summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-07-29 14:41:18 +0100
committerMichael Morris <michael.morris@est.tech>2021-08-05 11:25:09 +0000
commit36ff777984fbd728737b264d7aa3933794716519 (patch)
tree242f8ddac4aa07c7f3e7702b611afcb7061b5af1 /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test
parent95b22d8d074f294e997c27d79d369b0eb3bee9e2 (diff)
Implement 'Signed Large CSAR' support
Change-Id: I33cc381b86c6a10e20d521c0d3dcc76c28344b8f Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3652 Issue-ID: SDC-3653 Signed-off-by: André Schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java112
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java66
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zipbin0 -> 3154 bytes
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zipbin0 -> 3446 bytes
4 files changed, 144 insertions, 34 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
index 5f5f9eb7dc..96d11eb148 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
@@ -19,6 +19,7 @@
package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation;
+import static java.nio.file.StandardCopyOption.REPLACE_EXISTING;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
@@ -27,12 +28,21 @@ import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
import java.io.IOException;
+import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
-import org.junit.Before;
-import org.junit.Test;
+import java.util.List;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
import org.mockito.Mock;
+import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
+import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager;
@@ -40,37 +50,88 @@ import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
-public class CsarSecurityValidatorTest {
+class CsarSecurityValidatorTest {
- private static final String BASE_DIR = "/vspmanager.csar/";
+ private static final String BASE_DIR = "/vspmanager.csar/signing/";
+ private static final String DELIMITER = "---";
private CsarSecurityValidator csarSecurityValidator;
@Mock
- SecurityManager securityManager;
+ private SecurityManager securityManager;
- @Before
- public void setUp() {
+ @AfterEach
+ void tearDown() throws Exception {
+ restore();
+ }
+
+ private void restore() throws Exception {
+ final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI();
+ final List<Path> list = Files.list(Path.of(uri.getPath())).filter(path -> path.toString().contains(DELIMITER)).collect(Collectors.toList());
+ for (final Path path : list) {
+ final String[] split = path.toString().split(DELIMITER);
+ Files.move(path, Path.of(split[0]), REPLACE_EXISTING);
+ }
+ }
+
+ @BeforeEach
+ public void setUp() throws Exception {
initMocks(this);
csarSecurityValidator = new CsarSecurityValidator(securityManager);
+ backup();
+ }
+
+ private void backup() throws Exception {
+ final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI();
+ final List<Path> list = Files.list(Path.of(uri.getPath())).collect(Collectors.toList());
+ for (final Path path : list) {
+ Files.copy(path, Path.of(path.toString() + DELIMITER + UUID.randomUUID()), REPLACE_EXISTING);
+ }
}
@Test
- public void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException {
- final byte[] packageBytes = getFileBytesOrFail("signing/signed-package.zip");
- final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package.zip",
+ void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException {
+ final byte[] packageBytes = getFileBytesOrFail("signed-package.zip");
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null);
+ when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true);
+ final boolean isSignatureValid = csarSecurityValidator
+ .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
+ assertThat("Signature should be valid", isSignatureValid, is(true));
+ }
+
+ @Test
+ void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException {
+ final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null);
+ //no mocked securityManager
+ csarSecurityValidator = new CsarSecurityValidator();
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ csarSecurityValidator
+ .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
+ });
+ }
+
+ @Test
+ void isSignatureValidTestCorrectStructureAndValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException {
+ final byte[] packageBytes = getFileBytesOrFail("signed-package.zip");
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package.zip",
packageBytes, null);
when(securityManager.verifySignedData(any(), any(), any())).thenReturn(true);
- final boolean isSignatureValid = csarSecurityValidator.verifyPackageSignature(onboardSignedPackage);
+ final boolean isSignatureValid = csarSecurityValidator
+ .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
+
assertThat("Signature should be valid", isSignatureValid, is(true));
}
- @Test(expected = SecurityManagerException.class)
- public void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException {
- final byte[] packageBytes = getFileBytesOrFail("signing/signed-package-tampered-data.zip");
- final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package-tampered-data.zip",
+ @Test
+ void isSignatureValidTestCorrectStructureAndNotValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException {
+ final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package-tampered-data.zip",
packageBytes, null);
//no mocked securityManager
csarSecurityValidator = new CsarSecurityValidator();
- csarSecurityValidator.verifyPackageSignature(onboardSignedPackage);
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ csarSecurityValidator
+ .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
+ });
}
private byte[] getFileBytesOrFail(final String path) {
@@ -87,8 +148,21 @@ public class CsarSecurityValidatorTest {
CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI()));
}
- private OnboardSignedPackage loadSignedPackage(final String packageName, final byte[] packageBytes,
- CnfPackageValidator cnfPackageValidator) {
+ private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes,
+ final CnfPackageValidator cnfPackageValidator) {
+ final OnboardingPackageProcessor onboardingPackageProcessor =
+ new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator,
+ new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip")));
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+ if (onboardPackageInfo == null) {
+ fail("Unexpected error. Could not load original package");
+ }
+
+ return onboardPackageInfo;
+ }
+
+ private OnboardPackageInfo loadSignedPackageWithoutArtifactInfo(final String packageName, final byte[] packageBytes,
+ final CnfPackageValidator cnfPackageValidator) {
final OnboardingPackageProcessor onboardingPackageProcessor =
new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, null);
final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
@@ -96,6 +170,6 @@ public class CsarSecurityValidatorTest {
fail("Unexpected error. Could not load original package");
}
- return (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage();
+ return onboardPackageInfo;
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index b5479e0868..6dc5517c45 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -27,14 +27,20 @@ import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
import org.apache.commons.io.FileUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
+import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
+import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
+import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
+import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
-public class SecurityManagerTest {
+class SecurityManagerTest {
private File certDir;
private String cerDirPath = "/tmp/cert/";
@@ -71,7 +77,7 @@ public class SecurityManagerTest {
}
@Test
- public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
+ void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
@@ -79,13 +85,13 @@ public class SecurityManagerTest {
}
@Test
- public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
+ void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
certDir.delete();
assertEquals(0, securityManager.getTrustedCertificates().size());
}
@Test
- public void testGetCertificatesException() throws IOException, SecurityManagerException {
+ void testGetCertificatesException() throws IOException, SecurityManagerException {
File newFile = new File(cerDirPath + "root-certificate.pem");
newFile.createNewFile();
Assertions.assertThrows(SecurityManagerException.class, () -> {
@@ -97,9 +103,9 @@ public class SecurityManagerTest {
}
@Test
- public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
+ void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
- assertTrue(securityManager.getTrustedCertificates().size() == 1);
+ assertEquals(1, securityManager.getTrustedCertificates().size());
File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
assertEquals(2, securityManager.getTrustedCertificates().size());
otherNewFile.delete();
@@ -109,7 +115,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
@@ -117,7 +123,22 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled()
+ throws IOException, URISyntaxException, SecurityManagerException {
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip");
+
+ final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes,
+ new CnfPackageValidator(),
+ new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip")));
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+
+ assertTrue(securityManager
+ .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
+ }
+
+ @Test
+ void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
@@ -128,7 +149,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
@@ -137,7 +158,22 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled()
+ throws IOException, URISyntaxException, SecurityManagerException {
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip");
+
+ final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes,
+ new CnfPackageValidator(),
+ new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip")));
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+
+ assertTrue(securityManager
+ .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
+ }
+
+ @Test
+ void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
@@ -147,7 +183,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
@@ -160,7 +196,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
+ void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
throws IOException, URISyntaxException, SecurityManagerException {
prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
@@ -170,7 +206,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
@@ -180,7 +216,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
@@ -192,7 +228,7 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
+ void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip
new file mode 100644
index 0000000000..be48e8a674
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip
Binary files differ
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip
new file mode 100644
index 0000000000..7f2eacbe10
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip
Binary files differ