summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java99
1 files changed, 99 insertions, 0 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
new file mode 100644
index 0000000000..0fce606052
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
@@ -0,0 +1,99 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation;
+
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
+import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager;
+import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException;
+import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
+import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
+
+public class CsarSecurityValidatorTest {
+
+ private static final String BASE_DIR = "/vspmanager.csar/";
+ private CsarSecurityValidator csarSecurityValidator;
+ @Mock
+ SecurityManager securityManager;
+
+ @Before
+ public void setUp() {
+ initMocks(this);
+ csarSecurityValidator = new CsarSecurityValidator(securityManager);
+ }
+
+ @Test
+ public void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException {
+ final byte[] packageBytes = getFileBytesOrFail("signing/signed-package.zip");
+ final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package.zip",
+ packageBytes);
+ when(securityManager.verifySignedData(any(), any(), any())).thenReturn(true);
+ final boolean isSignatureValid = csarSecurityValidator.verifyPackageSignature(onboardSignedPackage);
+ assertThat("Signature should be valid", isSignatureValid, is(true));
+ }
+
+ @Test(expected = SecurityManagerException.class)
+ public void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException {
+ final byte[] packageBytes = getFileBytesOrFail("signing/signed-package-tampered-data.zip");
+ final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package-tampered-data.zip",
+ packageBytes);
+ //no mocked securityManager
+ csarSecurityValidator = new CsarSecurityValidator();
+ csarSecurityValidator.verifyPackageSignature(onboardSignedPackage);
+ }
+
+ private byte[] getFileBytesOrFail(final String path) {
+ try {
+ return getFileBytes(path);
+ } catch (final URISyntaxException | IOException e) {
+ fail("Could not load file " + path);
+ return null;
+ }
+ }
+
+ private byte[] getFileBytes(final String path) throws URISyntaxException, IOException {
+ return Files.readAllBytes(Paths.get(
+ CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI()));
+ }
+
+ private OnboardSignedPackage loadSignedPackage(final String packageName, final byte[] packageBytes) {
+ final OnboardingPackageProcessor onboardingPackageProcessor =
+ new OnboardingPackageProcessor(packageName, packageBytes);
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+ if (onboardPackageInfo == null) {
+ fail("Unexpected error. Could not load original package");
+ }
+
+ return (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage();
+ }
+}