summaryrefslogtreecommitdiffstats
path: root/csarvalidation/src/main/java
diff options
context:
space:
mode:
authorBogumil Zebek <bogumil.zebek@nokia.com>2019-05-09 13:28:17 +0200
committerZebek Bogumil <bogumil.zebek@nokia.com>2019-06-11 11:58:13 +0200
commitbd711684187e95a1dd3cd53622714aae22bb417c (patch)
tree43aaca63aceb64c7e3d62a212b41f8571b4b26bd /csarvalidation/src/main/java
parent900dd46df0976d545ec66a4822fc1fc846f262b4 (diff)
Security verification
Change-Id: I759e3698a25dd4f84dc345c3fd4c0d201b75d233 Issue-ID: VNFSDK-395 Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation/src/main/java')
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/ZipFileContentValidator.java52
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java10
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java75
3 files changed, 58 insertions, 79 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/ZipFileContentValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/ZipFileContentValidator.java
deleted file mode 100644
index 801d8cf..0000000
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/ZipFileContentValidator.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class ZipFileContentValidator {
-
- public static class CSARErrorCertMissing extends CSARArchive.CSARError {
- CSARErrorCertMissing() {
- super("0x1008");
- this.message = "Missing. Cert file is not available!";
- }
- }
-
- public static class CSARErrorCMSMissing extends CSARArchive.CSARError {
- CSARErrorCMSMissing() {
- super("0x1009");
- this.message = "Missing. CMS file is not available!";
- }
- }
-
- public List<CSARArchive.CSARError> validate(FileArchive.Workspace workspace){
- final ArrayList<CSARArchive.CSARError> retValue = new ArrayList<>();
-
- if(!workspace.getPathToCertFile().isPresent()){
- retValue.add(new CSARErrorCertMissing());
- }
-
- if(!workspace.getPathToCmsFile().isPresent()){
- retValue.add(new CSARErrorCMSMissing());
- }
-
- return retValue;
- }
-}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java
index eafdbde..6e67df9 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/VTPValidateCSARBase.java
@@ -22,9 +22,7 @@ import org.onap.cli.fw.error.OnapCommandExecutionFailed;
import org.onap.cli.fw.input.OnapCommandParameter;
import org.onap.cvc.csar.CSARArchive;
import org.onap.cvc.csar.CSARArchive.CSARError;
-import org.onap.cvc.csar.FileArchive;
import org.onap.cvc.csar.PnfCSARArchive;
-import org.onap.cvc.csar.ZipFileContentValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,8 +32,6 @@ import java.util.List;
public abstract class VTPValidateCSARBase extends OnapCommand {
protected static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSARBase.class);
- private final ZipFileContentValidator zipFileContentValidator = new ZipFileContentValidator();
-
protected abstract void validateCSAR(CSARArchive csar) throws Exception;
protected abstract String getVnfReqsNo();
@@ -52,12 +48,6 @@ public abstract class VTPValidateCSARBase extends OnapCommand {
try (CSARArchive csar = isPnf ? new PnfCSARArchive(): new CSARArchive()){
csar.init(path);
-
- FileArchive.Workspace workspace = csar.getWorkspace();
- if(workspace.isZip()) {
- errors.addAll(zipFileContentValidator.validate(workspace));
- }
-
csar.parse();
errors.addAll(csar.getErrors());
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
index 621ede0..97efd11 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
@@ -36,34 +36,46 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase {
private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSARR787965.class);
- public static class CSARErrorInvalidSignature extends CSARArchive.CSARError {
+ static class CSARErrorInvalidSignature extends CSARArchive.CSARError {
CSARErrorInvalidSignature() {
super("0x3001");
this.message = "Invalid CSAR signature!";
}
}
- @Override
- protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
+ static class CsarFileNotAvailableError extends CSARArchive.CSARError {
+ CsarFileNotAvailableError() {
+ super("0x3002");
+ this.message = "Missing. Csar file is not available!";
+ }
+ }
- try {
- final CmsSignatureValidator securityManager = new CmsSignatureValidator();
+ static class SignatureWithCertificationOnlyWarning extends CSARArchive.CSARError {
+ SignatureWithCertificationOnlyWarning() {
+ super("0x3003");
+ this.message = "Warning. Zip package probably is valid. " +
+ "It contains only signature with certification cms and csar package. " +
+ "Unable to verify csar signature.";
+ }
+ }
- FileArchive.Workspace workspace = csar.getWorkspace();
- final Optional<Path> pathToCsarFile = workspace.getPathToCsarFile();
- final Optional<Path> pathToCertFile = workspace.getPathToCertFile();
- final Optional<Path> pathToCmsFile = workspace.getPathToCmsFile();
- if (workspace.isZip() && pathToCsarFile.isPresent() && pathToCertFile.isPresent() && pathToCmsFile.isPresent()) {
- byte[] csarContent = Files.readAllBytes(pathToCsarFile.get());
- byte[] signature = Files.readAllBytes(pathToCmsFile.get());
- byte[] publicCertification = Files.readAllBytes(pathToCertFile.get());
+ static class BrokenZipPackageError extends CSARArchive.CSARError {
+ BrokenZipPackageError() {
+ super("0x3004");
+ this.message = "Missing. Unable to find certification files.";
+ }
+ }
- if (!securityManager.verifySignedData(signature, publicCertification,csarContent)) {
- this.errors.add(new CSARErrorInvalidSignature());
- }
- }
+ @Override
+ protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
+
+ try {
+ FileArchive.Workspace workspace = csar.getWorkspace();
+ if (workspace.isZip()) {
+ verifyZipStructure(workspace);
+ }
} catch (Exception e) {
LOG.error("Internal VTPValidateCSARR787965 command error", e);
throw new OnapCommandException("0x3000", "Internal VTPValidateCSARR787965 command error. See logs.");
@@ -71,6 +83,35 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase {
}
+ private void verifyZipStructure(FileArchive.Workspace workspace) throws Exception {
+ final Optional<Path> pathToCsarFile = workspace.getPathToCsarFile();
+ final Optional<Path> pathToCertFile = workspace.getPathToCertFile();
+ final Optional<Path> pathToCmsFile = workspace.getPathToCmsFile();
+ if(!pathToCsarFile.isPresent()) {
+ this.errors.add(new CsarFileNotAvailableError());
+ } else {
+ if (pathToCertFile.isPresent() && pathToCmsFile.isPresent()) {
+ verifyTwoFileCertification(pathToCsarFile.get(), pathToCertFile.get(), pathToCmsFile.get());
+ } else if (pathToCmsFile.isPresent()) {
+ this.errors.add(new SignatureWithCertificationOnlyWarning());
+ } else {
+ this.errors.add(new BrokenZipPackageError());
+ }
+ }
+ }
+
+ private void verifyTwoFileCertification(Path pathToCsarFile, Path pathToCertFile, Path pathToCmsFile) throws Exception {
+ final CmsSignatureValidator securityManager = new CmsSignatureValidator();
+
+ byte[] csarContent = Files.readAllBytes(pathToCsarFile);
+ byte[] signature = Files.readAllBytes(pathToCmsFile);
+ byte[] publicCertification = Files.readAllBytes(pathToCertFile);
+
+ if (!securityManager.verifySignedData(signature, publicCertification,csarContent)) {
+ this.errors.add(new CSARErrorInvalidSignature());
+ }
+ }
+
@Override
protected String getVnfReqsNo() {
return "R787965";