Add error when CMS and TOSCA meta file are present, however TOSCA does not contains ETSI-Entry-Certificate

Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I238ac7544f1eda9fa1bc0f2a89120dc3ae33437a
Issue-ID: VNFSDK-660

4 files changed, 36 insertions, 34 deletions

diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
index 822ddde..05feb54 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
@@ -166,7 +166,15 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
 
         CSARErrorRootCertificateIsPresentDespiteTheEtsiEntryCertificate() {
             super("0x4013");
-            this.message = "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate";
+            this.message = "Certificate present in root catalog despite the TOSCA.meta file";
+        }
+    }
+
+    public static class CSARErrorUnableToFindCertificateEntryInTosca extends CSARArchive.CSARError {
+
+        CSARErrorUnableToFindCertificateEntryInTosca() {
+            super("0x4014");
+            this.message = "Unable to find ETSI-Entry-Certificate in Tosca file";
         }
     }
 
@@ -199,7 +207,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
         if (containsCms(csar.getManifest())) {
             validateCmsSignature(csar, csarRootDirectory);
         } else if (
-            containsCertificateInTosca(csar.getToscaMeta()) ||
+            ( containsToscaMeta(csar) && containsCertificateInTosca(csar.getToscaMeta()) ) ||
                 containsCertificateInRootCatalog(csar) ||
                 containsHashOrAlgorithm(csar.getManifest())) {
             this.errors.add(new CSARErrorUnableToFindCms());
@@ -213,7 +221,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
             CmsSignatureData signatureData = this.manifestFileSignatureValidator.createSignatureData(csar.getManifestMfFile());
             if (signatureData.getCertificate().isPresent()) {
                 validateCertificationUsingCmsCertificate(signatureData, csar, csarRootDirectory);
-            } else if (containsCertificateInTosca(csar.getToscaMeta())) {
+            } else if (containsToscaMeta(csar)) {
                 validateCertificationUsingTosca(signatureData, csar, csarRootDirectory);
             } else if (containsCertificateInRootCatalog(csar)) {
                 validateCertificationUsingCertificateFromRootDirectory(signatureData, csar, csarRootDirectory);
@@ -231,6 +239,10 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
         return cms != null && !cms.equals(EMPTY_STRING);
     }
 
+    private boolean containsToscaMeta(CSARArchive archive) {
+        return archive.getToscaMetaFile() != null;
+    }
+
     private boolean containsCertificateInTosca(CSARArchive.TOSCAMeta toscaMeta) {
         String certificate = toscaMeta.getEntryCertificate();
         return certificate != null && !certificate.equals(EMPTY_STRING);
@@ -276,12 +288,17 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
     }
 
     private boolean loadCertificateFromTosca(CmsSignatureData signatureData, CSARArchive csar) {
-        try {
-            final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath();
-            signatureData.loadCertificate(absolutePathToEntryCertificate);
-            return true;
-        } catch (CertificateLoadingException e) {
-            this.errors.add(new CSARErrorUnableToFindEntryCertificate());
+        if(csar.getToscaMeta().getEntryCertificate() != null) {
+            try {
+                final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath();
+                signatureData.loadCertificate(absolutePathToEntryCertificate);
+                return true;
+            } catch (CertificateLoadingException e) {
+                this.errors.add(new CSARErrorUnableToFindEntryCertificate());
+                return false;
+            }
+        } else {
+            this.errors.add(new CSARErrorUnableToFindCertificateEntryInTosca());
             return false;
         }
     }
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
index cdaef79..443a61a 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
@@ -20,8 +20,10 @@ package org.onap.cvc.csar.cc.sol004;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.onap.cli.fw.error.OnapCommandException;
 import org.onap.cvc.csar.CSARArchive;
 
+import java.net.URISyntaxException;
 import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -81,24 +83,6 @@ public class VTPValidateCSARR130206IntegrationTest {
     }
 
     @Test
-    @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." +
-        "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " +
-        "Use instructions for option 1. Test was created for manual verification."
-    )
-    public void manual_shouldValidateCsarWithCertificateInRootWithValidSignature() throws Exception {
-
-        // given
-        configureTestCase(testCase, "pnf/r130206/csar-cert-in-root-valid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
-
-        // when
-        testCase.execute();
-
-        // then
-        List<CSARArchive.CSARError> errors = testCase.getErrors();
-        assertThat(errors.size()).isZero();
-    }
-
-    @Test
     public void shouldReportWarningForMissingCertInCmsToscaMetaAndRootCatalogAndMissingHashCodesInManifest()
         throws Exception{
         // given
@@ -150,10 +134,10 @@ public class VTPValidateCSARR130206IntegrationTest {
     }
 
     @Test
-    public void shouldReturnNoErrorWhenCertIsOnlyInRootDirectoryAndAlgorithmAndHashesAreCorrect()
+    public void shouldReturnErrorWhenCsarContainsToscaFileHoweverToscaDoesNotContainsCertEntryAndAlgorithmAndHashesAreCorrect()
         throws Exception{
         // given
-        configureTestCase(testCase, "pnf/r130206/csar-cert-in-root.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
+        configureTestCase(testCase, "pnf/r130206/csar-with-tosca-no-cert-entry.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
 
         // when
         testCase.execute();
@@ -162,7 +146,7 @@ public class VTPValidateCSARR130206IntegrationTest {
         List<CSARArchive.CSARError> errors = testCase.getErrors();
         assertThat(errors.size()).isEqualTo(1);
         assertThat(convertToMessagesList(errors)).contains(
-            "File has invalid signature!"
+            "Unable to find ETSI-Entry-Certificate in Tosca file"
         );
     }
 
@@ -213,10 +197,11 @@ public class VTPValidateCSARR130206IntegrationTest {
 
         // then
         List<CSARArchive.CSARError> errors = testCase.getErrors();
-        assertThat(errors.size()).isEqualTo(2);
+        assertThat(errors.size()).isEqualTo(3);
         assertThat(convertToMessagesList(errors)).contains(
             "Source 'Artifacts/Deployment/Events/RadioNode_Pnf_v1.yaml' has wrong hash!",
-            "File has invalid signature!"
+            "Unable to find ETSI-Entry-Certificate in Tosca file",
+            "Certificate present in root catalog despite the TOSCA.meta file"
         );
     }
 
@@ -369,7 +354,7 @@ public class VTPValidateCSARR130206IntegrationTest {
         List<CSARArchive.CSARError> errors = testCase.getErrors();
         assertThat(errors.size()).isEqualTo(2);
         assertThat(convertToMessagesList(errors)).contains(
-            "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate",
+            "Certificate present in root catalog despite the TOSCA.meta file",
             "File has invalid signature!"
         );
     }
@@ -387,7 +372,7 @@ public class VTPValidateCSARR130206IntegrationTest {
         List<CSARArchive.CSARError> errors = testCase.getErrors();
         assertThat(errors.size()).isEqualTo(3);
         assertThat(convertToMessagesList(errors)).contains(
-            "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate",
+            "Certificate present in root catalog despite the TOSCA.meta file",
             "Source 'Artifacts/Deployment/Yang_module/yang-module1.yang' has wrong hash!",
             "File has invalid signature!"
         );
diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar
deleted file mode 100644
index 70885d8..0000000
--- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar
+++ /dev/null
diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar
index d5d8f94..d5c27e1 100644
--- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar
+++ b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar