summaryrefslogtreecommitdiffstats
path: root/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java')
-rw-r--r--common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java119
1 files changed, 119 insertions, 0 deletions
diff --git a/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java
new file mode 100644
index 0000000000..2f0031d6e1
--- /dev/null
+++ b/common-be/src/test/java/org/openecomp/sdc/be/csar/security/Sha256WithRsaCmsContentSignerTest.java
@@ -0,0 +1,119 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.csar.security;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.Key;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.cms.SignerInformationVerifier;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.openecomp.sdc.be.csar.security.api.CertificateReader;
+import org.openecomp.sdc.be.csar.security.api.PrivateKeyReader;
+import org.openecomp.sdc.be.csar.security.exception.CmsSignatureException;
+
+class Sha256WithRsaCmsContentSignerTest {
+
+ private Sha256WithRsaCmsContentSigner cmsContentSigner;
+ private PrivateKeyReader privateKeyReader;
+ private CertificateReader certificateReader;
+
+ private static final Path testFilesPath = Path.of("certificateManager", "signerTest");
+ private static final Path certFilesPath = Path.of("certificateManager", "realCert");
+
+ @BeforeEach
+ void setUp() {
+ Security.addProvider(new BouncyCastleProvider());
+ cmsContentSigner = new Sha256WithRsaCmsContentSigner();
+ privateKeyReader = new PrivateKeyReaderImpl();
+ certificateReader = new X509CertificateReader();
+ }
+
+ @AfterEach
+ void tearDown() {
+ Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
+ }
+
+ @Test
+ void signDataSuccessTest() throws OperatorCreationException, CMSException, IOException, CmsSignatureException {
+ final File certFile = getResourceFile(certFilesPath.resolve("realCert1.cert"));
+ final File keyFile = getResourceFile(certFilesPath.resolve("realCert1.key"));
+ final File fileToSign = getResourceFile(testFilesPath.resolve("fileToSign.txt"));
+ final Key privateKey = privateKeyReader.loadPrivateKey(keyFile);
+ final Certificate certificate = certificateReader.loadCertificate(certFile);
+ final byte[] actualSignatureBytes = cmsContentSigner
+ .signData(Files.readAllBytes(fileToSign.toPath()), certificate, privateKey);
+
+ assertTrue(verifySignature(Files.readAllBytes(fileToSign.toPath()), actualSignatureBytes,
+ (X509Certificate) certificate));
+ }
+
+ @Test
+ void signDataInvalidCertAndKeyTest() {
+ assertThrows(CmsSignatureException.class,
+ () -> cmsContentSigner.signData(null, null, null));
+ }
+
+ private boolean verifySignature(byte[] contentBytes, byte[] signatureBytes, X509Certificate certificate)
+ throws CMSException, OperatorCreationException {
+
+ final CMSSignedData cms = new CMSSignedData(new CMSProcessableByteArray(contentBytes), signatureBytes);
+ final SignerInformationStore signers = cms.getSignerInfos();
+ final SignerInformationVerifier signerInformationVerifier =
+ new JcaSimpleSignerInfoVerifierBuilder()
+ .setProvider(BouncyCastleProvider.PROVIDER_NAME).build(certificate);
+ for (final SignerInformation signer : signers.getSigners()) {
+ if (!signer.verify(signerInformationVerifier)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private File getResourceFile(final Path testResourcePath) {
+ final URL resource = getClass().getClassLoader().getResource(testResourcePath.toString());
+ if (resource == null) {
+ fail("Could not load the file " + testResourcePath.toString());
+ }
+
+ return new File(resource.getPath());
+ }
+
+} \ No newline at end of file