diff options
author | andre.schmid <andre.schmid@est.tech> | 2019-09-19 16:14:01 +0100 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2019-11-03 15:41:37 +0000 |
commit | 433947b5ab5e28fc29aee447de934de89a707419 (patch) | |
tree | a485b95b2ae7716ced4825fb7b9eb2b6eeb3433b /openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data | |
parent | ee64a64fb0705422c18608304e63a505d10d8ba1 (diff) |
Centralize onboarding package validation
Change-Id: I3cc58cf15f62008e83cfc7ddb095d07ab216b82a
Issue-ID: SDC-2583
Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data')
-rw-r--r-- | openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java deleted file mode 100644 index 4f4258ad53..0000000000 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java +++ /dev/null @@ -1,163 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019, Nordix Foundation. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.openecomp.sdcrests.vsp.rest.data; - -import java.security.cert.CertificateException; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import org.apache.commons.io.FilenameUtils; -import org.apache.commons.lang3.tuple.Pair; -import org.apache.cxf.jaxrs.ext.multipart.Attachment; -import org.openecomp.core.utilities.file.FileContentHandler; -import org.openecomp.sdc.common.utils.CommonUtil; -import org.openecomp.sdc.common.zip.exception.ZipException; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; -import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; -import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; - -/** - * Class responsible for processing zip archive and verify if this package corresponds SOL004 option 2 signed package - * format, verifies the cms signature if package is signed - */ -public class PackageArchive { - - private static final Logger LOG = LoggerFactory.getLogger(PackageArchive.class); - private static final String[] ALLOWED_ARCHIVE_EXTENSIONS = {"csar", "zip"}; - private static final String[] ALLOWED_SIGNATURE_EXTENSIONS = {"cms"}; - private static final String[] ALLOWED_CERTIFICATE_EXTENSIONS = {"cert"}; - private static final int NUMBER_OF_FILES_FOR_SIGNATURE_WITH_CERT_INSIDE = 2; - private static final int NUMBER_OF_FILES_FOR_SIGNATURE_WITHOUT_CERT_INSIDE = 3; - private final SecurityManager securityManager; - private final byte[] outerPackageFileBytes; - private Pair<FileContentHandler, List<String>> handlerPair; - private Boolean signatureValid; - - public PackageArchive(Attachment uploadedFile) { - this(uploadedFile.getObject(byte[].class)); - } - - public PackageArchive(byte[] outerPackageFileBytes) { - this.outerPackageFileBytes = outerPackageFileBytes; - this.securityManager = SecurityManager.getInstance(); - try { - handlerPair = CommonUtil.getFileContentMapFromOrchestrationCandidateZip( - outerPackageFileBytes); - } catch (final ZipException exception) { - LOG.error("Error reading files inside archive", exception); - } - } - - /** - * Checks if package matches required format {package.csar/zip, package.cms, package.cert(optional)} - * - * @return true if structure matches sol004 option 2 structure - */ - public boolean isSigned() { - return isPackageSizeMatches() && getSignatureFileName().isPresent(); - } - - /** - * Gets csar/zip package name with extension only if package is signed - * - * @return csar package name - */ - public Optional<String> getArchiveFileName() { - if (isSigned()) { - return getFileByExtension(ALLOWED_ARCHIVE_EXTENSIONS); - } - return Optional.empty(); - } - - /** - * Gets csar/zip package content from zip archive - * - * @return csar package content - * @throws SecurityManagerException - */ - public byte[] getPackageFileContents() throws SecurityManagerException { - try { - if (isSignatureValid()) { - return handlerPair.getKey().getFiles().get(getArchiveFileName().orElseThrow(CertificateException::new)); - } - } catch (CertificateException exception) { - LOG.info("Error verifying signature ", exception); - } - return outerPackageFileBytes; - } - - /** - * Validates package signature against trusted certificates - * - * @return true if signature verified - * @throws SecurityManagerException - */ - public boolean isSignatureValid() throws SecurityManagerException { - if (signatureValid == null) { - final Map<String, byte[]> files = handlerPair.getLeft().getFiles(); - final Optional<String> signatureFileName = getSignatureFileName(); - final Optional<String> archiveFileName = getArchiveFileName(); - if (files.isEmpty() || !signatureFileName.isPresent() || !archiveFileName.isPresent()) { - signatureValid = false; - } else { - final Optional<String> certificateFile = getCertificateFileName(); - signatureValid = securityManager.verifySignedData(files.get(signatureFileName.get()), - certificateFile.map(files::get).orElse(null), files.get(archiveFileName.get())); - } - - } - return signatureValid; - } - - private boolean isPackageSizeMatches() { - return handlerPair.getRight().isEmpty() - && (handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITH_CERT_INSIDE - || handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITHOUT_CERT_INSIDE); - } - - private Optional<String> getSignatureFileName() { - return getFileByExtension(ALLOWED_SIGNATURE_EXTENSIONS); - } - - private Optional<String> getFileByExtension(String[] extensions) { - for (String fileName : handlerPair.getLeft().getFileList()) { - for (String extension : extensions) { - if (extension.equalsIgnoreCase(FilenameUtils.getExtension(fileName))) { - return Optional.of(fileName); - } - } - } - return Optional.empty(); - } - - private Optional<String> getCertificateFileName() { - Optional<String> certFileName = getFileByExtension(ALLOWED_CERTIFICATE_EXTENSIONS); - if (!certFileName.isPresent()) { - return Optional.empty(); - } - String certNameWithoutExtension = FilenameUtils.removeExtension(certFileName.get()); - if (certNameWithoutExtension.equals(FilenameUtils.removeExtension(getArchiveFileName().orElse("")))) { - return certFileName; - } - //cert file name should be the same as package name, e.g. vnfpackage.scar-->vnfpackage.cert - return Optional.empty(); - } -} |