public void CanReadAndWriteStream()
 {
     // Arrange
     using (var stream = FileStreamUtility.GetTemporaryFile())
         using (var reader = new StreamReader(stream))
             using (var writer = new StreamWriter(stream))
             {
                 // Act & Assert
                 writer.Write(FileContent);
                 writer.Flush();
                 stream.Position = 0;
                 var actualContent = reader.ReadToEnd();
                 Assert.Equal(FileContent, actualContent);
             }
 }
            public void ReturnsFileStreamThatDeletesOnDispose()
            {
                // Arrange
                string fileName;

                using (var stream = FileStreamUtility.GetTemporaryFile())
                    using (var writer = new StreamWriter(stream))
                    {
                        fileName = stream.Name;
                        writer.WriteLine(FileContent);
                        writer.Flush();

                        // Act & Assert
                        Assert.True(File.Exists(fileName), "The file should still exist.");
                    }

                Assert.False(File.Exists(fileName), "The file should no longer exist.");
            }
Beispiel #3
0
        private async Task <SignatureValidatorResult> StripRepositorySignaturesAsync(Context context)
        {
            Stream packageStreamToDispose = null;

            try
            {
                packageStreamToDispose = FileStreamUtility.GetTemporaryFile();

                var stopwatch = Stopwatch.StartNew();

                var changed = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync(
                    context.PackageStream,
                    packageStreamToDispose,
                    context.CancellationToken);

                _telemetryService.TrackDurationToStripRepositorySignatures(
                    stopwatch.Elapsed,
                    context.Message.PackageId,
                    context.Message.PackageVersion,
                    context.Message.ValidationId,
                    changed);

                if (changed)
                {
                    _logger.LogInformation(
                        "Repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.",
                        context.Message.PackageId,
                        context.Message.PackageVersion,
                        context.Message.ValidationId);

                    // The input stream and the input signed package reader are no longer useful since they contain
                    // the removed repository signatures. We need to initialize the new signed package archive
                    // reader and signature.
                    context.PackageReader.Dispose();
                    context.PackageStream.Dispose();

                    context.PackageStream  = packageStreamToDispose;
                    context.Changed        = true;
                    packageStreamToDispose = null;
                    context.PackageReader  = new SignedPackageArchive(context.PackageStream, packageWriteStream: Stream.Null);

                    var initialSignature = context.Signature;

                    if (await context.PackageReader.IsSignedAsync(context.CancellationToken))
                    {
                        _logger.LogInformation(
                            "The package {PackageId} {PackageVersion} for validation {ValidationId} is still signed.",
                            context.Message.PackageId,
                            context.Message.PackageVersion,
                            context.Message.ValidationId);

                        context.Signature = await context.PackageReader.GetPrimarySignatureAsync(context.CancellationToken);

                        _telemetryService.TrackStrippedRepositorySignatures(
                            context.Message.PackageId,
                            context.Message.PackageVersion,
                            context.Message.ValidationId,
                            initialSignature,
                            context.Signature);
                    }
                    else
                    {
                        _logger.LogInformation(
                            "The package {PackageId} {PackageVersion} for validation {ValidationId} is no longer signed.",
                            context.Message.PackageId,
                            context.Message.PackageVersion,
                            context.Message.ValidationId);

                        // The package is now unsigned. This would happen if the primary signature was a repository
                        // signature that was removed.
                        context.Signature = null;

                        _telemetryService.TrackStrippedRepositorySignatures(
                            context.Message.PackageId,
                            context.Message.PackageVersion,
                            context.Message.ValidationId,
                            initialSignature,
                            outputSignature: null);

                        return(await HandleUnsignedPackageAsync(context));
                    }
                }
                else
                {
                    _logger.LogInformation(
                        "No repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.",
                        context.Message.PackageId,
                        context.Message.PackageVersion,
                        context.Message.ValidationId);
                }
            }
            finally
            {
                packageStreamToDispose?.Dispose();
            }

            return(null);
        }