diff options
author | vasraz <vasyl.razinkov@est.tech> | 2019-09-05 14:25:39 +0100 |
---|---|---|
committer | Tomasz Golabek <tomasz.golabek@nokia.com> | 2019-10-25 12:17:06 +0000 |
commit | 4aef7c02b2b7143610cabb6238c9e426c7fcae3a (patch) | |
tree | 86756ff0081a2e726733c6d701f89d0a00b9af44 /openecomp-be/api | |
parent | 78f88751aa64fb72fd6321346929bd1d94f716a9 (diff) |
Avoid duplicated verification if package is signed
Fix potential thread leak by using try-with-resource.
Change-Id: I20eda524cd028b9dfdfa83207a059f4e1dfeff5e
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-2580
Diffstat (limited to 'openecomp-be/api')
-rw-r--r-- | openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java index bf029fb29e..97bc375eb8 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-services/src/main/java/org/openecomp/sdcrests/vsp/rest/data/PackageArchive.java @@ -19,6 +19,11 @@ */ package org.openecomp.sdcrests.vsp.rest.data; +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.List; +import java.util.Map; +import java.util.Optional; import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang3.tuple.Pair; import org.apache.cxf.jaxrs.ext.multipart.Attachment; @@ -29,17 +34,12 @@ import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.List; -import java.util.Map; -import java.util.Optional; - /** - * Class responsible for processing zip archive and verify if this package corresponds - * SOL004 option 2 signed package format, verifies the cms signature if package is signed + * Class responsible for processing zip archive and verify if this package corresponds SOL004 option 2 signed package + * format, verifies the cms signature if package is signed */ public class PackageArchive { + private static final Logger LOG = LoggerFactory.getLogger(PackageArchive.class); private static final String[] ALLOWED_ARCHIVE_EXTENSIONS = {"csar", "zip"}; private static final String[] ALLOWED_SIGNATURE_EXTENSIONS = {"cms"}; @@ -49,6 +49,7 @@ public class PackageArchive { private final SecurityManager securityManager; private final byte[] outerPackageFileBytes; private Pair<FileContentHandler, List<String>> handlerPair; + private Boolean signatureValid; public PackageArchive(Attachment uploadedFile) { this(uploadedFile.getObject(byte[].class)); @@ -59,7 +60,7 @@ public class PackageArchive { this.securityManager = SecurityManager.getInstance(); try { handlerPair = CommonUtil.getFileContentMapFromOrchestrationCandidateZip( - outerPackageFileBytes); + outerPackageFileBytes); } catch (IOException exception) { LOG.error("Error reading files inside archive", exception); } @@ -88,6 +89,7 @@ public class PackageArchive { /** * Gets csar/zip package content from zip archive + * * @return csar package content * @throws SecurityManagerException */ @@ -97,37 +99,38 @@ public class PackageArchive { return handlerPair.getKey().getFiles().get(getArchiveFileName().orElseThrow(CertificateException::new)); } } catch (CertificateException exception) { - LOG.info("Error verifying signature " + exception); + LOG.info("Error verifying signature ", exception); } return outerPackageFileBytes; } /** * Validates package signature against trusted certificates + * * @return true if signature verified * @throws SecurityManagerException */ public boolean isSignatureValid() throws SecurityManagerException { - Map<String, byte[]> files = handlerPair.getLeft().getFiles(); - Optional<String> signatureFileName = getSignatureFileName(); - Optional<String> archiveFileName = getArchiveFileName(); - if (files.isEmpty() || !signatureFileName.isPresent() || !archiveFileName.isPresent()) { - return false; - } - Optional<String> certificateFile = getCertificateFileName(); - if(certificateFile.isPresent()){ - return securityManager.verifySignedData(files.get(signatureFileName.get()), - files.get(certificateFile.get()), files.get(archiveFileName.get())); - }else { - return securityManager.verifySignedData(files.get(signatureFileName.get()), - null, files.get(archiveFileName.get())); + if (signatureValid == null) { + final Map<String, byte[]> files = handlerPair.getLeft().getFiles(); + final Optional<String> signatureFileName = getSignatureFileName(); + final Optional<String> archiveFileName = getArchiveFileName(); + if (files.isEmpty() || !signatureFileName.isPresent() || !archiveFileName.isPresent()) { + signatureValid = false; + } else { + final Optional<String> certificateFile = getCertificateFileName(); + signatureValid = securityManager.verifySignedData(files.get(signatureFileName.get()), + certificateFile.map(files::get).orElse(null), files.get(archiveFileName.get())); + } + } + return signatureValid; } private boolean isPackageSizeMatches() { return handlerPair.getRight().isEmpty() - && (handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITH_CERT_INSIDE - || handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITHOUT_CERT_INSIDE); + && (handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITH_CERT_INSIDE + || handlerPair.getLeft().getFiles().size() == NUMBER_OF_FILES_FOR_SIGNATURE_WITHOUT_CERT_INSIDE); } private Optional<String> getSignatureFileName() { @@ -147,7 +150,7 @@ public class PackageArchive { private Optional<String> getCertificateFileName() { Optional<String> certFileName = getFileByExtension(ALLOWED_CERTIFICATE_EXTENSIONS); - if(!certFileName.isPresent()){ + if (!certFileName.isPresent()) { return Optional.empty(); } String certNameWithoutExtension = FilenameUtils.removeExtension(certFileName.get()); |