openecomp-be/backend/openecomp-sdc-vendor-software-product-manager/src/test/java/org/openecomp/sdc/vendorsoftwareproduct/security/SecurityManagerTest.java

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * SDC
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.openecomp.sdc.vendorsoftwareproduct.security;
  22
  23 import static junit.framework.TestCase.assertEquals;
  24 import static junit.framework.TestCase.assertTrue;
  25
  26 import java.io.File;
  27 import java.io.IOException;
  28 import java.net.URISyntaxException;
  29 import java.nio.file.Files;
  30 import java.nio.file.Path;
  31 import java.nio.file.Paths;
  32 import org.apache.commons.io.FileUtils;
  33 import org.junit.jupiter.api.AfterEach;
  34 import org.junit.jupiter.api.Assertions;
  35 import org.junit.jupiter.api.BeforeEach;
  36 import org.junit.jupiter.api.Test;
  37 import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
  38 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
  39 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
  40 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
  41 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
  42
  43 class SecurityManagerTest {
  44
  45     private File certDir;
  46     private String cerDirPath = "/tmp/cert/";
  47     private SecurityManager securityManager;
  48
  49     private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
  50         File origFile = new File(getClass().getResource(origFilePath).toURI());
  51         File newFile = new File(newFilePath);
  52         newFile.createNewFile();
  53         FileUtils.copyFile(origFile, newFile);
  54         return newFile;
  55     }
  56
  57     private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
  58         return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
  59     }
  60
  61     @BeforeEach
  62     public void setUp() throws IOException {
  63         certDir = new File(cerDirPath);
  64         if (certDir.exists()) {
  65             tearDown();
  66         }
  67         certDir.mkdirs();
  68         securityManager = new SecurityManager(certDir.getPath());
  69     }
  70
  71     @AfterEach
  72     public void tearDown() throws IOException {
  73         if (certDir.exists()) {
  74             FileUtils.deleteDirectory(certDir);
  75         }
  76         securityManager.cleanTrustedCertificates();
  77     }
  78
  79     @Test
  80     void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
  81         File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
  82         assertEquals(1, securityManager.getTrustedCertificates().size());
  83         newFile.delete();
  84         assertEquals(0, securityManager.getTrustedCertificates().size());
  85     }
  86
  87     @Test
  88     void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
  89         certDir.delete();
  90         assertEquals(0, securityManager.getTrustedCertificates().size());
  91     }
  92
  93     @Test
  94     void testGetCertificatesException() throws IOException, SecurityManagerException {
  95         File newFile = new File(cerDirPath + "root-certificate.pem");
  96         newFile.createNewFile();
  97         Assertions.assertThrows(SecurityManagerException.class, () -> {
  98             assertEquals(1, securityManager.getTrustedCertificates().size());
  99         });
 100         newFile.delete();
 101         assertEquals(0, securityManager.getTrustedCertificates().size());
 102
 103     }
 104
 105     @Test
 106     void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
 107         File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
 108         assertEquals(1, securityManager.getTrustedCertificates().size());
 109         File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
 110         assertEquals(2, securityManager.getTrustedCertificates().size());
 111         otherNewFile.delete();
 112         assertEquals(1, securityManager.getTrustedCertificates().size());
 113         newFile.delete();
 114         assertEquals(0, securityManager.getTrustedCertificates().size());
 115     }
 116
 117     @Test
 118     void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 119         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 120         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 121         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 122         assertTrue(securityManager.verifySignedData(signature, null, archive));
 123     }
 124
 125     @Test
 126     void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled()
 127         throws IOException, URISyntaxException, SecurityManagerException {
 128         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 129         byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip");
 130
 131         final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes,
 132             new CnfPackageValidator(),
 133             new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip")));
 134         final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
 135
 136         assertTrue(securityManager
 137             .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
 138     }
 139
 140     @Test
 141     void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
 142         Assertions.assertThrows(SecurityManagerException.class, () -> {
 143             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 144             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 145             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 146             securityManager.verifySignedData(signature, null, archive);
 147         });
 148
 149     }
 150
 151     @Test
 152     void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 153         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 154         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 155         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 156         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 157         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 158     }
 159
 160     @Test
 161     void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled()
 162         throws IOException, URISyntaxException, SecurityManagerException {
 163         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 164         byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip");
 165
 166         final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes,
 167             new CnfPackageValidator(),
 168             new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip")));
 169         final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
 170
 171         assertTrue(securityManager
 172             .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
 173     }
 174
 175     @Test
 176     void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 177         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 178         prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
 179         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 180         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 181         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 182         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 183     }
 184
 185     @Test
 186     void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
 187         Assertions.assertThrows(SecurityManagerException.class, () -> {
 188             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 189             prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 190             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 191             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 192             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
 193             securityManager.verifySignedData(signature, cert, archive);
 194         });
 195
 196     }
 197
 198     @Test
 199     void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
 200         throws IOException, URISyntaxException, SecurityManagerException {
 201         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 202         prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 203         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 204         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 205         assertTrue(securityManager.verifySignedData(signature, null, archive));
 206     }
 207
 208     @Test
 209     void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 210         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 211         prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 212         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 213         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 214         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 215         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 216     }
 217
 218     @Test
 219     void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
 220         Assertions.assertThrows(SecurityManagerException.class, () -> {
 221             prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
 222             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 223             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 224             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 225             securityManager.verifySignedData(signature, cert, archive);
 226         });
 227
 228     }
 229
 230     @Test
 231     void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
 232         Assertions.assertThrows(SecurityManagerException.class, () -> {
 233             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 234             byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
 235             byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
 236             securityManager.verifySignedData(signature, null, archive);
 237         });
 238
 239     }
 240 }