CMS signature validation

Change-Id: Ie5d1c835d0e6a760f1b7de651a3833cb87b727e0
Issue-ID: VNFSDK-396
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>

2 files changed, 48 insertions, 20 deletions

diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
index d48869a..90da946 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java
@@ -18,6 +18,7 @@
 package org.onap.cvc.csar.cc.sol004;
 
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.onap.cvc.csar.CSARArchive;
 
@@ -28,26 +29,30 @@ import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.configureTestCase
 import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.convertToMessagesList;
 
 
-public class VTPValidateCSARR787966IntegrationTest {
+public class VTPValidateCSARR130206IntegrationTest {
 
     private static final boolean IS_PNF = true;
-    private VTPValidateCSARR787966 testCase;
+    private VTPValidateCSARR130206 testCase;
 
     @Before
     public void setUp() {
-        testCase = new VTPValidateCSARR787966();
+        testCase = new VTPValidateCSARR130206();
     }
 
     @Test
     public void shouldReturnProperRequestNumber() {
-        assertThat(testCase.getVnfReqsNo()).isEqualTo("R787966");
+        assertThat(testCase.getVnfReqsNo()).isEqualTo("R130206");
     }
 
     @Test
-    public void shouldValidateProperCsar() throws Exception {
+    @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." +
+            "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " +
+            "Use instructions for option 1. Test was created for manual verification."
+    )
+    public void manual_shouldValidateProperCsar() throws Exception {
 
         // given
-        configureTestCase(testCase, "pnf/r787966/csar-option1-valid.csar", "vtp-validate-csar-r787966.yaml", IS_PNF);
+        configureTestCase(testCase, "pnf/r130206/csar-option1-valid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
 
         // when
         testCase.execute();
@@ -58,22 +63,40 @@ public class VTPValidateCSARR787966IntegrationTest {
     }
 
     @Test
+    public void shouldReportThatOnlySignatureIsInvalid() throws Exception {
+
+        // given
+        configureTestCase(testCase, "pnf/r130206/csar-option1-validSection.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
+
+        // when
+        testCase.execute();
+
+        // then
+        List<CSARArchive.CSARError> errors = testCase.getErrors();
+        assertThat(errors.size()).isEqualTo(1);
+        assertThat(convertToMessagesList(errors)).contains(
+                "File has invalid CMS signature!"
+        );
+    }
+
+    @Test
     public void shouldReportErrorsForInvalidCsar() throws Exception {
 
         // given
-        configureTestCase(testCase, "pnf/r787966/csar-option1-invalid.csar", "vtp-validate-csar-r787966.yaml", IS_PNF);
+        configureTestCase(testCase, "pnf/r130206/csar-option1-invalid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF);
 
         // when
         testCase.execute();
 
         // then
         List<CSARArchive.CSARError> errors = testCase.getErrors();
-        assertThat(errors.size()).isEqualTo(4);
+        assertThat(errors.size()).isEqualTo(5);
         assertThat(convertToMessagesList(errors)).contains(
                 "Unable to find CMS section in manifest!",
                 "Source 'Definitions/MainServiceTemplate.yaml' has wrong hash!",
                 "Source 'Artifacts/Other/my_script.csh' has hash, but unable to find algorithm tag!",
-                "Source 'Artifacts/NonExisting.txt' does not exist!"
+                "Unable to calculate digest - file missing: Artifacts/NonExisting2.txt",
+                "File has invalid CMS signature!"
         );
     }
 
@@ -82,7 +105,7 @@ public class VTPValidateCSARR787966IntegrationTest {
     public void shouldReportThanInVnfPackageCertFileWasNotDefined() throws Exception {
 
         // given
-        configureTestCase(testCase, "sample2.csar", "vtp-validate-csar-r787966.yaml", false);
+        configureTestCase(testCase, "sample2.csar", "vtp-validate-csar-r130206.yaml", false);
 
         // when
         testCase.execute();
@@ -91,10 +114,11 @@ public class VTPValidateCSARR787966IntegrationTest {
         List<CSARArchive.CSARError> errors = testCase.getErrors();
         assertThat(convertToMessagesList(errors)).contains(
                 "Unable to find cert file defined by Entry-Certificate!",
+                "Unable to find CMS section in manifest!",
                 "Missing. Entry [tosca_definitions_version]"
         );
     }
 
 
 
-}
\ No newline at end of file
+}
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
index eb41d6a..49696e6 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
@@ -18,6 +18,7 @@
 package org.onap.cvc.csar.cc.sol004;
 
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.onap.cvc.csar.CSARArchive;
 
@@ -61,7 +62,11 @@ public class VTPValidateCSARR787965IntegrationTest {
     }
 
     @Test
-    public void shouldReportThatZipContainsSignatureWithCertificationFileAndPackageIsProbableValid() throws Exception {
+    @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." +
+            "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " +
+            "Use instructions for option 2. Test was created for manual verification."
+    )
+    public void manual_shouldReportThatZipContainsSignatureWithCertificationFileAndPackageIsValid() throws Exception {
 
         // given
         configureTestCase(testCase, "pnf/r787965/signature-and-certificate.zip", "vtp-validate-csar-r787965.yaml", IS_PNF);
@@ -71,12 +76,7 @@ public class VTPValidateCSARR787965IntegrationTest {
 
         // then
         List<CSARArchive.CSARError> errors = testCase.getErrors();
-        assertThat(errors.size()).isEqualTo(1);
-        assertThat(convertToMessagesList(errors)).contains(
-                "Warning. Zip package probably is valid. " +
-                        "It contains only signature with certification cms and csar package. " +
-                        "Unable to verify csar signature."
-        );
+        assertThat(errors.size()).isEqualTo(0);
     }
 
     @Test
@@ -97,7 +97,11 @@ public class VTPValidateCSARR787965IntegrationTest {
     }
 
     @Test
-    public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception {
+    @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." +
+            "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " +
+            "Use instructions for option 2. Test was created for manual verification."
+    )
+    public void manual_shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception {
 
         // given
         configureTestCase(testCase, "pnf/signed-package-valid-signature.zip", "vtp-validate-csar-r787965.yaml", IS_PNF);
@@ -110,4 +114,4 @@ public class VTPValidateCSARR787965IntegrationTest {
         assertThat(errors.size()).isEqualTo(0);
     }
 
-}
\ No newline at end of file
+}