summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend
diff options
context:
space:
mode:
authorandre.schmid <andre.schmid@est.tech>2021-01-28 17:53:22 +0000
committerVasyl Razinkov <vasyl.razinkov@est.tech>2021-02-21 13:07:13 +0000
commit13b39127c1c91d7c05c67ea2c14220c8f992cba5 (patch)
tree755c7ad631c0673c73e28f415cca9682889e729b /openecomp-be/backend
parent8cc03e2c78639be5500ab50f3ebaaf7d64404775 (diff)
ETSI SOL007 3.3.1 package security option 2
Change-Id: I4e021c517449e6ddf11571c02d0b4bdbc93e7c1e Issue-ID: SDC-2614 Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'openecomp-be/backend')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java53
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt1
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt.cms18
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.cert24
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.key28
5 files changed, 98 insertions, 26 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index 3b24c4feb6..b5479e0868 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -20,27 +20,27 @@
package org.openecomp.sdc.vendorsoftwareproduct.security;
-import org.apache.commons.io.FileUtils;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertTrue;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
-
-import static junit.framework.TestCase.assertEquals;
-import static junit.framework.TestCase.assertTrue;
+import org.apache.commons.io.FileUtils;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
public class SecurityManagerTest {
+
private File certDir;
private String cerDirPath = "/tmp/cert/";
private SecurityManager securityManager;
- private File PrepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
+ private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
File origFile = new File(getClass().getResource(origFilePath).toURI());
File newFile = new File(newFilePath);
newFile.createNewFile();
@@ -72,7 +72,7 @@ public class SecurityManagerTest {
@Test
public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
- File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
+ File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
assertEquals(1, securityManager.getTrustedCertificates().size());
newFile.delete();
assertEquals(0, securityManager.getTrustedCertificates().size());
@@ -98,9 +98,9 @@ public class SecurityManagerTest {
@Test
public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
- File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
+ File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
assertTrue(securityManager.getTrustedCertificates().size() == 1);
- File otherNewFile = PrepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
+ File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
assertEquals(2, securityManager.getTrustedCertificates().size());
otherNewFile.delete();
assertEquals(1, securityManager.getTrustedCertificates().size());
@@ -110,7 +110,7 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
- PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
assertTrue(securityManager.verifySignedData(signature, null, archive));
@@ -119,7 +119,7 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
- PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
securityManager.verifySignedData(signature, null, archive);
@@ -129,7 +129,7 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
- PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
@@ -138,8 +138,8 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
- PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
- PrepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
@@ -149,8 +149,8 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
- PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
- PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
@@ -160,9 +160,10 @@ public class SecurityManagerTest {
}
@Test
- public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
- PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
- PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
+ throws IOException, URISyntaxException, SecurityManagerException {
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
assertTrue(securityManager.verifySignedData(signature, null, archive));
@@ -170,8 +171,8 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
- PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
- PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
@@ -181,7 +182,7 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
- PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
+ prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
@@ -193,7 +194,7 @@ public class SecurityManagerTest {
@Test
public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
Assertions.assertThrows(SecurityManagerException.class, () -> {
- PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
+ prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
securityManager.verifySignedData(signature, null, archive);
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt
new file mode 100644
index 0000000000..cf3472103d
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt
@@ -0,0 +1 @@
+This is a file to be signed.
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt.cms b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt.cms
new file mode 100644
index 0000000000..c0ac6467da
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/fileToSign.txt.cms
@@ -0,0 +1,18 @@
+-----BEGIN CMS-----
+MIIC8gYJKoZIhvcNAQcCoIIC4zCCAt8CAQExDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYICvDCCArgCAQEwgaswgZIxCzAJBgNVBAYTAklSMRIwEAYDVQQIDAlX
+ZXN0bWVhdGgxEDAOBgNVBAcMB0F0aGxvbmUxETAPBgNVBAoMCGVzdC50ZWNoMREw
+DwYDVQQLDAhlc3QudGVjaDERMA8GA1UEAwwIZXN0LnRlY2gxJDAiBgkqhkiG9w0B
+CQEWFWFuZHJlLnNjaG1pZEBlc3QudGVjaAIUPr/6LGtQEr6HkS9OPY3VkUJocycw
+CwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
+hvcNAQkFMQ8XDTIxMDEyODE2NTY0MlowLwYJKoZIhvcNAQkEMSIEIKJ0GRZdnzHz
+edaHW6QPdArXCWESAmfwrhzusQh4iDofMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZI
+AWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYI
+KoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC
+AgEoMA0GCSqGSIb3DQEBAQUABIIBAFDH2MqTh2j7hhctKghJ0QJFyE2u8zkrWlzD
+WSVhVBJGiVHIuDe5bBGbT5h0Vvwde2bFNvb448p7Ymps68g8Wh+oFHS4wEEfmGtX
+rCjO+fw8JSol4/y0R49xBhACMgVzuUo7v6uaHMy13sHNsyFbA6k/QmV2nPYaD0VY
+6/qQN50soiNA/XGt6iDEwKsPMVv45Fl/tt/ldQ9MEpWaet3nvPS5/o2DMNQbB8c9
+moHi+05QLltoAQBn9dcipOuMXSyDUKFf0VsOBeHekTJ9BZdn4m938Vznr4zcE02P
+AvOTghecINTJEVCxwZlHf4sv96RjDLohMBX2VGY+6tjdgMCDDEg=
+-----END CMS-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.cert b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.cert
new file mode 100644
index 0000000000..24511f8456
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.cert
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBzCCAu+gAwIBAgIUPr/6LGtQEr6HkS9OPY3VkUJocycwDQYJKoZIhvcNAQEL
+BQAwgZIxCzAJBgNVBAYTAklSMRIwEAYDVQQIDAlXZXN0bWVhdGgxEDAOBgNVBAcM
+B0F0aGxvbmUxETAPBgNVBAoMCGVzdC50ZWNoMREwDwYDVQQLDAhlc3QudGVjaDER
+MA8GA1UEAwwIZXN0LnRlY2gxJDAiBgkqhkiG9w0BCQEWFWFuZHJlLnNjaG1pZEBl
+c3QudGVjaDAeFw0yMTAxMjgxNDIwMDBaFw0yMTAyMjcxNDIwMDBaMIGSMQswCQYD
+VQQGEwJJUjESMBAGA1UECAwJV2VzdG1lYXRoMRAwDgYDVQQHDAdBdGhsb25lMREw
+DwYDVQQKDAhlc3QudGVjaDERMA8GA1UECwwIZXN0LnRlY2gxETAPBgNVBAMMCGVz
+dC50ZWNoMSQwIgYJKoZIhvcNAQkBFhVhbmRyZS5zY2htaWRAZXN0LnRlY2gwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc2nm2hCmwkN0CHn4xtdERaUY5
+NnypzPbond32qhRQAfJodLqRJVHx6p7moHmYCZJyYQxxSaAHXGsg64NvkM3OUoIv
+S/9wVh3S7PX7ZdxBxntK8iLxVxMoqJ0rzboU0PAvMgBWKl5pI0YQRvnwZkOCCEbp
+5CaBmT+j8x526mbyozr8fyaxpVDEnbYNp464DPOuVtdlXAz8+xNP935bOYDhvt0N
+EL8Eb+8peGvxowHXwYwFRiySzu13Lx6yR5UP+KP5PidGzm8jAKlkxPLZg3yGH23q
+/6Lw/4inS/gsl0j+REzZLl1hWcMsXwYWn9K457Xryyv9vYdImi47w9cikIbHAgMB
+AAGjUzBRMB0GA1UdDgQWBBQTRLbprizfJqO3nTYCgAuIbEpEfzAfBgNVHSMEGDAW
+gBQTRLbprizfJqO3nTYCgAuIbEpEfzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQB3MDFS6LMogHjYxhfgFJsvbpvSu9QNLNezHIdwOpJlz+iNMMr6
+OqqVLMVBjAjdtXOUcY0QSmpL5Jo25/5LY4vXpRoJRBDcZDyWUjuDGksBuPr+vxeD
+lA/JQ+xT8XOkNi75KcgARw8FUEAuOtbZtPGycOQj+ckeHcywod+ZOB3lyKgUk1Jl
+9S0QGF+6PI7WgCh9NMRXmSyFz9pskUeZxT73QNmknUz88XG3HDOTT4wEwOABeOV4
+xjMnyTiIWO+MsO0Jf51TcdRIhoxDylGLyHV1ihkFd5XBLVaSxkbHr65N0pR97nee
+nnoSqS+jd965dR1Ixwnoap2tLegACXsNDgC+
+-----END CERTIFICATE-----
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.key b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.key
new file mode 100644
index 0000000000..779e7e1655
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/certificateManager/rootCA.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDc2nm2hCmwkN0C
+Hn4xtdERaUY5NnypzPbond32qhRQAfJodLqRJVHx6p7moHmYCZJyYQxxSaAHXGsg
+64NvkM3OUoIvS/9wVh3S7PX7ZdxBxntK8iLxVxMoqJ0rzboU0PAvMgBWKl5pI0YQ
+RvnwZkOCCEbp5CaBmT+j8x526mbyozr8fyaxpVDEnbYNp464DPOuVtdlXAz8+xNP
+935bOYDhvt0NEL8Eb+8peGvxowHXwYwFRiySzu13Lx6yR5UP+KP5PidGzm8jAKlk
+xPLZg3yGH23q/6Lw/4inS/gsl0j+REzZLl1hWcMsXwYWn9K457Xryyv9vYdImi47
+w9cikIbHAgMBAAECggEBAKasDpzKYvgIa3I09wGm+C/Opht5Xl16/H+S3DdSJeA3
+h+yC42W0p4INkXv1ca5m0umVCiHY8Xd8rLB8bIXe3yKtK+hrz0vFAd7zy7O9LJtL
+IjLuR6ahEyllDrBHIv6grBLCBnUApp1r7G1OU0O0uY/BlVrgPpshv2CIkt4liinj
+1Ix7Hy7bu2dp8JETon3sH4sqQ+/AJOalvR97FK1Dr6m2O3zF6b+kfb/9ZiVaork7
+kh03KblopQ8SG3N4YHGBcAGHRtRvfxCUYZ/CD1Ym8oeH/xRiYPJETeil6ogf2o5h
+3zbXVe1I1cOR5W2XVoSCvwbnH0lywx2jnvK+DtdYjLECgYEA/JV8a1DxOG+PEDmZ
+760bI5FTHwaq3aLVT9xnSfnRZzLpR1/dTLdS0R2plAggAcmp9OU2bSB17vmgUjg0
+2AmKNm2lyhCbP7H3IS5pBa4qmOn9i/HZpLkWMnS1h7wYyr0Q/6hfrJvCpkseFN9s
+2KWPGd/ehdVl1VJi/1uxh25q/bkCgYEA39chOw89IjJsPDY9sBhFBR03poiGMJB8
+sMPQ8fxxDiDHh+Hqn2GgAD7RFXtksxFd9iRrFCjMxL+Y+39zs29BpHklfGtZw8Ef
+jLxGORRam/NoTJDeyPgxjSlupSl436p2a72st2d948/2YHIH4tS3EaBjEJAcYA9O
+FXmI6/B16H8CgYEA+BcQDQyE0izpNUOOipbZyDaukRPocifFI1rV7Rg+cQHVlfB4
+GikaZCGhdbABWCAvGkalDczLaX2w1fE1HllIcyuBoxZqlsaDeQjvyM+IMYfrLTDQ
+2HWfctGll/vN0hygfKxxxMV9C/9OPawyah07kGuOUqAHFN+GM1Fp7x8qYakCgYEA
+g6Vy1dlQixw8q+z6uuaLMUbNxBPnWAiiTRPdf3SIyVZeA3zLEJHKGFrZfVjlEKvW
+Jz2j/GdChzRoNQHwekekw6a8dUBtusOKWqsgYdGmuLGfVeieHnRaMDt954VMob8P
+hq43NmaXk7Rroq1uFeolASjjGoqnJZfaxKaF8L2rmuECgYEAqjNkDrhmokEJ9Tj/
+Kj/bvFi9Hc67LPYNi24HqEHWFBu9Ss9SFMR5wyx+5sGmEffqoK6pQLhiivVCSJ+J
+4m6WCWRoXJWZsonUvVb68AajLw/FHjzMpxOehPVTRvwYFn77/0KmCnK40fe6y/dl
+yiV5bMP+AuBKc4+WITet1tYHM/c=
+-----END PRIVATE KEY-----