Security TC op2

Change-Id: I247c1223b5731c8dbea1480ca88db1cff78cb633
Issue-ID: VNFSDK-342
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>

5 files changed, 387 insertions, 1 deletions

diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
index c441b80..25e36f6 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
@@ -41,7 +41,7 @@ public class CsarValidatorTest {
 
 
     @Test
-    public void testAllTestCasesForPNF() throws URISyntaxException {
+    public void testAllTestCasesForPNF_CsarCase() throws URISyntaxException {
         OnapCli cli = new OnapCli(new String [] {
                 "--product", "onap-vtp",
                 "csar-validate",
@@ -52,4 +52,17 @@ public class CsarValidatorTest {
         assertEquals(0, cli.getExitCode());
     }
 
+
+    @Test
+    public void testAllTestCasesForPNF_ZipCase() throws URISyntaxException {
+        OnapCli cli = new OnapCli(new String [] {
+                "--product", "onap-vtp",
+                "csar-validate",
+                "--format", "json",
+                "--pnf",
+                "--csar", absoluteFilePath("pnf/signed-package.zip")});
+        cli.handle();
+        assertEquals(0, cli.getExitCode());
+    }
+
 }
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
new file mode 100644
index 0000000..1ac8073
--- /dev/null
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2019 Nokia
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.absoluteFilePath;
+
+public class FileArchiveTest {
+
+    @Rule
+    public TemporaryFolder folder= new TemporaryFolder();
+
+    @Test
+    public void shouldUnpackCsarFile() throws URISyntaxException, IOException {
+        // given
+        String absolutePath = folder.getRoot().getAbsolutePath();
+
+        // when
+        FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/r57019/allMandatoryEntriesDefinedInMetadataManifest.csar"));
+
+        // then
+        assertFalse(workspace.isZip());
+        assertTrue(workspace.getRootFolder().isPresent());
+        assertTrue(workspace.getPathToCsarFolder().isPresent());
+        assertFalse(workspace.getPathToCertFile().isPresent());
+        assertFalse(workspace.getPathToCmsFile().isPresent());
+    }
+
+    @Test
+    public void shouldUnpackZipFile() throws URISyntaxException, IOException {
+        // given
+        String absolutePath = folder.getRoot().getAbsolutePath();
+
+        // when
+        FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package.zip"));
+
+        // then
+        assertTrue(workspace.isZip());
+        assertTrue(workspace.getRootFolder().isPresent());
+        assertTrue(workspace.getPathToCsarFolder().isPresent());
+        assertTrue(workspace.getPathToCertFile().isPresent());
+        assertTrue(workspace.getPathToCmsFile().isPresent());
+    }
+
+}
\ No newline at end of file
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java
new file mode 100644
index 0000000..7da91f8
--- /dev/null
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2019 Nokia
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.nio.file.Path;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ZipFileContentValidatorTest {
+
+    @Mock
+    Path rootFolder;
+    @Mock
+    Path pathToCsarWorkspace;
+    @Mock
+    Path certFile;
+    @Mock
+    Path csarFile;
+    @Mock
+    Path cmsFile;
+
+    private ZipFileContentValidator zipFileContentValidator;
+
+
+    @Before
+    public void setUp(){
+         zipFileContentValidator = new ZipFileContentValidator();
+    }
+
+    @Test
+    public void shouldReportThatCertFileAndCmsFileIsNotAvailable() {
+        // given
+        FileArchive.Workspace workspace = FileArchive.Workspace.forZip(
+                rootFolder,
+                pathToCsarWorkspace,
+                null,
+                null,
+                null
+        );
+
+        // when
+        List<CSARArchive.CSARError> errors = zipFileContentValidator.validate(workspace);
+
+        // then
+        assertThat(errors.size()).isEqualTo(2);
+        assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains(
+                "Missing. Cert file is not available!", "Missing. CMS file is not available!"
+        );
+    }
+
+    @Test
+    public void shouldReportThatCertFileIsNotAvailable() {
+        // given
+        FileArchive.Workspace workspace = FileArchive.Workspace.forZip(
+                rootFolder,
+                pathToCsarWorkspace,
+                null,
+                cmsFile,
+                csarFile
+        );
+
+        // when
+        List<CSARArchive.CSARError> errors = zipFileContentValidator.validate(workspace);
+
+        // then
+        assertThat(errors.size()).isEqualTo(1);
+        assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains(
+                "Missing. Cert file is not available!"
+        );
+    }
+
+    @Test
+    public void shouldReportThatCmsFileIsNotAvailable() {
+        // given
+        FileArchive.Workspace workspace = FileArchive.Workspace.forZip(
+                rootFolder,
+                pathToCsarWorkspace,
+                certFile,
+                null,
+                csarFile
+        );
+
+        // when
+        List<CSARArchive.CSARError> errors = zipFileContentValidator.validate(workspace);
+
+        // then
+        assertThat(errors.size()).isEqualTo(1);
+        assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains(
+                "Missing. CMS file is not available!"
+        );
+    }
+
+    @Test
+    public void shouldNotReportAnyErrorWhenAllFilesAreAvailable() {
+        // given
+        FileArchive.Workspace workspace = FileArchive.Workspace.forZip(
+                rootFolder,
+                pathToCsarWorkspace,
+                certFile,
+                cmsFile,
+                csarFile
+        );
+
+        // when
+        List<CSARArchive.CSARError> errors = zipFileContentValidator.validate(workspace);
+
+        // then
+        assertThat(errors.size()).isEqualTo(0);
+    }
+}
\ No newline at end of file
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
new file mode 100644
index 0000000..5c11c8a
--- /dev/null
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2019 Nokia
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar.cc.sol004;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onap.cvc.csar.CSARArchive;
+
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.configureTestCase;
+import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.convertToMessagesList;
+
+
+public class VTPValidateCSARR787965IntegrationTest {
+
+    private VTPValidateCSARR787965 testCase;
+
+    @Before
+    public void setUp() {
+        testCase = new VTPValidateCSARR787965();
+    }
+
+    @Test
+    public void shouldReturnProperRequestNumber() {
+        assertThat(testCase.getVnfReqsNo()).isEqualTo("R787965");
+    }
+
+    @Test
+    public void shouldReportCsarHasInvalidSignature() throws Exception {
+        // We will not prepare positive test case, because X509 certification has expiration date and such test will
+        // stop working in the future.
+
+        // given
+        configureTestCase(testCase, "pnf/signed-package.zip");
+
+        // when
+        testCase.execute();
+
+        // then
+        List<CSARArchive.CSARError> errors = testCase.getErrors();
+        assertThat(errors.size()).isEqualTo(1);
+        assertThat(convertToMessagesList(errors)).contains(
+                "Invalid CSAR signature!"
+        );
+    }
+
+
+}
\ No newline at end of file
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
new file mode 100644
index 0000000..9a3e124
--- /dev/null
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2019 Nokia
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar.rsa;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.security.PublicKey;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.*;
+
+@RunWith(MockitoJUnitRunner.class)
+public class RSACertificateValidatorTest {
+
+    @Mock
+    private X509RsaCertification x509RsaCertification;
+
+    @Mock
+    private PublicKey publicKey;
+
+    @Test
+    public void shouldReturnInformationThatCsarHasValidSignature() throws Exception {
+
+        // given
+        String publicCertificate ="-----BEGIN CERTIFICATE-----\n" +
+                "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
+                "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
+                "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
+                "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
+                "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
+                "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
+                "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
+                "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
+                "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
+                "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
+                "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
+                "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
+                "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
+                "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
+                "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
+                "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
+                "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
+                "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
+                "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
+                "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
+                "OUU/dbcjLaFvoQsv3aAk\n" +
+                "-----END CERTIFICATE-----\n";
+
+        String signature = "r+18GjD74DWNbp1U5zzbw7lB0QI5OXXBReGQ5DmRn/SFqQj0H22omSoolqlmwk8fc6pBfSTQl68yWEztH6m14dKTcYozVFpn1TS0qSgxMYjPJ5N/4+wrhC/70yosLATdc2w1U/9UYeFxP0QbCBSLtH9dDgTfm8e7Y25c7l6jSI+/VZ6b4lno5786y4W/VYeP6ktOvI0qbLtFPLfpxjqJ5idXUspkblhrZ6dHzURTlUWfYTku5NfLoIPL2Hdr8WfTBBTk+TYmAEBGC7J3SY5m1SZOOGElh80CfLGFVtdZ862Sgj2X8hV1isBTEJpczQwdMmid2xzdmZgbnkzFh9F/eQ==";
+        byte [] content = new byte[] {'t','e','s','t'};
+
+
+        String cert = "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
+                "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
+                "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
+                "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
+                "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
+                "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
+                "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
+                "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
+                "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
+                "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
+                "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
+                "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
+                "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
+                "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
+                "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
+                "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
+                "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
+                "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
+                "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
+                "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
+                "OUU/dbcjLaFvoQsv3aAk\n";
+
+        when(x509RsaCertification.generatePublicKey(cert)).thenReturn(publicKey);
+        when(x509RsaCertification.verify(content,signature, publicKey)).thenReturn(true);
+
+        // when
+        RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(x509RsaCertification);
+
+        // then
+        assertThat(rsaCertificateValidator.isValid(content, signature, publicCertificate)).isTrue();
+        verify(x509RsaCertification,times(1)).generatePublicKey(cert);
+        verify(x509RsaCertification,times(1)).verify(content,signature, publicKey);
+    }
+
+}
\ No newline at end of file