Fix signature validation in SDC (PNF package onboarding)

Change-Id: Ief8bf62e48a23a091e9084333c2523d8490fdcd2 Issue-ID: SDC-3386 Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
author: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com> 2021-01-14 17:03:31 +0100
committer: Christophe Closset <christophe.closset@intl.att.com> 2021-01-19 13:48:17 +0000
commit: 5b9a4251a7bce56895ca80b867ee7537e7382320 (patch)
tree: 6d09cf14e50b0007e97bbcf9a44e7e5ce3ab63e1 /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org
parent: f3b0ef4dc7cc21b273ea160781b5170b2d105e1a (diff)
1 files changed, 111 insertions, 68 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index 7c5cb662c7..0ed871d47c 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,9 +21,10 @@
 package org.openecomp.sdc.vendorsoftwareproduct.security;
 
 import org.apache.commons.io.FileUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
 
 import java.io.File;
 import java.io.IOException;
@@ -36,32 +37,42 @@ import static junit.framework.TestCase.assertTrue;
 
 public class SecurityManagerTest {
     private File certDir;
+    private String cerDirPath = "/tmp/cert/";
     private SecurityManager securityManager;
 
-    @Before
+    private File PrepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
+        File origFile = new File(getClass().getResource(origFilePath).toURI());
+        File newFile = new File(newFilePath);
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        return newFile;
+    }
+
+    private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
+        return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
+    }
+
+    @BeforeEach
     public void setUp() throws IOException {
-        certDir = new File("/tmp/cert");
-        if(certDir.exists()){
+        certDir = new File(cerDirPath);
+        if (certDir.exists()) {
             tearDown();
         }
         certDir.mkdirs();
         securityManager = new SecurityManager(certDir.getPath());
     }
 
-    @After
+    @AfterEach
     public void tearDown() throws IOException {
-        if(certDir.exists()) {
+        if (certDir.exists()) {
             FileUtils.deleteDirectory(certDir);
         }
         securityManager.cleanTrustedCertificates();
     }
 
     @Test
-    public void testGetCertificates() throws IOException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root-certificate.pem");
-        File newFile = new File("/tmp/cert/root-certificate.pem");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
+    public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
+        File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
         assertEquals(1, securityManager.getTrustedCertificates().size());
         newFile.delete();
         assertEquals(0, securityManager.getTrustedCertificates().size());
@@ -73,26 +84,22 @@ public class SecurityManagerTest {
         assertEquals(0, securityManager.getTrustedCertificates().size());
     }
 
-    @Test(expected = SecurityManagerException.class)
+    @Test
     public void testGetCertificatesException() throws IOException, SecurityManagerException {
-        File newFile = new File("/tmp/cert/root-certificate.pem");
-        newFile.createNewFile();
-        assertEquals(1, securityManager.getTrustedCertificates().size());
-        newFile.delete();
-        assertEquals(0, securityManager.getTrustedCertificates().size());
+        Assertions.assertThrows(SecurityManagerException.class, () -> {
+            File newFile = new File(cerDirPath + "root-certificate.pem");
+            newFile.createNewFile();
+            assertEquals(1, securityManager.getTrustedCertificates().size());
+            newFile.delete();
+            assertEquals(0, securityManager.getTrustedCertificates().size());
+        });
     }
 
     @Test
-    public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root-certificate.pem");
-        File newFile = new File("/tmp/cert/root-certificate.pem");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
+    public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
+        File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
         assertTrue(securityManager.getTrustedCertificates().size() == 1);
-        File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
-        File otherNewFile = new File("/tmp/cert/package-certificate.pem");
-        newFile.createNewFile();
-        FileUtils.copyFile(otherOrigFile, otherNewFile);
+        File otherNewFile = PrepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
         assertEquals(2, securityManager.getTrustedCertificates().size());
         otherNewFile.delete();
         assertEquals(1, securityManager.getTrustedCertificates().size());
@@ -102,58 +109,94 @@ public class SecurityManagerTest {
 
     @Test
     public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root.cert");
-        File newFile = new File("/tmp/cert/root.cert");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
-        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.cms").toURI()));
-        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
+        PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+        byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
+        byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
         assertTrue(securityManager.verifySignedData(signature, null, archive));
     }
 
-    @Test(expected = SecurityManagerException.class)
+    @Test
     public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root.cert");
-        File newFile = new File("/tmp/cert/root.cert");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
-        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
-        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
-        securityManager.verifySignedData(signature, null, archive);
+        Assertions.assertThrows(SecurityManagerException.class, () -> {
+            PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+            byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+            byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+            securityManager.verifySignedData(signature, null, archive);
+        });
+
     }
 
     @Test
     public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root.cert");
-        File newFile = new File("/tmp/cert/root.cert");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
-        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
-        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
-        byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
+        PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+        byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+        byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+        byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
         assertTrue(securityManager.verifySignedData(signature, cert, archive));
     }
 
-    @Test(expected = SecurityManagerException.class)
+    @Test
+    public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+        PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+        PrepareCertFiles("/cert/signing-ca2.crt", cerDirPath + "signing-ca2.crt");
+        byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+        byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+        byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
+        assertTrue(securityManager.verifySignedData(signature, cert, archive));
+    }
+
+    @Test
+    public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
+        Assertions.assertThrows(SecurityManagerException.class, () -> {
+            PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+            PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+            byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+            byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+            byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
+            securityManager.verifySignedData(signature, cert, archive);
+        });
+
+    }
+
+    @Test
+    public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
+        PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+        PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+        byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
+        byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
+        assertTrue(securityManager.verifySignedData(signature, null, archive));
+    }
+
+    @Test
+    public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
+        PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+        PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+        byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+        byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+        byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
+        assertTrue(securityManager.verifySignedData(signature, cert, archive));
+    }
+
+    @Test
     public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root-certificate.pem");
-        File newFile = new File("/tmp/cert/root-certificate.cert");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
-        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
-        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
-        byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
-        securityManager.verifySignedData(signature, cert, archive);
+        Assertions.assertThrows(SecurityManagerException.class, () -> {
+            PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
+            byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+            byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+            byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
+            securityManager.verifySignedData(signature, cert, archive);
+        });
+
     }
 
-    @Test(expected = SecurityManagerException.class)
+    @Test
     public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
-        File origFile = new File("src/test/resources/cert/root.cert");
-        File newFile = new File("/tmp/cert/root.cert");
-        newFile.createNewFile();
-        FileUtils.copyFile(origFile, newFile);
-        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.cms").toURI()));
-        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.csar").toURI()));
-        securityManager.verifySignedData(signature, null, archive);
+        Assertions.assertThrows(SecurityManagerException.class, () -> {
+            PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+            byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
+            byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
+            securityManager.verifySignedData(signature, null, archive);
+        });
+
     }
 }
author	Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>	2021-01-14 17:03:31 +0100
committer	Christophe Closset <christophe.closset@intl.att.com>	2021-01-19 13:48:17 +0000
commit	5b9a4251a7bce56895ca80b867ee7537e7382320 (patch)
tree	6d09cf14e50b0007e97bbcf9a44e7e5ce3ab63e1 /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org
parent	f3b0ef4dc7cc21b273ea160781b5170b2d105e1a (diff)