summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBartosz Gardziejewski <bartosz.gardziejewski@nokia.com>2020-10-13 14:10:28 +0200
committerBartosz Gardziejewski <bartosz.gardziejewski@nokia.com>2020-10-13 14:43:36 +0200
commit5e085985d5e333fbb000c37c8c508c0d46b7d7ee (patch)
treebd34d0079efa0dc18c023655447aa601be8fbee5
parentc8f3d47d4ac7b33632165f2b70a4d1f3ceea43bf (diff)
Add error when CMS and TOSCA meta file are present, however TOSCA does not contains ETSI-Entry-Certificate
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> Change-Id: I238ac7544f1eda9fa1bc0f2a89120dc3ae33437a Issue-ID: VNFSDK-660
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java35
-rw-r--r--csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java35
-rw-r--r--csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csarbin25868 -> 0 bytes
-rw-r--r--csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar (renamed from csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar)bin6518 -> 5491 bytes
4 files changed, 36 insertions, 34 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
index 822ddde..05feb54 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
@@ -166,7 +166,15 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
CSARErrorRootCertificateIsPresentDespiteTheEtsiEntryCertificate() {
super("0x4013");
- this.message = "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate";
+ this.message = "Certificate present in root catalog despite the TOSCA.meta file";
+ }
+ }
+
+ public static class CSARErrorUnableToFindCertificateEntryInTosca extends CSARArchive.CSARError {
+
+ CSARErrorUnableToFindCertificateEntryInTosca() {
+ super("0x4014");
+ this.message = "Unable to find ETSI-Entry-Certificate in Tosca file";
}
}
@@ -199,7 +207,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
if (containsCms(csar.getManifest())) {
validateCmsSignature(csar, csarRootDirectory);
} else if (
- containsCertificateInTosca(csar.getToscaMeta()) ||
+ ( containsToscaMeta(csar) && containsCertificateInTosca(csar.getToscaMeta()) ) ||
containsCertificateInRootCatalog(csar) ||
containsHashOrAlgorithm(csar.getManifest())) {
this.errors.add(new CSARErrorUnableToFindCms());
@@ -213,7 +221,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
CmsSignatureData signatureData = this.manifestFileSignatureValidator.createSignatureData(csar.getManifestMfFile());
if (signatureData.getCertificate().isPresent()) {
validateCertificationUsingCmsCertificate(signatureData, csar, csarRootDirectory);
- } else if (containsCertificateInTosca(csar.getToscaMeta())) {
+ } else if (containsToscaMeta(csar)) {
validateCertificationUsingTosca(signatureData, csar, csarRootDirectory);
} else if (containsCertificateInRootCatalog(csar)) {
validateCertificationUsingCertificateFromRootDirectory(signatureData, csar, csarRootDirectory);
@@ -231,6 +239,10 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
return cms != null && !cms.equals(EMPTY_STRING);
}
+ private boolean containsToscaMeta(CSARArchive archive) {
+ return archive.getToscaMetaFile() != null;
+ }
+
private boolean containsCertificateInTosca(CSARArchive.TOSCAMeta toscaMeta) {
String certificate = toscaMeta.getEntryCertificate();
return certificate != null && !certificate.equals(EMPTY_STRING);
@@ -276,12 +288,17 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
}
private boolean loadCertificateFromTosca(CmsSignatureData signatureData, CSARArchive csar) {
- try {
- final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath();
- signatureData.loadCertificate(absolutePathToEntryCertificate);
- return true;
- } catch (CertificateLoadingException e) {
- this.errors.add(new CSARErrorUnableToFindEntryCertificate());
+ if(csar.getToscaMeta().getEntryCertificate() != null) {
+ try {
+ final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath();
+ signatureData.loadCertificate(absolutePathToEntryCertificate);
+ return true;
+ } catch (CertificateLoadingException e) {
+ this.errors.add(new CSARErrorUnableToFindEntryCertificate());
+ return false;
+ }
+ } else {
+ this.errors.add(new CSARErrorUnableToFindCertificateEntryInTosca());
return false;
}
}
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
index cdaef79..443a61a 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
@@ -20,8 +20,10 @@ package org.onap.cvc.csar.cc.sol004;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
+import org.onap.cli.fw.error.OnapCommandException;
import org.onap.cvc.csar.CSARArchive;
+import java.net.URISyntaxException;
import java.util.List;
import static org.assertj.core.api.Assertions.assertThat;
@@ -81,24 +83,6 @@ public class VTPValidateCSARR130206IntegrationTest {
}
@Test
- @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." +
- "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " +
- "Use instructions for option 1. Test was created for manual verification."
- )
- public void manual_shouldValidateCsarWithCertificateInRootWithValidSignature() throws Exception {
-
- // given
- configureTestCase(testCase, "pnf/r130206/csar-cert-in-root-valid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
-
- // when
- testCase.execute();
-
- // then
- List<CSARArchive.CSARError> errors = testCase.getErrors();
- assertThat(errors.size()).isZero();
- }
-
- @Test
public void shouldReportWarningForMissingCertInCmsToscaMetaAndRootCatalogAndMissingHashCodesInManifest()
throws Exception{
// given
@@ -150,10 +134,10 @@ public class VTPValidateCSARR130206IntegrationTest {
}
@Test
- public void shouldReturnNoErrorWhenCertIsOnlyInRootDirectoryAndAlgorithmAndHashesAreCorrect()
+ public void shouldReturnErrorWhenCsarContainsToscaFileHoweverToscaDoesNotContainsCertEntryAndAlgorithmAndHashesAreCorrect()
throws Exception{
// given
- configureTestCase(testCase, "pnf/r130206/csar-cert-in-root.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
+ configureTestCase(testCase, "pnf/r130206/csar-with-tosca-no-cert-entry.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
// when
testCase.execute();
@@ -162,7 +146,7 @@ public class VTPValidateCSARR130206IntegrationTest {
List<CSARArchive.CSARError> errors = testCase.getErrors();
assertThat(errors.size()).isEqualTo(1);
assertThat(convertToMessagesList(errors)).contains(
- "File has invalid signature!"
+ "Unable to find ETSI-Entry-Certificate in Tosca file"
);
}
@@ -213,10 +197,11 @@ public class VTPValidateCSARR130206IntegrationTest {
// then
List<CSARArchive.CSARError> errors = testCase.getErrors();
- assertThat(errors.size()).isEqualTo(2);
+ assertThat(errors.size()).isEqualTo(3);
assertThat(convertToMessagesList(errors)).contains(
"Source 'Artifacts/Deployment/Events/RadioNode_Pnf_v1.yaml' has wrong hash!",
- "File has invalid signature!"
+ "Unable to find ETSI-Entry-Certificate in Tosca file",
+ "Certificate present in root catalog despite the TOSCA.meta file"
);
}
@@ -369,7 +354,7 @@ public class VTPValidateCSARR130206IntegrationTest {
List<CSARArchive.CSARError> errors = testCase.getErrors();
assertThat(errors.size()).isEqualTo(2);
assertThat(convertToMessagesList(errors)).contains(
- "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate",
+ "Certificate present in root catalog despite the TOSCA.meta file",
"File has invalid signature!"
);
}
@@ -387,7 +372,7 @@ public class VTPValidateCSARR130206IntegrationTest {
List<CSARArchive.CSARError> errors = testCase.getErrors();
assertThat(errors.size()).isEqualTo(3);
assertThat(convertToMessagesList(errors)).contains(
- "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate",
+ "Certificate present in root catalog despite the TOSCA.meta file",
"Source 'Artifacts/Deployment/Yang_module/yang-module1.yang' has wrong hash!",
"File has invalid signature!"
);
diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar
deleted file mode 100644
index 70885d8..0000000
--- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar
+++ /dev/null
Binary files differ
diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar
index d5d8f94..d5c27e1 100644
--- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar
+++ b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar
Binary files differ