Fix VNF/PNF package integrity issue with CMS signature not containing certificate

Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com> Issue-ID: VNFSDK-582 Change-Id: Id3dc6c8e1ead183449fcf903d9b9b886e4796e84
author: Aleksandra Maciaga <aleksandra.maciaga@nokia.com> 2020-05-13 14:16:06 +0200
committer: edyta <edyta.krukowska@nokia.com> 2020-05-14 09:47:38 +0200
commit: 657849e70f70f700cc8470af48351f3ae6b47b6f (patch)
tree: 44a6904bcb59ed25336e0226d69540b89b422031 /csarvalidation/src/main/java/org/onap/cvc/csar/security
parent: 8913e624e48ea3ca7a938e03dc0dc8a5d9dbd6cc (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
index b8b3714..47d4bef 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
@@ -57,13 +57,14 @@ public class CmsSignatureValidator {
             Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
             SignerInformation firstSigner = signers.iterator().next();
 
-            Store certificates = signedData.getCertificates();
+            Store<X509CertificateHolder> certificates = signedData.getCertificates();
+            Collection<X509CertificateHolder> firstSignerCertificates = certificates.getMatches(firstSigner.getSID());
             X509Certificate cert;
-            if (!certificate.isPresent()) {
-                X509CertificateHolder firstSignerFirstCertificate = getX509CertificateHolder(firstSigner, certificates);
+            if (!firstSignerCertificates.isEmpty()) {
+                X509CertificateHolder firstSignerFirstCertificate = getX509CertificateHolder(firstSignerCertificates);
                 cert = loadCertificate(firstSignerFirstCertificate.getEncoded());
             } else {
-                cert = loadCertificate(certificate.get());
+                cert = loadCertificate(certificate.orElseThrow(() -> new CmsSignatureValidatorException("No certificate found in cms signature and ETSI-Entry-Certificate doesn't exist")));
             }
 
             return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert));
@@ -77,8 +78,7 @@ public class CmsSignatureValidator {
         }
     }
 
-    private X509CertificateHolder getX509CertificateHolder(SignerInformation firstSigner, Store certificates) throws CmsSignatureValidatorException {
-        Collection<X509CertificateHolder> firstSignerCertificates = certificates.getMatches(firstSigner.getSID());
+    private X509CertificateHolder getX509CertificateHolder(Collection<X509CertificateHolder> firstSignerCertificates) throws CmsSignatureValidatorException {
         if(!firstSignerCertificates.iterator().hasNext()){
             throw new CmsSignatureValidatorException("No certificate found in cms signature that should contain one!");
         }
author	Aleksandra Maciaga <aleksandra.maciaga@nokia.com>	2020-05-13 14:16:06 +0200
committer	edyta <edyta.krukowska@nokia.com>	2020-05-14 09:47:38 +0200
commit	657849e70f70f700cc8470af48351f3ae6b47b6f (patch)
tree	44a6904bcb59ed25336e0226d69540b89b422031 /csarvalidation/src/main/java/org/onap/cvc/csar/security
parent	8913e624e48ea3ca7a938e03dc0dc8a5d9dbd6cc (diff)