From 0efadc1f20a3b578da1e54f2b4284099a4c826dd Mon Sep 17 00:00:00 2001 From: Lianhao Lu Date: Mon, 27 Aug 2018 17:11:10 +0800 Subject: Support signing and certificate Added the support of certificate and signing based on SOL-004. Change-Id: I864f298edbcd85a9da2126d369a5b98d7950d590 Issue-ID: VNFSDK-144 Signed-off-by: Lianhao Lu --- tests/packager/test_csar.py | 34 +++++++++++++++++++++++++---- tests/packager/test_manifest.py | 47 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 5 deletions(-) (limited to 'tests/packager') diff --git a/tests/packager/test_csar.py b/tests/packager/test_csar.py index f8875f3..e9e441c 100644 --- a/tests/packager/test_csar.py +++ b/tests/packager/test_csar.py @@ -26,7 +26,9 @@ CSAR_ENTRY_FILE = 'test_entry.yaml' CSAR_OUTPUT_FILE = 'output.csar' Args = collections.namedtuple('Args', - ['source', 'entry', 'manifest', 'history', 'tests', 'licenses', 'digest']) + ['source', 'entry', 'manifest', 'history', 'tests', + 'licenses', 'digest', 'certificate', 'privkey']) + ARGS_MANIFEST = { 'source': CSAR_RESOURCE_DIR, @@ -35,7 +37,9 @@ ARGS_MANIFEST = { 'history': 'ChangeLog.txt', 'tests': 'Tests', 'licenses': 'Licenses', - 'digest': None + 'digest': None, + 'certificate': None, + 'privkey': None, } ARGS_MANIFEST_DIGEST = { @@ -45,9 +49,22 @@ ARGS_MANIFEST_DIGEST = { 'history': 'ChangeLog.txt', 'tests': 'Tests', 'licenses': 'Licenses', - 'digest': 'sha256' + 'digest': 'sha256', + 'certificate': None, + 'privkey': None, } +ARGS_MANIFEST_DIGEST_CERT = { + 'source': CSAR_RESOURCE_DIR, + 'entry': CSAR_ENTRY_FILE, + 'manifest': 'test_entry.mf', + 'history': 'ChangeLog.txt', + 'tests': 'Tests', + 'licenses': 'Licenses', + 'digest': 'sha256', + 'certificate': 'test.crt', + 'privkey': 'tests/resources/signature/test.key', + } ARGS_NO_MANIFEST = { 'source': CSAR_RESOURCE_DIR, @@ -57,6 +74,8 @@ ARGS_NO_MANIFEST = { 'tests': None, 'licenses': None, 'digest': None, + 'certificate': None, + 'privkey': None, } @@ -65,7 +84,7 @@ def csar_write_test(args): csar_extract_dir = tempfile.mkdtemp() try: csar.write(args.source, args.entry, csar_target_dir + '/' + CSAR_OUTPUT_FILE, args) - csar.read(csar_target_dir + '/' + CSAR_OUTPUT_FILE, csar_extract_dir) + csar.read(csar_target_dir + '/' + CSAR_OUTPUT_FILE, csar_extract_dir, True) assert filecmp.cmp(args.source + '/' + args.entry, csar_extract_dir + '/' + args.entry) if(args.manifest and not args.digest): assert filecmp.cmp(args.source + '/' + args.manifest, @@ -96,3 +115,10 @@ def test_CSARWrite_manifest_digest(): if not os.path.exists(license_path): os.makedirs(license_path) csar_write_test(Args(**ARGS_MANIFEST_DIGEST)) + +def test_CSARWrite_manifest_digest_cert(): + # Because git can not store emptry directory, we need to create manually here + license_path = ARGS_MANIFEST['source'] + '/' + ARGS_MANIFEST['licenses'] + if not os.path.exists(license_path): + os.makedirs(license_path) + csar_write_test(Args(**ARGS_MANIFEST_DIGEST_CERT)) diff --git a/tests/packager/test_manifest.py b/tests/packager/test_manifest.py index b95d7c6..2383284 100644 --- a/tests/packager/test_manifest.py +++ b/tests/packager/test_manifest.py @@ -13,6 +13,9 @@ # under the License. # +import os +import os.path + import pytest from vnfsdk_pkgtools.packager import manifest @@ -38,6 +41,24 @@ FILE_DIGEST = '\n'.join(['Source: digest', 'Hash: 20a480339aa4371099f9503511dcc5a8051ce3884846678ced5611ec64bbfc9c', ]) +CMS = '\n'.join(['-----BEGIN CMS-----', + 'MIICmAYJKoZIhvcNAQcCoIICiTCCAoUCAQExDTALBglghkgBZQMEAgEwCwYJKoZI', + 'hvcNAQcBMYICYjCCAl4CAQEwUjBFMQswCQYDVQQGEwJQVDEPMA0GA1UECAwGTGlz', + 'Ym9hMQ8wDQYDVQQHDAZMaXNib2ExFDASBgNVBAoMC0V4YW1wbGUgT3JnAgkA6w7o', + '0SBbUUwwCwYJYIZIAWUDBAIBoIHkMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw', + 'HAYJKoZIhvcNAQkFMQ8XDTE4MDgyNzAzMjY1MlowLwYJKoZIhvcNAQkEMSIEIFDv', + '62qcyvy9rbeUjjg0odflTyXt7GjP7xMyQe/k/joJMHkGCSqGSIb3DQEJDzFsMGow', + 'CwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcN', + 'AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqG', + 'SIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAJzPsQ0tR9O7dXVJ7XywGLKrO/xG', + 'C9z7EMqxbjCX+bfkGh5b67mSWlHnN2Yox33YBV8cTz/NzHS8UW9x3CTNvt0wJ+5m', + 'Pcv+3w52XHu67b3LmMiJugpsyEIeB/qm1PzXPAqWAk+figwNtbhw994C6EzPQz+x', + 'eoS386Bie7kf/y/ac+xWiOdYYdC+SFhbko6sEJSCBzOIs1m3ufrsBukMxhxema5h', + 'pqE+DUlSFyilc9CQWnSLubkHmM4dZnU7qnNoTBqplDYpOYH3WSNN9Cv322JusAzt', + 'SzFEv182phI2C5pmjUnf7VG1WMKCH2WNtkYwMUCDcGvbHrh8n+kR8hL/BAs=', + '-----END CMS-----', + ]) + def test_metadata(tmpdir): p = tmpdir.mkdir('csar').join('test.mf') p.write(METADATA) @@ -100,10 +121,34 @@ def test_update_to_file(tmpdir): m1 = manifest.Manifest(mf.dirname, 'test.mf') m1.add_file('digest2', 'SHA256') + m1.signature = CMS m1.update_to_file() m2 = manifest.Manifest(mf.dirname, 'test.mf') assert m1.metadata['vnf_provider_id'] == m2.metadata['vnf_provider_id'] assert m1.digests['digest'] == m2.digests['digest2'] assert len(m2.digests.keys()) == 2 + assert m2.signature == CMS + +def test_signature(tmpdir): + p = tmpdir.mkdir('csar').join('test.mf') + p.write(METADATA + "\n\n" + CMS) + m = manifest.Manifest(p.dirname, 'test.mf') + assert m.signature == CMS - +def test_illegal_signature(tmpdir): + p = tmpdir.mkdir('csar').join('test.mf') + p.write(METADATA + "\n\n" + CMS[:-17]) + with pytest.raises(manifest.ManifestException) as excinfo: + manifest.Manifest(p.dirname, 'test.mf') + excinfo.match(r"Can NOT find end of sigature block") + +def test_signature_strip(tmpdir): + p = tmpdir.mkdir('csar').join('test.mf') + p.write(METADATA + "\n\n" + CMS) + m1 = manifest.Manifest(p.dirname, 'test.mf') + newfile = m1.save_to_temp_without_cms() + m2 = manifest.Manifest(os.path.dirname(newfile), + os.path.basename(newfile)) + assert m1.metadata == m2.metadata + assert m2.signature is None + os.unlink(newfile) -- cgit 1.2.3-korg