2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2019 Nordix Foundation
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 * SPDX-License-Identifier: Apache-2.0
17 * ============LICENSE_END=========================================================
20 package org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validation;
22 import static java.nio.file.StandardCopyOption.REPLACE_EXISTING;
23 import static org.hamcrest.core.Is.is;
24 import static org.junit.Assert.assertThat;
25 import static org.junit.Assert.fail;
26 import static org.mockito.ArgumentMatchers.any;
27 import static org.mockito.Mockito.when;
28 import static org.mockito.MockitoAnnotations.initMocks;
30 import java.io.IOException;
32 import java.net.URISyntaxException;
33 import java.nio.file.Files;
34 import java.nio.file.Path;
35 import java.nio.file.Paths;
36 import java.util.List;
37 import java.util.UUID;
38 import java.util.stream.Collectors;
39 import org.junit.jupiter.api.AfterEach;
40 import org.junit.jupiter.api.Assertions;
41 import org.junit.jupiter.api.BeforeEach;
42 import org.junit.jupiter.api.Test;
43 import org.mockito.Mock;
44 import org.openecomp.sdc.be.csar.storage.ArtifactInfo;
45 import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
46 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
47 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
48 import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManager;
49 import org.openecomp.sdc.vendorsoftwareproduct.security.SecurityManagerException;
50 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
51 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
53 class CsarSecurityValidatorTest {
55 private static final String BASE_DIR = "/vspmanager.csar/signing/";
56 private static final String DELIMITER = "---";
57 private CsarSecurityValidator csarSecurityValidator;
59 private SecurityManager securityManager;
62 void tearDown() throws Exception {
66 private void restore() throws Exception {
67 final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI();
68 final List<Path> list = Files.list(Path.of(uri.getPath())).filter(path -> path.toString().contains(DELIMITER)).collect(Collectors.toList());
69 for (final Path path : list) {
70 final String[] split = path.toString().split(DELIMITER);
71 Files.move(path, Path.of(split[0]), REPLACE_EXISTING);
76 public void setUp() throws Exception {
78 csarSecurityValidator = new CsarSecurityValidator(securityManager);
82 private void backup() throws Exception {
83 final URI uri = CsarSecurityValidatorTest.class.getResource(BASE_DIR).toURI();
84 final List<Path> list = Files.list(Path.of(uri.getPath())).collect(Collectors.toList());
85 for (final Path path : list) {
86 Files.copy(path, Path.of(path.toString() + DELIMITER + UUID.randomUUID()), REPLACE_EXISTING);
91 void isSignatureValidTestCorrectStructureAndValidSignatureExists() throws SecurityManagerException, IOException {
92 final byte[] packageBytes = getFileBytesOrFail("signed-package.zip");
93 final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package.zip", packageBytes, null);
94 when(securityManager.verifyPackageSignedData(any(OnboardSignedPackage.class), any(ArtifactInfo.class))).thenReturn(true);
95 final boolean isSignatureValid = csarSecurityValidator
96 .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
97 assertThat("Signature should be valid", isSignatureValid, is(true));
101 void isSignatureValidTestCorrectStructureAndNotValidSignatureExists() throws SecurityManagerException {
102 final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
103 final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithArtifactInfo("signed-package-tampered-data.zip", packageBytes, null);
104 //no mocked securityManager
105 csarSecurityValidator = new CsarSecurityValidator();
106 Assertions.assertThrows(SecurityManagerException.class, () -> {
107 csarSecurityValidator
108 .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
113 void isSignatureValidTestCorrectStructureAndValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException {
114 final byte[] packageBytes = getFileBytesOrFail("signed-package.zip");
115 final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package.zip",
117 when(securityManager.verifySignedData(any(), any(), any())).thenReturn(true);
118 final boolean isSignatureValid = csarSecurityValidator
119 .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
121 assertThat("Signature should be valid", isSignatureValid, is(true));
125 void isSignatureValidTestCorrectStructureAndNotValidSignatureExistsArtifactStorageManagerIsEnabled() throws SecurityManagerException {
126 final byte[] packageBytes = getFileBytesOrFail("signed-package-tampered-data.zip");
127 final OnboardPackageInfo onboardPackageInfo = loadSignedPackageWithoutArtifactInfo("signed-package-tampered-data.zip",
129 //no mocked securityManager
130 csarSecurityValidator = new CsarSecurityValidator();
131 Assertions.assertThrows(SecurityManagerException.class, () -> {
132 csarSecurityValidator
133 .verifyPackageSignature((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo());
137 private byte[] getFileBytesOrFail(final String path) {
139 return getFileBytes(path);
140 } catch (final URISyntaxException | IOException e) {
141 fail("Could not load file " + path);
146 private byte[] getFileBytes(final String path) throws URISyntaxException, IOException {
147 return Files.readAllBytes(Paths.get(
148 CsarSecurityValidatorTest.class.getResource(BASE_DIR + path).toURI()));
151 private OnboardPackageInfo loadSignedPackageWithArtifactInfo(final String packageName, final byte[] packageBytes,
152 final CnfPackageValidator cnfPackageValidator) {
153 final OnboardingPackageProcessor onboardingPackageProcessor =
154 new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator,
155 new PersistentStorageArtifactInfo(Path.of("src/test/resources/vspmanager.csar/signing/signed-package.zip")));
156 final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
157 if (onboardPackageInfo == null) {
158 fail("Unexpected error. Could not load original package");
161 return onboardPackageInfo;
164 private OnboardPackageInfo loadSignedPackageWithoutArtifactInfo(final String packageName, final byte[] packageBytes,
165 final CnfPackageValidator cnfPackageValidator) {
166 final OnboardingPackageProcessor onboardingPackageProcessor =
167 new OnboardingPackageProcessor(packageName, packageBytes, cnfPackageValidator, null);
168 final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
169 if (onboardPackageInfo == null) {
170 fail("Unexpected error. Could not load original package");
173 return onboardPackageInfo;