...
The following diagram illustrates a basic PNF package and some suggested file structure and content in the directories.
The PNF package is expected to be a CSAR package with file extension .csar.
PNF PACKAGE SECURITY
According to ETSI SOL004 v2.6.1 the onboarding package shall be signed. ETSI SOL004 provides two options:
...
- The VNF/PNF package authenticity and integrity is ensured by signing the CSAR file with the provider private key. The digital signature is stored in a separate file.
- The VNF/PNF provider shall also include an X.509 certificate in a separate file with extension .cert or, if the signature format allows it, in the signature file itself. The VNF/PNF provider creates a zip file consisting of the CSAR file with file extension .csar, signature and certificate files. The signature and certificate files shall be siblings of the CSAR file with extensions .sm cms and .cert respectively.
- Only CMS signature file format is supported in this release.
- At pre-onboarding of the PNF/VNF package, VNFSDK tool could verify the signature of the complete CSAR package with the provider’s public key
- At onboarding of the PNF/VNF package, SDC could verify the signature of the complete CSAR package with the provider’s public key.
- At onboarding, SDC is expecting package file extension as following:
- Heat template: .zip
- TOSCA without package security: .csar
- TOSCA with package security (option 2): zip file consisting of the CSAR file, a signature file and a certificate file .
...