Be Equal As Strings    ${json_response[0]["results"]["criteria"]}   ${OPERATION_STATUS_FAILED}
+    ${validated_rules}=  Get Length  ${json_response[0]["results"]["results"]}
+    Should Be Equal As Strings  ${validated_rules}  14
+    FOR   ${resault}  IN  @{json_response[0]["results"]["results"]}
+        ${validation_errors}=  Get Length  ${resault["errors"]}
+        run keyword if  "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  7
+        run keyword if  "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  1
+        run keyword if  "${resault["vnfreqName"]}" == "${MANIFEST_FILE_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  1
+        run keyword if  "${resault["vnfreqName"]}" == "${NON_MANO_FILES_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  4
     END
 
 
+Validate CSAR using selected rules
+    [Documentation]    Valid CSAR using only selected rules provided in request parameters
+
+    ${response}=   Validate CSAR usign Post request   ${csar_invalid_with_security}   ${execute_security_csar_validation_selected_rules}
+    # Removing strings that are causing errors during evaluation,
+    # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes
+    ${response}=   Remove String    ${response}    \\\\    \\u003c    \\u003e   \\"
+    ${json_response}=    evaluate    json.loads('''${response}''')    json
+    Should Be Equal As Strings    ${json_response[0]["results"]["criteria"]}   ${OPERATION_STATUS_FAILED}
+     ${validated_rules}=  Get Length  ${json_response[0]["results"]["results"]}
+    Should Be Equal As Strings  ${validated_rules}  3
+    FOR   ${resault}  IN  @{json_response[0]["results"]["results"]}
+        ${validation_errors}=  Get Length  ${resault["errors"]}
+        run keyword if  "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  7
+        run keyword if  "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}"
+        ...  Should Be Equal As Strings  ${validation_errors}  1
+    END
+
+
+
 Validate CSAR using rule r130206 and use get method to receive outcome
     [Documentation]    Validate CSAR with invalid PM_Dictionary (r130206)  using rule r130206 , then use get method with validation id to receive valdiation outcome
 
diff --git a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
index e46eba6f..bc9684d6 100644
--- a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
+++ b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot
@@ -3,8 +3,20 @@ ${base_url}=    http://${REFREPO_IP}:8702/onapapi/vnfsdk-marketplace/v1
 
 ${csarpath}=    ${SCRIPTS}/../tests/vnfsdk-refrepo/csar
 
+${CERTIFICATION_RULE}=  r130206
+${PM_DICTIONARY_YAML_RULE}=  r816745
+${MANIFEST_FILE_RULE}=  r01123
+${NON_MANO_FILES_RULE}=  r146092
+${OPERATION_STATUS_FAILED}=  FAILED
+${OPERATION_STATUS_PASS}=  PASS
+
 ${csar_valid_no_security}=  valid_no_security.csar
 ${execute_no_security_csar_validation}=  [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_valid_no_security}","pnf":"true"}}]
+${expected_valid_no_security_warnings}=  [{u'lineNumber': -1, u'message': u'Warning. Consider adding package integrity and authenticity assurance according to ETSI NFV-SOL 004 Security Option 1', u'code': u'0x1006', u'file': u'', u'vnfreqNo': u'R130206'}]
+
+${csar_invalid_with_security}=  invalid_with_security.csar
+${execute_security_csar_validation}=  [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true"}}]
+${execute_security_csar_validation_selected_rules}=  [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true","rules":"${CERTIFICATION_RULE},${PM_DICTIONARY_YAML_RULE}"}}]
 
 ${csar_invalid_pm_dictionary}=  invalid_pm_dictionary.csar
 ${execute_invalid_pm_dictionary_r130206_validation}=  [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate-r130206","parameters": {"csar": "file://${csar_invalid_pm_dictionary}","pnf":"true"}}]
-- 
cgit 1.2.3-korg