From bd711684187e95a1dd3cd53622714aae22bb417c Mon Sep 17 00:00:00 2001 From: Bogumil Zebek Date: Thu, 9 May 2019 13:28:17 +0200 Subject: Security verification Change-Id: I759e3698a25dd4f84dc345c3fd4c0d201b75d233 Issue-ID: VNFSDK-395 Signed-off-by: Zebek Bogumil --- .../onap/cvc/csar/ZipFileContentValidatorTest.java | 134 --------------------- .../VTPValidateCSARR787965IntegrationTest.java | 37 +++++- 2 files changed, 36 insertions(+), 135 deletions(-) delete mode 100644 csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java (limited to 'csarvalidation/src/test/java/org') diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java deleted file mode 100644 index 7da91f8..0000000 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/ZipFileContentValidatorTest.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 2019 Nokia - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * http://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package org.onap.cvc.csar; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.junit.MockitoJUnitRunner; - -import java.nio.file.Path; -import java.util.List; -import java.util.stream.Collectors; - -import static org.assertj.core.api.Assertions.assertThat; - -@RunWith(MockitoJUnitRunner.class) -public class ZipFileContentValidatorTest { - - @Mock - Path rootFolder; - @Mock - Path pathToCsarWorkspace; - @Mock - Path certFile; - @Mock - Path csarFile; - @Mock - Path cmsFile; - - private ZipFileContentValidator zipFileContentValidator; - - - @Before - public void setUp(){ - zipFileContentValidator = new ZipFileContentValidator(); - } - - @Test - public void shouldReportThatCertFileAndCmsFileIsNotAvailable() { - // given - FileArchive.Workspace workspace = FileArchive.Workspace.forZip( - rootFolder, - pathToCsarWorkspace, - null, - null, - null - ); - - // when - List errors = zipFileContentValidator.validate(workspace); - - // then - assertThat(errors.size()).isEqualTo(2); - assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains( - "Missing. Cert file is not available!", "Missing. CMS file is not available!" - ); - } - - @Test - public void shouldReportThatCertFileIsNotAvailable() { - // given - FileArchive.Workspace workspace = FileArchive.Workspace.forZip( - rootFolder, - pathToCsarWorkspace, - null, - cmsFile, - csarFile - ); - - // when - List errors = zipFileContentValidator.validate(workspace); - - // then - assertThat(errors.size()).isEqualTo(1); - assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains( - "Missing. Cert file is not available!" - ); - } - - @Test - public void shouldReportThatCmsFileIsNotAvailable() { - // given - FileArchive.Workspace workspace = FileArchive.Workspace.forZip( - rootFolder, - pathToCsarWorkspace, - certFile, - null, - csarFile - ); - - // when - List errors = zipFileContentValidator.validate(workspace); - - // then - assertThat(errors.size()).isEqualTo(1); - assertThat(errors.stream().map(CSARArchive.CSARError::getMessage).collect(Collectors.toList())).contains( - "Missing. CMS file is not available!" - ); - } - - @Test - public void shouldNotReportAnyErrorWhenAllFilesAreAvailable() { - // given - FileArchive.Workspace workspace = FileArchive.Workspace.forZip( - rootFolder, - pathToCsarWorkspace, - certFile, - cmsFile, - csarFile - ); - - // when - List errors = zipFileContentValidator.validate(workspace); - - // then - assertThat(errors.size()).isEqualTo(0); - } -} \ No newline at end of file diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java index c19fe99..ffbf87e 100644 --- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java +++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java @@ -59,6 +59,42 @@ public class VTPValidateCSARR787965IntegrationTest { ); } + @Test + public void shouldReportThatZipContainsSignatureWithCertificationFileAndPackageIsProbableValid() throws Exception { + + // given + configureTestCase(testCase, "pnf/r787965/signature-and-certificate.zip"); + + // when + testCase.execute(); + + // then + List errors = testCase.getErrors(); + assertThat(errors.size()).isEqualTo(1); + assertThat(convertToMessagesList(errors)).contains( + "Warning. Zip package probably is valid. " + + "It contains only signature with certification cms and csar package. " + + "Unable to verify csar signature." + ); + } + + @Test + public void shouldReportThatZipPackageIsBroken() throws Exception { + + // given + configureTestCase(testCase, "pnf/r787965/broken.zip"); + + // when + testCase.execute(); + + // then + List errors = testCase.getErrors(); + assertThat(errors.size()).isEqualTo(1); + assertThat(convertToMessagesList(errors)).contains( + "Missing. Unable to find certification files." + ); + } + @Test public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception { @@ -73,5 +109,4 @@ public class VTPValidateCSARR787965IntegrationTest { assertThat(errors.size()).isEqualTo(0); } - } \ No newline at end of file -- cgit 1.2.3-korg