diff options
author | andre.schmid <andre.schmid@est.tech> | 2019-09-19 16:14:01 +0100 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2019-11-03 15:41:37 +0000 |
commit | 433947b5ab5e28fc29aee447de934de89a707419 (patch) | |
tree | a485b95b2ae7716ced4825fb7b9eb2b6eeb3433b /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main | |
parent | ee64a64fb0705422c18608304e63a505d10d8ba1 (diff) |
Centralize onboarding package validation
Change-Id: I3cc58cf15f62008e83cfc7ddb095d07ab216b82a
Issue-ID: SDC-2583
Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main')
20 files changed, 549 insertions, 128 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java new file mode 100644 index 0000000000..2e88357e0b --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java @@ -0,0 +1,27 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.exception; + +public class OnboardPackageException extends Exception { + + public OnboardPackageException(final String s, final Throwable throwable) { + super(s, throwable); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java index d5d5c8045b..d4c7151c17 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java @@ -65,7 +65,7 @@ public class OrchestrationTemplateCandidateManagerImpl final OnboardPackageInfo onboardPackageInfo) { final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); final OrchestrationTemplateFileHandler orchestrationTemplateFileHandler = - OrchestrationUploadFactory.createOrchestrationTemplateFileHandler(onboardPackage.getFileExtension()); + OrchestrationUploadFactory.createOrchestrationTemplateFileHandler(onboardPackageInfo.getPackageType()); final UploadFileResponse uploadFileResponse = orchestrationTemplateFileHandler.upload(vspDetails, onboardPackageInfo, candidateService); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java new file mode 100644 index 0000000000..1d502547dc --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java @@ -0,0 +1,229 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding; + +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_EMPTY_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_INVALID_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_INVALID_EXTENSION; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_MISSING_INTERNAL_PACKAGE; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_PROCESS_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_PROCESS_INTERNAL_PACKAGE_ERROR; + +import com.google.common.collect.ImmutableSet; +import java.nio.ByteBuffer; +import java.util.HashSet; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.MapUtils; +import org.apache.commons.io.FilenameUtils; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; +import org.openecomp.sdc.common.zip.exception.ZipException; +import org.openecomp.sdc.common.utils.CommonUtil; +import org.openecomp.sdc.datatypes.error.ErrorLevel; +import org.openecomp.sdc.datatypes.error.ErrorMessage; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackage; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +public class OnboardingPackageProcessor { + private static final Logger LOGGER = LoggerFactory.getLogger(OnboardingPackageProcessor.class); + private static final Set<String> ALLOWED_SIGNATURE_EXTENSIONS = ImmutableSet.of("cms"); + private static final Set<String> ALLOWED_CERTIFICATE_EXTENSIONS = ImmutableSet.of("cert", "crt"); + private static final String CSAR_EXTENSION = "csar"; + private static final String ZIP_EXTENSION = "zip"; + + private final String packageFileName; + private final byte[] packageFileContent; + private FileContentHandler onboardPackageContentHandler; + private Set<ErrorMessage> errorMessageSet = new HashSet<>(); + private OnboardPackageInfo onboardPackageInfo; + + public OnboardingPackageProcessor(final String packageFileName, final byte[] packageFileContent) { + this.packageFileName = packageFileName; + this.packageFileContent = packageFileContent; + onboardPackageInfo = processPackage(); + } + + private OnboardPackageInfo processPackage() { + if (!hasValidExtension()) { + final String message = PACKAGE_INVALID_EXTENSION.formatMessage(packageFileName, String.join(", ", CSAR_EXTENSION, ZIP_EXTENSION)); + reportError(ErrorLevel.ERROR, message); + return null; + } + try { + onboardPackageContentHandler = CommonUtil.getZipContent(packageFileContent); + } catch (final ZipException e) { + final String message = PACKAGE_PROCESS_ERROR.formatMessage(packageFileName); + LOGGER.error(message, e); + reportError(ErrorLevel.ERROR, message); + return null; + } + if (isPackageEmpty()) { + final String message = PACKAGE_EMPTY_ERROR.formatMessage(packageFileName); + reportError(ErrorLevel.ERROR, message); + return null; + } + + final String packageName = FilenameUtils.getBaseName(packageFileName); + final String packageExtension = FilenameUtils.getExtension(packageFileName); + + if (hasSignedPackageStructure()) { + return processSignedPackage(packageName, packageExtension); + } else { + final OnboardPackage onboardPackage = new OnboardPackage(packageName, packageExtension, + ByteBuffer.wrap(packageFileContent), onboardPackageContentHandler); + if (packageExtension.equalsIgnoreCase(CSAR_EXTENSION)) { + return new OnboardPackageInfo(onboardPackage, OnboardingTypesEnum.CSAR); + } else if (packageExtension.equalsIgnoreCase(ZIP_EXTENSION)) { + return new OnboardPackageInfo(onboardPackage, OnboardingTypesEnum.ZIP); + } + } + + reportError(ErrorLevel.ERROR, PACKAGE_INVALID_ERROR.formatMessage(packageFileName)); + return null; + } + + private boolean hasValidExtension() { + final String packageExtension = FilenameUtils.getExtension(packageFileName); + return packageExtension.equalsIgnoreCase(CSAR_EXTENSION) || packageExtension.equalsIgnoreCase(ZIP_EXTENSION); + } + + private OnboardPackageInfo processSignedPackage(final String packageName, final String packageExtension) { + final String internalPackagePath = findInternalPackagePath().orElse(null); + if (internalPackagePath == null) { + reportError(ErrorLevel.ERROR, PACKAGE_MISSING_INTERNAL_PACKAGE.getErrorMessage()); + return null; + } + final String signatureFilePath = findSignatureFilePath().orElse(null); + final String certificateFilePath = findCertificateFilePath().orElse(null); + final OnboardSignedPackage onboardSignedPackage = + new OnboardSignedPackage(packageName, packageExtension, ByteBuffer.wrap(packageFileContent), + onboardPackageContentHandler, signatureFilePath, internalPackagePath, certificateFilePath); + + final String internalPackageName = FilenameUtils.getName(internalPackagePath); + final String internalPackageBaseName = FilenameUtils.getBaseName(internalPackagePath); + final String internalPackageExtension = FilenameUtils.getExtension(internalPackagePath); + final byte[] internalPackageContent = onboardPackageContentHandler.getFileContent(internalPackagePath); + + final OnboardPackage onboardPackage; + try { + onboardPackage = new OnboardPackage(internalPackageBaseName, internalPackageExtension, + internalPackageContent); + } catch (final OnboardPackageException e) { + final String message = PACKAGE_PROCESS_INTERNAL_PACKAGE_ERROR.formatMessage(internalPackageName); + LOGGER.error(message, e); + reportError(ErrorLevel.ERROR, message); + return null; + } + + return new OnboardPackageInfo(onboardSignedPackage, onboardPackage, OnboardingTypesEnum.SIGNED_CSAR); + } + + private void reportError(final ErrorLevel errorLevel, final String message) { + errorMessageSet.add(new ErrorMessage(errorLevel, message)); + } + + public boolean hasErrors() { + return !errorMessageSet.isEmpty(); + } + + public Set<ErrorMessage> getErrorMessageSet() { + return errorMessageSet; + } + + private Optional<String> findInternalPackagePath() { + return onboardPackageContentHandler.getFileList().stream() + .filter(filePath -> { + final String extension = FilenameUtils.getExtension(filePath); + return CSAR_EXTENSION.equalsIgnoreCase(extension) || ZIP_EXTENSION.equalsIgnoreCase(extension); + } + ) + .findFirst(); + } + + private boolean isPackageEmpty() { + return MapUtils.isEmpty(onboardPackageContentHandler.getFiles()); + } + + private boolean hasSignedPackageStructure() { + if (MapUtils.isEmpty(onboardPackageContentHandler.getFiles()) || !CollectionUtils.isEmpty( + onboardPackageContentHandler.getFolderList())) { + return false; + } + final int numberOfFiles = onboardPackageContentHandler.getFileList().size(); + if (numberOfFiles == 2) { + return hasOneInternalPackageFile(onboardPackageContentHandler) && + hasOneSignatureFile(onboardPackageContentHandler); + } + + if (numberOfFiles == 3) { + return hasOneInternalPackageFile(onboardPackageContentHandler) && + hasOneSignatureFile(onboardPackageContentHandler) && + hasOneCertificateFile(onboardPackageContentHandler); + } + + return false; + } + + private boolean hasOneInternalPackageFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(file -> file.endsWith(CSAR_EXTENSION)).count() == 1; + } + + private boolean hasOneSignatureFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(ALLOWED_SIGNATURE_EXTENSIONS::contains).count() == 1; + } + + private boolean hasOneCertificateFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(ALLOWED_CERTIFICATE_EXTENSIONS::contains).count() == 1; + } + + private Optional<String> findSignatureFilePath() { + final Map<String, byte[]> files = onboardPackageContentHandler.getFiles(); + return files.keySet().stream() + .filter(fileName -> ALLOWED_SIGNATURE_EXTENSIONS.contains(FilenameUtils.getExtension(fileName).toLowerCase())) + .findFirst(); + } + + private Optional<String> findCertificateFilePath() { + final Map<String, byte[]> files = onboardPackageContentHandler.getFiles(); + return files.keySet().stream() + .filter(fileName -> ALLOWED_CERTIFICATE_EXTENSIONS.contains(FilenameUtils.getExtension(fileName).toLowerCase())) + .findFirst(); + } + + public Optional<OnboardPackageInfo> getOnboardPackageInfo() { + return Optional.ofNullable(onboardPackageInfo); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java index d87c9c8dbb..23cf41c5d5 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java @@ -20,16 +20,11 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; -import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; - import java.io.ByteArrayInputStream; import java.util.Optional; import org.apache.commons.collections4.MapUtils; -import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; -import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; -import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; @@ -59,33 +54,25 @@ public abstract class BaseOrchestrationTemplateHandler implements OrchestrationT return uploadFileResponse; } - final Optional<FileContentHandler> optionalContentMap = - getFileContentMap(uploadFileResponse, fileContentByteArray); - if (!optionalContentMap.isPresent()) { - logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString())); - uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, - getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString()))); - return uploadFileResponse; - } + final UploadFileResponse validateResponse = validate(onboardPackageInfo); - if (!MapUtils.isEmpty(uploadFileResponse.getErrors())) { + if (!MapUtils.isEmpty(validateResponse.getErrors())) { + uploadFileResponse.addStructureErrors(validateResponse.getErrors()); return uploadFileResponse; } - if (updateCandidateData(vspDetails, onboardPackageInfo, candidateService, uploadFileResponse, - optionalContentMap.get())) { - return uploadFileResponse; + + final UploadFileResponse responseFromUpdate = updateCandidateData(vspDetails, onboardPackageInfo, + candidateService); + if (!MapUtils.isEmpty(responseFromUpdate.getErrors())) { + uploadFileResponse.addStructureErrors(responseFromUpdate.getErrors()); } - return uploadFileResponse; + return uploadFileResponse; } - protected abstract boolean updateCandidateData(final VspDetails vspDetails, + protected abstract UploadFileResponse updateCandidateData(final VspDetails vspDetails, final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap); + final CandidateService candidateService); private boolean isFileFileToUploadEmpty(final OnboardPackage onboardPackage, final UploadFileResponse uploadFileResponse, @@ -114,9 +101,7 @@ public abstract class BaseOrchestrationTemplateHandler implements OrchestrationT return false; } - public abstract Optional<FileContentHandler> getFileContentMap( - UploadFileResponse uploadFileResponse, - byte[] uploadedFileData); + public abstract UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo); protected abstract OnboardingTypesEnum getHandlerType(); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java index 8f0029aa83..16f12bb44d 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java @@ -23,79 +23,107 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; import java.io.IOException; -import java.util.List; import java.util.Optional; -import org.apache.commons.lang3.tuple.Pair; import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.CoreException; import org.openecomp.sdc.common.errors.Messages; -import org.openecomp.sdc.common.utils.CommonUtil; import org.openecomp.sdc.common.utils.SdcCommon; -import org.openecomp.sdc.common.zip.exception.ZipException; import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.OrchestrationTemplateCandidateData; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails; +import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.CsarSecurityValidator; import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.Validator; import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.ValidatorFactory; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; import org.openecomp.sdc.vendorsoftwareproduct.services.filedatastructuremodule.CandidateService; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackage; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; import org.openecomp.sdc.vendorsoftwareproduct.types.UploadFileResponse; public class OrchestrationTemplateCSARHandler extends BaseOrchestrationTemplateHandler implements OrchestrationTemplateFileHandler { - @Override - public Optional<FileContentHandler> getFileContentMap(UploadFileResponse uploadFileResponse, - byte[] uploadedFileData) { - FileContentHandler contentMap = null; - List<String> folderList; - try { - Pair<FileContentHandler, List<String>> fileContentMapFromOrchestrationCandidateZip = - CommonUtil.getFileContentMapFromOrchestrationCandidateZip(uploadedFileData); - contentMap = fileContentMapFromOrchestrationCandidateZip.getKey(); - folderList = fileContentMapFromOrchestrationCandidateZip.getRight(); - Validator validator = ValidatorFactory.getValidator(contentMap); - uploadFileResponse.addStructureErrors(validator.validateContent(contentMap, folderList)); - } catch (final ZipException | IOException exception) { - logger.error(exception.getMessage(), exception); - uploadFileResponse.addStructureError( - SdcCommon.UPLOAD_FILE, - new ErrorMessage(ErrorLevel.ERROR, Messages.INVALID_CSAR_FILE.getErrorMessage())); - } catch (CoreException coreException) { - logger.error(coreException.getMessage(), coreException); - uploadFileResponse.addStructureError( - SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, coreException.getMessage())); + @Override + public UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + if (onboardPackageInfo.getPackageType() == OnboardingTypesEnum.SIGNED_CSAR) { + final OnboardSignedPackage originalOnboardPackage = + (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(); + validatePackageSecurity(originalOnboardPackage).ifPresent(packageSignatureResponse -> { + if (packageSignatureResponse.hasErrors()) { + uploadFileResponse.addStructureErrors(packageSignatureResponse.getErrors()); + } + }); + + if (uploadFileResponse.hasErrors()) { + return uploadFileResponse; + } + } + final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); + final FileContentHandler fileContentHandler = onboardPackage.getFileContentHandler(); + + try { + final Validator validator = ValidatorFactory.getValidator(fileContentHandler); + uploadFileResponse.addStructureErrors(validator.validateContent(fileContentHandler)); + } catch (IOException exception) { + logger.error(exception.getMessage(), exception); + uploadFileResponse.addStructureError( + SdcCommon.UPLOAD_FILE, + new ErrorMessage(ErrorLevel.ERROR, Messages.INVALID_CSAR_FILE.getErrorMessage())); + } catch (CoreException coreException) { + logger.error(coreException.getMessage(), coreException); + uploadFileResponse.addStructureError( + SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, coreException.getMessage())); + } + + return uploadFileResponse; } - return Optional.ofNullable(contentMap); - } + private Optional<UploadFileResponse> validatePackageSecurity(final OnboardSignedPackage originalOnboardPackage) { + final UploadFileResponse uploadFileResponseDto = new UploadFileResponse(); + try { + final CsarSecurityValidator csarSecurityValidator = new CsarSecurityValidator(); + if (!csarSecurityValidator.verifyPackageSignature(originalOnboardPackage)) { + final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, + Messages.FAILED_TO_VERIFY_SIGNATURE.getErrorMessage()); + logger.error(errorMessage.getMessage()); + uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage); + return Optional.of(uploadFileResponseDto); + } + } catch (final SecurityManagerException e) { + final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, e.getMessage()); + logger.error("Could not validate package signature {}", originalOnboardPackage.getFilename(), e); + uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage); + return Optional.of(uploadFileResponseDto); + } + return Optional.empty(); + } - @Override - protected boolean updateCandidateData(final VspDetails vspDetails, - final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap) { - try { - final OnboardPackage csarPackage = onboardPackageInfo.getOnboardPackage(); - final OnboardPackage originalOnboardPackage = onboardPackageInfo.getOriginalOnboardPackage(); - candidateService.updateCandidateUploadData(vspDetails.getId(), vspDetails.getVersion(), - new OrchestrationTemplateCandidateData(csarPackage.getFileContent(), - "", csarPackage.getFileExtension(), - csarPackage.getFilename(), originalOnboardPackage.getFilename(), originalOnboardPackage.getFileExtension(), - originalOnboardPackage.getFileContent())); - } catch (final Exception exception) { - logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString()), exception); - uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, - new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); - return true; + @Override + protected UploadFileResponse updateCandidateData(final VspDetails vspDetails, + final OnboardPackageInfo onboardPackageInfo, + final CandidateService candidateService) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + final OnboardPackage csarPackage = onboardPackageInfo.getOnboardPackage(); + final OnboardPackage originalOnboardPackage = onboardPackageInfo.getOriginalOnboardPackage(); + try { + candidateService.updateCandidateUploadData(vspDetails.getId(), vspDetails.getVersion(), + new OrchestrationTemplateCandidateData(csarPackage.getFileContent(), + "", csarPackage.getFileExtension(), + csarPackage.getFilename(), originalOnboardPackage.getFilename(), + originalOnboardPackage.getFileExtension(), + originalOnboardPackage.getFileContent())); + } catch (final Exception exception) { + logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), + getHandlerType().toString()), exception); + uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, + new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); + } + return uploadFileResponse; } - return false; - } @Override protected OnboardingTypesEnum getHandlerType() { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java index bc4fb668b0..056f1a4478 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java @@ -22,8 +22,6 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; -import java.util.Optional; -import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; @@ -40,24 +38,25 @@ import org.openecomp.sdc.vendorsoftwareproduct.types.UploadFileResponse; public class OrchestrationTemplateZipHandler extends BaseOrchestrationTemplateHandler implements OrchestrationTemplateFileHandler { - @Override - public Optional<FileContentHandler> getFileContentMap(UploadFileResponse uploadFileResponse, - byte[] uploadedFileData) { - return OrchestrationUtil - .getFileContentMap(OnboardingTypesEnum.ZIP, uploadFileResponse, uploadedFileData); - } + @Override + public UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); + OrchestrationUtil + .getFileContentMap(OnboardingTypesEnum.ZIP, uploadFileResponse, onboardPackage.getFileContent().array()); + return uploadFileResponse; + } @Override - protected boolean updateCandidateData(final VspDetails vspDetails, + protected UploadFileResponse updateCandidateData(final VspDetails vspDetails, final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap) { + final CandidateService candidateService) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); try { final OnboardPackage zipPackage = onboardPackageInfo.getOnboardPackage(); final OrchestrationTemplateCandidateData candidateData = new CandidateEntityBuilder(candidateService) - .buildCandidateEntityFromZip(vspDetails, zipPackage.getFileContent().array(), contentMap, + .buildCandidateEntityFromZip(vspDetails, zipPackage.getFileContent().array(), zipPackage.getFileContentHandler(), uploadFileResponse.getErrors()); candidateData.setFileName(zipPackage.getFilename()); candidateData.setFileSuffix(zipPackage.getFileExtension()); @@ -68,9 +67,8 @@ public class OrchestrationTemplateZipHandler extends BaseOrchestrationTemplateHa getHandlerType().toString()), exception); uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); - return true; } - return false; + return uploadFileResponse; } @Override diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java index b1fb84c1f3..4b2decd412 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java @@ -19,6 +19,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import org.onap.config.api.Configuration; import org.onap.config.api.ConfigurationManager; import org.openecomp.core.utilities.CommonMethods; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.CoreException; import org.openecomp.sdc.datatypes.configuration.ImplementationConfiguration; import org.openecomp.sdc.vendorsoftwareproduct.dao.errors.OrchestrationTemplateFileExtensionErrorBuilder; @@ -42,9 +43,9 @@ public class OrchestrationUploadFactory { } - public static OrchestrationTemplateFileHandler createOrchestrationTemplateFileHandler(String fileSuffix) { - String fileExtension = fileSuffix.toLowerCase(); - ImplementationConfiguration orchestrationTemplateFileHandler = FILE_HANLDERS.get(fileExtension); + public static OrchestrationTemplateFileHandler createOrchestrationTemplateFileHandler( + final OnboardingTypesEnum onboardingType) { + final ImplementationConfiguration orchestrationTemplateFileHandler = FILE_HANLDERS.get(onboardingType.toString()); if(Objects.isNull(orchestrationTemplateFileHandler)){ throw new CoreException(new OrchestrationTemplateFileExtensionErrorBuilder diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java index 3dfe3a25c2..ef41262621 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java @@ -287,7 +287,7 @@ public class OrchestrationUtil { FileContentHandler fileContentMap, HeatStructureTree tree) { Map<String, Object> manifestAsMap = fileContentMap.containsFile(SdcCommon.MANIFEST_NAME) - ? (Map<String, Object>) JsonUtil.json2Object(fileContentMap.getFileContent( + ? (Map<String, Object>) JsonUtil.json2Object(fileContentMap.getFileContentAsStream( SdcCommon.MANIFEST_NAME), Map.class) : new HashMap<>(); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java new file mode 100644 index 0000000000..0efe65b3b6 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java @@ -0,0 +1,61 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; + +import java.util.Optional; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +/** + * Validates the package security + */ +public class CsarSecurityValidator { + + private SecurityManager securityManager = SecurityManager.getInstance(); + + public CsarSecurityValidator() { + } + + //for tests purpose + CsarSecurityValidator(final SecurityManager securityManager) { + this.securityManager = securityManager; + } + + /** + * Validates package signature against trusted certificates + * + * @return true if signature verified + * @throws SecurityManagerException when a certificate error occurs. + */ + public boolean verifyPackageSignature(final OnboardSignedPackage signedPackage) throws SecurityManagerException { + final FileContentHandler fileContentHandler = signedPackage.getFileContentHandler(); + final byte[] signatureBytes = fileContentHandler.getFileContent(signedPackage.getSignatureFilePath()); + final byte[] archiveBytes = fileContentHandler.getFileContent(signedPackage.getInternalPackageFilePath()); + byte[] certificateBytes = null; + final Optional<String> certificateFilePath = signedPackage.getCertificateFilePath(); + if (certificateFilePath.isPresent()) { + certificateBytes = fileContentHandler.getFileContent(certificateFilePath.get()); + } + + return securityManager.verifySignedData(signatureBytes, certificateBytes, archiveBytes); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java index e5a06e5d42..ceee5facd0 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; +import java.util.Set; import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; @@ -54,13 +55,13 @@ class ONAPCsarValidator implements Validator { private List<ErrorMessage> uploadFileErrors = new ArrayList<>(); @Override - public Map<String, List<ErrorMessage>> validateContent(FileContentHandler contentHandler, List<String> folderList) { + public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler) { Map<String, List<ErrorMessage>> errors = new HashMap<>(); validateManifest(contentHandler); validateMetadata(contentHandler); validateNoExtraFiles(contentHandler); - validateFolders(folderList); + validateFolders(contentHandler.getFolderList()); if(uploadFileErrors == null || uploadFileErrors.isEmpty()){ return errors; @@ -71,7 +72,7 @@ class ONAPCsarValidator implements Validator { private void validateMetadata(FileContentHandler contentMap){ if (!validateTOSCAYamlFileInRootExist(contentMap, MAIN_SERVICE_TEMPLATE_YAML_FILE_NAME)) { - try (InputStream metaFileContent = contentMap.getFileContent(TOSCA_META_PATH_FILE_NAME)) { + try (InputStream metaFileContent = contentMap.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)) { ToscaMetadata onboardingToscaMetadata = OnboardingToscaMetadata.parseToscaMetadataFile(metaFileContent); String entryDefinitionsPath = onboardingToscaMetadata.getMetaEntries().get(TOSCA_META_ENTRY_DEFINITIONS); @@ -97,7 +98,7 @@ class ONAPCsarValidator implements Validator { return; } - try (InputStream fileContent = contentMap.getFileContent(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { + try (InputStream fileContent = contentMap.getFileContentAsStream(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { Manifest onboardingManifest = new ONAPManifestOnboarding(); onboardingManifest.parse(fileContent); @@ -122,7 +123,7 @@ class ONAPCsarValidator implements Validator { } } - private void validateFolders(List<String> folderList) { + private void validateFolders(Set<String> folderList) { List<String> filterResult = folderList.stream().filter(this::filterFolders).collect(Collectors.toList()); if (!filterResult.isEmpty()) { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java index bed3a9b128..6274a54a58 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java @@ -83,14 +83,13 @@ class SOL004MetaDirectoryValidator implements Validator { private static final String MANIFEST_NON_MANO_SOURCE = "Non-MANO Source"; private final List<ErrorMessage> errorsByFile = new ArrayList<>(); private FileContentHandler contentHandler; - private List<String> folderList; + private Set<String> folderList; private ToscaMetadata toscaMetadata; @Override - public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler - , final List<String> folderList) { + public Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler) { this.contentHandler = contentHandler; - this.folderList = folderList; + this.folderList = contentHandler.getFolderList(); parseToscaMetadata(); verifyMetadataFile(); return Collections.unmodifiableMap(getAnyValidationErrors()); @@ -103,7 +102,7 @@ class SOL004MetaDirectoryValidator implements Validator { try { toscaMetadata = OnboardingToscaMetadata - .parseToscaMetadataFile(contentHandler.getFileContent(TOSCA_META_PATH_FILE_NAME)); + .parseToscaMetadataFile(contentHandler.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)); } catch (final IOException e) { reportError(ErrorLevel.ERROR, Messages.METADATA_PARSER_INTERNAL.getErrorMessage()); LOGGER.error(Messages.METADATA_PARSER_INTERNAL.getErrorMessage(), e.getMessage(), e); @@ -198,7 +197,7 @@ class SOL004MetaDirectoryValidator implements Validator { final String manifestFile = toscaMetadata.getMetaEntries().get(TOSCA_META_ETSI_ENTRY_MANIFEST); if(verifyFileExists(contentHandler.getFileList(), manifestFile)){ final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(manifestFile)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(manifestFile)); final Optional<ResourceTypeEnum> resourceType = onboardingManifest.getType(); if (resourceType.isPresent() && resourceType.get() == ResourceTypeEnum.VF){ final String value = (String) entry.getValue(); @@ -250,7 +249,7 @@ class SOL004MetaDirectoryValidator implements Validator { final Set<String> existingFiles = contentHandler.getFileList(); if (verifyFileExists(existingFiles, filePath)) { final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(filePath)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(filePath)); if (onboardingManifest.isValid()) { try { verifyManifestMetadata(onboardingManifest.getMetadata()); @@ -354,7 +353,7 @@ class SOL004MetaDirectoryValidator implements Validator { return; } - final InputStream fileContent = contentHandler.getFileContent(filePath); + final InputStream fileContent = contentHandler.getFileContentAsStream(filePath); if (fileContent == null) { reportError(ErrorLevel.ERROR, Messages.EMPTY_YAML_FILE_1.formatMessage(filePath)); return; @@ -397,7 +396,7 @@ class SOL004MetaDirectoryValidator implements Validator { folderPath)); } - private boolean verifyFoldersExist(final List<String> folderList, final String folderPath) { + private boolean verifyFoldersExist(final Set<String> folderList, final String folderPath) { return folderList.contains(folderPath + "/"); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java index 927f3c0b69..34386b6d29 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java @@ -34,8 +34,7 @@ public interface Validator { /** * * @param contentHandler contains file and its data - * @param folderList folder structure inside the package * @return errors Map of errors that occur */ - Map<String, List<ErrorMessage>> validateContent(FileContentHandler contentHandler, List<String> folderList); + Map<String, List<ErrorMessage>> validateContent(final FileContentHandler contentHandler); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java index bc44496fef..064a1c66ab 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java @@ -34,12 +34,12 @@ public class ValidatorFactory { /** * Returns a validator based on the contents of the csar package. * - * @param contentMap the csar package + * @param fileContentHandler the csar package * @return Validator based on the contents of the csar package provided * @throws IOException when metafile is invalid */ - public static Validator getValidator(FileContentHandler contentMap) throws IOException{ + public static Validator getValidator(final FileContentHandler fileContentHandler) throws IOException { ETSIService etsiService = new ETSIServiceImpl(null); - return etsiService.isSol004WithToscaMetaDirectory(contentMap) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); + return etsiService.isSol004WithToscaMetaDirectory(fileContentHandler) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java index 31898d26ae..ac7a1510c7 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java @@ -67,6 +67,7 @@ public class OrchestrationTemplateProcessCsarHandler implements OrchestrationTem public OrchestrationTemplateActionResponse process(VspDetails vspDetails, OrchestrationTemplateCandidateData candidateData) { + UploadFileResponse uploadFileResponse = new UploadFileResponse(); Optional<FileContentHandler> fileContent = OrchestrationUtil .getFileContentMap(OnboardingTypesEnum.CSAR, uploadFileResponse, diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java index 90bfb67977..2928905603 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java @@ -61,7 +61,6 @@ import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Store; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; @@ -73,7 +72,6 @@ import org.openecomp.sdc.logging.api.LoggerFactory; public class SecurityManager { private static final String CERTIFICATE_DEFAULT_LOCATION = "cert"; - private static SecurityManager INSTANCE = null; private Logger logger = LoggerFactory.getLogger(SecurityManager.class); private Set<X509Certificate> trustedCertificates = new HashSet<>(); @@ -90,10 +88,15 @@ public class SecurityManager { } public static SecurityManager getInstance() { - if (INSTANCE == null) { - INSTANCE = new SecurityManager(); - } - return INSTANCE; + return SecurityManagerInstanceHolder.instance; + } + + /** + * Initialization on demand class / synchronized singleton pattern. + */ + private static class SecurityManagerInstanceHolder { + + private static final SecurityManager instance = new SecurityManager(); } /** diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java index b8ef598d65..60bd5ae0a0 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java @@ -21,6 +21,10 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; import java.nio.ByteBuffer; import lombok.Getter; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.sdc.common.zip.exception.ZipException; +import org.openecomp.sdc.common.utils.CommonUtil; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; @Getter public class OnboardPackage { @@ -28,11 +32,30 @@ public class OnboardPackage { private final String filename; private final String fileExtension; private final ByteBuffer fileContent; + private final FileContentHandler fileContentHandler; - public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent) { + public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent, + final FileContentHandler fileContentHandler) { this.filename = filename; this.fileExtension = fileExtension; this.fileContent = fileContent; + this.fileContentHandler = fileContentHandler; } + public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent) + throws OnboardPackageException { + this.filename = filename; + this.fileExtension = fileExtension; + this.fileContent = fileContent; + try { + fileContentHandler = CommonUtil.getZipContent(fileContent.array()); + } catch (final ZipException e) { + throw new OnboardPackageException("Could not read the package content", e); + } + } + + public OnboardPackage(final String packageName, final String packageExtension, final byte[] packageContentBytes) + throws OnboardPackageException { + this(packageName, packageExtension, ByteBuffer.wrap(packageContentBytes)); + } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java index 308db035db..6c35bd67d9 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java @@ -21,24 +21,32 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; import java.nio.ByteBuffer; import lombok.Getter; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; @Getter public class OnboardPackageInfo { + private final OnboardingTypesEnum packageType; private final OnboardPackage originalOnboardPackage; private final OnboardPackage onboardPackage; - public OnboardPackageInfo(final String filename, - final String fileExtension, - final ByteBuffer fileContent, - final OnboardPackage onboardPackage) { - originalOnboardPackage = new OnboardPackage(filename, fileExtension, fileContent); + public OnboardPackageInfo(final OnboardPackage onboardPackage, final OnboardingTypesEnum packageType) { + this(onboardPackage, onboardPackage, packageType); + } + + public OnboardPackageInfo(final OnboardPackage originalOnboardPackage, + final OnboardPackage onboardPackage, final OnboardingTypesEnum packageType) { + this.packageType = packageType; + this.originalOnboardPackage = originalOnboardPackage; this.onboardPackage = onboardPackage; } public OnboardPackageInfo(final String filename, final String fileExtension, - final ByteBuffer fileContent) { + final ByteBuffer fileContent, + final OnboardingTypesEnum packageType) throws OnboardPackageException { + this.packageType = packageType; originalOnboardPackage = new OnboardPackage(filename, fileExtension, fileContent); this.onboardPackage = originalOnboardPackage; } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java new file mode 100644 index 0000000000..a1436fcd2d --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java @@ -0,0 +1,49 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.types; + +import java.nio.ByteBuffer; +import java.util.Optional; +import lombok.Getter; +import org.apache.commons.lang3.StringUtils; +import org.openecomp.core.utilities.file.FileContentHandler; + +@Getter +public class OnboardSignedPackage extends OnboardPackage { + private String signatureFilePath; + private String internalPackageFilePath; + private String certificateFilePath; + + public OnboardSignedPackage(final String filename, final String fileExtension, final ByteBuffer fileContent, + final FileContentHandler fileContentHandler, final String signatureFilePath, + final String internalPackageFilePath, final String certificateFilePath) { + super(filename, fileExtension, fileContent, fileContentHandler); + this.signatureFilePath = signatureFilePath; + this.internalPackageFilePath = internalPackageFilePath; + this.certificateFilePath = certificateFilePath; + } + + public Optional<String> getCertificateFilePath() { + if (StringUtils.isEmpty(certificateFilePath)) { + return Optional.empty(); + } + return Optional.of(certificateFilePath); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java index ca0eed2153..31bdf21884 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java @@ -21,6 +21,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; +import org.apache.commons.collections4.MapUtils; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; @@ -109,4 +110,8 @@ public class UploadFileResponse { public Map<String, List<ErrorMessage>> getErrors() { return errors; } + + public boolean hasErrors() { + return !MapUtils.isEmpty(errors); + } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json index b3147eb3af..2477eab5f6 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json @@ -7,6 +7,10 @@ "csar": { "enable": true, "implementationClass": "org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.OrchestrationTemplateCSARHandler" + }, + "signed-csar": { + "enable": true, + "implementationClass": "org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.OrchestrationTemplateCSARHandler" } }, "process_impl": { |