summaryrefslogtreecommitdiffstats
path: root/csarvalidation
diff options
context:
space:
mode:
authorBogumil Zebek <bogumil.zebek@nokia.com>2019-05-31 13:58:12 +0200
committerZebek Bogumil <bogumil.zebek@nokia.com>2019-05-31 13:58:12 +0200
commit379eb896b050fbb1f88ca7e736665c573f8c9f74 (patch)
tree5bdd21ed80f11f8c6807cd6fc0fe40b713d9f81e /csarvalidation
parent2b293e3d6c9c2ff693ccebf8ee757980cf6e2499 (diff)
Handle signature in cms
Change-Id: Ied997305efe347859cbd069f2887f792adc775c0 Issue-ID: VNFSDK-414 Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation')
-rw-r--r--csarvalidation/pom.xml6
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java12
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java43
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java66
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java90
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java28
-rw-r--r--csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java2
-rw-r--r--csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java2
-rw-r--r--csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java20
-rw-r--r--csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java105
-rw-r--r--csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zipbin0 -> 3689 bytes
-rw-r--r--csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zipbin0 -> 3777 bytes
-rw-r--r--csarvalidation/src/test/resources/pnf/signed-package.zipbin3449 -> 0 bytes
13 files changed, 146 insertions, 228 deletions
diff --git a/csarvalidation/pom.xml b/csarvalidation/pom.xml
index 5cd0d7c..bb47a08 100644
--- a/csarvalidation/pom.xml
+++ b/csarvalidation/pom.xml
@@ -113,7 +113,11 @@
<artifactId>commons-io</artifactId>
<version>2.5</version>
</dependency>
-
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>1.61</version>
+ </dependency>
<dependency>
<groupId>org.onap.cli</groupId>
<artifactId>cli-framework</artifactId>
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
index a5ff4ed..621ede0 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
@@ -23,14 +23,12 @@ import org.onap.cli.fw.schema.OnapCommandSchema;
import org.onap.cvc.csar.CSARArchive;
import org.onap.cvc.csar.FileArchive;
import org.onap.cvc.csar.cc.VTPValidateCSARBase;
-import org.onap.cvc.csar.rsa.RSACertificateValidator;
-import org.onap.cvc.csar.rsa.X509RsaCertification;
+import org.onap.cvc.csar.security.CmsSignatureValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.nio.file.Files;
import java.nio.file.Path;
-import java.util.Base64;
import java.util.Optional;
@OnapCommandSchema(schema = "vtp-validate-csar-r787965.yaml")
@@ -49,7 +47,7 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase {
protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
try {
- final RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(new X509RsaCertification());
+ final CmsSignatureValidator securityManager = new CmsSignatureValidator();
FileArchive.Workspace workspace = csar.getWorkspace();
final Optional<Path> pathToCsarFile = workspace.getPathToCsarFile();
@@ -58,10 +56,10 @@ public class VTPValidateCSARR787965 extends VTPValidateCSARBase {
if (workspace.isZip() && pathToCsarFile.isPresent() && pathToCertFile.isPresent() && pathToCmsFile.isPresent()) {
byte[] csarContent = Files.readAllBytes(pathToCsarFile.get());
- String signature = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCmsFile.get()));
- String publicCertification = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCertFile.get()));
+ byte[] signature = Files.readAllBytes(pathToCmsFile.get());
+ byte[] publicCertification = Files.readAllBytes(pathToCertFile.get());
- if (!rsaCertificateValidator.isValid(csarContent, signature, publicCertification)) {
+ if (!securityManager.verifySignedData(signature, publicCertification,csarContent)) {
this.errors.add(new CSARErrorInvalidSignature());
}
}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java
deleted file mode 100644
index 022f697..0000000
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-
-import java.security.PublicKey;
-
-public class RSACertificateValidator {
-
- private final X509RsaCertification x509RsaCertification;
-
- public RSACertificateValidator(X509RsaCertification x509RsaCertification) {
- this.x509RsaCertification = x509RsaCertification;
- }
-
- public boolean isValid(byte [] content, String signature, String publicCertificateContent) throws Exception {
-
- String publicCert = extractPublicKeyCertificate(publicCertificateContent);
- final PublicKey publicKey = this.x509RsaCertification.generatePublicKey(publicCert);
-
- return this.x509RsaCertification.verify(content,signature,publicKey);
- }
-
- private String extractPublicKeyCertificate(String publicCertificateContent) {
- String publicCert = publicCertificateContent.replace("-----BEGIN CERTIFICATE-----\n", "");
- return publicCert.replace("-----END CERTIFICATE-----\n", "");
- }
-}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java
deleted file mode 100644
index 8395221..0000000
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-import org.apache.commons.codec.binary.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-public class X509RsaCertification {
-
- private static final Logger LOG = LoggerFactory.getLogger(X509RsaCertification.class);
-
- PublicKey generatePublicKey(String cert) throws CertificateException {
- byte[] encodedCert = cert.getBytes(StandardCharsets.UTF_8);
- byte[] decodedCert = Base64.decodeBase64(encodedCert);
- CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- InputStream in = new ByteArrayInputStream(decodedCert);
- X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(in);
-
- LOG.info(String.format("Subject DN : %s", certificate.getSubjectDN().getName()));
- LOG.info(String.format("Issuer : %s", certificate.getIssuerDN().getName()));
- LOG.info(String.format("Not After: %s", certificate.getNotAfter()));
- LOG.info(String.format("Not Before: %s", certificate.getNotBefore()));
- LOG.info(String.format("version: %d", certificate.getVersion()));
- LOG.info(String.format("serial number : %s", certificate.getSerialNumber()));
-
- return certificate.getPublicKey();
- }
-
- boolean verify(byte[] content, String signature, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- Signature publicSignature = Signature.getInstance("SHA256withRSA");
- publicSignature.initVerify(publicKey);
- publicSignature.update(content);
-
- byte[] signatureBytes = java.util.Base64.getDecoder().decode(signature);
-
- return publicSignature.verify(signatureBytes);
- }
-}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
new file mode 100644
index 0000000..316c802
--- /dev/null
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2019
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar.security;
+
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSSignerDigestMismatchException;
+import org.bouncycastle.cms.CMSTypedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.operator.OperatorCreationException;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+
+public class CmsSignatureValidator {
+
+ public boolean verifySignedData(
+ final byte[] signature,
+ final byte[] certificate,
+ final byte[] csarFileContent) throws CmsSignatureValidatorException {
+
+ try (ByteArrayInputStream signatureStream = new ByteArrayInputStream(signature)) {
+ SignerInformation firstSigner = getSignerInformation(csarFileContent, signatureStream);
+ X509Certificate cert = loadCertificate(certificate);
+
+ return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert));
+ } catch (CMSSignerDigestMismatchException e){
+ //message-digest attribute value does not match calculated value
+ return false;
+ }
+ catch (OperatorCreationException | IOException | CMSException e) {
+ throw new CmsSignatureValidatorException("Unexpected error occurred during signature validation!", e);
+ }
+ }
+
+ private SignerInformation getSignerInformation(byte[] innerPackageFileCSAR, ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException, CMSException {
+ ContentInfo signature = produceSignature(signatureStream);
+ CMSTypedData signedContent = new CMSProcessableByteArray(innerPackageFileCSAR);
+ CMSSignedData signedData = new CMSSignedData(signedContent, signature);
+
+ Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+ return signers.iterator().next();
+ }
+
+ private ContentInfo produceSignature(ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException {
+ Object parsedObject = new PEMParser(new InputStreamReader(signatureStream)).readObject();
+ if (!(parsedObject instanceof ContentInfo)) {
+ throw new CmsSignatureValidatorException("Signature is not recognized!");
+ }
+ return ContentInfo.getInstance(parsedObject);
+ }
+
+
+ private X509Certificate loadCertificate(byte[] certFile) throws CmsSignatureValidatorException {
+ try (InputStream in = new ByteArrayInputStream(certFile)) {
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ return (X509Certificate) factory.generateCertificate(in);
+ } catch (CertificateException | IOException e) {
+ throw new CmsSignatureValidatorException("Error during loading Certificate from bytes!", e);
+ }
+ }
+
+
+}
+
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java
new file mode 100644
index 0000000..75cd8de
--- /dev/null
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2019
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.onap.cvc.csar.security;
+
+public class CmsSignatureValidatorException extends Exception {
+
+ public CmsSignatureValidatorException(String s) {
+ super(s);
+ }
+
+ public CmsSignatureValidatorException(String s, Throwable t) {
+ super(s, t);
+ }
+}
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
index 25e36f6..e724283 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
@@ -60,7 +60,7 @@ public class CsarValidatorTest {
"csar-validate",
"--format", "json",
"--pnf",
- "--csar", absoluteFilePath("pnf/signed-package.zip")});
+ "--csar", absoluteFilePath("pnf/signed-package-valid-signature.zip")});
cli.handle();
assertEquals(0, cli.getExitCode());
}
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
index 1ac8073..738b4f6 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
@@ -56,7 +56,7 @@ public class FileArchiveTest {
String absolutePath = folder.getRoot().getAbsolutePath();
// when
- FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package.zip"));
+ FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package-valid-signature.zip"));
// then
assertTrue(workspace.isZip());
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
index 5c11c8a..c19fe99 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
@@ -43,12 +43,10 @@ public class VTPValidateCSARR787965IntegrationTest {
}
@Test
- public void shouldReportCsarHasInvalidSignature() throws Exception {
- // We will not prepare positive test case, because X509 certification has expiration date and such test will
- // stop working in the future.
+ public void shouldReportThatCsarHasInvalidSignature() throws Exception {
// given
- configureTestCase(testCase, "pnf/signed-package.zip");
+ configureTestCase(testCase, "pnf/signed-package-invalid-signature.zip");
// when
testCase.execute();
@@ -61,5 +59,19 @@ public class VTPValidateCSARR787965IntegrationTest {
);
}
+ @Test
+ public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception {
+
+ // given
+ configureTestCase(testCase, "pnf/signed-package-valid-signature.zip");
+
+ // when
+ testCase.execute();
+
+ // then
+ List<CSARArchive.CSARError> errors = testCase.getErrors();
+ assertThat(errors.size()).isEqualTo(0);
+ }
+
} \ No newline at end of file
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
deleted file mode 100644
index 9a3e124..0000000
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-
-import java.security.PublicKey;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
-@RunWith(MockitoJUnitRunner.class)
-public class RSACertificateValidatorTest {
-
- @Mock
- private X509RsaCertification x509RsaCertification;
-
- @Mock
- private PublicKey publicKey;
-
- @Test
- public void shouldReturnInformationThatCsarHasValidSignature() throws Exception {
-
- // given
- String publicCertificate ="-----BEGIN CERTIFICATE-----\n" +
- "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
- "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
- "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
- "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
- "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
- "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
- "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
- "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
- "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
- "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
- "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
- "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
- "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
- "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
- "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
- "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
- "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
- "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
- "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
- "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
- "OUU/dbcjLaFvoQsv3aAk\n" +
- "-----END CERTIFICATE-----\n";
-
- String signature = "r+18GjD74DWNbp1U5zzbw7lB0QI5OXXBReGQ5DmRn/SFqQj0H22omSoolqlmwk8fc6pBfSTQl68yWEztH6m14dKTcYozVFpn1TS0qSgxMYjPJ5N/4+wrhC/70yosLATdc2w1U/9UYeFxP0QbCBSLtH9dDgTfm8e7Y25c7l6jSI+/VZ6b4lno5786y4W/VYeP6ktOvI0qbLtFPLfpxjqJ5idXUspkblhrZ6dHzURTlUWfYTku5NfLoIPL2Hdr8WfTBBTk+TYmAEBGC7J3SY5m1SZOOGElh80CfLGFVtdZ862Sgj2X8hV1isBTEJpczQwdMmid2xzdmZgbnkzFh9F/eQ==";
- byte [] content = new byte[] {'t','e','s','t'};
-
-
- String cert = "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
- "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
- "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
- "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
- "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
- "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
- "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
- "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
- "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
- "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
- "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
- "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
- "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
- "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
- "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
- "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
- "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
- "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
- "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
- "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
- "OUU/dbcjLaFvoQsv3aAk\n";
-
- when(x509RsaCertification.generatePublicKey(cert)).thenReturn(publicKey);
- when(x509RsaCertification.verify(content,signature, publicKey)).thenReturn(true);
-
- // when
- RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(x509RsaCertification);
-
- // then
- assertThat(rsaCertificateValidator.isValid(content, signature, publicCertificate)).isTrue();
- verify(x509RsaCertification,times(1)).generatePublicKey(cert);
- verify(x509RsaCertification,times(1)).verify(content,signature, publicKey);
- }
-
-} \ No newline at end of file
diff --git a/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip
new file mode 100644
index 0000000..231d193
--- /dev/null
+++ b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip
Binary files differ
diff --git a/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip
new file mode 100644
index 0000000..15437d6
--- /dev/null
+++ b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip
Binary files differ
diff --git a/csarvalidation/src/test/resources/pnf/signed-package.zip b/csarvalidation/src/test/resources/pnf/signed-package.zip
deleted file mode 100644
index e4b7d00..0000000
--- a/csarvalidation/src/test/resources/pnf/signed-package.zip
+++ /dev/null
Binary files differ