aboutsummaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
diff options
context:
space:
mode:
authorTomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>2021-01-14 17:03:31 +0100
committerChristophe Closset <christophe.closset@intl.att.com>2021-01-19 13:48:17 +0000
commit5b9a4251a7bce56895ca80b867ee7537e7382320 (patch)
tree6d09cf14e50b0007e97bbcf9a44e7e5ce3ab63e1 /openecomp-be/backend/openecomp-sdc-vendor-software-product-manager
parentf3b0ef4dc7cc21b273ea160781b5170b2d105e1a (diff)
Fix signature validation in SDC (PNF package onboarding)
Change-Id: Ief8bf62e48a23a091e9084333c2523d8490fdcd2 Issue-ID: SDC-3386 Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java119
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java179
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv4.cms80
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert20
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cert58
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cms31
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private1.key28
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private2.key28
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package1.cert20
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package2.cert20
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert99
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca1.crt82
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca2.crt82
13 files changed, 650 insertions, 196 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
index 6fae6f0e72..56d0142e3b 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -20,23 +20,15 @@
package org.openecomp.sdc.vendorsoftwareproduct.security;
import com.google.common.collect.ImmutableSet;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+
+import java.io.*;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
-import java.security.PublicKey;
import java.security.Security;
-import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
-import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
@@ -49,7 +41,12 @@ import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
+import java.util.function.Predicate;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
import java.util.Set;
+
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
@@ -77,6 +74,7 @@ public class SecurityManager {
private Logger logger = LoggerFactory.getLogger(SecurityManager.class);
private Set<X509Certificate> trustedCertificates = new HashSet<>();
+ private Set<X509Certificate> trustedCertificatesFromPackage = new HashSet<>();
private File certificateDirectory;
static {
@@ -113,7 +111,7 @@ public class SecurityManager {
* @return set of trustedCertificates
* @throws SecurityManagerException
*/
- public Set<X509Certificate> getTrustedCertificates() throws SecurityManagerException {
+ public Set<X509Certificate> getTrustedCertificates() throws SecurityManagerException, FileNotFoundException {
//if file number in certificate directory changed reload certs
String[] certFiles = certificateDirectory.list();
if (certFiles == null) {
@@ -124,6 +122,10 @@ public class SecurityManager {
trustedCertificates = new HashSet<>();
processCertificateDir();
}
+ if (!trustedCertificatesFromPackage.isEmpty()) {
+ return Stream.concat(trustedCertificatesFromPackage.stream(), trustedCertificates.stream())
+ .collect(Collectors.toUnmodifiableSet());
+ }
return ImmutableSet.copyOf(trustedCertificates);
}
@@ -146,7 +148,7 @@ public class SecurityManager {
public boolean verifySignedData(final byte[] messageSyntaxSignature, final byte[] packageCert,
final byte[] innerPackageFile) throws SecurityManagerException {
try (ByteArrayInputStream signatureStream = new ByteArrayInputStream(messageSyntaxSignature);
- final PEMParser pemParser = new PEMParser(new InputStreamReader(signatureStream))) {
+ final PEMParser pemParser = new PEMParser(new InputStreamReader(signatureStream))) {
final Object parsedObject = pemParser.readObject();
if (!(parsedObject instanceof ContentInfo)) {
throw new SecurityManagerException("Signature is not recognized");
@@ -158,17 +160,17 @@ public class SecurityManager {
final Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
final SignerInformation firstSigner = signers.iterator().next();
final X509Certificate cert;
+ Collection<X509CertificateHolder> certs;
if (packageCert == null) {
- final Collection<X509CertificateHolder> firstSignerCertificates = signedData.getCertificates()
- .getMatches(firstSigner.getSID());
- if (!firstSignerCertificates.iterator().hasNext()) {
- throw new SecurityManagerException(
- "No certificate found in cms signature that should contain one!");
- }
- cert = loadCertificate(firstSignerCertificates.iterator().next().getEncoded());
+ certs = signedData.getCertificates().getMatches(null);
+ cert = readSignCert(certs, firstSigner).orElseThrow(() -> new SecurityManagerException(
+ "No certificate found in cms signature that should contain one!"));
} else {
- cert = loadCertificate(packageCert);
+ certs = parseCertsFromPem(packageCert);
+ cert = readSignCert(certs, firstSigner).orElseThrow(() -> new SecurityManagerException(
+ "No matching certificate found in certificate file that should contain one!"));
}
+ trustedCertificatesFromPackage = readTrustedCerts(certs, firstSigner);
if (verifyCertificate(cert, getTrustedCertificates()) == null) {
return false;
@@ -183,7 +185,36 @@ public class SecurityManager {
}
}
- private void processCertificateDir() throws SecurityManagerException {
+ private Optional<X509Certificate> readSignCert(final Collection<X509CertificateHolder> certs, final SignerInformation firstSigner) {
+ return certs.stream()
+ .filter(crt -> firstSigner.getSID().match(crt))
+ .findAny()
+ .map(this::loadCertificate);
+ }
+
+ private Set<X509Certificate> readTrustedCerts(final Collection<X509CertificateHolder> certs, final SignerInformation firstSigner) {
+ return certs.stream()
+ .filter(crt -> !firstSigner.getSID().match(crt))
+ .map(this::loadCertificate)
+ .filter(Predicate.not(this::isSelfSigned))
+ .collect(Collectors.toSet());
+ }
+
+ private Set<X509CertificateHolder> parseCertsFromPem(final byte[] packageCert) throws IOException {
+ final ByteArrayInputStream packageCertStream = new ByteArrayInputStream(packageCert);
+ final PEMParser pemParser = new PEMParser(new InputStreamReader(packageCertStream));
+ Object readObject = pemParser.readObject();
+ Set<X509CertificateHolder> allCerts = new HashSet<>();
+ while (readObject != null) {
+ if (readObject instanceof X509CertificateHolder) {
+ allCerts.add((X509CertificateHolder) readObject);
+ }
+ readObject = pemParser.readObject();
+ }
+ return allCerts;
+ }
+
+ private void processCertificateDir() throws SecurityManagerException, FileNotFoundException {
if (!certificateDirectory.exists() || !certificateDirectory.isDirectory()) {
logger.error("Issue with certificate directory, check if exists!");
return;
@@ -207,27 +238,30 @@ public class SecurityManager {
return new File(certDirLocation);
}
- private X509Certificate loadCertificate(File certFile) throws SecurityManagerException {
- try (InputStream fileInputStream = new FileInputStream(certFile)) {
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
- return (X509Certificate) factory.generateCertificate(fileInputStream);
- } catch (CertificateException | IOException e) {
- throw new SecurityManagerException("Error during loading Certificate file!", e);
+ private X509Certificate loadCertificate(File certFile) throws SecurityManagerException, FileNotFoundException {
+ return loadCertificateFactory(new FileInputStream(certFile));
+ }
+
+ private X509Certificate loadCertificate(X509CertificateHolder cert) {
+ try {
+ return loadCertificateFactory(new ByteArrayInputStream(cert.getEncoded()));
+ } catch (IOException | SecurityManagerException e) {
+ throw new RuntimeException("Error during loading Certificate from bytes!", e);
}
}
- private X509Certificate loadCertificate(byte[] certFile) throws SecurityManagerException {
- try (InputStream in = new ByteArrayInputStream(certFile)) {
+ private X509Certificate loadCertificateFactory(InputStream in) throws SecurityManagerException {
+ try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return (X509Certificate) factory.generateCertificate(in);
- } catch (CertificateException | IOException e) {
+ } catch (CertificateException e) {
throw new SecurityManagerException("Error during loading Certificate from bytes!", e);
}
}
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert,
Set<X509Certificate> additionalCerts)
- throws GeneralSecurityException, SecurityManagerException {
+ throws GeneralSecurityException, SecurityManagerException {
if (null == cert) {
throw new SecurityManagerException("The certificate is empty!");
}
@@ -256,7 +290,7 @@ public class SecurityManager {
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert,
Set<X509Certificate> allTrustedRootCerts,
Set<X509Certificate> allIntermediateCerts)
- throws GeneralSecurityException {
+ throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
@@ -286,14 +320,14 @@ public class SecurityManager {
pkixParams.addCertStore(createCertStore(allTrustedRootCerts));
CertPathBuilder builder = CertPathBuilder
- .getInstance(CertPathBuilder.getDefaultType(), BouncyCastleProvider.PROVIDER_NAME);
+ .getInstance(CertPathBuilder.getDefaultType(), BouncyCastleProvider.PROVIDER_NAME);
return (PKIXCertPathBuilderResult) builder.build(pkixParams);
}
private CertStore createCertStore(Set<X509Certificate> certificateSet) throws InvalidAlgorithmParameterException,
- NoSuchAlgorithmException, NoSuchProviderException {
+ NoSuchAlgorithmException, NoSuchProviderException {
return CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificateSet),
- BouncyCastleProvider.PROVIDER_NAME);
+ BouncyCastleProvider.PROVIDER_NAME);
}
private boolean isExpired(X509Certificate cert) {
@@ -309,18 +343,7 @@ public class SecurityManager {
return false;
}
- private boolean isSelfSigned(Certificate cert)
- throws CertificateException, NoSuchAlgorithmException,
- NoSuchProviderException {
- try {
- // Try to verify certificate signature with its own public key
- PublicKey key = cert.getPublicKey();
- cert.verify(key);
- return true;
- } catch (SignatureException | InvalidKeyException e) {
- logger.error(e.getMessage(), e);
- //not self-signed
- return false;
- }
+ private boolean isSelfSigned(X509Certificate cert) {
+ return cert.getIssuerDN().equals(cert.getSubjectDN());
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index 7c5cb662c7..0ed871d47c 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,9 +21,10 @@
package org.openecomp.sdc.vendorsoftwareproduct.security;
import org.apache.commons.io.FileUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
import java.io.File;
import java.io.IOException;
@@ -36,32 +37,42 @@ import static junit.framework.TestCase.assertTrue;
public class SecurityManagerTest {
private File certDir;
+ private String cerDirPath = "/tmp/cert/";
private SecurityManager securityManager;
- @Before
+ private File PrepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
+ File origFile = new File(getClass().getResource(origFilePath).toURI());
+ File newFile = new File(newFilePath);
+ newFile.createNewFile();
+ FileUtils.copyFile(origFile, newFile);
+ return newFile;
+ }
+
+ private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
+ return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
+ }
+
+ @BeforeEach
public void setUp() throws IOException {
- certDir = new File("/tmp/cert");
- if(certDir.exists()){
+ certDir = new File(cerDirPath);
+ if (certDir.exists()) {
tearDown();
}
certDir.mkdirs();
securityManager = new SecurityManager(certDir.getPath());
}
- @After
+ @AfterEach
public void tearDown() throws IOException {
- if(certDir.exists()) {
+ if (certDir.exists()) {
FileUtils.deleteDirectory(certDir);
}
securityManager.cleanTrustedCertificates();
}
@Test
- public void testGetCertificates() throws IOException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root-certificate.pem");
- File newFile = new File("/tmp/cert/root-certificate.pem");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
+ public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
+ File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
assertEquals(0, securityManager.getTrustedCertificates().size());
@@ -73,26 +84,22 @@ public class SecurityManagerTest {
assertEquals(0, securityManager.getTrustedCertificates().size());
}
- @Test(expected = SecurityManagerException.class)
+ @Test
public void testGetCertificatesException() throws IOException, SecurityManagerException {
- File newFile = new File("/tmp/cert/root-certificate.pem");
- newFile.createNewFile();
- assertEquals(1, securityManager.getTrustedCertificates().size());
- newFile.delete();
- assertEquals(0, securityManager.getTrustedCertificates().size());
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ File newFile = new File(cerDirPath + "root-certificate.pem");
+ newFile.createNewFile();
+ assertEquals(1, securityManager.getTrustedCertificates().size());
+ newFile.delete();
+ assertEquals(0, securityManager.getTrustedCertificates().size());
+ });
}
@Test
- public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root-certificate.pem");
- File newFile = new File("/tmp/cert/root-certificate.pem");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
+ public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
+ File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
assertTrue(securityManager.getTrustedCertificates().size() == 1);
- File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
- File otherNewFile = new File("/tmp/cert/package-certificate.pem");
- newFile.createNewFile();
- FileUtils.copyFile(otherOrigFile, otherNewFile);
+ File otherNewFile = PrepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
assertEquals(2, securityManager.getTrustedCertificates().size());
otherNewFile.delete();
assertEquals(1, securityManager.getTrustedCertificates().size());
@@ -102,58 +109,94 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root.cert");
- File newFile = new File("/tmp/cert/root.cert");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
- byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.cms").toURI()));
- byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
assertTrue(securityManager.verifySignedData(signature, null, archive));
}
- @Test(expected = SecurityManagerException.class)
+ @Test
public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root.cert");
- File newFile = new File("/tmp/cert/root.cert");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
- byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
- byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
- securityManager.verifySignedData(signature, null, archive);
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ securityManager.verifySignedData(signature, null, archive);
+ });
+
}
@Test
public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root.cert");
- File newFile = new File("/tmp/cert/root.cert");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
- byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
- byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
- byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
assertTrue(securityManager.verifySignedData(signature, cert, archive));
}
- @Test(expected = SecurityManagerException.class)
+ @Test
+ public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ PrepareCertFiles("/cert/signing-ca2.crt", cerDirPath + "signing-ca2.crt");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
+ assertTrue(securityManager.verifySignedData(signature, cert, archive));
+ }
+
+ @Test
+ public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
+ securityManager.verifySignedData(signature, cert, archive);
+ });
+
+ }
+
+ @Test
+ public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
+ assertTrue(securityManager.verifySignedData(signature, null, archive));
+ }
+
+ @Test
+ public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
+ assertTrue(securityManager.verifySignedData(signature, cert, archive));
+ }
+
+ @Test
public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root-certificate.pem");
- File newFile = new File("/tmp/cert/root-certificate.cert");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
- byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
- byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
- byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
- securityManager.verifySignedData(signature, cert, archive);
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
+ byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
+ byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
+ securityManager.verifySignedData(signature, cert, archive);
+ });
+
}
- @Test(expected = SecurityManagerException.class)
+ @Test
public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
- File origFile = new File("src/test/resources/cert/root.cert");
- File newFile = new File("/tmp/cert/root.cert");
- newFile.createNewFile();
- FileUtils.copyFile(origFile, newFile);
- byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.cms").toURI()));
- byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.csar").toURI()));
- securityManager.verifySignedData(signature, null, archive);
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
+ byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
+ securityManager.verifySignedData(signature, null, archive);
+ });
+
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv4.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv4.cms
index 2a8a7b54bf..6098f22593 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv4.cms
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/2-file-signed-package/dummyPnfv4.cms
@@ -1,34 +1,56 @@
-----BEGIN CMS-----
-MIIFzQYJKoZIhvcNAQcCoIIFvjCCBboCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
-hvcNAQcBoIIDJDCCAyAwggIIAgkA1fOx4pBO5yQwDQYJKoZIhvcNAQELBQAwUjEL
-MAkGA1UEBhMCSUUxEjAQBgNVBAgMCVdlc3RtZWF0aDEQMA4GA1UEBwwHQXRobG9u
-ZTEMMAoGA1UECgwDRVNZMQ8wDQYDVQQLDAZUZWNobm8wHhcNMTkwNDMwMDk0MzA4
-WhcNMjkwNDI3MDk0MzA4WjBSMQswCQYDVQQGEwJJRTESMBAGA1UECAwJV2VzdG1l
-YXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQKDANFU1kxDzANBgNVBAsMBlRl
-Y2hubzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMagTjuhg4JMK1qq
-2lvWYSYd6obluvrfSh8t8qEN6HyE9OOSZ+GP5JEj5Jv2s3HwMMx8Ld/j5xauEIph
-Xudjx6JXSybVq7CB6meHqTm6zaojOk8FqQGqhfArFDboYX2OPCAGMgx9+o8+xeQQ
-SlwxurLTjxKwiZUSnWd0WaK6Eah+lkrRcKeN//PPJuHOtb5eBTgFE3rlOYmTYGIB
-fmXRrKT87K/HUKtp56KHUHtdwU7siqFZH1snNSSzG1Qf9Xtc5Lp8D+fkEW8BDYME
-JL+94+QRbBemCqIV1hQsoSSFZGhITqIwhWTzLgXmS7fM/M9F6C8w7p+kRh3j+omp
-33kzM6cCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAcJvsuyTj7GZBm/Y3Xlc4XU6j
-LLlEIyGmnzqU5o87AbtKEfq/MxbpYDHwEA4FkQzwAdFbHO3/zrUoQ1RwArXVpdk+
-AaQL7kyVu+y69mh7dFMzYHpala/47Rrz7cSRWhArhHzTVYBJkVaPo00aJXLF2LeD
-qmxJI75YQ/qT4elUMmMGQt9RUkSHQCqxCWWYlWCFdAJouLXFAPd22BFVyETokVOT
-84ajB1y+LDBUX3gBg44fcdQaAyYmSl9Rfaur0VzppzghBHivsJ0K8RmjPZjQqRWI
-NQwRKUKdDV/pZTL1OcQG2uJDhXV71Yb8DH7KD1FuuVL0LQjT9nYxJ1INqovdPjGC
-Am8wggJrAgEBMF8wUjELMAkGA1UEBhMCSUUxEjAQBgNVBAgMCVdlc3RtZWF0aDEQ
-MA4GA1UEBwwHQXRobG9uZTEMMAoGA1UECgwDRVNZMQ8wDQYDVQQLDAZUZWNobm8C
-CQDV87HikE7nJDALBglghkgBZQMEAgGggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
-DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwNDMwMDk0NTQ4WjAvBgkqhkiG9w0BCQQx
+MIIJ7QYJKoZIhvcNAQcCoIIJ3jCCCdoCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBoIIHEDCCAzkwggIhAhQlYYBMA/D1rLopIQb8Nlq4Tk5azDANBgkqhkiG
+9w0BAQsFADB6MRMwEQYKCZImiZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYG
+c2ltcGxlMRMwEQYDVQQKDApTaW1wbGUgSW5jMRowGAYDVQQLDBFTaW1wbGUgU2ln
+bmluZyBDQTEaMBgGA1UEAwwRU2ltcGxlIFNpZ25pbmcgQ0EwHhcNMjEwMTE0MTEy
+MTU3WhcNMjEwMjEzMTEyMTU3WjA4MQswCQYDVQQGEwJQTDEMMAoGA1UECAwDU0lM
+MQwwCgYDVQQHDANXUk8xDTALBgNVBAoMBE5PSzEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCh9XoFXEIOosrdtgMrTBD1SkLGyuaLNOhRxCT5iPDuiQdR
+g8yLBQQHZv8nUQG7VXICJjgdfoVaO/sic+683RwXb3HFmxI3/Q1zZ8K6aPL5zTZs
+gJKf/31Z/ZnEyLO2zYknVGSlQGj/r8/pSC7HqoGljzpH+nYyN7e8WxfWnbLn4/jT
+uqA9afJmuvrbacI8LnaH18HIAf3LpsCXh1ullVBFonvz19mKmJLAhdFXbp/65eyh
+x2hwuzdG0EeA4eXIHiOyw6XI2MqkwWMGcwHC4iY0MZi9OYBm6oGRzSakBVHylD8+
+kqnG4zV8ELZPorG/P7x4/U8D7zx3Ni0d0uRDTGI9AgMBAAEwDQYJKoZIhvcNAQEL
+BQADggEBAAAa/cchx4I93RfYRZBcc1cpfRoyxgZSDWPUGgMYmJka6atwVCA5lm6R
+VGXqsWMZQOfIXC8bys2h6cfJjWqcoOr9yKARFcl5jGIsizkheLHCOUpS0KOjWRc2
+aw5bcgocmg0J0InRAPMuzLZNj1rQP0U08bFakPnDkci5w+EHgtE64e1YsKiIH9zn
+mzZQPrIS0aEqYxM+FF8RX58pDadYwCoxIjKeG8rrTtPJ/m1soc8SjPzm5oIvFVuR
+P0B71mYg3xCLz/xT6mB1i4iCZSTnYimtZeB13o41ZUfRwiz1OR2Js0s0PyBIo7FG
+kwdHenly5OrgWrQj7nkEMYANqRBiOTQwggPPMIICt6ADAgECAgEDMA0GCSqGSIb3
+DQEBBQUAMHQxEzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZz
+aW1wbGUxEzARBgNVBAoMClNpbXBsZSBJbmMxFzAVBgNVBAsMDlNpbXBsZSBSb290
+IENBMRcwFQYDVQQDDA5TaW1wbGUgUm9vdCBDQTAeFw0yMTAxMTQxMTE2MDFaFw0z
+MTAxMTQxMTE2MDFaMHoxEzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/Is
+ZAEZFgZzaW1wbGUxEzARBgNVBAoMClNpbXBsZSBJbmMxGjAYBgNVBAsMEVNpbXBs
+ZSBTaWduaW5nIENBMRowGAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBANp72EBqP6zBjDTnK699SPPl66NiH6AF
+FxsAfwJfYYkPWo+2IdVGSriNdzDcSuN7b8shZJgHIJP7Cg0FzbXXiX8fzo9SX5Zi
+tPaTbJFCDKg3U/he4hT4g1/jmv0odYnuvrP4GmbMo2UTFXTZrhxuO9xxApC2j9h0
+JlZ2+q+oRJOdEt56I94Vp417VK3CphSjr0tzDH0HKXghhcZsRJ4xkemKtDfGY0jG
+QXgKn9QSdWXVoHJos3Epk3iUo5Z3Su9iuaj67BE45EkxAISJ8RGZbAI8an0c0GBL
+dV2DbQQVIEhQDhx8Vgp7L3ajLtCeLc9H/xejdi2N2P0jINgkm2Q6RFcCAwEAAaNm
+MGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE
+FC939g4q+VR0OqEHVGe4Zlz6rtcXMB8GA1UdIwQYMBaAFAgM0OVRW6bn6QfHaT66
+qzaji9NLMA0GCSqGSIb3DQEBBQUAA4IBAQBtVWuQZJEJc/s+IoUSjc/1jJDg7jSe
+dDDTDOn6XMm3XH4LazsAA+p7vP4ozJyhHgi0aaIRt/AjXjM/S+LrHSi370NouMrr
+o/uYkjvhqRiG/j1rLw31twkQ/maJowkp4i/VFu9elJYUEHkc9oLJgi27dpDx4C1n
+ARd7aYSDMYf3FqH5RiOcNoFRO4rCyQ7aqb9zqkb/XTU1NEv8Y8UDN44mosSV0FuU
+RpS/I+dL4HxIKAQTteexWV6F9CNjPfj11cqQ8iAlNoJQqHUX0LcyEp1uK/qZFWuf
+x8N/Lu5bGbe/9I6+eVCThwigIFzQRVwA5erEEkqxWfsko2+lzM5zwYesMYICozCC
+Ap8CAQEwgZIwejETMBEGCgmSJomT8ixkARkWA29yZzEWMBQGCgmSJomT8ixkARkW
+BnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UECwwRU2ltcGxlIFNp
+Z25pbmcgQ0ExGjAYBgNVBAMMEVNpbXBsZSBTaWduaW5nIENBAhQlYYBMA/D1rLop
+IQb8Nlq4Tk5azDALBglghkgBZQMEAgGggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
+DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMTE0MTQxOTIwWjAvBgkqhkiG9w0BCQQx
IgQg9ya6QcX9J6hp+zfK1gceoLlpApp92mfxGoX3eZ1dMUwweQYJKoZIhvcNAQkP
MWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggq
hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw
-DQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAro+kIUh55FUNdajxNoWo
-+795hI6XYi/O4B6aJOmBUmcRhlCw5hQBKkt/pRdySlh14b0v4GNC3Uon+3scNTMG
-eVluws0NDpZAihBqRswnvR/mVK0CLHR3uqFNU9la3sJgbBK2FUlf5nkNEPZtGhcQ
-192n+dYlOb9UCDaxW2sXcsMzHQw4r7FipjHzVSXvDmX0u6ZN/oIbXp51fsCsAYOY
-pgmCP600UGBNguiOnoFI+6l+TEGe5A8/DccRKfxWVYCopDYA8xd5A4b0tHh3dHJZ
-mjFgVwvJMUy3+q1M0mSVzkp5Sq6wlQTyzLDCf8SLHCwo/mXAQKCt8e5FxMEUS8Qd
-BA==
+DQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAL/PVtlfAYv69O5z6NiWA
+YNs8sY0wOnRvkT5s0axKKPuKd05RgT7WeyS/mPIcsnOO7zTVhdIMr5D6QukNHbat
+ZJByajttVthYhQZxwDjVvU79zjexolaQ++8f/6z7v5PGpbXN1SWN1G8uTlRJbXfb
+hv9qcNOre/CQMHXArFJsCoFObtjvx/80N+oPRtJPXbGyw/DJKUcQNvwtvHdAqzgw
+qVMJWCwowkjX/7M1+oV5t2sXEA83lk0V0P/JLCGH9gBJMqZlNjFf01beaL5+nrlg
+XQGqvbvy9XLdIP2pESr2YoX+gM6Uo0XX69aknU5/4ZjHuvZf8IRHizcZVOFJQaLj
+Lg==
-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert
new file mode 100644
index 0000000000..85b932e17b
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiECFFqXkiZIzIdNPTG62Jbr3Ub37ZuTMA0GCSqGSIb3DQEBCwUAMHox
+EzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZzaW1wbGUxEzAR
+BgNVBAoMClNpbXBsZSBJbmMxGjAYBgNVBAsMEVNpbXBsZSBTaWduaW5nIENBMRow
+GAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTAeFw0yMTAxMTQxMTMxMDhaFw0yMTAy
+MTMxMTMxMDhaMDgxCzAJBgNVBAYTAlBMMQwwCgYDVQQIDANTSUwxDDAKBgNVBAcM
+A1dSTzENMAsGA1UECgwETk9LMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALbulTgLmez9BZHSjMhUNaZURHe12RRAR9JoTTDUJkLr1WVMZRieFUC74PQP
+w51qVy/KAKs7uBUCkpVARcH3sRbdrTDmc3LanUy9hZqzeJdupi+Zp/RlvP+kXTji
+BX4E2hg2a3QBD/zNoBmvLWPTsYsNSxR5mxkm9pL6qFGI84D0l/FWs9jAa60UCBRM
+gIU70JGgU7jx99E6bPUU4Ruuywi8MZpCdW61apVQK1l2rLPSumLm13Ho4l2aI3L+
+bvTy7wzgtURnpHEnOvZUx7pSMwymPOjRvs58sgfQ6FZ0KMkixeHFKdcqwl+msTbN
+a/3nmqCYURmHsYXxaORCBlD3PHcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdBZd
+inECILJpNkfhU8ocqkh9s17KzGtoG/Ybo2LslD/dCXlbbC4rLJdsVaQXKp/j03xF
+ZftRj+NMjRatj9KJ1sibN7YNJDo7u3rk0oKSuMRx4FmI+IzKF8I9usg+CFgA1S+P
+4ndH+3THd9VPjIpuH8yjZ0lXDvqBubnKM11JmW2ljPS7UKPdTasFiIQkV8swVn6d
+3tHBsns/juvGUEDLTdO3lYDK0WEr8pKr+Cj0hcmOZoV8YxBnw402X0g35tzNTAH7
+BhUuGhjRsUksSRPdYjZRjLm/ieIf5huAcWLtEyPDmiHFyNTEDIbSLYncfNDcTsQZ
+NSqYN8Ixin+/mpN86g==
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cert
index fa70b69c87..7d03a59add 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cert
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cert
@@ -1,19 +1,43 @@
-----BEGIN CERTIFICATE-----
-MIIDIDCCAggCCQDV87HikE7nJDANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJJ
-RTESMBAGA1UECAwJV2VzdG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQK
-DANFU1kxDzANBgNVBAsMBlRlY2hubzAeFw0xOTA0MzAwOTQzMDhaFw0yOTA0Mjcw
-OTQzMDhaMFIxCzAJBgNVBAYTAklFMRIwEAYDVQQIDAlXZXN0bWVhdGgxEDAOBgNV
-BAcMB0F0aGxvbmUxDDAKBgNVBAoMA0VTWTEPMA0GA1UECwwGVGVjaG5vMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqBOO6GDgkwrWqraW9ZhJh3qhuW6
-+t9KHy3yoQ3ofIT045Jn4Y/kkSPkm/azcfAwzHwt3+PnFq4QimFe52PHoldLJtWr
-sIHqZ4epObrNqiM6TwWpAaqF8CsUNuhhfY48IAYyDH36jz7F5BBKXDG6stOPErCJ
-lRKdZ3RZoroRqH6WStFwp43/888m4c61vl4FOAUTeuU5iZNgYgF+ZdGspPzsr8dQ
-q2nnoodQe13BTuyKoVkfWyc1JLMbVB/1e1zkunwP5+QRbwENgwQkv73j5BFsF6YK
-ohXWFCyhJIVkaEhOojCFZPMuBeZLt8z8z0XoLzDun6RGHeP6ianfeTMzpwIDAQAB
-MA0GCSqGSIb3DQEBCwUAA4IBAQBwm+y7JOPsZkGb9jdeVzhdTqMsuUQjIaafOpTm
-jzsBu0oR+r8zFulgMfAQDgWRDPAB0Vsc7f/OtShDVHACtdWl2T4BpAvuTJW77Lr2
-aHt0UzNgelqVr/jtGvPtxJFaECuEfNNVgEmRVo+jTRolcsXYt4OqbEkjvlhD+pPh
-6VQyYwZC31FSRIdAKrEJZZiVYIV0Ami4tcUA93bYEVXIROiRU5PzhqMHXL4sMFRf
-eAGDjh9x1BoDJiZKX1F9q6vRXOmnOCEEeK+wnQrxGaM9mNCpFYg1DBEpQp0NX+ll
-MvU5xAba4kOFdXvVhvwMfsoPUW65UvQtCNP2djEnUg2qi90+
+MIIDOTCCAiECFFqXkiZIzIdNPTG62Jbr3Ub37ZuTMA0GCSqGSIb3DQEBCwUAMHox
+EzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZzaW1wbGUxEzAR
+BgNVBAoMClNpbXBsZSBJbmMxGjAYBgNVBAsMEVNpbXBsZSBTaWduaW5nIENBMRow
+GAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTAeFw0yMTAxMTQxMTMxMDhaFw0yMTAy
+MTMxMTMxMDhaMDgxCzAJBgNVBAYTAlBMMQwwCgYDVQQIDANTSUwxDDAKBgNVBAcM
+A1dSTzENMAsGA1UECgwETk9LMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALbulTgLmez9BZHSjMhUNaZURHe12RRAR9JoTTDUJkLr1WVMZRieFUC74PQP
+w51qVy/KAKs7uBUCkpVARcH3sRbdrTDmc3LanUy9hZqzeJdupi+Zp/RlvP+kXTji
+BX4E2hg2a3QBD/zNoBmvLWPTsYsNSxR5mxkm9pL6qFGI84D0l/FWs9jAa60UCBRM
+gIU70JGgU7jx99E6bPUU4Ruuywi8MZpCdW61apVQK1l2rLPSumLm13Ho4l2aI3L+
+bvTy7wzgtURnpHEnOvZUx7pSMwymPOjRvs58sgfQ6FZ0KMkixeHFKdcqwl+msTbN
+a/3nmqCYURmHsYXxaORCBlD3PHcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdBZd
+inECILJpNkfhU8ocqkh9s17KzGtoG/Ybo2LslD/dCXlbbC4rLJdsVaQXKp/j03xF
+ZftRj+NMjRatj9KJ1sibN7YNJDo7u3rk0oKSuMRx4FmI+IzKF8I9usg+CFgA1S+P
+4ndH+3THd9VPjIpuH8yjZ0lXDvqBubnKM11JmW2ljPS7UKPdTasFiIQkV8swVn6d
+3tHBsns/juvGUEDLTdO3lYDK0WEr8pKr+Cj0hcmOZoV8YxBnw402X0g35tzNTAH7
+BhUuGhjRsUksSRPdYjZRjLm/ieIf5huAcWLtEyPDmiHFyNTEDIbSLYncfNDcTsQZ
+NSqYN8Ixin+/mpN86g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBBDANBgkqhkiG9w0BAQUFADB0MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2ltcGxlIFJv
+b3QgQ0EwHhcNMjEwMTE0MTEyOTM4WhcNMzEwMTE0MTEyOTM4WjB6MRMwEQYKCZIm
+iZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApT
+aW1wbGUgSW5jMRowGAYDVQQLDBFTaW1wbGUgU2lnbmluZyBDQTEaMBgGA1UEAwwR
+U2ltcGxlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC3pEswhtivkFvXovmrNB3dCkC1ETozigHRJBheCq2k0s23D0YWWrVc3dkQz7Vq
+FOgjwzX3hS+CE34DdijBfd3tO3izTrisuIeXLCFn41t0wYfRvLoe85iO6xaQCU/6
+u9KS/Hd5dJ7eQU4+/cxcCDPUWPdEXIZixI1wwaHnhwoLahYH2mb/uxu+Gw4UJaA2
+1OVjsqX9COdPxE7Ud9soXVnNwAVVwgCdRJS0950y0jz5G6TKgIXCFDYk8l9QszM+
+7J5YcZTVPdGX973MpaoRajg7xv+rooGrZ/IQzUN5dQnDkyIQW1g0u9QX7CuQonob
+aKveJTRwSBkpV+7k+C52B1blAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNV
+HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQlwJ5evFvKOiIAbDQoMd3mGKu2vjAf
+BgNVHSMEGDAWgBQIDNDlUVum5+kHx2k+uqs2o4vTSzANBgkqhkiG9w0BAQUFAAOC
+AQEAQBZLEeLU8u3nsgRvOg5mLUVLPpUnRw41fRTHQL/Onf0lYAONT32KfB8R+Ewn
+4QxyPD/vFaw8t5zTgelYf77mjproExJoLC6mdUXVkew6P5VgK1k2b+pojAFLlq0c
+RSD+Ydv9DMNqhHJHjvVgdpiQACehZRWVaaMcqUhrlk4Tk1Sn+1yTS8aUl58JNnC2
+esy2HY0eDbNUEal6q+yAdukU4qiZy09/WO9l5/72tTFFnmnH9k2oM9kV1+Eck/8D
+db5TjKkC8ufDCwb2coMyVdqsj1ytPQ2g4ofSu2+wBwruvStaCRCcORpmboa+MM55
+3EAieMqi+0Q7+VugRZ19mT9mPg==
-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cms
index 12c847180d..5c0239a84d 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cms
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/3-file-signed-package/dummyPnfv4.cms
@@ -1,17 +1,18 @@
-----BEGIN CMS-----
-MIICpQYJKoZIhvcNAQcCoIICljCCApICAQExDTALBglghkgBZQMEAgEwCwYJKoZI
-hvcNAQcBMYICbzCCAmsCAQEwXzBSMQswCQYDVQQGEwJJRTESMBAGA1UECAwJV2Vz
-dG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMQwwCgYDVQQKDANFU1kxDzANBgNVBAsM
-BlRlY2hubwIJANXzseKQTuckMAsGCWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMx
-CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTA0MzAwOTQzMjFaMC8GCSqG
-SIb3DQEJBDEiBCD3JrpBxf0nqGn7N8rWBx6guWkCmn3aZ/Eahfd5nV0xTDB5Bgkq
-hkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUD
-BAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAH
-BgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQBN5EhIHoiC
-eiuqVFxowatLjDatpH9+el/huNbfgWyS/P0X1j95XYgQgnuWeHNmYJtr/L5ph1+9
-YDyxmY2QEmmO66RGIUJ2rMY2q02vWrw4yZHRsQNUm0PmutkYCoMvoNODH8cbisKy
-dX9Z9XdrnXOZb6PX0XBJubPKRV3x3/gQ2EEBWaXv5tu8/gV7QbUK37QhQsmKg5d8
-o4elpvWPlzWIk8O1Is+0I44zkHAyMwqFuUQMB+RaVq8GovpDKN+wwQvGRfb3uuNc
-2uxlOYBbxJMH6wdzFQH/B8+eUnUFhd4Ijdc0iChabJC6u2WbPxkUPwegR6Y3uXGZ
-gueFNQ/LUIzE
+MIIC2QYJKoZIhvcNAQcCoIICyjCCAsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICozCCAp8CAQEwgZIwejETMBEGCgmSJomT8ixkARkWA29yZzEWMBQG
+CgmSJomT8ixkARkWBnNpbXBsZTETMBEGA1UECgwKU2ltcGxlIEluYzEaMBgGA1UE
+CwwRU2ltcGxlIFNpZ25pbmcgQ0ExGjAYBgNVBAMMEVNpbXBsZSBTaWduaW5nIENB
+AhRal5ImSMyHTT0xutiW691G9+2bkzALBglghkgBZQMEAgGggeQwGAYJKoZIhvcN
+AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMTE0MTIxOTU4WjAv
+BgkqhkiG9w0BCQQxIgQg9ya6QcX9J6hp+zfK1gceoLlpApp92mfxGoX3eZ1dMUww
+eQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCG
+SAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC
+AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAdOCW
+TAQvGstVNgytaVTikXWUmqFC5dNq96cDKCfyNYLeaXg2ZqSmzyhyfFz4pChmaG2P
+hO9kP/6LilD2+wJj4tvhRB5eLmO6Sl13aPwx5VtJme1gvITjP7/z92ttbljhW1GT
+8ElGawnF9XjkqXI+S1S9YWdqR/SzSc4SVFcAoq7QEtg8l1XPQqsShOP8vmL0oc/D
+TXnxEtmVyxGjPnqrWFYsJTrzhKTpQ/ITsaz++lULrFInUsOeQ/MhncJXfisxbWGA
+qUekLoGiDqaFDqd4wgH0p6CHtay/F5JIgpYD7raFBsODXDzpzE/GUhmOXN0R9sPo
+Da6b0nclWuKmkHdI1A==
-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private1.key b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private1.key
new file mode 100644
index 0000000000..28ab7a998c
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private1.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCh9XoFXEIOosrd
+tgMrTBD1SkLGyuaLNOhRxCT5iPDuiQdRg8yLBQQHZv8nUQG7VXICJjgdfoVaO/si
+c+683RwXb3HFmxI3/Q1zZ8K6aPL5zTZsgJKf/31Z/ZnEyLO2zYknVGSlQGj/r8/p
+SC7HqoGljzpH+nYyN7e8WxfWnbLn4/jTuqA9afJmuvrbacI8LnaH18HIAf3LpsCX
+h1ullVBFonvz19mKmJLAhdFXbp/65eyhx2hwuzdG0EeA4eXIHiOyw6XI2MqkwWMG
+cwHC4iY0MZi9OYBm6oGRzSakBVHylD8+kqnG4zV8ELZPorG/P7x4/U8D7zx3Ni0d
+0uRDTGI9AgMBAAECggEAbzvcgV/60niGYj3G8W692uoU8Nmb+5Hr2XSgfG3MI9gj
+GZ4u1nAsczUPGx6s1M/7jHRZaBBkYDP/6Iq9NiOaTpIxDqnRmniHS3LBMCwybNS/
+g0fO7GqZ2jut55R8sZl6kHOK6GBTfQBwCGWWE3YMsvuq6JKhqR3RaGEb/z+yB0bY
+wsnfxgaD4/ZkNpxR0ybtZSlYE4Oo8kfMfx9AXZZdJW3vgblcKCZZFJiBPPiznH02
+SS6ETOlNo2YU5gO+IQraaBIPpjE0cICIoHLGGfvBFn3eI1ujWVo45JZoLdir1jd+
+kWKg26+TMvuLDkEcAPqNVm0bkv5aFQc3bL88hfYVFQKBgQDUkWflM+05rHTrNB6z
+lUfNHG2fFOUr4aX2tY1dlPMUTY9KjDoP2EDBG0HdohkeoRCl9fDp6qUKpScexI4w
+kkmP4C0ak1WLBBqFJb+QOwd3X4SeBj4Oa3v6V/N5n+49FXOWuRvmrnO2Nodq67+/
+JueGtfVn4BY9jsQSeNr3LeM+5wKBgQDDDOiDbN5wYUNBlveP8XREGhuLWbZYf2jQ
+cNv7gDZt4jqUS5PnV7oY+/NyRnThQJ8WO/i5e8/Cjj7IvdMof0GPCL9Y9WMQqW74
+ICpcOghzJ/goqDf++yH8Bok133DWdJtFRnIAEcARIUqVe30bFu8KaW7kYYpU3d73
+Rijnwk6lOwKBgGSGczzIhsp8jTpiBpbk5PTSGeFej1ZmOwdmKnl0JFSYrUgS8q5l
+lZH9IvP+YaTDhM0HdywYRH65RbveNmQv+kvpN0tXG+BHS4dmJ6a807YXXO8igpxt
+Jk9o4oLFKHSIvYYs+k3oeF5WgUoGPULX0iw5xtmd9sabyov1zY+RiuNHAoGAWt83
+sItXMtpNoFA6dGiUt2nGbWzVhHOPnJUIGCtKsHUWv6JafQylGiC/8fybVZpqw8wa
+/CePyt/Epnex2gs3uvDjXQmuJsQZfCZYNfGfoC798cs1k2jjE2zkHiJEitV2xZal
+ZBzg89ojynLm/Wj440vtqx86eIGJ8IBSbG9dfqMCgYEA0oxTHu1ETUrbriCi3ujf
+PilUHoanvHAaiLV1b3TR6+WkN6zioCLuOQglkKMBSBc5DjFcm5POmQRHtN9RqdhR
+JbI16VZ29e+fF330YF4aq4nnHQ++/B0jea2DIWte0mQmFPIDyzWWRRioiBbPhE+P
+mSH5W/dtbX46Hd5iXrf8844=
+-----END PRIVATE KEY-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private2.key b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private2.key
new file mode 100644
index 0000000000..8894bdb7ee
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-private2.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC27pU4C5ns/QWR
+0ozIVDWmVER3tdkUQEfSaE0w1CZC69VlTGUYnhVAu+D0D8OdalcvygCrO7gVApKV
+QEXB97EW3a0w5nNy2p1MvYWas3iXbqYvmaf0Zbz/pF044gV+BNoYNmt0AQ/8zaAZ
+ry1j07GLDUsUeZsZJvaS+qhRiPOA9JfxVrPYwGutFAgUTICFO9CRoFO48ffROmz1
+FOEbrssIvDGaQnVutWqVUCtZdqyz0rpi5tdx6OJdmiNy/m708u8M4LVEZ6RxJzr2
+VMe6UjMMpjzo0b7OfLIH0OhWdCjJIsXhxSnXKsJfprE2zWv955qgmFEZh7GF8Wjk
+QgZQ9zx3AgMBAAECggEAMLR7JE3qcK+5UOb3Nss88YkUJa9UGdE3jizZCHwjp8O0
+sGDTtec5D2A2d6TO11Wd2wp0fSLMU0O5FWXkbM1u6ACjgRaKfHT6VplLPjI0lFUQ
+iDHoBukjlgkEDQYYokHWc4XhvCQgRpXU36HFewO9DKHAcLYj9mFqWx3DvNmyw41n
++FvclDx5gZ392MehV0m2wp3ZBihaAqkW6lG8fLusbJahCzOpvBA8dlqwaclJ47HD
+vfRC0iHHI03y0P6Uegy4tpTv0Q7xhIP5LYRBal3vxpPIHLLcPPvaoo7ZhgZFal0E
+2T2gBCL5P8KV61pp0Tk5h4ShA7PJXt459rQ9ke72gQKBgQDzAK8looOydbPSqBgU
+s6YPUgawnPDcWPpejPwZFleHhaVzWq9Fgj7hOPszrbLKu+so1A7A7ylac11QUKY2
+ZqeG+d0/Re/bpQKdiFN92EybM/PzW10H/K5enEv9rJGehuS+rdNJuln1gj2oEIm0
+usQmMBi0QjgSfCVArOHv4Vi6NwKBgQDAt2FPY0cDCoSsv3jj9qEYWOY2SsVgu56X
+AV+PBA/mayx90HkpRFR9yn8mpD4/DuZM6jtT/hTL9ZtKqYy8w71CcBfzbxaqmNwK
+V6s+BPL5H9+gU5AxyEDqHioz4Bk2sjyhmaO3ro+NG3FutI6NQ3mujmz45haE9Szu
+gBVcz9NvwQKBgFYxce65fFk6orQf55rANjDM+Y5/vHeMIBKVk34ajKWHZC5Mhkrz
+bfZZTdEA1aBPk5QB09Hfgx2QOhMY6Dv3oYig7DdbST7xgsH57xN+O335qZgyWgdR
+O1BXxCSQp35BfrWb1owaS3pn3hLU+uNeM+EPwlN+AYGdA2GzcNizZ9N1AoGAI9Y2
+D0g73VHoaCNW/LVRMbDeZnwzBhD9pcEInxS3TDbj2CWbUlQ1jgrI6Eukk59Wrjjk
+fXMDNQZgMVskI7oWiLNFkOw4f9LbIEU7P9Y1xKPrtumzJ77Aa4jeejUTGzu70KU8
+b5zTbv8Kcfa7h4NjrlUn6IUI7QKWr2c8Eb1H6UECgYAY3WC6+vOnTD409pt8UzyN
+1eiQwAvIAFtfS1b1lg95pIZvC5BlSn3O/3LVSfo2dAIvH6i1UDfgHozxHt8sM0jQ
+FwuMsbW5L5yxktJg8hFBBpT+jYZpskbA/UhAgZSHV8ns4SAo5dlUY/ErG5S0TIXN
+Wx21/Sm4PMVUv/3gDJFdUQ==
+-----END PRIVATE KEY-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package1.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package1.cert
new file mode 100644
index 0000000000..fb41d2ff2e
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package1.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiECFCVhgEwD8PWsuikhBvw2WrhOTlrMMA0GCSqGSIb3DQEBCwUAMHox
+EzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZzaW1wbGUxEzAR
+BgNVBAoMClNpbXBsZSBJbmMxGjAYBgNVBAsMEVNpbXBsZSBTaWduaW5nIENBMRow
+GAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTAeFw0yMTAxMTQxMTIxNTdaFw0yMTAy
+MTMxMTIxNTdaMDgxCzAJBgNVBAYTAlBMMQwwCgYDVQQIDANTSUwxDDAKBgNVBAcM
+A1dSTzENMAsGA1UECgwETk9LMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKH1egVcQg6iyt22AytMEPVKQsbK5os06FHEJPmI8O6JB1GDzIsFBAdm/ydR
+AbtVcgImOB1+hVo7+yJz7rzdHBdvccWbEjf9DXNnwrpo8vnNNmyAkp//fVn9mcTI
+s7bNiSdUZKVAaP+vz+lILseqgaWPOkf6djI3t7xbF9adsufj+NO6oD1p8ma6+ttp
+wjwudofXwcgB/cumwJeHW6WVUEWie/PX2YqYksCF0Vdun/rl7KHHaHC7N0bQR4Dh
+5cgeI7LDpcjYyqTBYwZzAcLiJjQxmL05gGbqgZHNJqQFUfKUPz6SqcbjNXwQtk+i
+sb8/vHj9TwPvPHc2LR3S5ENMYj0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAABr9
+xyHHgj3dF9hFkFxzVyl9GjLGBlINY9QaAxiYmRrpq3BUIDmWbpFUZeqxYxlA58hc
+LxvKzaHpx8mNapyg6v3IoBEVyXmMYiyLOSF4scI5SlLQo6NZFzZrDltyChyaDQnQ
+idEA8y7Mtk2PWtA/RTTxsVqQ+cORyLnD4QeC0Trh7ViwqIgf3OebNlA+shLRoSpj
+Ez4UXxFfnykNp1jAKjEiMp4byutO08n+bWyhzxKM/Obmgi8VW5E/QHvWZiDfEIvP
+/FPqYHWLiIJlJOdiKa1l4HXejjVlR9HCLPU5HYmzSzQ/IEijsUaTB0d6eXLk6uBa
+tCPueQQxgA2pEGI5NA==
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package2.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package2.cert
new file mode 100644
index 0000000000..f45f6720f0
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package2.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOTCCAiECFFqXkiZIzIdNPTG62Jbr3Ub37ZuTMA0GCSqGSIb3DQEBCwUAMHox
+EzARBgoJkiaJk/IsZAEZFgNvcmcxFjAUBgoJkiaJk/IsZAEZFgZzaW1wbGUxEzAR
+BgNVBAoMClNpbXBsZSBJbmMxGjAYBgNVBAsMEVNpbXBsZSBTaWduaW5nIENBMRow
+GAYDVQQDDBFTaW1wbGUgU2lnbmluZyBDQTAeFw0yMTAxMTQxMTMxMDhaFw0yMTAy
+MTMxMTMxMDhaMDgxCzAJBgNVBAYTAlBMMQwwCgYDVQQIDANTSUwxDDAKBgNVBAcM
+A1dSTzENMAsGA1UECgwETk9LMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALbulTgLmez9BZHSjMhUNaZURHe12RRAR9JoTTDUJkLr1WVMZRieFUC74PQP
+w51qVy/KAKs7uBUCkpVARcH3sRbdrTDmc3LanUy9hZqzeJdupi+Zp/RlvP+kXTji
+BX4E2hg2a3QBD/zNoBmvLWPTsYsNSxR5mxkm9pL6qFGI84D0l/FWs9jAa60UCBRM
+gIU70JGgU7jx99E6bPUU4Ruuywi8MZpCdW61apVQK1l2rLPSumLm13Ho4l2aI3L+
+bvTy7wzgtURnpHEnOvZUx7pSMwymPOjRvs58sgfQ6FZ0KMkixeHFKdcqwl+msTbN
+a/3nmqCYURmHsYXxaORCBlD3PHcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdBZd
+inECILJpNkfhU8ocqkh9s17KzGtoG/Ybo2LslD/dCXlbbC4rLJdsVaQXKp/j03xF
+ZftRj+NMjRatj9KJ1sibN7YNJDo7u3rk0oKSuMRx4FmI+IzKF8I9usg+CFgA1S+P
+4ndH+3THd9VPjIpuH8yjZ0lXDvqBubnKM11JmW2ljPS7UKPdTasFiIQkV8swVn6d
+3tHBsns/juvGUEDLTdO3lYDK0WEr8pKr+Cj0hcmOZoV8YxBnw402X0g35tzNTAH7
+BhUuGhjRsUksSRPdYjZRjLm/ieIf5huAcWLtEyPDmiHFyNTEDIbSLYncfNDcTsQZ
+NSqYN8Ixin+/mpN86g==
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert
index ece4fb4b91..2a92193e2f 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root.cert
@@ -1,21 +1,82 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: DC=org, DC=simple, O=Simple Inc, OU=Simple Root CA, CN=Simple Root CA
+ Validity
+ Not Before: Jan 14 11:14:15 2021 GMT
+ Not After : Jan 14 11:14:15 2031 GMT
+ Subject: DC=org, DC=simple, O=Simple Inc, OU=Simple Root CA, CN=Simple Root CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:a4:7a:26:63:c1:d9:80:23:ea:c8:81:2e:2e:e2:
+ 77:be:37:c1:d6:8c:35:a4:3c:53:7c:e0:b1:b1:e1:
+ 9f:49:47:fe:e6:24:5e:16:28:ab:c2:0f:d6:5b:03:
+ f2:12:68:89:ae:d8:0f:4d:11:de:68:19:7f:57:d3:
+ 43:3e:e2:98:f0:94:7c:c1:f5:5d:1d:88:12:28:9e:
+ d0:b0:2b:a5:d1:6e:41:82:1e:e1:31:da:71:4f:b6:
+ 5c:9c:49:fb:b6:4c:69:e6:e9:2a:94:64:dc:eb:08:
+ 33:a0:2c:63:84:40:0f:c4:d6:f3:3d:33:de:08:ab:
+ ad:21:d4:58:14:de:9a:96:d6:a8:bd:69:7d:a1:2d:
+ dd:11:7c:53:27:4b:0d:60:e6:aa:3e:ec:74:a7:bc:
+ ef:86:05:57:22:4c:a3:e0:eb:3c:f8:8b:d1:fb:3f:
+ 8d:e3:e2:22:ef:cf:d3:c1:ff:55:0d:8e:bf:4e:60:
+ 50:6f:3f:16:28:81:5e:9d:39:48:ee:fb:2c:08:83:
+ cd:a3:6c:ed:68:45:8f:1b:d4:ef:2a:7b:f0:50:75:
+ 8e:1a:cb:4e:c7:7f:71:34:76:96:af:d2:12:41:71:
+ 8c:e7:e4:29:53:9a:09:2a:92:85:b3:fd:52:40:a6:
+ bb:79:93:53:c5:ed:3a:40:fd:e3:12:a9:00:1c:ac:
+ 4c:f7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 08:0C:D0:E5:51:5B:A6:E7:E9:07:C7:69:3E:BA:AB:36:A3:8B:D3:4B
+ X509v3 Authority Key Identifier:
+ keyid:08:0C:D0:E5:51:5B:A6:E7:E9:07:C7:69:3E:BA:AB:36:A3:8B:D3:4B
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 7c:38:02:94:99:44:19:9d:81:b6:4a:82:6a:4d:68:2c:f5:52:
+ 92:1d:16:a9:2d:06:a6:bc:06:29:fc:e5:61:b9:15:67:05:f3:
+ c7:ce:5c:8e:5d:78:04:b8:c7:4d:d9:bf:05:42:3d:44:95:9c:
+ 26:f4:78:2c:19:22:57:2c:81:2e:a3:88:89:5b:8f:32:75:11:
+ 49:0c:1b:1f:05:41:1c:4e:29:71:ab:3f:5e:28:39:3f:27:eb:
+ 0c:32:89:23:50:6c:c9:77:4a:fc:73:bd:8a:91:c4:ef:70:5b:
+ 67:bb:b9:a7:8b:60:30:c6:09:f2:eb:d4:dd:ce:c4:e8:bc:33:
+ 17:2c:7a:80:fb:8a:63:49:7b:3c:bd:c1:3f:bc:67:ef:97:ca:
+ 6b:78:11:17:a2:57:9b:56:73:5e:ad:e6:21:4e:62:fd:29:6b:
+ 28:f5:32:ff:1a:00:b2:5c:aa:2a:f4:0a:a0:74:7a:76:65:ab:
+ 3d:e9:92:9d:0b:4c:09:2a:3b:7d:0f:24:d7:e5:4a:19:4e:06:
+ e1:53:0d:30:5a:5b:4d:56:4b:bb:83:d2:42:a4:f0:58:94:38:
+ 74:23:ea:02:13:76:4a:5e:a9:1c:32:f1:95:b1:9e:d1:8d:84:
+ 73:a9:52:94:91:61:f0:67:ed:6f:f6:96:f9:56:c0:fd:e8:0f:
+ b6:ee:bf:4f
-----BEGIN CERTIFICATE-----
-MIIDejCCAmKgAwIBAgIJAINbMi0Mb24EMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
-BAYTAklFMRIwEAYDVQQIDAlXZXN0bWVhdGgxEDAOBgNVBAcMB0F0aGxvbmUxDDAK
-BgNVBAoMA0VTWTEPMA0GA1UECwwGVGVjaG5vMB4XDTE5MDQyOTEyNTY0OFoXDTI5
-MDQyNjEyNTY0OFowUjELMAkGA1UEBhMCSUUxEjAQBgNVBAgMCVdlc3RtZWF0aDEQ
-MA4GA1UEBwwHQXRobG9uZTEMMAoGA1UECgwDRVNZMQ8wDQYDVQQLDAZUZWNobm8w
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBFiFHPO+6prpZfUsGaKTk
-tWSJN+4b+EtGgVqjYP/Oo0LLWvpAYgvgA/6198Gmt+dJCiOEa3y9+G+BW4XSFQnd
-IwbZlO599rkM5sz9VkBgpZHVE5QLOoko9ahZi8/ny8iSyF0IH8jE+dijXcHsYTCX
-tkKw9OE6HO+y04caBLdeidVzYUW/mSB+LBY9/PKwTOcWRM4em8l5sx8xZ3HtV27P
-1arNAFxq2K0cxoNPZJ+9xSN8yaZwc3QyXRYP8EDGN59SCAZWxkXAEhGaNm5golnY
-KCxsCKDGa5Zu4/JuwPbSUOvSkpojz2dft+keMVKIN14R5ng9EinLDO/ooMMz4pbT
-AgMBAAGjUzBRMB0GA1UdDgQWBBQl0gdoNInn0JvQoTUhU0MTvohrSDAfBgNVHSME
-GDAWgBQl0gdoNInn0JvQoTUhU0MTvohrSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBCwUAA4IBAQCJBq2ELa/OXonAarawEqvaVxek0zw+BE/9XC1fTdA1QI1K
-ozRFWxYOkSjTvkdEz+IxuCMvqMjPOrmwDNsVyjRlK1RtBn3RQSHx4T5rCHuvxD0G
-yffFxniJlOU2oMYD71bnW8AqlvyHckIF7jNFD+GnPoSCJWoakcV1RCvgkeZxNwAM
-sTnwaLtR1qrkl27NrvwUtwfRebUt/M7c+V7ZgWq1J8P859ZISqnbLgfzWhZ1CQ3X
-9FTO2sX8gQPvP7VkvHuXKNDuiMYvcXziMOp3G39RBoEvSLHq4xnJAw+YwaerOn5s
-CWHkzJ1IgLvuGfn22uEW+C+9DlMipfsEX1GfhviL
+MIIDxjCCAq6gAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2ltcGxlIFJv
+b3QgQ0EwHhcNMjEwMTE0MTExNDE1WhcNMzEwMTE0MTExNDE1WjB0MRMwEQYKCZIm
+iZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApT
+aW1wbGUgSW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2lt
+cGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkeiZj
+wdmAI+rIgS4u4ne+N8HWjDWkPFN84LGx4Z9JR/7mJF4WKKvCD9ZbA/ISaImu2A9N
+Ed5oGX9X00M+4pjwlHzB9V0diBIontCwK6XRbkGCHuEx2nFPtlycSfu2TGnm6SqU
+ZNzrCDOgLGOEQA/E1vM9M94Iq60h1FgU3pqW1qi9aX2hLd0RfFMnSw1g5qo+7HSn
+vO+GBVciTKPg6zz4i9H7P43j4iLvz9PB/1UNjr9OYFBvPxYogV6dOUju+ywIg82j
+bO1oRY8b1O8qe/BQdY4ay07Hf3E0dpav0hJBcYzn5ClTmgkqkoWz/VJAprt5k1PF
+7TpA/eMSqQAcrEz3AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBQIDNDlUVum5+kHx2k+uqs2o4vTSzAfBgNVHSMEGDAW
+gBQIDNDlUVum5+kHx2k+uqs2o4vTSzANBgkqhkiG9w0BAQUFAAOCAQEAfDgClJlE
+GZ2BtkqCak1oLPVSkh0WqS0GprwGKfzlYbkVZwXzx85cjl14BLjHTdm/BUI9RJWc
+JvR4LBkiVyyBLqOIiVuPMnURSQwbHwVBHE4pcas/Xig5PyfrDDKJI1BsyXdK/HO9
+ipHE73BbZ7u5p4tgMMYJ8uvU3c7E6LwzFyx6gPuKY0l7PL3BP7xn75fKa3gRF6JX
+m1ZzXq3mIU5i/SlrKPUy/xoAslyqKvQKoHR6dmWrPemSnQtMCSo7fQ8k1+VKGU4G
+4VMNMFpbTVZLu4PSQqTwWJQ4dCPqAhN2Sl6pHDLxlbGe0Y2Ec6lSlJFh8Gftb/aW
++VbA/egPtu6/Tw==
-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca1.crt b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca1.crt
new file mode 100644
index 0000000000..1576239925
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca1.crt
@@ -0,0 +1,82 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: DC=org, DC=simple, O=Simple Inc, OU=Simple Root CA, CN=Simple Root CA
+ Validity
+ Not Before: Jan 14 11:16:01 2021 GMT
+ Not After : Jan 14 11:16:01 2031 GMT
+ Subject: DC=org, DC=simple, O=Simple Inc, OU=Simple Signing CA, CN=Simple Signing CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:da:7b:d8:40:6a:3f:ac:c1:8c:34:e7:2b:af:7d:
+ 48:f3:e5:eb:a3:62:1f:a0:05:17:1b:00:7f:02:5f:
+ 61:89:0f:5a:8f:b6:21:d5:46:4a:b8:8d:77:30:dc:
+ 4a:e3:7b:6f:cb:21:64:98:07:20:93:fb:0a:0d:05:
+ cd:b5:d7:89:7f:1f:ce:8f:52:5f:96:62:b4:f6:93:
+ 6c:91:42:0c:a8:37:53:f8:5e:e2:14:f8:83:5f:e3:
+ 9a:fd:28:75:89:ee:be:b3:f8:1a:66:cc:a3:65:13:
+ 15:74:d9:ae:1c:6e:3b:dc:71:02:90:b6:8f:d8:74:
+ 26:56:76:fa:af:a8:44:93:9d:12:de:7a:23:de:15:
+ a7:8d:7b:54:ad:c2:a6:14:a3:af:4b:73:0c:7d:07:
+ 29:78:21:85:c6:6c:44:9e:31:91:e9:8a:b4:37:c6:
+ 63:48:c6:41:78:0a:9f:d4:12:75:65:d5:a0:72:68:
+ b3:71:29:93:78:94:a3:96:77:4a:ef:62:b9:a8:fa:
+ ec:11:38:e4:49:31:00:84:89:f1:11:99:6c:02:3c:
+ 6a:7d:1c:d0:60:4b:75:5d:83:6d:04:15:20:48:50:
+ 0e:1c:7c:56:0a:7b:2f:76:a3:2e:d0:9e:2d:cf:47:
+ ff:17:a3:76:2d:8d:d8:fd:23:20:d8:24:9b:64:3a:
+ 44:57
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Subject Key Identifier:
+ 2F:77:F6:0E:2A:F9:54:74:3A:A1:07:54:67:B8:66:5C:FA:AE:D7:17
+ X509v3 Authority Key Identifier:
+ keyid:08:0C:D0:E5:51:5B:A6:E7:E9:07:C7:69:3E:BA:AB:36:A3:8B:D3:4B
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 6d:55:6b:90:64:91:09:73:fb:3e:22:85:12:8d:cf:f5:8c:90:
+ e0:ee:34:9e:74:30:d3:0c:e9:fa:5c:c9:b7:5c:7e:0b:6b:3b:
+ 00:03:ea:7b:bc:fe:28:cc:9c:a1:1e:08:b4:69:a2:11:b7:f0:
+ 23:5e:33:3f:4b:e2:eb:1d:28:b7:ef:43:68:b8:ca:eb:a3:fb:
+ 98:92:3b:e1:a9:18:86:fe:3d:6b:2f:0d:f5:b7:09:10:fe:66:
+ 89:a3:09:29:e2:2f:d5:16:ef:5e:94:96:14:10:79:1c:f6:82:
+ c9:82:2d:bb:76:90:f1:e0:2d:67:01:17:7b:69:84:83:31:87:
+ f7:16:a1:f9:46:23:9c:36:81:51:3b:8a:c2:c9:0e:da:a9:bf:
+ 73:aa:46:ff:5d:35:35:34:4b:fc:63:c5:03:37:8e:26:a2:c4:
+ 95:d0:5b:94:46:94:bf:23:e7:4b:e0:7c:48:28:04:13:b5:e7:
+ b1:59:5e:85:f4:23:63:3d:f8:f5:d5:ca:90:f2:20:25:36:82:
+ 50:a8:75:17:d0:b7:32:12:9d:6e:2b:fa:99:15:6b:9f:c7:c3:
+ 7f:2e:ee:5b:19:b7:bf:f4:8e:be:79:50:93:87:08:a0:20:5c:
+ d0:45:5c:00:e5:ea:c4:12:4a:b1:59:fb:24:a3:6f:a5:cc:ce:
+ 73:c1:87:ac
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBAzANBgkqhkiG9w0BAQUFADB0MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2ltcGxlIFJv
+b3QgQ0EwHhcNMjEwMTE0MTExNjAxWhcNMzEwMTE0MTExNjAxWjB6MRMwEQYKCZIm
+iZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApT
+aW1wbGUgSW5jMRowGAYDVQQLDBFTaW1wbGUgU2lnbmluZyBDQTEaMBgGA1UEAwwR
+U2ltcGxlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDae9hAaj+swYw05yuvfUjz5eujYh+gBRcbAH8CX2GJD1qPtiHVRkq4jXcw3Erj
+e2/LIWSYByCT+woNBc2114l/H86PUl+WYrT2k2yRQgyoN1P4XuIU+INf45r9KHWJ
+7r6z+BpmzKNlExV02a4cbjvccQKQto/YdCZWdvqvqESTnRLeeiPeFaeNe1StwqYU
+o69Lcwx9Byl4IYXGbESeMZHpirQ3xmNIxkF4Cp/UEnVl1aByaLNxKZN4lKOWd0rv
+Yrmo+uwROORJMQCEifERmWwCPGp9HNBgS3Vdg20EFSBIUA4cfFYKey92oy7Qni3P
+R/8Xo3Ytjdj9IyDYJJtkOkRXAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNV
+HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQvd/YOKvlUdDqhB1RnuGZc+q7XFzAf
+BgNVHSMEGDAWgBQIDNDlUVum5+kHx2k+uqs2o4vTSzANBgkqhkiG9w0BAQUFAAOC
+AQEAbVVrkGSRCXP7PiKFEo3P9YyQ4O40nnQw0wzp+lzJt1x+C2s7AAPqe7z+KMyc
+oR4ItGmiEbfwI14zP0vi6x0ot+9DaLjK66P7mJI74akYhv49ay8N9bcJEP5miaMJ
+KeIv1RbvXpSWFBB5HPaCyYItu3aQ8eAtZwEXe2mEgzGH9xah+UYjnDaBUTuKwskO
+2qm/c6pG/101NTRL/GPFAzeOJqLEldBblEaUvyPnS+B8SCgEE7XnsVlehfQjYz34
+9dXKkPIgJTaCUKh1F9C3MhKdbiv6mRVrn8fDfy7uWxm3v/SOvnlQk4cIoCBc0EVc
+AOXqxBJKsVn7JKNvpczOc8GHrA==
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca2.crt b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca2.crt
new file mode 100644
index 0000000000..c0f743a450
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/signing-ca2.crt
@@ -0,0 +1,82 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: DC=org, DC=simple, O=Simple Inc, OU=Simple Root CA, CN=Simple Root CA
+ Validity
+ Not Before: Jan 14 11:29:38 2021 GMT
+ Not After : Jan 14 11:29:38 2031 GMT
+ Subject: DC=org, DC=simple, O=Simple Inc, OU=Simple Signing CA, CN=Simple Signing CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:b7:a4:4b:30:86:d8:af:90:5b:d7:a2:f9:ab:34:
+ 1d:dd:0a:40:b5:11:3a:33:8a:01:d1:24:18:5e:0a:
+ ad:a4:d2:cd:b7:0f:46:16:5a:b5:5c:dd:d9:10:cf:
+ b5:6a:14:e8:23:c3:35:f7:85:2f:82:13:7e:03:76:
+ 28:c1:7d:dd:ed:3b:78:b3:4e:b8:ac:b8:87:97:2c:
+ 21:67:e3:5b:74:c1:87:d1:bc:ba:1e:f3:98:8e:eb:
+ 16:90:09:4f:fa:bb:d2:92:fc:77:79:74:9e:de:41:
+ 4e:3e:fd:cc:5c:08:33:d4:58:f7:44:5c:86:62:c4:
+ 8d:70:c1:a1:e7:87:0a:0b:6a:16:07:da:66:ff:bb:
+ 1b:be:1b:0e:14:25:a0:36:d4:e5:63:b2:a5:fd:08:
+ e7:4f:c4:4e:d4:77:db:28:5d:59:cd:c0:05:55:c2:
+ 00:9d:44:94:b4:f7:9d:32:d2:3c:f9:1b:a4:ca:80:
+ 85:c2:14:36:24:f2:5f:50:b3:33:3e:ec:9e:58:71:
+ 94:d5:3d:d1:97:f7:bd:cc:a5:aa:11:6a:38:3b:c6:
+ ff:ab:a2:81:ab:67:f2:10:cd:43:79:75:09:c3:93:
+ 22:10:5b:58:34:bb:d4:17:ec:2b:90:a2:7a:1b:68:
+ ab:de:25:34:70:48:19:29:57:ee:e4:f8:2e:76:07:
+ 56:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Subject Key Identifier:
+ 25:C0:9E:5E:BC:5B:CA:3A:22:00:6C:34:28:31:DD:E6:18:AB:B6:BE
+ X509v3 Authority Key Identifier:
+ keyid:08:0C:D0:E5:51:5B:A6:E7:E9:07:C7:69:3E:BA:AB:36:A3:8B:D3:4B
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 40:16:4b:11:e2:d4:f2:ed:e7:b2:04:6f:3a:0e:66:2d:45:4b:
+ 3e:95:27:47:0e:35:7d:14:c7:40:bf:ce:9d:fd:25:60:03:8d:
+ 4f:7d:8a:7c:1f:11:f8:4c:27:e1:0c:72:3c:3f:ef:15:ac:3c:
+ b7:9c:d3:81:e9:58:7f:be:e6:8e:9a:e8:13:12:68:2c:2e:a6:
+ 75:45:d5:91:ec:3a:3f:95:60:2b:59:36:6f:ea:68:8c:01:4b:
+ 96:ad:1c:45:20:fe:61:db:fd:0c:c3:6a:84:72:47:8e:f5:60:
+ 76:98:90:00:27:a1:65:15:95:69:a3:1c:a9:48:6b:96:4e:13:
+ 93:54:a7:fb:5c:93:4b:c6:94:97:9f:09:36:70:b6:7a:cc:b6:
+ 1d:8d:1e:0d:b3:54:11:a9:7a:ab:ec:80:76:e9:14:e2:a8:99:
+ cb:4f:7f:58:ef:65:e7:fe:f6:b5:31:45:9e:69:c7:f6:4d:a8:
+ 33:d9:15:d7:e1:1c:93:ff:03:75:be:53:8c:a9:02:f2:e7:c3:
+ 0b:06:f6:72:83:32:55:da:ac:8f:5c:ad:3d:0d:a0:e2:87:d2:
+ bb:6f:b0:07:0a:ee:bd:2b:5a:09:10:9c:39:1a:66:6e:86:be:
+ 30:ce:79:dc:40:22:78:ca:a2:fb:44:3b:f9:5b:a0:45:9d:7d:
+ 99:3f:66:3e
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIBBDANBgkqhkiG9w0BAQUFADB0MRMwEQYKCZImiZPyLGQB
+GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
+SW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2ltcGxlIFJv
+b3QgQ0EwHhcNMjEwMTE0MTEyOTM4WhcNMzEwMTE0MTEyOTM4WjB6MRMwEQYKCZIm
+iZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApT
+aW1wbGUgSW5jMRowGAYDVQQLDBFTaW1wbGUgU2lnbmluZyBDQTEaMBgGA1UEAwwR
+U2ltcGxlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC3pEswhtivkFvXovmrNB3dCkC1ETozigHRJBheCq2k0s23D0YWWrVc3dkQz7Vq
+FOgjwzX3hS+CE34DdijBfd3tO3izTrisuIeXLCFn41t0wYfRvLoe85iO6xaQCU/6
+u9KS/Hd5dJ7eQU4+/cxcCDPUWPdEXIZixI1wwaHnhwoLahYH2mb/uxu+Gw4UJaA2
+1OVjsqX9COdPxE7Ud9soXVnNwAVVwgCdRJS0950y0jz5G6TKgIXCFDYk8l9QszM+
+7J5YcZTVPdGX973MpaoRajg7xv+rooGrZ/IQzUN5dQnDkyIQW1g0u9QX7CuQonob
+aKveJTRwSBkpV+7k+C52B1blAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNV
+HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQlwJ5evFvKOiIAbDQoMd3mGKu2vjAf
+BgNVHSMEGDAWgBQIDNDlUVum5+kHx2k+uqs2o4vTSzANBgkqhkiG9w0BAQUFAAOC
+AQEAQBZLEeLU8u3nsgRvOg5mLUVLPpUnRw41fRTHQL/Onf0lYAONT32KfB8R+Ewn
+4QxyPD/vFaw8t5zTgelYf77mjproExJoLC6mdUXVkew6P5VgK1k2b+pojAFLlq0c
+RSD+Ydv9DMNqhHJHjvVgdpiQACehZRWVaaMcqUhrlk4Tk1Sn+1yTS8aUl58JNnC2
+esy2HY0eDbNUEal6q+yAdukU4qiZy09/WO9l5/72tTFFnmnH9k2oM9kV1+Eck/8D
+db5TjKkC8ufDCwb2coMyVdqsj1ytPQ2g4ofSu2+wBwruvStaCRCcORpmboa+MM55
+3EAieMqi+0Q7+VugRZ19mT9mPg==
+-----END CERTIFICATE-----