Make rule 130206 less restrictive

Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com> Issue-ID: VNFSDK-595 Change-Id: I39beb48d958b0589837f4d960ca7edded0e1e22e
author: Aleksandra Maciaga <aleksandra.maciaga@nokia.com> 2020-06-30 13:39:00 +0200
committer: Aleksandra Maciaga <aleksandra.maciaga@nokia.com> 2020-06-30 14:48:12 +0200
commit: b812f004656c053e5d0686820747f4845cd752c9 (patch)
tree: 52986b84f66362f0582844a932231c70cffc15f4 /csarvalidation/src/main/java/org/onap/cvc
parent: 4d94d239aa4f768f5348ac11401fa63d986f963d (diff)
1 files changed, 39 insertions, 11 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
index 74706c7..64eb878 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java
@@ -50,6 +50,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
     private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSARR130206.class);
     private static final String SHA_256 = "SHA-256";
     private static final String SHA_512 = "SHA-512";
+    private static final String EMPTY_STRING = "";
 
     private final ShaHashCodeGenerator shaHashCodeGenerator = new ShaHashCodeGenerator();
     private final ManifestFileSignatureValidator manifestFileSignatureValidator = new ManifestFileSignatureValidator();
@@ -118,6 +119,13 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
         }
     }
 
+    public static class CSARWarningNoSecurity extends CSARArchive.CSARErrorWarning{
+        CSARWarningNoSecurity(){
+            super(EMPTY_STRING, EMPTY_STRING,-1, EMPTY_STRING);
+            this.message = "Warning. Consider adding security options (CMS and hash codes for sources) in manifest file.";
+        }
+    }
+
     @Override
     protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
 
@@ -138,20 +146,39 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
 
     private void validate(CSARArchive csar, Path csarRootDirectory) throws IOException, NoSuchAlgorithmException {
         final CSARArchive.Manifest manifest = csar.getManifest();
+        validateEntryCertificate(csar, csarRootDirectory);
+        if(verifyThatCsarIsSecure(manifest)){
 
-        validateSecurityStructure(csar, csarRootDirectory);
-        validateSources(csarRootDirectory, manifest);
+            validateManifestCms(manifest);
+            validateSources(csarRootDirectory, manifest);
 
-        final Map<String, Map<String, List<String>>> nonMano = manifest.getNonMano();
-        final List<SourcesParser.Source> sources = manifest.getSources();
+            final Map<String, Map<String, List<String>>> nonMano = manifest.getNonMano();
+            final List<SourcesParser.Source> sources = manifest.getSources();
 
-        validateNonManoCohesionWithSources(nonMano, sources);
+            validateNonManoCohesionWithSources(nonMano, sources);
 
-        final File manifestMfFile = csar.getManifestMfFile();
-        final String absolutePathToEntryCertificate = getAbsolutePathToEntryCertificate(csar, csarRootDirectory);
-        if (manifestMfFile != null) {
-            validateFileSignature(manifestMfFile, absolutePathToEntryCertificate);
+            final File manifestMfFile = csar.getManifestMfFile();
+            final String absolutePathToEntryCertificate = getAbsolutePathToEntryCertificate(csar, csarRootDirectory);
+            if (manifestMfFile != null) {
+                validateFileSignature(manifestMfFile, absolutePathToEntryCertificate);
+            }
+        }else{
+            this.errors.add(new CSARWarningNoSecurity());
         }
+
+    }
+
+    private boolean verifyThatCsarIsSecure(CSARArchive.Manifest manifest) {
+        final List<SourcesParser.Source> sources = manifest.getSources();
+        final String cms = manifest.getCms();
+        final boolean containsHashOrAlgorithm = (sources.stream().anyMatch(
+            source ->
+                !source.getAlgorithm().equals(EMPTY_STRING) ||
+                !source.getHash().equals(EMPTY_STRING)
+            )
+        );
+        final boolean containsCms = cms != null && !cms.equals(EMPTY_STRING);
+        return containsCms || containsHashOrAlgorithm;
     }
 
     private String getAbsolutePathToEntryCertificate(CSARArchive csar, Path csarRootDirectory) {
@@ -188,15 +215,16 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
         }
     }
 
-    private void validateSecurityStructure(CSARArchive csar, Path csarRootDirectory) {
-        final CSARArchive.Manifest manifest = csar.getManifest();
+    private void validateEntryCertificate(CSARArchive csar, Path csarRootDirectory) {
         final CSARArchive.TOSCAMeta toscaMeta = csar.getToscaMeta();
         final String entryCertificateParamName = csar.getEntryCertificateParamName();
         final Optional<File> entryCertificate = resolveCertificateFilePath(toscaMeta, csarRootDirectory);
         if (!entryCertificate.isPresent() || !entryCertificate.get().exists()) {
             this.errors.add(new CSARErrorUnableToFindCertificate(entryCertificateParamName));
         }
+    }
 
+    private void validateManifestCms(CSARArchive.Manifest manifest) {
         if (manifest.getCms() == null || manifest.getCms().isEmpty()) {
             this.errors.add(new CSARErrorUnableToFindCmsSection());
         }
author	Aleksandra Maciaga <aleksandra.maciaga@nokia.com>	2020-06-30 13:39:00 +0200
committer	Aleksandra Maciaga <aleksandra.maciaga@nokia.com>	2020-06-30 14:48:12 +0200
commit	b812f004656c053e5d0686820747f4845cd752c9 (patch)
tree	52986b84f66362f0582844a932231c70cffc15f4 /csarvalidation/src/main/java/org/onap/cvc
parent	4d94d239aa4f768f5348ac11401fa63d986f963d (diff)