From c5927b27b83286c6f4aef7ae5be19a16398c23ce Mon Sep 17 00:00:00 2001 From: kooper Date: Fri, 22 Mar 2019 10:28:46 +0000 Subject: Retrieve issuer certificate Change-Id: I22b9ed99d9b19ed300b5671826bd5cd369417f06 Issue-ID: SDC-2162 Signed-off-by: kooper --- .../pom.xml | 4 +- .../security/SecurityManager.java | 102 +++++++++++++++++++++ .../security/SecurityManagerException.java | 8 ++ .../security/SecurityManagerTest.java | 84 +++++++++++++++++ .../test/resources/cert/package-certificate.pem | 20 ++++ .../src/test/resources/cert/root-certificate.pem | 22 +++++ 6 files changed, 238 insertions(+), 2 deletions(-) create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem create mode 100644 openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem (limited to 'openecomp-be') diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml index 65babbdfd6..66f04f1ba7 100644 --- a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/pom.xml @@ -162,7 +162,7 @@ org.powermock - powermock-module-testng-common + powermock-module-junit4-common ${powermock.version} test @@ -174,7 +174,7 @@ org.powermock - powermock-module-testng + powermock-module-junit4 ${powermock.version} test diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java new file mode 100644 index 0000000000..d2da7ef20f --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManager.java @@ -0,0 +1,102 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019, Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.openecomp.sdc.vendorsoftwareproduct.security; + +import com.google.common.collect.ImmutableSet; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.HashSet; +import java.util.Set; + +/** + * This is temporary solution. When AAF provides functionality for verifying certificates, this class should be reviewed + * Class is responsible for providing root certificates from configured location in onboarding container. + */ +public class SecurityManager { + private static final String CERTIFICATE_DEFAULT_LOCATION = "/root/cert"; + + private Logger logger = LoggerFactory.getLogger(SecurityManager.class); + private Set certificates = new HashSet<>(); + private File certificateDirectory; + + + public SecurityManager(){ + certificateDirectory = this.getcertDirectory(); + } + + private void processCertificateDir() { + if(!certificateDirectory.exists() || !certificateDirectory.isDirectory()){ + logger.error("Issue with certificate directory, check if exists!"); + return; + } + + File [] files = certificateDirectory.listFiles(); + if(files == null){ + logger.error("Certificate directory is empty!"); + return; + } + for(File f : files) { + certificates.add(loadCertificate(f)); + } + } + + private File getcertDirectory() { + String certDirLocation = System.getenv("SDC_CERT_DIR"); + if(certDirLocation == null){ + certDirLocation = CERTIFICATE_DEFAULT_LOCATION; + } + return new File(certDirLocation); + } + + private Certificate loadCertificate(File certFile){ + try (InputStream fileInputStream = new FileInputStream(certFile)){ + CertificateFactory factory = CertificateFactory.getInstance("X.509"); + return factory.generateCertificate(fileInputStream); + } catch (CertificateException|IOException e) { + throw new SecurityManagerException("Error during loading Certificate file!", e); + } + } + + /** + * Checks the configured location for available certificates + * @return set of certificates + */ + public Set getCertificates() { + //if file number in certificate directory changed reload certs + String[] certFiles = certificateDirectory.list(); + if(certFiles == null){ + logger.error("Certificate directory is empty!"); + return ImmutableSet.copyOf(new HashSet<>()); + } + if(certificates.size() != certFiles.length){ + certificates = new HashSet<>(); + processCertificateDir(); + } + return ImmutableSet.copyOf(certificates); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java new file mode 100644 index 0000000000..5c5a23a5f8 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/main/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerException.java @@ -0,0 +1,8 @@ +package org.openecomp.sdc.vendorsoftwareproduct.security; + +public class SecurityManagerException extends RuntimeException { + + public SecurityManagerException(String s, Throwable t) { + super(s); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java new file mode 100644 index 0000000000..c693015791 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java @@ -0,0 +1,84 @@ +package org.openecomp.sdc.vendorsoftwareproduct.security; + +import org.apache.commons.io.FileUtils; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import java.io.File; +import java.io.IOException; + +import static junit.framework.TestCase.assertEquals; +import static junit.framework.TestCase.assertTrue; +import static org.mockito.ArgumentMatchers.eq; + +@RunWith(PowerMockRunner.class) +@PrepareForTest(SecurityManager.class) +public class SecurityManagerTest { + File certDir; + + @Before + public void setUp(){ + certDir = new File("/tmp/cert"); + certDir.mkdirs(); + PowerMockito.mockStatic(System.class); + PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath()); + } + + @After + public void tearDown(){ + certDir.delete(); + } + + @Test + public void testGetCertificates() throws IOException { + File origFile = new File("src/test/resources/cert/root-certificate.pem"); + File newFile = new File("/tmp/cert/root-certificate.pem"); + newFile.createNewFile(); + FileUtils.copyFile(origFile, newFile); + SecurityManager securityManager = new SecurityManager(); + assertEquals(1, securityManager.getCertificates().size()); + newFile.delete(); + assertEquals(0, securityManager.getCertificates().size()); + } + + @Test + public void testGetCertificatesNoDirectory() throws IOException { + certDir.delete(); + SecurityManager securityManager = new SecurityManager(); + assertEquals(0, securityManager.getCertificates().size()); + } + + @Test(expected = SecurityManagerException.class) + public void testGetCertificatesException() throws IOException { + File newFile = new File("/tmp/cert/root-certificate.pem"); + newFile.createNewFile(); + SecurityManager securityManager = new SecurityManager(); + assertEquals(1, securityManager.getCertificates().size()); + newFile.delete(); + assertEquals(0, securityManager.getCertificates().size()); + } + + @Test + public void testGetCertificatesUpdated() throws IOException { + File origFile = new File("src/test/resources/cert/root-certificate.pem"); + File newFile = new File("/tmp/cert/root-certificate.pem"); + newFile.createNewFile(); + FileUtils.copyFile(origFile, newFile); + SecurityManager securityManager = new SecurityManager(); + assertTrue(securityManager.getCertificates().size() == 1); + File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem"); + File otherNewFile = new File("/tmp/cert/package-certificate.pem"); + newFile.createNewFile(); + FileUtils.copyFile(otherOrigFile, otherNewFile); + assertEquals(2, securityManager.getCertificates().size()); + otherNewFile.delete(); + assertEquals(1, securityManager.getCertificates().size()); + newFile.delete(); + assertEquals(0, securityManager.getCertificates().size()); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem new file mode 100644 index 0000000000..886b594f39 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/package-certificate.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDODCCAiACCQCY9wg5bTEy6TANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMRcwFQYDVQQDDA5yb290IGF1dGhvcml0eTAeFw0xOTAzMjAxMjMz +MDhaFw0xOTA0MTkxMjMzMDhaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l +LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNV +BAMMDnBhY2thZ2Ugc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAsM9jqBlcBgzQsy6awwjFmBHhGmLXLnLXxhJns2gVmw7KBa/i7tbTOJRjqKFH +kKT41gYo1MICWTHuYwCPnEZTuwHyRiK3DGC7p9I0HO5Sq/Wqrs5xnfcRjcEaC2hH +GRpZlRj0g877GyNonWNN8tmFsSCD8PCX4WI1/j3RbLDEUROKPWpI3KU1vLcNv3TY +Izk/AP7TJjG1k+VdIuPLmgeBhq71SQ3FYihPRhYK0jWqFlsjvjbpNBamX50/e2h3 +dCQGROpZEHqYZzuT6C0BM/9jKvudjBRNI+x1tUjaRSHj4arj6vBS2M2tX4peyt7i +gmLVUPwCc9ke6uL9gIOC0hSf5QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCmfdrV +sbzG+e7nhbI0DFeFJp2UVynL0Gf9pjjqVfU/Me52MztNWNC8u66V6Vvs9K/HSa19 +VCepC52b0wDgdDkfxrlFWBAJiMwl+ROru9Pysc6vymSkWD2FsEv/JxYkD2OikfIX +Q44TQa7Jc1Oij1DODwCsZpsT8IVpPyGOTXwoSbRNVDCVKtF5GWXQPztcg81nn6qR +hs88jgPv+9+cz+r6E1pB6DZY7nfetnQluZdX/0VeCl6+fswIfVPt3hbKu21LSuRQ +5PGlE2j8oztbXGP3EkwFooqxrFjkLHAVm+huCXQMdICs/Xj91NI4KhZyIz3jm+Bu +FaISSUy9k9whoMye +-----END CERTIFICATE----- diff --git a/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem new file mode 100644 index 0000000000..c292035e01 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/resources/cert/root-certificate.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIJANGn88sngb8EMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMMDnJvb3QgYXV0aG9yaXR5MB4XDTE5MDMy +MDEyMzIwNloXDTE5MDQxOTEyMzIwNlowXjELMAkGA1UEBhMCQVUxEzARBgNVBAgM +ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEX +MBUGA1UEAwwOcm9vdCBhdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDSpZ9UB5iZplYDhPu4DNcLS/0K1etO4T4de7Cd5UDFATpqVvzrT7xI +3mc2JaTOSVYORYVWJRcWhp9KUKIyVA0J4w4xbCFoACLjRWQHzzji7WKDTmaSn/tj +PyGubqN0h9IxUffWo3XnJ4pvdbpO+zIKYdBbEbxZFsI5J7hYZ7e3HpmZuFIN3UWl +KU9UmbXFmmPrkn/7YHzu1KfWsOxao7L9YLRHibRyAPVTE+bXwO3xqI/4GQNlK3W5 +a5JIIgf74SZbni995tU1QCJ0vPgpsDRBWzwynTmppbp+Ii0PpROKx8FE4vvIfPKo +OrHb02iwW6oAds43eegbWfE8wnaIxsGjAgMBAAGjUDBOMB0GA1UdDgQWBBSbTci1 +HIAinR504rzOn/vwwPxx6zAfBgNVHSMEGDAWgBSbTci1HIAinR504rzOn/vwwPxx +6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB5eXIhIrtD1Eir5ISf +swXL/4jIlUjDSJAxMXboGlxv0vzxv9YOXb3DcApzJqAqsu14qsgAHoXCI13ufDQy +nEvRFMxTAZ2X6XVu5AUyuUv2fxQRciiN24gYnAocC7mwUbZ2tpilxemj/e+/0M+p +l10m8kgAT0R/rwRlDrP/W8QxnEl3Wl0iflq3SeDqwGV5iR2tUkSO4/4qEwDcXOsp +UVmfkwQYYbv1SGtRUqoy/UFdgHJjLZnVfN9dPWR7LoHeQKvARJS6QD92HrBk1i4A +0xXeAGlSUCz5QyjBrM7Un5FonOjZEHYm5HC3NmPcVfEZ1n45BmEixwmJCki1fze1 ++6xW +-----END CERTIFICATE----- -- cgit 1.2.3-korg