summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
diff options
context:
space:
mode:
authorkooper <sergey.sachkov@est.tech>2019-04-02 09:22:01 +0000
committerkooper <sergey.sachkov@est.tech>2019-04-02 09:22:01 +0000
commitb2f9dc5d3bc02564b4d952caa0bf2ccd20dfc6af (patch)
tree9d26cfd0a4771c38bc1f662d697bce77190d5e4c /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
parentddaa4ab7cbefb3c765b6d5732bef568a447f134a (diff)
Verify signature
Change-Id: I8fc5d50d74d3dd8031c96ee16708489dc7c789b8 Issue-ID: SDC-2163 Signed-off-by: kooper <sergey.sachkov@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml5
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java269
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java27
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java108
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.cms34
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.csarbin0 -> 3866 bytes
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cert20
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cms17
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.csarbin0 -> 3866 bytes
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert22
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.cms34
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.csarbin0 -> 3877 bytes
12 files changed, 483 insertions, 53 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
index 66f04f1ba7..74a691b373 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
@@ -204,6 +204,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bouncycastle.version}</version>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
index d2da7ef20f..7b1890dcaa 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -20,83 +20,292 @@
package org.openecomp.sdc.vendorsoftwareproduct.security;
import com.google.common.collect.ImmutableSet;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSTypedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.util.Store;
import org.openecomp.sdc.logging.api.Logger;
import org.openecomp.sdc.logging.api.LoggerFactory;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.cert.CertPathBuilder;
+import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.PKIXCertPathBuilderResult;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
- * This is temporary solution. When AAF provides functionality for verifying certificates, this class should be reviewed
- * Class is responsible for providing root certificates from configured location in onboarding container.
+ * This is temporary solution. When AAF provides functionality for verifying trustedCertificates, this class should be reviewed
+ * Class is responsible for providing root trustedCertificates from configured location in onboarding container.
*/
public class SecurityManager {
- private static final String CERTIFICATE_DEFAULT_LOCATION = "/root/cert";
+ private static final String CERTIFICATE_DEFAULT_LOCATION = "cert";
+ private static final SecurityManager INSTANCE = new SecurityManager();
private Logger logger = LoggerFactory.getLogger(SecurityManager.class);
- private Set<Certificate> certificates = new HashSet<>();
+ private Set<X509Certificate> trustedCertificates = new HashSet<>();
private File certificateDirectory;
+ static {
+ if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+ }
- public SecurityManager(){
+ private SecurityManager() {
certificateDirectory = this.getcertDirectory();
}
- private void processCertificateDir() {
- if(!certificateDirectory.exists() || !certificateDirectory.isDirectory()){
+ public static SecurityManager getInstance(){
+ return INSTANCE;
+ }
+
+ /**
+ *
+ * Checks the configured location for available trustedCertificates
+ *
+ * @return set of trustedCertificates
+ * @throws SecurityManagerException
+ */
+ public Set<X509Certificate> getTrustedCertificates() throws SecurityManagerException {
+ //if file number in certificate directory changed reload certs
+ String[] certFiles = certificateDirectory.list();
+ if (certFiles == null) {
+ logger.error("Certificate directory is empty!");
+ return ImmutableSet.copyOf(new HashSet<>());
+ }
+ if (trustedCertificates.size() != certFiles.length) {
+ trustedCertificates = new HashSet<>();
+ processCertificateDir();
+ }
+ return ImmutableSet.copyOf(trustedCertificates);
+ }
+
+ /**
+ * Cleans certificate collection
+ */
+ public void cleanTrustedCertificates(){
+ trustedCertificates.clear();
+ }
+
+ /**
+ *
+ * Verifies if packaged signed with trusted certificate
+ *
+ * @param messageSyntaxSignature - signature data in cms format
+ * @param packageCert - package certificate if not part of cms signature, can be null
+ * @param innerPackageFile data package signed with cms signature
+ * @return true if signature verified
+ * @throws SecurityManagerException
+ */
+ public boolean verifySignedData(final byte[] messageSyntaxSignature, final byte[] packageCert,
+ final byte[] innerPackageFile) throws SecurityManagerException{
+ try (ByteArrayInputStream signatureStream = new ByteArrayInputStream(messageSyntaxSignature)) {
+ Object parsedObject = new PEMParser(new InputStreamReader(signatureStream)).readObject();
+ if (!(parsedObject instanceof ContentInfo)) {
+ throw new SecurityManagerException("Signature is not recognized");
+ }
+ ContentInfo signature = ContentInfo.getInstance(parsedObject);
+ CMSTypedData signedContent = new CMSProcessableByteArray(innerPackageFile);
+ CMSSignedData signedData = new CMSSignedData(signedContent, signature);
+
+ Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+ SignerInformation firstSigner = signers.iterator().next();
+ Store certificates = signedData.getCertificates();
+ X509Certificate cert;
+ if (packageCert == null) {
+ Collection<X509CertificateHolder> firstSignerCertificates = certificates.getMatches(firstSigner.getSID());
+ if(!firstSignerCertificates.iterator().hasNext()){
+ throw new SecurityManagerException("No certificate found in cms signature that should contain one!");
+ }
+ X509CertificateHolder firstSignerFirstCertificate = firstSignerCertificates.iterator().next();
+ cert = loadCertificate(firstSignerFirstCertificate.getEncoded());
+ } else {
+ cert = loadCertificate(packageCert);
+ }
+
+ PKIXCertPathBuilderResult result = verifyCertificate(cert, getTrustedCertificates());
+
+ if (result == null) {
+ return false;
+ }
+
+ return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert));
+ } catch (OperatorCreationException | IOException | CMSException e) {
+ logger.error(e.getMessage(), e);
+ throw new SecurityManagerException("Unexpected error occurred during signature validation!", e);
+ } catch (GeneralSecurityException e){
+ throw new SecurityManagerException("Could not verify signature!", e);
+ }
+ }
+
+ private void processCertificateDir() throws SecurityManagerException {
+ if (!certificateDirectory.exists() || !certificateDirectory.isDirectory()) {
logger.error("Issue with certificate directory, check if exists!");
return;
}
- File [] files = certificateDirectory.listFiles();
- if(files == null){
+ File[] files = certificateDirectory.listFiles();
+ if (files == null) {
logger.error("Certificate directory is empty!");
return;
}
- for(File f : files) {
- certificates.add(loadCertificate(f));
+ for (File f : files) {
+ trustedCertificates.add(loadCertificate(f));
}
}
private File getcertDirectory() {
String certDirLocation = System.getenv("SDC_CERT_DIR");
- if(certDirLocation == null){
+ if (certDirLocation == null) {
certDirLocation = CERTIFICATE_DEFAULT_LOCATION;
}
return new File(certDirLocation);
}
- private Certificate loadCertificate(File certFile){
- try (InputStream fileInputStream = new FileInputStream(certFile)){
+ private X509Certificate loadCertificate(File certFile) throws SecurityManagerException {
+ try (InputStream fileInputStream = new FileInputStream(certFile)) {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
- return factory.generateCertificate(fileInputStream);
- } catch (CertificateException|IOException e) {
+ return (X509Certificate) factory.generateCertificate(fileInputStream);
+ } catch (CertificateException | IOException e) {
throw new SecurityManagerException("Error during loading Certificate file!", e);
}
}
- /**
- * Checks the configured location for available certificates
- * @return set of certificates
- */
- public Set<Certificate> getCertificates() {
- //if file number in certificate directory changed reload certs
- String[] certFiles = certificateDirectory.list();
- if(certFiles == null){
- logger.error("Certificate directory is empty!");
- return ImmutableSet.copyOf(new HashSet<>());
+ private X509Certificate loadCertificate(byte[] certFile) throws SecurityManagerException {
+ try (InputStream in = new ByteArrayInputStream(certFile)) {
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return (X509Certificate) factory.generateCertificate(in);
+ } catch (CertificateException | IOException e) {
+ throw new SecurityManagerException("Error during loading Certificate from bytes!", e);
}
- if(certificates.size() != certFiles.length){
- certificates = new HashSet<>();
- processCertificateDir();
+ }
+
+ private PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert,
+ Set<X509Certificate> additionalCerts) throws GeneralSecurityException, SecurityManagerException {
+ if (null == cert) {
+ throw new SecurityManagerException("The certificate is empty!");
+ }
+
+ if (isExpired(cert)) {
+ throw new SecurityManagerException("The certificate expired on: " + cert.getNotAfter());
+ }
+
+ if (isSelfSigned(cert)) {
+ throw new SecurityManagerException("The certificate is self-signed.");
+ }
+
+ Set<X509Certificate> trustedRootCerts = new HashSet<>();
+ Set<X509Certificate> intermediateCerts = new HashSet<>();
+ for (X509Certificate additionalCert : additionalCerts) {
+ if (isSelfSigned(additionalCert)) {
+ trustedRootCerts.add(additionalCert);
+ } else {
+ intermediateCerts.add(additionalCert);
+ }
+ }
+
+ return verifyCertificate(cert, trustedRootCerts, intermediateCerts);
+ }
+
+ private PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert,
+ Set<X509Certificate> allTrustedRootCerts,
+ Set<X509Certificate> allIntermediateCerts)
+ throws GeneralSecurityException {
+
+ // Create the selector that specifies the starting certificate
+ X509CertSelector selector = new X509CertSelector();
+ selector.setCertificate(cert);
+
+ // Create the trust anchors (set of root CA certificates)
+ Set<TrustAnchor> trustAnchors = new HashSet<>();
+ for (X509Certificate trustedRootCert : allTrustedRootCerts) {
+ trustAnchors.add(new TrustAnchor(trustedRootCert, null));
+ }
+
+ // Configure the PKIX certificate builder algorithm parameters
+ PKIXBuilderParameters pkixParams;
+ try {
+ pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new InvalidAlgorithmParameterException("No root CA has been found for this certificate", ex);
+ }
+
+ // Not supporting CRL checks for now
+ pkixParams.setRevocationEnabled(false);
+
+ Set<X509Certificate> certSet = new HashSet<>();
+ certSet.add(cert);
+ pkixParams.addCertStore(createCertStore(certSet));
+ pkixParams.addCertStore(createCertStore(allIntermediateCerts));
+ pkixParams.addCertStore(createCertStore(allTrustedRootCerts));
+
+ CertPathBuilder builder = CertPathBuilder.getInstance(CertPathBuilder.getDefaultType(), BouncyCastleProvider.PROVIDER_NAME);
+ return (PKIXCertPathBuilderResult) builder.build(pkixParams);
+ }
+
+ private CertStore createCertStore(Set<X509Certificate> certificateSet) throws InvalidAlgorithmParameterException,
+ NoSuchAlgorithmException, NoSuchProviderException {
+ return CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificateSet), BouncyCastleProvider.PROVIDER_NAME);
+ }
+
+ private boolean isExpired(X509Certificate cert) {
+ try {
+ cert.checkValidity();
+ } catch (CertificateExpiredException e) {
+ logger.error(e.getMessage(), e);
+ return true;
+ } catch (CertificateNotYetValidException e) {
+ logger.error(e.getMessage(), e);
+ return false;
+ }
+ return false;
+ }
+
+ private boolean isSelfSigned(Certificate cert)
+ throws CertificateException, NoSuchAlgorithmException,
+ NoSuchProviderException {
+ try {
+ // Try to verify certificate signature with its own public key
+ PublicKey key = cert.getPublicKey();
+ cert.verify(key);
+ return true;
+ } catch (SignatureException | InvalidKeyException e) {
+ logger.error(e.getMessage(), e);
+ //not self-signed
+ return false;
}
- return ImmutableSet.copyOf(certificates);
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
index 5c5a23a5f8..cdba2f8f0b 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
@@ -1,8 +1,31 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2019, Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
package org.openecomp.sdc.vendorsoftwareproduct.security;
-public class SecurityManagerException extends RuntimeException {
+public class SecurityManagerException extends Exception {
- public SecurityManagerException(String s, Throwable t) {
+ public SecurityManagerException(String s) {
super(s);
}
+
+ public SecurityManagerException(String s, Throwable t) {
+ super(s, t);
+ }
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index c693015791..eea8a3a186 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -6,11 +6,15 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import java.io.File;
import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import static junit.framework.TestCase.assertEquals;
import static junit.framework.TestCase.assertTrue;
@@ -18,67 +22,129 @@ import static org.mockito.ArgumentMatchers.eq;
@RunWith(PowerMockRunner.class)
@PrepareForTest(SecurityManager.class)
+@PowerMockIgnore("javax.security.auth.x500.X500Principal")
public class SecurityManagerTest {
- File certDir;
+ private File certDir;
+ private SecurityManager securityManager;
@Before
- public void setUp(){
+ public void setUp() throws IOException {
certDir = new File("/tmp/cert");
+ if(certDir.exists()){
+ tearDown();
+ }
certDir.mkdirs();
PowerMockito.mockStatic(System.class);
PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath());
+ securityManager = SecurityManager.getInstance();
}
@After
- public void tearDown(){
- certDir.delete();
+ public void tearDown() throws IOException {
+ if(certDir.exists()) {
+ FileUtils.deleteDirectory(certDir);
+ }
+ securityManager.cleanTrustedCertificates();
}
@Test
- public void testGetCertificates() throws IOException {
+ public void testGetCertificates() throws IOException, SecurityManagerException {
File origFile = new File("src/test/resources/cert/root-certificate.pem");
File newFile = new File("/tmp/cert/root-certificate.pem");
newFile.createNewFile();
FileUtils.copyFile(origFile, newFile);
- SecurityManager securityManager = new SecurityManager();
- assertEquals(1, securityManager.getCertificates().size());
+ assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
- assertEquals(0, securityManager.getCertificates().size());
+ assertEquals(0, securityManager.getTrustedCertificates().size());
}
@Test
- public void testGetCertificatesNoDirectory() throws IOException {
+ public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
certDir.delete();
- SecurityManager securityManager = new SecurityManager();
- assertEquals(0, securityManager.getCertificates().size());
+ assertEquals(0, securityManager.getTrustedCertificates().size());
}
@Test(expected = SecurityManagerException.class)
- public void testGetCertificatesException() throws IOException {
+ public void testGetCertificatesException() throws IOException, SecurityManagerException {
File newFile = new File("/tmp/cert/root-certificate.pem");
newFile.createNewFile();
- SecurityManager securityManager = new SecurityManager();
- assertEquals(1, securityManager.getCertificates().size());
+ assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
- assertEquals(0, securityManager.getCertificates().size());
+ assertEquals(0, securityManager.getTrustedCertificates().size());
}
@Test
- public void testGetCertificatesUpdated() throws IOException {
+ public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
File origFile = new File("src/test/resources/cert/root-certificate.pem");
File newFile = new File("/tmp/cert/root-certificate.pem");
newFile.createNewFile();
FileUtils.copyFile(origFile, newFile);
- SecurityManager securityManager = new SecurityManager();
- assertTrue(securityManager.getCertificates().size() == 1);
+ assertTrue(securityManager.getTrustedCertificates().size() == 1);
File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
File otherNewFile = new File("/tmp/cert/package-certificate.pem");
newFile.createNewFile();
FileUtils.copyFile(otherOrigFile, otherNewFile);
- assertEquals(2, securityManager.getCertificates().size());
+ assertEquals(2, securityManager.getTrustedCertificates().size());
otherNewFile.delete();
- assertEquals(1, securityManager.getCertificates().size());
+ assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
- assertEquals(0, securityManager.getCertificates().size());
+ assertEquals(0, securityManager.getTrustedCertificates().size());
+ }
+
+ @Test
+ public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ File origFile = new File("src/test/resources/cert/root.cert");
+ File newFile = new File("/tmp/cert/root.cert");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.cms").toURI()));
+ byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.csar").toURI()));
+ assertTrue(securityManager.verifySignedData(signature, null, archive));
+ }
+
+ @Test(expected = SecurityManagerException.class)
+ public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
+ File origFile = new File("src/test/resources/cert/root.cert");
+ File newFile = new File("/tmp/cert/root.cert");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+ byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.csar").toURI()));
+ securityManager.verifySignedData(signature, null, archive);
+ }
+
+ @Test
+ public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ File origFile = new File("src/test/resources/cert/root.cert");
+ File newFile = new File("/tmp/cert/root.cert");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+ byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.csar").toURI()));
+ byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cert").toURI()));
+ assertTrue(securityManager.verifySignedData(signature, cert, archive));
+ }
+
+ @Test(expected = SecurityManagerException.class)
+ public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
+ File origFile = new File("src/test/resources/cert/root-certificate.pem");
+ File newFile = new File("/tmp/cert/root-certificate.cert");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+ byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.csar").toURI()));
+ byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cert").toURI()));
+ securityManager.verifySignedData(signature, cert, archive);
+ }
+
+ @Test(expected = SecurityManagerException.class)
+ public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
+ File origFile = new File("src/test/resources/cert/root.cert");
+ File newFile = new File("/tmp/cert/root.cert");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv3.cms").toURI()));
+ byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv3.csar").toURI()));
+ securityManager.verifySignedData(signature, null, archive);
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.cms
new file mode 100644
index 0000000000..fca5faca8e
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.cms
@@ -0,0 +1,34 @@
+-----BEGIN CMS-----
+MIIF9AYJKoZIhvcNAQcCoIIF5TCCBeECAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBoIIDPjCCAzowggIiAgkAmTZc6pj8rWYwDQYJKoZIhvcNAQELBQAwXzEL
+MAkGA1UEBhMCSUUxEjAQBgNVBAgMCVdlc3RtZWF0aDEQMA4GA1UEBwwHQXRobG9u
+ZTEMMAoGA1UECgwDRVNZMQ8wDQYDVQQLDAZUZWNobm8xCzAJBgNVBAMMAlNTMB4X
+DTE5MDMyODEzMDQ0NloXDTE5MDQyNzEzMDQ0NlowXzELMAkGA1UEBhMCSUUxEjAQ
+BgNVBAgMCVdlc3RtZWF0aDEQMA4GA1UEBwwHQXRobG9uZTEMMAoGA1UECgwDRVNZ
+MQ8wDQYDVQQLDAZUZWNobm8xCzAJBgNVBAMMAlNTMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAqzpc/mRJZe5fxh9yo2ZmFCrNCynrbtLujp2GJwW40Nh0
+89jUBb49zFRwHrUUTlmIZRMrW8XDopX1LDajE+pzNxv+skdpZaPHhEjYcqbFIL1I
+KiWxo1PTBi/9KgSFlzc5eewolrwV+NX76p2+xkLDwt6rnZy8UiubVH7U4mUnPtxy
+Wx/W7uVGaZDKo0g2PNcFayRcL5skbm0Una2TjjAunwGP3FkxKigw+LukLE+w2fvE
+C7b8ndIk10WER9rCIeMCf1571Ub8WJzR/80PfhJxbxoroRaiGESFh3kNNfqanLcS
+Q4I9KHWeijOhSW0pHkqL2KPAee35FtfEUpL5aN0OcwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQBlm8RMspc6cwcktqJXDLZLZiHSoapQqcq3TI3dkhU2uEFTstnxnXa3
+r4eTVF8tre2BjvxJtgmM7qMnoDTFo+uUjkvuBBalLARbQM+gF6PAeRLYRHMLSkN/
+yOfnyQ3ypYAQMpEHVG0Er6B5+KbQwFr2G0XBW0zE8au9oGzqBUNg7e0O22AyXqQk
+uhHzXXVhz6sWxJVv51gjPoWtr/1YbsGmJPimFIuz9GvrZD1MKGQ4sotZvRkfofHz
+ePg0y8taAcdXHJwfmAeiJdc0S9SsYxKLAz1OB+n4oQTsk+31cnKflp+wVfeNyaRP
+sdFf4KLicluzbwIRJ/x0h2r/lTorGGUcMYICfDCCAngCAQEwbDBfMQswCQYDVQQG
+EwJJRTESMBAGA1UECAwJV2VzdG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYD
+VQQKDANFU1kxDzANBgNVBAsMBlRlY2hubzELMAkGA1UEAwwCU1MCCQCZNlzqmPyt
+ZjALBglghkgBZQMEAgGggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
+hkiG9w0BCQUxDxcNMTkwMzI4MTMwODUwWjAvBgkqhkiG9w0BCQQxIgQg9ya6QcX9
+J6hp+zfK1gceoLlpApp92mfxGoX3eZ1dMUwweQYJKoZIhvcNAQkPMWwwajALBglg
+hkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO
+BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN
+AwICASgwDQYJKoZIhvcNAQEBBQAEggEAAmmSdu8W5zr8DVrkASlujCCSLwKq1XE+
+knlrR84UkkpRz8SacfxtoQL2/T6H0LyOnlJTOGQj3M8w2CaYKKWamnp/2jLZFvUn
+aaPbCdKeKvwPiL99iBIqXWcHXJKk5Ch3fIfcWyAfl48HAB7MFE3TlKk0qUQVXlZP
+7/c4PGaqtbfB7pDuJx6k+Bd2dqG4Xe8RDdvKDEK33HzkAZ72ZPuEL3Zw77eeWZS6
+vyAQTxEkFKERiC1AkmGUdAfTolzYGn1LlTcqb1P59nzs/AZ16JKx6ZITumhaSG6Q
+JvkvodxD99bhOh3pHaLkTkkcLxEEE9OscYEtWvIdIGyfjrpGIFP31g==
+-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.csar b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.csar
new file mode 100644
index 0000000000..2c626ed90b
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv3.csar
Binary files differ
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cert
new file mode 100644
index 0000000000..d7da41db94
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOjCCAiICCQCZNlzqmPytZjANBgkqhkiG9w0BAQsFADBfMQswCQYDVQQGEwJJ
+RTESMBAGA1UECAwJV2VzdG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQK
+DANFU1kxDzANBgNVBAsMBlRlY2hubzELMAkGA1UEAwwCU1MwHhcNMTkwMzI4MTMw
+NDQ2WhcNMTkwNDI3MTMwNDQ2WjBfMQswCQYDVQQGEwJJRTESMBAGA1UECAwJV2Vz
+dG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQKDANFU1kxDzANBgNVBAsM
+BlRlY2hubzELMAkGA1UEAwwCU1MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCrOlz+ZEll7l/GH3KjZmYUKs0LKetu0u6OnYYnBbjQ2HTz2NQFvj3MVHAe
+tRROWYhlEytbxcOilfUsNqMT6nM3G/6yR2llo8eESNhypsUgvUgqJbGjU9MGL/0q
+BIWXNzl57CiWvBX41fvqnb7GQsPC3qudnLxSK5tUftTiZSc+3HJbH9bu5UZpkMqj
+SDY81wVrJFwvmyRubRSdrZOOMC6fAY/cWTEqKDD4u6QsT7DZ+8QLtvyd0iTXRYRH
+2sIh4wJ/XnvVRvxYnNH/zQ9+EnFvGiuhFqIYRIWHeQ01+pqctxJDgj0odZ6KM6FJ
+bSkeSovYo8B57fkW18RSkvlo3Q5zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGWb
+xEyylzpzByS2olcMtktmIdKhqlCpyrdMjd2SFTa4QVOy2fGddrevh5NUXy2t7YGO
+/Em2CYzuoyegNMWj65SOS+4EFqUsBFtAz6AXo8B5EthEcwtKQ3/I5+fJDfKlgBAy
+kQdUbQSvoHn4ptDAWvYbRcFbTMTxq72gbOoFQ2Dt7Q7bYDJepCS6EfNddWHPqxbE
+lW/nWCM+ha2v/VhuwaYk+KYUi7P0a+tkPUwoZDiyi1m9GR+h8fN4+DTLy1oBx1cc
+nB+YB6Il1zRL1KxjEosDPU4H6fihBOyT7fVycp+Wn7BV943JpE+x0V/gouJyW7Nv
+AhEn/HSHav+VOisYZRw=
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cms
new file mode 100644
index 0000000000..eeee6a977b
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.cms
@@ -0,0 +1,17 @@
+-----BEGIN CMS-----
+MIICsgYJKoZIhvcNAQcCoIICozCCAp8CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICfDCCAngCAQEwbDBfMQswCQYDVQQGEwJJRTESMBAGA1UECAwJV2Vz
+dG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQKDANFU1kxDzANBgNVBAsM
+BlRlY2hubzELMAkGA1UEAwwCU1MCCQCZNlzqmPytZjALBglghkgBZQMEAgGggeQw
+GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwMzI4
+MTMxMDI2WjAvBgkqhkiG9w0BCQQxIgQg9ya6QcX9J6hp+zfK1gceoLlpApp92mfx
+GoX3eZ1dMUwweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUD
+BAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI
+KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEB
+BQAEggEAGGYZ4DsMUDzjMVpJU9zwLzTtxO1wCnouTVw8FJT2utGnUds+OexbKQoj
+pCCfuAL1k9UaP3uyNXOjuMx8tzlQY0gZJzaKpYJ7vh0q6P9IZs0hjcvEXPhRTI/y
+vI8mHP3WIXwuh36ehRmqALnGbBcOj46k578gAf/p1hHD3/ceQfB1MSkSVMwvf+yP
+3YwJyvKHYYlGaaAbSjnIK+7g2tuRIvFdXGk30CU2mnldvb3JltfxB5MkZgEM6hPz
+ZhjgNDtmFDZzoblEOCvFJnpXg2IF7bAPjObNaPd20ZRvRSRhQODktT5EHARRT53Y
+p+03N4IUz89hw/roOnq0nlbetQSKvg==
+-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.csar b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.csar
new file mode 100644
index 0000000000..2c626ed90b
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv3.csar
Binary files differ
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert
new file mode 100644
index 0000000000..767804ede4
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIJANxs5zQCT2zPMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
+BAYTAklFMRIwEAYDVQQIDAlXZXN0bWVhdGgxEDAOBgNVBAcMB0F0aGxvbmUxDDAK
+BgNVBAoMA0VTWTEPMA0GA1UECwwGVGVjaG5vMQswCQYDVQQDDAJTUzAeFw0xOTAz
+MjgxMzAyMDVaFw0xOTA0MjcxMzAyMDVaMF8xCzAJBgNVBAYTAklFMRIwEAYDVQQI
+DAlXZXN0bWVhdGgxEDAOBgNVBAcMB0F0aGxvbmUxDDAKBgNVBAoMA0VTWTEPMA0G
+A1UECwwGVGVjaG5vMQswCQYDVQQDDAJTUzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALwd8mRaVTPIiyJEGuscMulTg7EyQGUcVgRUJDrcEsubK9vgDEqh
+0BTps1xO01LX7RaXSe4KWTcsJG41QsdX9lo94VoYZFfR0tVKCkPjWoaynl0cZEAZ
+r6vADWwQkWWi1Czwr9fTX9NBu68IexLATuS387gafonlzvpa4TLVwi69ogNlVa91
+pKkeZCBWbhgDgYDz5pEbKPJ6TRab/sFxZOx/HBIM9i7INvwNhdnZF77eZVgNUX2z
+XKFcXOklmY9gEr9HQtsFIyTxlOdL2DF7JspgN0Yfb6hqAKE/sfOgQ6h3A+n4AuA1
+gtgC6k0OVps2ZM3jlmpYatKorz22zp3nhzECAwEAAaNTMFEwHQYDVR0OBBYEFGci
+Qjw5QhCSvwl86i6weBl++bQvMB8GA1UdIwQYMBaAFGciQjw5QhCSvwl86i6weBl+
++bQvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHtMPlNaUJPy
+IXBOjROu0LlRXWJ/u7TVLaLaLnok5Sy/9QAz/FBKzOvMP1cmavsZiZC/9ISEaWFv
+KlTOeZrhUl7WGk8pJPkkfATxt7HtRxO/c0RNrJin1AWWjQnUxjCB+nuqKS2h/itG
+fHyHzzB3kjzxaK73kVuh8fzdxRDkg6QgLyW83BJ8T/U/VOuM3HRNIF86cazgae7E
+7c9SrnXZ67IS7w3gxm/L/k5Rpd4XuuumaDuDz3NhGj1HFh323x11jheMmfl559SK
+qU5NIC2qwKYGhzDojgLUJeL9g52DeS4eZ3DmINFRK2g0UMrHrypKq5aQ2v1kac6X
+Io5o3F3L2DE=
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.cms
new file mode 100644
index 0000000000..fca5faca8e
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.cms
@@ -0,0 +1,34 @@
+-----BEGIN CMS-----
+MIIF9AYJKoZIhvcNAQcCoIIF5TCCBeECAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBoIIDPjCCAzowggIiAgkAmTZc6pj8rWYwDQYJKoZIhvcNAQELBQAwXzEL
+MAkGA1UEBhMCSUUxEjAQBgNVBAgMCVdlc3RtZWF0aDEQMA4GA1UEBwwHQXRobG9u
+ZTEMMAoGA1UECgwDRVNZMQ8wDQYDVQQLDAZUZWNobm8xCzAJBgNVBAMMAlNTMB4X
+DTE5MDMyODEzMDQ0NloXDTE5MDQyNzEzMDQ0NlowXzELMAkGA1UEBhMCSUUxEjAQ
+BgNVBAgMCVdlc3RtZWF0aDEQMA4GA1UEBwwHQXRobG9uZTEMMAoGA1UECgwDRVNZ
+MQ8wDQYDVQQLDAZUZWNobm8xCzAJBgNVBAMMAlNTMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAqzpc/mRJZe5fxh9yo2ZmFCrNCynrbtLujp2GJwW40Nh0
+89jUBb49zFRwHrUUTlmIZRMrW8XDopX1LDajE+pzNxv+skdpZaPHhEjYcqbFIL1I
+KiWxo1PTBi/9KgSFlzc5eewolrwV+NX76p2+xkLDwt6rnZy8UiubVH7U4mUnPtxy
+Wx/W7uVGaZDKo0g2PNcFayRcL5skbm0Una2TjjAunwGP3FkxKigw+LukLE+w2fvE
+C7b8ndIk10WER9rCIeMCf1571Ub8WJzR/80PfhJxbxoroRaiGESFh3kNNfqanLcS
+Q4I9KHWeijOhSW0pHkqL2KPAee35FtfEUpL5aN0OcwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQBlm8RMspc6cwcktqJXDLZLZiHSoapQqcq3TI3dkhU2uEFTstnxnXa3
+r4eTVF8tre2BjvxJtgmM7qMnoDTFo+uUjkvuBBalLARbQM+gF6PAeRLYRHMLSkN/
+yOfnyQ3ypYAQMpEHVG0Er6B5+KbQwFr2G0XBW0zE8au9oGzqBUNg7e0O22AyXqQk
+uhHzXXVhz6sWxJVv51gjPoWtr/1YbsGmJPimFIuz9GvrZD1MKGQ4sotZvRkfofHz
+ePg0y8taAcdXHJwfmAeiJdc0S9SsYxKLAz1OB+n4oQTsk+31cnKflp+wVfeNyaRP
+sdFf4KLicluzbwIRJ/x0h2r/lTorGGUcMYICfDCCAngCAQEwbDBfMQswCQYDVQQG
+EwJJRTESMBAGA1UECAwJV2VzdG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYD
+VQQKDANFU1kxDzANBgNVBAsMBlRlY2hubzELMAkGA1UEAwwCU1MCCQCZNlzqmPyt
+ZjALBglghkgBZQMEAgGggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
+hkiG9w0BCQUxDxcNMTkwMzI4MTMwODUwWjAvBgkqhkiG9w0BCQQxIgQg9ya6QcX9
+J6hp+zfK1gceoLlpApp92mfxGoX3eZ1dMUwweQYJKoZIhvcNAQkPMWwwajALBglg
+hkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAO
+BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcN
+AwICASgwDQYJKoZIhvcNAQEBBQAEggEAAmmSdu8W5zr8DVrkASlujCCSLwKq1XE+
+knlrR84UkkpRz8SacfxtoQL2/T6H0LyOnlJTOGQj3M8w2CaYKKWamnp/2jLZFvUn
+aaPbCdKeKvwPiL99iBIqXWcHXJKk5Ch3fIfcWyAfl48HAB7MFE3TlKk0qUQVXlZP
+7/c4PGaqtbfB7pDuJx6k+Bd2dqG4Xe8RDdvKDEK33HzkAZ72ZPuEL3Zw77eeWZS6
+vyAQTxEkFKERiC1AkmGUdAfTolzYGn1LlTcqb1P59nzs/AZ16JKx6ZITumhaSG6Q
+JvkvodxD99bhOh3pHaLkTkkcLxEEE9OscYEtWvIdIGyfjrpGIFP31g==
+-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.csar b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.csar
new file mode 100644
index 0000000000..81cb1f72d2
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/tampered-signed-package/dummyPnfv3.csar
Binary files differ