diff options
Diffstat (limited to 'openecomp-be')
13 files changed, 429 insertions, 62 deletions
diff --git a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java index 1ec6a28e7d..cf34984fe0 100644 --- a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java +++ b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java @@ -59,6 +59,9 @@ public enum Messages { MANIFEST_EXPECTED_SOURCE_PATH("Expected Source entry path"), MANIFEST_EXPECTED_ALGORITHM_VALUE("Expected Algorithm entry value"), MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH("Expected 'Algorithm' entry before 'Hash' entry"), + MANIFEST_EXPECTED_SIGNATURE_VALUE("Expected 'Signature' entry value"), + MANIFEST_EXPECTED_CERTIFICATE_VALUE("Expected 'Certificate' entry value"), + MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE("Expected 'Signature' entry before 'Certificate' entry"), MANIFEST_DUPLICATED_CMS_SIGNATURE("Duplicated CMS signature"), MANIFEST_SIGNATURE_DUPLICATED("Duplicated manifest signature"), MANIFEST_SIGNATURE_LAST_ENTRY("The manifest signature must be the last entry of the manifest."), diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java index 326eb6a517..372517c5f9 100644 --- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java +++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java @@ -1,6 +1,7 @@ /* * Copyright © 2016-2017 European Support Limited * Modification Copyright (C) 2019 Nordix Foundation. + * Modification Copyright (C) 2021 Nokia. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,6 +47,7 @@ abstract class AbstractOnboardingManifest implements Manifest { protected List<String> sources; protected Map<String, List<String>> nonManoSources; protected Map<String, AlgorithmDigest> sourceAndChecksumMap = new HashMap<>(); + protected Map<String, SignatureData> sourceAndSignatureMap = new HashMap<>(); protected String cmsSignature; protected List<String> errors; protected boolean continueToProcess; diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java index 68ad91d29a..2e073a431a 100644 --- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java +++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java @@ -1,6 +1,7 @@ /* * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation + * Modification Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +39,9 @@ public enum ManifestTokenType { PNFD_NAME("pnfd_name"), PNFD_PROVIDER("pnfd_provider"), PNFD_ARCHIVE_VERSION("pnfd_archive_version"), - PNFD_RELEASE_DATE_TIME("pnfd_release_date_time"); + PNFD_RELEASE_DATE_TIME("pnfd_release_date_time"), + SIGNATURE("Signature"), + CERTIFICATE("Certificate"); private final String token; diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java index 8e67d7b5de..99ea9a5a13 100644 --- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java +++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java @@ -1,6 +1,7 @@ /*- * ============LICENSE_START======================================================= * Copyright (C) 2019 Nordix Foundation. + * Modification Copyright (C) 2021 Nokia. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -275,7 +276,9 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest { return; } sources.add(sourcePath); + readNextNonEmptyLine(); readAlgorithmEntry(sourcePath); + readSignatureEntry(sourcePath); } /** @@ -285,7 +288,7 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest { * @param sourcePath the source path related to the algorithm entry. */ private void readAlgorithmEntry(final String sourcePath) { - Optional<String> currentLine = readNextNonEmptyLine(); + Optional<String> currentLine = getCurrentLine(); if (!currentLine.isPresent()) { return; } @@ -324,4 +327,49 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest { readNextNonEmptyLine(); } -}
\ No newline at end of file + /** + * Processes entries {@link ManifestTokenType#SIGNATURE} and {@link ManifestTokenType#CERTIFICATE} of a {@link + * ManifestTokenType#SOURCE} entry. + * + * @param sourcePath the source path related to the algorithm entry. + */ + private void readSignatureEntry(final String sourcePath) { + Optional<String> currentLine = getCurrentLine(); + if (!currentLine.isPresent()) { + return; + } + final ManifestTokenType manifestTokenType = detectLineEntry().orElse(null); + if (manifestTokenType == ManifestTokenType.CERTIFICATE) { + reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE); + continueToProcess = false; + return; + } + if (manifestTokenType != ManifestTokenType.SIGNATURE) { + return; + } + final String signatureLine = currentLine.get(); + final String signatureFile = readEntryValue(signatureLine).orElse(null); + if (signatureFile == null) { + reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE); + continueToProcess = false; + return; + } + + currentLine = readNextNonEmptyLine(); + if (!currentLine.isPresent() || detectLineEntry().orElse(null) != ManifestTokenType.CERTIFICATE) { + sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, null)); + return; + } + + final String certLine = currentLine.get(); + final String certFile = readEntryValue(certLine).orElse(null); + if (certFile == null) { + reportError(Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE); + continueToProcess = false; + return; + } + sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, certFile)); + readNextNonEmptyLine(); + } + +} diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java new file mode 100644 index 0000000000..74277a627f --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nokia + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.tosca.csar; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import org.springframework.lang.Nullable; + +/** + * Represents a manifest individual Signature and Certificate + */ +@Getter +@AllArgsConstructor +public class SignatureData { + private final String signatureFile; + @Nullable + private final String certificateFile; +} diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java index d582163774..288995dfed 100644 --- a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java @@ -1,5 +1,6 @@ /* * Copyright © 2016-2018 European Support Limited + * Modification Copyright (C) 2021 Nokia. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,16 +17,15 @@ package org.openecomp.sdc.tosca.csar; -import static junit.framework.TestCase.assertSame; -import static org.hamcrest.Matchers.containsInAnyOrder; -import static org.hamcrest.Matchers.empty; -import static org.hamcrest.Matchers.equalTo; -import static org.hamcrest.Matchers.hasItem; -import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.core.Is.is; -import static org.junit.Assert.assertThat; +import static org.junit.jupiter.api.Assertions.assertAll; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertTrue; import com.google.common.collect.ImmutableMap; + import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Field; @@ -38,16 +38,18 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Optional; -import org.junit.Before; -import org.junit.Test; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.openecomp.sdc.be.datatypes.enums.ResourceTypeEnum; import org.openecomp.sdc.common.errors.Messages; -public class SOL004ManifestOnboardingTest { + +class SOL004ManifestOnboardingTest { private Manifest manifest; - @Before + @BeforeEach public void setUp() { manifest = new SOL004ManifestOnboarding(); } @@ -55,7 +57,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testSuccessfulParsing() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) { manifest.parse(manifestAsStream); assertValidManifest(4, 5, Collections.emptyMap(), ResourceTypeEnum.VF, false); } @@ -77,7 +79,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testBrokenMDParsing() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(Messages.MANIFEST_INVALID_LINE.formatMessage(9, "vnf_package_version: 1.0")); @@ -123,7 +125,7 @@ public class SOL004ManifestOnboardingTest { } private String buildErrorMessage(final int lineNumber, final String line, final Messages message, - final Object... params) { + final Object... params) { return Messages.MANIFEST_ERROR_WITH_LINE.formatMessage(message.formatMessage(params), lineNumber, line); } @@ -234,7 +236,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testMetadataWithDuplicatedEntries() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add( @@ -248,7 +250,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestNonManoKeyWithoutSources() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add( @@ -262,7 +264,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestNonManoKeyWithEmptySourceEntry() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add( @@ -275,7 +277,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestWithEmptyMetadata() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(buildErrorMessage(2, "", Messages.MANIFEST_NO_METADATA)); @@ -286,7 +288,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestSourceAlgorithmWithoutHash() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(buildErrorMessage(9, "", Messages.MANIFEST_EXPECTED_HASH_ENTRY)); @@ -297,7 +299,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestSourceHashWithoutAlgorithm() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(buildErrorMessage(8, "Hash: 3b119b37da5b76ec7c933168b21cedd8", Messages.MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH)); @@ -308,7 +310,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestSourceAlgorithmWithoutValue() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(buildErrorMessage(8, "Algorithm:", Messages.MANIFEST_EXPECTED_ALGORITHM_VALUE)); @@ -319,7 +321,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testManifestSourceHashWithoutValue() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(buildErrorMessage(9, "Hash:", Messages.MANIFEST_EXPECTED_HASH_VALUE)); @@ -330,7 +332,7 @@ public class SOL004ManifestOnboardingTest { @Test public void testEmptyManifest() throws IOException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) { manifest.parse(manifestAsStream); final List<String> expectedErrorList = new ArrayList<>(); expectedErrorList.add(Messages.MANIFEST_EMPTY.getErrorMessage()); @@ -342,7 +344,7 @@ public class SOL004ManifestOnboardingTest { public void testManifestWithDuplicatedCmsSignature() throws IOException, NoSuchFieldException, IllegalAccessException { try (final InputStream manifestAsStream = - getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) { + getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) { //forcing an existing signature final Field cmsSignatureField = AbstractOnboardingManifest.class.getDeclaredField("cmsSignature"); cmsSignatureField.setAccessible(true); @@ -361,27 +363,27 @@ public class SOL004ManifestOnboardingTest { final Method getEntryMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryName", String.class); getEntryMethod.setAccessible(true); final Optional<String> noEntry = (Optional<String>) getEntryMethod.invoke(manifest, ":"); - assertThat("Entry should not be present", noEntry.isPresent(), is(false)); + assertFalse(noEntry.isPresent(), "Entry should not be present"); final Optional<String> blankEntry = (Optional<String>) getEntryMethod.invoke(manifest, " :"); - assertThat("Entry should not be present", blankEntry.isPresent(), is(false)); + assertFalse(blankEntry.isPresent(), "Entry should not be present"); final Optional<String> noColon = (Optional<String>) getEntryMethod.invoke(manifest, "anyKeyWithoutColon "); - assertThat("Entry should not be present", noColon.isPresent(), is(false)); + assertFalse(noColon.isPresent(), "Entry should not be present"); final Optional<String> blank = (Optional<String>) getEntryMethod.invoke(manifest, " "); - assertThat("Entry should not be present", blank.isPresent(), is(false)); + assertFalse(blank.isPresent(), "Entry should not be present"); final Optional<String> empty = (Optional<String>) getEntryMethod.invoke(manifest, ""); - assertThat("Entry should not be present", empty.isPresent(), is(false)); + assertFalse(empty.isPresent(), "Entry should not be present"); final Optional<String> nul1 = (Optional<String>) getEntryMethod.invoke(manifest, new Object[]{null}); - assertThat("Entry should not be present", nul1.isPresent(), is(false)); + assertFalse(nul1.isPresent(), "Entry should not be present"); final Optional<String> entry = (Optional<String>) getEntryMethod .invoke(manifest, " entry to test : : a value ::: test test: "); - assertThat("Entry should be present", entry.isPresent(), is(true)); - assertThat("Entry should be as expected", entry.get(), equalTo("entry to test")); + assertTrue(entry.isPresent(), "Entry should be present"); + assertEquals("entry to test", entry.get(), "Entry should be as expected"); } @Test @@ -389,55 +391,141 @@ public class SOL004ManifestOnboardingTest { final Method getValueMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryValue", String.class); getValueMethod.setAccessible(true); final Optional<String> noValue = (Optional<String>) getValueMethod.invoke(manifest, ":"); - assertThat("Value should not be present", noValue.isPresent(), is(false)); + assertFalse(noValue.isPresent(), "Value should not be present"); final Optional<String> blankValue = (Optional<String>) getValueMethod.invoke(manifest, ": "); - assertThat("Value should not be present", blankValue.isPresent(), is(false)); + assertFalse(blankValue.isPresent(), "Value should not be present"); final Optional<String> noColon = (Optional<String>) getValueMethod.invoke(manifest, "anyKeyWithoutColon "); - assertThat("Value should not be present", noColon.isPresent(), is(false)); + assertFalse(noColon.isPresent(), "Value should not be present"); final Optional<String> blank = (Optional<String>) getValueMethod.invoke(manifest, " "); - assertThat("Value should not be present", blank.isPresent(), is(false)); + assertFalse(blank.isPresent(), "Value should not be present"); final Optional<String> empty = (Optional<String>) getValueMethod.invoke(manifest, ""); - assertThat("Value should not be present", empty.isPresent(), is(false)); + assertFalse(empty.isPresent(), "Value should not be present"); final Optional<String> nul1 = (Optional<String>) getValueMethod.invoke(manifest, new Object[]{null}); - assertThat("Value should not be present", nul1.isPresent(), is(false)); + assertFalse(nul1.isPresent(), "Value should not be present"); final Optional<String> value = (Optional<String>) getValueMethod .invoke(manifest, "attribute : : a value ::: test test: "); - assertThat("Value should be present", value.isPresent(), is(true)); - assertThat("Value should be as expected", value.get(), equalTo(": a value ::: test test:")); + assertTrue(value.isPresent(), "Value should be present"); + assertEquals(": a value ::: test test:", value.get(), "Value should be as expected"); + } + + @Test + public void testSuccessfulSignedManifestWithIndividualSignature() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf")) { + manifest.parse(manifestAsStream); + assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true); + } + } + + @Test + public void testSuccessfulUnsignedManifestWithIndividualSignaturee() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf")) { + manifest.parse(manifestAsStream); + assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, false); + } + } + + @Test + public void testSuccessfulSignedManifestWithIndividualSignatureAndHash() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf")) { + manifest.parse(manifestAsStream); + assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true); + } + } + + @Test + public void testSuccessfulSignedManifestWithIndividualSignatureAndCommonCert() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf")) { + manifest.parse(manifestAsStream); + assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true); + } + } + + @Test + public void testEmptyIndividualSignature() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf")) { + manifest.parse(manifestAsStream); + final List<String> expectedErrorList = List.of( + buildErrorMessage( + 8, "Signature:", Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE + )); + assertInvalidManifest(expectedErrorList); + } + } + + @Test + public void testEmptyIndividualCertificate() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf")) { + manifest.parse(manifestAsStream); + final List<String> expectedErrorList = List.of( + buildErrorMessage( + 9, "Certificate:", Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE + )); + assertInvalidManifest(expectedErrorList); + } + } + + @Test + public void testOnlyIndividualCertificateNoSignature() throws IOException { + try (final InputStream manifestAsStream = + getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf")) { + manifest.parse(manifestAsStream); + final List<String> expectedErrorList = List.of( + buildErrorMessage( + 8, "Certificate: TOSCA-Metadata/TOSCA.cert", Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE + )); + assertInvalidManifest(expectedErrorList); + } } private void assertValidManifest(final int expectedMetadataSize, final int expectedSourcesSize, final Map<String, Integer> expectedNonManoKeySize, final ResourceTypeEnum resourceType, final boolean isSigned) { - assertThat("Should have no errors", manifest.getErrors(), is(empty())); - assertThat("Should be valid", manifest.isValid(), is(true)); - assertThat("Metadata should have the expected size", - manifest.getMetadata().keySet(), hasSize(expectedMetadataSize)); - assertThat("Sources should have the expected size", manifest.getSources(), hasSize(expectedSourcesSize)); - assertThat("Non Mano Sources keys should have the expected size", - manifest.getNonManoSources().keySet(), hasSize(expectedNonManoKeySize.keySet().size())); + assertAll( + "manifest should be valid", + () -> assertTrue(manifest.getErrors().isEmpty(), "Should have no errors"), + () -> assertTrue(manifest.isValid(), "Should be valid"), + () -> assertTrue(manifest.getType().isPresent(), "Should have a type"), + () -> assertEquals(resourceType, manifest.getType().get(), "Type should be as expected"), + () -> assertEquals(isSigned, manifest.isSigned(), "Signature status should be as expected") + ); + assertAll( + "manifest should have expected fields", + () -> assertEquals(expectedMetadataSize, manifest.getMetadata().keySet().size(), + "Metadata should have the expected size"), + () -> assertEquals(expectedSourcesSize, manifest.getSources().size(), + "Sources should have the expected size"), + () -> assertEquals(expectedNonManoKeySize.keySet().size(), manifest.getNonManoSources().keySet().size(), + "Non Mano Sources keys should have the expected size") + ); for (final Entry<String, Integer> nonManoKeyAndSize : expectedNonManoKeySize.entrySet()) { final String nonManoKey = nonManoKeyAndSize.getKey(); - assertThat("Should contain expected Non Mano Sources key", - manifest.getNonManoSources().keySet(), hasItem(nonManoKey)); - assertThat(String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey), - manifest.getNonManoSources().get(nonManoKey).size(), equalTo(nonManoKeyAndSize.getValue())); + assertAll( + "", + () -> assertTrue(manifest.getNonManoSources().containsKey(nonManoKey), + "Should contain expected Non Mano Sources key"), + () -> assertEquals(nonManoKeyAndSize.getValue(),manifest.getNonManoSources().get(nonManoKey).size(), + String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey)) + ); } - assertThat("Should have a type", manifest.getType().isPresent(), is(true)); - assertThat("Type should be as expected", manifest.getType().get(), equalTo(resourceType)); - assertThat("Signature status should be as expected", manifest.isSigned(), is(isSigned)); } private void assertInvalidManifest(final List<String> expectedErrorList) { - assertThat("Should be invalid", manifest.isValid(), is(false)); - assertThat("Should have the expected error quantity", manifest.getErrors(), hasSize(expectedErrorList.size())); - assertThat("Should have expected errors", manifest.getErrors(), - containsInAnyOrder(expectedErrorList.toArray(new String[0]))); + assertAll( + "manifest should be invalid and should contain expected errors", + () -> assertFalse(manifest.isValid(), "Should be invalid"), + () -> assertArrayEquals(manifest.getErrors().toArray(), expectedErrorList.toArray(), "Should have expected errors") + ); } } diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf new file mode 100644 index 0000000000..6928da3007 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf @@ -0,0 +1,29 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Signature: TOSCA-Metadata/TOSCA.sig.cms +Certificate: + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf new file mode 100644 index 0000000000..c7b155f1f9 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf @@ -0,0 +1,28 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Signature: + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf new file mode 100644 index 0000000000..9fd1700f05 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf @@ -0,0 +1,28 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Certificate: TOSCA-Metadata/TOSCA.cert + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf new file mode 100644 index 0000000000..0036fc974f --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf @@ -0,0 +1,29 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Signature: TOSCA-Metadata/TOSCA.sig.cms +Certificate: TOSCA-Metadata/TOSCA.cert + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf new file mode 100644 index 0000000000..44fb787b61 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf @@ -0,0 +1,31 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Algorithm: SHA-512 +Hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e +Signature: TOSCA-Metadata/TOSCA.sig.cms +Certificate: TOSCA-Metadata/TOSCA.cert + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf new file mode 100644 index 0000000000..d8a4b98f53 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf @@ -0,0 +1,28 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Signature: TOSCA-Metadata/TOSCA.sig.cms + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm + + + + +-----BEGIN CMS----- +MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI +hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl +AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp +mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/ +MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6 +0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT +igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE +O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9 +-----END CMS----- diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf new file mode 100644 index 0000000000..76eb7eed14 --- /dev/null +++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf @@ -0,0 +1,15 @@ +metadata: + vnf_product_name: vPP + vnf_provider_id: Ericsson + vnf_package_version: R24A583 + vnf_release_date_time: 2019-08-29T22:17:39.275281 + +Source: TOSCA-Metadata/TOSCA.meta +Signature: TOSCA-Metadata/TOSCA.sig.cms +Certificate: TOSCA-Metadata/TOSCA.cert + +Source: scripts/userdata.file +Algorithm: md5 +Hash: 3b119b37da5b76ec7c933168b21cedd8 + +Source: scripts/userdata.file.sm |