summaryrefslogtreecommitdiffstats
path: root/csarvalidation/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'csarvalidation/src/main/java')
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/CsarSourceSecurityValidator.java2
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/Error.java4
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureDataFactory.java25
-rw-r--r--csarvalidation/src/main/java/org/onap/cvc/csar/security/SignatureFactory.java60
4 files changed, 70 insertions, 21 deletions
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/CsarSourceSecurityValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/CsarSourceSecurityValidator.java
index 282b37d..8710c36 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/CsarSourceSecurityValidator.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/CsarSourceSecurityValidator.java
@@ -33,7 +33,7 @@ import java.util.List;
public class CsarSourceSecurityValidator {
public static final String SIGNATURE_FILE_TYPE = "signature";
- private static final String[] ARTIFACT_SIGNATURE_EXTENSIONS = {".sig.cms"};
+ private static final String[] ARTIFACT_SIGNATURE_EXTENSIONS = {".sig.cms",".sig.p7b",".sig.p7c"};
public static final String CERTIFICATE_FILE_TYPE = "certificate";
private static final String[] ARTIFACT_CERTIFICATE_EXTENSIONS = {".cert"};
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/Error.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/Error.java
index 72b036f..f74b6a5 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/Error.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/r130206/Error.java
@@ -170,9 +170,9 @@ public class Error {
public static class CSARErrorFailToLoadArtifactSignature extends CSARArchive.CSARError {
- public CSARErrorFailToLoadArtifactSignature(String path, String cms) {
+ public CSARErrorFailToLoadArtifactSignature(String source, String signature) {
super("0x4019");
- this.message = String.format("Fail to load signature '%s', for source '%s'!", path, cms);
+ this.message = String.format("Fail to load signature '%s', for source '%s'!", signature, source);
}
}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureDataFactory.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureDataFactory.java
index 2744bc6..834f0ad 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureDataFactory.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureDataFactory.java
@@ -24,23 +24,21 @@ import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.Store;
-import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.InputStreamReader;
-import java.nio.charset.Charset;
import java.util.Collection;
import java.util.Optional;
public class CmsSignatureDataFactory {
+ private final SignatureFactory signatureFactory = new SignatureFactory();
+
public CmsSignatureData createForFirstSigner(final byte[] cmsSignature, final byte[] fileContent)
- throws CmsSignatureLoadingException{
+ throws CmsSignatureLoadingException {
- try (ByteArrayInputStream cmsSignatureStream = new ByteArrayInputStream(cmsSignature)) {
- CMSSignedData signedData = getCMSSignedData(fileContent, cmsSignatureStream);
+ try {
+ CMSSignedData signedData = getCMSSignedData(fileContent, cmsSignature);
Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
Store<X509CertificateHolder> certificates = signedData.getCertificates();
SignerInformation firstSigner = getFirstSigner(signers);
@@ -73,19 +71,10 @@ public class CmsSignatureDataFactory {
return cert;
}
-
- private CMSSignedData getCMSSignedData(byte[] innerPackageFileCSAR, ByteArrayInputStream signatureStream) throws IOException, CmsSignatureLoadingException, CMSException {
- ContentInfo signature = produceSignature(signatureStream);
+ private CMSSignedData getCMSSignedData(byte[] innerPackageFileCSAR, byte[] signatureStream) throws IOException, CmsSignatureLoadingException, CMSException {
+ ContentInfo signature = signatureFactory.createSignature(signatureStream);
CMSTypedData signedContent = new CMSProcessableByteArray(innerPackageFileCSAR);
return new CMSSignedData(signedContent, signature);
}
- private ContentInfo produceSignature(ByteArrayInputStream signatureStream) throws IOException, CmsSignatureLoadingException {
- Object parsedObject = new PEMParser(new InputStreamReader(signatureStream, Charset.defaultCharset())).readObject();
- if (!(parsedObject instanceof ContentInfo)) {
- throw new CmsSignatureLoadingException("Signature is not recognized!");
- }
- return ContentInfo.getInstance(parsedObject);
- }
-
}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/SignatureFactory.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/SignatureFactory.java
new file mode 100644
index 0000000..00e9fce
--- /dev/null
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/SignatureFactory.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2021 Nokia
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar.security;
+
+import org.apache.commons.codec.binary.Base64;
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.openssl.PEMParser;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+public class SignatureFactory {
+
+ public static final String PEM_SIGNATURE_BEGIN_TAG = "-----BEGIN CMS-----";
+ public static final String PEM_SIGNATURE_END_TAG = "-----END CMS-----";
+
+ public ContentInfo createSignature(byte[] signatureStream) throws IOException, CmsSignatureLoadingException {
+ byte[] pemSignatureStream = convertSignatureToPemIfInDerFormat(signatureStream);
+ try(ByteArrayInputStream signatureInput = new ByteArrayInputStream(pemSignatureStream)) {
+ Object parsedObject = new PEMParser(new InputStreamReader(signatureInput)).readPemObject().getContent();
+ return ContentInfo.getInstance(parsedObject);
+ } catch (Exception e) {
+ throw new CmsSignatureLoadingException("Signature is not recognized!", e);
+ }
+ }
+
+ private byte[] convertSignatureToPemIfInDerFormat(byte[] signatureStream) throws IOException {
+ byte[] encodedSignatureStream = signatureStream.clone();
+ if (!Base64.isBase64(signatureStream)) {
+ encodedSignatureStream = Base64.encodeBase64(encodedSignatureStream);
+ encodedSignatureStream = wrapWithPemTags(encodedSignatureStream);
+ }
+ return encodedSignatureStream;
+ }
+
+ private byte[] wrapWithPemTags(byte[] encodedSignatureStream) throws IOException {
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream( );
+ outputStream.write( (PEM_SIGNATURE_BEGIN_TAG + "\n").getBytes() );
+ outputStream.write( encodedSignatureStream );
+ outputStream.write( ("\n" + PEM_SIGNATURE_END_TAG).getBytes() );
+ return outputStream.toByteArray();
+ }
+}