Handle signature in cms

Change-Id: Ied997305efe347859cbd069f2887f792adc775c0
Issue-ID: VNFSDK-414
Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
diff --git a/csarvalidation/pom.xml b/csarvalidation/pom.xml
index 5cd0d7c..bb47a08 100644
--- a/csarvalidation/pom.xml
+++ b/csarvalidation/pom.xml
@@ -113,7 +113,11 @@
             <artifactId>commons-io</artifactId>
             <version>2.5</version>
         </dependency>
-
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>1.61</version>
+        </dependency>
         <dependency>
             <groupId>org.onap.cli</groupId>
             <artifactId>cli-framework</artifactId>
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
index a5ff4ed..621ede0 100644
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965.java
@@ -23,14 +23,12 @@
 import org.onap.cvc.csar.CSARArchive;
 import org.onap.cvc.csar.FileArchive;
 import org.onap.cvc.csar.cc.VTPValidateCSARBase;
-import org.onap.cvc.csar.rsa.RSACertificateValidator;
-import org.onap.cvc.csar.rsa.X509RsaCertification;
+import org.onap.cvc.csar.security.CmsSignatureValidator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.util.Base64;
 import java.util.Optional;
 
 @OnapCommandSchema(schema = "vtp-validate-csar-r787965.yaml")
@@ -49,7 +47,7 @@
     protected void validateCSAR(CSARArchive csar) throws OnapCommandException {
 
         try {
-            final RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(new X509RsaCertification());
+            final CmsSignatureValidator securityManager = new CmsSignatureValidator();
 
             FileArchive.Workspace workspace = csar.getWorkspace();
             final Optional<Path> pathToCsarFile = workspace.getPathToCsarFile();
@@ -58,10 +56,10 @@
 
             if (workspace.isZip() && pathToCsarFile.isPresent() && pathToCertFile.isPresent() && pathToCmsFile.isPresent()) {
                     byte[] csarContent = Files.readAllBytes(pathToCsarFile.get());
-                    String signature = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCmsFile.get()));
-                    String publicCertification = Base64.getEncoder().encodeToString(Files.readAllBytes(pathToCertFile.get()));
+                    byte[] signature = Files.readAllBytes(pathToCmsFile.get());
+                    byte[] publicCertification = Files.readAllBytes(pathToCertFile.get());
 
-                    if (!rsaCertificateValidator.isValid(csarContent, signature, publicCertification)) {
+                    if (!securityManager.verifySignedData(signature, publicCertification,csarContent)) {
                         this.errors.add(new CSARErrorInvalidSignature());
                     }
                 }
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java
deleted file mode 100644
index 022f697..0000000
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/RSACertificateValidator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-
-import java.security.PublicKey;
-
-public class RSACertificateValidator {
-
-    private final X509RsaCertification x509RsaCertification;
-
-    public RSACertificateValidator(X509RsaCertification x509RsaCertification) {
-        this.x509RsaCertification = x509RsaCertification;
-    }
-
-    public boolean isValid(byte [] content, String signature, String publicCertificateContent) throws Exception {
-
-        String publicCert = extractPublicKeyCertificate(publicCertificateContent);
-        final PublicKey publicKey = this.x509RsaCertification.generatePublicKey(publicCert);
-
-        return this.x509RsaCertification.verify(content,signature,publicKey);
-    }
-
-    private String extractPublicKeyCertificate(String publicCertificateContent) {
-        String publicCert = publicCertificateContent.replace("-----BEGIN CERTIFICATE-----\n", "");
-        return publicCert.replace("-----END CERTIFICATE-----\n", "");
-    }
-}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java b/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java
deleted file mode 100644
index 8395221..0000000
--- a/csarvalidation/src/main/java/org/onap/cvc/csar/rsa/X509RsaCertification.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-import org.apache.commons.codec.binary.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-public class X509RsaCertification {
-
-    private static final Logger LOG = LoggerFactory.getLogger(X509RsaCertification.class);
-
-    PublicKey generatePublicKey(String cert) throws CertificateException {
-        byte[] encodedCert = cert.getBytes(StandardCharsets.UTF_8);
-        byte[] decodedCert = Base64.decodeBase64(encodedCert);
-        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
-        InputStream in = new ByteArrayInputStream(decodedCert);
-        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(in);
-
-        LOG.info(String.format("Subject DN : %s", certificate.getSubjectDN().getName()));
-        LOG.info(String.format("Issuer : %s", certificate.getIssuerDN().getName()));
-        LOG.info(String.format("Not After: %s", certificate.getNotAfter()));
-        LOG.info(String.format("Not Before: %s", certificate.getNotBefore()));
-        LOG.info(String.format("version: %d", certificate.getVersion()));
-        LOG.info(String.format("serial number : %s", certificate.getSerialNumber()));
-
-        return certificate.getPublicKey();
-    }
-
-    boolean verify(byte[] content, String signature, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
-        Signature publicSignature = Signature.getInstance("SHA256withRSA");
-        publicSignature.initVerify(publicKey);
-        publicSignature.update(content);
-
-        byte[] signatureBytes = java.util.Base64.getDecoder().decode(signature);
-
-        return publicSignature.verify(signatureBytes);
-    }
-}
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
new file mode 100644
index 0000000..316c802
--- /dev/null
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidator.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2019
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.onap.cvc.csar.security;
+
+import org.bouncycastle.asn1.cms.ContentInfo;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSSignerDigestMismatchException;
+import org.bouncycastle.cms.CMSTypedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.operator.OperatorCreationException;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+
+public class CmsSignatureValidator {
+
+    public boolean verifySignedData(
+            final byte[] signature,
+            final byte[] certificate,
+            final byte[] csarFileContent) throws CmsSignatureValidatorException {
+
+        try (ByteArrayInputStream signatureStream = new ByteArrayInputStream(signature)) {
+            SignerInformation firstSigner = getSignerInformation(csarFileContent, signatureStream);
+            X509Certificate cert = loadCertificate(certificate);
+
+            return firstSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert));
+        } catch (CMSSignerDigestMismatchException e){
+            //message-digest attribute value does not match calculated value
+            return false;
+        }
+        catch (OperatorCreationException | IOException | CMSException e) {
+            throw new CmsSignatureValidatorException("Unexpected error occurred during signature validation!", e);
+        }
+    }
+
+    private SignerInformation getSignerInformation(byte[] innerPackageFileCSAR, ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException, CMSException {
+        ContentInfo signature = produceSignature(signatureStream);
+        CMSTypedData signedContent = new CMSProcessableByteArray(innerPackageFileCSAR);
+        CMSSignedData signedData = new CMSSignedData(signedContent, signature);
+
+        Collection<SignerInformation> signers = signedData.getSignerInfos().getSigners();
+        return signers.iterator().next();
+    }
+
+    private ContentInfo produceSignature(ByteArrayInputStream signatureStream) throws IOException, CmsSignatureValidatorException {
+        Object parsedObject = new PEMParser(new InputStreamReader(signatureStream)).readObject();
+        if (!(parsedObject instanceof ContentInfo)) {
+            throw new CmsSignatureValidatorException("Signature is not recognized!");
+        }
+        return ContentInfo.getInstance(parsedObject);
+    }
+
+
+    private X509Certificate loadCertificate(byte[] certFile) throws CmsSignatureValidatorException {
+        try (InputStream in = new ByteArrayInputStream(certFile)) {
+            CertificateFactory factory = CertificateFactory.getInstance("X.509");
+            return (X509Certificate) factory.generateCertificate(in);
+        } catch (CertificateException | IOException e) {
+            throw new CmsSignatureValidatorException("Error during loading Certificate from bytes!", e);
+        }
+    }
+
+
+}
+
diff --git a/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java
new file mode 100644
index 0000000..75cd8de
--- /dev/null
+++ b/csarvalidation/src/main/java/org/onap/cvc/csar/security/CmsSignatureValidatorException.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2019
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.onap.cvc.csar.security;
+
+public class CmsSignatureValidatorException extends Exception {
+
+    public CmsSignatureValidatorException(String s) {
+        super(s);
+    }
+
+    public CmsSignatureValidatorException(String s, Throwable t) {
+        super(s, t);
+    }
+}
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
index 25e36f6..e724283 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/CsarValidatorTest.java
@@ -60,7 +60,7 @@
                 "csar-validate",
                 "--format", "json",
                 "--pnf",
-                "--csar", absoluteFilePath("pnf/signed-package.zip")});
+                "--csar", absoluteFilePath("pnf/signed-package-valid-signature.zip")});
         cli.handle();
         assertEquals(0, cli.getExitCode());
     }
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
index 1ac8073..738b4f6 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/FileArchiveTest.java
@@ -56,7 +56,7 @@
         String absolutePath = folder.getRoot().getAbsolutePath();
 
         // when
-        FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package.zip"));
+        FileArchive.Workspace workspace = new FileArchive(absolutePath).unpack(absoluteFilePath("pnf/signed-package-valid-signature.zip"));
 
         // then
         assertTrue(workspace.isZip());
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
index 5c11c8a..c19fe99 100644
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
+++ b/csarvalidation/src/test/java/org/onap/cvc/csar/cc/sol004/VTPValidateCSARR787965IntegrationTest.java
@@ -43,12 +43,10 @@
     }
 
     @Test
-    public void shouldReportCsarHasInvalidSignature() throws Exception {
-        // We will not prepare positive test case, because X509 certification has expiration date and such test will
-        // stop working in the future.
+    public void shouldReportThatCsarHasInvalidSignature() throws Exception {
 
         // given
-        configureTestCase(testCase, "pnf/signed-package.zip");
+        configureTestCase(testCase, "pnf/signed-package-invalid-signature.zip");
 
         // when
         testCase.execute();
@@ -61,5 +59,19 @@
         );
     }
 
+    @Test
+    public void shouldDoNotReportAnyErrorWhenPackageHasValidSignature() throws Exception {
+
+        // given
+        configureTestCase(testCase, "pnf/signed-package-valid-signature.zip");
+
+        // when
+        testCase.execute();
+
+        // then
+        List<CSARArchive.CSARError> errors = testCase.getErrors();
+        assertThat(errors.size()).isEqualTo(0);
+    }
+
 
 }
\ No newline at end of file
diff --git a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java b/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
deleted file mode 100644
index 9a3e124..0000000
--- a/csarvalidation/src/test/java/org/onap/cvc/csar/rsa/RSACertificateValidatorTest.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2019 Nokia
- * <p>
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package org.onap.cvc.csar.rsa;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-
-import java.security.PublicKey;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
-
-@RunWith(MockitoJUnitRunner.class)
-public class RSACertificateValidatorTest {
-
-    @Mock
-    private X509RsaCertification x509RsaCertification;
-
-    @Mock
-    private PublicKey publicKey;
-
-    @Test
-    public void shouldReturnInformationThatCsarHasValidSignature() throws Exception {
-
-        // given
-        String publicCertificate ="-----BEGIN CERTIFICATE-----\n" +
-                "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
-                "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
-                "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
-                "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
-                "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
-                "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
-                "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
-                "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
-                "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
-                "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
-                "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
-                "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
-                "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
-                "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
-                "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
-                "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
-                "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
-                "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
-                "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
-                "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
-                "OUU/dbcjLaFvoQsv3aAk\n" +
-                "-----END CERTIFICATE-----\n";
-
-        String signature = "r+18GjD74DWNbp1U5zzbw7lB0QI5OXXBReGQ5DmRn/SFqQj0H22omSoolqlmwk8fc6pBfSTQl68yWEztH6m14dKTcYozVFpn1TS0qSgxMYjPJ5N/4+wrhC/70yosLATdc2w1U/9UYeFxP0QbCBSLtH9dDgTfm8e7Y25c7l6jSI+/VZ6b4lno5786y4W/VYeP6ktOvI0qbLtFPLfpxjqJ5idXUspkblhrZ6dHzURTlUWfYTku5NfLoIPL2Hdr8WfTBBTk+TYmAEBGC7J3SY5m1SZOOGElh80CfLGFVtdZ862Sgj2X8hV1isBTEJpczQwdMmid2xzdmZgbnkzFh9F/eQ==";
-        byte [] content = new byte[] {'t','e','s','t'};
-
-
-        String cert = "MIIDyzCCArMCCQCXF5To+FxujDANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMC\n" +
-                "SUUxETAPBgNVBAgMCExlaW5zdGVyMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoM\n" +
-                "CEVyaWNzc29uMRwwGgYDVQQLDBNCdXNpbmVzcyBBcmVhIFJhZGlvMSMwIQYDVQQD\n" +
-                "DBpSb290IGNlcnRpZmljYXRlIGF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWYXV0\n" +
-                "aG9yaXR5QGVyaWNzc29uLmNvbTAeFw0xOTAzMDcyMDA4MDRaFw0xOTA0MDYyMDA4\n" +
-                "MDRaMIGfMQswCQYDVQQGEwJJRTERMA8GA1UECAwITGVpbnN0ZXIxDzANBgNVBAcM\n" +
-                "BkR1YmxpbjERMA8GA1UECgwIRXJpY3Nzb24xHDAaBgNVBAsME0J1c2luZXNzIEFy\n" +
-                "ZWEgUmFkaW8xFzAVBgNVBAMMDlBhY2thZ2Ugc2lnbmVyMSIwIAYJKoZIhvcNAQkB\n" +
-                "FhNzaWduZXJAZXJpY3Nzb24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
-                "CgKCAQEA1bZWYbM3W9WK7E6brlMWw/pHdYmKrLmqnmyS4QWj6PoSudReX1x1QO+o\n" +
-                "jlzzlWn15ozgeDtsyQWRQakSkV8IUlywmM99tH7jGejrH87eLYv0IoJONVJLMsuQ\n" +
-                "chMd/cm0OGwUHHuk7iRnMGlcskp3FPvHlBRgBLrg+40yksJMmpHyS9amrG2/3bSa\n" +
-                "ssuc3F8ICNtejYVXDg5rIHyKIvD8Jaozf+V8FyFcFkfL7NyIS8rSuHM40vp3jlVO\n" +
-                "yNDztZ9orTA9Frucxr6y5UIXHd/bmh7YsjihyCoPOwvkfEy/S08S245eKS1zwgcE\n" +
-                "zkSwPC+XR7HwXoVb63hgBlcJCkUAswIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCC\n" +
-                "nWjpa+JeJj05UfX0tejdnHTotnT4AQfxp1YesG3O7ioIY4Y93/Cj8N+7rzeB392v\n" +
-                "eUMN2HKXGNRZhVJKs8fdoD/b5OxlwX1BattPS1Oh7HmLYzevOxotrm5YOR4KG2qa\n" +
-                "Rw/m6jFWxnAovpQTaCOgkuAJyF9l6wlQE4FyzyZMaThObcnLBzuQJjJXKMwaVT6D\n" +
-                "AQuMP3DRrH3aXlFpqV4bugLy8agSc2w9sF3w4osGZSwPjerJiulncUyBr+cjv1KB\n" +
-                "IfgzoP3b9frMBZmSpxeT3YzR1wZAh9AterRKAm6EGVxrnRDQ1b/OuW4y2RxQ/Q3G\n" +
-                "OUU/dbcjLaFvoQsv3aAk\n";
-
-        when(x509RsaCertification.generatePublicKey(cert)).thenReturn(publicKey);
-        when(x509RsaCertification.verify(content,signature, publicKey)).thenReturn(true);
-
-        // when
-        RSACertificateValidator rsaCertificateValidator = new RSACertificateValidator(x509RsaCertification);
-
-        // then
-        assertThat(rsaCertificateValidator.isValid(content, signature, publicCertificate)).isTrue();
-        verify(x509RsaCertification,times(1)).generatePublicKey(cert);
-        verify(x509RsaCertification,times(1)).verify(content,signature, publicKey);
-    }
-
-}
\ No newline at end of file
diff --git a/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip
new file mode 100644
index 0000000..231d193
--- /dev/null
+++ b/csarvalidation/src/test/resources/pnf/signed-package-invalid-signature.zip
Binary files differ
diff --git a/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip
new file mode 100644
index 0000000..15437d6
--- /dev/null
+++ b/csarvalidation/src/test/resources/pnf/signed-package-valid-signature.zip
Binary files differ
diff --git a/csarvalidation/src/test/resources/pnf/signed-package.zip b/csarvalidation/src/test/resources/pnf/signed-package.zip
deleted file mode 100644
index e4b7d00..0000000
--- a/csarvalidation/src/test/resources/pnf/signed-package.zip
+++ /dev/null
Binary files differ