ROBOT e2e test cases improvements for csar/zip tosca package validation in VNFSDK and SDC Onbarding adding tosca package integrity check SOL004 package security option 1

Issue-ID: INT-1240

Signed-off-by: Krzysztof Kuzmicki <krzysztof.kuzmicki@nokia.com>
Change-Id: Ic9f35fc3cee68975e2899a7a60b6c5cb51e1068d

3 files changed, 76 insertions, 33 deletions

diff --git a/robot/resources/test_templates/vnfsdk_validation_template.robot b/robot/resources/test_templates/vnfsdk_validation_template.robot
index 56cd0b96..cf7fcf23 100644
--- a/robot/resources/test_templates/vnfsdk_validation_template.robot
+++ b/robot/resources/test_templates/vnfsdk_validation_template.robot
@@ -22,33 +22,60 @@ ${VNFSDK_CSAR_DIRECTORY}   ${VNFSDK_TOSCA_ONBOARDING_PACKAGES_DIRECTORY}/temp
 *** Keywords ***
 
 Validate Onboarding Package
-    [Arguments]   ${package_folder}   ${scenario}=onap-vtp  ${test_suite_name}=validation  ${test_case_name}=csar-validate  ${pnf}=TRUE  ${secured_package}=FALSE  ${negative_test_case}=TRUE  ${failed_vnfreqNames}=@{empty_list}  ${sdc_response}=@{empty_list}  ${secure_type}=CMS  ${sdc_cert}=sdc-valid
+    [Arguments]   ${package_folder}   ${scenario}=onap-dublin  ${test_suite_name}=validation  ${test_case_name}=csar-validate  ${pnf}=TRUE  ${integrity_check}=FALSE  ${secured_package}=FALSE  ${negative_test_case}=TRUE  ${failed_vnfreqNames}=@{empty_list}  ${sdc_response}=@{empty_list}  ${secure_type}=CMS  ${sdc_cert}=sdc-valid
+    Disable Warnings
     Create Directory   ${VNFSDK_CSAR_DIRECTORY}
-    ${onboarding_package_path}=   Run Keyword If  "${secured_package}"=='FALSE'   Create CSAR Package  ${package_folder}
-                    ...  ELSE  Create Secured CSAR ZIP Package   ${package_folder}  ${secure_type}  ${sdc_cert}
+    ${onboarding_package_path}=   Run Keyword If  "${secured_package}"=='FALSE'   Create CSAR Package  ${package_folder}  ${integrity_check}  ${sdc_cert}
+                    ...  ELSE  Create Secured CSAR Package   ${package_folder}  ${integrity_check}  ${secure_type}  ${sdc_cert}
+    Validate Onboarding Package In SDC  ${onboarding_package_path}  ${package_folder}   ${sdc_cert}  ${negative_test_case}  ${sdc_response}  ${sdc_cert}
     Run Keyword If  "${negative_test_case}"=='FALSE'   Validate Valid Onboarding Package  ${package_folder}  ${onboarding_package_path}  ${scenario}  ${test_suite_name}  ${test_case_name}  ${pnf}  ${secured_package}
     ...  ELSE  Validate Not Valid Onboarding Package  ${package_folder}  ${onboarding_package_path}  ${scenario}  ${test_suite_name}  ${test_case_name}  ${pnf}  ${failed_vnfreqNames}  ${secured_package}
-    Validate Onboarding Package In SDC  ${onboarding_package_path}  ${package_folder}   ${sdc_cert}  ${negative_test_case}  ${sdc_response}  ${sdc_cert}
-
 
 Create CSAR Package
+    [Arguments]  ${package_folder}   ${integrity_check}  ${cert}
+    ${csar} =   Run Keyword If   "${integrity_check}"=='FALSE'  Create CSAR Package without integrity check  ${package_folder}
+    ...  ELSE  Create CSAR Package with integrity check   ${package_folder}  ${integrity_check}  ${cert}
+    [Return]  ${csar}
+
+Create CSAR Package without integrity check
     [Arguments]  ${package_folder}
     Empty Directory  ${VNFSDK_CSAR_DIRECTORY}
     ${csar}=    Catenate    ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar
     Copy File   ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder}.csar  ${csar}
     [Return]  ${csar}
 
-Create Secured CSAR ZIP Package
-    [Arguments]  ${package_folder}  ${secure_type}  ${sdc_cert}
-    ${zip}=  Run Keyword If   "${secure_type}"=='CMS'  Create Secured CSAR ZIP Package with CMS   ${package_folder}  ${sdc_cert}
-                    ...  ELSE  Create Secured CSAR ZIP Package with CMS and CERT    ${package_folder}  ${sdc_cert}
+Create CSAR Package with integrity check
+    [Arguments]  ${package_folder}  ${integrity_check}  ${cert}
+    Empty Directory  ${VNFSDK_CSAR_DIRECTORY}
+    ${csar}=    Catenate    ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.csar
+    Copy Directory   ${GLOBAL_TOSCA_ONBOARDING_PACKAGES_FOLDER}/vnfsdk/${package_folder}  ${VNFSDK_CSAR_DIRECTORY}
+    ${meta}=  OperatingSystem.Get File   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/TOSCA-Metadata/TOSCA.meta
+    ${cert_name}=  Get Regexp Matches  ${meta}  (?<=\ETSI-Entry-Certificate: )(.*)
+    Copy File  /tmp/package-robot-${cert}.cert   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}/${cert_name}[0]
+    ${files} = 	List Files In Directory 	 ${VNFSDK_CSAR_DIRECTORY}/${package_folder} 	*.mf  absolute
+    Sign csar manifest file   ${integrity_check}  ${cert}  ${files}[0]
+    ${rc} =     Run and Return RC   cd ${VNFSDK_CSAR_DIRECTORY}/${package_folder}; zip -r ${csar} *
+    Should Be Equal As Integers         ${rc}    0
+    Remove Directory 	${VNFSDK_CSAR_DIRECTORY}/${package_folder}	recursive=True
+    [Return]  ${csar}
+
+Sign csar manifest file
+    [Arguments]  ${integrity_check}  ${cert}  ${manifest}
+     ${rc} =   Run Keyword If  "${integrity_check}"=='CMS_with_cert'   Run and Return RC   openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${manifest} >> ${manifest}
+     ...  ELSE   Run and Return RC   openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${manifest} >> ${manifest}
+     Should Be Equal As Integers         ${rc}    0
+
+Create Secured CSAR Package
+    [Arguments]  ${package_folder}  ${integrity_check}  ${secure_type}  ${sdc_cert}
+    ${zip}=  Run Keyword If   "${secure_type}"=='CMS'  Create Secured CSAR ZIP Package with CMS   ${package_folder}  ${integrity_check}  ${sdc_cert}
+                    ...  ELSE  Create Secured CSAR ZIP Package with CMS and CERT    ${package_folder}  ${integrity_check}  ${sdc_cert}
     [Return]  ${zip}
 
 Create Secured CSAR ZIP Package with CMS
-    [Arguments]   ${package_folder}  ${cert}
+    [Arguments]   ${package_folder}  ${integrity_check}  ${cert}
     ${zip}=   Catenate   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip
     ${cms}=   Catenate   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms
-    ${csar}=  Create CSAR Package   ${package_folder}
+    ${csar}=  Create CSAR Package   ${package_folder}  ${integrity_check}  ${cert}
     ${rc} =     Run and Return RC   openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -in ${csar} -out ${cms}
     Should Be Equal As Integers         ${rc}    0
     ${rc} =     Run and Return RC   cd ${VNFSDK_CSAR_DIRECTORY}; zip -r ${zip} *
@@ -56,10 +83,10 @@ Create Secured CSAR ZIP Package with CMS
     [Return]  ${zip}
 
 Create Secured CSAR ZIP Package with CMS and CERT
-    [Arguments]   ${package_folder}  ${cert}
+    [Arguments]   ${package_folder}  ${integrity_check}  ${cert}
     ${zip}=   Catenate   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.zip
     ${cms}=   Catenate   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cms
-    ${csar}=  Create CSAR Package   ${package_folder}
+    ${csar}=  Create CSAR Package   ${package_folder}  ${integrity_check}  ${cert}
     Copy File  /tmp/package-robot-${cert}.cert   ${VNFSDK_CSAR_DIRECTORY}/${package_folder}.cert
     ${rc} =     Run and Return RC   openssl cms -sign -signer /tmp/package-robot-${cert}.cert -inkey /tmp/package-private-robot-${cert}.key -outform PEM -binary -nocerts -in ${csar} -out ${cms}
     Should Be Equal As Integers         ${rc}    0
diff --git a/robot/resources/vnfsdk_interface.robot b/robot/resources/vnfsdk_interface.robot
index fea6b31a..c54b330e 100644
--- a/robot/resources/vnfsdk_interface.robot
+++ b/robot/resources/vnfsdk_interface.robot
@@ -24,7 +24,7 @@ Run VNFSDK Get Request
 
 Run VNFSDK Post Request
      [Documentation]    Runs VNFSDK Get request
-     [Arguments]    ${data_path}     ${files}   ${headers}
+     [Arguments]    ${data_path}     ${files}
      ${session}=    Create Session    vnfsdk    ${VNFSDK_ENDPOINT}
      ${resp}=     Post Request     vnfsdk     ${data_path}   files=${files}
      Log    Received response from VNFSDK ${resp}
diff --git a/robot/testsuites/vnfsdk_validation.robot b/robot/testsuites/vnfsdk_validation.robot
index 993efca7..48ce94ae 100644
--- a/robot/testsuites/vnfsdk_validation.robot
+++ b/robot/testsuites/vnfsdk_validation.robot
@@ -9,17 +9,19 @@ Default Tags      vnfsdk
 
 
 *** Variables ***
-@{allMandatoryEntriesDefinedInTOSCAMeta}       r146092
-@{no_pnfd_release_date_time_error}       r57019
-@{non_mano_artifact_sets_is_mandatory}   r146092
-@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log}  r293901
-@{PNFD_missing}  SOL004  r10087  r87234  r35854  r15837  r17852  r293901  r146092  r57019  r787965
-@{allMandatoryEntriesDefinedInTOSCAMeta_sdc_message}  Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests  Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{no_pnfd_release_date_time_error_sdc_message}  Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests  Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{non_mano_artifact_sets_is_mandatory_sdc_message}  Following entry not supported in TOSCA.meta Entry-Tests=Artifacts/Tests  Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
-@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log_sdc_message}   Manifest contains invalid line : #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{allMandatoryEntriesDefinedInTOSCAMeta}       r146092  r130206
+@{no_pnfd_release_date_time_error}       r57019  r130206
+@{non_mano_artifact_sets_is_mandatory}   r146092  r130206
+@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log}  r293901  r130206
+@{PNFD_missing}  SOL004  r10087  r87234  r35854  r15837  r17852  r293901  r146092  r57019  r787965  r130206
+@{missing_entry_in_manifest}
+@{allMandatoryEntriesDefinedInTOSCAMeta_sdc_message}  Following entry not supported in TOSCA.meta Entry-Tests  Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{no_pnfd_release_date_time_error_sdc_message}   Following entry not supported in TOSCA.meta Entry-Tests  Invalid Manifest metadata entry: '#The manifest file shall include a list of all files contained in or referenced from the VNF package with their location'.;\nAt line 6: '#The manifest file shall include a list of all files contained in or referenced from the VNF package with their location'.
+@{non_mano_artifact_sets_is_mandatory_sdc_message}   Following entry not supported in TOSCA.meta Entry-Tests  Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
+@{noETSI-Entry-ManifestOrETSI-Entry-Change-Log_sdc_message}   Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location   Manifest contains invalid line: 7: #The manifest file shall include a list of all files contained in or referenced from the VNF package with their location
 @{PNFD_missing_sdc_message}   TOSCA.meta file in TOSCA-metadata directory missing entry Created-By
 @{invalid_certificate}  Could not verify signature!
+@{missing_entry_in_manifest_sdc_message}  'pnf_main_descriptor.cert' artifact is not being referenced in manifest file
 
 
 *** Test Cases ***
@@ -58,42 +60,56 @@ Validate Onboarding PNFD_missing
      ...  Runs VNFSDK validation and comapres with list of expected errors.
      PNFD_missing   failed_vnfreqNames=@{PNFD_missing}  sdc_response=@{PNFD_missing_sdc_message}
 
-Validate Onboarding test_SDC_and_VNFSDK_API
+Validate Onboarding test_SDC_and_VNFSDK_API, integrity_check CMS_with_cert
      [Documentation]
      ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
      ...  Imports it as csar VSP package to SDC and expects success.
      ...  Runs VNFSDK validation and and expects success.
-     test_SDC_and_VNFSDK_API   negative_test_case=FALSE
+     test_SDC_and_VNFSDK_API_with_hash   negative_test_case=FALSE   integrity_check=CMS_with_cert
 
-Validate Onboarding test_SDC_and_VNFSDK_API, secured csar, CMS only, valid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, integrity_check CMS_without_cert
+     [Documentation]
+     ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
+     ...  Imports it as csar VSP package to SDC and expects success.
+     ...  Runs VNFSDK validation and and expects success.
+     test_SDC_and_VNFSDK_API_with_hash   negative_test_case=FALSE   integrity_check=CMS_without_cert
+
+Validate Onboarding package with missing entry in manifest, integrity_check CMS_with_cert
+     [Documentation]
+     ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
+     ...  Imports it as csar VSP package to SDC and expects success.
+     ...  Runs VNFSDK validation and and expects success.
+     test_SDC_and_VNFSDK_API_missing_entry_in_manifest   negative_test_case=TRUE   failed_vnfreqNames=@{missing_entry_in_manifest}  sdc_response=@{missing_entry_in_manifest_sdc_message}  integrity_check=CMS_with_cert
+
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS only - sdc valid certificate, integrity_check CMS_without_cert
      [Documentation]
      ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
      ...  Next sign with certificate that is imported to SDC onabarding POD using CMS only method (CMS file signs csar, zip contains only csar and cms files )
      ...  Imports it as zip VSP package to SDC and expects success.
      ...  Runs VNFSDK validation and and expects success.
-     test_SDC_and_VNFSDK_API   secured_package=TRUE   negative_test_case=FALSE  secure_type=CMS  sdc_cert=sdc-valid
+     test_SDC_and_VNFSDK_API_with_hash   secured_package=TRUE   negative_test_case=FALSE  integrity_check=CMS_without_cert  secure_type=CMS  sdc_cert=sdc-valid
 
-Validate Onboarding test_SDC_and_VNFSDK_API, secured csar, CMS and CERT, valid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS and CERT - sdc valid certificate, integrity_check CMS_with_cert
      [Documentation]
      ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
      ...  Next sign with certificate that is imported to SDC onabarding POD using CMS and CERT  method (CMS file signs csar, zip contains csar, certificate and cms files )
      ...  Imports it as zip VSP package to SDC and expects success.
      ...  Runs VNFSDK validation and and expects success.
-     test_SDC_and_VNFSDK_API   secured_package=TRUE   negative_test_case=FALSE  secure_type=CMS_AND_CERT  sdc_cert=sdc-valid
+     test_SDC_and_VNFSDK_API_with_hash   secured_package=TRUE   negative_test_case=FALSE  integrity_check=CMS_with_cert  secure_type=CMS_AND_CERT  sdc_cert=sdc-valid
 
-Validate Onboarding test_SDC_and_VNFSDK_API secured csar, CMS only, invalid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS only - sdc invalid certificate, integrity_check CMS_without_cert
      [Documentation]
      ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
      ...  Next sign with certificate that is not imported to SDC onabarding POD using CMS only method (CMS file signs csar, zip contains only csar and cms files )
      ...  Imports it as zip VSP package to SDC and expects error due to issues with certificate validation.
      ...  Runs VNFSDK validation and and expects success.
-     test_SDC_and_VNFSDK_API   secured_package=TRUE   negative_test_case=FALSE  sdc_response=@{invalid_certificate}  secure_type=CMS  sdc_cert=sdc-invalid
+     test_SDC_and_VNFSDK_API_with_hash   secured_package=TRUE   negative_test_case=FALSE  integrity_check=CMS_without_cert  sdc_response=@{invalid_certificate}  secure_type=CMS  sdc_cert=sdc-invalid
 
-Validate Onboarding test_SDC_and_VNFSDK_API secured csar, CMS and CERT, invalid certificate
+Validate Onboarding test_SDC_and_VNFSDK_API, secured csar - CMS and CERT - sdc invalid certificate, integrity_check CMS_with_cert
      [Documentation]
      ...  This test case creates TOSCA csar software package for PNF, based on /var/opt/ONAP/demo/tosca/vnfsdk/test_SDC_and_VNFSDK_API
      ...  Next sign with certificate that is not imported to SDC onabarding POD using CMS and CERT  method (CMS file signs csar, zip contains csar, certificate and cms files )
      ...  Imports it as zip VSP package to SDC and expects error due to issues with certificate validation.
      ...  Runs VNFSDK validation and and expects success
-     test_SDC_and_VNFSDK_API   secured_package=TRUE   negative_test_case=FALSE  sdc_response=@{invalid_certificate}  secure_type=CMS_AND_CERT  sdc_cert=sdc-invalid
+     test_SDC_and_VNFSDK_API_with_hash   secured_package=TRUE   negative_test_case=FALSE  integrity_check=CMS_with_cert  sdc_response=@{invalid_certificate}  secure_type=CMS_AND_CERT  sdc_cert=sdc-invalid