diff options
| author |   vasraz <vasyl.razinkov@est.tech> | 2021-07-29 14:41:18 +0100 |
|---|---|---|
| committer |   Michael Morris <michael.morris@est.tech> | 2021-08-05 11:25:09 +0000 |
| commit | 36ff777984fbd728737b264d7aa3933794716519 (patch) | |
| tree | 242f8ddac4aa07c7f3e7702b611afcb7061b5af1 /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test | |
| parent | 95b22d8d074f294e997c27d79d369b0eb3bee9e2 (diff) | |
Implement 'Signed Large CSAR' support
Change-Id: I33cc381b86c6a10e20d521c0d3dcc76c28344b8f
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3652
Issue-ID: SDC-3653
Signed-off-by: André Schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test')
4 files changed, 144 insertions, 34 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java index 5f5f9eb7dc..96d11eb148 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java @@ -19,6 +19,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; +import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; import static org.junit.Assert.fail; @@ -27,12 +28,21 @@ import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; import java.io.IOException; +import java.net.URI; import java.net.URISyntaxException; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; -import org.junit.Before; -import org.junit.Test; +import java.util.List; +import java.util.UUID; +import java.util.stream.Collectors; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.mockito.Mock; +import org.openecomp.sdc.be.csar.storage.ArtifactInfo; +import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; @@ -40,37 +50,88 @@ import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; -public class CsarSecurityValidatorTest { +class CsarSecurityValidatorTest { - private static final String BASE_DIR = "/vspmanager.csar/"; + private static final String BASE_DIR = "/vspmanager.csar/signing/"; + private static final String DELIMITER = "---"; private CsarSecurityValidator csarSecurityValidator; @Mock - SecurityManager securityManager; + private SecurityManager securityManager; - @Before - public void setUp() { + @AfterEach + void tearDown() throws Exception { + restore(); + } + + private void restore() throws Exception { + final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI(); + final List<Path> list = Files.list(Path.of(uri.getPath())).filter(path -> path.toString().contains(DELIMITER)).collect(Collectors.toList()); + for (final Path path : list) { + final String[] split = path.toString().split(DELIMITER); + Files.move(path, Path.of(split[0]), REPLACE_EXISTING); + } + } + + @BeforeEach + public void setUp() throws Exception { initMocks(this); csarSecurityValidator = new CsarSecurityValidator(securityManager); + backup(); + } + + private void backup() throws Exception { + final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI(); + final List<Path> list = Files.list(Path.of(uri.getPath())).collect(Collectors.toList()); + for (final Path path : list) { + Files.copy(path, Path.of(path.toString() + DELIMITER + UUID.randomUUID()), REPLACE_EXISTING); + } } @Test - public void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException { - final byte[] packageBytes = getFileBytesOrFail("signing/signed-package.zip"); - final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package.zip", + void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException { + final byte[] packageBytes = getFileBytesOrFail("signed-package.zip"); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null); + when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true); + final boolean isSignatureValid = csarSecurityValidator + .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); + assertThat("Signature should be valid", isSignatureValid, is(true)); + } + + @Test + void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException { + final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null); + //no mocked securityManager + csarSecurityValidator = new CsarSecurityValidator(); + Assertions.assertThrows(SecurityManagerException.class, () -> { + csarSecurityValidator + .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); + }); + } + + @Test + void isSignatureValidTestCorrectStructureAndValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException { + final byte[] packageBytes = getFileBytesOrFail("signed-package.zip"); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package.zip", packageBytes, null); when(securityManager.verifySignedData(any(), any(), any())).thenReturn(true); - final boolean isSignatureValid = csarSecurityValidator.verifyPackageSignature(onboardSignedPackage); + final boolean isSignatureValid = csarSecurityValidator + .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); + assertThat("Signature should be valid", isSignatureValid, is(true)); } - @Test(expected = SecurityManagerException.class) - public void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException { - final byte[] packageBytes = getFileBytesOrFail("signing/signed-package-tampered-data.zip"); - final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package-tampered-data.zip", + @Test + void isSignatureValidTestCorrectStructureAndNotValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException { + final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package-tampered-data.zip", packageBytes, null); //no mocked securityManager csarSecurityValidator = new CsarSecurityValidator(); - csarSecurityValidator.verifyPackageSignature(onboardSignedPackage); + Assertions.assertThrows(SecurityManagerException.class, () -> { + csarSecurityValidator + .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); + }); } private byte[] getFileBytesOrFail(final String path) { @@ -87,8 +148,21 @@ public class CsarSecurityValidatorTest { CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI())); } - private OnboardSignedPackage loadSignedPackage(final String packageName, final byte[] packageBytes, - CnfPackageValidator cnfPackageValidator) { + private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes, + final CnfPackageValidator cnfPackageValidator) { + final OnboardingPackageProcessor onboardingPackageProcessor = + new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, + new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip"))); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + if (onboardPackageInfo == null) { + fail("Unexpected error. Could not load original package"); + } + + return onboardPackageInfo; + } + + private OnboardPackageInfo loadSignedPackageWithoutArtifactInfo(final String packageName, final byte[] packageBytes, + final CnfPackageValidator cnfPackageValidator) { final OnboardingPackageProcessor onboardingPackageProcessor = new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, null); final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); @@ -96,6 +170,6 @@ public class CsarSecurityValidatorTest { fail("Unexpected error. Could not load original package"); } - return (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(); + return onboardPackageInfo; } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java index b5479e0868..6dc5517c45 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java @@ -27,14 +27,20 @@ import java.io.File; import java.io.IOException; import java.net.URISyntaxException; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; import org.apache.commons.io.FileUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; +import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; +import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; -public class SecurityManagerTest { +class SecurityManagerTest { private File certDir; private String cerDirPath = "/tmp/cert/"; @@ -71,7 +77,7 @@ public class SecurityManagerTest { } @Test - public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException { + void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException { File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem"); assertEquals(1, securityManager.getTrustedCertificates().size()); newFile.delete(); @@ -79,13 +85,13 @@ public class SecurityManagerTest { } @Test - public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException { + void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException { certDir.delete(); assertEquals(0, securityManager.getTrustedCertificates().size()); } @Test - public void testGetCertificatesException() throws IOException, SecurityManagerException { + void testGetCertificatesException() throws IOException, SecurityManagerException { File newFile = new File(cerDirPath + "root-certificate.pem"); newFile.createNewFile(); Assertions.assertThrows(SecurityManagerException.class, () -> { @@ -97,9 +103,9 @@ public class SecurityManagerTest { } @Test - public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException { + void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException { File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem"); - assertTrue(securityManager.getTrustedCertificates().size() == 1); + assertEquals(1, securityManager.getTrustedCertificates().size()); File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem"); assertEquals(2, securityManager.getTrustedCertificates().size()); otherNewFile.delete(); @@ -109,7 +115,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms"); byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar"); @@ -117,7 +123,22 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() + throws IOException, URISyntaxException, SecurityManagerException { + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip"); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), + new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip"))); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + } + + @Test + void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException { Assertions.assertThrows(SecurityManagerException.class, () -> { prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert"); byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms"); @@ -128,7 +149,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms"); byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar"); @@ -137,7 +158,22 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() + throws IOException, URISyntaxException, SecurityManagerException { + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip"); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), + new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip"))); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + } + + @Test + void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException { prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt"); byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms"); @@ -147,7 +183,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException { Assertions.assertThrows(SecurityManagerException.class, () -> { prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert"); prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt"); @@ -160,7 +196,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() + void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException { prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt"); @@ -170,7 +206,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException { prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt"); byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms"); @@ -180,7 +216,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException { Assertions.assertThrows(SecurityManagerException.class, () -> { prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert"); byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms"); @@ -192,7 +228,7 @@ public class SecurityManagerTest { } @Test - public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException { + void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException { Assertions.assertThrows(SecurityManagerException.class, () -> { prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert"); byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms"); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip Binary files differnew file mode 100644 index 0000000000..be48e8a674 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip Binary files differnew file mode 100644 index 0000000000..7f2eacbe10 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip |