1 package org.openecomp.sdc.vendorsoftwareproduct.security;
3 import org.apache.commons.io.FileUtils;
4 import org.junit.After;
5 import org.junit.Before;
7 import org.junit.runner.RunWith;
8 import org.powermock.api.mockito.PowerMockito;
9 import org.powermock.core.classloader.annotations.PowerMockIgnore;
10 import org.powermock.core.classloader.annotations.PrepareForTest;
11 import org.powermock.modules.junit4.PowerMockRunner;
14 import java.io.IOException;
15 import java.net.URISyntaxException;
16 import java.nio.file.Files;
17 import java.nio.file.Paths;
19 import static junit.framework.TestCase.assertEquals;
20 import static junit.framework.TestCase.assertTrue;
21 import static org.mockito.ArgumentMatchers.eq;
23 @RunWith(PowerMockRunner.class)
24 @PrepareForTest(SecurityManager.class)
25 @PowerMockIgnore("javax.security.auth.x500.X500Principal")
26 public class SecurityManagerTest {
28 private SecurityManager securityManager;
31 public void setUp() throws IOException {
32 certDir = new File("/tmp/cert");
37 PowerMockito.mockStatic(System.class);
38 PowerMockito.when(System.getenv(eq("SDC_CERT_DIR"))).thenReturn(certDir.getPath());
39 securityManager = SecurityManager.getInstance();
43 public void tearDown() throws IOException {
44 if(certDir.exists()) {
45 FileUtils.deleteDirectory(certDir);
47 securityManager.cleanTrustedCertificates();
51 public void testGetCertificates() throws IOException, SecurityManagerException {
52 File origFile = new File("src/test/resources/cert/root-certificate.pem");
53 File newFile = new File("/tmp/cert/root-certificate.pem");
54 newFile.createNewFile();
55 FileUtils.copyFile(origFile, newFile);
56 assertEquals(1, securityManager.getTrustedCertificates().size());
58 assertEquals(0, securityManager.getTrustedCertificates().size());
62 public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
64 assertEquals(0, securityManager.getTrustedCertificates().size());
67 @Test(expected = SecurityManagerException.class)
68 public void testGetCertificatesException() throws IOException, SecurityManagerException {
69 File newFile = new File("/tmp/cert/root-certificate.pem");
70 newFile.createNewFile();
71 assertEquals(1, securityManager.getTrustedCertificates().size());
73 assertEquals(0, securityManager.getTrustedCertificates().size());
77 public void testGetCertificatesUpdated() throws IOException, SecurityManagerException {
78 File origFile = new File("src/test/resources/cert/root-certificate.pem");
79 File newFile = new File("/tmp/cert/root-certificate.pem");
80 newFile.createNewFile();
81 FileUtils.copyFile(origFile, newFile);
82 assertTrue(securityManager.getTrustedCertificates().size() == 1);
83 File otherOrigFile = new File("src/test/resources/cert/package-certificate.pem");
84 File otherNewFile = new File("/tmp/cert/package-certificate.pem");
85 newFile.createNewFile();
86 FileUtils.copyFile(otherOrigFile, otherNewFile);
87 assertEquals(2, securityManager.getTrustedCertificates().size());
88 otherNewFile.delete();
89 assertEquals(1, securityManager.getTrustedCertificates().size());
91 assertEquals(0, securityManager.getTrustedCertificates().size());
95 public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
96 File origFile = new File("src/test/resources/cert/root.cert");
97 File newFile = new File("/tmp/cert/root.cert");
98 newFile.createNewFile();
99 FileUtils.copyFile(origFile, newFile);
100 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.cms").toURI()));
101 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
102 assertTrue(securityManager.verifySignedData(signature, null, archive));
105 @Test(expected = SecurityManagerException.class)
106 public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
107 File origFile = new File("src/test/resources/cert/root.cert");
108 File newFile = new File("/tmp/cert/root.cert");
109 newFile.createNewFile();
110 FileUtils.copyFile(origFile, newFile);
111 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
112 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/2-file-signed-package/dummyPnfv4.csar").toURI()));
113 securityManager.verifySignedData(signature, null, archive);
117 public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
118 File origFile = new File("src/test/resources/cert/root.cert");
119 File newFile = new File("/tmp/cert/root.cert");
120 newFile.createNewFile();
121 FileUtils.copyFile(origFile, newFile);
122 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
123 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
124 byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
125 assertTrue(securityManager.verifySignedData(signature, cert, archive));
128 @Test(expected = SecurityManagerException.class)
129 public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
130 File origFile = new File("src/test/resources/cert/root-certificate.pem");
131 File newFile = new File("/tmp/cert/root-certificate.cert");
132 newFile.createNewFile();
133 FileUtils.copyFile(origFile, newFile);
134 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cms").toURI()));
135 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.csar").toURI()));
136 byte[] cert = Files.readAllBytes(Paths.get(getClass().getResource("/cert/3-file-signed-package/dummyPnfv4.cert").toURI()));
137 securityManager.verifySignedData(signature, cert, archive);
140 @Test(expected = SecurityManagerException.class)
141 public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
142 File origFile = new File("src/test/resources/cert/root.cert");
143 File newFile = new File("/tmp/cert/root.cert");
144 newFile.createNewFile();
145 FileUtils.copyFile(origFile, newFile);
146 byte[] signature = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.cms").toURI()));
147 byte[] archive = Files.readAllBytes(Paths.get(getClass().getResource("/cert/tampered-signed-package/dummyPnfv4.csar").toURI()));
148 securityManager.verifySignedData(signature, null, archive);