diff options
| author |   andre.schmid <andre.schmid@est.tech> | 2019-09-19 16:14:01 +0100 |
|---|---|---|
| committer |   Ofir Sonsino <ofir.sonsino@intl.att.com> | 2019-11-03 15:41:37 +0000 |
| commit | 433947b5ab5e28fc29aee447de934de89a707419 (patch) | |
| tree | a485b95b2ae7716ced4825fb7b9eb2b6eeb3433b /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar | |
| parent | ee64a64fb0705422c18608304e63a505d10d8ba1 (diff) | |
Centralize onboarding package validation
Change-Id: I3cc58cf15f62008e83cfc7ddb095d07ab216b82a
Issue-ID: SDC-2583
Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar')
5 files changed, 79 insertions, 19 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java new file mode 100644 index 0000000000..0efe65b3b6 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java @@ -0,0 +1,61 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; + +import java.util.Optional; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +/** + * Validates the package security + */ +public class CsarSecurityValidator { + + private SecurityManager securityManager = SecurityManager.getInstance(); + + public CsarSecurityValidator() { + } + + //for tests purpose + CsarSecurityValidator(final SecurityManager securityManager) { + this.securityManager = securityManager; + } + + /** + * Validates package signature against trusted certificates + * + * @return true if signature verified + * @throws SecurityManagerException when a certificate error occurs. + */ + public boolean verifyPackageSignature(final OnboardSignedPackage signedPackage) throws SecurityManagerException { + final FileContentHandler fileContentHandler = signedPackage.getFileContentHandler(); + final byte[] signatureBytes = fileContentHandler.getFileContent(signedPackage.getSignatureFilePath()); + final byte[] archiveBytes = fileContentHandler.getFileContent(signedPackage.getInternalPackageFilePath()); + byte[] certificateBytes = null; + final Optional<String> certificateFilePath = signedPackage.getCertificateFilePath(); + if (certificateFilePath.isPresent()) { + certificateBytes = fileContentHandler.getFileContent(certificateFilePath.get()); + } + + return securityManager.verifySignedData(signatureBytes, certificateBytes, archiveBytes); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java index e5a06e5d42..ceee5facd0 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; +import java.util.Set; import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; @@ -54,13 +55,13 @@ class ONAPCsarValidator implements Validator { private List<ErrorMessage> uploadFileErrors = new ArrayList<>(); @Override - public Map<String, List<ErrorMessage>> validateContent(FileContentHandler contentHandler, List<String> folderList) { + public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler) { Map<String, List<ErrorMessage>> errors = new HashMap<>(); validateManifest(contentHandler); validateMetadata(contentHandler); validateNoExtraFiles(contentHandler); - validateFolders(folderList); + validateFolders(contentHandler.getFolderList()); if(uploadFileErrors == null || uploadFileErrors.isEmpty()){ return errors; @@ -71,7 +72,7 @@ class ONAPCsarValidator implements Validator { private void validateMetadata(FileContentHandler contentMap){ if (!validateTOSCAYamlFileInRootExist(contentMap, MAIN_SERVICE_TEMPLATE_YAML_FILE_NAME)) { - try (InputStream metaFileContent = contentMap.getFileContent(TOSCA_META_PATH_FILE_NAME)) { + try (InputStream metaFileContent = contentMap.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)) { ToscaMetadata onboardingToscaMetadata = OnboardingToscaMetadata.parseToscaMetadataFile(metaFileContent); String entryDefinitionsPath = onboardingToscaMetadata.getMetaEntries().get(TOSCA_META_ENTRY_DEFINITIONS); @@ -97,7 +98,7 @@ class ONAPCsarValidator implements Validator { return; } - try (InputStream fileContent = contentMap.getFileContent(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { + try (InputStream fileContent = contentMap.getFileContentAsStream(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { Manifest onboardingManifest = new ONAPManifestOnboarding(); onboardingManifest.parse(fileContent); @@ -122,7 +123,7 @@ class ONAPCsarValidator implements Validator { } } - private void validateFolders(List<String> folderList) { + private void validateFolders(Set<String> folderList) { List<String> filterResult = folderList.stream().filter(this::filterFolders).collect(Collectors.toList()); if (!filterResult.isEmpty()) { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java index bed3a9b128..6274a54a58 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java @@ -83,14 +83,13 @@ class SOL004MetaDirectoryValidator implements Validator { private static final String MANIFEST_NON_MANO_SOURCE = "Non-MANO Source"; private final List<ErrorMessage> errorsByFile = new ArrayList<>(); private FileContentHandler contentHandler; - private List<String> folderList; + private Set<String> folderList; private ToscaMetadata toscaMetadata; @Override - public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler - , final List<String> folderList) { + public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler) { this.contentHandler = contentHandler; - this.folderList = folderList; + this.folderList = contentHandler.getFolderList(); parseToscaMetadata(); verifyMetadataFile(); return Collections.unmodifiableMap(getAnyValidationErrors()); @@ -103,7 +102,7 @@ class SOL004MetaDirectoryValidator implements Validator { try { toscaMetadata = OnboardingToscaMetadata - .parseToscaMetadataFile(contentHandler.getFileContent(TOSCA_META_PATH_FILE_NAME)); + .parseToscaMetadataFile(contentHandler.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)); } catch (final IOException e) { reportError(ErrorLevel.ERROR, Messages.METADATA_PARSER_INTERNAL.getErrorMessage()); LOGGER.error(Messages.METADATA_PARSER_INTERNAL.getErrorMessage(), e.getMessage(), e); @@ -198,7 +197,7 @@ class SOL004MetaDirectoryValidator implements Validator { final String manifestFile = toscaMetadata.getMetaEntries().get(TOSCA_META_ETSI_ENTRY_MANIFEST); if(verifyFileExists(contentHandler.getFileList(), manifestFile)){ final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(manifestFile)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(manifestFile)); final Optional<ResourceTypeEnum> resourceType = onboardingManifest.getType(); if (resourceType.isPresent() && resourceType.get() == ResourceTypeEnum.VF){ final String value = (String) entry.getValue(); @@ -250,7 +249,7 @@ class SOL004MetaDirectoryValidator implements Validator { final Set<String> existingFiles = contentHandler.getFileList(); if (verifyFileExists(existingFiles, filePath)) { final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(filePath)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(filePath)); if (onboardingManifest.isValid()) { try { verifyManifestMetadata(onboardingManifest.getMetadata()); @@ -354,7 +353,7 @@ class SOL004MetaDirectoryValidator implements Validator { return; } - final InputStream fileContent = contentHandler.getFileContent(filePath); + final InputStream fileContent = contentHandler.getFileContentAsStream(filePath); if (fileContent == null) { reportError(ErrorLevel.ERROR, Messages.EMPTY_YAML_FILE_1.formatMessage(filePath)); return; @@ -397,7 +396,7 @@ class SOL004MetaDirectoryValidator implements Validator { folderPath)); } - private boolean verifyFoldersExist(final List<String> folderList, final String folderPath) { + private boolean verifyFoldersExist(final Set<String> folderList, final String folderPath) { return folderList.contains(folderPath + "/"); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java index 927f3c0b69..34386b6d29 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java @@ -34,8 +34,7 @@ public interface Validator { /** * * @param contentHandler contains file and its data - * @param folderList folder structure inside the package * @return errors Map of errors that occur */ - Map<String, List<ErrorMessage>> validateContent(FileContentHandler contentHandler, List<String> folderList); + Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java index bc44496fef..064a1c66ab 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java @@ -34,12 +34,12 @@ public class ValidatorFactory { /** * Returns a validator based on the contents of the csar package. * - * @param contentMap the csar package + * @param fileContentHandler the csar package * @return Validator based on the contents of the csar package provided * @throws IOException when metafile is invalid */ - public static Validator getValidator(FileContentHandler contentMap) throws IOException{ + public static Validator getValidator(final FileContentHandler fileContentHandler) throws IOException { ETSIService etsiService = new ETSIServiceImpl(null); - return etsiService.isSol004WithToscaMetaDirectory(contentMap) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); + return etsiService.isSol004WithToscaMetaDirectory(fileContentHandler) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); } } |