diff options
author | Bogumil Zebek <bogumil.zebek@nokia.com> | 2019-05-31 13:58:12 +0200 |
---|---|---|
committer | Zebek Bogumil <bogumil.zebek@nokia.com> | 2019-05-31 13:58:12 +0200 |
commit | 379eb896b050fbb1f88ca7e736665c573f8c9f74 (patch) | |
tree | 5bdd21ed80f11f8c6807cd6fc0fe40b713d9f81e /csarvalidation/src | |
parent | 2b293e3d6c9c2ff693ccebf8ee757980cf6e2499 (diff) |
Handle signature in cms
Change-Id: Ied997305efe347859cbd069f2887f792adc775c0
Issue-ID: VNFSDK-414
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation/src')
12 files changed, 141 insertions, 227 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java index a5ff4ed..621ede0 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java @@ -23,14 +23,12 @@ import org.onap.cli.fw.schema.OnapCommandSchema; import org.onap.cvc.csar.CSARArchive; import org.onap.cvc.csar.FileArchive; import org.onap.cvc.csar.cc.VTPValidateCSARBase; -import org.onap.cvc.csar.rsa.RSACertificateValidator; -import org.onap.cvc.csar.rsa.X509RsaCertification; +import org.onap.cvc.csar.security.CmsSignatureValidator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.nio.file.Files; import java.nio.file.Path; -import java.util.Base64; import java.util.Optional; @OnapCommandSchema(schema = "vtp-validate-csar-r787965.yaml") @@ -49,7 +47,7 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase { protected void validateCSAR(CSARArchive csar) throws OnapCommandException { try { - final RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(new X509RsaCertification()); + final CmsSignatureValidator securityManager = new CmsSignatureValidator(); FileArchive.Workspace workspace = csar.getWorkspace(); final Optional<Path> pathToCsarFile = workspace.getPathToCsarFile(); @@ -58,10 +56,10 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase { if (workspace.isZip() && pathToCsarFile.isPresent() && pathToCertFile.isPresent() && pathToCmsFile.isPresent()) { byte[] csarContent = Files.readAllBytes(pathToCsarFile.get()); - String signature = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCmsFile.get())); - String publicCertification = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCertFile.get())); + byte[] signature = Files.readAllBytes(pathToCmsFile.get()); + byte[] publicCertification = Files.readAllBytes(pathToCertFile.get()); - if (!rsaCertificateValidator.isValid(csarContent, signature, publicCertification)) { + if (!securityManager.verifySignedData(signature, publicCertification,csarContent)) { this.errors.add(new CSARErrorInvalidSignature()); } } diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java deleted file mode 100644 index 022f697..0000000 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2019 Nokia - * <p> - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package org.onap.cvc.csar.rsa; - - -import java.security.PublicKey; - -public class RSACertificateValidator { - - private final X509RsaCertification x509RsaCertification; - - public RSACertificateValidator(X509RsaCertification x509RsaCertification) { - this.x509RsaCertification = x509RsaCertification; - } - - public boolean isValid(byte [] content, String signature, String publicCertificateContent) throws Exception { - - String publicCert = extractPublicKeyCertificate(publicCertificateContent); - final PublicKey publicKey = this.x509RsaCertification.generatePublicKey(publicCert); - - return this.x509RsaCertification.verify(content,signature,publicKey); - } - - private String extractPublicKeyCertificate(String publicCertificateContent) { - String publicCert = publicCertificateContent.replace("-----BEGIN CERTIFICATE-----\n", ""); - return publicCert.replace("-----END CERTIFICATE-----\n", ""); - } -} diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java deleted file mode 100644 index 8395221..0000000 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2019 Nokia - * <p> - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package org.onap.cvc.csar.rsa; - -import org.apache.commons.codec.binary.Base64; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -public class X509RsaCertification { - - private static final Logger LOG = LoggerFactory.getLogger(X509RsaCertification.class); - - PublicKey generatePublicKey(String cert) throws CertificateException { - byte[] encodedCert = cert.getBytes(StandardCharsets.UTF_8); - byte[] decodedCert = Base64.decodeBase64(encodedCert); - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - InputStream in = new ByteArrayInputStream(decodedCert); - X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(in); - - LOG.info(String.format("Subject DN : %s", certificate.getSubjectDN().getName())); - LOG.info(String.format("Issuer : %s", certificate.getIssuerDN().getName())); - LOG.info(String.format("Not After: %s", certificate.getNotAfter())); - LOG.info(String.format("Not Before: %s", certificate.getNotBefore())); - LOG.info(String.format("version: %d", certificate.getVersion())); - LOG.info(String.format("serial number : %s", certificate.getSerialNumber())); - - return certificate.getPublicKey(); - } - - boolean verify(byte[] content, String signature, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - Signature publicSignature = Signature.getInstance("SHA256withRSA"); - publicSignature.initVerify(publicKey); - publicSignature.update(content); - - byte[] signatureBytes = java.util.Base64.getDecoder().decode(signature); - - return publicSignature.verify(signatureBytes); - } -} diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java new file mode 100644 index 0000000..316c802 --- /dev/null +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java @@ -0,0 +1,90 @@ +/* + * Copyright 2019 + * <p> + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.onap.cvc.csar.security; + +import org.bouncycastle.asn1.cms.ContentInfo; +import org.bouncycastle.cms.CMSException; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSSignedData; +import org.bouncycastle.cms.CMSSignerDigestMismatchException; +import org.bouncycastle.cms.CMSTypedData; +import org.bouncycastle.cms.SignerInformation; +import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.operator.OperatorCreationException; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collection; + +public class CmsSignatureValidator { + + public boolean verifySignedData( + final byte[] signature, + final byte[] certificate, + final byte[] csarFileContent) throws CmsSignatureValidatorException { + + try (ByteArrayInputStream signatureStream = new ByteArrayInputStream(signature)) { + SignerInformation firstSigner = getSignerInformation(csarFileContent, signatureStream); + X509Certificate cert = loadCertificate(certificate); + + return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)); + } catch (CMSSignerDigestMismatchException e){ + //message-digest attribute value does not match calculated value + return false; + } + catch (OperatorCreationException | IOException | CMSException e) { + throw new CmsSignatureValidatorException("Unexpected error occurred during signature validation!", e); + } + } + + private SignerInformation getSignerInformation(byte[] innerPackageFileCSAR, ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException, CMSException { + ContentInfo signature = produceSignature(signatureStream); + CMSTypedData signedContent = new CMSProcessableByteArray(innerPackageFileCSAR); + CMSSignedData signedData = new CMSSignedData(signedContent, signature); + + Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners(); + return signers.iterator().next(); + } + + private ContentInfo produceSignature(ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException { + Object parsedObject = new PEMParser(new InputStreamReader(signatureStream)).readObject(); + if (!(parsedObject instanceof ContentInfo)) { + throw new CmsSignatureValidatorException("Signature is not recognized!"); + } + return ContentInfo.getInstance(parsedObject); + } + + + private X509Certificate loadCertificate(byte[] certFile) throws CmsSignatureValidatorException { + try (InputStream in = new ByteArrayInputStream(certFile)) { + CertificateFactory factory = CertificateFactory.getInstance("X.509"); + return (X509Certificate) factory.generateCertificate(in); + } catch (CertificateException | IOException e) { + throw new CmsSignatureValidatorException("Error during loading Certificate from bytes!", e); + } + } + + +} + diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java new file mode 100644 index 0000000..75cd8de --- /dev/null +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java @@ -0,0 +1,28 @@ +/* + * Copyright 2019 + * <p> + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.onap.cvc.csar.security; + +public class CmsSignatureValidatorException extends Exception { + + public CmsSignatureValidatorException(String s) { + super(s); + } + + public CmsSignatureValidatorException(String s, Throwable t) { + super(s, t); + } +} diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java index 25e36f6..e724283 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java @@ -60,7 +60,7 @@ public class CsarValidatorTest { "csar-validate", "--format", "json", "--pnf", - "--csar", absoluteFilePath("pnf/signed-package.zip")}); + "--csar", absoluteFilePath("pnf/signed-package-valid-signature.zip")}); cli.handle(); assertEquals(0, cli.getExitCode()); } diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java index 1ac8073..738b4f6 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java @@ -56,7 +56,7 @@ public class FileArchiveTest { String absolutePath = folder.getRoot().getAbsolutePath(); // when - FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package.zip")); + FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package-valid-signature.zip")); // then assertTrue(workspace.isZip()); diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java index 5c11c8a..c19fe99 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java @@ -43,12 +43,10 @@ public class VTPValidateCSARR787965IntegrationTest { } @Test - public void shouldReportCsarHasInvalidSignature() throws Exception { - // We will not prepare positive test case, because X509 certification has expiration date and such test will - // stop working in the future. + public void shouldReportThatCsarHasInvalidSignature() throws Exception { // given - configureTestCase(testCase, "pnf/signed-package.zip"); + configureTestCase(testCase, "pnf/signed-package-invalid-signature.zip"); // when testCase.execute(); @@ -61,5 +59,19 @@ public class VTPValidateCSARR787965IntegrationTest { ); } + @Test + public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception { + + // given + configureTestCase(testCase, "pnf/signed-package-valid-signature.zip"); + + // when + testCase.execute(); + + // then + List<CSARArchive.CSARError> errors = testCase.getErrors(); + assertThat(errors.size()).isEqualTo(0); + } + }
\ No newline at end of file diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java deleted file mode 100644 index 9a3e124..0000000 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright 2019 Nokia - * <p> - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * <p> - * http://www.apache.org/licenses/LICENSE-2.0 - * <p> - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package org.onap.cvc.csar.rsa; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.junit.MockitoJUnitRunner; - -import java.security.PublicKey; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.*; - -@RunWith(MockitoJUnitRunner.class) -public class RSACertificateValidatorTest { - - @Mock - private X509RsaCertification x509RsaCertification; - - @Mock - private PublicKey publicKey; - - @Test - public void shouldReturnInformationThatCsarHasValidSignature() throws Exception { - - // given - String publicCertificate ="-----BEGIN CERTIFICATE-----\n" + - "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" + - "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" + - "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" + - "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" + - "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" + - "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" + - "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" + - "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" + - "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + - "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" + - "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" + - "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" + - "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" + - "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" + - "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" + - "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" + - "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" + - "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" + - "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" + - "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" + - "OUU/dbcjLaFvoQsv3aAk\n" + - "-----END CERTIFICATE-----\n"; - - String signature = "r+18GjD74DWNbp1U5zzbw7lB0QI5OXXBReGQ5DmRn/SFqQj0H22omSoolqlmwk8fc6pBfSTQl68yWEztH6m14dKTcYozVFpn1TS0qSgxMYjPJ5N/4+wrhC/70yosLATdc2w1U/9UYeFxP0QbCBSLtH9dDgTfm8e7Y25c7l6jSI+/VZ6b4lno5786y4W/VYeP6ktOvI0qbLtFPLfpxjqJ5idXUspkblhrZ6dHzURTlUWfYTku5NfLoIPL2Hdr8WfTBBTk+TYmAEBGC7J3SY5m1SZOOGElh80CfLGFVtdZ862Sgj2X8hV1isBTEJpczQwdMmid2xzdmZgbnkzFh9F/eQ=="; - byte [] content = new byte[] {'t','e','s','t'}; - - - String cert = "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" + - "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" + - "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" + - "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" + - "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" + - "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" + - "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" + - "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" + - "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + - "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" + - "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" + - "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" + - "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" + - "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" + - "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" + - "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" + - "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" + - "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" + - "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" + - "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" + - "OUU/dbcjLaFvoQsv3aAk\n"; - - when(x509RsaCertification.generatePublicKey(cert)).thenReturn(publicKey); - when(x509RsaCertification.verify(content,signature, publicKey)).thenReturn(true); - - // when - RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(x509RsaCertification); - - // then - assertThat(rsaCertificateValidator.isValid(content, signature, publicCertificate)).isTrue(); - verify(x509RsaCertification,times(1)).generatePublicKey(cert); - verify(x509RsaCertification,times(1)).verify(content,signature, publicKey); - } - -}
\ No newline at end of file diff --git a/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip Binary files differnew file mode 100644 index 0000000..231d193 --- /dev/null +++ b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip diff --git a/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip Binary files differnew file mode 100644 index 0000000..15437d6 --- /dev/null +++ b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip diff --git a/csarvalidation/src/test/resources/pnf/signed-package.zip b/csarvalidation/src/test/resources/pnf/signed-package.zip Binary files differdeleted file mode 100644 index e4b7d00..0000000 --- a/csarvalidation/src/test/resources/pnf/signed-package.zip +++ /dev/null |