diff options
author | Aleksandra Maciaga <aleksandra.maciaga@nokia.com> | 2020-06-30 13:39:00 +0200 |
---|---|---|
committer | Aleksandra Maciaga <aleksandra.maciaga@nokia.com> | 2020-06-30 14:48:12 +0200 |
commit | b812f004656c053e5d0686820747f4845cd752c9 (patch) | |
tree | 52986b84f66362f0582844a932231c70cffc15f4 /csarvalidation/src/main/java/org/onap | |
parent | 4d94d239aa4f768f5348ac11401fa63d986f963d (diff) |
Make rule 130206 less restrictive
Signed-off-by: Aleksandra Maciaga <aleksandra.maciaga@nokia.com>
Issue-ID: VNFSDK-595
Change-Id: I39beb48d958b0589837f4d960ca7edded0e1e22e
Diffstat (limited to 'csarvalidation/src/main/java/org/onap')
-rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java index 74706c7..64eb878 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java @@ -50,6 +50,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSARR130206.class); private static final String SHA_256 = "SHA-256"; private static final String SHA_512 = "SHA-512"; + private static final String EMPTY_STRING = ""; private final ShaHashCodeGenerator shaHashCodeGenerator = new ShaHashCodeGenerator(); private final ManifestFileSignatureValidator manifestFileSignatureValidator = new ManifestFileSignatureValidator(); @@ -118,6 +119,13 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { } } + public static class CSARWarningNoSecurity extends CSARArchive.CSARErrorWarning{ + CSARWarningNoSecurity(){ + super(EMPTY_STRING, EMPTY_STRING,-1, EMPTY_STRING); + this.message = "Warning. Consider adding security options (CMS and hash codes for sources) in manifest file."; + } + } + @Override protected void validateCSAR(CSARArchive csar) throws OnapCommandException { @@ -138,20 +146,39 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { private void validate(CSARArchive csar, Path csarRootDirectory) throws IOException, NoSuchAlgorithmException { final CSARArchive.Manifest manifest = csar.getManifest(); + validateEntryCertificate(csar, csarRootDirectory); + if(verifyThatCsarIsSecure(manifest)){ - validateSecurityStructure(csar, csarRootDirectory); - validateSources(csarRootDirectory, manifest); + validateManifestCms(manifest); + validateSources(csarRootDirectory, manifest); - final Map<String, Map<String, List<String>>> nonMano = manifest.getNonMano(); - final List<SourcesParser.Source> sources = manifest.getSources(); + final Map<String, Map<String, List<String>>> nonMano = manifest.getNonMano(); + final List<SourcesParser.Source> sources = manifest.getSources(); - validateNonManoCohesionWithSources(nonMano, sources); + validateNonManoCohesionWithSources(nonMano, sources); - final File manifestMfFile = csar.getManifestMfFile(); - final String absolutePathToEntryCertificate = getAbsolutePathToEntryCertificate(csar, csarRootDirectory); - if (manifestMfFile != null) { - validateFileSignature(manifestMfFile, absolutePathToEntryCertificate); + final File manifestMfFile = csar.getManifestMfFile(); + final String absolutePathToEntryCertificate = getAbsolutePathToEntryCertificate(csar, csarRootDirectory); + if (manifestMfFile != null) { + validateFileSignature(manifestMfFile, absolutePathToEntryCertificate); + } + }else{ + this.errors.add(new CSARWarningNoSecurity()); } + + } + + private boolean verifyThatCsarIsSecure(CSARArchive.Manifest manifest) { + final List<SourcesParser.Source> sources = manifest.getSources(); + final String cms = manifest.getCms(); + final boolean containsHashOrAlgorithm = (sources.stream().anyMatch( + source -> + !source.getAlgorithm().equals(EMPTY_STRING) || + !source.getHash().equals(EMPTY_STRING) + ) + ); + final boolean containsCms = cms != null && !cms.equals(EMPTY_STRING); + return containsCms || containsHashOrAlgorithm; } private String getAbsolutePathToEntryCertificate(CSARArchive csar, Path csarRootDirectory) { @@ -188,15 +215,16 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { } } - private void validateSecurityStructure(CSARArchive csar, Path csarRootDirectory) { - final CSARArchive.Manifest manifest = csar.getManifest(); + private void validateEntryCertificate(CSARArchive csar, Path csarRootDirectory) { final CSARArchive.TOSCAMeta toscaMeta = csar.getToscaMeta(); final String entryCertificateParamName = csar.getEntryCertificateParamName(); final Optional<File> entryCertificate = resolveCertificateFilePath(toscaMeta, csarRootDirectory); if (!entryCertificate.isPresent() || !entryCertificate.get().exists()) { this.errors.add(new CSARErrorUnableToFindCertificate(entryCertificateParamName)); } + } + private void validateManifestCms(CSARArchive.Manifest manifest) { if (manifest.getCms() == null || manifest.getCms().isEmpty()) { this.errors.add(new CSARErrorUnableToFindCmsSection()); } |