2 * Copyright (c) 2018 AT&T Intellectual Property.
4 * Modifications Copyright (c) 2018 Verizon Property.
5 * Modifications Copyright (c) 2019 Nordix Foundation.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration;
22 import static org.openecomp.core.validation.errors.ErrorMessagesFormatBuilder.getErrorWithParameters;
24 import java.io.IOException;
25 import java.util.Optional;
26 import org.openecomp.core.utilities.file.FileContentHandler;
27 import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum;
28 import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
29 import org.openecomp.sdc.common.errors.CoreException;
30 import org.openecomp.sdc.common.errors.Messages;
31 import org.openecomp.sdc.common.utils.SdcCommon;
32 import org.openecomp.sdc.datatypes.error.ErrorLevel;
33 import org.openecomp.sdc.datatypes.error.ErrorMessage;
34 import org.openecomp.sdc.vendorsoftwareproduct.dao.type.OrchestrationTemplateCandidateData;
35 import org.openecomp.sdc.vendorsoftwareproduct.dao.type.VspDetails;
36 import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.CsarSecurityValidator;
37 import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.Validator;
38 import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation.ValidatorFactory;
39 import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException;
40 import org.openecomp.sdc.vendorsoftwareproduct.services.filedatastructuremodule.CandidateService;
41 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackage;
42 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
43 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
44 import org.openecomp.sdc.vendorsoftwareproduct.types.UploadFileResponse;
46 public class OrchestrationTemplateCSARHandler extends BaseOrchestrationTemplateHandler {
49 public UploadFileResponse validate(final OnboardPackageInfo onboardPackageInfo) {
50 final UploadFileResponse uploadFileResponse = new UploadFileResponse();
51 if (onboardPackageInfo.getPackageType() == OnboardingTypesEnum.SIGNED_CSAR) {
52 final OnboardSignedPackage originalOnboardPackage = (OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage();
53 final ArtifactInfo artifactInfo = onboardPackageInfo.getArtifactInfo();
54 validatePackageSecurity(originalOnboardPackage, artifactInfo).ifPresent(packageSignatureResponse -> {
55 if (packageSignatureResponse.hasErrors()) {
56 uploadFileResponse.addStructureErrors(packageSignatureResponse.getErrors());
59 if (uploadFileResponse.hasErrors()) {
60 return uploadFileResponse;
63 final OnboardPackage onboardPackage = onboardPackageInfo.getOnboardPackage();
64 final FileContentHandler fileContentHandler = onboardPackage.getFileContentHandler();
66 final Validator validator = ValidatorFactory.getValidator(fileContentHandler);
67 uploadFileResponse.addStructureErrors(validator.validateContent(fileContentHandler));
68 } catch (IOException exception) {
69 logger.error(exception.getMessage(), exception);
71 .addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, Messages.INVALID_CSAR_FILE.getErrorMessage()));
72 } catch (CoreException coreException) {
73 logger.error(coreException.getMessage(), coreException);
74 uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, coreException.getMessage()));
76 return uploadFileResponse;
79 private Optional<UploadFileResponse> validatePackageSecurity(final OnboardSignedPackage signedPackage, final ArtifactInfo artifactInfo) {
80 final UploadFileResponse uploadFileResponseDto = new UploadFileResponse();
82 final CsarSecurityValidator csarSecurityValidator = new CsarSecurityValidator();
83 if (!csarSecurityValidator.verifyPackageSignature(signedPackage, artifactInfo)) {
84 final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, Messages.FAILED_TO_VERIFY_SIGNATURE.getErrorMessage());
85 logger.error(errorMessage.getMessage());
86 uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage);
87 return Optional.of(uploadFileResponseDto);
89 } catch (final SecurityManagerException e) {
90 final ErrorMessage errorMessage = new ErrorMessage(ErrorLevel.ERROR, e.getMessage());
91 logger.error("Could not validate package signature {}", signedPackage.getFilename(), e);
92 uploadFileResponseDto.addStructureError(SdcCommon.UPLOAD_FILE, errorMessage);
93 return Optional.of(uploadFileResponseDto);
95 return Optional.empty();
99 protected UploadFileResponse updateCandidateData(final VspDetails vspDetails, final OnboardPackageInfo onboardPackageInfo,
100 final CandidateService candidateService) {
101 final UploadFileResponse uploadFileResponse = new UploadFileResponse();
102 final OnboardPackage csarPackage = onboardPackageInfo.getOnboardPackage();
103 final OnboardPackage originalOnboardPackage = onboardPackageInfo.getOriginalOnboardPackage();
105 final var candidateData = new OrchestrationTemplateCandidateData(csarPackage.getFileContent(), csarPackage.getFileExtension(),
106 csarPackage.getFilename(), originalOnboardPackage.getFilename(), originalOnboardPackage.getFileExtension(),
107 originalOnboardPackage.getFileContent(), onboardPackageInfo.getArtifactInfo());
108 candidateService.updateCandidateUploadData(vspDetails.getId(), vspDetails.getVersion(), candidateData);
109 } catch (final Exception exception) {
110 logger.error(getErrorWithParameters(Messages.FILE_LOAD_CONTENT_ERROR.getErrorMessage(), getHandlerType().toString()), exception);
111 uploadFileResponse.addStructureError(SdcCommon.UPLOAD_FILE, new ErrorMessage(ErrorLevel.ERROR, exception.getMessage()));
113 return uploadFileResponse;
117 protected OnboardingTypesEnum getHandlerType() {
118 return OnboardingTypesEnum.CSAR;