From 433947b5ab5e28fc29aee447de934de89a707419 Mon Sep 17 00:00:00 2001 From: "andre.schmid" Date: Thu, 19 Sep 2019 16:14:01 +0100 Subject: Centralize onboarding package validation Change-Id: I3cc58cf15f62008e83cfc7ddb095d07ab216b82a Issue-ID: SDC-2583 Signed-off-by: andre.schmid --- .../exception/OnboardPackageException.java | 27 +++ .../OrchestrationTemplateCandidateManagerImpl.java | 2 +- .../onboarding/OnboardingPackageProcessor.java | 229 +++++++++++++++++++++ .../BaseOrchestrationTemplateHandler.java | 39 ++-- .../OrchestrationTemplateCSARHandler.java | 126 +++++++----- .../OrchestrationTemplateZipHandler.java | 28 ++- .../orchestration/OrchestrationUploadFactory.java | 7 +- .../impl/orchestration/OrchestrationUtil.java | 2 +- .../csar/validation/CsarSecurityValidator.java | 61 ++++++ .../csar/validation/ONAPCsarValidator.java | 11 +- .../validation/SOL004MetaDirectoryValidator.java | 17 +- .../orchestration/csar/validation/Validator.java | 3 +- .../csar/validation/ValidatorFactory.java | 6 +- .../OrchestrationTemplateProcessCsarHandler.java | 1 + .../security/SecurityManager.java | 15 +- .../types/OnboardPackage.java | 25 ++- .../types/OnboardPackageInfo.java | 20 +- .../types/OnboardSignedPackage.java | 49 +++++ .../types/UploadFileResponse.java | 5 + .../src/main/resources/config-orchestration.json | 4 + .../QuestionnaireDataServiceTest.java | 13 +- .../onboarding/OnboardingPackageProcessorTest.java | 120 +++++++++++ .../csar/validation/CsarSecurityValidatorTest.java | 99 +++++++++ .../csar/validation/ONAPCsarValidatorTest.java | 15 +- .../SOL004MetaDirectoryValidatorTest.java | 69 +++---- .../vendorsoftwareproduct/tree/UploadFileTest.java | 15 +- .../upload/csar/UploadCSARFileTest.java | 13 +- .../manifest/ValidNonManoToscaPNFWithNonMano.mf | 1 + .../signing/csar-and-cms-in-root.zip | Bin 0 -> 304 bytes .../signing/fakeNonSignedZipPackage.zip | Bin 0 -> 694 bytes .../signing/signed-package-tampered-data.zip | Bin 0 -> 4242 bytes .../vspmanager.csar/signing/signed-package.zip | Bin 0 -> 4242 bytes 32 files changed, 828 insertions(+), 194 deletions(-) create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessorTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/csar-and-cms-in-root.zip create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/fakeNonSignedZipPackage.zip create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package-tampered-data.zip create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package.zip (limited to 'openecomp-be/backend/openecomp-sdc-vendor-software-product-manager') diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java new file mode 100644 index 0000000000..2e88357e0b --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/exception/OnboardPackageException.java @@ -0,0 +1,27 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.exception; + +public class OnboardPackageException extends Exception { + + public OnboardPackageException(final String s, final Throwable throwable) { + super(s, throwable); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java index d5d5c8045b..d4c7151c17 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/OrchestrationTemplateCandidateManagerImpl.java @@ -65,7 +65,7 @@ public class OrchestrationTemplateCandidateManagerImpl final OnboardPackageInfo onboardPackageInfo) { final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); final OrchestrationTemplateFileHandler orchestrationTemplateFileHandler = - OrchestrationUploadFactory.createOrchestrationTemplateFileHandler(onboardPackage.getFileExtension()); + OrchestrationUploadFactory.createOrchestrationTemplateFileHandler(onboardPackageInfo.getPackageType()); final UploadFileResponse uploadFileResponse = orchestrationTemplateFileHandler.upload(vspDetails, onboardPackageInfo, candidateService); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java new file mode 100644 index 0000000000..1d502547dc --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessor.java @@ -0,0 +1,229 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding; + +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_EMPTY_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_INVALID_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_INVALID_EXTENSION; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_MISSING_INTERNAL_PACKAGE; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_PROCESS_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_PROCESS_INTERNAL_PACKAGE_ERROR; + +import com.google.common.collect.ImmutableSet; +import java.nio.ByteBuffer; +import java.util.HashSet; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.MapUtils; +import org.apache.commons.io.FilenameUtils; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; +import org.openecomp.sdc.common.zip.exception.ZipException; +import org.openecomp.sdc.common.utils.CommonUtil; +import org.openecomp.sdc.datatypes.error.ErrorLevel; +import org.openecomp.sdc.datatypes.error.ErrorMessage; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackage; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +public class OnboardingPackageProcessor { + private static final Logger LOGGER = LoggerFactory.getLogger(OnboardingPackageProcessor.class); + private static final Set ALLOWED_SIGNATURE_EXTENSIONS = ImmutableSet.of("cms"); + private static final Set ALLOWED_CERTIFICATE_EXTENSIONS = ImmutableSet.of("cert", "crt"); + private static final String CSAR_EXTENSION = "csar"; + private static final String ZIP_EXTENSION = "zip"; + + private final String packageFileName; + private final byte[] packageFileContent; + private FileContentHandler onboardPackageContentHandler; + private Set errorMessageSet = new HashSet<>(); + private OnboardPackageInfo onboardPackageInfo; + + public OnboardingPackageProcessor(final String packageFileName, final byte[] packageFileContent) { + this.packageFileName = packageFileName; + this.packageFileContent = packageFileContent; + onboardPackageInfo = processPackage(); + } + + private OnboardPackageInfo processPackage() { + if (!hasValidExtension()) { + final String message = PACKAGE_INVALID_EXTENSION.formatMessage(packageFileName, String.join(", ", CSAR_EXTENSION, ZIP_EXTENSION)); + reportError(ErrorLevel.ERROR, message); + return null; + } + try { + onboardPackageContentHandler = CommonUtil.getZipContent(packageFileContent); + } catch (final ZipException e) { + final String message = PACKAGE_PROCESS_ERROR.formatMessage(packageFileName); + LOGGER.error(message, e); + reportError(ErrorLevel.ERROR, message); + return null; + } + if (isPackageEmpty()) { + final String message = PACKAGE_EMPTY_ERROR.formatMessage(packageFileName); + reportError(ErrorLevel.ERROR, message); + return null; + } + + final String packageName = FilenameUtils.getBaseName(packageFileName); + final String packageExtension = FilenameUtils.getExtension(packageFileName); + + if (hasSignedPackageStructure()) { + return processSignedPackage(packageName, packageExtension); + } else { + final OnboardPackage onboardPackage = new OnboardPackage(packageName, packageExtension, + ByteBuffer.wrap(packageFileContent), onboardPackageContentHandler); + if (packageExtension.equalsIgnoreCase(CSAR_EXTENSION)) { + return new OnboardPackageInfo(onboardPackage, OnboardingTypesEnum.CSAR); + } else if (packageExtension.equalsIgnoreCase(ZIP_EXTENSION)) { + return new OnboardPackageInfo(onboardPackage, OnboardingTypesEnum.ZIP); + } + } + + reportError(ErrorLevel.ERROR, PACKAGE_INVALID_ERROR.formatMessage(packageFileName)); + return null; + } + + private boolean hasValidExtension() { + final String packageExtension = FilenameUtils.getExtension(packageFileName); + return packageExtension.equalsIgnoreCase(CSAR_EXTENSION) || packageExtension.equalsIgnoreCase(ZIP_EXTENSION); + } + + private OnboardPackageInfo processSignedPackage(final String packageName, final String packageExtension) { + final String internalPackagePath = findInternalPackagePath().orElse(null); + if (internalPackagePath == null) { + reportError(ErrorLevel.ERROR, PACKAGE_MISSING_INTERNAL_PACKAGE.getErrorMessage()); + return null; + } + final String signatureFilePath = findSignatureFilePath().orElse(null); + final String certificateFilePath = findCertificateFilePath().orElse(null); + final OnboardSignedPackage onboardSignedPackage = + new OnboardSignedPackage(packageName, packageExtension, ByteBuffer.wrap(packageFileContent), + onboardPackageContentHandler, signatureFilePath, internalPackagePath, certificateFilePath); + + final String internalPackageName = FilenameUtils.getName(internalPackagePath); + final String internalPackageBaseName = FilenameUtils.getBaseName(internalPackagePath); + final String internalPackageExtension = FilenameUtils.getExtension(internalPackagePath); + final byte[] internalPackageContent = onboardPackageContentHandler.getFileContent(internalPackagePath); + + final OnboardPackage onboardPackage; + try { + onboardPackage = new OnboardPackage(internalPackageBaseName, internalPackageExtension, + internalPackageContent); + } catch (final OnboardPackageException e) { + final String message = PACKAGE_PROCESS_INTERNAL_PACKAGE_ERROR.formatMessage(internalPackageName); + LOGGER.error(message, e); + reportError(ErrorLevel.ERROR, message); + return null; + } + + return new OnboardPackageInfo(onboardSignedPackage, onboardPackage, OnboardingTypesEnum.SIGNED_CSAR); + } + + private void reportError(final ErrorLevel errorLevel, final String message) { + errorMessageSet.add(new ErrorMessage(errorLevel, message)); + } + + public boolean hasErrors() { + return !errorMessageSet.isEmpty(); + } + + public Set getErrorMessageSet() { + return errorMessageSet; + } + + private Optional findInternalPackagePath() { + return onboardPackageContentHandler.getFileList().stream() + .filter(filePath -> { + final String extension = FilenameUtils.getExtension(filePath); + return CSAR_EXTENSION.equalsIgnoreCase(extension) || ZIP_EXTENSION.equalsIgnoreCase(extension); + } + ) + .findFirst(); + } + + private boolean isPackageEmpty() { + return MapUtils.isEmpty(onboardPackageContentHandler.getFiles()); + } + + private boolean hasSignedPackageStructure() { + if (MapUtils.isEmpty(onboardPackageContentHandler.getFiles()) || !CollectionUtils.isEmpty( + onboardPackageContentHandler.getFolderList())) { + return false; + } + final int numberOfFiles = onboardPackageContentHandler.getFileList().size(); + if (numberOfFiles == 2) { + return hasOneInternalPackageFile(onboardPackageContentHandler) && + hasOneSignatureFile(onboardPackageContentHandler); + } + + if (numberOfFiles == 3) { + return hasOneInternalPackageFile(onboardPackageContentHandler) && + hasOneSignatureFile(onboardPackageContentHandler) && + hasOneCertificateFile(onboardPackageContentHandler); + } + + return false; + } + + private boolean hasOneInternalPackageFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(file -> file.endsWith(CSAR_EXTENSION)).count() == 1; + } + + private boolean hasOneSignatureFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(ALLOWED_SIGNATURE_EXTENSIONS::contains).count() == 1; + } + + private boolean hasOneCertificateFile(final FileContentHandler fileContentHandler) { + return fileContentHandler.getFileList().parallelStream() + .map(FilenameUtils::getExtension) + .map(String::toLowerCase) + .filter(ALLOWED_CERTIFICATE_EXTENSIONS::contains).count() == 1; + } + + private Optional findSignatureFilePath() { + final Map files = onboardPackageContentHandler.getFiles(); + return files.keySet().stream() + .filter(fileName -> ALLOWED_SIGNATURE_EXTENSIONS.contains(FilenameUtils.getExtension(fileName).toLowerCase())) + .findFirst(); + } + + private Optional findCertificateFilePath() { + final Map files = onboardPackageContentHandler.getFiles(); + return files.keySet().stream() + .filter(fileName -> ALLOWED_CERTIFICATE_EXTENSIONS.contains(FilenameUtils.getExtension(fileName).toLowerCase())) + .findFirst(); + } + + public Optional getOnboardPackageInfo() { + return Optional.ofNullable(onboardPackageInfo); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java index d87c9c8dbb..23cf41c5d5 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/BaseOrchestrationTemplateHandler.java @@ -20,16 +20,11 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; -import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; - import java.io.ByteArrayInputStream; import java.util.Optional; import org.apache.commons.collections4.MapUtils; -import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; -import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; -import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; @@ -59,33 +54,25 @@ public abstract class BaseOrchestrationTemplateHandler implements OrchestrationT return uploadFileResponse; } - final Optional optionalContentMap = - getFileContentMap(uploadFileResponse, fileContentByteArray); - if (!optionalContentMap.isPresent()) { - logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString())); - uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, - getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString()))); - return uploadFileResponse; - } + final UploadFileResponse validateResponse = validate(onboardPackageInfo); - if (!MapUtils.isEmpty(uploadFileResponse.getErrors())) { + if (!MapUtils.isEmpty(validateResponse.getErrors())) { + uploadFileResponse.addStructureErrors(validateResponse.getErrors()); return uploadFileResponse; } - if (updateCandidateData(vspDetails, onboardPackageInfo, candidateService, uploadFileResponse, - optionalContentMap.get())) { - return uploadFileResponse; + + final UploadFileResponse responseFromUpdate = updateCandidateData(vspDetails, onboardPackageInfo, + candidateService); + if (!MapUtils.isEmpty(responseFromUpdate.getErrors())) { + uploadFileResponse.addStructureErrors(responseFromUpdate.getErrors()); } - return uploadFileResponse; + return uploadFileResponse; } - protected abstract boolean updateCandidateData(final VspDetails vspDetails, + protected abstract UploadFileResponse updateCandidateData(final VspDetails vspDetails, final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap); + final CandidateService candidateService); private boolean isFileFileToUploadEmpty(final OnboardPackage onboardPackage, final UploadFileResponse uploadFileResponse, @@ -114,9 +101,7 @@ public abstract class BaseOrchestrationTemplateHandler implements OrchestrationT return false; } - public abstract Optional getFileContentMap( - UploadFileResponse uploadFileResponse, - byte[] uploadedFileData); + public abstract UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo); protected abstract OnboardingTypesEnum getHandlerType(); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java index 8f0029aa83..16f12bb44d 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateCSARHandler.java @@ -23,79 +23,107 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; import java.io.IOException; -import java.util.List; import java.util.Optional; -import org.apache.commons.lang3.tuple.Pair; import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.CoreException; import org.openecomp.sdc.common.errors.Messages; -import org.openecomp.sdc.common.utils.CommonUtil; import org.openecomp.sdc.common.utils.SdcCommon; -import org.openecomp.sdc.common.zip.exception.ZipException; import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.OrchestrationTemplateCandidateData; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails; +import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.CsarSecurityValidator; import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.Validator; import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.ValidatorFactory; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; import org.openecomp.sdc.vendorsoftwareproduct.services.filedatastructuremodule.CandidateService; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackage; import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; import org.openecomp.sdc.vendorsoftwareproduct.types.UploadFileResponse; public class OrchestrationTemplateCSARHandler extends BaseOrchestrationTemplateHandler implements OrchestrationTemplateFileHandler { - @Override - public Optional getFileContentMap(UploadFileResponse uploadFileResponse, - byte[] uploadedFileData) { - FileContentHandler contentMap = null; - List folderList; - try { - Pair> fileContentMapFromOrchestrationCandidateZip = - CommonUtil.getFileContentMapFromOrchestrationCandidateZip(uploadedFileData); - contentMap = fileContentMapFromOrchestrationCandidateZip.getKey(); - folderList = fileContentMapFromOrchestrationCandidateZip.getRight(); - Validator validator = ValidatorFactory.getValidator(contentMap); - uploadFileResponse.addStructureErrors(validator.validateContent(contentMap, folderList)); - } catch (final ZipException | IOException exception) { - logger.error(exception.getMessage(), exception); - uploadFileResponse.addStructureError( - SdcCommon.UPLOAD_FILE, - new ErrorMessage(ErrorLevel.ERROR, Messages.INVALID_CSAR_FILE.getErrorMessage())); - } catch (CoreException coreException) { - logger.error(coreException.getMessage(), coreException); - uploadFileResponse.addStructureError( - SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, coreException.getMessage())); + @Override + public UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + if (onboardPackageInfo.getPackageType() == OnboardingTypesEnum.SIGNED_CSAR) { + final OnboardSignedPackage originalOnboardPackage = + (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(); + validatePackageSecurity(originalOnboardPackage).ifPresent(packageSignatureResponse -> { + if (packageSignatureResponse.hasErrors()) { + uploadFileResponse.addStructureErrors(packageSignatureResponse.getErrors()); + } + }); + + if (uploadFileResponse.hasErrors()) { + return uploadFileResponse; + } + } + final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); + final FileContentHandler fileContentHandler = onboardPackage.getFileContentHandler(); + + try { + final Validator validator = ValidatorFactory.getValidator(fileContentHandler); + uploadFileResponse.addStructureErrors(validator.validateContent(fileContentHandler)); + } catch (IOException exception) { + logger.error(exception.getMessage(), exception); + uploadFileResponse.addStructureError( + SdcCommon.UPLOAD_FILE, + new ErrorMessage(ErrorLevel.ERROR, Messages.INVALID_CSAR_FILE.getErrorMessage())); + } catch (CoreException coreException) { + logger.error(coreException.getMessage(), coreException); + uploadFileResponse.addStructureError( + SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, coreException.getMessage())); + } + + return uploadFileResponse; } - return Optional.ofNullable(contentMap); - } + private Optional validatePackageSecurity(final OnboardSignedPackage originalOnboardPackage) { + final UploadFileResponse uploadFileResponseDto = new UploadFileResponse(); + try { + final CsarSecurityValidator csarSecurityValidator = new CsarSecurityValidator(); + if (!csarSecurityValidator.verifyPackageSignature(originalOnboardPackage)) { + final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, + Messages.FAILED_TO_VERIFY_SIGNATURE.getErrorMessage()); + logger.error(errorMessage.getMessage()); + uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage); + return Optional.of(uploadFileResponseDto); + } + } catch (final SecurityManagerException e) { + final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, e.getMessage()); + logger.error("Could not validate package signature {}", originalOnboardPackage.getFilename(), e); + uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage); + return Optional.of(uploadFileResponseDto); + } + return Optional.empty(); + } - @Override - protected boolean updateCandidateData(final VspDetails vspDetails, - final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap) { - try { - final OnboardPackage csarPackage = onboardPackageInfo.getOnboardPackage(); - final OnboardPackage originalOnboardPackage = onboardPackageInfo.getOriginalOnboardPackage(); - candidateService.updateCandidateUploadData(vspDetails.getId(), vspDetails.getVersion(), - new OrchestrationTemplateCandidateData(csarPackage.getFileContent(), - "", csarPackage.getFileExtension(), - csarPackage.getFilename(), originalOnboardPackage.getFilename(), originalOnboardPackage.getFileExtension(), - originalOnboardPackage.getFileContent())); - } catch (final Exception exception) { - logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), - getHandlerType().toString()), exception); - uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, - new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); - return true; + @Override + protected UploadFileResponse updateCandidateData(final VspDetails vspDetails, + final OnboardPackageInfo onboardPackageInfo, + final CandidateService candidateService) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + final OnboardPackage csarPackage = onboardPackageInfo.getOnboardPackage(); + final OnboardPackage originalOnboardPackage = onboardPackageInfo.getOriginalOnboardPackage(); + try { + candidateService.updateCandidateUploadData(vspDetails.getId(), vspDetails.getVersion(), + new OrchestrationTemplateCandidateData(csarPackage.getFileContent(), + "", csarPackage.getFileExtension(), + csarPackage.getFilename(), originalOnboardPackage.getFilename(), + originalOnboardPackage.getFileExtension(), + originalOnboardPackage.getFileContent())); + } catch (final Exception exception) { + logger.error(getErrorWithParameters(Messages.FILE_CONTENT_MAP.getErrorMessage(), + getHandlerType().toString()), exception); + uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, + new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); + } + return uploadFileResponse; } - return false; - } @Override protected OnboardingTypesEnum getHandlerType() { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java index bc4fb668b0..056f1a4478 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationTemplateZipHandler.java @@ -22,8 +22,6 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters; -import java.util.Optional; -import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; @@ -40,24 +38,25 @@ import org.openecomp.sdc.vendorsoftwareproduct.types.UploadFileResponse; public class OrchestrationTemplateZipHandler extends BaseOrchestrationTemplateHandler implements OrchestrationTemplateFileHandler { - @Override - public Optional getFileContentMap(UploadFileResponse uploadFileResponse, - byte[] uploadedFileData) { - return OrchestrationUtil - .getFileContentMap(OnboardingTypesEnum.ZIP, uploadFileResponse, uploadedFileData); - } + @Override + public UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); + final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage(); + OrchestrationUtil + .getFileContentMap(OnboardingTypesEnum.ZIP, uploadFileResponse, onboardPackage.getFileContent().array()); + return uploadFileResponse; + } @Override - protected boolean updateCandidateData(final VspDetails vspDetails, + protected UploadFileResponse updateCandidateData(final VspDetails vspDetails, final OnboardPackageInfo onboardPackageInfo, - final CandidateService candidateService, - final UploadFileResponse uploadFileResponse, - final FileContentHandler contentMap) { + final CandidateService candidateService) { + final UploadFileResponse uploadFileResponse = new UploadFileResponse(); try { final OnboardPackage zipPackage = onboardPackageInfo.getOnboardPackage(); final OrchestrationTemplateCandidateData candidateData = new CandidateEntityBuilder(candidateService) - .buildCandidateEntityFromZip(vspDetails, zipPackage.getFileContent().array(), contentMap, + .buildCandidateEntityFromZip(vspDetails, zipPackage.getFileContent().array(), zipPackage.getFileContentHandler(), uploadFileResponse.getErrors()); candidateData.setFileName(zipPackage.getFilename()); candidateData.setFileSuffix(zipPackage.getFileExtension()); @@ -68,9 +67,8 @@ public class OrchestrationTemplateZipHandler extends BaseOrchestrationTemplateHa getHandlerType().toString()), exception); uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, exception.getMessage())); - return true; } - return false; + return uploadFileResponse; } @Override diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java index b1fb84c1f3..4b2decd412 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUploadFactory.java @@ -19,6 +19,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration; import org.onap.config.api.Configuration; import org.onap.config.api.ConfigurationManager; import org.openecomp.core.utilities.CommonMethods; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.common.errors.CoreException; import org.openecomp.sdc.datatypes.configuration.ImplementationConfiguration; import org.openecomp.sdc.vendorsoftwareproduct.dao.errors.OrchestrationTemplateFileExtensionErrorBuilder; @@ -42,9 +43,9 @@ public class OrchestrationUploadFactory { } - public static OrchestrationTemplateFileHandler createOrchestrationTemplateFileHandler(String fileSuffix) { - String fileExtension = fileSuffix.toLowerCase(); - ImplementationConfiguration orchestrationTemplateFileHandler = FILE_HANLDERS.get(fileExtension); + public static OrchestrationTemplateFileHandler createOrchestrationTemplateFileHandler( + final OnboardingTypesEnum onboardingType) { + final ImplementationConfiguration orchestrationTemplateFileHandler = FILE_HANLDERS.get(onboardingType.toString()); if(Objects.isNull(orchestrationTemplateFileHandler)){ throw new CoreException(new OrchestrationTemplateFileExtensionErrorBuilder diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java index 3dfe3a25c2..ef41262621 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/OrchestrationUtil.java @@ -287,7 +287,7 @@ public class OrchestrationUtil { FileContentHandler fileContentMap, HeatStructureTree tree) { Map manifestAsMap = fileContentMap.containsFile(SdcCommon.MANIFEST_NAME) - ? (Map) JsonUtil.json2Object(fileContentMap.getFileContent( + ? (Map) JsonUtil.json2Object(fileContentMap.getFileContentAsStream( SdcCommon.MANIFEST_NAME), Map.class) : new HashMap<>(); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java new file mode 100644 index 0000000000..0efe65b3b6 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidator.java @@ -0,0 +1,61 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; + +import java.util.Optional; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +/** + * Validates the package security + */ +public class CsarSecurityValidator { + + private SecurityManager securityManager = SecurityManager.getInstance(); + + public CsarSecurityValidator() { + } + + //for tests purpose + CsarSecurityValidator(final SecurityManager securityManager) { + this.securityManager = securityManager; + } + + /** + * Validates package signature against trusted certificates + * + * @return true if signature verified + * @throws SecurityManagerException when a certificate error occurs. + */ + public boolean verifyPackageSignature(final OnboardSignedPackage signedPackage) throws SecurityManagerException { + final FileContentHandler fileContentHandler = signedPackage.getFileContentHandler(); + final byte[] signatureBytes = fileContentHandler.getFileContent(signedPackage.getSignatureFilePath()); + final byte[] archiveBytes = fileContentHandler.getFileContent(signedPackage.getInternalPackageFilePath()); + byte[] certificateBytes = null; + final Optional certificateFilePath = signedPackage.getCertificateFilePath(); + if (certificateFilePath.isPresent()) { + certificateBytes = fileContentHandler.getFileContent(certificateFilePath.get()); + } + + return securityManager.verifySignedData(signatureBytes, certificateBytes, archiveBytes); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java index e5a06e5d42..ceee5facd0 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidator.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; +import java.util.Set; import org.openecomp.core.utilities.file.FileContentHandler; import org.openecomp.sdc.common.errors.Messages; import org.openecomp.sdc.common.utils.SdcCommon; @@ -54,13 +55,13 @@ class ONAPCsarValidator implements Validator { private List uploadFileErrors = new ArrayList<>(); @Override - public Map> validateContent(FileContentHandler contentHandler, List folderList) { + public Map> validateContent(final FileContentHandler contentHandler) { Map> errors = new HashMap<>(); validateManifest(contentHandler); validateMetadata(contentHandler); validateNoExtraFiles(contentHandler); - validateFolders(folderList); + validateFolders(contentHandler.getFolderList()); if(uploadFileErrors == null || uploadFileErrors.isEmpty()){ return errors; @@ -71,7 +72,7 @@ class ONAPCsarValidator implements Validator { private void validateMetadata(FileContentHandler contentMap){ if (!validateTOSCAYamlFileInRootExist(contentMap, MAIN_SERVICE_TEMPLATE_YAML_FILE_NAME)) { - try (InputStream metaFileContent = contentMap.getFileContent(TOSCA_META_PATH_FILE_NAME)) { + try (InputStream metaFileContent = contentMap.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)) { ToscaMetadata onboardingToscaMetadata = OnboardingToscaMetadata.parseToscaMetadataFile(metaFileContent); String entryDefinitionsPath = onboardingToscaMetadata.getMetaEntries().get(TOSCA_META_ENTRY_DEFINITIONS); @@ -97,7 +98,7 @@ class ONAPCsarValidator implements Validator { return; } - try (InputStream fileContent = contentMap.getFileContent(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { + try (InputStream fileContent = contentMap.getFileContentAsStream(MAIN_SERVICE_TEMPLATE_MF_FILE_NAME)) { Manifest onboardingManifest = new ONAPManifestOnboarding(); onboardingManifest.parse(fileContent); @@ -122,7 +123,7 @@ class ONAPCsarValidator implements Validator { } } - private void validateFolders(List folderList) { + private void validateFolders(Set folderList) { List filterResult = folderList.stream().filter(this::filterFolders).collect(Collectors.toList()); if (!filterResult.isEmpty()) { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java index bed3a9b128..6274a54a58 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidator.java @@ -83,14 +83,13 @@ class SOL004MetaDirectoryValidator implements Validator { private static final String MANIFEST_NON_MANO_SOURCE = "Non-MANO Source"; private final List errorsByFile = new ArrayList<>(); private FileContentHandler contentHandler; - private List folderList; + private Set folderList; private ToscaMetadata toscaMetadata; @Override - public Map> validateContent(final FileContentHandler contentHandler - , final List folderList) { + public Map> validateContent(final FileContentHandler contentHandler) { this.contentHandler = contentHandler; - this.folderList = folderList; + this.folderList = contentHandler.getFolderList(); parseToscaMetadata(); verifyMetadataFile(); return Collections.unmodifiableMap(getAnyValidationErrors()); @@ -103,7 +102,7 @@ class SOL004MetaDirectoryValidator implements Validator { try { toscaMetadata = OnboardingToscaMetadata - .parseToscaMetadataFile(contentHandler.getFileContent(TOSCA_META_PATH_FILE_NAME)); + .parseToscaMetadataFile(contentHandler.getFileContentAsStream(TOSCA_META_PATH_FILE_NAME)); } catch (final IOException e) { reportError(ErrorLevel.ERROR, Messages.METADATA_PARSER_INTERNAL.getErrorMessage()); LOGGER.error(Messages.METADATA_PARSER_INTERNAL.getErrorMessage(), e.getMessage(), e); @@ -198,7 +197,7 @@ class SOL004MetaDirectoryValidator implements Validator { final String manifestFile = toscaMetadata.getMetaEntries().get(TOSCA_META_ETSI_ENTRY_MANIFEST); if(verifyFileExists(contentHandler.getFileList(), manifestFile)){ final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(manifestFile)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(manifestFile)); final Optional resourceType = onboardingManifest.getType(); if (resourceType.isPresent() && resourceType.get() == ResourceTypeEnum.VF){ final String value = (String) entry.getValue(); @@ -250,7 +249,7 @@ class SOL004MetaDirectoryValidator implements Validator { final Set existingFiles = contentHandler.getFileList(); if (verifyFileExists(existingFiles, filePath)) { final Manifest onboardingManifest = new SOL004ManifestOnboarding(); - onboardingManifest.parse(contentHandler.getFileContent(filePath)); + onboardingManifest.parse(contentHandler.getFileContentAsStream(filePath)); if (onboardingManifest.isValid()) { try { verifyManifestMetadata(onboardingManifest.getMetadata()); @@ -354,7 +353,7 @@ class SOL004MetaDirectoryValidator implements Validator { return; } - final InputStream fileContent = contentHandler.getFileContent(filePath); + final InputStream fileContent = contentHandler.getFileContentAsStream(filePath); if (fileContent == null) { reportError(ErrorLevel.ERROR, Messages.EMPTY_YAML_FILE_1.formatMessage(filePath)); return; @@ -397,7 +396,7 @@ class SOL004MetaDirectoryValidator implements Validator { folderPath)); } - private boolean verifyFoldersExist(final List folderList, final String folderPath) { + private boolean verifyFoldersExist(final Set folderList, final String folderPath) { return folderList.contains(folderPath + "/"); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java index 927f3c0b69..34386b6d29 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/Validator.java @@ -34,8 +34,7 @@ public interface Validator { /** * * @param contentHandler contains file and its data - * @param folderList folder structure inside the package * @return errors Map of errors that occur */ - Map> validateContent(FileContentHandler contentHandler, List folderList); + Map> validateContent(final FileContentHandler contentHandler); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java index bc44496fef..064a1c66ab 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ValidatorFactory.java @@ -34,12 +34,12 @@ public class ValidatorFactory { /** * Returns a validator based on the contents of the csar package. * - * @param contentMap the csar package + * @param fileContentHandler the csar package * @return Validator based on the contents of the csar package provided * @throws IOException when metafile is invalid */ - public static Validator getValidator(FileContentHandler contentMap) throws IOException{ + public static Validator getValidator(final FileContentHandler fileContentHandler) throws IOException { ETSIService etsiService = new ETSIServiceImpl(null); - return etsiService.isSol004WithToscaMetaDirectory(contentMap) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); + return etsiService.isSol004WithToscaMetaDirectory(fileContentHandler) ? new SOL004MetaDirectoryValidator() : new ONAPCsarValidator(); } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java index 31898d26ae..ac7a1510c7 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/process/OrchestrationTemplateProcessCsarHandler.java @@ -67,6 +67,7 @@ public class OrchestrationTemplateProcessCsarHandler implements OrchestrationTem public OrchestrationTemplateActionResponse process(VspDetails vspDetails, OrchestrationTemplateCandidateData candidateData) { + UploadFileResponse uploadFileResponse = new UploadFileResponse(); Optional fileContent = OrchestrationUtil .getFileContentMap(OnboardingTypesEnum.CSAR, uploadFileResponse, diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java index 90bfb67977..2928905603 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java @@ -61,7 +61,6 @@ import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Store; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; @@ -73,7 +72,6 @@ import org.openecomp.sdc.logging.api.LoggerFactory; public class SecurityManager { private static final String CERTIFICATE_DEFAULT_LOCATION = "cert"; - private static SecurityManager INSTANCE = null; private Logger logger = LoggerFactory.getLogger(SecurityManager.class); private Set trustedCertificates = new HashSet<>(); @@ -90,10 +88,15 @@ public class SecurityManager { } public static SecurityManager getInstance() { - if (INSTANCE == null) { - INSTANCE = new SecurityManager(); - } - return INSTANCE; + return SecurityManagerInstanceHolder.instance; + } + + /** + * Initialization on demand class / synchronized singleton pattern. + */ + private static class SecurityManagerInstanceHolder { + + private static final SecurityManager instance = new SecurityManager(); } /** diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java index b8ef598d65..60bd5ae0a0 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackage.java @@ -21,6 +21,10 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; import java.nio.ByteBuffer; import lombok.Getter; +import org.openecomp.core.utilities.file.FileContentHandler; +import org.openecomp.sdc.common.zip.exception.ZipException; +import org.openecomp.sdc.common.utils.CommonUtil; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; @Getter public class OnboardPackage { @@ -28,11 +32,30 @@ public class OnboardPackage { private final String filename; private final String fileExtension; private final ByteBuffer fileContent; + private final FileContentHandler fileContentHandler; - public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent) { + public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent, + final FileContentHandler fileContentHandler) { this.filename = filename; this.fileExtension = fileExtension; this.fileContent = fileContent; + this.fileContentHandler = fileContentHandler; } + public OnboardPackage(final String filename, final String fileExtension, final ByteBuffer fileContent) + throws OnboardPackageException { + this.filename = filename; + this.fileExtension = fileExtension; + this.fileContent = fileContent; + try { + fileContentHandler = CommonUtil.getZipContent(fileContent.array()); + } catch (final ZipException e) { + throw new OnboardPackageException("Could not read the package content", e); + } + } + + public OnboardPackage(final String packageName, final String packageExtension, final byte[] packageContentBytes) + throws OnboardPackageException { + this(packageName, packageExtension, ByteBuffer.wrap(packageContentBytes)); + } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java index 308db035db..6c35bd67d9 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardPackageInfo.java @@ -21,24 +21,32 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; import java.nio.ByteBuffer; import lombok.Getter; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; @Getter public class OnboardPackageInfo { + private final OnboardingTypesEnum packageType; private final OnboardPackage originalOnboardPackage; private final OnboardPackage onboardPackage; - public OnboardPackageInfo(final String filename, - final String fileExtension, - final ByteBuffer fileContent, - final OnboardPackage onboardPackage) { - originalOnboardPackage = new OnboardPackage(filename, fileExtension, fileContent); + public OnboardPackageInfo(final OnboardPackage onboardPackage, final OnboardingTypesEnum packageType) { + this(onboardPackage, onboardPackage, packageType); + } + + public OnboardPackageInfo(final OnboardPackage originalOnboardPackage, + final OnboardPackage onboardPackage, final OnboardingTypesEnum packageType) { + this.packageType = packageType; + this.originalOnboardPackage = originalOnboardPackage; this.onboardPackage = onboardPackage; } public OnboardPackageInfo(final String filename, final String fileExtension, - final ByteBuffer fileContent) { + final ByteBuffer fileContent, + final OnboardingTypesEnum packageType) throws OnboardPackageException { + this.packageType = packageType; originalOnboardPackage = new OnboardPackage(filename, fileExtension, fileContent); this.onboardPackage = originalOnboardPackage; } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java new file mode 100644 index 0000000000..a1436fcd2d --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/OnboardSignedPackage.java @@ -0,0 +1,49 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.types; + +import java.nio.ByteBuffer; +import java.util.Optional; +import lombok.Getter; +import org.apache.commons.lang3.StringUtils; +import org.openecomp.core.utilities.file.FileContentHandler; + +@Getter +public class OnboardSignedPackage extends OnboardPackage { + private String signatureFilePath; + private String internalPackageFilePath; + private String certificateFilePath; + + public OnboardSignedPackage(final String filename, final String fileExtension, final ByteBuffer fileContent, + final FileContentHandler fileContentHandler, final String signatureFilePath, + final String internalPackageFilePath, final String certificateFilePath) { + super(filename, fileExtension, fileContent, fileContentHandler); + this.signatureFilePath = signatureFilePath; + this.internalPackageFilePath = internalPackageFilePath; + this.certificateFilePath = certificateFilePath; + } + + public Optional getCertificateFilePath() { + if (StringUtils.isEmpty(certificateFilePath)) { + return Optional.empty(); + } + return Optional.of(certificateFilePath); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java index ca0eed2153..31bdf21884 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/types/UploadFileResponse.java @@ -21,6 +21,7 @@ package org.openecomp.sdc.vendorsoftwareproduct.types; +import org.apache.commons.collections4.MapUtils; import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.datatypes.error.ErrorMessage; @@ -109,4 +110,8 @@ public class UploadFileResponse { public Map> getErrors() { return errors; } + + public boolean hasErrors() { + return !MapUtils.isEmpty(errors); + } } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json index b3147eb3af..2477eab5f6 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/resources/config-orchestration.json @@ -7,6 +7,10 @@ "csar": { "enable": true, "implementationClass": "org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.OrchestrationTemplateCSARHandler" + }, + "signed-csar": { + "enable": true, + "implementationClass": "org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.OrchestrationTemplateCSARHandler" } }, "process_impl": { diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/QuestionnaireDataServiceTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/QuestionnaireDataServiceTest.java index b922da9b46..c17c33142c 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/QuestionnaireDataServiceTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/QuestionnaireDataServiceTest.java @@ -38,6 +38,7 @@ import org.openecomp.sdc.datatypes.error.ErrorLevel; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; import org.openecomp.sdc.vendorsoftwareproduct.impl.OrchestrationTemplateCandidateManagerImpl; import org.openecomp.sdc.vendorsoftwareproduct.informationArtifact.InformationArtifactData; import org.openecomp.sdc.vendorsoftwareproduct.questionnaire.QuestionnaireDataService; @@ -72,7 +73,7 @@ public class QuestionnaireDataServiceTest { } // TODO: 3/15/2017 fix and enable //@Test - public void testQuestionnaireDataAfterLegalUploadWithComposition() throws IOException { + public void testQuestionnaireDataAfterLegalUploadWithComposition() throws IOException, OnboardPackageException { InformationArtifactData informationArtifactData = uploadFileAndValidateInformationArtifactData("/fullComposition", 5); @@ -81,15 +82,15 @@ public class QuestionnaireDataServiceTest { // TODO: 3/15/2017 fix and enable //@Test - public void testQuestionnaireDataAfterLegalUploadEmptyComposition() throws IOException { + public void testQuestionnaireDataAfterLegalUploadEmptyComposition() throws IOException, OnboardPackageException { uploadFileAndValidateInformationArtifactData("/emptyComposition", 0); } // TODO: 3/15/2017 fix and enable //@Test - public void testQuestionnaireDataAfterIllegalUpload() throws IOException { + public void testQuestionnaireDataAfterIllegalUpload() throws IOException, OnboardPackageException { try (InputStream zipInputStream = uploadFileTest.getZipInputStream("/missingYml")) { - onboardPackageInfo = new OnboardPackageInfo("missingYml", CSAR, convertFileInputStream(zipInputStream)); + onboardPackageInfo = new OnboardPackageInfo("missingYml", CSAR, convertFileInputStream(zipInputStream), OnboardingTypesEnum.CSAR); UploadFileResponse uploadFileResponse = candidateManager.upload(vspDetails, onboardPackageInfo); } @@ -100,11 +101,11 @@ public class QuestionnaireDataServiceTest { private InformationArtifactData uploadFileAndValidateInformationArtifactData(final String filePath, final int listSizeToCheck) - throws IOException { + throws IOException, OnboardPackageException { try (final InputStream zipInputStream = uploadFileTest.getZipInputStream(filePath)) { onboardPackageInfo = new OnboardPackageInfo("file", OnboardingTypesEnum.CSAR.toString(), - convertFileInputStream(zipInputStream)); + convertFileInputStream(zipInputStream), OnboardingTypesEnum.CSAR); final UploadFileResponse uploadFileResponse = candidateManager.upload(vspDetails, onboardPackageInfo); candidateManager.process(vspId, VERSION); diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessorTest.java new file mode 100644 index 0000000000..a62aea761a --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/onboarding/OnboardingPackageProcessorTest.java @@ -0,0 +1,120 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding; + +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_EMPTY_ERROR; +import static org.openecomp.sdc.common.errors.Messages.PACKAGE_INVALID_EXTENSION; + +import com.google.common.collect.ImmutableSet; +import java.io.IOException; +import java.net.URISyntaxException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; +import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum; +import org.openecomp.sdc.datatypes.error.ErrorLevel; +import org.openecomp.sdc.datatypes.error.ErrorMessage; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; + +@RunWith(Parameterized.class) +public class OnboardingPackageProcessorTest { + private static final String BASE_DIR = "/vspmanager.csar/"; + private final String packageName; + private final byte[] packageBytes; + private final Set expectedErrorSet; + private final OnboardingTypesEnum expectedPackageType; + + public OnboardingPackageProcessorTest(final String packageName, final byte[] packageBytes, + final Set expectedErrorSet, + final OnboardingTypesEnum expectedPackageType) { + this.packageName = packageName; + this.packageBytes = packageBytes; + this.expectedErrorSet = expectedErrorSet; + this.expectedPackageType = expectedPackageType; + } + + @Parameters(name = "Run {index} for {0}") + public static Collection data() { + return Arrays.asList(new Object[][]{ + {"emptyPackage.csar", new byte[0], + ImmutableSet.of( + new ErrorMessage(ErrorLevel.ERROR, PACKAGE_EMPTY_ERROR.formatMessage("emptyPackage.csar")) + ), null}, + + {"notCsar.txt", getFileBytes("notCsar.txt"), + ImmutableSet.of( + new ErrorMessage(ErrorLevel.ERROR, + PACKAGE_INVALID_EXTENSION.formatMessage("notCsar.txt", "csar, zip")) + ), null}, + + {"signed-package.zip", getFileBytes("signing/signed-package.zip"), Collections.emptySet(), + OnboardingTypesEnum.SIGNED_CSAR}, + + {"csar-and-cms-in-root.zip", getFileBytes("signing/csar-and-cms-in-root.zip"), Collections.emptySet(), + OnboardingTypesEnum.SIGNED_CSAR}, + + {"successfulUpload.csar", getFileBytes("successfulUpload.csar"), Collections.emptySet(), + OnboardingTypesEnum.CSAR}, + + {"fakeNonSignedZipPackage.zip", getFileBytes("signing/fakeNonSignedZipPackage.zip"), Collections.emptySet(), + OnboardingTypesEnum.ZIP} + }); + } + + @Test + public void processPackage() { + final OnboardingPackageProcessor onboardingPackageProcessor = new OnboardingPackageProcessor(packageName, packageBytes); + assertThat("Should contains errors", onboardingPackageProcessor.hasErrors(), is(!expectedErrorSet.isEmpty())); + assertThat("Should have the same number of errors", onboardingPackageProcessor.getErrorMessageSet().size(), equalTo(expectedErrorSet.size())); + if (expectedErrorSet.size() > 0) { + assertThat("Should have the expected errors", onboardingPackageProcessor.getErrorMessageSet(), containsInAnyOrder(expectedErrorSet.toArray())); + return; + } + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + assertThat("Should build onboardPackageInfo", onboardPackageInfo, is(notNullValue())); + assertThat("Should have the expected package type", onboardPackageInfo.getPackageType(), is(equalTo(expectedPackageType))); + } + + private static byte[] getFileBytes(final String filePath) { + final Path path = Paths.get(BASE_DIR, filePath); + try { + return Files.readAllBytes(Paths.get( + OnboardingPackageProcessorTest.class.getResource(path.toString()).toURI())); + } catch (final IOException | URISyntaxException e) { + fail(String.format("Could not load file %s", path.toString())); + } + return null; + } + +} \ No newline at end of file diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java new file mode 100644 index 0000000000..0fce606052 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/CsarSecurityValidatorTest.java @@ -0,0 +1,99 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation; + +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.nio.file.Files; +import java.nio.file.Paths; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager; +import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo; +import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage; + +public class CsarSecurityValidatorTest { + + private static final String BASE_DIR = "/vspmanager.csar/"; + private CsarSecurityValidator csarSecurityValidator; + @Mock + SecurityManager securityManager; + + @Before + public void setUp() { + initMocks(this); + csarSecurityValidator = new CsarSecurityValidator(securityManager); + } + + @Test + public void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException { + final byte[] packageBytes = getFileBytesOrFail("signing/signed-package.zip"); + final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package.zip", + packageBytes); + when(securityManager.verifySignedData(any(), any(), any())).thenReturn(true); + final boolean isSignatureValid = csarSecurityValidator.verifyPackageSignature(onboardSignedPackage); + assertThat("Signature should be valid", isSignatureValid, is(true)); + } + + @Test(expected = SecurityManagerException.class) + public void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException { + final byte[] packageBytes = getFileBytesOrFail("signing/signed-package-tampered-data.zip"); + final OnboardSignedPackage onboardSignedPackage = loadSignedPackage("signed-package-tampered-data.zip", + packageBytes); + //no mocked securityManager + csarSecurityValidator = new CsarSecurityValidator(); + csarSecurityValidator.verifyPackageSignature(onboardSignedPackage); + } + + private byte[] getFileBytesOrFail(final String path) { + try { + return getFileBytes(path); + } catch (final URISyntaxException | IOException e) { + fail("Could not load file " + path); + return null; + } + } + + private byte[] getFileBytes(final String path) throws URISyntaxException, IOException { + return Files.readAllBytes(Paths.get( + CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI())); + } + + private OnboardSignedPackage loadSignedPackage(final String packageName, final byte[] packageBytes) { + final OnboardingPackageProcessor onboardingPackageProcessor = + new OnboardingPackageProcessor(packageName, packageBytes); + final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null); + if (onboardPackageInfo == null) { + fail("Unexpected error. Could not load original package"); + } + + return (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidatorTest.java index 6dc8e1a5c6..799e0cc342 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidatorTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/ONAPCsarValidatorTest.java @@ -37,14 +37,11 @@ public class ONAPCsarValidatorTest { private ONAPCsarValidator onapCsarValidator; private FileContentHandler contentHandler; - private List folderList; @Before public void setUp() throws IOException{ onapCsarValidator = new ONAPCsarValidator(); contentHandler = new FileContentHandler(); - folderList = new ArrayList<>(); - contentHandler.addFile("TOSCA-Metadata/TOSCA.meta", ValidatorUtil.getFileResource("/validation.files/metafile/nonSOL004WithMetaDirectoryCompliantMetaFile.meta")); contentHandler.addFile("MainServiceTemplate.mf", ValidatorUtil.getFileResource("/validation.files/manifest/sampleManifest.mf")); contentHandler.addFile(TestConstants.TOSCA_DEFINITION_FILEPATH, ValidatorUtil.getFileResource(TestConstants.SAMPLE_DEFINITION_FILE_PATH)); @@ -53,7 +50,7 @@ public class ONAPCsarValidatorTest { @Test public void testGivenCSARPackage_withValidContent_thenNoErrorsReturned() { assertExpectedErrors("Valid CSAR Package should have 0 errors", - onapCsarValidator.validateContent(contentHandler, folderList), 0); + onapCsarValidator.validateContent(contentHandler), 0); } @Test @@ -63,23 +60,21 @@ public class ONAPCsarValidatorTest { contentHandler.addFile("MainServiceTemplate.mf", ValidatorUtil.getFileResource("/validation.files/manifest/invalidManifest.mf")); contentHandler.addFile(TestConstants.TOSCA_DEFINITION_FILEPATH, ValidatorUtil.getFileResource(TestConstants.SAMPLE_DEFINITION_FILE_PATH)); - assertExpectedErrors("CSAR package with invalid manifest file should have errors", onapCsarValidator.validateContent(contentHandler, folderList), 1); + assertExpectedErrors("CSAR package with invalid manifest file should have errors", onapCsarValidator.validateContent(contentHandler), 1); } @Test public void testGivenCSARPackage_withUnwantedFolders_thenErrorsReturned(){ - - folderList.add("Files/"); - assertExpectedErrors("CSAR package with unwanted folders should fail with errors", onapCsarValidator.validateContent(contentHandler, folderList), 1); + contentHandler.addFolder("Files/"); + assertExpectedErrors("CSAR package with unwanted folders should fail with errors", onapCsarValidator.validateContent(contentHandler), 1); } @Test public void testGivenCSARPackage_withUnwantedFiles_thenErrorsReturned(){ - contentHandler.addFile("ExtraFile.text", "".getBytes()); assertExpectedErrors("CSAR package with unwanted files should fail with errors", - onapCsarValidator.validateContent(contentHandler, folderList), 1); + onapCsarValidator.validateContent(contentHandler), 1); } private void assertExpectedErrors( String testCase, Map> errors, int expectedErrors){ diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidatorTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidatorTest.java index 2e0fd8643a..17b06793a2 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidatorTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/impl/orchestration/csar/validation/SOL004MetaDirectoryValidatorTest.java @@ -100,7 +100,7 @@ public class SOL004MetaDirectoryValidatorTest { handler.addFile(TOSCA_META_PATH_FILE_NAME, metaFileWithInvalidEntry.getBytes(StandardCharsets.UTF_8)); handler.addFile(TOSCA_DEFINITION_FILEPATH, getResourceBytes(SAMPLE_DEFINITION_FILE_PATH)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("TOSCA Meta file with no entries", errors, 1); } @@ -110,9 +110,8 @@ public class SOL004MetaDirectoryValidatorTest { final String entryTestFilePath = "Files/Tests"; final String entryLicenseFilePath = "Files/Licenses"; - final List folderList = new ArrayList<>(); - folderList.add("Files/Tests/"); - folderList.add("Files/Licenses/"); + handler.addFolder("Files/Tests/"); + handler.addFolder("Files/Licenses/"); metaFile = metaFile + TOSCA_META_ETSI_ENTRY_TESTS + ATTRIBUTE_VALUE_SEPARATOR.getToken() + entryTestFilePath + "\n" + @@ -138,7 +137,7 @@ public class SOL004MetaDirectoryValidatorTest { handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, folderList); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertEquals(0, errors.size()); } @@ -147,7 +146,7 @@ public class SOL004MetaDirectoryValidatorTest { metaFile = "Entry-Events: Definitions/events.log"; handler.addFile(TOSCA_META_PATH_FILE_NAME, metaFile.getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); List errorMessages = errors.get(SdcCommon.UPLOAD_FILE); assertTrue(errors.size() == 1 && errorMessages.size() == 1); assertSame(ErrorLevel.ERROR, errorMessages.get(0).getLevel()); @@ -180,7 +179,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Invalid TOSCA-Meta-File-Version and CSAR-Version attributes", errors, 2); } @@ -188,7 +187,7 @@ public class SOL004MetaDirectoryValidatorTest { public void testGivenTOSCAMetaFile_withNonExistentFileReferenced_thenErrorsReturned() { handler.addFile(TOSCA_META_PATH_FILE_NAME, metaFile.getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); List errorMessages = errors.get(SdcCommon.UPLOAD_FILE); assertTrue(errors.size() == 1 && errorMessages.size() == 3); } @@ -217,7 +216,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertEquals(0, errors.size()); } @@ -249,7 +248,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertEquals(0, errors.size()); } @@ -274,7 +273,7 @@ public class SOL004MetaDirectoryValidatorTest { String manifest = manifestBuilder.build(); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifest.getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("", errors, 1); } @@ -303,7 +302,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest referenced import file missing", errors, 1); } @@ -330,7 +329,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Reference with invalid YAML format", errors, 1); } @@ -360,7 +359,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertEquals(0, errors.size()); } @@ -392,7 +391,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with non existent source files", errors, 1); } @@ -407,7 +406,7 @@ public class SOL004MetaDirectoryValidatorTest { handler.addFile(TOSCA_DEFINITION_FILEPATH, getResourceBytes(SAMPLE_DEFINITION_FILE_PATH)); handler.addFile(SAMPLE_DEFINITION_IMPORT_FILE_PATH, "".getBytes()); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("TOSCA manifest with invalid data", errors, 1); } @@ -430,7 +429,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertEquals(0, errors.size()); } @@ -464,7 +463,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource("Definitions/MainServiceTemplate2.mf"); handler.addFile("Definitions/MainServiceTemplate2.mf", manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Main TOSCA definitions file and Manifest file with different name should return error", errors, 1); } @@ -496,7 +495,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource("Definitions/MainServiceTemplate.txt"); handler.addFile("Definitions/MainServiceTemplate.txt", manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest file with different extension than .mf should return error", errors, 1); } @@ -515,7 +514,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with valid vnf mandatory values should not return any errors", errors, 0); } @@ -536,7 +535,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with valid pnf mandatory values should not return any errors", errors, 0); } @@ -561,7 +560,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with mixed metadata should return error", errors, 1); } @@ -586,7 +585,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with missing vnf or pnf mandatory entries should return error", errors, 1); } @@ -609,7 +608,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with metadata missing pnf mandatory entries should return error", errors, 1); } @@ -632,7 +631,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with metadata missing vnf mandatory entries should return error", errors, 1); } @@ -660,7 +659,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Manifest with more than 4 metadata entries should return error", errors, 1); } @@ -684,10 +683,8 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - - final List folderList = new ArrayList<>(); - folderList.add("Files/Certificates/"); - final Map> errors = sol004MetaDirectoryValidator.validateContent(handler, folderList); + handler.addFolder("Files/Certificates/"); + final Map> errors = sol004MetaDirectoryValidator.validateContent(handler); assertExpectedErrors("Tosca.meta should not have entries applicable only to VF", errors, 2); } @@ -719,7 +716,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> actualErrorMap = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> actualErrorMap = sol004MetaDirectoryValidator.validateContent(handler); final List expectedErrorList = new ArrayList<>(); expectedErrorList.add(new ErrorMessage(ErrorLevel.ERROR @@ -756,7 +753,7 @@ public class SOL004MetaDirectoryValidatorTest { manifestBuilder.withSource(TOSCA_MANIFEST_FILEPATH); handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); - final Map> actualErrorMap = sol004MetaDirectoryValidator.validateContent(handler, Collections.emptyList()); + final Map> actualErrorMap = sol004MetaDirectoryValidator.validateContent(handler); final List expectedErrorList = new ArrayList<>(); expectedErrorList.add(new ErrorMessage(ErrorLevel.ERROR @@ -791,7 +788,7 @@ public class SOL004MetaDirectoryValidatorTest { handler.addFile(TOSCA_MANIFEST_FILEPATH, manifestBuilder.build().getBytes(StandardCharsets.UTF_8)); final Map> actualErrorMap = sol004MetaDirectoryValidator - .validateContent(handler, Collections.emptyList()); + .validateContent(handler); assertExpectedErrors(actualErrorMap.get(SdcCommon.UPLOAD_FILE), Collections.emptyList()); } @@ -829,7 +826,7 @@ public class SOL004MetaDirectoryValidatorTest { ); final Map> actualErrorMap = sol004MetaDirectoryValidator - .validateContent(handler, Collections.emptyList()); + .validateContent(handler); assertExpectedErrors(actualErrorMap.get(SdcCommon.UPLOAD_FILE), expectedErrorList); } @@ -867,7 +864,7 @@ public class SOL004MetaDirectoryValidatorTest { ); final Map> actualErrorMap = sol004MetaDirectoryValidator - .validateContent(handler, Collections.emptyList()); + .validateContent(handler); assertExpectedErrors(actualErrorMap.get(SdcCommon.UPLOAD_FILE), expectedErrorList); } @@ -905,7 +902,7 @@ public class SOL004MetaDirectoryValidatorTest { ); final Map> actualErrorMap = sol004MetaDirectoryValidator - .validateContent(handler, Collections.emptyList()); + .validateContent(handler); assertExpectedErrors(actualErrorMap.get(SdcCommon.UPLOAD_FILE), expectedErrorList); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/tree/UploadFileTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/tree/UploadFileTest.java index 8081184f68..cc73bd766f 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/tree/UploadFileTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/tree/UploadFileTest.java @@ -52,6 +52,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.dao.OrchestrationTemplateDao; import org.openecomp.sdc.vendorsoftwareproduct.dao.VendorSoftwareProductInfoDao; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.OrchestrationTemplateEntity; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; import org.openecomp.sdc.vendorsoftwareproduct.impl.OrchestrationTemplateCandidateManagerImpl; import org.openecomp.sdc.vendorsoftwareproduct.services.composition.CompositionDataExtractor; import org.openecomp.sdc.vendorsoftwareproduct.services.impl.filedatastructuremodule.CandidateServiceImpl; @@ -62,9 +63,6 @@ import org.openecomp.sdc.versioning.dao.types.Version; public class UploadFileTest { private static final Logger LOGGER = LoggerFactory.getLogger(UploadFileTest.class); - - private static final String USER1 = "vspTestUser1"; - public static final Version VERSION01 = new Version(0, 1); @Mock @@ -98,21 +96,22 @@ public class UploadFileTest { } @Test - public void testUploadFile() throws IOException { + public void testUploadFile() throws IOException, OnboardPackageException { doReturn(vspDetails).when(vspInfoDaoMock).get(any(VspDetails.class)); try (final InputStream inputStream = getZipInputStream("/legalUpload")) { onboardPackageInfo = new OnboardPackageInfo("legalUpload", OnboardingTypesEnum.ZIP.toString(), - convertFileInputStream(inputStream)); + convertFileInputStream(inputStream), OnboardingTypesEnum.ZIP); candidateManager.upload(vspDetails, onboardPackageInfo); } } - private void testLegalUpload(String vspId, Version version, InputStream upload, String user) { + private void testLegalUpload(String vspId, Version version, InputStream upload, String user) + throws IOException, OnboardPackageException { onboardPackageInfo = new OnboardPackageInfo("file", OnboardingTypesEnum.ZIP.toString(), - convertFileInputStream(upload)); + convertFileInputStream(upload), OnboardingTypesEnum.ZIP); final UploadFileResponse uploadFileResponse = candidateManager.upload(vspDetails, onboardPackageInfo); - assertEquals(uploadFileResponse.getOnboardingType(), OnboardingTypesEnum.ZIP); + assertEquals(OnboardingTypesEnum.ZIP, uploadFileResponse.getOnboardingType()); OrchestrationTemplateEntity uploadData = orchestrationTemplateDataDaoMock.get(vspId, version); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/upload/csar/UploadCSARFileTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/upload/csar/UploadCSARFileTest.java index 7a183c0dbb..017ba2fbc2 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/upload/csar/UploadCSARFileTest.java +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/upload/csar/UploadCSARFileTest.java @@ -45,6 +45,7 @@ import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.vendorsoftwareproduct.dao.OrchestrationTemplateCandidateDao; import org.openecomp.sdc.vendorsoftwareproduct.dao.VendorSoftwareProductInfoDao; import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails; +import org.openecomp.sdc.vendorsoftwareproduct.exception.OnboardPackageException; import org.openecomp.sdc.vendorsoftwareproduct.impl.OrchestrationTemplateCandidateManagerImpl; import org.openecomp.sdc.vendorsoftwareproduct.services.impl.filedatastructuremodule.CandidateServiceImpl; import org.openecomp.sdc.vendorsoftwareproduct.services.impl.filedatastructuremodule.ManifestCreatorNamingConventionImpl; @@ -119,23 +120,23 @@ public class UploadCSARFileTest { } @Test - public void testUploadFileIsEmpty() throws Exception { + public void testUploadFileIsEmpty() throws OnboardPackageException { doReturn(vspDetails).when(vspInfoDaoMock).get(any(VspDetails.class)); onboardPackageInfo = new OnboardPackageInfo("file", OnboardingTypesEnum.CSAR.toString(), - ByteBuffer.wrap(new byte[]{})); + ByteBuffer.wrap(new byte[]{}), OnboardingTypesEnum.CSAR); UploadFileResponse uploadFileResponse = candidateManager.upload(vspDetails, onboardPackageInfo); assertEquals(1, uploadFileResponse.getErrors().size()); } @Test - public void testInvalidManifestContent() throws Exception { + public void testInvalidManifestContent() throws IOException, OnboardPackageException { doReturn(vspDetails).when(vspInfoDaoMock).get(any(VspDetails.class)); try (InputStream inputStream = getClass() .getResourceAsStream(BASE_DIR + "/invalidManifestContent.csar")) { onboardPackageInfo = new OnboardPackageInfo("invalidManifestContent", - OnboardingTypesEnum.CSAR.toString(), convertFileInputStream(inputStream)); + OnboardingTypesEnum.CSAR.toString(), convertFileInputStream(inputStream), OnboardingTypesEnum.CSAR); UploadFileResponse response = candidateManager.upload(vspDetails, onboardPackageInfo); assertEquals(1, response.getErrors().size()); @@ -156,12 +157,12 @@ public class UploadCSARFileTest { } private UploadFileResponse testCsarUpload(final String csarFileName, - final int expectedErrorsNumber) throws IOException { + final int expectedErrorsNumber) throws IOException, OnboardPackageException { UploadFileResponse uploadFileResponse; try (final InputStream inputStream = getClass() .getResourceAsStream(BASE_DIR + File.separator + csarFileName)) { onboardPackageInfo = new OnboardPackageInfo(csarFileName, OnboardingTypesEnum.CSAR.toString(), - convertFileInputStream(inputStream)); + convertFileInputStream(inputStream), OnboardingTypesEnum.CSAR); uploadFileResponse = candidateManager.upload(vspDetails, onboardPackageInfo); assertThat(String.format("Expecting %s error(s) in file '%s'", expectedErrorsNumber, csarFileName), uploadFileResponse.getErrors().size(), is(expectedErrorsNumber)); } diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/manifest/ValidNonManoToscaPNFWithNonMano.mf b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/manifest/ValidNonManoToscaPNFWithNonMano.mf index 02275e1bca..23ceffd512 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/manifest/ValidNonManoToscaPNFWithNonMano.mf +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/manifest/ValidNonManoToscaPNFWithNonMano.mf @@ -5,6 +5,7 @@ metadata: pnfd_release_date_time: 2017-01-01T10:00:00+03:00 Source: MainServiceTemplate.yaml +Source: Artifacts/Deployment/ANOTHER/authorized_keys non_mano_artifact_sets: onap_others: diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/csar-and-cms-in-root.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/csar-and-cms-in-root.zip new file mode 100644 index 0000000000..07331466df Binary files /dev/null and b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/csar-and-cms-in-root.zip differ diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/fakeNonSignedZipPackage.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/fakeNonSignedZipPackage.zip new file mode 100644 index 0000000000..b54fb5f7ff Binary files /dev/null and b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/fakeNonSignedZipPackage.zip differ diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package-tampered-data.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package-tampered-data.zip new file mode 100644 index 0000000000..0cfb9e0265 Binary files /dev/null and b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package-tampered-data.zip differ diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package.zip b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package.zip new file mode 100644 index 0000000000..a64ddd9be2 Binary files /dev/null and b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/vspmanager.csar/signing/signed-package.zip differ -- cgit 1.2.3-korg