diff options
author | Aleksandra Maciaga <aleksandra.maciaga@nokia.com> | 2020-05-13 14:16:06 +0200 |
---|---|---|
committer | edyta <edyta.krukowska@nokia.com> | 2020-05-14 09:47:38 +0200 |
commit | 657849e70f70f700cc8470af48351f3ae6b47b6f (patch) | |
tree | 44a6904bcb59ed25336e0226d69540b89b422031 /csarvalidation/src/main/java/org/onap/cvc/csar/security | |
parent | 8913e624e48ea3ca7a938e03dc0dc8a5d9dbd6cc (diff) |
Fix VNF/PNF package integrity issue with CMS signature not containing certificate
Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com>
Issue-ID: VNFSDK-582
Change-Id: Id3dc6c8e1ead183449fcf903d9b9b886e4796e84
Diffstat (limited to 'csarvalidation/src/main/java/org/onap/cvc/csar/security')
-rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java index b8b3714..47d4bef 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java @@ -57,13 +57,14 @@ public class CmsSignatureValidator { Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); SignerInformation firstSigner = signers.iterator().next(); - Store certificates = signedData.getCertificates(); + Store<X509CertificateHolder> certificates = signedData.getCertificates(); + Collection<X509CertificateHolder> firstSignerCertificates = certificates.getMatches(firstSigner.getSID()); X509Certificate cert; - if (!certificate.isPresent()) { - X509CertificateHolder firstSignerFirstCertificate = getX509CertificateHolder(firstSigner, certificates); + if (!firstSignerCertificates.isEmpty()) { + X509CertificateHolder firstSignerFirstCertificate = getX509CertificateHolder(firstSignerCertificates); cert = loadCertificate(firstSignerFirstCertificate.getEncoded()); } else { - cert = loadCertificate(certificate.get()); + cert = loadCertificate(certificate.orElseThrow(() -> new CmsSignatureValidatorException("No certificate found in cms signature and ETSI-Entry-Certificate doesn't exist"))); } return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)); @@ -77,8 +78,7 @@ public class CmsSignatureValidator { } } - private X509CertificateHolder getX509CertificateHolder(SignerInformation firstSigner, Store certificates) throws CmsSignatureValidatorException { - Collection<X509CertificateHolder> firstSignerCertificates = certificates.getMatches(firstSigner.getSID()); + private X509CertificateHolder getX509CertificateHolder(Collection<X509CertificateHolder> firstSignerCertificates) throws CmsSignatureValidatorException { if(!firstSignerCertificates.iterator().hasNext()){ throw new CmsSignatureValidatorException("No certificate found in cms signature that should contain one!"); } |