gerrit.onap Code Review - sdc.git/blob

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * SDC
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.openecomp.sdc.vendorsoftwareproduct.security;
  22
  23 import org.apache.commons.io.FileUtils;
  24 import org.junit.jupiter.api.AfterEach;
  25 import org.junit.jupiter.api.Assertions;
  26 import org.junit.jupiter.api.BeforeEach;
  27 import org.junit.jupiter.api.Test;
  28
  29 import java.io.File;
  30 import java.io.IOException;
  31 import java.net.URISyntaxException;
  32 import java.nio.file.Files;
  33 import java.nio.file.Paths;
  34
  35 import static junit.framework.TestCase.assertEquals;
  36 import static junit.framework.TestCase.assertTrue;
  37
  38 public class SecurityManagerTest {
  39     private File certDir;
  40     private String cerDirPath = "/tmp/cert/";
  41     private SecurityManager securityManager;
  42
  43     private File PrepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
  44         File origFile = new File(getClass().getResource(origFilePath).toURI());
  45         File newFile = new File(newFilePath);
  46         newFile.createNewFile();
  47         FileUtils.copyFile(origFile, newFile);
  48         return newFile;
  49     }
  50
  51     private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
  52         return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
  53     }
  54
  55     @BeforeEach
  56     public void setUp() throws IOException {
  57         certDir = new File(cerDirPath);
  58         if (certDir.exists()) {
  59             tearDown();
  60         }
  61         certDir.mkdirs();
  62         securityManager = new SecurityManager(certDir.getPath());
  63     }
  64
  65     @AfterEach
  66     public void tearDown() throws IOException {
  67         if (certDir.exists()) {
  68             FileUtils.deleteDirectory(certDir);
  69         }
  70         securityManager.cleanTrustedCertificates();
  71     }
  72
  73     @Test
  74     public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
  75         File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
  76         assertEquals(1, securityManager.getTrustedCertificates().size());
  77         newFile.delete();
  78         assertEquals(0, securityManager.getTrustedCertificates().size());
  79     }
  80
  81     @Test
  82     public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
  83         certDir.delete();
  84         assertEquals(0, securityManager.getTrustedCertificates().size());
  85     }
  86
  87     @Test
  88     public void testGetCertificatesException() throws IOException, SecurityManagerException {
  89         File newFile = new File(cerDirPath + "root-certificate.pem");
  90         newFile.createNewFile();
  91         Assertions.assertThrows(SecurityManagerException.class, () -> {
  92             assertEquals(1, securityManager.getTrustedCertificates().size());
  93         });
  94         newFile.delete();
  95         assertEquals(0, securityManager.getTrustedCertificates().size());
  96
  97     }
  98
  99     @Test
 100     public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
 101         File newFile = PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
 102         assertTrue(securityManager.getTrustedCertificates().size() == 1);
 103         File otherNewFile = PrepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
 104         assertEquals(2, securityManager.getTrustedCertificates().size());
 105         otherNewFile.delete();
 106         assertEquals(1, securityManager.getTrustedCertificates().size());
 107         newFile.delete();
 108         assertEquals(0, securityManager.getTrustedCertificates().size());
 109     }
 110
 111     @Test
 112     public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 113         PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 114         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 115         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 116         assertTrue(securityManager.verifySignedData(signature, null, archive));
 117     }
 118
 119     @Test
 120     public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
 121         Assertions.assertThrows(SecurityManagerException.class, () -> {
 122             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 123             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 124             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 125             securityManager.verifySignedData(signature, null, archive);
 126         });
 127
 128     }
 129
 130     @Test
 131     public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 132         PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 133         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 134         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 135         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 136         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 137     }
 138
 139     @Test
 140     public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 141         PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 142         PrepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
 143         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 144         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 145         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 146         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 147     }
 148
 149     @Test
 150     public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
 151         Assertions.assertThrows(SecurityManagerException.class, () -> {
 152             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 153             PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 154             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 155             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 156             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
 157             securityManager.verifySignedData(signature, cert, archive);
 158         });
 159
 160     }
 161
 162     @Test
 163     public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 164         PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 165         PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 166         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 167         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 168         assertTrue(securityManager.verifySignedData(signature, null, archive));
 169     }
 170
 171     @Test
 172     public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 173         PrepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 174         PrepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 175         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 176         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 177         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 178         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 179     }
 180
 181     @Test
 182     public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
 183         Assertions.assertThrows(SecurityManagerException.class, () -> {
 184             PrepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
 185             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 186             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 187             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 188             securityManager.verifySignedData(signature, cert, archive);
 189         });
 190
 191     }
 192
 193     @Test
 194     public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
 195         Assertions.assertThrows(SecurityManagerException.class, () -> {
 196             PrepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 197             byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
 198             byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
 199             securityManager.verifySignedData(signature, null, archive);
 200         });
 201
 202     }
 203 }