diff options
author | Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2020-10-13 14:10:28 +0200 |
---|---|---|
committer | Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com> | 2020-10-13 14:43:36 +0200 |
commit | 5e085985d5e333fbb000c37c8c508c0d46b7d7ee (patch) | |
tree | bd34d0079efa0dc18c023655447aa601be8fbee5 /csarvalidation | |
parent | c8f3d47d4ac7b33632165f2b70a4d1f3ceea43bf (diff) |
Add error when CMS and TOSCA meta file are present, however TOSCA does not contains ETSI-Entry-Certificate
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Change-Id: I238ac7544f1eda9fa1bc0f2a89120dc3ae33437a
Issue-ID: VNFSDK-660
Diffstat (limited to 'csarvalidation')
-rw-r--r-- | csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java | 35 | ||||
-rw-r--r-- | csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java | 35 | ||||
-rw-r--r-- | csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar | bin | 25868 -> 0 bytes | |||
-rw-r--r-- | csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar (renamed from csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar) | bin | 6518 -> 5491 bytes |
4 files changed, 36 insertions, 34 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java index 822ddde..05feb54 100644 --- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java +++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206.java @@ -166,7 +166,15 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { CSARErrorRootCertificateIsPresentDespiteTheEtsiEntryCertificate() { super("0x4013"); - this.message = "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate"; + this.message = "Certificate present in root catalog despite the TOSCA.meta file"; + } + } + + public static class CSARErrorUnableToFindCertificateEntryInTosca extends CSARArchive.CSARError { + + CSARErrorUnableToFindCertificateEntryInTosca() { + super("0x4014"); + this.message = "Unable to find ETSI-Entry-Certificate in Tosca file"; } } @@ -199,7 +207,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { if (containsCms(csar.getManifest())) { validateCmsSignature(csar, csarRootDirectory); } else if ( - containsCertificateInTosca(csar.getToscaMeta()) || + ( containsToscaMeta(csar) && containsCertificateInTosca(csar.getToscaMeta()) ) || containsCertificateInRootCatalog(csar) || containsHashOrAlgorithm(csar.getManifest())) { this.errors.add(new CSARErrorUnableToFindCms()); @@ -213,7 +221,7 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { CmsSignatureData signatureData = this.manifestFileSignatureValidator.createSignatureData(csar.getManifestMfFile()); if (signatureData.getCertificate().isPresent()) { validateCertificationUsingCmsCertificate(signatureData, csar, csarRootDirectory); - } else if (containsCertificateInTosca(csar.getToscaMeta())) { + } else if (containsToscaMeta(csar)) { validateCertificationUsingTosca(signatureData, csar, csarRootDirectory); } else if (containsCertificateInRootCatalog(csar)) { validateCertificationUsingCertificateFromRootDirectory(signatureData, csar, csarRootDirectory); @@ -231,6 +239,10 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { return cms != null && !cms.equals(EMPTY_STRING); } + private boolean containsToscaMeta(CSARArchive archive) { + return archive.getToscaMetaFile() != null; + } + private boolean containsCertificateInTosca(CSARArchive.TOSCAMeta toscaMeta) { String certificate = toscaMeta.getEntryCertificate(); return certificate != null && !certificate.equals(EMPTY_STRING); @@ -276,12 +288,17 @@ public class VTPValidateCSARR130206 extends VTPValidateCSARBase { } private boolean loadCertificateFromTosca(CmsSignatureData signatureData, CSARArchive csar) { - try { - final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath(); - signatureData.loadCertificate(absolutePathToEntryCertificate); - return true; - } catch (CertificateLoadingException e) { - this.errors.add(new CSARErrorUnableToFindEntryCertificate()); + if(csar.getToscaMeta().getEntryCertificate() != null) { + try { + final Path absolutePathToEntryCertificate = csar.getFileFromCsar(csar.getToscaMeta().getEntryCertificate()).toPath(); + signatureData.loadCertificate(absolutePathToEntryCertificate); + return true; + } catch (CertificateLoadingException e) { + this.errors.add(new CSARErrorUnableToFindEntryCertificate()); + return false; + } + } else { + this.errors.add(new CSARErrorUnableToFindCertificateEntryInTosca()); return false; } } diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java index cdaef79..443a61a 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR130206IntegrationTest.java @@ -20,8 +20,10 @@ package org.onap.cvc.csar.cc.sol004; import org.junit.Before; import org.junit.Ignore; import org.junit.Test; +import org.onap.cli.fw.error.OnapCommandException; import org.onap.cvc.csar.CSARArchive; +import java.net.URISyntaxException; import java.util.List; import static org.assertj.core.api.Assertions.assertThat; @@ -81,24 +83,6 @@ public class VTPValidateCSARR130206IntegrationTest { } @Test - @Ignore("It is impossible to write test which will always pass, because certificate used to sign the file has time validity." + - "To verify signed package please please follow instructions from test/resources/README.txt file and comment @Ignore tag. " + - "Use instructions for option 1. Test was created for manual verification." - ) - public void manual_shouldValidateCsarWithCertificateInRootWithValidSignature() throws Exception { - - // given - configureTestCase(testCase, "pnf/r130206/csar-cert-in-root-valid.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); - - // when - testCase.execute(); - - // then - List<CSARArchive.CSARError> errors = testCase.getErrors(); - assertThat(errors.size()).isZero(); - } - - @Test public void shouldReportWarningForMissingCertInCmsToscaMetaAndRootCatalogAndMissingHashCodesInManifest() throws Exception{ // given @@ -150,10 +134,10 @@ public class VTPValidateCSARR130206IntegrationTest { } @Test - public void shouldReturnNoErrorWhenCertIsOnlyInRootDirectoryAndAlgorithmAndHashesAreCorrect() + public void shouldReturnErrorWhenCsarContainsToscaFileHoweverToscaDoesNotContainsCertEntryAndAlgorithmAndHashesAreCorrect() throws Exception{ // given - configureTestCase(testCase, "pnf/r130206/csar-cert-in-root.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); + configureTestCase(testCase, "pnf/r130206/csar-with-tosca-no-cert-entry.csar", "vtp-validate-csar-r130206.yaml", IS_PNF); // when testCase.execute(); @@ -162,7 +146,7 @@ public class VTPValidateCSARR130206IntegrationTest { List<CSARArchive.CSARError> errors = testCase.getErrors(); assertThat(errors.size()).isEqualTo(1); assertThat(convertToMessagesList(errors)).contains( - "File has invalid signature!" + "Unable to find ETSI-Entry-Certificate in Tosca file" ); } @@ -213,10 +197,11 @@ public class VTPValidateCSARR130206IntegrationTest { // then List<CSARArchive.CSARError> errors = testCase.getErrors(); - assertThat(errors.size()).isEqualTo(2); + assertThat(errors.size()).isEqualTo(3); assertThat(convertToMessagesList(errors)).contains( "Source 'Artifacts/Deployment/Events/RadioNode_Pnf_v1.yaml' has wrong hash!", - "File has invalid signature!" + "Unable to find ETSI-Entry-Certificate in Tosca file", + "Certificate present in root catalog despite the TOSCA.meta file" ); } @@ -369,7 +354,7 @@ public class VTPValidateCSARR130206IntegrationTest { List<CSARArchive.CSARError> errors = testCase.getErrors(); assertThat(errors.size()).isEqualTo(2); assertThat(convertToMessagesList(errors)).contains( - "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate", + "Certificate present in root catalog despite the TOSCA.meta file", "File has invalid signature!" ); } @@ -387,7 +372,7 @@ public class VTPValidateCSARR130206IntegrationTest { List<CSARArchive.CSARError> errors = testCase.getErrors(); assertThat(errors.size()).isEqualTo(3); assertThat(convertToMessagesList(errors)).contains( - "Certificate present in root catalog despite the certificate is included in ETSI-Entry-Certificate", + "Certificate present in root catalog despite the TOSCA.meta file", "Source 'Artifacts/Deployment/Yang_module/yang-module1.yang' has wrong hash!", "File has invalid signature!" ); diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar Binary files differdeleted file mode 100644 index 70885d8..0000000 --- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root-valid.csar +++ /dev/null diff --git a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar Binary files differindex d5d8f94..d5c27e1 100644 --- a/csarvalidation/src/test/resources/pnf/r130206/csar-cert-in-root.csar +++ b/csarvalidation/src/test/resources/pnf/r130206/csar-with-tosca-no-cert-entry.csar |