gerrit.onap Code Review - sdc.git/blob

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * SDC
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.openecomp.sdc.vendorsoftwareproduct.security;
  22
  23 import org.apache.commons.io.FileUtils;
  24 import org.junit.jupiter.api.AfterEach;
  25 import org.junit.jupiter.api.Assertions;
  26 import org.junit.jupiter.api.BeforeEach;
  27 import org.junit.jupiter.api.Test;
  28
  29 import java.io.File;
  30 import java.io.IOException;
  31 import java.net.URISyntaxException;
  32 import java.nio.file.Files;
  33 import java.nio.file.Paths;
  34
  35 import static junit.framework.TestCase.assertEquals;
  36 import static junit.framework.TestCase.assertTrue;
  37
  38 public class SecurityManagerTest {
  39     private File certDir;
  40     private String cerDirPath = "/tmp/cert/";
  41     private SecurityManager securityManager;
  42
  43     private File PrepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
  44         File origFile = new File(getClass().getResource(origFilePath).toURI());
  45         File newFile = new File(newFilePath);
  46         newFile.createNewFile();
  47         FileUtils.copyFile(origFile, newFile);
  48         return newFile;
  49     }
  50
  51     private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
  52         return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
  53     }
  54
  55     @BeforeEach
  56     public void setUp() throws IOException {
  57         certDir = new File(cerDirPath);
  58         if (certDir.exists()) {
  59             tearDown();
  60         }
  61         certDir.mkdirs();
  62         securityManager = new SecurityManager(certDir.getPath());
  63     }
  64
  65     @AfterEach
  66     public void tearDown() throws IOException {
  67         if (certDir.exists()) {
  68             FileUtils.deleteDirectory(certDir);
  69         }
  70         securityManager.cleanTrustedCertificates();
  71     }
  72
  73     @Test
  74     public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
  75         File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
  76         assertEquals(1, securityManager.getTrustedCertificates().size());
  77         newFile.delete();
  78         assertEquals(0, securityManager.getTrustedCertificates().size());
  79     }
  80
  81     @Test
  82     public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
  83         certDir.delete();
  84         assertEquals(0, securityManager.getTrustedCertificates().size());
  85     }
  86
  87     @Test
  88     public void testGetCertificatesException() throws IOException, SecurityManagerException {
  89         Assertions.assertThrows(SecurityManagerException.class, () -> {
  90             File newFile = new File(cerDirPath + "root-certificate.pem");
  91             newFile.createNewFile();
  92             assertEquals(1, securityManager.getTrustedCertificates().size());
  93             newFile.delete();
  94             assertEquals(0, securityManager.getTrustedCertificates().size());
  95         });
  96     }
  97
  98     @Test
  99     public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
 100         File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
 101         assertTrue(securityManager.getTrustedCertificates().size() == 1);
 102         File otherNewFile = PrepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
 103         assertEquals(2, securityManager.getTrustedCertificates().size());
 104         otherNewFile.delete();
 105         assertEquals(1, securityManager.getTrustedCertificates().size());
 106         newFile.delete();
 107         assertEquals(0, securityManager.getTrustedCertificates().size());
 108     }
 109
 110     @Test
 111     public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 112         PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 113         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 114         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 115         assertTrue(securityManager.verifySignedData(signature, null, archive));
 116     }
 117
 118     @Test
 119     public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
 120         Assertions.assertThrows(SecurityManagerException.class, () -> {
 121             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 122             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 123             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 124             securityManager.verifySignedData(signature, null, archive);
 125         });
 126
 127     }
 128
 129     @Test
 130     public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 131         PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 132         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 133         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 134         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 135         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 136     }
 137
 138     @Test
 139     public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 140         PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 141         PrepareCertFiles("/cert/signing-ca2.crt", cerDirPath + "signing-ca2.crt");
 142         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 143         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 144         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
 145         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 146     }
 147
 148     @Test
 149     public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
 150         Assertions.assertThrows(SecurityManagerException.class, () -> {
 151             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 152             PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 153             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 154             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 155             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
 156             securityManager.verifySignedData(signature, cert, archive);
 157         });
 158
 159     }
 160
 161     @Test
 162     public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 163         PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 164         PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 165         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 166         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 167         assertTrue(securityManager.verifySignedData(signature, null, archive));
 168     }
 169
 170     @Test
 171     public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 172         PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 173         PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 174         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 175         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 176         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 177         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 178     }
 179
 180     @Test
 181     public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
 182         Assertions.assertThrows(SecurityManagerException.class, () -> {
 183             PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
 184             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 185             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 186             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 187             securityManager.verifySignedData(signature, cert, archive);
 188         });
 189
 190     }
 191
 192     @Test
 193     public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
 194         Assertions.assertThrows(SecurityManagerException.class, () -> {
 195             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 196             byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
 197             byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
 198             securityManager.verifySignedData(signature, null, archive);
 199         });
 200
 201     }
 202 }