From 81df68b2c91759c109f75511c5b38f5fb5acd95a Mon Sep 17 00:00:00 2001 From: Bartosz Gardziejewski Date: Tue, 22 Dec 2020 14:39:02 +0100 Subject: [PATCH] Add tests for CSAR security validation. Signed-off-by: Bartosz Gardziejewski Change-Id: I25784be4d87ac8c4b0e82f42851ee96ac75e6b71 Issue-ID: VNFSDK-714 --- .../vnfsdk-refrepo/csar/invalid_with_security.csar | Bin 0 -> 10824 bytes tests/vnfsdk-refrepo/csar_validation_tests.robot | 50 ++++++++++++++++++++- .../resources/vnfsdk_properties.robot | 12 +++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 tests/vnfsdk-refrepo/csar/invalid_with_security.csar diff --git a/tests/vnfsdk-refrepo/csar/invalid_with_security.csar b/tests/vnfsdk-refrepo/csar/invalid_with_security.csar new file mode 100644 index 0000000000000000000000000000000000000000..c2560bd5cfc501a2be81245d59630ae710f1142b GIT binary patch literal 10824 zcmeHtcRbba|NaS~Y*|GaWpiYg6&Xo6HrWmiPR=pTIrbhAGRhvAQAQ{tBctpcSs7W8 ztn3u|9?BcN`J~@JzklAZ^SICJoPVzCzV7k7@B4XQiZ?K^$N*apvF=;Y_K#m*CjoQ- z2?Ppi0yaV+xztn%064@3IJ$LuZrjDi9uIH~>k}pbu>Ga@3kMfqZ3x`P!T5zkxerIu z3~XTvxoK$%MA@UZL1nB&bg&H%1jPjGzybhWIzM4|sz|;MRtjPTvvhz%EKomdnr|Ya z^M{%O0IX2%eTr!ggOs*K1OI9R3oG$IA>#rr>+Wv@?mr+agN>noECA6usryk82#VTAG!FwzDA*=ng@f|8AnAc*QWLA*!8SCrS6f*PTq zmKI=y1JL1@q>E@tjYp7Vd{JSiv$x*#hf!*xN0dI?(%1$D`PuorCT_Z>=(6=bbeMLc z;cNJdgmKW&$I*r7DDVzwD$bu&TYY3k1TTlEb6Q|)J*S=9swNL1E3lmEO9K78}u%FH6%qI5d5x#@Eql4*xpxPiI2z^r< zs4?W9Nx#J*Z}7)qZECiESQGDKQ9zkN5I^gTVR?i>to>VLI(q;b+(92{gn(M1fJR8O z?cP0yj!*1=uBzED@U5Y`_3W>zDg?PR-}umYe+W&u01WkVP~~$XVHI?IHNpY_PVcKK z5)8M3K{%}}On^oZ#LqA){rQW|@WHVe9(E(|xh%fV>bifgw*D~&y2e?baV9zqkB4^! z+V3Xzk97x6+-$zh)X1FP5IgpCeQlB8$z+fH)G_G5W+V309`hMHm$ z(*5RQ**+y3HVXPyeSFSm7N-~+xF%?tnfu&dz$~g!5+;Y$vB+xH3eAn7LUiYZD6g8P z6u$&XnF=B(t}(_v#`v+smHBYZm%BXIr)T~H@3+T!+07I;88{JTMwnt<#8ET$nfMNM z*HVLuMB3SKX5EnZ3`mN2DWJkrZUvVIFzOgf>e&SkSEwTC>0=wSCt~=m=#yNe=Zbld z#9z-~S4iT2Ssi)|Afa}lC(iVHRbVVu73MS97x5`Zmg|&;FE!H~;doUo>87LQI1w@a z1zzVh!ghP(oWdTr>J0&&xp?p8^MV<{jW)_&ranFktn)R9L|J=b0bh6O;|gBq`X?o$ zIato6Up+VRR_b)niok5CuyN{W$m#>t&l~hr(DP*+_W-f#AiVs(y!rOy>M>rCA5fI3@$Sla|u2DYevDvg$OK zPGhMGPVy*Z3ezRQ-&^D6{g5uGOgm=WC-r)ieWEUf#v*LQYS5pbbwmK%BqY~aDdcyl zTs76~!i?Ol^ip#^zdDjQ4x^bxT7@;hj|A$|xxD4f$MjaIIx>cXKZSNzHjly0^E3ru zLHoV6Ew%qPXzTrL*T6FtQOLYGY1$W6j6_3KE@g zvGhJxkV|Iqy(Fb!M2lbYq90Dj`KHs5h96X14KryWHiyBV+RyID+m3jWOttc3k^PO`m@(_fk5{ZuFE$zHFDH9wXz3s-QZ-y=E)+Ht5B|vE;@cW zeLmc;=<>YJypPU5OBDdnVzhq&CPLRoRY65kf>R!X0vm%-;GeNq+SpB37G1X9hc35U zV9RNFgE?qnz+*oH+HYXne}Ql`_IBLef&)PggoOuIp7gp%EH&r3IYe}!D^t*%lZ@?- zj3d!x4bUvin00xs(a5InmOCx|0Y_XxShOCehzH~L4K&8q$FQ%6P z8_Fhu*G|12Yky=tMrjQQAoTmFXrff79SHJpOZFhFaTq#Y^vQb2@G-~`Uid!gjyPmR zfp%st)yQ|1UBT={QixlnNrtOgx7Q^Fm+7ZrNslPuE?;HMzOn$ZnkVQ?OjE(<g%YdIEsSSum`>Reo#LPW9`d$+Bc+)WdFc zhCwpn^@K7@^b$IF99r+%1MV9$1w3b=Gu!xf-F(v4vACqz6v*p9Hw0fR>x^{*i64@gc}WJzvLM8i|H)dNWb}Dc9yKGI6X3|Xn|Ja9i(U(qc6B!=R>hQ^d-*71@Pw0RKV~8(z^Oocri)fjs)!6?E#BylH{y+e zct7wC;EjvJ{YV^Hbu$#FU(J!9<#L=Uxj(O56nP}2js&Jw8$Pdu;ux#Ov#1-U6=#VD zQ$i5(I?@_o9jog>O62+^FSH@9Y!`13Q>f9<>4Xo6iC$P^Ox5gsaeIZMME`5Am`P>9 z_#79D{QIXQY$@k_G36hXvSfx~myL(IM>0x;9#bMqK9)!-4N%44`2q=#JkeDpezmyb zlv1T?t*Y_~y3)Il5rkSc!IPy zy7EF3o)2)wdXc0w)L~fCKtMP_MWTb!K6s^oc9fm|$;*EIA5(4P)=^3Rkj?Ks4VOx5 zp=#RuV7GUX#Tt zWvUmekV@hi^0>;cM#`vp9AG4^BsK2t;BW8oj9EqZ3u}&{E*=UCL%v3q89_J2Gq1Uc z>*3EWjIS4I+=MrB#b^SjtxVadJyW|$Xv|L1V0_KxwrSR!zlCFO#LK%xo!!l10@aYE zD;%}77(dR9SyPNjf8)8Y*e)8L-{Zq9;53(sT)tA}iaC^$T+Hpl70=OHFwIuidv@{m z3r?uoN_NK7#%mU#T=U2M?U8TSZ6kHN%c;f$lZYlGoTDkr&upYX9Zzj8ys&fS|AzDC z6O+B`(_(E<8SVEH&J|>2LZn%Vjh(I!KaFr4v{k?CJ*Sh1z@mw0^mwebsu50cPg69< zWGs`2_^INqqPa?(^EY3c(Vn61E-*0TACFZiSssVrO4Vc08#P;8 zjv7enym>Fx)Is3Ju?4(F?`9PJCyp1*ajSJ!0D*Y&UZ0f=g4kteMz7|Mv3v)_o79kL z!K)Zws;%nHXdP2pov4cBVxI7@56IM!+Zo-9AE$*^2nBdsN#U)x<4jqyY;#=;%?tH7 z2No}(-mF=#yaV{oT@fpeU`gZ73hsJo9nl)v` z%nI9zHBMbDv%J&LfPcAi?$(PJ1r+8&1E&%}FN#w_qI}QQw~OlJw51NcDg)8w~a(_g%%ksC$*Uyger80y&2!x!lz3K4io*07*Dd zVJ8Wr8x+2+z#S6lSZmyfFS`+xaZ4#l#bal5dCPtCBQU6aqM6SrgF6Vvf`O}mZD3_4 z=>3W|CJb3De^>1{>jk*LfQ$7c7^kj+T}O4Gisx`LOitr%GArtx4H_;8sz^4ZgKC^WrT(ky9g+bB`w*&i43OWeCl^#zvCJ zo7n0yZY0-%iX)x_v|5B*n`1$1f=-*$*@+Ar!$FnAKkD_?%5DtitKzU-VVt^_jYR@L zrZXHRHZgd%4xb!w?;xBg64ML(^0u(VuKByhNBGBAgt02etDme)R=))jrrp2Q z_BO3z?XDQFzslsX?~1sl!c?mBr#=K~w}Ng(&h;jpi=Q?p7|YFVS}}I)Desw0Sr8h2 zlyR#Y#H|v;nL4-bP^;ub6c(G?sBFtzRwVTq*2(^`sbG0EO3h3mL}>v2K6kvg&#JH| zLxzZly`a3=xulWV)%eC5Wo zUY<4HsYipKwI}RBD@j?=L!)(1H5XJKc;}y0^2c`&<=aS-YXe2-W%~6kU<&3*n&_&@ z^j(%{m7nPBN~ve*NG33Ms?}G{FfhQBt&q7o0TN<=OW21YwS)n9%t0=pI}piuiu@ZR z#CPJW4D9p;8cxWX>$@^=C0p>u;Kn=;*h-HK$}Lk?M!@#8TyTp(5)1c!9$mh+&SYQj40U zPAYAAAm|yG#4525=i+mAp8Bb5T6*hL!|(`UsA!vHm7MvPEcP^ewXgxiCvsh{<`n@# z%yP9*m#03ug@{o+9Iel|UeGe4H=mVkOi?ag?xT%qjm4|p(UoVtYa24_HZV&>r)3ip zYfIfzgUZdMEEmg>o@<-J^BSOwZkQ)8G<4Qtj^O5Z&@T?%)}X%qux&K&9xYbsg|YLK z_*JBePLnm%o+8+lt?&RCPqMxQ-ib$7ELq5lJsI1ZtB5&nVlkhO4!|QVBJ~sfrB|89F6E=nxl-vD}S>iy@yo1dN!pzDgXo zDU>r@9*3u&C7hBoOKlGsokR6~$O+c{NCf?QI-8(P%aK3Gx)jHp?bheVMT*)WqS&bV z`~_0Q=D<<%n|JCTez@Q`1*&0>xKQvm6yAD&^3!R1H~*J*>yKCBuE!O(d~P5#08)7c zId0fDA1pCEJvQywzj7TOt@-vv>pe-~y*a`?Nj%_x0sOxJ z{$Bw9FM$6S!2kaQa6I&OJ1rlBRTQ1)zK70pbN_7s|C#?r=SuFl9=QDu466^yQzw>L z6_H+f(n)1h5x_BvW%AMhHh$LNUNpCW*T&N1tiDp1l)thv9OM#^!j>*3R(6t9EzebQ zZ0xqbkNb_XVH`<*f>`paLlpEM+gijF)eWXo+kK}C@|Lo1jhTmjB(q`@`p}sdVew3o zPD@0byqM<`0qWK*F|7M|XJpg!IG)_iox5}fyG!^)1i6vHdV?_;j4S7pJnSR|IZWhr zqM=g1qh-A4^9(Aia?dbBS3zcHByWjIDEuMo$VT^ZFCER7l+|OI0pVr*K}q2c*2O8a z$V{(%iB+oB+zdXusPE{Ohm`pG_^i_AbEC552L`p(Nd;ubSvQL~hU@{jXR7eN##1MD zmr;FlHt|;@9}VT6nTmm*vHpyhe_y4^n!7TZr0y)WKKbDFsneh_Tw0F+a{NTL@2n>X zK6u$9Ktdd+vk6z&3yWHlWN0Y|;})7tzeH4~+893@wT&lFNMx*$m_yje(~gdR^gAn) z{9+<2z4v1EQ#<4+v5AMOr!hc&C{qY4^wF97yls|AWt!NR>2DUTu^SX?;C>yd2PPcOhJG`?9c$WR@eF6jfyeHeUTPX_Xrr*)1 zWAaKqT*i1GT1xSzMLbvXEce|SUCpw%$5>IC5v7cIa(!?ce0z98=cqL6gq&dNC8;QS z4V1-uyfT3aOcoX_ca9!ER7&uRzBtVadL|U$M==1aMl=D#4G}*fnY*TXoY#zMQq9)p z&bmuKgPKe5HTdnNZ2cxZrFWUU&C_F4_55zDG!r!HkAVSXc<1kD2RP>4E9sFPJ|~EhixpxV@~jp- zO=$jQy31rZN^?f z=Yo%6kYOHf4?yQ~x1SA(t=Hd}1$J-`whR131px9rWcT6zm3d%q=s?3x`o0*;=r}bg;Q#hbiCVCOWyk+Y@`l{9^ilvKs7d%Y&>2 zJMY_t!>*eS!}#BJ5OPLn7p`3hX^{{9_Y1 z)RwTT_aI}!4qd*-+)?QEoN$h2Q`nVzutQ;&-vqr-AK2b|nqOg;9{|{K7VL0t z`4x7a4T+w8{D13S*lpzsNRNM zMF+VXcF^-ZMh-yV&0`+H>#$eIL0*R)stt)N=+x=kj)#qAEwhJ@e=z+YbD?g}{QB6kNl-^1fK{{yn;YtH}x literal 0 HcmV?d00001 diff --git a/tests/vnfsdk-refrepo/csar_validation_tests.robot b/tests/vnfsdk-refrepo/csar_validation_tests.robot index 9994d567..a7c2c402 100644 --- a/tests/vnfsdk-refrepo/csar_validation_tests.robot +++ b/tests/vnfsdk-refrepo/csar_validation_tests.robot @@ -10,6 +10,7 @@ Perform vnf refrepo healthcheck ${response}= Get Request refrepo /PackageResource/healthcheck Should Be Equal As Strings ${response.status_code} 200 + Validate correct, no security CSAR [Documentation] Valid CSAR with no security should PASS validation and should return no error @@ -18,13 +19,60 @@ Validate correct, no security CSAR # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" ${json_response}= evaluate json.loads('''${response}''') json - Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} PASS + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_PASS} FOR ${resault} IN @{json_response[0]["results"]["results"]} Should Be Equal As Strings ${resault["errors"]} [] Should Be Equal As Strings ${resault["passed"]} True + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${resault["warnings"]} ${expected_valid_no_security_warnings} + END + + +Validate secure CSAR with invalid certificate + [Documentation] Valid CSAR with cms signature in manifest file and certificate in TOSCA, containing individual signatures for multiple artifacts, using common certificate and individual certificate + + ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation} + # Removing strings that are causing errors during evaluation, + # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes + ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" + ${json_response}= evaluate json.loads('''${response}''') json + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED} + ${validated_rules}= Get Length ${json_response[0]["results"]["results"]} + Should Be Equal As Strings ${validated_rules} 14 + FOR ${resault} IN @{json_response[0]["results"]["results"]} + ${validation_errors}= Get Length ${resault["errors"]} + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${validation_errors} 7 + run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + run keyword if "${resault["vnfreqName"]}" == "${MANIFEST_FILE_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + run keyword if "${resault["vnfreqName"]}" == "${NON_MANO_FILES_RULE}" + ... Should Be Equal As Strings ${validation_errors} 4 END +Validate CSAR using selected rules + [Documentation] Valid CSAR using only selected rules provided in request parameters + + ${response}= Validate CSAR usign Post request ${csar_invalid_with_security} ${execute_security_csar_validation_selected_rules} + # Removing strings that are causing errors during evaluation, + # those strings are dependent on validation response and may need to be changed if vnf refrepo response changes + ${response}= Remove String ${response} \\\\ \\u003c \\u003e \\" + ${json_response}= evaluate json.loads('''${response}''') json + Should Be Equal As Strings ${json_response[0]["results"]["criteria"]} ${OPERATION_STATUS_FAILED} + ${validated_rules}= Get Length ${json_response[0]["results"]["results"]} + Should Be Equal As Strings ${validated_rules} 3 + FOR ${resault} IN @{json_response[0]["results"]["results"]} + ${validation_errors}= Get Length ${resault["errors"]} + run keyword if "${resault["vnfreqName"]}" == "${CERTIFICATION_RULE}" + ... Should Be Equal As Strings ${validation_errors} 7 + run keyword if "${resault["vnfreqName"]}" == "${PM_DICTIONARY_YAML_RULE}" + ... Should Be Equal As Strings ${validation_errors} 1 + END + + + Validate CSAR using rule r130206 and use get method to receive outcome [Documentation] Validate CSAR with invalid PM_Dictionary (r130206) using rule r130206 , then use get method with validation id to receive valdiation outcome diff --git a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot index e46eba6f..bc9684d6 100644 --- a/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot +++ b/tests/vnfsdk-refrepo/resources/vnfsdk_properties.robot @@ -3,8 +3,20 @@ ${base_url}= http://${REFREPO_IP}:8702/onapapi/vnfsdk-marketplace/v1 ${csarpath}= ${SCRIPTS}/../tests/vnfsdk-refrepo/csar +${CERTIFICATION_RULE}= r130206 +${PM_DICTIONARY_YAML_RULE}= r816745 +${MANIFEST_FILE_RULE}= r01123 +${NON_MANO_FILES_RULE}= r146092 +${OPERATION_STATUS_FAILED}= FAILED +${OPERATION_STATUS_PASS}= PASS + ${csar_valid_no_security}= valid_no_security.csar ${execute_no_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_valid_no_security}","pnf":"true"}}] +${expected_valid_no_security_warnings}= [{u'lineNumber': -1, u'message': u'Warning. Consider adding package integrity and authenticity assurance according to ETSI NFV-SOL 004 Security Option 1', u'code': u'0x1006', u'file': u'', u'vnfreqNo': u'R130206'}] + +${csar_invalid_with_security}= invalid_with_security.csar +${execute_security_csar_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true"}}] +${execute_security_csar_validation_selected_rules}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate","parameters": {"csar": "file://${csar_invalid_with_security}","pnf":"true","rules":"${CERTIFICATION_RULE},${PM_DICTIONARY_YAML_RULE}"}}] ${csar_invalid_pm_dictionary}= invalid_pm_dictionary.csar ${execute_invalid_pm_dictionary_r130206_validation}= [{"scenario": "onap-dublin","testSuiteName": "validation","testCaseName": "csar-validate-r130206","parameters": {"csar": "file://${csar_invalid_pm_dictionary}","pnf":"true"}}] -- 2.16.6