3 files changed, 95 insertions, 5 deletions

diff --git a/tests/packager/test_csar.py b/tests/packager/test_csar.py
index f8875f3..e9e441c 100644
--- a/tests/packager/test_csar.py
+++ b/tests/packager/test_csar.py
@@ -26,7 +26,9 @@ CSAR_ENTRY_FILE = 'test_entry.yaml'
 CSAR_OUTPUT_FILE = 'output.csar'
 
 Args = collections.namedtuple('Args',
-        ['source', 'entry', 'manifest', 'history', 'tests', 'licenses', 'digest'])
+           ['source', 'entry', 'manifest', 'history', 'tests',
+            'licenses', 'digest', 'certificate', 'privkey'])
+
 
 ARGS_MANIFEST = {
             'source': CSAR_RESOURCE_DIR,
@@ -35,7 +37,9 @@ ARGS_MANIFEST = {
             'history': 'ChangeLog.txt',
             'tests': 'Tests',
             'licenses': 'Licenses',
-            'digest': None
+            'digest': None,
+            'certificate': None,
+            'privkey': None,
         }
 
 ARGS_MANIFEST_DIGEST = {
@@ -45,9 +49,22 @@ ARGS_MANIFEST_DIGEST = {
             'history': 'ChangeLog.txt',
             'tests': 'Tests',
             'licenses': 'Licenses',
-            'digest': 'sha256'
+            'digest': 'sha256',
+            'certificate': None,
+            'privkey': None,
         }
 
+ARGS_MANIFEST_DIGEST_CERT = {
+            'source': CSAR_RESOURCE_DIR,
+            'entry': CSAR_ENTRY_FILE,
+            'manifest': 'test_entry.mf',
+            'history': 'ChangeLog.txt',
+            'tests': 'Tests',
+            'licenses': 'Licenses',
+            'digest': 'sha256',
+            'certificate': 'test.crt',
+            'privkey': 'tests/resources/signature/test.key',
+        }
 
 ARGS_NO_MANIFEST = {
             'source': CSAR_RESOURCE_DIR,
@@ -57,6 +74,8 @@ ARGS_NO_MANIFEST = {
             'tests': None,
             'licenses': None,
             'digest': None,
+            'certificate': None,
+            'privkey': None,
         }
 
 
@@ -65,7 +84,7 @@ def csar_write_test(args):
     csar_extract_dir = tempfile.mkdtemp()
     try:
         csar.write(args.source, args.entry, csar_target_dir + '/' + CSAR_OUTPUT_FILE, args)
-        csar.read(csar_target_dir + '/' + CSAR_OUTPUT_FILE, csar_extract_dir)
+        csar.read(csar_target_dir + '/' + CSAR_OUTPUT_FILE, csar_extract_dir, True)
         assert filecmp.cmp(args.source + '/' + args.entry, csar_extract_dir + '/' + args.entry)
         if(args.manifest and not args.digest):
             assert filecmp.cmp(args.source + '/' + args.manifest,
@@ -96,3 +115,10 @@ def test_CSARWrite_manifest_digest():
     if not os.path.exists(license_path):
         os.makedirs(license_path)
     csar_write_test(Args(**ARGS_MANIFEST_DIGEST))
+
+def test_CSARWrite_manifest_digest_cert():
+    # Because git can not store emptry directory, we need to create manually here
+    license_path = ARGS_MANIFEST['source'] + '/' + ARGS_MANIFEST['licenses']
+    if not os.path.exists(license_path):
+        os.makedirs(license_path)
+    csar_write_test(Args(**ARGS_MANIFEST_DIGEST_CERT))
diff --git a/tests/packager/test_manifest.py b/tests/packager/test_manifest.py
index b95d7c6..2383284 100644
--- a/tests/packager/test_manifest.py
+++ b/tests/packager/test_manifest.py
@@ -13,6 +13,9 @@
 # under the License.
 #
 
+import os
+import os.path
+
 import pytest
 
 from vnfsdk_pkgtools.packager import manifest
@@ -38,6 +41,24 @@ FILE_DIGEST = '\n'.join(['Source: digest',
                          'Hash: 20a480339aa4371099f9503511dcc5a8051ce3884846678ced5611ec64bbfc9c',
                        ])
 
+CMS = '\n'.join(['-----BEGIN CMS-----',
+                 'MIICmAYJKoZIhvcNAQcCoIICiTCCAoUCAQExDTALBglghkgBZQMEAgEwCwYJKoZI',
+                 'hvcNAQcBMYICYjCCAl4CAQEwUjBFMQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlz',
+                 'Ym9hMQ8wDQYDVQQHDAZMaXNib2ExFDASBgNVBAoMC0V4YW1wbGUgT3JnAgkA6w7o',
+                 '0SBbUUwwCwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw',
+                 'HAYJKoZIhvcNAQkFMQ8XDTE4MDgyNzAzMjY1MlowLwYJKoZIhvcNAQkEMSIEIFDv',
+                 '62qcyvy9rbeUjjg0odflTyXt7GjP7xMyQe/k/joJMHkGCSqGSIb3DQEJDzFsMGow',
+                 'CwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN',
+                 'AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG',
+                 'SIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAJzPsQ0tR9O7dXVJ7XywGLKrO/xG',
+                 'C9z7EMqxbjCX+bfkGh5b67mSWlHnN2Yox33YBV8cTz/NzHS8UW9x3CTNvt0wJ+5m',
+                 'Pcv+3w52XHu67b3LmMiJugpsyEIeB/qm1PzXPAqWAk+figwNtbhw994C6EzPQz+x',
+                 'eoS386Bie7kf/y/ac+xWiOdYYdC+SFhbko6sEJSCBzOIs1m3ufrsBukMxhxema5h',
+                 'pqE+DUlSFyilc9CQWnSLubkHmM4dZnU7qnNoTBqplDYpOYH3WSNN9Cv322JusAzt',
+                 'SzFEv182phI2C5pmjUnf7VG1WMKCH2WNtkYwMUCDcGvbHrh8n+kR8hL/BAs=',
+                 '-----END CMS-----',
+                ])
+
 def test_metadata(tmpdir):
     p = tmpdir.mkdir('csar').join('test.mf')
     p.write(METADATA)
@@ -100,10 +121,34 @@ def test_update_to_file(tmpdir):
 
     m1 = manifest.Manifest(mf.dirname, 'test.mf')
     m1.add_file('digest2', 'SHA256')
+    m1.signature = CMS
     m1.update_to_file()
     m2 = manifest.Manifest(mf.dirname, 'test.mf')
     assert m1.metadata['vnf_provider_id'] == m2.metadata['vnf_provider_id']
     assert m1.digests['digest'] == m2.digests['digest2']
     assert len(m2.digests.keys()) == 2
+    assert m2.signature == CMS
+
+def test_signature(tmpdir):
+    p = tmpdir.mkdir('csar').join('test.mf')
+    p.write(METADATA + "\n\n" + CMS)
+    m = manifest.Manifest(p.dirname, 'test.mf')
+    assert m.signature == CMS
 
-    
+def test_illegal_signature(tmpdir):
+    p = tmpdir.mkdir('csar').join('test.mf')
+    p.write(METADATA + "\n\n" + CMS[:-17])
+    with pytest.raises(manifest.ManifestException) as excinfo:
+        manifest.Manifest(p.dirname, 'test.mf')
+    excinfo.match(r"Can NOT find end of sigature block")
+
+def test_signature_strip(tmpdir):
+    p = tmpdir.mkdir('csar').join('test.mf')
+    p.write(METADATA + "\n\n" + CMS)
+    m1 = manifest.Manifest(p.dirname, 'test.mf')
+    newfile = m1.save_to_temp_without_cms()
+    m2 = manifest.Manifest(os.path.dirname(newfile),
+                           os.path.basename(newfile))
+    assert m1.metadata == m2.metadata
+    assert m2.signature is None
+    os.unlink(newfile)
diff --git a/tests/resources/csar/test.crt b/tests/resources/csar/test.crt
new file mode 100644
index 0000000..63c85d4
--- /dev/null
+++ b/tests/resources/csar/test.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAggCCQDrDujRIFtRTDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJQ
+VDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2ExFDASBgNVBAoMC0V4
+YW1wbGUgT3JnMCAXDTE4MDgyNDA2MjY1OVoYDzIxMTYwMjEyMDYyNjU5WjBdMQsw
+CQYDVQQGEwJQVDEPMA0GA1UECAwGTGlzYm9hMQ8wDQYDVQQHDAZMaXNib2ExFDAS
+BgNVBAoMC0V4YW1wbGUgT3JnMRYwFAYDVQQDDA0qLmV4YW1wbGUub3JnMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVDDqoO+C5dxgi1nnky+D4qqVdFG
+mX3H4q6zFPUAkve3gElfttuDfbmN+OYCWhvKcjUN1Y2xjt+0aeRJVuQ+eumEX/1F
+76i2t9c66fWPtdZ0V8IuDc2ajNxbKiAwYrwVl3AS2tJ32psHRLvpmLoOVz9UXY0J
+rDwr274Z38wIqEGrUQ9hdOebEggeVu6Mv3pZUBYGGo9VX1/PTZguOaP85nC193Ux
+SJe2+KV6aoc0odiokFmWK2JJrNb8bMjrQcQqp86JMW1DHyon5sF6edTIilxgC+SH
+gapT5hZeoNnh3rAgHiWXF8ZOvho341s+7I78pbEtqCXNbF3VqikFlWmStQIDAQAB
+MA0GCSqGSIb3DQEBCwUAA4IBAQCh8CffE1amceKSb7USEfkpsDbNYo+IWMDyVo9g
+WQOYVIqIFGS8RMzs43Y6nIYJ/9pJUG10Qc4Yq1ZEqsV771Fz6WHx3zlJakVww/Ph
+CxbakjO3EzIHVjEWIu3sUfMdyOeF0ZDHDnfQZYWC17d2jE+s8rH2epl2h1jhi8fS
+i+eT2QDv8lHAM2mdM4jSwoCSsN7FImRxcYPoCxYwVkjVkmHhEMaUdqa1LKY/0YBf
+PFm0pVDCBJZZvKGql44eKiaY/GNW9IyzQFprT8V1rhD1fbTBFXghVGVaUi2Am3JD
++eZYMzd4rzFLZm8bjNm0Oler1UJSR1K91lOEig3M8FTN6JRE
+-----END CERTIFICATE-----