gerrit.onap Code Review - sdc.git/blob

   1 /*-
   2  * ============LICENSE_START=======================================================
   3  * SDC
   4  * ================================================================================
   5  * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20
  21 package org.openecomp.sdc.vendorsoftwareproduct.security;
  22
  23 import static junit.framework.TestCase.assertEquals;
  24 import static junit.framework.TestCase.assertTrue;
  25
  26 import java.io.File;
  27 import java.io.IOException;
  28 import java.net.URISyntaxException;
  29 import java.nio.file.Files;
  30 import java.nio.file.Paths;
  31 import org.apache.commons.io.FileUtils;
  32 import org.junit.jupiter.api.AfterEach;
  33 import org.junit.jupiter.api.Assertions;
  34 import org.junit.jupiter.api.BeforeEach;
  35 import org.junit.jupiter.api.Test;
  36
  37 public class SecurityManagerTest {
  38
  39     private File certDir;
  40     private String cerDirPath = "/tmp/cert/";
  41     private SecurityManager securityManager;
  42
  43     private File prepareCertFiles(String origFilePath, String newFilePath) throws IOException, URISyntaxException {
  44         File origFile = new File(getClass().getResource(origFilePath).toURI());
  45         File newFile = new File(newFilePath);
  46         newFile.createNewFile();
  47         FileUtils.copyFile(origFile, newFile);
  48         return newFile;
  49     }
  50
  51     private byte[] readAllBytes(String path) throws URISyntaxException, IOException {
  52         return Files.readAllBytes(Paths.get(getClass().getResource(path).toURI()));
  53     }
  54
  55     @BeforeEach
  56     public void setUp() throws IOException {
  57         certDir = new File(cerDirPath);
  58         if (certDir.exists()) {
  59             tearDown();
  60         }
  61         certDir.mkdirs();
  62         securityManager = new SecurityManager(certDir.getPath());
  63     }
  64
  65     @AfterEach
  66     public void tearDown() throws IOException {
  67         if (certDir.exists()) {
  68             FileUtils.deleteDirectory(certDir);
  69         }
  70         securityManager.cleanTrustedCertificates();
  71     }
  72
  73     @Test
  74     public void testGetCertificates() throws IOException, SecurityManagerException, URISyntaxException {
  75         File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "/root-certificate.pem");
  76         assertEquals(1, securityManager.getTrustedCertificates().size());
  77         newFile.delete();
  78         assertEquals(0, securityManager.getTrustedCertificates().size());
  79     }
  80
  81     @Test
  82     public void testGetCertificatesNoDirectory() throws IOException, SecurityManagerException {
  83         certDir.delete();
  84         assertEquals(0, securityManager.getTrustedCertificates().size());
  85     }
  86
  87     @Test
  88     public void testGetCertificatesException() throws IOException, SecurityManagerException {
  89         File newFile = new File(cerDirPath + "root-certificate.pem");
  90         newFile.createNewFile();
  91         Assertions.assertThrows(SecurityManagerException.class, () -> {
  92             assertEquals(1, securityManager.getTrustedCertificates().size());
  93         });
  94         newFile.delete();
  95         assertEquals(0, securityManager.getTrustedCertificates().size());
  96
  97     }
  98
  99     @Test
 100     public void testGetCertificatesUpdated() throws IOException, SecurityManagerException, URISyntaxException {
 101         File newFile = prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.pem");
 102         assertTrue(securityManager.getTrustedCertificates().size() == 1);
 103         File otherNewFile = prepareCertFiles("/cert/package-certificate.pem", cerDirPath + "package-certificate.pem");
 104         assertEquals(2, securityManager.getTrustedCertificates().size());
 105         otherNewFile.delete();
 106         assertEquals(1, securityManager.getTrustedCertificates().size());
 107         newFile.delete();
 108         assertEquals(0, securityManager.getTrustedCertificates().size());
 109     }
 110
 111     @Test
 112     public void verifySignedDataTestCertIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 113         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 114         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 115         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 116         assertTrue(securityManager.verifySignedData(signature, null, archive));
 117     }
 118
 119     @Test
 120     public void verifySignedDataTestCertNotIncludedIntoSignatureButExpected() throws IOException, URISyntaxException, SecurityManagerException {
 121         Assertions.assertThrows(SecurityManagerException.class, () -> {
 122             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 123             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 124             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 125             securityManager.verifySignedData(signature, null, archive);
 126         });
 127
 128     }
 129
 130     @Test
 131     public void verifySignedDataTestCertNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 132         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 133         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 134         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 135         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 136         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 137     }
 138
 139     @Test
 140     public void verifySignedDataTestCertIntermediateNotIncludedIntoSignature() throws IOException, URISyntaxException, SecurityManagerException {
 141         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 142         prepareCertFiles("/cert/package2.cert", cerDirPath + "signing-ca2.crt");
 143         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 144         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 145         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 146         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 147     }
 148
 149     @Test
 150     public void verifySignedDataTestCertWrongIntermediate() throws IOException, URISyntaxException, SecurityManagerException {
 151         Assertions.assertThrows(SecurityManagerException.class, () -> {
 152             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 153             prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 154             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 155             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 156             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4-no-intermediate.cert");
 157             securityManager.verifySignedData(signature, cert, archive);
 158         });
 159
 160     }
 161
 162     @Test
 163     public void verifySignedDataTestCertIncludedIntoSignatureWithWrongIntermediateInDirectory()
 164         throws IOException, URISyntaxException, SecurityManagerException {
 165         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 166         prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 167         byte[] signature = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.cms");
 168         byte[] archive = readAllBytes("/cert/2-file-signed-package/dummyPnfv4.csar");
 169         assertTrue(securityManager.verifySignedData(signature, null, archive));
 170     }
 171
 172     @Test
 173     public void verifySignedDataTestCertWrongIntermediateInDirectory() throws IOException, URISyntaxException, SecurityManagerException {
 174         prepareCertFiles("/cert/rootCA.cert", cerDirPath + "root.cert");
 175         prepareCertFiles("/cert/signing-ca1.crt", cerDirPath + "signing-ca1.crt");
 176         byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 177         byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 178         byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 179         assertTrue(securityManager.verifySignedData(signature, cert, archive));
 180     }
 181
 182     @Test
 183     public void verifySignedDataTestWrongCertificate() throws IOException, URISyntaxException, SecurityManagerException {
 184         Assertions.assertThrows(SecurityManagerException.class, () -> {
 185             prepareCertFiles("/cert/root-certificate.pem", cerDirPath + "root-certificate.cert");
 186             byte[] signature = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cms");
 187             byte[] archive = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.csar");
 188             byte[] cert = readAllBytes("/cert/3-file-signed-package/dummyPnfv4.cert");
 189             securityManager.verifySignedData(signature, cert, archive);
 190         });
 191
 192     }
 193
 194     @Test
 195     public void verifySignedDataTestChangedArchive() throws IOException, URISyntaxException, SecurityManagerException {
 196         Assertions.assertThrows(SecurityManagerException.class, () -> {
 197             prepareCertFiles("/cert/root.cert", cerDirPath + "root.cert");
 198             byte[] signature = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.cms");
 199             byte[] archive = readAllBytes("/cert/tampered-signed-package/dummyPnfv4.csar");
 200             securityManager.verifySignedData(signature, null, archive);
 201         });
 202
 203     }
 204 }