summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
diff options
context:
space:
mode:
authorkooper <sergey.sachkov@est.tech>2019-03-22 10:28:46 +0000
committerOren Kleks <orenkle@amdocs.com>2019-03-24 07:14:19 +0000
commitc5927b27b83286c6f4aef7ae5be19a16398c23ce (patch)
tree3d9ab610b97f27c4d1c32062d3ce1a334210ff1f /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
parentb8cef3d6fe5ee531bcb13ec13f2e8a5b23b383ea (diff)
Retrieve issuer certificate
Change-Id: I22b9ed99d9b19ed300b5671826bd5cd369417f06 Issue-ID: SDC-2162 Signed-off-by: kooper <sergey.sachkov@est.tech>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml4
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java102
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java8
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java84
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem20
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem22
6 files changed, 238 insertions, 2 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
index 65babbdfd6..66f04f1ba7 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml
@@ -162,7 +162,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
- <artifactId>powermock-module-testng-common</artifactId>
+ <artifactId>powermock-module-junit4-common</artifactId>
<version>${powermock.version}</version>
<scope>test</scope>
</dependency>
@@ -174,7 +174,7 @@
</dependency>
<dependency>
<groupId>org.powermock</groupId>
- <artifactId>powermock-module-testng</artifactId>
+ <artifactId>powermock-module-junit4</artifactId>
<version>${powermock.version}</version>
<scope>test</scope>
</dependency>
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
new file mode 100644
index 0000000000..d2da7ef20f
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -0,0 +1,102 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2019, Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.openecomp.sdc.vendorsoftwareproduct.security;
+
+import com.google.common.collect.ImmutableSet;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * This is temporary solution. When AAF provides functionality for verifying certificates, this class should be reviewed
+ * Class is responsible for providing root certificates from configured location in onboarding container.
+ */
+public class SecurityManager {
+ private static final String CERTIFICATE_DEFAULT_LOCATION = "/root/cert";
+
+ private Logger logger = LoggerFactory.getLogger(SecurityManager.class);
+ private Set<Certificate> certificates = new HashSet<>();
+ private File certificateDirectory;
+
+
+ public SecurityManager(){
+ certificateDirectory = this.getcertDirectory();
+ }
+
+ private void processCertificateDir() {
+ if(!certificateDirectory.exists() || !certificateDirectory.isDirectory()){
+ logger.error("Issue with certificate directory, check if exists!");
+ return;
+ }
+
+ File [] files = certificateDirectory.listFiles();
+ if(files == null){
+ logger.error("Certificate directory is empty!");
+ return;
+ }
+ for(File f : files) {
+ certificates.add(loadCertificate(f));
+ }
+ }
+
+ private File getcertDirectory() {
+ String certDirLocation = System.getenv("SDC_CERT_DIR");
+ if(certDirLocation == null){
+ certDirLocation = CERTIFICATE_DEFAULT_LOCATION;
+ }
+ return new File(certDirLocation);
+ }
+
+ private Certificate loadCertificate(File certFile){
+ try (InputStream fileInputStream = new FileInputStream(certFile)){
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return factory.generateCertificate(fileInputStream);
+ } catch (CertificateException|IOException e) {
+ throw new SecurityManagerException("Error during loading Certificate file!", e);
+ }
+ }
+
+ /**
+ * Checks the configured location for available certificates
+ * @return set of certificates
+ */
+ public Set<Certificate> getCertificates() {
+ //if file number in certificate directory changed reload certs
+ String[] certFiles = certificateDirectory.list();
+ if(certFiles == null){
+ logger.error("Certificate directory is empty!");
+ return ImmutableSet.copyOf(new HashSet<>());
+ }
+ if(certificates.size() != certFiles.length){
+ certificates = new HashSet<>();
+ processCertificateDir();
+ }
+ return ImmutableSet.copyOf(certificates);
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
new file mode 100644
index 0000000000..5c5a23a5f8
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java
@@ -0,0 +1,8 @@
+package org.openecomp.sdc.vendorsoftwareproduct.security;
+
+public class SecurityManagerException extends RuntimeException {
+
+ public SecurityManagerException(String s, Throwable t) {
+ super(s);
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
new file mode 100644
index 0000000000..c693015791
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -0,0 +1,84 @@
+package org.openecomp.sdc.vendorsoftwareproduct.security;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(SecurityManager.class)
+public class SecurityManagerTest {
+ File certDir;
+
+ @Before
+ public void setUp(){
+ certDir = new File("/tmp/cert");
+ certDir.mkdirs();
+ PowerMockito.mockStatic(System.class);
+ PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath());
+ }
+
+ @After
+ public void tearDown(){
+ certDir.delete();
+ }
+
+ @Test
+ public void testGetCertificates() throws IOException {
+ File origFile = new File("src/test/resources/cert/root-certificate.pem");
+ File newFile = new File("/tmp/cert/root-certificate.pem");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ SecurityManager securityManager = new SecurityManager();
+ assertEquals(1, securityManager.getCertificates().size());
+ newFile.delete();
+ assertEquals(0, securityManager.getCertificates().size());
+ }
+
+ @Test
+ public void testGetCertificatesNoDirectory() throws IOException {
+ certDir.delete();
+ SecurityManager securityManager = new SecurityManager();
+ assertEquals(0, securityManager.getCertificates().size());
+ }
+
+ @Test(expected = SecurityManagerException.class)
+ public void testGetCertificatesException() throws IOException {
+ File newFile = new File("/tmp/cert/root-certificate.pem");
+ newFile.createNewFile();
+ SecurityManager securityManager = new SecurityManager();
+ assertEquals(1, securityManager.getCertificates().size());
+ newFile.delete();
+ assertEquals(0, securityManager.getCertificates().size());
+ }
+
+ @Test
+ public void testGetCertificatesUpdated() throws IOException {
+ File origFile = new File("src/test/resources/cert/root-certificate.pem");
+ File newFile = new File("/tmp/cert/root-certificate.pem");
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ SecurityManager securityManager = new SecurityManager();
+ assertTrue(securityManager.getCertificates().size() == 1);
+ File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
+ File otherNewFile = new File("/tmp/cert/package-certificate.pem");
+ newFile.createNewFile();
+ FileUtils.copyFile(otherOrigFile, otherNewFile);
+ assertEquals(2, securityManager.getCertificates().size());
+ otherNewFile.delete();
+ assertEquals(1, securityManager.getCertificates().size());
+ newFile.delete();
+ assertEquals(0, securityManager.getCertificates().size());
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem
new file mode 100644
index 0000000000..886b594f39
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiACCQCY9wg5bTEy6TANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMRcwFQYDVQQDDA5yb290IGF1dGhvcml0eTAeFw0xOTAzMjAxMjMz
+MDhaFw0xOTA0MTkxMjMzMDhaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNV
+BAMMDnBhY2thZ2Ugc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAsM9jqBlcBgzQsy6awwjFmBHhGmLXLnLXxhJns2gVmw7KBa/i7tbTOJRjqKFH
+kKT41gYo1MICWTHuYwCPnEZTuwHyRiK3DGC7p9I0HO5Sq/Wqrs5xnfcRjcEaC2hH
+GRpZlRj0g877GyNonWNN8tmFsSCD8PCX4WI1/j3RbLDEUROKPWpI3KU1vLcNv3TY
+Izk/AP7TJjG1k+VdIuPLmgeBhq71SQ3FYihPRhYK0jWqFlsjvjbpNBamX50/e2h3
+dCQGROpZEHqYZzuT6C0BM/9jKvudjBRNI+x1tUjaRSHj4arj6vBS2M2tX4peyt7i
+gmLVUPwCc9ke6uL9gIOC0hSf5QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmfdrV
+sbzG+e7nhbI0DFeFJp2UVynL0Gf9pjjqVfU/Me52MztNWNC8u66V6Vvs9K/HSa19
+VCepC52b0wDgdDkfxrlFWBAJiMwl+ROru9Pysc6vymSkWD2FsEv/JxYkD2OikfIX
+Q44TQa7Jc1Oij1DODwCsZpsT8IVpPyGOTXwoSbRNVDCVKtF5GWXQPztcg81nn6qR
+hs88jgPv+9+cz+r6E1pB6DZY7nfetnQluZdX/0VeCl6+fswIfVPt3hbKu21LSuRQ
+5PGlE2j8oztbXGP3EkwFooqxrFjkLHAVm+huCXQMdICs/Xj91NI4KhZyIz3jm+Bu
+FaISSUy9k9whoMye
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem
new file mode 100644
index 0000000000..c292035e01
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjzCCAnegAwIBAgIJANGn88sngb8EMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMMDnJvb3QgYXV0aG9yaXR5MB4XDTE5MDMy
+MDEyMzIwNloXDTE5MDQxOTEyMzIwNlowXjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
+ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEX
+MBUGA1UEAwwOcm9vdCBhdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDSpZ9UB5iZplYDhPu4DNcLS/0K1etO4T4de7Cd5UDFATpqVvzrT7xI
+3mc2JaTOSVYORYVWJRcWhp9KUKIyVA0J4w4xbCFoACLjRWQHzzji7WKDTmaSn/tj
+PyGubqN0h9IxUffWo3XnJ4pvdbpO+zIKYdBbEbxZFsI5J7hYZ7e3HpmZuFIN3UWl
+KU9UmbXFmmPrkn/7YHzu1KfWsOxao7L9YLRHibRyAPVTE+bXwO3xqI/4GQNlK3W5
+a5JIIgf74SZbni995tU1QCJ0vPgpsDRBWzwynTmppbp+Ii0PpROKx8FE4vvIfPKo
+OrHb02iwW6oAds43eegbWfE8wnaIxsGjAgMBAAGjUDBOMB0GA1UdDgQWBBSbTci1
+HIAinR504rzOn/vwwPxx6zAfBgNVHSMEGDAWgBSbTci1HIAinR504rzOn/vwwPxx
+6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB5eXIhIrtD1Eir5ISf
+swXL/4jIlUjDSJAxMXboGlxv0vzxv9YOXb3DcApzJqAqsu14qsgAHoXCI13ufDQy
+nEvRFMxTAZ2X6XVu5AUyuUv2fxQRciiN24gYnAocC7mwUbZ2tpilxemj/e+/0M+p
+l10m8kgAT0R/rwRlDrP/W8QxnEl3Wl0iflq3SeDqwGV5iR2tUkSO4/4qEwDcXOsp
+UVmfkwQYYbv1SGtRUqoy/UFdgHJjLZnVfN9dPWR7LoHeQKvARJS6QD92HrBk1i4A
+0xXeAGlSUCz5QyjBrM7Un5FonOjZEHYm5HC3NmPcVfEZ1n45BmEixwmJCki1fze1
++6xW
+-----END CERTIFICATE-----