2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.vendorsoftwareproduct.security;
23 import org.apache.commons.io.FileUtils;
24 import org.junit.After;
25 import org.junit.Before;
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 import org.powermock.api.mockito.PowerMockito;
29 import org.powermock.core.classloader.annotations.PowerMockIgnore;
30 import org.powermock.core.classloader.annotations.PrepareForTest;
31 import org.powermock.modules.junit4.PowerMockRunner;
34 import java.io.IOException;
35 import java.net.URISyntaxException;
36 import java.nio.file.Files;
37 import java.nio.file.Paths;
39 import static junit.framework.TestCase.assertEquals;
40 import static junit.framework.TestCase.assertTrue;
41 import static org.mockito.ArgumentMatchers.eq;
43 @RunWith(PowerMockRunner.class)
44 @PrepareForTest(SecurityManager.class)
45 @PowerMockIgnore("javax.security.auth.x500.X500Principal")
46 public class SecurityManagerTest {
48 private SecurityManager securityManager;
51 public void setUp() throws IOException {
52 certDir = new File("/tmp/cert");
57 PowerMockito.mockStatic(System.class);
58 PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath());
59 securityManager = SecurityManager.getInstance();
63 public void tearDown() throws IOException {
64 if(certDir.exists()) {
65 FileUtils.deleteDirectory(certDir);
67 securityManager.cleanTrustedCertificates();
71 public void testGetCertificates() throws IOException, SecurityManagerException {
72 File origFile = new File("src/test/resources/cert/root-certificate.pem");
73 File newFile = new File("/tmp/cert/root-certificate.pem");
74 newFile.createNewFile();
75 FileUtils.copyFile(origFile, newFile);
76 assertEquals(1, securityManager.getTrustedCertificates().size());
78 assertEquals(0, securityManager.getTrustedCertificates().size());
82 public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
84 assertEquals(0, securityManager.getTrustedCertificates().size());
87 @Test(expected = SecurityManagerException.class)
88 public void testGetCertificatesException() throws IOException, SecurityManagerException {
89 File newFile = new File("/tmp/cert/root-certificate.pem");
90 newFile.createNewFile();
91 assertEquals(1, securityManager.getTrustedCertificates().size());
93 assertEquals(0, securityManager.getTrustedCertificates().size());
97 public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
98 File origFile = new File("src/test/resources/cert/root-certificate.pem");
99 File newFile = new File("/tmp/cert/root-certificate.pem");
100 newFile.createNewFile();
101 FileUtils.copyFile(origFile, newFile);
102 assertTrue(securityManager.getTrustedCertificates().size() == 1);
103 File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
104 File otherNewFile = new File("/tmp/cert/package-certificate.pem");
105 newFile.createNewFile();
106 FileUtils.copyFile(otherOrigFile, otherNewFile);
107 assertEquals(2, securityManager.getTrustedCertificates().size());
108 otherNewFile.delete();
109 assertEquals(1, securityManager.getTrustedCertificates().size());
111 assertEquals(0, securityManager.getTrustedCertificates().size());
115 public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
116 File origFile = new File("src/test/resources/cert/root.cert");
117 File newFile = new File("/tmp/cert/root.cert");
118 newFile.createNewFile();
119 FileUtils.copyFile(origFile, newFile);
120 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.cms").toURI()));
121 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
122 assertTrue(securityManager.verifySignedData(signature, null, archive));
125 @Test(expected = SecurityManagerException.class)
126 public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
127 File origFile = new File("src/test/resources/cert/root.cert");
128 File newFile = new File("/tmp/cert/root.cert");
129 newFile.createNewFile();
130 FileUtils.copyFile(origFile, newFile);
131 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
132 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
133 securityManager.verifySignedData(signature, null, archive);
137 public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
138 File origFile = new File("src/test/resources/cert/root.cert");
139 File newFile = new File("/tmp/cert/root.cert");
140 newFile.createNewFile();
141 FileUtils.copyFile(origFile, newFile);
142 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
143 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
144 byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
145 assertTrue(securityManager.verifySignedData(signature, cert, archive));
148 @Test(expected = SecurityManagerException.class)
149 public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
150 File origFile = new File("src/test/resources/cert/root-certificate.pem");
151 File newFile = new File("/tmp/cert/root-certificate.cert");
152 newFile.createNewFile();
153 FileUtils.copyFile(origFile, newFile);
154 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
155 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
156 byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
157 securityManager.verifySignedData(signature, cert, archive);
160 @Test(expected = SecurityManagerException.class)
161 public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
162 File origFile = new File("src/test/resources/cert/root.cert");
163 File newFile = new File("/tmp/cert/root.cert");
164 newFile.createNewFile();
165 FileUtils.copyFile(origFile, newFile);
166 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.cms").toURI()));
167 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.csar").toURI()));
168 securityManager.verifySignedData(signature, null, archive);