From 13b39127c1c91d7c05c67ea2c14220c8f992cba5 Mon Sep 17 00:00:00 2001 From: "andre.schmid" Date: Thu, 28 Jan 2021 17:53:22 +0000 Subject: ETSI SOL007 3.3.1 package security option 2 Change-Id: I4e021c517449e6ddf11571c02d0b4bdbc93e7c1e Issue-ID: SDC-2614 Signed-off-by: andre.schmid --- .../nsd/builder/NsdCsarManifestBuilderTest.java | 18 +- .../generator/EtsiNfvNsCsarEntryGeneratorTest.java | 11 +- .../generator/EtsiNfvNsdCsarGeneratorImplTest.java | 41 ++++- .../be/plugins/etsi/nfv/nsd/model/NsdCsarTest.java | 140 ++++++++++++++++ .../nsd/security/NsdCsarEtsiOption2SignerTest.java | 183 +++++++++++++++++++++ 5 files changed, 380 insertions(+), 13 deletions(-) create mode 100644 catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/model/NsdCsarTest.java create mode 100644 catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/security/NsdCsarEtsiOption2SignerTest.java (limited to 'catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java') diff --git a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/builder/NsdCsarManifestBuilderTest.java b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/builder/NsdCsarManifestBuilderTest.java index 1ff3a6d52b..caca932929 100644 --- a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/builder/NsdCsarManifestBuilderTest.java +++ b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/builder/NsdCsarManifestBuilderTest.java @@ -1,4 +1,3 @@ - /* * ============LICENSE_START======================================================= * Copyright (C) 2021 Nordix Foundation @@ -43,6 +42,10 @@ class NsdCsarManifestBuilderTest { nsdCsarManifestBuilder.withFileStructureVersion("fileStructureVersion"); nsdCsarManifestBuilder.withCompatibleSpecificationVersion("1.0.0"); nsdCsarManifestBuilder.withCompatibleSpecificationVersion("1.0.1"); + final String signature = "-----BEGIN CMS-----\n" + + "12d08j19d981928129dj129j1\n" + + "-----END CMS-----"; + nsdCsarManifestBuilder.withSignature(signature); final List sourceList = new ArrayList<>(); final String source1 = "Definitions/aSource1.yaml"; sourceList.add(source1); @@ -53,9 +56,16 @@ class NsdCsarManifestBuilderTest { assertSource(manifest, source1); assertSource(manifest, source2); assertCompatibleSpecificationVersions(manifest, "1.0.0,1.0.1"); - final String expectedManifest = "metadata: \n" + "nsd_designer: designer\n" + "nsd_invariant_id: invariantId\n" + "nsd_name: name\n" - + "nsd_file_structure_version: fileStructureVersion\n" + "compatible_specification_versions: 1.0.0,1.0.1\n" + "\n" - + "Source: Definitions/aSource1.yaml\n" + "Source: Definitions/aSource2.yaml\n" + ""; + final String expectedManifest = "metadata: \n" + + "nsd_designer: designer\n" + + "nsd_invariant_id: invariantId\n" + + "nsd_name: name\n" + + "nsd_file_structure_version: fileStructureVersion\n" + + "compatible_specification_versions: 1.0.0,1.0.1\n" + + "\n" + + "Source: Definitions/aSource1.yaml\n" + + "Source: Definitions/aSource2.yaml\n" + + signature; assertEquals(expectedManifest, manifest); } diff --git a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsCsarEntryGeneratorTest.java b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsCsarEntryGeneratorTest.java index 8ebd1df190..837179d50d 100644 --- a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsCsarEntryGeneratorTest.java +++ b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsCsarEntryGeneratorTest.java @@ -1,4 +1,3 @@ - /* * ============LICENSE_START======================================================= * Copyright (C) 2020 Nordix Foundation @@ -27,6 +26,7 @@ import static org.mockito.Mockito.when; import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.EtsiNfvNsCsarEntryGenerator.ETSI_NS_COMPONENT_CATEGORY; import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.EtsiNfvNsCsarEntryGenerator.ETSI_VERSION_METADATA; import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.EtsiNfvNsCsarEntryGenerator.NSD_FILE_PATH_FORMAT; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.EtsiNfvNsCsarEntryGenerator.UNSIGNED_CSAR_EXTENSION; import static org.openecomp.sdc.common.api.ArtifactTypeEnum.ETSI_PACKAGE; import java.util.ArrayList; @@ -44,6 +44,7 @@ import org.openecomp.sdc.be.model.category.CategoryDefinition; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.exception.NsdException; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.factory.EtsiNfvNsdCsarGeneratorFactory; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.config.EtsiVersion; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model.NsdCsar; class EtsiNfvNsCsarEntryGeneratorTest { @@ -68,12 +69,14 @@ class EtsiNfvNsCsarEntryGeneratorTest { @Test void successfullyEntryGenerationTest() throws NsdException { mockServiceComponent(); - final byte[] expectedNsdCsar = new byte[5]; - when(etsiNfvNsdCsarGenerator.generateNsdCsar(service)).thenReturn(expectedNsdCsar); + final NsdCsar nsdCsar = new NsdCsar(SERVICE_NORMALIZED_NAME); + nsdCsar.setCsarPackage(new byte[5]); + when(etsiNfvNsdCsarGenerator.generateNsdCsar(service)).thenReturn(nsdCsar); final Map entryMap = etsiNfvNsCsarEntryGenerator.generateCsarEntries(service); assertThat("Csar Entries should contain only one entry", entryMap.size(), is(1)); assertThat("Csar Entries should contain the expected entry", entryMap, - hasEntry(String.format(NSD_FILE_PATH_FORMAT, ETSI_PACKAGE, SERVICE_NORMALIZED_NAME), expectedNsdCsar)); + hasEntry(String.format(NSD_FILE_PATH_FORMAT, ETSI_PACKAGE, SERVICE_NORMALIZED_NAME, UNSIGNED_CSAR_EXTENSION), + nsdCsar.getCsarPackage())); } @Test diff --git a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsdCsarGeneratorImplTest.java b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsdCsarGeneratorImplTest.java index b498c45d1f..b1b8157534 100644 --- a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsdCsarGeneratorImplTest.java +++ b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/generator/EtsiNfvNsdCsarGeneratorImplTest.java @@ -1,4 +1,3 @@ - /* * ============LICENSE_START======================================================= * Copyright (C) 2020 Nordix Foundation @@ -23,12 +22,16 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.core.Is.is; import static org.hamcrest.core.IsNull.notNullValue; import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.EtsiNfvNsCsarEntryGenerator.ETSI_NS_COMPONENT_CATEGORY; import static org.openecomp.sdc.common.api.ArtifactTypeEnum.ONBOARDED_PACKAGE; import fj.data.Either; +import java.io.File; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -39,6 +42,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; +import org.openecomp.sdc.be.csar.security.model.CertificateInfoImpl; import org.openecomp.sdc.be.dao.cassandra.ArtifactCassandraDao; import org.openecomp.sdc.be.datatypes.enums.ComponentTypeEnum; import org.openecomp.sdc.be.datatypes.enums.JsonPresentationFields; @@ -52,7 +56,10 @@ import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.factory.NsDescriptorGeneratorFa import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.config.EtsiVersion; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.generator.config.NsDescriptorConfig; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model.Nsd; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model.NsdCsar; import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model.VnfDescriptor; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.NsdCsarEtsiOption2Signer; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.exception.NsdSignatureException; import org.openecomp.sdc.be.resources.data.DAOArtifactData; class EtsiNfvNsdCsarGeneratorImplTest { @@ -67,6 +74,8 @@ class EtsiNfvNsdCsarGeneratorImplTest { @Mock private ArtifactCassandraDao artifactCassandraDao; @Mock + private NsdCsarEtsiOption2Signer nsdCsarEtsiOption2Signer; + @Mock private Service service; private EtsiNfvNsdCsarGeneratorImpl etsiNfvNsdCsarGenerator; @@ -74,8 +83,8 @@ class EtsiNfvNsdCsarGeneratorImplTest { void setUp() { MockitoAnnotations.initMocks(this); final EtsiVersion version2_5_1 = EtsiVersion.VERSION_2_5_1; - etsiNfvNsdCsarGenerator = new EtsiNfvNsdCsarGeneratorImpl(new NsDescriptorConfig(version2_5_1), vnfDescriptorGenerator, - nsDescriptorGeneratorFactory, artifactCassandraDao); + etsiNfvNsdCsarGenerator = new EtsiNfvNsdCsarGeneratorImpl(new NsDescriptorConfig(version2_5_1), + vnfDescriptorGenerator, nsDescriptorGeneratorFactory, artifactCassandraDao, nsdCsarEtsiOption2Signer); when(nsDescriptorGeneratorFactory.create()).thenReturn(nsDescriptorGeneratorImpl); } @@ -83,8 +92,29 @@ class EtsiNfvNsdCsarGeneratorImplTest { void generateNsdCsarSuccessfulTest() throws VnfDescriptorException, NsdException { mockServiceComponent(); mockServiceComponentArtifacts(); - final byte[] nsdCsar = etsiNfvNsdCsarGenerator.generateNsdCsar(service); - assertThat("", nsdCsar, is(notNullValue())); + final NsdCsar nsdCsar = etsiNfvNsdCsarGenerator.generateNsdCsar(service); + assertThat("The NSD CSAR should not be null", nsdCsar, is(notNullValue())); + assertThat("The NSD CSAR should not be signed", nsdCsar.isSigned(), is(false)); + assertThat("The NSD CSAR content should not be null", nsdCsar.getCsarPackage(), is(notNullValue())); + } + + @Test + void generateSignedNsdCsarSuccessfulTest() throws VnfDescriptorException, NsdException, NsdSignatureException { + mockServiceComponent(); + mockServiceComponentArtifacts(); + when(nsdCsarEtsiOption2Signer.isCertificateConfigured()).thenReturn(true); + final String path = getClass().getClassLoader().getResource("aFile.txt").getPath(); + System.out.println(path); + final CertificateInfoImpl certificateInfo = new CertificateInfoImpl(new File(path), null); + when(nsdCsarEtsiOption2Signer.getSigningCertificate()).thenReturn(Optional.of(certificateInfo)); + when(nsdCsarEtsiOption2Signer.sign(any(byte[].class))).thenReturn("signedCsar".getBytes(StandardCharsets.UTF_8)); + final NsdCsar nsdCsar = etsiNfvNsdCsarGenerator.generateNsdCsar(service); + verify(nsdCsarEtsiOption2Signer).signArtifacts(any(NsdCsar.class)); + assertThat("The NSD CSAR should not be null", nsdCsar, is(notNullValue())); + assertThat("The NSD CSAR should be signed", nsdCsar.isSigned(), is(true)); + assertThat("The NSD CSAR content should not be null", nsdCsar.getCsarPackage(), is(notNullValue())); + assertThat("The NSD CSAR name should be as expected", nsdCsar.getFileName(), is(SERVICE_NORMALIZED_NAME)); + assertThat("The NSD CSAR name should be as expected", nsdCsar.isEmpty(), is(false)); } @Test() @@ -103,6 +133,7 @@ class EtsiNfvNsdCsarGeneratorImplTest { final Nsd nsd = new Nsd(); when(vnfDescriptorGenerator.generate(componentInstance1Name, instanceArtifact1)).thenReturn(Optional.of(vnfDescriptor1)); when(nsDescriptorGeneratorImpl.generate(service, vnfDescriptorList)).thenReturn(Optional.of(nsd)); + final List categoryDefinitionList = new ArrayList<>(); final CategoryDefinition nsComponentCategoryDefinition = new CategoryDefinition(); nsComponentCategoryDefinition.setName(ETSI_NS_COMPONENT_CATEGORY); diff --git a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/model/NsdCsarTest.java b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/model/NsdCsarTest.java new file mode 100644 index 0000000000..061a52a2dc --- /dev/null +++ b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/model/NsdCsarTest.java @@ -0,0 +1,140 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.is; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; +import org.junit.jupiter.api.Test; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.builder.NsdCsarManifestBuilder; + +class NsdCsarTest { + + @Test + void testAddFile() { + final NsdCsar nsdCsar = new NsdCsar(""); + assertTrue(nsdCsar.getFileMap().isEmpty()); + final String aFilePath = "aFile"; + final byte[] fileContent = aFilePath.getBytes(StandardCharsets.UTF_8); + nsdCsar.addFile(aFilePath, fileContent); + assertEquals(1, nsdCsar.getFileMap().size()); + assertEquals(fileContent, nsdCsar.getFile(aFilePath)); + } + + @Test + void testGetFile() { + final NsdCsar nsdCsar = new NsdCsar(""); + final String aFilePath = "aFile"; + assertNull(nsdCsar.getFile(aFilePath)); + final byte[] fileContent = aFilePath.getBytes(StandardCharsets.UTF_8); + nsdCsar.addFile(aFilePath, fileContent); + assertEquals(1, nsdCsar.getFileMap().size()); + assertEquals(fileContent, nsdCsar.getFile(aFilePath)); + } + + @Test + void testIsManifest() { + final NsdCsar nsdCsar = new NsdCsar(""); + assertTrue(nsdCsar.isManifest(nsdCsar.getManifestPath())); + assertFalse(nsdCsar.isManifest("")); + } + + @Test + void testGetManifest() { + final NsdCsar nsdCsar = new NsdCsar(""); + assertNull(nsdCsar.getManifest()); + final byte[] expectedManifest = "".getBytes(StandardCharsets.UTF_8); + nsdCsar.addFile(nsdCsar.getManifestPath(), expectedManifest); + final byte[] actualManifest = nsdCsar.getManifest(); + assertNotNull(actualManifest); + assertEquals(actualManifest, expectedManifest); + } + + @Test + void testGetMainDefinition() { + final String csarFileName = "csarFileName"; + final NsdCsar nsdCsar = new NsdCsar(csarFileName); + assertNull(nsdCsar.getMainDefinition()); + assertTrue(nsdCsar.getMainDefinitionPath().contains(csarFileName)); + final byte[] expectedMainDefinition = "".getBytes(StandardCharsets.UTF_8); + nsdCsar.addFile(nsdCsar.getMainDefinitionPath(), expectedMainDefinition); + final byte[] actualMainDefinition = nsdCsar.getMainDefinition(); + assertNotNull(actualMainDefinition); + assertEquals(actualMainDefinition, expectedMainDefinition); + } + + @Test + void testFileMapEncapsulation() { + final NsdCsar nsdCsar = new NsdCsar(""); + final Map fileMap = nsdCsar.getFileMap(); + fileMap.put("", new byte[]{}); + assertTrue(nsdCsar.getFileMap().isEmpty()); + } + + @Test + void addAllFiles() { + final NsdCsar nsdCsar = new NsdCsar(""); + assertTrue(nsdCsar.isEmpty()); + Map fileMap = new HashMap(); + fileMap.put("1", new byte[]{}); + fileMap.put("2", new byte[]{}); + fileMap.put("3", new byte[]{}); + fileMap.put("4", new byte[]{}); + nsdCsar.addAllFiles(fileMap); + assertFalse(nsdCsar.isEmpty()); + assertEquals(nsdCsar.getFileMap().size(), fileMap.size()); + } + + @Test + void testIfStartsEmpty() { + final NsdCsar nsdCsar = new NsdCsar("test"); + assertTrue(nsdCsar.getFileMap().isEmpty(), "Csar should starts empty"); + assertTrue(nsdCsar.isEmpty(), "Csar should starts empty"); + } + + @Test + void testIsEmpty() { + final NsdCsar nsdCsar = new NsdCsar("test"); + assertTrue(nsdCsar.isEmpty()); + nsdCsar.addFile("", new byte[]{}); + assertFalse(nsdCsar.isEmpty()); + } + + @Test + void testAddManifest() { + final NsdCsar nsdCsar = new NsdCsar("test"); + nsdCsar.addManifest(null); + assertTrue(nsdCsar.isEmpty()); + final NsdCsarManifestBuilder manifestBuilder = new NsdCsarManifestBuilder(); + nsdCsar.addManifest(manifestBuilder); + assertFalse(nsdCsar.isEmpty()); + assertEquals(1, nsdCsar.getFileMap().size()); + final byte[] expectedManifestContent = manifestBuilder.build().getBytes(StandardCharsets.UTF_8); + assertThat("Manifest content should be the same", nsdCsar.getManifest(), is(expectedManifestContent)); + } +} \ No newline at end of file diff --git a/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/security/NsdCsarEtsiOption2SignerTest.java b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/security/NsdCsarEtsiOption2SignerTest.java new file mode 100644 index 0000000000..e6e89574f9 --- /dev/null +++ b/catalog-be-plugins/etsi-nfv-nsd-csar-plugin/src/test/java/org/openecomp/sdc/be/plugins/etsi/nfv/nsd/security/NsdCsarEtsiOption2SignerTest.java @@ -0,0 +1,183 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.hasSize; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.nullValue; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.when; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.NsdCsarEtsiOption2Signer.SDC_NSD_CERT_NAME; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.NsdCsarEtsiOption2Signer.SIGNATURE_EXTENSION; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.exception.NsdSignatureExceptionSupplier.certificateNotConfigured; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.exception.NsdSignatureExceptionSupplier.invalidCertificate; +import static org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.exception.NsdSignatureExceptionSupplier.unableToCreateSignature; + +import java.nio.charset.StandardCharsets; +import java.util.Optional; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.openecomp.sdc.be.csar.security.api.CertificateManager; +import org.openecomp.sdc.be.csar.security.api.CmsContentSigner; +import org.openecomp.sdc.be.csar.security.api.model.CertificateInfo; +import org.openecomp.sdc.be.csar.security.exception.CmsSignatureException; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.model.NsdCsar; +import org.openecomp.sdc.be.plugins.etsi.nfv.nsd.security.exception.NsdSignatureException; +import org.springframework.core.env.Environment; + +class NsdCsarEtsiOption2SignerTest { + + private static final String CERT_NAME = "nsdCert"; + + @Mock + private CertificateManager certificateManager; + @Mock + private CmsContentSigner cmsContentSigner; + @Mock + private Environment environment; + @Mock + private CertificateInfo certificateInfo; + @InjectMocks + private NsdCsarEtsiOption2Signer nsdCsarEtsiOption2Signer; + + @BeforeEach + void setUp() { + MockitoAnnotations.initMocks(this); + when(environment.getProperty(SDC_NSD_CERT_NAME)).thenReturn(CERT_NAME); + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.of(certificateInfo)); + when(certificateInfo.isValid()).thenReturn(true); + } + + @Test + void signNsdTest() throws NsdSignatureException, CmsSignatureException { + final NsdCsar nsdCsar = new NsdCsar(""); + nsdCsar.addFile("aFile", "aFile".getBytes(StandardCharsets.UTF_8)); + final byte[] aFileSigned = "aFileSigned".getBytes(StandardCharsets.UTF_8); + when(cmsContentSigner.signData(eq("aFile".getBytes(StandardCharsets.UTF_8)), any(), any())).thenReturn( + aFileSigned); + final String aFileSignedPemString = "aFileSignedPemString"; + when(cmsContentSigner.formatToPemSignature(aFileSigned)).thenReturn(aFileSignedPemString); + nsdCsarEtsiOption2Signer.signArtifacts(nsdCsar); + assertThat("The NSD CSAR should contain the original file and its signature", + nsdCsar.getFileMap().keySet(), hasSize(2)); + assertThat("The signed file should be as expected", + nsdCsar.getFile("aFile" + SIGNATURE_EXTENSION), is(aFileSignedPemString.getBytes(StandardCharsets.UTF_8))); + } + + @Test + void dontCreateNsdManifestSignatureFileTest() throws NsdSignatureException { + final NsdCsar nsdCsar = new NsdCsar("nsdCsar"); + nsdCsar.addFile(nsdCsar.getManifestPath(), "manifest".getBytes(StandardCharsets.UTF_8)); + nsdCsarEtsiOption2Signer.signArtifacts(nsdCsar); + assertThat("The NSD CSAR should contain only the original file", + nsdCsar.getFileMap().keySet(), hasSize(1)); + assertThat("The NSD CSAR should not contain the manifest signature file", + nsdCsar.getFile(nsdCsar.getManifestPath() + SIGNATURE_EXTENSION), is(nullValue())); + } + + @Test + void signEmptyNsdTest() throws NsdSignatureException { + final NsdCsar nsdCsar = new NsdCsar(""); + nsdCsarEtsiOption2Signer.signArtifacts(nsdCsar); + assertThat("The NSD CSAR should continue empty", nsdCsar.isEmpty(), is(true)); + } + + @Test + void signNsdNoCertificateTest() { + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.empty()); + final NsdCsar nsdCsar = new NsdCsar(""); + nsdCsar.addFile("anyFile", "anyFile".getBytes()); + final NsdSignatureException actualException = assertThrows(NsdSignatureException.class, + () -> nsdCsarEtsiOption2Signer.signArtifacts(nsdCsar)); + assertThat(actualException.getMessage(), is(certificateNotConfigured().getMessage())); + } + + @Test + void signWholeNoCertificateTest() { + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.empty()); + final NsdSignatureException actualException = + Assertions.assertThrows(NsdSignatureException.class, + () -> nsdCsarEtsiOption2Signer.sign(new byte[]{})); + assertThat(actualException.getMessage(), is(certificateNotConfigured().getMessage())); + } + + @Test + void signWithInvalidCertificateTest() { + when(certificateInfo.isValid()).thenReturn(false); + final NsdSignatureException actualException = + Assertions.assertThrows(NsdSignatureException.class, + () -> nsdCsarEtsiOption2Signer.sign(new byte[]{})); + assertThat(actualException.getMessage(), is(invalidCertificate(null).getMessage())); + } + + @Test + void signWholeFileTest() throws NsdSignatureException, CmsSignatureException { + final byte[] nsdCsarBytes = "nsdCsarBytes".getBytes(StandardCharsets.UTF_8); + final NsdCsar nsdCsar = new NsdCsar(""); + nsdCsar.addFile("aFile", "aFile".getBytes(StandardCharsets.UTF_8)); + final byte[] nsdCsarBytesSigned = "nsdCsarBytesSigned".getBytes(StandardCharsets.UTF_8); + when(cmsContentSigner.signData(eq(nsdCsarBytes), any(), any())).thenReturn(nsdCsarBytesSigned); + final String nsdCsarBytesSignedPemString = "nsdCsarBytesSignedPemString"; + when(cmsContentSigner.formatToPemSignature(nsdCsarBytesSigned)).thenReturn(nsdCsarBytesSignedPemString); + final byte[] actualNsdSignedCsar = nsdCsarEtsiOption2Signer.sign(nsdCsarBytes); + assertThat("Signature should be as expected", + actualNsdSignedCsar, is(nsdCsarBytesSignedPemString.getBytes(StandardCharsets.UTF_8))); + } + + @Test + void signatureCreationErrorTest() throws CmsSignatureException { + final byte[] nsdCsarBytes = "nsdCsarBytes".getBytes(StandardCharsets.UTF_8); + final NsdCsar nsdCsar = new NsdCsar(""); + nsdCsar.addFile("aFile", "aFile".getBytes(StandardCharsets.UTF_8)); + when(cmsContentSigner.signData(eq(nsdCsarBytes), any(), any())) + .thenThrow(new CmsSignatureException(null, null)); + final NsdSignatureException actualException = assertThrows(NsdSignatureException.class, + () -> nsdCsarEtsiOption2Signer.sign(nsdCsarBytes)); + assertThat(actualException.getMessage(), is(unableToCreateSignature(null).getMessage())); + } + + @Test + void getSigningCertificateTest() { + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.empty()); + Optional signingCertificate = nsdCsarEtsiOption2Signer.getSigningCertificate(); + assertThat("Certificate should not be present", signingCertificate.isEmpty(), is(true)); + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.of(certificateInfo)); + signingCertificate = nsdCsarEtsiOption2Signer.getSigningCertificate(); + assertThat("Certificate should be present", signingCertificate.isPresent(), is(true)); + assertThat("Certificate should be as expected", signingCertificate.get(), is(certificateInfo)); + } + + @Test + void isCertificateConfiguredTest() { + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.empty()); + boolean isCertificateConfigured = nsdCsarEtsiOption2Signer.isCertificateConfigured(); + assertThat("Certificate should not be configured", isCertificateConfigured, is(false)); + when(certificateManager.getCertificate(CERT_NAME)).thenReturn(Optional.of(certificateInfo)); + isCertificateConfigured = nsdCsarEtsiOption2Signer.isCertificateConfigured(); + assertThat("Certificate should be configured", isCertificateConfigured, is(true)); + } +} \ No newline at end of file -- cgit 1.2.3-korg