blob: bf5abe3737245353f8c46753e42476a3159db8d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
/*
* ============LICENSE_START=======================================================
* Copyright (C) 2019 Nordix Foundation
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation;
import java.util.Optional;
import lombok.NoArgsConstructor;
import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager;
import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException;
import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
/**
* Validates the package security
*/
@NoArgsConstructor
public class CsarSecurityValidator {
private SecurityManager securityManager = SecurityManager.getInstance();
//for tests purpose
CsarSecurityValidator(final SecurityManager securityManager) {
this.securityManager = securityManager;
}
/**
* Validates package signature against trusted certificates
*
* @return true if signature verified
* @throws SecurityManagerException when a certificate error occurs.
*/
public boolean verifyPackageSignature(final OnboardSignedPackage signedPackage, final ArtifactInfo artifactInfo) throws SecurityManagerException {
if (isArtifactInfoPresent(artifactInfo)) {
return securityManager.verifyPackageSignedData(signedPackage, artifactInfo);
} else {
final var fileContentHandler = signedPackage.getFileContentHandler();
final byte[] signatureBytes = fileContentHandler.getFileContent(signedPackage.getSignatureFilePath());
final byte[] archiveBytes = fileContentHandler.getFileContent(signedPackage.getInternalPackageFilePath());
byte[] certificateBytes = null;
final Optional<String> certificateFilePath = signedPackage.getCertificateFilePath();
if (certificateFilePath.isPresent()) {
certificateBytes = fileContentHandler.getFileContent(certificateFilePath.get());
}
return securityManager.verifySignedData(signatureBytes, certificateBytes, archiveBytes);
}
}
private boolean isArtifactInfoPresent(final ArtifactInfo artifactInfo) {
return artifactInfo != null && artifactInfo.getPath() != null;
}
}
|
