summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend
diff options
context:
space:
mode:
Diffstat (limited to 'openecomp-be/backend')
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java2
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java84
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java104
-rw-r--r--openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java154
4 files changed, 267 insertions, 77 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java
index bf5abe3737..781b4a6e2c 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java
@@ -61,7 +61,7 @@ public class CsarSecurityValidator {
}
private boolean isArtifactInfoPresent(final ArtifactInfo artifactInfo) {
- return artifactInfo != null && artifactInfo.getPath() != null;
+ return artifactInfo != null;
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
index fec15b5fcc..53728c0489 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java
@@ -19,12 +19,12 @@
*/
package org.openecomp.sdc.vendorsoftwareproduct.security;
-import static java.nio.file.StandardCopyOption.REPLACE_EXISTING;
-
import com.google.common.collect.ImmutableSet;
+import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
+import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
@@ -56,7 +56,8 @@ import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
-import java.util.zip.ZipFile;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
@@ -69,7 +70,9 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
-import org.openecomp.sdc.common.errors.SdcRuntimeException;
+import org.openecomp.sdc.be.csar.storage.ArtifactStorageConfig;
+import org.openecomp.sdc.be.csar.storage.ArtifactStorageManager;
+import org.openecomp.sdc.be.csar.storage.StorageFactory;
import org.openecomp.sdc.logging.api.Logger;
import org.openecomp.sdc.logging.api.LoggerFactory;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
@@ -83,9 +86,10 @@ public class SecurityManager {
public static final Set<String> ALLOWED_SIGNATURE_EXTENSIONS = Set.of("cms");
public static final Set<String> ALLOWED_CERTIFICATE_EXTENSIONS = Set.of("cert", "crt");
private static final String CERTIFICATE_DEFAULT_LOCATION = "cert";
- private static final Logger logger = LoggerFactory.getLogger(SecurityManager.class);
+ private static final Logger LOGGER = LoggerFactory.getLogger(SecurityManager.class);
private static final String UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION = "Unexpected error occurred during signature validation!";
private static final String COULD_NOT_VERIFY_SIGNATURE = "Could not verify signature!";
+ private static final String EXTERNAL_CSAR_STORE = "externalCsarStore";
static {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
@@ -120,7 +124,7 @@ public class SecurityManager {
//if file number in certificate directory changed reload certs
String[] certFiles = certificateDirectory.list();
if (certFiles == null) {
- logger.error("Certificate directory is empty!");
+ LOGGER.error("Certificate directory is empty!");
return ImmutableSet.copyOf(new HashSet<>());
}
if (trustedCertificates.size() != certFiles.length) {
@@ -160,7 +164,7 @@ public class SecurityManager {
}
return verify(packageCert, new CMSSignedData(new CMSProcessableByteArray(innerPackageFile), ContentInfo.getInstance(parsedObject)));
} catch (final IOException | CMSException e) {
- logger.error(e.getMessage(), e);
+ LOGGER.error(e.getMessage(), e);
throw new SecurityManagerException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e);
}
}
@@ -168,14 +172,27 @@ public class SecurityManager {
public boolean verifyPackageSignedData(final OnboardSignedPackage signedPackage, final ArtifactInfo artifactInfo)
throws SecurityManagerException {
boolean fail = false;
+
+ final StorageFactory storageFactory = new StorageFactory();
+ final ArtifactStorageManager artifactStorageManager = storageFactory.createArtifactStorageManager();
+ final ArtifactStorageConfig storageConfiguration = artifactStorageManager.getStorageConfiguration();
+
final var fileContentHandler = signedPackage.getFileContentHandler();
byte[] packageCert = null;
final Optional<String> certificateFilePath = signedPackage.getCertificateFilePath();
if (certificateFilePath.isPresent()) {
packageCert = fileContentHandler.getFileContent(certificateFilePath.get());
}
- final var path = artifactInfo.getPath();
- final var target = Path.of(path.toString() + "." + UUID.randomUUID());
+
+ final Path folder = Path.of(storageConfiguration.getTempPath());
+ try {
+ Files.createDirectories(folder);
+ } catch (final IOException e) {
+ fail = true;
+ throw new SecurityManagerException(String.format("Failed to create directory '%s'", folder), e);
+ }
+
+ final var target = folder.resolve(UUID.randomUUID().toString());
try (final var signatureStream = new ByteArrayInputStream(fileContentHandler.getFileContent(signedPackage.getSignatureFilePath()));
final var pemParser = new PEMParser(new InputStreamReader(signatureStream))) {
@@ -185,16 +202,18 @@ public class SecurityManager {
throw new SecurityManagerException("Signature is not recognized");
}
- if (!findCSARandExtract(path, target)) {
- fail = true;
- return false;
+ try (final InputStream inputStream = artifactStorageManager.get(artifactInfo)) {
+ if (!findCSARandExtract(inputStream, target)) {
+ fail = true;
+ return false;
+ }
}
final var verify = verify(packageCert, new CMSSignedData(new CMSProcessableFile(target.toFile()), ContentInfo.getInstance(parsedObject)));
fail = !verify;
return verify;
} catch (final IOException e) {
fail = true;
- logger.error(e.getMessage(), e);
+ LOGGER.error(e.getMessage(), e);
throw new SecurityManagerException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e);
} catch (final CMSException e) {
fail = true;
@@ -205,7 +224,7 @@ public class SecurityManager {
} finally {
deleteFile(target);
if (fail) {
- deleteFile(path);
+ artifactStorageManager.delete(artifactInfo);
}
}
}
@@ -214,7 +233,7 @@ public class SecurityManager {
try {
Files.delete(filePath);
} catch (final IOException e) {
- logger.warn("Failed to delete '{}' after verifying package signed data", filePath, e);
+ LOGGER.warn("Failed to delete '{}' after verifying package signed data", filePath, e);
}
}
@@ -246,20 +265,25 @@ public class SecurityManager {
}
}
- private boolean findCSARandExtract(final Path path, final Path target) throws IOException {
+ private boolean findCSARandExtract(final InputStream inputStream, final Path target) throws IOException {
final AtomicBoolean found = new AtomicBoolean(false);
- try (final var zf = new ZipFile(path.toString())) {
- zf.entries().asIterator().forEachRemaining(entry -> {
- final var entryName = entry.getName();
- if (!entry.isDirectory() && entryName.toLowerCase().endsWith(".csar")) {
- try {
- Files.copy(zf.getInputStream(entry), target, REPLACE_EXISTING);
- } catch (final IOException e) {
- throw new SdcRuntimeException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e);
+
+ final var zipInputStream = new ZipInputStream(inputStream);
+ ZipEntry zipEntry;
+ byte[] buffer = new byte[2048];
+ while ((zipEntry = zipInputStream.getNextEntry()) != null) {
+ final var entryName = zipEntry.getName();
+ if (!zipEntry.isDirectory() && entryName.toLowerCase().endsWith(".csar")) {
+ try (final FileOutputStream fos = new FileOutputStream(target.toFile());
+ final BufferedOutputStream bos = new BufferedOutputStream(fos, buffer.length)) {
+
+ int len;
+ while ((len = zipInputStream.read(buffer)) > 0) {
+ bos.write(buffer, 0, len);
}
- found.set(true);
}
- });
+ found.set(true);
+ }
}
return found.get();
}
@@ -289,12 +313,12 @@ public class SecurityManager {
private void processCertificateDir() throws SecurityManagerException {
if (!certificateDirectory.exists() || !certificateDirectory.isDirectory()) {
- logger.error("Issue with certificate directory, check if exists!");
+ LOGGER.error("Issue with certificate directory, check if exists!");
return;
}
File[] files = certificateDirectory.listFiles();
if (files == null) {
- logger.error("Certificate directory is empty!");
+ LOGGER.error("Certificate directory is empty!");
return;
}
for (File f : files) {
@@ -399,10 +423,10 @@ public class SecurityManager {
try {
cert.checkValidity();
} catch (CertificateExpiredException e) {
- logger.error(e.getMessage(), e);
+ LOGGER.error(e.getMessage(), e);
return true;
} catch (CertificateNotYetValidException e) {
- logger.error(e.getMessage(), e);
+ LOGGER.error(e.getMessage(), e);
return false;
}
return false;
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
index 96d11eb148..5f880701f3 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java
@@ -24,25 +24,43 @@ import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
-import static org.mockito.MockitoAnnotations.initMocks;
-
+import static org.mockito.MockitoAnnotations.openMocks;
+import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO;
+
+import io.minio.GetObjectArgs;
+import io.minio.GetObjectResponse;
+import io.minio.MinioClient;
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
-import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
+import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo;
+import org.openecomp.sdc.common.CommonConfigurationManager;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager;
@@ -50,6 +68,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
+@ExtendWith(MockitoExtension.class)
class CsarSecurityValidatorTest {
private static final String BASE_DIR = "/vspmanager.csar/signing/";
@@ -57,6 +76,16 @@ class CsarSecurityValidatorTest {
private CsarSecurityValidator csarSecurityValidator;
@Mock
private SecurityManager securityManager;
+ @Mock
+ private CommonConfigurationManager commonConfigurationManager;
+ @Mock
+ private MinioClient minioClient;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private MinioClient.Builder builderMinio;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private GetObjectArgs.Builder getObjectArgsBuilder;
+ @Mock
+ private GetObjectArgs getObjectArgs;
@AfterEach
void tearDown() throws Exception {
@@ -74,7 +103,7 @@ class CsarSecurityValidatorTest {
@BeforeEach
public void setUp() throws Exception {
- initMocks(this);
+ openMocks(this);
csarSecurityValidator = new CsarSecurityValidator(securityManager);
backup();
}
@@ -88,9 +117,9 @@ class CsarSecurityValidatorTest {
}
@Test
- void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException {
+ void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException {
final byte[] packageBytes = getFileBytesOrFail("signed-package.zip");
- final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null);
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package.zip", packageBytes, null);
when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true);
final boolean isSignatureValid = csarSecurityValidator
.verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
@@ -98,15 +127,53 @@ class CsarSecurityValidatorTest {
}
@Test
- void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException {
- final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
- final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null);
- //no mocked securityManager
- csarSecurityValidator = new CsarSecurityValidator();
- Assertions.assertThrows(SecurityManagerException.class, () -> {
- csarSecurityValidator
- .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
- });
+ void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws Exception {
+
+ final Map<String, Object> endpoint = new HashMap<>();
+ endpoint.put("host", "localhost");
+ endpoint.put("port", 9000);
+ final Map<String, Object> credentials = new HashMap<>();
+ credentials.put("accessKey", "login");
+ credentials.put("secretKey", "password");
+
+ try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) {
+ utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager);
+ try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) {
+ minioUtilities.when(MinioClient::builder).thenReturn(builderMinio);
+ when(builderMinio
+ .endpoint(anyString(), anyInt(), anyBoolean())
+ .credentials(anyString(), anyString())
+ .build()
+ ).thenReturn(minioClient);
+
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package");
+ when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name());
+
+ final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
+
+ when(getObjectArgsBuilder
+ .bucket(anyString())
+ .object(anyString())
+ .build()
+ ).thenReturn(getObjectArgs);
+
+ when(minioClient.getObject(any(GetObjectArgs.class)))
+ .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName",
+ new BufferedInputStream(new ByteArrayInputStream(packageBytes))));
+
+ final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package-tampered-data.zip",
+ packageBytes,
+ null);
+ //no mocked securityManager
+ csarSecurityValidator = new CsarSecurityValidator();
+ Assertions.assertThrows(SecurityManagerException.class, () -> {
+ csarSecurityValidator.verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(),
+ onboardPackageInfo.getArtifactInfo());
+ });
+ }
+ }
}
@Test
@@ -148,11 +215,10 @@ class CsarSecurityValidatorTest {
CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI()));
}
- private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes,
- final CnfPackageValidator cnfPackageValidator) {
+ private OnboardPackageInfo loadSignedPackageWithArtifactInfoS3Store(final String packageName, final byte[] packageBytes,
+ final CnfPackageValidator cnfPackageValidator) {
final OnboardingPackageProcessor onboardingPackageProcessor =
- new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator,
- new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip")));
+ new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, new MinIoArtifactInfo("bucket", "object"));
final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
if (onboardPackageInfo == null) {
fail("Unexpected error. Could not load original package");
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index 6dc5517c45..afc43967c9 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -22,29 +22,61 @@ package org.openecomp.sdc.vendorsoftwareproduct.security;
import static junit.framework.TestCase.assertEquals;
import static junit.framework.TestCase.assertTrue;
-
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.openMocks;
+import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO;
+
+import io.minio.GetObjectArgs;
+import io.minio.GetObjectResponse;
+import io.minio.MinioClient;
+import java.io.BufferedInputStream;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
-import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
-import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo;
+import org.openecomp.sdc.common.CommonConfigurationManager;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
+@ExtendWith(MockitoExtension.class)
class SecurityManagerTest {
private File certDir;
private String cerDirPath = "/tmp/cert/";
private SecurityManager securityManager;
+ @Mock
+ private CommonConfigurationManager commonConfigurationManager;
+ @Mock
+ private MinioClient minioClient;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private MinioClient.Builder builderMinio;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private GetObjectArgs.Builder getObjectArgsBuilder;
+ @Mock
+ private GetObjectArgs getObjectArgs;
private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
File origFile = new File(getClass().getResource(origFilePath).toURI());
@@ -60,12 +92,14 @@ class SecurityManagerTest {
@BeforeEach
public void setUp() throws IOException {
+ openMocks(this);
certDir = new File(cerDirPath);
if (certDir.exists()) {
tearDown();
}
certDir.mkdirs();
securityManager = new SecurityManager(certDir.getPath());
+
}
@AfterEach
@@ -123,18 +157,51 @@ class SecurityManagerTest {
}
@Test
- void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled()
- throws IOException, URISyntaxException, SecurityManagerException {
- prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
- byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip");
-
- final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes,
- new CnfPackageValidator(),
- new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip")));
- final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
-
- assertTrue(securityManager
- .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
+ void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception {
+
+ final Map<String, Object> endpoint = new HashMap<>();
+ endpoint.put("host", "localhost");
+ endpoint.put("port", 9000);
+ final Map<String, Object> credentials = new HashMap<>();
+ credentials.put("accessKey", "login");
+ credentials.put("secretKey", "password");
+
+ try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) {
+ utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager);
+ try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) {
+ minioUtilities.when(MinioClient::builder).thenReturn(builderMinio);
+ when(builderMinio
+ .endpoint(anyString(), anyInt(), anyBoolean())
+ .credentials(anyString(), anyString())
+ .build()
+ ).thenReturn(minioClient);
+
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package");
+ when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name());
+
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip");
+ when(getObjectArgsBuilder
+ .bucket(anyString())
+ .object(anyString())
+ .build()
+ ).thenReturn(getObjectArgs);
+
+ when(minioClient.getObject(any(GetObjectArgs.class)))
+ .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName",
+ new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes))));
+
+ final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes,
+ new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName"));
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+
+ assertTrue(securityManager
+ .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(),
+ onboardPackageInfo.getArtifactInfo()));
+ }
+ }
}
@Test
@@ -158,18 +225,51 @@ class SecurityManagerTest {
}
@Test
- void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled()
- throws IOException, URISyntaxException, SecurityManagerException {
- prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
- byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip");
-
- final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes,
- new CnfPackageValidator(),
- new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip")));
- final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
-
- assertTrue(securityManager
- .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
+ void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception {
+
+ final Map<String, Object> endpoint = new HashMap<>();
+ endpoint.put("host", "localhost");
+ endpoint.put("port", 9000);
+ final Map<String, Object> credentials = new HashMap<>();
+ credentials.put("accessKey", "login");
+ credentials.put("secretKey", "password");
+
+ try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) {
+ utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager);
+ try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) {
+ minioUtilities.when(MinioClient::builder).thenReturn(builderMinio);
+ when(builderMinio
+ .endpoint(anyString(), anyInt(), anyBoolean())
+ .credentials(anyString(), anyString())
+ .build()
+ ).thenReturn(minioClient);
+
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials);
+ when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("tempPath");
+ when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name());
+
+ prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
+ byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip");
+ when(getObjectArgsBuilder
+ .bucket(anyString())
+ .object(anyString())
+ .build()
+ ).thenReturn(getObjectArgs);
+
+ when(minioClient.getObject(any(GetObjectArgs.class)))
+ .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName",
+ new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes))));
+
+ final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes,
+ new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName"));
+ final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
+
+ assertTrue(securityManager
+ .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(),
+ onboardPackageInfo.getArtifactInfo()));
+ }
+ }
}
@Test