From c85fd2844bb7fdd2b92505ec89695b8d7e873de5 Mon Sep 17 00:00:00 2001 From: Szabolcs Hutvagner Date: Wed, 17 Apr 2019 14:07:00 +0100 Subject: Provide Sample Signed PNF Package for Integration Test with certificate inside signature This can be used for integration test of Pre-Onboarding and Onboarding of a PNF package. Issue-ID: INT-1017 Change-Id: I01f6ebdf4498bd3aac028d8ce6fa510287999d65 Signed-off-by: Szabolcs Hutvagner --- test/mocks/pnf-onboarding/README.md | 19 ++--- test/mocks/pnf-onboarding/pom.xml | 94 +++++++++++++++------- .../src/main/assembly/signedZipCmsIncludesCert.xml | 15 ++++ 3 files changed, 91 insertions(+), 37 deletions(-) create mode 100644 test/mocks/pnf-onboarding/src/main/assembly/signedZipCmsIncludesCert.xml (limited to 'test') diff --git a/test/mocks/pnf-onboarding/README.md b/test/mocks/pnf-onboarding/README.md index 8440b3483..b14b34d95 100644 --- a/test/mocks/pnf-onboarding/README.md +++ b/test/mocks/pnf-onboarding/README.md @@ -1,25 +1,26 @@ - PNF Package for Integration Test ================================ -**NOTE: Currently this solution only works on Linux OS and requires openssl to be preinstalled.** +**NOTE: Requires openssl to be preinstalled.** -This module builds 2 PNF packages based on the files in `/src/main/resources/csarContent/` +This module builds 3 PNF packages based on the files in `/src/main/resources/csarContent/` -1. unsigned package: `sample-pnf-1.0.1-SNAPSHOT.csar` -2. signed package: `sample-signed-pnf-1.0.1-SNAPSHOT.zip` +1. unsigned package: + `sample-pnf-1.0.1-SNAPSHOT.csar` -The signed package is based on ETSI SOL004 Security Option 2. It contains the csar, cert and cms files. +2. signed packages: + A) `sample-signed-pnf-1.0.1-SNAPSHOT.zip` + B) `sample-signed-pnf-cms-includes-cert-1.0.1-SNAPSHOT.zip` + The signed packages are based on ETSI SOL004 Security Option 2. They contain csar, cert and cms files. In package B cms includes cert. The packages are generated by running the following command in the same directory as this readme file i.e. pnf-onboarding directory: > `$ mvn clean install` The packages will be stored in the maven generated `target` directory. -To be able to use the signed package in SDC the `src/main/resources/securityContent/root.cert` file has to be loaded into SDC onboarding backend container. +To be able to use the signed packages in SDC the `src/main/resources/securityContent/root.cert` file has to be loaded into SDC onboarding backend container. If SDC is running in containers locally then the following commands could be used to copy the root.cert to the default location in SDC Onboarding Container. It is assumed that the commands are executed from inside pnf-onboarding directory. > `$ docker exec -it mkdir -p /var/lib/jetty/cert` - -> `$ docker cp src/main/resources/securityContent/root.cert :/var/lib/jetty` +> `$ docker cp src/main/resources/securityContent/root.cert :/var/lib/jetty/cert` \ No newline at end of file diff --git a/test/mocks/pnf-onboarding/pom.xml b/test/mocks/pnf-onboarding/pom.xml index 7f513eb00..e9b057d6f 100644 --- a/test/mocks/pnf-onboarding/pom.xml +++ b/test/mocks/pnf-onboarding/pom.xml @@ -19,6 +19,7 @@ https://nexus.onap.org sample-pnf-${version} sample-signed-pnf-${version} + sample-signed-pnf-cms-includes-cert-${version} @@ -86,15 +87,8 @@ ${project.build.directory}/${csar.name}.csar - - - - com.coderplus.maven.plugins - copy-rename-maven-plugin - 1.0 - - copy-csar-and-cert-to-signed-csar-dir + copy-csar-and-cert-to-signed-csar-dirs prepare-package copy @@ -109,6 +103,10 @@ ${project.build.directory}/${csar.name}.csar ${project.build.directory}/signed-csar/${csar.name}.csar + + ${project.build.directory}/${csar.name}.csar + ${project.build.directory}/signed-csar-cms-includes-cert/${csar.name}.csar + @@ -117,7 +115,7 @@ org.codehaus.mojo exec-maven-plugin - 1.3.2 + 1.3.2 generate-signature @@ -125,27 +123,52 @@ exec + + openssl + + cms + -sign + -binary + -nocerts + -outform + pem + -signer + ${project.basedir}/src/main/resources/securityContent/sample-pnf.cert + -inkey + ${project.basedir}/src/main/resources/securityContent/sample-pnf-private-key.pem + -in + ${project.build.directory}/signed-csar/${csar.name}.csar + -out + ${project.build.directory}/signed-csar/${csar.name}.cms + + + + + generate-signature-cms-includes-cert + prepare-package + + exec + + + openssl + + cms + -sign + -binary + -outform + pem + -signer + ${project.basedir}/src/main/resources/securityContent/sample-pnf.cert + -inkey + ${project.basedir}/src/main/resources/securityContent/sample-pnf-private-key.pem + -in + ${project.build.directory}/signed-csar-cms-includes-cert/${csar.name}.csar + -out + ${project.build.directory}/signed-csar-cms-includes-cert/${csar.name}.cms + + - - openssl - - cms - -sign - -binary - -nocerts - -outform - pem - -signer - ${project.basedir}/src/main/resources/securityContent/sample-pnf.cert - -inkey - ${project.basedir}/src/main/resources/securityContent/sample-pnf-private-key.pem - -in - ${project.build.directory}/signed-csar/${csar.name}.csar - -out - ${project.build.directory}/signed-csar/${csar.name}.cms - - maven-assembly-plugin @@ -166,6 +189,21 @@ + + make-signed-csar-zip-file-cms-includes-cert + package + + single + + + ${signed.csar.name.cms.includes.cert} + false + false + + src/main/assembly/signedZipCmsIncludesCert.xml + + + diff --git a/test/mocks/pnf-onboarding/src/main/assembly/signedZipCmsIncludesCert.xml b/test/mocks/pnf-onboarding/src/main/assembly/signedZipCmsIncludesCert.xml new file mode 100644 index 000000000..856db12ff --- /dev/null +++ b/test/mocks/pnf-onboarding/src/main/assembly/signedZipCmsIncludesCert.xml @@ -0,0 +1,15 @@ + + onap_secure_csar_cms_includes_cert + + zip + + false + + + ${project.build.directory}/signed-csar-cms-includes-cert + + + + + -- cgit 1.2.3-korg