From b2f9dc5d3bc02564b4d952caa0bf2ccd20dfc6af Mon Sep 17 00:00:00 2001
From: kooper <sergey.sachkov@est.tech>
Date: Tue, 2 Apr 2019 09:22:01 +0000
Subject: Verify signature

Change-Id: I8fc5d50d74d3dd8031c96ee16708489dc7c789b8
Issue-ID: SDC-2163
Signed-off-by: kooper <sergey.sachkov@est.tech>
---
 .../security/SecurityManagerTest.java              | 108 +++++++++++++++++----
 1 file changed, 87 insertions(+), 21 deletions(-)

(limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java')

diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
index c693015791..eea8a3a186 100644
--- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
+++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java
@@ -6,11 +6,15 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 import java.io.File;
 import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import static junit.framework.TestCase.assertEquals;
 import static junit.framework.TestCase.assertTrue;
@@ -18,67 +22,129 @@ import static org.mockito.ArgumentMatchers.eq;
 
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(SecurityManager.class)
+@PowerMockIgnore("javax.security.auth.x500.X500Principal")
 public class SecurityManagerTest {
-    File certDir;
+    private File certDir;
+    private SecurityManager securityManager;
 
     @Before
-    public void setUp(){
+    public void setUp() throws IOException {
         certDir = new File("/tmp/cert");
+        if(certDir.exists()){
+            tearDown();
+        }
         certDir.mkdirs();
         PowerMockito.mockStatic(System.class);
         PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath());
+        securityManager = SecurityManager.getInstance();
     }
 
     @After
-    public void tearDown(){
-        certDir.delete();
+    public void tearDown() throws IOException {
+        if(certDir.exists()) {
+            FileUtils.deleteDirectory(certDir);
+        }
+        securityManager.cleanTrustedCertificates();
     }
 
     @Test
-    public void testGetCertificates() throws IOException {
+    public void testGetCertificates() throws IOException, SecurityManagerException {
         File origFile = new File("src/test/resources/cert/root-certificate.pem");
         File newFile = new File("/tmp/cert/root-certificate.pem");
         newFile.createNewFile();
         FileUtils.copyFile(origFile, newFile);
-        SecurityManager securityManager = new SecurityManager();
-        assertEquals(1, securityManager.getCertificates().size());
+        assertEquals(1, securityManager.getTrustedCertificates().size());
         newFile.delete();
-        assertEquals(0, securityManager.getCertificates().size());
+        assertEquals(0, securityManager.getTrustedCertificates().size());
     }
 
     @Test
-    public void testGetCertificatesNoDirectory() throws IOException {
+    public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
         certDir.delete();
-        SecurityManager securityManager = new SecurityManager();
-        assertEquals(0, securityManager.getCertificates().size());
+        assertEquals(0, securityManager.getTrustedCertificates().size());
     }
 
     @Test(expected = SecurityManagerException.class)
-    public void testGetCertificatesException() throws IOException {
+    public void testGetCertificatesException() throws IOException, SecurityManagerException {
         File newFile = new File("/tmp/cert/root-certificate.pem");
         newFile.createNewFile();
-        SecurityManager securityManager = new SecurityManager();
-        assertEquals(1, securityManager.getCertificates().size());
+        assertEquals(1, securityManager.getTrustedCertificates().size());
         newFile.delete();
-        assertEquals(0, securityManager.getCertificates().size());
+        assertEquals(0, securityManager.getTrustedCertificates().size());
     }
 
     @Test
-    public void testGetCertificatesUpdated() throws IOException {
+    public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
         File origFile = new File("src/test/resources/cert/root-certificate.pem");
         File newFile = new File("/tmp/cert/root-certificate.pem");
         newFile.createNewFile();
         FileUtils.copyFile(origFile, newFile);
-        SecurityManager securityManager = new SecurityManager();
-        assertTrue(securityManager.getCertificates().size() == 1);
+        assertTrue(securityManager.getTrustedCertificates().size() == 1);
         File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
         File otherNewFile = new File("/tmp/cert/package-certificate.pem");
         newFile.createNewFile();
         FileUtils.copyFile(otherOrigFile, otherNewFile);
-        assertEquals(2, securityManager.getCertificates().size());
+        assertEquals(2, securityManager.getTrustedCertificates().size());
         otherNewFile.delete();
-        assertEquals(1, securityManager.getCertificates().size());
+        assertEquals(1, securityManager.getTrustedCertificates().size());
         newFile.delete();
-        assertEquals(0, securityManager.getCertificates().size());
+        assertEquals(0, securityManager.getTrustedCertificates().size());
+    }
+
+    @Test
+    public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+        File origFile = new File("src/test/resources/cert/root.cert");
+        File newFile = new File("/tmp/cert/root.cert");
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.cms").toURI()));
+        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.csar").toURI()));
+        assertTrue(securityManager.verifySignedData(signature, null, archive));
+    }
+
+    @Test(expected = SecurityManagerException.class)
+    public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
+        File origFile = new File("src/test/resources/cert/root.cert");
+        File newFile = new File("/tmp/cert/root.cert");
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv3.csar").toURI()));
+        securityManager.verifySignedData(signature, null, archive);
+    }
+
+    @Test
+    public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
+        File origFile = new File("src/test/resources/cert/root.cert");
+        File newFile = new File("/tmp/cert/root.cert");
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.csar").toURI()));
+        byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cert").toURI()));
+        assertTrue(securityManager.verifySignedData(signature, cert, archive));
+    }
+
+    @Test(expected = SecurityManagerException.class)
+    public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
+        File origFile = new File("src/test/resources/cert/root-certificate.pem");
+        File newFile = new File("/tmp/cert/root-certificate.cert");
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cms").toURI()));
+        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.csar").toURI()));
+        byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv3.cert").toURI()));
+        securityManager.verifySignedData(signature, cert, archive);
+    }
+
+    @Test(expected = SecurityManagerException.class)
+    public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
+        File origFile = new File("src/test/resources/cert/root.cert");
+        File newFile = new File("/tmp/cert/root.cert");
+        newFile.createNewFile();
+        FileUtils.copyFile(origFile, newFile);
+        byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv3.cms").toURI()));
+        byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv3.csar").toURI()));
+        securityManager.verifySignedData(signature, null, archive);
     }
 }
-- 
cgit 1.2.3-korg