aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBartosz Gardziejewski <bartosz.gardziejewski@nokia.com>2021-01-19 13:04:48 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2021-01-20 13:11:50 +0000
commit7ca0d6eeda3be23506678eb7747b4bf0b7c62b41 (patch)
treef262b9304fa29a9906007fff0fb9e3ec41d5e7bb
parentbaf6ff4f604f44062bdf4963aed8591d95bb6389 (diff)
Add handling of individual artifact signature in manifest file.
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> Issue-ID: SDC-3397 Change-Id: I0082571a874721998a07aef3ea845de76483d9c7
-rw-r--r--integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java44
-rw-r--r--integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csarbin0 -> 103593 bytes
-rw-r--r--integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csarbin0 -> 103607 bytes
-rw-r--r--openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java3
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java2
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java5
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java52
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java35
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java206
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf29
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf28
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf28
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf29
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf31
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf28
-rw-r--r--openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf15
16 files changed, 470 insertions, 65 deletions
diff --git a/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java b/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
index e12e058d6c..2390de4780 100644
--- a/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
+++ b/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
@@ -3,6 +3,7 @@
* SDC
* ================================================================================
* Copyright (C) 2020 Nokia. All rights reserved.
+ * Modification Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -29,6 +30,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validatio
import java.io.IOException;
import java.util.List;
import java.util.Map;
+import java.util.stream.Collectors;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.*;
@@ -59,12 +61,48 @@ class CsarValidationTest {
//then
assertThat(errorList, is(not(empty())));
- assertThat(getActualErrorMessage(errorList), is(equalTo(expectedErrorMessage)));
+ assertThat(getActualErrorMessages(errorList).get(0), is(equalTo(expectedErrorMessage)));
assertThat(getActualErrorLevel(errorList), is(ErrorLevel.ERROR));
}
- private String getActualErrorMessage(List<ErrorMessage> errorList) {
- return errorList.get(0).getMessage();
+ @Test
+ void shouldNotReturnErrors_whenPnfCsarContainsIndividualSignatureInManifest() throws OnboardPackageException, IOException {
+ //given
+ FileContentHandler pnfFileContent = CsarLoader.load(
+ "validPnfWithIndividualSignatureCompliantWithSOL004.csar",
+ "/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar"
+ );
+
+ //when
+ Map<String, List<ErrorMessage>> errorsMap = ValidatorFactory.getValidator(pnfFileContent).validateContent(pnfFileContent);
+
+ //then
+ assertThat(errorsMap, is(anEmptyMap()));
+ }
+
+ @Test
+ void shouldReturnErrors_whenPnfCsarContainsIndividualCertificateWithNoSignatureInManifest() throws OnboardPackageException, IOException {
+ //given
+ List<String> expectedErrorMessage = List.of("Expected 'Signature' entry before 'Certificate' entry;\nAt line 9: 'Certificate: Definitions/pnf_main_descriptor.cert'.");
+ FileContentHandler pnfFileContent = CsarLoader.load(
+ "invalidPnfWithIndividualSignatureCompliantWithSOL004.csar",
+ "/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar"
+ );
+
+ //when
+ Map<String, List<ErrorMessage>> errorsMap = ValidatorFactory.getValidator(pnfFileContent).validateContent(pnfFileContent);
+ List<ErrorMessage> errorList = errorsMap.get("uploadFile");
+
+ //then
+ assertThat(getActualErrorMessages(errorList), containsInAnyOrder(expectedErrorMessage.toArray()));
+ assertThat(getActualErrorLevel(errorList), is(ErrorLevel.ERROR));
+ }
+
+
+ private List<String> getActualErrorMessages(List<ErrorMessage> errorList) {
+ return errorList.stream()
+ .map((ErrorMessage::getMessage))
+ .collect(Collectors.toUnmodifiableList());
}
private ErrorLevel getActualErrorLevel(List<ErrorMessage> errorList) {
diff --git a/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar
new file mode 100644
index 0000000000..7b491573d2
--- /dev/null
+++ b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar
Binary files differ
diff --git a/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar
new file mode 100644
index 0000000000..6d3ed91aaf
--- /dev/null
+++ b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar
Binary files differ
diff --git a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
index 1ec6a28e7d..cf34984fe0 100644
--- a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
+++ b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
@@ -59,6 +59,9 @@ public enum Messages {
MANIFEST_EXPECTED_SOURCE_PATH("Expected Source entry path"),
MANIFEST_EXPECTED_ALGORITHM_VALUE("Expected Algorithm entry value"),
MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH("Expected 'Algorithm' entry before 'Hash' entry"),
+ MANIFEST_EXPECTED_SIGNATURE_VALUE("Expected 'Signature' entry value"),
+ MANIFEST_EXPECTED_CERTIFICATE_VALUE("Expected 'Certificate' entry value"),
+ MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE("Expected 'Signature' entry before 'Certificate' entry"),
MANIFEST_DUPLICATED_CMS_SIGNATURE("Duplicated CMS signature"),
MANIFEST_SIGNATURE_DUPLICATED("Duplicated manifest signature"),
MANIFEST_SIGNATURE_LAST_ENTRY("The manifest signature must be the last entry of the manifest."),
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
index 326eb6a517..372517c5f9 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
@@ -1,6 +1,7 @@
/*
* Copyright © 2016-2017 European Support Limited
* Modification Copyright (C) 2019 Nordix Foundation.
+ * Modification Copyright (C) 2021 Nokia.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -46,6 +47,7 @@ abstract class AbstractOnboardingManifest implements Manifest {
protected List<String> sources;
protected Map<String, List<String>> nonManoSources;
protected Map<String, AlgorithmDigest> sourceAndChecksumMap = new HashMap<>();
+ protected Map<String, SignatureData> sourceAndSignatureMap = new HashMap<>();
protected String cmsSignature;
protected List<String> errors;
protected boolean continueToProcess;
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
index 68ad91d29a..2e073a431a 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
@@ -1,6 +1,7 @@
/*
* ============LICENSE_START=======================================================
* Copyright (C) 2019 Nordix Foundation
+ * Modification Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -38,7 +39,9 @@ public enum ManifestTokenType {
PNFD_NAME("pnfd_name"),
PNFD_PROVIDER("pnfd_provider"),
PNFD_ARCHIVE_VERSION("pnfd_archive_version"),
- PNFD_RELEASE_DATE_TIME("pnfd_release_date_time");
+ PNFD_RELEASE_DATE_TIME("pnfd_release_date_time"),
+ SIGNATURE("Signature"),
+ CERTIFICATE("Certificate");
private final String token;
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
index 8e67d7b5de..99ea9a5a13 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
@@ -1,6 +1,7 @@
/*-
* ============LICENSE_START=======================================================
* Copyright (C) 2019 Nordix Foundation.
+ * Modification Copyright (C) 2021 Nokia.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -275,7 +276,9 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
return;
}
sources.add(sourcePath);
+ readNextNonEmptyLine();
readAlgorithmEntry(sourcePath);
+ readSignatureEntry(sourcePath);
}
/**
@@ -285,7 +288,7 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
* @param sourcePath the source path related to the algorithm entry.
*/
private void readAlgorithmEntry(final String sourcePath) {
- Optional<String> currentLine = readNextNonEmptyLine();
+ Optional<String> currentLine = getCurrentLine();
if (!currentLine.isPresent()) {
return;
}
@@ -324,4 +327,49 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
readNextNonEmptyLine();
}
-} \ No newline at end of file
+ /**
+ * Processes entries {@link ManifestTokenType#SIGNATURE} and {@link ManifestTokenType#CERTIFICATE} of a {@link
+ * ManifestTokenType#SOURCE} entry.
+ *
+ * @param sourcePath the source path related to the algorithm entry.
+ */
+ private void readSignatureEntry(final String sourcePath) {
+ Optional<String> currentLine = getCurrentLine();
+ if (!currentLine.isPresent()) {
+ return;
+ }
+ final ManifestTokenType manifestTokenType = detectLineEntry().orElse(null);
+ if (manifestTokenType == ManifestTokenType.CERTIFICATE) {
+ reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE);
+ continueToProcess = false;
+ return;
+ }
+ if (manifestTokenType != ManifestTokenType.SIGNATURE) {
+ return;
+ }
+ final String signatureLine = currentLine.get();
+ final String signatureFile = readEntryValue(signatureLine).orElse(null);
+ if (signatureFile == null) {
+ reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE);
+ continueToProcess = false;
+ return;
+ }
+
+ currentLine = readNextNonEmptyLine();
+ if (!currentLine.isPresent() || detectLineEntry().orElse(null) != ManifestTokenType.CERTIFICATE) {
+ sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, null));
+ return;
+ }
+
+ final String certLine = currentLine.get();
+ final String certFile = readEntryValue(certLine).orElse(null);
+ if (certFile == null) {
+ reportError(Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE);
+ continueToProcess = false;
+ return;
+ }
+ sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, certFile));
+ readNextNonEmptyLine();
+ }
+
+}
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java
new file mode 100644
index 0000000000..74277a627f
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java
@@ -0,0 +1,35 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nokia
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.tosca.csar;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.lang.Nullable;
+
+/**
+ * Represents a manifest individual Signature and Certificate
+ */
+@Getter
+@AllArgsConstructor
+public class SignatureData {
+ private final String signatureFile;
+ @Nullable
+ private final String certificateFile;
+}
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
index d582163774..288995dfed 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
@@ -1,5 +1,6 @@
/*
* Copyright © 2016-2018 European Support Limited
+ * Modification Copyright (C) 2021 Nokia.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,16 +17,15 @@
package org.openecomp.sdc.tosca.csar;
-import static junit.framework.TestCase.assertSame;
-import static org.hamcrest.Matchers.containsInAnyOrder;
-import static org.hamcrest.Matchers.empty;
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.hasItem;
-import static org.hamcrest.Matchers.hasSize;
-import static org.hamcrest.core.Is.is;
-import static org.junit.Assert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertSame;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import com.google.common.collect.ImmutableMap;
+
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
@@ -38,16 +38,18 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Optional;
-import org.junit.Before;
-import org.junit.Test;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
import org.openecomp.sdc.be.datatypes.enums.ResourceTypeEnum;
import org.openecomp.sdc.common.errors.Messages;
-public class SOL004ManifestOnboardingTest {
+
+class SOL004ManifestOnboardingTest {
private Manifest manifest;
- @Before
+ @BeforeEach
public void setUp() {
manifest = new SOL004ManifestOnboarding();
}
@@ -55,7 +57,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testSuccessfulParsing() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) {
manifest.parse(manifestAsStream);
assertValidManifest(4, 5, Collections.emptyMap(), ResourceTypeEnum.VF, false);
}
@@ -77,7 +79,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testBrokenMDParsing() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(Messages.MANIFEST_INVALID_LINE.formatMessage(9, "vnf_package_version: 1.0"));
@@ -123,7 +125,7 @@ public class SOL004ManifestOnboardingTest {
}
private String buildErrorMessage(final int lineNumber, final String line, final Messages message,
- final Object... params) {
+ final Object... params) {
return Messages.MANIFEST_ERROR_WITH_LINE.formatMessage(message.formatMessage(params), lineNumber, line);
}
@@ -234,7 +236,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testMetadataWithDuplicatedEntries() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(
@@ -248,7 +250,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestNonManoKeyWithoutSources() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(
@@ -262,7 +264,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestNonManoKeyWithEmptySourceEntry() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(
@@ -275,7 +277,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestWithEmptyMetadata() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(buildErrorMessage(2, "", Messages.MANIFEST_NO_METADATA));
@@ -286,7 +288,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestSourceAlgorithmWithoutHash() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(buildErrorMessage(9, "", Messages.MANIFEST_EXPECTED_HASH_ENTRY));
@@ -297,7 +299,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestSourceHashWithoutAlgorithm() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(buildErrorMessage(8, "Hash: 3b119b37da5b76ec7c933168b21cedd8", Messages.MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH));
@@ -308,7 +310,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestSourceAlgorithmWithoutValue() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(buildErrorMessage(8, "Algorithm:", Messages.MANIFEST_EXPECTED_ALGORITHM_VALUE));
@@ -319,7 +321,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testManifestSourceHashWithoutValue() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(buildErrorMessage(9, "Hash:", Messages.MANIFEST_EXPECTED_HASH_VALUE));
@@ -330,7 +332,7 @@ public class SOL004ManifestOnboardingTest {
@Test
public void testEmptyManifest() throws IOException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) {
manifest.parse(manifestAsStream);
final List<String> expectedErrorList = new ArrayList<>();
expectedErrorList.add(Messages.MANIFEST_EMPTY.getErrorMessage());
@@ -342,7 +344,7 @@ public class SOL004ManifestOnboardingTest {
public void testManifestWithDuplicatedCmsSignature()
throws IOException, NoSuchFieldException, IllegalAccessException {
try (final InputStream manifestAsStream =
- getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) {
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) {
//forcing an existing signature
final Field cmsSignatureField = AbstractOnboardingManifest.class.getDeclaredField("cmsSignature");
cmsSignatureField.setAccessible(true);
@@ -361,27 +363,27 @@ public class SOL004ManifestOnboardingTest {
final Method getEntryMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryName", String.class);
getEntryMethod.setAccessible(true);
final Optional<String> noEntry = (Optional<String>) getEntryMethod.invoke(manifest, ":");
- assertThat("Entry should not be present", noEntry.isPresent(), is(false));
+ assertFalse(noEntry.isPresent(), "Entry should not be present");
final Optional<String> blankEntry = (Optional<String>) getEntryMethod.invoke(manifest, " :");
- assertThat("Entry should not be present", blankEntry.isPresent(), is(false));
+ assertFalse(blankEntry.isPresent(), "Entry should not be present");
final Optional<String> noColon = (Optional<String>) getEntryMethod.invoke(manifest, "anyKeyWithoutColon ");
- assertThat("Entry should not be present", noColon.isPresent(), is(false));
+ assertFalse(noColon.isPresent(), "Entry should not be present");
final Optional<String> blank = (Optional<String>) getEntryMethod.invoke(manifest, " ");
- assertThat("Entry should not be present", blank.isPresent(), is(false));
+ assertFalse(blank.isPresent(), "Entry should not be present");
final Optional<String> empty = (Optional<String>) getEntryMethod.invoke(manifest, "");
- assertThat("Entry should not be present", empty.isPresent(), is(false));
+ assertFalse(empty.isPresent(), "Entry should not be present");
final Optional<String> nul1 = (Optional<String>) getEntryMethod.invoke(manifest, new Object[]{null});
- assertThat("Entry should not be present", nul1.isPresent(), is(false));
+ assertFalse(nul1.isPresent(), "Entry should not be present");
final Optional<String> entry = (Optional<String>) getEntryMethod
.invoke(manifest, " entry to test : : a value ::: test test: ");
- assertThat("Entry should be present", entry.isPresent(), is(true));
- assertThat("Entry should be as expected", entry.get(), equalTo("entry to test"));
+ assertTrue(entry.isPresent(), "Entry should be present");
+ assertEquals("entry to test", entry.get(), "Entry should be as expected");
}
@Test
@@ -389,55 +391,141 @@ public class SOL004ManifestOnboardingTest {
final Method getValueMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryValue", String.class);
getValueMethod.setAccessible(true);
final Optional<String> noValue = (Optional<String>) getValueMethod.invoke(manifest, ":");
- assertThat("Value should not be present", noValue.isPresent(), is(false));
+ assertFalse(noValue.isPresent(), "Value should not be present");
final Optional<String> blankValue = (Optional<String>) getValueMethod.invoke(manifest, ": ");
- assertThat("Value should not be present", blankValue.isPresent(), is(false));
+ assertFalse(blankValue.isPresent(), "Value should not be present");
final Optional<String> noColon = (Optional<String>) getValueMethod.invoke(manifest, "anyKeyWithoutColon ");
- assertThat("Value should not be present", noColon.isPresent(), is(false));
+ assertFalse(noColon.isPresent(), "Value should not be present");
final Optional<String> blank = (Optional<String>) getValueMethod.invoke(manifest, " ");
- assertThat("Value should not be present", blank.isPresent(), is(false));
+ assertFalse(blank.isPresent(), "Value should not be present");
final Optional<String> empty = (Optional<String>) getValueMethod.invoke(manifest, "");
- assertThat("Value should not be present", empty.isPresent(), is(false));
+ assertFalse(empty.isPresent(), "Value should not be present");
final Optional<String> nul1 = (Optional<String>) getValueMethod.invoke(manifest, new Object[]{null});
- assertThat("Value should not be present", nul1.isPresent(), is(false));
+ assertFalse(nul1.isPresent(), "Value should not be present");
final Optional<String> value = (Optional<String>) getValueMethod
.invoke(manifest, "attribute : : a value ::: test test: ");
- assertThat("Value should be present", value.isPresent(), is(true));
- assertThat("Value should be as expected", value.get(), equalTo(": a value ::: test test:"));
+ assertTrue(value.isPresent(), "Value should be present");
+ assertEquals(": a value ::: test test:", value.get(), "Value should be as expected");
+ }
+
+ @Test
+ public void testSuccessfulSignedManifestWithIndividualSignature() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf")) {
+ manifest.parse(manifestAsStream);
+ assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+ }
+ }
+
+ @Test
+ public void testSuccessfulUnsignedManifestWithIndividualSignaturee() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf")) {
+ manifest.parse(manifestAsStream);
+ assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, false);
+ }
+ }
+
+ @Test
+ public void testSuccessfulSignedManifestWithIndividualSignatureAndHash() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf")) {
+ manifest.parse(manifestAsStream);
+ assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+ }
+ }
+
+ @Test
+ public void testSuccessfulSignedManifestWithIndividualSignatureAndCommonCert() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf")) {
+ manifest.parse(manifestAsStream);
+ assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+ }
+ }
+
+ @Test
+ public void testEmptyIndividualSignature() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf")) {
+ manifest.parse(manifestAsStream);
+ final List<String> expectedErrorList = List.of(
+ buildErrorMessage(
+ 8, "Signature:", Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE
+ ));
+ assertInvalidManifest(expectedErrorList);
+ }
+ }
+
+ @Test
+ public void testEmptyIndividualCertificate() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf")) {
+ manifest.parse(manifestAsStream);
+ final List<String> expectedErrorList = List.of(
+ buildErrorMessage(
+ 9, "Certificate:", Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE
+ ));
+ assertInvalidManifest(expectedErrorList);
+ }
+ }
+
+ @Test
+ public void testOnlyIndividualCertificateNoSignature() throws IOException {
+ try (final InputStream manifestAsStream =
+ getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf")) {
+ manifest.parse(manifestAsStream);
+ final List<String> expectedErrorList = List.of(
+ buildErrorMessage(
+ 8, "Certificate: TOSCA-Metadata/TOSCA.cert", Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE
+ ));
+ assertInvalidManifest(expectedErrorList);
+ }
}
private void assertValidManifest(final int expectedMetadataSize, final int expectedSourcesSize,
final Map<String, Integer> expectedNonManoKeySize,
final ResourceTypeEnum resourceType, final boolean isSigned) {
- assertThat("Should have no errors", manifest.getErrors(), is(empty()));
- assertThat("Should be valid", manifest.isValid(), is(true));
- assertThat("Metadata should have the expected size",
- manifest.getMetadata().keySet(), hasSize(expectedMetadataSize));
- assertThat("Sources should have the expected size", manifest.getSources(), hasSize(expectedSourcesSize));
- assertThat("Non Mano Sources keys should have the expected size",
- manifest.getNonManoSources().keySet(), hasSize(expectedNonManoKeySize.keySet().size()));
+ assertAll(
+ "manifest should be valid",
+ () -> assertTrue(manifest.getErrors().isEmpty(), "Should have no errors"),
+ () -> assertTrue(manifest.isValid(), "Should be valid"),
+ () -> assertTrue(manifest.getType().isPresent(), "Should have a type"),
+ () -> assertEquals(resourceType, manifest.getType().get(), "Type should be as expected"),
+ () -> assertEquals(isSigned, manifest.isSigned(), "Signature status should be as expected")
+ );
+ assertAll(
+ "manifest should have expected fields",
+ () -> assertEquals(expectedMetadataSize, manifest.getMetadata().keySet().size(),
+ "Metadata should have the expected size"),
+ () -> assertEquals(expectedSourcesSize, manifest.getSources().size(),
+ "Sources should have the expected size"),
+ () -> assertEquals(expectedNonManoKeySize.keySet().size(), manifest.getNonManoSources().keySet().size(),
+ "Non Mano Sources keys should have the expected size")
+ );
for (final Entry<String, Integer> nonManoKeyAndSize : expectedNonManoKeySize.entrySet()) {
final String nonManoKey = nonManoKeyAndSize.getKey();
- assertThat("Should contain expected Non Mano Sources key",
- manifest.getNonManoSources().keySet(), hasItem(nonManoKey));
- assertThat(String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey),
- manifest.getNonManoSources().get(nonManoKey).size(), equalTo(nonManoKeyAndSize.getValue()));
+ assertAll(
+ "",
+ () -> assertTrue(manifest.getNonManoSources().containsKey(nonManoKey),
+ "Should contain expected Non Mano Sources key"),
+ () -> assertEquals(nonManoKeyAndSize.getValue(),manifest.getNonManoSources().get(nonManoKey).size(),
+ String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey))
+ );
}
- assertThat("Should have a type", manifest.getType().isPresent(), is(true));
- assertThat("Type should be as expected", manifest.getType().get(), equalTo(resourceType));
- assertThat("Signature status should be as expected", manifest.isSigned(), is(isSigned));
}
private void assertInvalidManifest(final List<String> expectedErrorList) {
- assertThat("Should be invalid", manifest.isValid(), is(false));
- assertThat("Should have the expected error quantity", manifest.getErrors(), hasSize(expectedErrorList.size()));
- assertThat("Should have expected errors", manifest.getErrors(),
- containsInAnyOrder(expectedErrorList.toArray(new String[0])));
+ assertAll(
+ "manifest should be invalid and should contain expected errors",
+ () -> assertFalse(manifest.isValid(), "Should be invalid"),
+ () -> assertArrayEquals(manifest.getErrors().toArray(), expectedErrorList.toArray(), "Should have expected errors")
+ );
}
}
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf
new file mode 100644
index 0000000000..6928da3007
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf
@@ -0,0 +1,29 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate:
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf
new file mode 100644
index 0000000000..c7b155f1f9
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf
@@ -0,0 +1,28 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature:
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf
new file mode 100644
index 0000000000..9fd1700f05
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf
@@ -0,0 +1,28 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf
new file mode 100644
index 0000000000..0036fc974f
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf
@@ -0,0 +1,29 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf
new file mode 100644
index 0000000000..44fb787b61
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf
@@ -0,0 +1,31 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Algorithm: SHA-512
+Hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf
new file mode 100644
index 0000000000..d8a4b98f53
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf
@@ -0,0 +1,28 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf
new file mode 100644
index 0000000000..76eb7eed14
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf
@@ -0,0 +1,15 @@
+metadata:
+ vnf_product_name: vPP
+ vnf_provider_id: Ericsson
+ vnf_package_version: R24A583
+ vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm