diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2019-08-14 10:52:37 +0200 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2019-08-22 12:10:38 +0200 |
commit | 0562debfc5cdd31e61c016aea40272c6c02ad3cb (patch) | |
tree | 79e011e5247c1179d784723bb57c6bede0b3fb14 /csarvalidation/src/test/java/org | |
parent | 870a89675528664aa5c0aca57f50c584b76a8b8f (diff) |
CMS signature validation
Change-Id: Ie5d1c835d0e6a760f1b7de651a3833cb87b727e0
Issue-ID: VNFSDK-396
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation/src/test/java/org')
-rw-r--r-- | csarvalidation/src/test/java/org/onap/cvc/csar/PnfManifestParserTest.java | 36 | ||||
-rw-r--r-- | csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java (renamed from csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966IntegrationTest.java) | 46 | ||||
-rw-r--r-- | csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java | 22 | ||||
-rw-r--r-- | csarvalidation/src/test/java/org/onap/cvc/csar/parser/ManifestFileSplitterTest.java | 50 |
4 files changed, 131 insertions, 23 deletions
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/PnfManifestParserTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/PnfManifestParserTest.java index 6e56959..a708f47 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/PnfManifestParserTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/PnfManifestParserTest.java @@ -120,9 +120,39 @@ public class PnfManifestParserTest { List<CSARArchive.CSARError> errors = sourcesPair.getValue(); assertThat(cms).isEqualTo( - "MIGDBgsqhkiG9w0BCRABCaB0MHICAQAwDQYLKoZIhvcNAQkQAwgwXgYJKoZIhvcN" + - "AQcBoFEET3icc87PK0nNK9ENqSxItVIoSa0o0S/ISczMs1ZIzkgsKk4tsQ0N1nUM" + - "dvb05OXi5XLPLEtViMwvLVLwSE0sKlFIVHAqSk3MBkkBAJv0Fx0=" + "MIIGDAYJKoZIhvcNAQcCoIIF/TCCBfkCAQExDTALBglghkgBZQMEAgEwCwYJKoZI"+ + "hvcNAQcBoIIDRTCCA0EwggIpAhRJ6KO7OFR2BuRDZwcd2TT4/wrEqDANBgkqhkiG"+ + "9w0BAQsFADBlMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8G"+ + "A1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR4wHAYDVQQLDBVDZXJ0aWZp"+ + "Y2F0ZSBBdXRob3JpdHkwHhcNMTkwODEzMDg0NDU4WhcNMTkwOTEyMDg0NDU4WjBV"+ + "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50"+ + "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ4wDAYDVQQLDAVOb2tpYTCCASIwDQYJKoZI"+ + "hvcNAQEBBQADggEPADCCAQoCggEBAPRCM8g0cm1nuojFuk01Lo1iAbj7STEbiqJn"+ + "Xk4BEEspM4snShj35bO9DHSunXivdCzen4BE7hLpetpbr+7ptqpV7NuR9DgYD399"+ + "eAltb4oLnkLWgODCxhFOnwrKjnXSbP8KX3kmYRJmDzsSjJrpattfxNCa2aHzubyA"+ + "W0Mv9Ni2R0scnBY+ubydwn223d/743T2pfXsiOV6Ucjhz+9XWU96b7e9GxN12EJQ"+ + "R6R4O9dz3CSZmQsiMMYROD5elV59Y9ucSkhdrUjPzjveqjEA9FWc0piBpe42c9Mo"+ + "Lr8S5hKaaC8ONfSUBuEysKC5g6D6OS1Kxii3zbUbNzpxXti8tmUCAwEAATANBgkq"+ + "hkiG9w0BAQsFAAOCAQEAVJGCH8VL/ha1RYmoZBefCT/AQc50GlcIJtPCB8Y7ygkX"+ + "Y2Ybj6SrF66+wq6hQsU9xtxHyn08nfOdGWfNJ9yq4SO8RF7Oz4NxkQ+KFhi2QUGZ"+ + "5TwdWLr0Q+zKTZgpLZm1rtlyyz+2AUwcPPVHhDfJX0kqz/0UPHWFDxXfJyOwmQdN"+ + "E4qhO9uB3zEujJwM8B7wXfDwsNg6xbKBytm67IHQN3OF/Bfcugx7eCVJ08XA8Irj"+ + "CovwPvjxaL32iYTXmiBl+vSb3lEarbinMkMCq80yx3LtIg1goGVO+Tp+yOoVxNUL"+ + "psSXr9kdWncI1venEjk/SvggxtT4RJ6dLH358qFu+TGCAo0wggKJAgEBMH0wZTEL"+ + "MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy"+ + "bmV0IFdpZGdpdHMgUHR5IEx0ZDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9y"+ + "aXR5AhRJ6KO7OFR2BuRDZwcd2TT4/wrEqDALBglghkgBZQMEAgGggeQwGAYJKoZI"+ + "hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwODEzMDg0NTI2"+ + "WjAvBgkqhkiG9w0BCQQxIgQgOtAYNJkSFj5rU8K7Ujz6BdefH7sITKBcMmBcm/hI"+ + "TUAweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG"+ + "CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN"+ + "AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA"+ + "Sj+3i3Mcxz6Uqf8WcLNiR3K3QeQUEQJurPHW/BzidjPx+PoZ+6jP8sAkulUu/yeo"+ + "rv3dDQGq0cF6KE3gKi3IXgCOB5nZ/O4BtvPcKOlQk14fMdBnHQMgGb27dNLMheuo"+ + "t4YJVEZNm+1NoYZBMyESm1Ns3DHmq7dqpFMWSad85gMTsbD/q896ZMiua+bLvnlg"+ + "qJXtYrnJPx9KqSzNFhzTqwFMJ9OASaHm+eV9/EWWLJ0rgUmheI0sb2Pa5i93w6dr"+ + "HhE7UbSCHDlDDgrOosJkbuI4UCX/njXrU2ukXbrWz/FjH84Mek039z+w4M6fBnl5"+ + "4xuyO1o65LlKHoxwnRH9lQ==" ); assertThat(errors.size()).isEqualTo(0); } diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java index d48869a..90da946 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787966IntegrationTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java @@ -18,6 +18,7 @@ package org.onap.cvc.csar.cc.sol004; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.onap.cvc.csar.CSARArchive; @@ -28,26 +29,30 @@ import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.configureTestCase import static org.onap.cvc.csar.cc.sol004.IntegrationTestUtils.convertToMessagesList; -public class VTPValidateCSARR787966IntegrationTest { +public class VTPValidateCSARR130206IntegrationTest { private static final boolean IS_PNF = true; - private VTPValidateCSARR787966 testCase; + private VTPValidateCSARR130206 testCase; @Before public void setUp() { - testCase = new VTPValidateCSARR787966(); + testCase = new VTPValidateCSARR130206(); } @Test public void shouldReturnProperRequestNumber() { - assertThat(testCase.getVnfReqsNo()).isEqualTo("R787966"); + assertThat(testCase.getVnfReqsNo()).isEqualTo("R130206"); } @Test - public void shouldValidateProperCsar() throws Exception { + @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." + + "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " + + "Use instructions for option 1. Test was created for manual verification." + ) + public void manual_shouldValidateProperCsar() throws Exception { // given - configureTestCase(testCase, "pnf/r787966/csar-option1-valid.csar", "vtp-validate-csar-r787966.yaml", IS_PNF); + configureTestCase(testCase, "pnf/r130206/csar-option1-valid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); // when testCase.execute(); @@ -58,22 +63,40 @@ public class VTPValidateCSARR787966IntegrationTest { } @Test + public void shouldReportThatOnlySignatureIsInvalid() throws Exception { + + // given + configureTestCase(testCase, "pnf/r130206/csar-option1-validSection.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); + + // when + testCase.execute(); + + // then + List<CSARArchive.CSARError> errors = testCase.getErrors(); + assertThat(errors.size()).isEqualTo(1); + assertThat(convertToMessagesList(errors)).contains( + "File has invalid CMS signature!" + ); + } + + @Test public void shouldReportErrorsForInvalidCsar() throws Exception { // given - configureTestCase(testCase, "pnf/r787966/csar-option1-invalid.csar", "vtp-validate-csar-r787966.yaml", IS_PNF); + configureTestCase(testCase, "pnf/r130206/csar-option1-invalid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); // when testCase.execute(); // then List<CSARArchive.CSARError> errors = testCase.getErrors(); - assertThat(errors.size()).isEqualTo(4); + assertThat(errors.size()).isEqualTo(5); assertThat(convertToMessagesList(errors)).contains( "Unable to find CMS section in manifest!", "Source 'Definitions/MainServiceTemplate.yaml' has wrong hash!", "Source 'Artifacts/Other/my_script.csh' has hash, but unable to find algorithm tag!", - "Source 'Artifacts/NonExisting.txt' does not exist!" + "Unable to calculate digest - file missing: Artifacts/NonExisting2.txt", + "File has invalid CMS signature!" ); } @@ -82,7 +105,7 @@ public class VTPValidateCSARR787966IntegrationTest { public void shouldReportThanInVnfPackageCertFileWasNotDefined() throws Exception { // given - configureTestCase(testCase, "sample2.csar", "vtp-validate-csar-r787966.yaml", false); + configureTestCase(testCase, "sample2.csar", "vtp-validate-csar-r130206.yaml", false); // when testCase.execute(); @@ -91,10 +114,11 @@ public class VTPValidateCSARR787966IntegrationTest { List<CSARArchive.CSARError> errors = testCase.getErrors(); assertThat(convertToMessagesList(errors)).contains( "Unable to find cert file defined by Entry-Certificate!", + "Unable to find CMS section in manifest!", "Missing. Entry [tosca_definitions_version]" ); } -}
\ No newline at end of file +} diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java index eb41d6a..49696e6 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java @@ -18,6 +18,7 @@ package org.onap.cvc.csar.cc.sol004; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.onap.cvc.csar.CSARArchive; @@ -61,7 +62,11 @@ public class VTPValidateCSARR787965IntegrationTest { } @Test - public void shouldReportThatZipContainsSignatureWithCertificationFileAndPackageIsProbableValid() throws Exception { + @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." + + "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " + + "Use instructions for option 2. Test was created for manual verification." + ) + public void manual_shouldReportThatZipContainsSignatureWithCertificationFileAndPackageIsValid() throws Exception { // given configureTestCase(testCase, "pnf/r787965/signature-and-certificate.zip", "vtp-validate-csar-r787965.yaml", IS_PNF); @@ -71,12 +76,7 @@ public class VTPValidateCSARR787965IntegrationTest { // then List<CSARArchive.CSARError> errors = testCase.getErrors(); - assertThat(errors.size()).isEqualTo(1); - assertThat(convertToMessagesList(errors)).contains( - "Warning. Zip package probably is valid. " + - "It contains only signature with certification cms and csar package. " + - "Unable to verify csar signature." - ); + assertThat(errors.size()).isEqualTo(0); } @Test @@ -97,7 +97,11 @@ public class VTPValidateCSARR787965IntegrationTest { } @Test - public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception { + @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." + + "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " + + "Use instructions for option 2. Test was created for manual verification." + ) + public void manual_shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception { // given configureTestCase(testCase, "pnf/signed-package-valid-signature.zip", "vtp-validate-csar-r787965.yaml", IS_PNF); @@ -110,4 +114,4 @@ public class VTPValidateCSARR787965IntegrationTest { assertThat(errors.size()).isEqualTo(0); } -}
\ No newline at end of file +} diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/parser/ManifestFileSplitterTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/parser/ManifestFileSplitterTest.java new file mode 100644 index 0000000..b530691 --- /dev/null +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/parser/ManifestFileSplitterTest.java @@ -0,0 +1,50 @@ +/* + * Copyright 2019 Nokia + * <p> + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.onap.cvc.csar.parser; + +import org.assertj.core.api.Assertions; +import org.junit.Test; + +import java.io.File; + +/* + How to sing files see to README.txt file into test/resources folder + */ +public class ManifestFileSplitterTest { + + @Test + public void shouldSplitManifestFileOnDataPartAndCMS() { + File file = new File("./src/test/resources/cvc/csar/parser/MainServiceTemplate.mf"); + ManifestFileSplitter manifestFileSplitter = new ManifestFileSplitter(); + + ManifestFileModel manifestFileModel = manifestFileSplitter.split(file); + + Assertions.assertThat(manifestFileModel.getData()).contains("metadata:", + " pnfd_name: RadioNode", + " pnfd_provider: Ericsson", + " pnfd_archive_version: 1.0", + " pnfd_release_date_time: 2019-01-14T11:25:00+00:00"); + + Assertions.assertThat(manifestFileModel.getCMS()).contains( + "-----BEGIN CMS-----", + "MIIGDAYJKoZIhvcNAQcCoIIF/TCCBfkCAQExDTALBglghkgBZQMEAgEwCwYJKoZI", + "hvcNAQcBoIIDRTCCA0EwggIpAhRJ6KO7OFR2BuRDZwcd2TT4/wrEqDANBgkqhkiG", + "-----END CMS-----" + ); + } +} |