From 707fb6d83819058d5736b2dc38bea3c2d9e07a2d Mon Sep 17 00:00:00 2001 From: vasraz Date: Fri, 8 Oct 2021 14:48:08 +0100 Subject: Large csar handling - object store Change-Id: I4e88bd7bfcc1fdbc93d67da2682f2e873ba243c6 Signed-off-by: Vasyl Razinkov Issue-ID: SDC-3754 --- .../csar/validation/CsarSecurityValidatorTest.java | 104 +++++++++++--- .../security/SecurityManagerTest.java | 154 +++++++++++++++++---- 2 files changed, 212 insertions(+), 46 deletions(-) (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test') diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java index 96d11eb148..5f880701f3 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java @@ -24,25 +24,43 @@ import static org.hamcrest.core.Is.is; import static org.junit.Assert.assertThat; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.when; -import static org.mockito.MockitoAnnotations.initMocks; - +import static org.mockito.MockitoAnnotations.openMocks; +import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO; + +import io.minio.GetObjectArgs; +import io.minio.GetObjectResponse; +import io.minio.MinioClient; +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.UUID; import java.util.stream.Collectors; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Answers; import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; import org.openecomp.sdc.be.csar.storage.ArtifactInfo; -import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; +import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo; +import org.openecomp.sdc.common.CommonConfigurationManager; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; @@ -50,6 +68,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; +@ExtendWith(MockitoExtension.class) class CsarSecurityValidatorTest { private static final String BASE_DIR = "/vspmanager.csar/signing/"; @@ -57,6 +76,16 @@ class CsarSecurityValidatorTest { private CsarSecurityValidator csarSecurityValidator; @Mock private SecurityManager securityManager; + @Mock + private CommonConfigurationManager commonConfigurationManager; + @Mock + private MinioClient minioClient; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private MinioClient.Builder builderMinio; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private GetObjectArgs.Builder getObjectArgsBuilder; + @Mock + private GetObjectArgs getObjectArgs; @AfterEach void tearDown() throws Exception { @@ -74,7 +103,7 @@ class CsarSecurityValidatorTest { @BeforeEach public void setUp() throws Exception { - initMocks(this); + openMocks(this); csarSecurityValidator = new CsarSecurityValidator(securityManager); backup(); } @@ -88,9 +117,9 @@ class CsarSecurityValidatorTest { } @Test - void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException { + void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException { final byte[] packageBytes = getFileBytesOrFail("signed-package.zip"); - final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null); + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package.zip", packageBytes, null); when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true); final boolean isSignatureValid = csarSecurityValidator .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); @@ -98,15 +127,53 @@ class CsarSecurityValidatorTest { } @Test - void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException { - final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); - final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null); - //no mocked securityManager - csarSecurityValidator = new CsarSecurityValidator(); - Assertions.assertThrows(SecurityManagerException.class, () -> { - csarSecurityValidator - .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()); - }); + void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws Exception { + + final Map endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip"); + + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(packageBytes)))); + + final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfoS3Store("signed-package-tampered-data.zip", + packageBytes, + null); + //no mocked securityManager + csarSecurityValidator = new CsarSecurityValidator(); + Assertions.assertThrows(SecurityManagerException.class, () -> { + csarSecurityValidator.verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo()); + }); + } + } } @Test @@ -148,11 +215,10 @@ class CsarSecurityValidatorTest { CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI())); } - private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes, - final CnfPackageValidator cnfPackageValidator) { + private OnboardPackageInfo loadSignedPackageWithArtifactInfoS3Store(final String packageName, final byte[] packageBytes, + final CnfPackageValidator cnfPackageValidator) { final OnboardingPackageProcessor onboardingPackageProcessor = - new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, - new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip"))); + new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, new MinIoArtifactInfo("bucket", "object")); final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); if (onboardPackageInfo == null) { fail("Unexpected error. Could not load original package"); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java index 6dc5517c45..afc43967c9 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java @@ -22,29 +22,61 @@ package org.openecomp.sdc.vendorsoftwareproduct.security; import static junit.framework.TestCase.assertEquals; import static junit.framework.TestCase.assertTrue; - +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.openMocks; +import static org.openecomp.sdc.be.csar.storage.StorageFactory.StorageType.MINIO; + +import io.minio.GetObjectArgs; +import io.minio.GetObjectResponse; +import io.minio.MinioClient; +import java.io.BufferedInputStream; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; import java.net.URISyntaxException; import java.nio.file.Files; -import java.nio.file.Path; import java.nio.file.Paths; +import java.util.HashMap; +import java.util.Map; import org.apache.commons.io.FileUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Answers; +import org.mockito.Mock; +import org.mockito.MockedStatic; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; +import org.openecomp.sdc.be.csar.storage.MinIoArtifactInfo; +import org.openecomp.sdc.common.CommonConfigurationManager; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; +@ExtendWith(MockitoExtension.class) class SecurityManagerTest { private File certDir; private String cerDirPath = "/tmp/cert/"; private SecurityManager securityManager; + @Mock + private CommonConfigurationManager commonConfigurationManager; + @Mock + private MinioClient minioClient; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private MinioClient.Builder builderMinio; + @Mock(answer = Answers.RETURNS_DEEP_STUBS) + private GetObjectArgs.Builder getObjectArgsBuilder; + @Mock + private GetObjectArgs getObjectArgs; private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException { File origFile = new File(getClass().getResource(origFilePath).toURI()); @@ -60,12 +92,14 @@ class SecurityManagerTest { @BeforeEach public void setUp() throws IOException { + openMocks(this); certDir = new File(cerDirPath); if (certDir.exists()) { tearDown(); } certDir.mkdirs(); securityManager = new SecurityManager(certDir.getPath()); + } @AfterEach @@ -123,18 +157,51 @@ class SecurityManagerTest { } @Test - void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() - throws IOException, URISyntaxException, SecurityManagerException { - prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); - byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip"); - - final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes, - new CnfPackageValidator(), - new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip"))); - final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); - - assertTrue(securityManager - .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception { + + final Map endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("cert/2-file-signed-package"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip"); + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes)))); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName")); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo())); + } + } } @Test @@ -158,18 +225,51 @@ class SecurityManagerTest { } @Test - void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() - throws IOException, URISyntaxException, SecurityManagerException { - prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); - byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip"); - - final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes, - new CnfPackageValidator(), - new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip"))); - final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); - - assertTrue(securityManager - .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo())); + void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled() throws Exception { + + final Map endpoint = new HashMap<>(); + endpoint.put("host", "localhost"); + endpoint.put("port", 9000); + final Map credentials = new HashMap<>(); + credentials.put("accessKey", "login"); + credentials.put("secretKey", "password"); + + try (MockedStatic utilities = Mockito.mockStatic(CommonConfigurationManager.class)) { + utilities.when(CommonConfigurationManager::getInstance).thenReturn(commonConfigurationManager); + try (MockedStatic minioUtilities = Mockito.mockStatic(MinioClient.class)) { + minioUtilities.when(MinioClient::builder).thenReturn(builderMinio); + when(builderMinio + .endpoint(anyString(), anyInt(), anyBoolean()) + .credentials(anyString(), anyString()) + .build() + ).thenReturn(minioClient); + + when(commonConfigurationManager.getConfigValue("externalCsarStore", "endpoint", null)).thenReturn(endpoint); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "credentials", null)).thenReturn(credentials); + when(commonConfigurationManager.getConfigValue("externalCsarStore", "tempPath", null)).thenReturn("tempPath"); + when(commonConfigurationManager.getConfigValue(eq("externalCsarStore"), eq("storageType"), any())).thenReturn(MINIO.name()); + + prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert"); + byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip"); + when(getObjectArgsBuilder + .bucket(anyString()) + .object(anyString()) + .build() + ).thenReturn(getObjectArgs); + + when(minioClient.getObject(any(GetObjectArgs.class))) + .thenReturn(new GetObjectResponse(null, "bucket", "", "objectName", + new BufferedInputStream(new ByteArrayInputStream(fileToUploadBytes)))); + + final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes, + new CnfPackageValidator(), new MinIoArtifactInfo("bucket", "objectName")); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + + assertTrue(securityManager + .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), + onboardPackageInfo.getArtifactInfo())); + } + } } @Test -- cgit 1.2.3-korg