/*
* Copyright 2019 Nokia
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.onap.cvc.csar.cc.sol004;
import org.onap.cli.fw.error.OnapCommandException;
import org.onap.cli.fw.schema.OnapCommandSchema;
import org.onap.cvc.csar.CSARArchive;
import org.onap.cvc.csar.FileArchive;
import org.onap.cvc.csar.cc.VTPValidateCSARBase;
import org.onap.cvc.csar.parser.ManifestFileModel;
import org.onap.cvc.csar.parser.ManifestFileSplitter;
import org.onap.cvc.csar.parser.SourcesParser;
import org.onap.cvc.csar.security.CmsSignatureValidator;
import org.onap.cvc.csar.security.CmsSignatureValidatorException;
import org.onap.cvc.csar.security.ShaHashCodeGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
@OnapCommandSchema(schema = "vtp-validate-csar-r130206.yaml")
public class VTPValidateCSARR130206 extends VTPValidateCSARBase {
private static final Logger LOG = LoggerFactory.getLogger(VTPValidateCSARR130206.class);
private static final String SHA_256 = "SHA-256";
private static final String SHA_512 = "SHA-512";
private final ShaHashCodeGenerator shaHashCodeGenerator = new ShaHashCodeGenerator();
private final ManifestFileSignatureValidator manifestFileSignatureValidator = new ManifestFileSignatureValidator();
public static class CSARErrorUnableToFindCertificate extends CSARArchive.CSARError {
CSARErrorUnableToFindCertificate(String paramName) {
super("0x4001");
this.message = String.format("Unable to find cert file defined by %s!", paramName);
}
}
public static class CSARErrorUnableToFindCmsSection extends CSARArchive.CSARError {
CSARErrorUnableToFindCmsSection() {
super("0x4002");
this.message = "Unable to find CMS section in manifest!";
}
}
public static class CSARErrorUnableToFindCsarContent extends CSARArchive.CSARError {
CSARErrorUnableToFindCsarContent() {
super("0x4003");
this.message = "Unable to find csar content!";
}
}
public static class CSARErrorWrongHashCode extends CSARArchive.CSARError {
CSARErrorWrongHashCode(String path) {
super("0x4004");
this.message = String.format("Source '%s' has wrong hash!", path);
}
}
public static class CSARErrorUnableToFindAlgorithm extends CSARArchive.CSARError {
CSARErrorUnableToFindAlgorithm(String path) {
super("0x4005");
this.message = String.format("Source '%s' has hash, but unable to find algorithm tag!", path);
}
}
public static class CSARErrorUnableToFindSource extends CSARArchive.CSARError {
CSARErrorUnableToFindSource(String path) {
super("0x4006");
this.message = String.format("Unable to calculate digest - file missing: %s", path);
}
}
public static class CSARErrorInvalidSignature extends CSARArchive.CSARError {
CSARErrorInvalidSignature() {
super("0x4007");
this.message = "File has invalid CMS signature!";
}
}
public static class CSARErrorContentMismatch extends CSARArchive.CSARError {
CSARErrorContentMismatch() {
super("0x4008");
this.message = "Mismatch between contents of non-mano-artifact-sets and source files of the package";
}
}
@Override
protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
try {
FileArchive.Workspace workspace = csar.getWorkspace();
final Optional pathToCsarFolder = workspace.getPathToCsarFolder();
if (pathToCsarFolder.isPresent()) {
validate(csar, pathToCsarFolder.get());
} else {
this.errors.add(new CSARErrorUnableToFindCsarContent());
}
} catch (Exception e) {
LOG.error("Internal VTPValidateCSARR130206 command error", e);
throw new OnapCommandException("0x3000", "Internal VTPValidateCSARR130206 command error. See logs.");
}
}
private void validate(CSARArchive csar, Path csarRootDirectory) throws IOException, NoSuchAlgorithmException {
final CSARArchive.Manifest manifest = csar.getManifest();
validateSecurityStructure(csar, csarRootDirectory);
validateSources(csarRootDirectory, manifest);
final Map>> nonMano = manifest.getNonMano();
final List sources = manifest.getSources();
validateNonManoCohesionWithSources(nonMano, sources);
final File manifestMfFile = csar.getManifestMfFile();
final String absolutePathToEntryCertificate = getAbsolutePathToEntryCertificate(csar, csarRootDirectory);
if (manifestMfFile != null) {
validateFileSignature(manifestMfFile, absolutePathToEntryCertificate);
}
}
private String getAbsolutePathToEntryCertificate(CSARArchive csar, Path csarRootDirectory) {
final String entryCertificateFileName = csar.getToscaMeta().getEntryCertificate();
return String.format("%s/%s", csarRootDirectory.toAbsolutePath(), entryCertificateFileName);
}
private void validateNonManoCohesionWithSources(final Map>> nonMano,
final List sources) {
final Collection