-
Story
-
Resolution: Done
-
Medium
-
None
-
None
- When CMS signature in manifest file doesn't contain certificate then:
- If TOSCA-Metadata/TOSCA.meta exists in csar package, then certifcate should be present i csar package in place indicated by the tag ETSI-Entry-Certificate: <path to cert>pnf_main_descriptor.cert - if it is not present then report error "Unable to find cert file defined by ETSI-Entry-Certificate!"
- If TOSCA-Metadata/TOSCA.meta doesn't exists in csar package ( https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/004/02.07.01_60/gs_NFV-SOL004v020701p.pdf chapter 4.3.6 point 2) then certificate should be in csar root folder. Certificate name should be like <tosca definitins main yaml name>.cert - if it is not present then report error "Unable to find cert file defined by ETSI-Entry-Certificate!"
- When CMS signature in manifest contains certificate then rule should check if by mistake certificate hasn't be added to csar file.
- If TOSCA-Metadata/TOSCA.meta exists then rule should check if exists:
- tag ETSI-Entry-Certificate: <path to cert>pnf_main_descriptor.cert> - if yes then report error "ETSI-Entry-Certificate entry in Tosca.meta is defined despite the certificate is included in the signature container"
- csar package in place indicated by the tag ETSI-Entry-Certificate: <path to cert>pnf_main_descriptor.cert - if yes then report error "ETSI-Entry-Certificate certificate present despite the certificate is included in the signature container"
- If TOSCA-Metadata/TOSCA.meta doesn't exists then in csar root folder shouldn't be present file <tosca definitins main yaml name>.cert - if yes then report error "ETSI-Entry-Certificate certificate present despite the certificate is included in the signature container"
- If TOSCA-Metadata/TOSCA.meta exists then rule should check if exists:
- relates to
-
VNFSDK-597
PNF PreOnboarding in R7 - VNFSDK Enhancements
-
- Closed
-