diff options
Diffstat (limited to 'openecomp-be/backend')
4 files changed, 267 insertions, 77 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java index bf5abe3737..781b4a6e2c 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java @@ -61,7 +61,7 @@ public class CsarSecurityValidator { } private boolean isArtifactInfoPresent(final ArtifactInfo artifactInfo) { - return artifactInfo != null && artifactInfo.getPath() != null; + return artifactInfo != null; } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java index fec15b5fcc..53728c0489 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java @@ -19,12 +19,12 @@ */ package org.openecomp.sdc.vendorsoftwareproduct.security; -import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; - import com.google.common.collect.ImmutableSet; +import java.io.BufferedOutputStream; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; @@ -56,7 +56,8 @@ import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Predicate; import java.util.stream.Collectors; import java.util.stream.Stream; -import java.util.zip.ZipFile; +import java.util.zip.ZipEntry; +import java.util.zip.ZipInputStream; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cms.CMSException; @@ -69,7 +70,9 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.operator.OperatorCreationException; import org.openecomp.sdc.be.csar.storage.ArtifactInfo; -import org.openecomp.sdc.common.errors.SdcRuntimeException; +import org.openecomp.sdc.be.csar.storage.ArtifactStorageConfig; +import org.openecomp.sdc.be.csar.storage.ArtifactStorageManager; +import org.openecomp.sdc.be.csar.storage.StorageFactory; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; @@ -83,9 +86,10 @@ public class SecurityManager { public static final Set<String> ALLOWED_SIGNATURE_EXTENSIONS = Set.of("cms"); public static final Set<String> ALLOWED_CERTIFICATE_EXTENSIONS = Set.of("cert", "crt"); private static final String CERTIFICATE_DEFAULT_LOCATION = "cert"; - private static final Logger logger = LoggerFactory.getLogger(SecurityManager.class); + private static final Logger LOGGER = LoggerFactory.getLogger(SecurityManager.class); private static final String UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION = "Unexpected error occurred during signature validation!"; private static final String COULD_NOT_VERIFY_SIGNATURE = "Could not verify signature!"; + private static final String EXTERNAL_CSAR_STORE = "externalCsarStore"; static { if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { @@ -120,7 +124,7 @@ public class SecurityManager { //if file number in certificate directory changed reload certs String[] certFiles = certificateDirectory.list(); if (certFiles == null) { - logger.error("Certificate directory is empty!"); + LOGGER.error("Certificate directory is empty!"); return ImmutableSet.copyOf(new HashSet<>()); } if (trustedCertificates.size() != certFiles.length) { @@ -160,7 +164,7 @@ public class SecurityManager { } return verify(packageCert, new CMSSignedData(new CMSProcessableByteArray(innerPackageFile), ContentInfo.getInstance(parsedObject))); } catch (final IOException | CMSException e) { - logger.error(e.getMessage(), e); + LOGGER.error(e.getMessage(), e); throw new SecurityManagerException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e); } } @@ -168,14 +172,27 @@ public class SecurityManager { public boolean verifyPackageSignedData(final OnboardSignedPackage signedPackage, final ArtifactInfo artifactInfo) throws SecurityManagerException { boolean fail = false; + + final StorageFactory storageFactory = new StorageFactory(); + final ArtifactStorageManager artifactStorageManager = storageFactory.createArtifactStorageManager(); + final ArtifactStorageConfig storageConfiguration = artifactStorageManager.getStorageConfiguration(); + final var fileContentHandler = signedPackage.getFileContentHandler(); byte[] packageCert = null; final Optional<String> certificateFilePath = signedPackage.getCertificateFilePath(); if (certificateFilePath.isPresent()) { packageCert = fileContentHandler.getFileContent(certificateFilePath.get()); } - final var path = artifactInfo.getPath(); - final var target = Path.of(path.toString() + "." + UUID.randomUUID()); + + final Path folder = Path.of(storageConfiguration.getTempPath()); + try { + Files.createDirectories(folder); + } catch (final IOException e) { + fail = true; + throw new SecurityManagerException(String.format("Failed to create directory '%s'", folder), e); + } + + final var target = folder.resolve(UUID.randomUUID().toString()); try (final var signatureStream = new ByteArrayInputStream(fileContentHandler.getFileContent(signedPackage.getSignatureFilePath())); final var pemParser = new PEMParser(new InputStreamReader(signatureStream))) { @@ -185,16 +202,18 @@ public class SecurityManager { throw new SecurityManagerException("Signature is not recognized"); } - if (!findCSARandExtract(path, target)) { - fail = true; - return false; + try (final InputStream inputStream = artifactStorageManager.get(artifactInfo)) { + if (!findCSARandExtract(inputStream, target)) { + fail = true; + return false; + } } final var verify = verify(packageCert, new CMSSignedData(new CMSProcessableFile(target.toFile()), ContentInfo.getInstance(parsedObject))); fail = !verify; return verify; } catch (final IOException e) { fail = true; - logger.error(e.getMessage(), e); + LOGGER.error(e.getMessage(), e); throw new SecurityManagerException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e); } catch (final CMSException e) { fail = true; @@ -205,7 +224,7 @@ public class SecurityManager { } finally { deleteFile(target); if (fail) { - deleteFile(path); + artifactStorageManager.delete(artifactInfo); } } } @@ -214,7 +233,7 @@ public class SecurityManager { try { Files.delete(filePath); } catch (final IOException e) { - logger.warn("Failed to delete '{}' after verifying package signed data", filePath, e); + LOGGER.warn("Failed to delete '{}' after verifying package signed data", filePath, e); } } @@ -246,20 +265,25 @@ public class SecurityManager { } } - private boolean findCSARandExtract(final Path path, final Path target) throws IOException { + private boolean findCSARandExtract(final InputStream inputStream, final Path target) throws IOException { final AtomicBoolean found = new AtomicBoolean(false); - try (final var zf = new ZipFile(path.toString())) { - zf.entries().asIterator().forEachRemaining(entry -> { - final var entryName = entry.getName(); - if (!entry.isDirectory() && entryName.toLowerCase().endsWith(".csar")) { - try { - Files.copy(zf.getInputStream(entry), target, REPLACE_EXISTING); - } catch (final IOException e) { - throw new SdcRuntimeException(UNEXPECTED_ERROR_OCCURRED_DURING_SIGNATURE_VALIDATION, e); + + final var zipInputStream = new ZipInputStream(inputStream); + ZipEntry zipEntry; + byte[] buffer = new byte[2048]; + while ((zipEntry = zipInputStream.getNextEntry()) != null) { + final var entryName = zipEntry.getName(); + if (!zipEntry.isDirectory() && entryName.toLowerCase().endsWith(".csar")) { + try (final FileOutputStream fos = new FileOutputStream(target.toFile()); + final BufferedOutputStream bos = new BufferedOutputStream(fos, buffer.length)) { + + int len; + while ((len = zipInputStream.read(buffer)) > 0) { + bos.write(buffer, 0, len); } - found.set(true); } - }); + found.set(true); + } } return found.get(); } @@ -289,12 +313,12 @@ public class SecurityManager { private void processCertificateDir() throws SecurityManagerException { if (!certificateDirectory.exists() || !certificateDirectory.isDirectory()) { - logger.error("Issue with certificate directory, check if exists!"); + LOGGER.error("Issue with certificate directory, check if exists!"); return; } File[] files = certificateDirectory.listFiles(); if (files == null) { - logger.error("Certificate directory is empty!"); + LOGGER.error("Certificate directory is empty!"); return; } for (File f : files) { @@ -399,10 +423,10 @@ public class SecurityManager { try { cert.checkValidity(); } catch (CertificateExpiredException e) { - logger.error(e.getMessage(), e); + LOGGER.error(e.getMessage(), e); return true; } catch (CertificateNotYetValidException e) { - logger.error(e.getMessage(), e); + LOGGER.error(e.getMessage(), e); return false; } return false; diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java index 96d11eb148..5f880701f3 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java @@ -24,25 +24,43 @@ import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; -import static org.mockito.MockitoAnnotations.initMocks; - +import static org.mockito.MockitoAnnotations.openMocks; +import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO; + +import io.minio.GetObjectArgs; +import io.minio.GetObjectResponse; +import io.minio.MinioClient; +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.UUID; import java.util.stream.Collectors; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Answers; import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; import org.openecomp.sdc.be.csar.storage.ArtifactInfo; -import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; +import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo; +import org.openecomp.sdc.common.CommonConfigurationManager; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; @@ -50,6 +68,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; +@ExtendWith(MockitoExtension.class) class CsarSecurityValidatorTest { private static final String BASE_DIR = "/vspmanager.csar/signing/"; @@ -57,6 +76,16 @@ class CsarSecurityValidatorTest { private CsarSecurityValidator csarSecurityValidator; @Mock private SecurityManager securityManager; + @Mock + private CommonConfigurationManager commonConfigurationManager; + @Mock + private MinioClient minioClient; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private MinioClient.Builder builderMinio; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private GetObjectArgs.Builder getObjectArgsBuilder; + @Mock + private GetObjectArgs getObjectArgs; @AfterEach void tearDown() throws Exception { @@ -74,7 +103,7 @@ class CsarSecurityValidatorTest { @BeforeEach public void setUp() throws Exception { - initMocks(this); + openMocks(this); csarSecurityValidator = new CsarSecurityValidator(securityManager); backup(); } @@ -88,9 +117,9 @@ class CsarSecurityValidatorTest { } @Test - void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException { + void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException { final byte[] packageBytes = getFileBytesOrFail("signed-package.zip"); - final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package.zip", packageBytes, null); when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true); final boolean isSignatureValid = csarSecurityValidator .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); @@ -98,15 +127,53 @@ class CsarSecurityValidatorTest { } @Test - void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException { - final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); - final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null); - //no mocked securityManager - csarSecurityValidator = new CsarSecurityValidator(); - Assertions.assertThrows(SecurityManagerException.class, () -> { - csarSecurityValidator - .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); - }); + void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws Exception { + + final Map<String, Object> endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map<String, Object> credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); + + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(packageBytes)))); + + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package-tampered-data.zip", + packageBytes, + null); + //no mocked securityManager + csarSecurityValidator = new CsarSecurityValidator(); + Assertions.assertThrows(SecurityManagerException.class, () -> { + csarSecurityValidator.verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo()); + }); + } + } } @Test @@ -148,11 +215,10 @@ class CsarSecurityValidatorTest { CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI())); } - private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes, - final CnfPackageValidator cnfPackageValidator) { + private OnboardPackageInfo loadSignedPackageWithArtifactInfoS3Store(final String packageName, final byte[] packageBytes, + final CnfPackageValidator cnfPackageValidator) { final OnboardingPackageProcessor onboardingPackageProcessor = - new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, - new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip"))); + new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, new MinIoArtifactInfo("bucket", "object")); final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); if (onboardPackageInfo == null) { fail("Unexpected error. Could not load original package"); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java index 6dc5517c45..afc43967c9 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java @@ -22,29 +22,61 @@ package org.openecomp.sdc.vendorsoftwareproduct.security; import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertTrue; - +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.openMocks; +import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO; + +import io.minio.GetObjectArgs; +import io.minio.GetObjectResponse; +import io.minio.MinioClient; +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; import java.net.URISyntaxException; import java.nio.file.Files; -import java.nio.file.Path; import java.nio.file.Paths; +import java.util.HashMap; +import java.util.Map; import org.apache.commons.io.FileUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Answers; +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; +import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo; +import org.openecomp.sdc.common.CommonConfigurationManager; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; +@ExtendWith(MockitoExtension.class) class SecurityManagerTest { private File certDir; private String cerDirPath = "/tmp/cert/"; private SecurityManager securityManager; + @Mock + private CommonConfigurationManager commonConfigurationManager; + @Mock + private MinioClient minioClient; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private MinioClient.Builder builderMinio; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private GetObjectArgs.Builder getObjectArgsBuilder; + @Mock + private GetObjectArgs getObjectArgs; private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException { File origFile = new File(getClass().getResource(origFilePath).toURI()); @@ -60,12 +92,14 @@ class SecurityManagerTest { @BeforeEach public void setUp() throws IOException { + openMocks(this); certDir = new File(cerDirPath); if (certDir.exists()) { tearDown(); } certDir.mkdirs(); securityManager = new SecurityManager(certDir.getPath()); + } @AfterEach @@ -123,18 +157,51 @@ class SecurityManagerTest { } @Test - void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() - throws IOException, URISyntaxException, SecurityManagerException { - prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); - byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip"); - - final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes, - new CnfPackageValidator(), - new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip"))); - final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); - - assertTrue(securityManager - .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception { + + final Map<String, Object> endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map<String, Object> credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip"); + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes)))); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName")); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo())); + } + } } @Test @@ -158,18 +225,51 @@ class SecurityManagerTest { } @Test - void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() - throws IOException, URISyntaxException, SecurityManagerException { - prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); - byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip"); - - final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes, - new CnfPackageValidator(), - new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip"))); - final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); - - assertTrue(securityManager - .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception { + + final Map<String, Object> endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map<String, Object> credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic<CommonConfigurationManager> utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic<MinioClient> minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("tempPath"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip"); + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes)))); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName")); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo())); + } + } } @Test |