2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.vendorsoftwareproduct.security;
23 import static junit.framework.TestCase.assertEquals;
24 import static junit.framework.TestCase.assertTrue;
27 import java.io.IOException;
28 import java.net.URISyntaxException;
29 import java.nio.file.Files;
30 import java.nio.file.Path;
31 import java.nio.file.Paths;
32 import org.apache.commons.io.FileUtils;
33 import org.junit.jupiter.api.AfterEach;
34 import org.junit.jupiter.api.Assertions;
35 import org.junit.jupiter.api.BeforeEach;
36 import org.junit.jupiter.api.Test;
37 import org.openecomp.sdc.be.csar.storage.PersistentStorageArtifactInfo;
38 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.OnboardingPackageProcessor;
39 import org.openecomp.sdc.vendorsoftwareproduct.impl.onboarding.validation.CnfPackageValidator;
40 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardPackageInfo;
41 import org.openecomp.sdc.vendorsoftwareproduct.types.OnboardSignedPackage;
43 class SecurityManagerTest {
46 private String cerDirPath = "/tmp/cert/";
47 private SecurityManager securityManager;
49 private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
50 File origFile = new File(getClass().getResource(origFilePath).toURI());
51 File newFile = new File(newFilePath);
52 newFile.createNewFile();
53 FileUtils.copyFile(origFile, newFile);
57 private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
58 return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
62 public void setUp() throws IOException {
63 certDir = new File(cerDirPath);
64 if (certDir.exists()) {
68 securityManager = new SecurityManager(certDir.getPath());
72 public void tearDown() throws IOException {
73 if (certDir.exists()) {
74 FileUtils.deleteDirectory(certDir);
76 securityManager.cleanTrustedCertificates();
80 void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
81 File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
82 assertEquals(1, securityManager.getTrustedCertificates().size());
84 assertEquals(0, securityManager.getTrustedCertificates().size());
88 void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
90 assertEquals(0, securityManager.getTrustedCertificates().size());
94 void testGetCertificatesException() throws IOException, SecurityManagerException {
95 File newFile = new File(cerDirPath + "root-certificate.pem");
96 newFile.createNewFile();
97 Assertions.assertThrows(SecurityManagerException.class, () -> {
98 assertEquals(1, securityManager.getTrustedCertificates().size());
101 assertEquals(0, securityManager.getTrustedCertificates().size());
106 void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
107 File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
108 assertEquals(1, securityManager.getTrustedCertificates().size());
109 File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
110 assertEquals(2, securityManager.getTrustedCertificates().size());
111 otherNewFile.delete();
112 assertEquals(1, securityManager.getTrustedCertificates().size());
114 assertEquals(0, securityManager.getTrustedCertificates().size());
118 void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
119 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
120 byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
121 byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
122 assertTrue(securityManager.verifySignedData(signature, null, archive));
126 void verifySignedDataTestCertIncludedIntoSignatureArtifactStorageManagerIsEnabled()
127 throws IOException, URISyntaxException, SecurityManagerException {
128 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
129 byte[] fileToUploadBytes = readAllBytes("/cert/2-file-signed-package/2-file-signed-package.zip");
131 final var onboardingPackageProcessor = new OnboardingPackageProcessor("2-file-signed-package.zip", fileToUploadBytes,
132 new CnfPackageValidator(),
133 new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/2-file-signed-package/2-file-signed-package.zip")));
134 final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
136 assertTrue(securityManager
137 .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
141 void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
142 Assertions.assertThrows(SecurityManagerException.class, () -> {
143 prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
144 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
145 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
146 securityManager.verifySignedData(signature, null, archive);
152 void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
153 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
154 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
155 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
156 byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
157 assertTrue(securityManager.verifySignedData(signature, cert, archive));
161 void verifySignedDataTestCertNotIncludedIntoSignatureArtifactStorageManagerIsEnabled()
162 throws IOException, URISyntaxException, SecurityManagerException {
163 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
164 byte[] fileToUploadBytes = readAllBytes("/cert/3-file-signed-package/3-file-signed-package.zip");
166 final var onboardingPackageProcessor = new OnboardingPackageProcessor("3-file-signed-package.zip", fileToUploadBytes,
167 new CnfPackageValidator(),
168 new PersistentStorageArtifactInfo(Path.of("src/test/resources/cert/3-file-signed-package/3-file-signed-package.zip")));
169 final OnboardPackageInfo onboardPackageInfo = onboardingPackageProcessor.getOnboardPackageInfo().orElse(null);
171 assertTrue(securityManager
172 .verifyPackageSignedData((OnboardSignedPackage) onboardPackageInfo.getOriginalOnboardPackage(), onboardPackageInfo.getArtifactInfo()));
176 void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
177 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
178 prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
179 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
180 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
181 byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
182 assertTrue(securityManager.verifySignedData(signature, cert, archive));
186 void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
187 Assertions.assertThrows(SecurityManagerException.class, () -> {
188 prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
189 prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
190 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
191 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
192 byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
193 securityManager.verifySignedData(signature, cert, archive);
199 void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
200 throws IOException, URISyntaxException, SecurityManagerException {
201 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
202 prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
203 byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
204 byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
205 assertTrue(securityManager.verifySignedData(signature, null, archive));
209 void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
210 prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
211 prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
212 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
213 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
214 byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
215 assertTrue(securityManager.verifySignedData(signature, cert, archive));
219 void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
220 Assertions.assertThrows(SecurityManagerException.class, () -> {
221 prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
222 byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
223 byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
224 byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
225 securityManager.verifySignedData(signature, cert, archive);
231 void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
232 Assertions.assertThrows(SecurityManagerException.class, () -> {
233 prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
234 byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
235 byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
236 securityManager.verifySignedData(signature, null, archive);