ETSI SOL007 3.3.1 package security option 2

Change-Id: I4e021c517449e6ddf11571c02d0b4bdbc93e7c1e
Issue-ID: SDC-2614
Signed-off-by: andre.schmid <andre.schmid@est.tech>

13 files changed, 559 insertions, 0 deletions

diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/CertificateManagerImplTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/CertificateManagerImplTest.java
new file mode 100644
index 0000000000..6287c0e85b
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/CertificateManagerImplTest.java
@@ -0,0 +1,141 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.when;
+import static org.openecomp.sdc.be.csar.security.CertificateManagerImpl.CERT_DIR_ENV_VARIABLE;
+
+import java.net.URL;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.openecomp.sdc.be.csar.security.api.CertificateReader;
+import org.openecomp.sdc.be.csar.security.api.PrivateKeyReader;
+import org.openecomp.sdc.be.csar.security.api.model.CertificateInfo;
+import org.springframework.core.env.Environment;
+
+class CertificateManagerImplTest {
+
+    @Mock
+    private Environment environment;
+    @Mock
+    private PrivateKeyReader privateKeyReader;
+    @Mock
+    private CertificateReader certificateReader;
+    @Mock
+    private X509Certificate certificateMock;
+    private CertificateManagerImpl certificateManager;
+
+    static Path certificateFolderPath;
+
+    @BeforeAll
+    static void beforeAll() {
+        final String resourceFolder = "certificateManager";
+        final URL certificateManager = CertificateManagerImplTest.class.getClassLoader().getResource(resourceFolder);
+        if (certificateManager == null) {
+            fail("Could not find resource folder " + resourceFolder);
+        }
+        certificateFolderPath = Paths.get(certificateManager.getPath());
+    }
+
+    @BeforeEach
+    void setUp() throws CertificateNotYetValidException, CertificateExpiredException {
+        MockitoAnnotations.initMocks(this);
+        when(environment.getProperty(CERT_DIR_ENV_VARIABLE)).thenReturn(certificateFolderPath.toString());
+        when(certificateMock.getType()).thenReturn("X.509");
+        doNothing().when(certificateMock).checkValidity();
+        when(certificateReader.loadCertificate(ArgumentMatchers.any())).thenReturn(certificateMock);
+        certificateManager = new CertificateManagerImpl(privateKeyReader, certificateReader, environment);
+    }
+
+    @Test
+    void getCertificateSuccessTest() {
+        final String certificateName = "fakeCert1";
+        final Optional<CertificateInfo> certificateOpt = certificateManager.getCertificate(certificateName);
+        assertThat(certificateOpt.isPresent(), is(true));
+        final CertificateInfo certificateInfo = certificateOpt.get();
+        assertThat(certificateInfo.getName(), is(certificateName));
+        assertThat(certificateInfo.getPrivateKeyFile(), is(notNullValue()));
+        assertThat(certificateInfo.getPrivateKeyFile().getAbsolutePath(),
+            is(certificateFolderPath.resolve(certificateName + ".key").toString()));
+        assertThat(certificateInfo.getCertificateFile(), is(notNullValue()));
+        assertThat(certificateInfo.getCertificateFile().getAbsolutePath(),
+            is(certificateFolderPath.resolve(certificateName + ".cert").toString()));
+    }
+
+    @Test
+    void initCertificateSuccessTest() {
+        final String certificateName1 = "fakeCert1";
+        final String certificateName2 = "fakeCert2";
+        final String certificateName3 = "fakeCert3";
+        assertThat("Certificate " + certificateName1 + " should be present",
+            certificateManager.getCertificate(certificateName1).isPresent(), is(true));
+        assertThat("Certificate " + certificateName2 + " should be present",
+            certificateManager.getCertificate(certificateName2).isPresent(), is(true));
+        assertThat("Certificate " + certificateName3 + " should not be present",
+            certificateManager.getCertificate(certificateName3).isEmpty(), is(true));
+    }
+
+    @Test
+    void invalidCertificateFolderTest() {
+        final String certificateName1 = "fakeCert1";
+        when(environment.getProperty(CERT_DIR_ENV_VARIABLE)).thenReturn("/an/invalid/folder");
+        final CertificateManagerImpl certificateManager =
+            new CertificateManagerImpl(privateKeyReader, certificateReader, environment);
+        assertThat("Certificate " + certificateName1 + " should be present",
+            certificateManager.getCertificate(certificateName1).isPresent(), is(false));
+    }
+
+    @Test
+    void noEnvironmentVariableConfiguredTest() {
+        final String certificateName1 = "fakeCert1";
+        when(environment.getProperty(CERT_DIR_ENV_VARIABLE)).thenReturn(null);
+        final CertificateManagerImpl certificateManager =
+            new CertificateManagerImpl(privateKeyReader, certificateReader, environment);
+        assertThat("Certificate " + certificateName1 + " should be present",
+            certificateManager.getCertificate(certificateName1).isPresent(), is(false));
+    }
+
+    @Test
+    void loadCertificateExceptionTest() {
+        final String certificateName1 = "fakeCert1";
+        when(certificateReader.loadCertificate(any())).thenThrow(new RuntimeException());
+        final CertificateManagerImpl certificateManager =
+            new CertificateManagerImpl(privateKeyReader, certificateReader, environment);
+        assertThat("Certificate " + certificateName1 + " should be present",
+            certificateManager.getCertificate(certificateName1).isPresent(), is(false));
+    }
+
+}
\ No newline at end of file
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImplTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImplTest.java
new file mode 100644
index 0000000000..7bd44cf9c1
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/PrivateKeyReaderImplTest.java
@@ -0,0 +1,95 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Key;
+import java.security.Security;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openecomp.sdc.be.csar.security.exception.LoadPrivateKeyException;
+import org.openecomp.sdc.be.csar.security.exception.UnsupportedKeyFormatException;
+
+class PrivateKeyReaderImplTest {
+
+    private PrivateKeyReaderImpl privateKeyReader;
+
+    @BeforeEach
+    void setUp() {
+        privateKeyReader = new PrivateKeyReaderImpl();
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+    }
+
+    @AfterEach
+    void tearDown() {
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) {
+            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+        }
+    }
+
+    @Test
+    void loadPrivateKeySuccessTest() {
+        final Path certPath = Paths.get("certificateManager", "realCert", "realCert1.key");
+        final URL resource = getClass().getClassLoader().getResource(certPath.toString());
+        if (resource == null) {
+            fail("Could not find resource " + certPath.toString());
+        }
+        final Key privateKey = privateKeyReader.loadPrivateKey(new File(resource.getPath()));
+        assertNotNull(privateKey);
+    }
+
+    @Test
+    void loadInvalidKeyFilePathTest() {
+        final String invalidFilePath = "aaaa";
+        final File keyFile = new File(invalidFilePath);
+        final LoadPrivateKeyException actualException = assertThrows(LoadPrivateKeyException.class,
+            () -> privateKeyReader.loadPrivateKey(keyFile));
+        assertThat(actualException.getMessage(),
+            is(String.format("Could not load the private key from given file '%s'", invalidFilePath)));
+    }
+
+    @Test
+    void loadInvalidKeyFileTest() {
+        final Path certPath = Paths.get("certificateManager", "fakeCert1.key");
+        final URL resource = getClass().getClassLoader().getResource(certPath.toString());
+        if (resource == null) {
+            fail("Could not find resource " + certPath.toString());
+        }
+        final File keyFile = new File(resource.getPath());
+        final UnsupportedKeyFormatException actualException = assertThrows(UnsupportedKeyFormatException.class,
+            () -> privateKeyReader.loadPrivateKey(keyFile));
+        assertThat(actualException.getMessage(),
+            is(String.format("Could not load the private key from given file '%s'. Unsupported format.",
+                resource.getPath())));
+    }
+}
\ No newline at end of file
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java
new file mode 100644
index 0000000000..2f0031d6e1
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java
@@ -0,0 +1,119 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.Key;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openecomp.sdc.be.csar.security.api.CertificateReader;
+import org.openecomp.sdc.be.csar.security.api.PrivateKeyReader;
+import org.openecomp.sdc.be.csar.security.exception.CmsSignatureException;
+
+class Sha256WithRsaCmsContentSignerTest {
+
+    private Sha256WithRsaCmsContentSigner cmsContentSigner;
+    private PrivateKeyReader privateKeyReader;
+    private CertificateReader certificateReader;
+
+    private static final Path testFilesPath = Path.of("certificateManager", "signerTest");
+    private static final Path certFilesPath = Path.of("certificateManager", "realCert");
+
+    @BeforeEach
+    void setUp() {
+        Security.addProvider(new BouncyCastleProvider());
+        cmsContentSigner = new Sha256WithRsaCmsContentSigner();
+        privateKeyReader = new PrivateKeyReaderImpl();
+        certificateReader = new X509CertificateReader();
+    }
+
+    @AfterEach
+    void tearDown() {
+        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+    }
+
+    @Test
+    void signDataSuccessTest() throws OperatorCreationException, CMSException, IOException, CmsSignatureException {
+        final File certFile = getResourceFile(certFilesPath.resolve("realCert1.cert"));
+        final File keyFile = getResourceFile(certFilesPath.resolve("realCert1.key"));
+        final File fileToSign = getResourceFile(testFilesPath.resolve("fileToSign.txt"));
+        final Key privateKey = privateKeyReader.loadPrivateKey(keyFile);
+        final Certificate certificate = certificateReader.loadCertificate(certFile);
+        final byte[] actualSignatureBytes = cmsContentSigner
+            .signData(Files.readAllBytes(fileToSign.toPath()), certificate, privateKey);
+
+        assertTrue(verifySignature(Files.readAllBytes(fileToSign.toPath()), actualSignatureBytes,
+            (X509Certificate) certificate));
+    }
+
+    @Test
+    void signDataInvalidCertAndKeyTest() {
+        assertThrows(CmsSignatureException.class,
+            () -> cmsContentSigner.signData(null, null, null));
+    }
+
+    private boolean verifySignature(byte[] contentBytes, byte[] signatureBytes, X509Certificate certificate)
+        throws CMSException, OperatorCreationException {
+
+        final CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(contentBytes), signatureBytes);
+        final SignerInformationStore signers = cms.getSignerInfos();
+        final SignerInformationVerifier signerInformationVerifier =
+            new JcaSimpleSignerInfoVerifierBuilder()
+                .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate);
+        for (final SignerInformation signer : signers.getSigners()) {
+            if (!signer.verify(signerInformationVerifier)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    private File getResourceFile(final Path testResourcePath) {
+        final URL resource = getClass().getClassLoader().getResource(testResourcePath.toString());
+        if (resource == null) {
+            fail("Could not load the file " + testResourcePath.toString());
+        }
+
+        return new File(resource.getPath());
+    }
+
+}
\ No newline at end of file
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/X509CertificateReaderTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/X509CertificateReaderTest.java
new file mode 100644
index 0000000000..3235739780
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/X509CertificateReaderTest.java
@@ -0,0 +1,81 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.cert.Certificate;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openecomp.sdc.be.csar.security.exception.LoadCertificateException;
+
+class X509CertificateReaderTest {
+
+    private X509CertificateReader certificateReader;
+
+    @BeforeEach
+    void setUp() {
+        certificateReader = new X509CertificateReader();
+    }
+
+    @Test
+    void loadCertificateSuccessTest() {
+        final Path certPath = Paths.get("certificateManager", "realCert", "realCert1.cert");
+        final URL resource = getClass().getClassLoader().getResource(certPath.toString());
+        if (resource == null) {
+            fail("Could not find resource " + certPath.toString());
+        }
+        final Certificate certificate = certificateReader.loadCertificate(new File(resource.getPath()));
+        assertNotNull(certificate);
+    }
+
+    @Test
+    void loadInvalidCertificateFilePathTest() {
+        final String invalidFilePath = "aaaa";
+        final File certFile = new File(invalidFilePath);
+        final LoadCertificateException actualException = assertThrows(LoadCertificateException.class,
+            () -> certificateReader.loadCertificate(certFile));
+        assertThat(actualException.getMessage(),
+            is(String.format("Could not load the certificate from given file '%s'", invalidFilePath)));
+    }
+
+    @Test
+    void loadInvalidCertificateFileTest() {
+        final Path certPath = Paths.get("certificateManager", "fakeCert1.cert");
+        System.out.println(certPath.toString());
+        final URL resource = getClass().getClassLoader().getResource(certPath.toString());
+        if (resource == null) {
+            fail("Could not find resource " + certPath.toString());
+        }
+        final File certFile = new File(resource.getPath());
+        final LoadCertificateException actualException = assertThrows(LoadCertificateException.class,
+            () -> certificateReader.loadCertificate(certFile));
+        assertThat(actualException.getMessage(),
+            is(String.format("Could not load the certificate from given file '%s'", resource.getPath())));
+    }
+}
\ No newline at end of file
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImplTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImplTest.java
new file mode 100644
index 0000000000..6b094130b0
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/model/CertificateInfoImplTest.java
@@ -0,0 +1,69 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security.model;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+class CertificateInfoImplTest {
+
+    @Mock
+    private X509Certificate certificate;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.initMocks(this);
+    }
+
+    @Test
+    void isValidTest() throws CertificateNotYetValidException, CertificateExpiredException {
+        when(certificate.getType()).thenReturn("X.509");
+        doNothing().when(certificate).checkValidity();
+        final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(new File(""), certificate);
+        assertTrue(certificateInfo.isValid());
+        doThrow(CertificateExpiredException.class).when(certificate).checkValidity();
+        assertFalse(certificateInfo.isValid());
+    }
+
+    @Test
+    void unsupportedCertificateTypeTest() {
+        final String certificateType = "unknown";
+        when(certificate.getType()).thenReturn(certificateType);
+        final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(new File(""), certificate);
+        final UnsupportedOperationException actualException =
+            assertThrows(UnsupportedOperationException.class, certificateInfo::isValid);
+        assertEquals(actualException.getMessage(),
+            String.format("Certificate type '%s' not supported", certificateType));
+    }
+}
diff --git a/common-be/src/test/resources/certificateManager/fakeCert1.cert b/common-be/src/test/resources/certificateManager/fakeCert1.cert
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/fakeCert1.cert
diff --git a/common-be/src/test/resources/certificateManager/fakeCert1.key b/common-be/src/test/resources/certificateManager/fakeCert1.key
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/fakeCert1.key
diff --git a/common-be/src/test/resources/certificateManager/fakeCert2.cert b/common-be/src/test/resources/certificateManager/fakeCert2.cert
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/fakeCert2.cert
diff --git a/common-be/src/test/resources/certificateManager/fakeCert3.key b/common-be/src/test/resources/certificateManager/fakeCert3.key
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/fakeCert3.key
diff --git a/common-be/src/test/resources/certificateManager/realCert/realCert1.cert b/common-be/src/test/resources/certificateManager/realCert/realCert1.cert
new file mode 100644
index 0000000000..ae7d518ab0
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/realCert/realCert1.cert
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIUZqdsy8mtirp4AGnTopg9rb3NXcEwDQYJKoZIhvcNAQEL
+BQAwgY8xCzAJBgNVBAYTAkVVMRAwDgYDVQQIDAdOb3doZXJlMRIwEAYDVQQHDAlT
+b21ld2hlcmUxDTALBgNVBAoMBEFDTUUxDDAKBgNVBAsMA1NEQzEVMBMGA1UEAwwM
+c2RjLm9uYXAub3JnMSYwJAYJKoZIhvcNAQkBFhdvbmFwLXNkY0BsaXN0cy5vbmFw
+Lm9yZzAgFw0yMTAyMTYxNDQ2NThaGA8yMDcxMDIwNDE0NDY1OFowgY8xCzAJBgNV
+BAYTAkVVMRAwDgYDVQQIDAdOb3doZXJlMRIwEAYDVQQHDAlTb21ld2hlcmUxDTAL
+BgNVBAoMBEFDTUUxDDAKBgNVBAsMA1NEQzEVMBMGA1UEAwwMc2RjLm9uYXAub3Jn
+MSYwJAYJKoZIhvcNAQkBFhdvbmFwLXNkY0BsaXN0cy5vbmFwLm9yZzCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBANAWK6fjuOq6Wgxwh6QqK0YB9ahjPRj0
+ik/l86AokwyawpgY/iC2xXw+9Etq91C6plYy8BlbYIcv/+KoiteL4YgME9Hk1lwK
+GEceNGwvLKzU5/fTX1BP4qpVi3aB5zCAWa9MhCk+UI/aIeERKFP9XHAx/wuAUq/x
+OP4HLxgLuX/A7Trld3RjjaMYOLjbfJjPFN3lrvfQ02fy5DlJfWG3ASTOOEfdHt1g
+wfOLuzl2l5R34p+zwQKid+2cyKXYs0owZu7Dz9OTWLVxZcLiYEGz8Y3gmmHVhXy+
+TPpvl5wPEajOQBUMksdOric0dIfKjJCMJqFzILv1dfZCr3843MYN3oMCAwEAAaNT
+MFEwHQYDVR0OBBYEFJ6mFarA/5ISm7nZimLshzCH/0F8MB8GA1UdIwQYMBaAFJ6m
+FarA/5ISm7nZimLshzCH/0F8MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAGUzF4W1vHfksW9qSYqtc8xuM+lV1WrdOW7pX7JkIihUv3Z4jMqysrU4
+nj2iVBG5dPNm9v5GtaeK1ESnVilcdMSYTj/F34/MXJ0iZy1UR0j0IBSrR7JjbTAD
+aYH1sx00hH13U8GMZInnmenmwziOQgBwhhCjLMblUY2vQ4O5MGwZG0VW2e3mUcq1
+HBC69yRMx9jQ+Iof6+rHnCLZXTjcl+65IxXSbKhofvpPJMVXFlmV3TdDdONuvKpS
+051z/ISD6/SEWEvF9ZwAnZvJ/5yPqGzKgyC7rp8zJL+N3VLfr+la1D1w7qgoyFTi
+drptEMCzLOk4OuM8PX8l2kY0G+gQD1o=
+-----END CERTIFICATE-----
diff --git a/common-be/src/test/resources/certificateManager/realCert/realCert1.key b/common-be/src/test/resources/certificateManager/realCert/realCert1.key
new file mode 100644
index 0000000000..a31579a407
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/realCert/realCert1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQFiun47jquloM
+cIekKitGAfWoYz0Y9IpP5fOgKJMMmsKYGP4gtsV8PvRLavdQuqZWMvAZW2CHL//i
+qIrXi+GIDBPR5NZcChhHHjRsLyys1Of3019QT+KqVYt2gecwgFmvTIQpPlCP2iHh
+EShT/VxwMf8LgFKv8Tj+By8YC7l/wO065Xd0Y42jGDi423yYzxTd5a730NNn8uQ5
+SX1htwEkzjhH3R7dYMHzi7s5dpeUd+Kfs8EConftnMil2LNKMGbuw8/Tk1i1cWXC
+4mBBs/GN4Jph1YV8vkz6b5ecDxGozkAVDJLHTq4nNHSHyoyQjCahcyC79XX2Qq9/
+ONzGDd6DAgMBAAECggEANLj5VK+JIcgXmsFETN72WeWTNZf3WgRTqwzLXpAJOg9Y
+MKtccDN+9A0LXrR6dzTjgkGjvfj+CyKpReeITja97PeKagr+GRHhtts7UxHc0uma
+4JrosnObLadBD8S4K/zJPHY5oi2MwfX10Y3EVwuByVeRlHtt9/A5jXuKfiAyXuCw
+42AT6GUFxntwcKhJSQEcy2B9FwvnF5BDDQKyRVD1McrIj/g7+fiyOpqBXGxk+VYX
+6GjYb0kWR+lVexPBP4fgSs6Yx9EroDqzXAolH94NQfb93sOJuawtNVhkEgjE9hec
+NumdpHMXhXGP0WI/jhicz4gaBDGyEwuSqUxMnfqNyQKBgQDyFx715F3iz2yfnsUQ
+xU7KheUjN0g/vhrcir31L9NuhRpWoBJyRUDeXekuCaDF2ElUXJAdUTMGWDwXxlLx
+aa5b8LPBL4pGvNRakfT1TJrViUm3A9wC4EO8l0IIpoYAEt8nstaw4pMEWLOSSKH/
+O2wG+v1h1/Xfd+ruTbmcBn6yLwKBgQDcCuSQoheMZrb6Hq+i+99LF3ZHVqJKUUCI
+XRnH3fhwhnMrsR9EshOVRtex0aAdl1GUWCAoVt4ZNom5m7b2qRji0gx8npwA0jxD
+CSDUw68Jy3MzQxDMPWNRI38P2r46CslNqCkEGlebbgHEJ0qzp2tIfN25pO6EXfjx
+wk9afY5n7QKBgQCG0Wtzgn7qfZs/dTrHsSnEzTYjG3lHzkXFRhqtfbngVY2qajB7
+pKeQbnoaIlB/fYiwy2+SdBLXWLH2h4LPYIwyNWTVk/UMmcIkwh3JsaSUgIUlv6d5
+jo0KbK3ghWQgjGHsCMNY9ITtKbyvHXXh3qS1andLUuphTbXuiihwhIlwDwKBgD9P
+QwP6HxxeUTcVrSMPpOdOENHlszv+tLqHTuuaieiWRnzDsWNqeQfyIg0faxoYd3hf
+AqGYnL5UWrv0eWfuryJTnRQd7nSuCHihH7kXtDz1NGgDW8nnv7OQqvY80Y6Rm+mk
+AGkVyy8FL6zoQS3/dXadto27ToT3JLEqXvqCNX7hAoGAPfNcJtXJXrXh9P3JZqkM
+pa8nRqUW0MeRt3v8rLqi4D7J6kW1Rkz5AhjiKkp1EwtE0IbGRI1EPhxT5DCMKlIy
+UX7VfP8nf+wb6dLHQ0s4oB20y5J6T7FAkD+50dE6Q/6fAl/2MkE+/R0npKRVhOlc
+eXIeBGzSc7p92K1p/vRMOZg=
+-----END PRIVATE KEY-----
diff --git a/common-be/src/test/resources/certificateManager/signerTest/fileToSign.txt b/common-be/src/test/resources/certificateManager/signerTest/fileToSign.txt
new file mode 100644
index 0000000000..cf3472103d
--- /dev/null
+++ b/common-be/src/test/resources/certificateManager/signerTest/fileToSign.txt
@@ -0,0 +1 @@
+This is a file to be signed.
diff --git a/common-be/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker b/common-be/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
new file mode 100644
index 0000000000..ca6ee9cea8
--- /dev/null
+++ b/common-be/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
@@ -0,0 +1 @@
+mock-maker-inline
\ No newline at end of file