public async Task VerifySignaturesAsync_ValidCertificateAndTimestamp_Success() { // Arrange var nupkg = new SimpleTestPackageContext(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync( testCertificate, nupkg, dir, timestampService.Url); var verifier = new PackageSignatureVerifier(_trustProviders, SignedPackageVerifierSettings.VerifyCommandDefaultPolicy); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); // Assert result.Valid.Should().BeTrue(); resultsWithErrors.Count().Should().Be(0); } } }
public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs) { if (verifyArgs.Verifications.Count == 0) { verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported)); return(FailureCode); } var errorCount = 0; if (ShouldExecuteVerification(verifyArgs, Verification.Signatures)) { var packagesToVerify = LocalFolderUtility.ResolvePackageFromPath(verifyArgs.PackagePath); LocalFolderUtility.EnsurePackageFileExists(verifyArgs.PackagePath, packagesToVerify); var verificationProviders = SignatureVerificationProviderFactory.GetSignatureVerificationProviders(); var verifier = new PackageSignatureVerifier(verificationProviders, SignedPackageVerifierSettings.VerifyCommandDefaultPolicy); foreach (var package in packagesToVerify) { try { errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier); } catch (InvalidDataException e) { verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package)); ExceptionUtilities.LogException(e, verifyArgs.Logger); } } } return(errorCount == 0 ? SuccessCode : FailureCode); }
private async Task RestoreMissingPackagesInSolutionAsync( string solutionDirectory, IEnumerable <PackageRestoreData> packages, ILogger logger, CancellationToken token) { await TaskScheduler.Default; using (var cacheContext = new SourceCacheContext()) { var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var downloadContext = new PackageDownloadContext(cacheContext) { ParentId = _nuGetProjectContext.OperationId, ExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv3, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()) }; await _packageRestoreManager.RestoreMissingPackagesAsync( solutionDirectory, packages, _nuGetProjectContext, downloadContext, logger, token); } }
public VsPathContextProvider( IAsyncServiceProvider asyncServiceProvider, Lazy <ISettings> settings, Lazy <IVsSolutionManager> solutionManager, Lazy <NuGet.Common.ILogger> logger) { _asyncServiceprovider = asyncServiceProvider ?? throw new ArgumentNullException(nameof(asyncServiceProvider)); _settings = settings ?? throw new ArgumentNullException(nameof(settings)); _solutionManager = solutionManager ?? throw new ArgumentNullException(nameof(solutionManager)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _getLockFileOrNullAsync = BuildIntegratedProjectUtility.GetLockFileOrNull; _projectContext = new Lazy <INuGetProjectContext>(() => { var projectContext = new VSAPIProjectContext(); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var adapterLogger = new LoggerAdapter(projectContext); projectContext.PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, adapterLogger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(_settings.Value, adapterLogger)); return(projectContext); }); }
public async Task VerifySignaturesAsync_SettingsRequireTimestamp_NoTimestamp_Fails() { // Arrange var nupkg = new SimpleTestPackageContext(); var setting = new SignedPackageVerifierSettings( allowUnsigned: false, allowUntrusted: false, allowUntrustedSelfSignedCertificate: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: true, allowNoTimestamp: false, allowUnknownRevocation: false); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.CreateSignedPackageAsync(testCertificate, nupkg, dir); var verifier = new PackageSignatureVerifier(_trustProviders, setting); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); // Assert result.Valid.Should().BeFalse(); resultsWithErrors.Count().Should().Be(1); totalErrorIssues.Count().Should().Be(1); totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3027); } } }
protected NuGetPowerShellBaseCommand() { _sourceRepositoryProvider = ServiceLocator.GetInstance <ISourceRepositoryProvider>(); ConfigSettings = ServiceLocator.GetInstance <Configuration.ISettings>(); VsSolutionManager = ServiceLocator.GetInstance <IVsSolutionManager>(); DTE = ServiceLocator.GetInstance <DTE>(); SourceControlManagerProvider = ServiceLocator.GetInstance <ISourceControlManagerProvider>(); _commonOperations = ServiceLocator.GetInstance <ICommonOperations>(); PackageRestoreManager = ServiceLocator.GetInstance <IPackageRestoreManager>(); _deleteOnRestartManager = ServiceLocator.GetInstance <IDeleteOnRestartManager>(); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var logger = new LoggerAdapter(this); PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(ConfigSettings, logger)); if (_commonOperations != null) { ExecutionContext = new IDEExecutionContext(_commonOperations); } ActivityCorrelationId.StartNew(); }
private Task InstallPackageAsync(string source, Project project, string packageId, NuGetVersion version, bool includePrerelease, bool ignoreDependencies) { IEnumerable <string> sources = null; if (!string.IsNullOrEmpty(source) && !StringComparer.OrdinalIgnoreCase.Equals("All", source)) // "All" was supported in V2 { sources = new[] { source }; } var versionRange = VersionRange.All; if (version != null) { versionRange = new VersionRange(version, true, version, true); } var toInstall = new List <PackageIdentity> { new PackageIdentity(packageId, version) }; var projectContext = new VSAPIProjectContext(); var logger = new LoggerAdapter(projectContext); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); projectContext.PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(_settings, logger)); return(InstallInternalAsync(project, toInstall, GetSources(sources), projectContext, includePrerelease, ignoreDependencies, CancellationToken.None)); }
public PackageReaderBase GetLocalPackage(string packagePath) { if (packagePath.StartsWith("~/", StringComparison.Ordinal)) { packagePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), packagePath.Substring(2)); } else { packagePath = Path.GetFullPath(packagePath); } var reader = new PackageArchiveReader(File.OpenRead(packagePath)); var identity = reader.GetIdentity(); var rootDirectory = Path.Combine(Path.GetTempPath(), "apidiffpackages"); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var context = new PackageExtractionContext( PackageSaveMode.Defaultv3, XmlDocFileSaveMode.None, Logger, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()); var resolver = new PackagePathResolver(rootDirectory); PackageExtractor.ExtractPackageAsync(null, reader, resolver, context, default); var packageFolder = resolver.GetInstallPath(identity); return(new PackageFolderReader(packageFolder)); }
private async Task InstallPackageAsync(RemoteMatch installItem, CancellationToken token) { var packageIdentity = new PackageIdentity(installItem.Library.Name, installItem.Library.Version); var verificationProviders = SignatureVerificationProviderFactory.GetSignatureVerificationProviders(); var signedPackageVerifier = new PackageSignatureVerifier(verificationProviders); var versionFolderPathResolver = new VersionFolderPathResolver(_packagesDirectory); var packageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv3, XmlDocFileSaveMode.None, _logger, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()); using (var packageDependency = await installItem.Provider.GetPackageDownloaderAsync( packageIdentity, _cacheContext, _logger, token)) { await PackageExtractor.InstallFromSourceAsync( packageIdentity, packageDependency, versionFolderPathResolver, packageExtractionContext, token); } }
public async Task LoadSignatureDataAsync() { using (var reader = new PackageArchiveReader(_streamFactory(), false)) { IsSigned = await reader.IsSignedAsync(CancellationToken.None); if (IsSigned) { // Load signature and verification data var sigs = await reader.GetSignaturesAsync(CancellationToken.None); var reposigs = new List <SignatureInfo>(); RepositorySignatures = reposigs; foreach (var sig in sigs) { // There will only be one if (sig.Type == SignatureType.Author) { PublisherSignature = new SignatureInfo(sig); } if (sig.Type == SignatureType.Repository) { reposigs.Add(new SignatureInfo(sig)); } } // Check verification var trustProviders = SignatureVerificationProviderFactory.GetSignatureVerificationProviders(); var verifier = new PackageSignatureVerifier(trustProviders, SignedPackageVerifierSettings.RequireSigned); VerificationResult = await verifier.VerifySignaturesAsync(reader, CancellationToken.None); } } }
public async Task Signer_VerifyOnTamperedPackage_FileDeletedAsync(string policyString) { // Arrange var nupkg = new SimpleTestPackageContext(); var policy = GetSettingsPolicy(policyString); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, dir); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, policy, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); // Assert result.IsValid.Should().BeFalse(); resultsWithErrors.Count().Should().Be(1); totalErrorIssues.Count().Should().Be(1); totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3008); totalErrorIssues.First().Message.Should().Be(_packageTamperedError); } } }
public async Task VerifySignaturesAsync_ValidCertificate_SuccessAsync() { // Arrange var nupkg = new SimpleTestPackageContext(); using (TestDirectory dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, dir); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act VerifySignaturesResult result = await verifier.VerifySignaturesAsync(packageReader, _verifyCommandSettings, CancellationToken.None); IEnumerable <PackageVerificationResult> resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); // Assert result.IsValid.Should().BeTrue(); resultsWithErrors.Count().Should().Be(0); } } }
public async Task GetTrustResultAsync_VerifyWithCertificateInAllowList_Success() { // Arrange var nupkg = new SimpleTestPackageContext(); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var certificateFingerprintString = SignatureTestUtility.GetFingerprint(testCertificate, HashAlgorithmName.SHA256); var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, dir); var allowListHashes = new[] { certificateFingerprintString, "abc" }; var allowList = allowListHashes.Select(hash => new CertificateHashAllowListEntry(VerificationTarget.Primary, hash)).ToList(); var trustProviders = new[] { new AllowListVerificationProvider(allowList) }; var verifier = new PackageSignatureVerifier(trustProviders, _settings); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, CancellationToken.None); // Assert result.Valid.Should().BeTrue(); } } }
public async Task VerifySignaturesAsync_ValidCertificateAndTimestampWithDifferentHashAlgorithms_Success() { var packageContext = new SimpleTestPackageContext(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); using (var directory = TestDirectory.Create()) using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( certificate, packageContext, directory, timestampService.Url, signatureHashAlgorithm : HashAlgorithmName.SHA512); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { var result = await verifier.VerifySignaturesAsync(packageReader, _verifyCommandSettings, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); result.Valid.Should().BeTrue(); resultsWithErrors.Count().Should().Be(0); } } }
public async Task GetTrustResultAsync_WithSignedAndCountersignedPackage_Succeeds() { // Arrange var nupkg = new SimpleTestPackageContext(); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) using (var trusted = SigningTestUtility.GenerateTrustedTestCertificate()) using (var counterCertificate = new X509Certificate2(trusted.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( testCertificate, nupkg, dir); var repositorySignedPackagePath = await SignedArchiveTestUtility.RepositorySignPackageAsync( counterCertificate, signedPackagePath, dir, new Uri("https://v3ServiceIndex.test/api/index")); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(repositorySignedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(), CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); // Assert result.Valid.Should().BeTrue(); resultsWithErrors.Count().Should().Be(0); } } }
public static async Task Extract( Solution solution, PackageIdentity packageIdentity, DownloadResourceResult downloadResult, CancellationToken token) { string globalPackagesFolder = await GetPackagesDirectory(solution); var defaultPackagePathResolver = new VersionFolderPathResolver(globalPackagesFolder); string hashPath = defaultPackagePathResolver.GetHashPath(packageIdentity.Id, packageIdentity.Version); if (File.Exists(hashPath)) { return; } var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var packageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv3, PackageExtractionBehavior.XmlDocFileSaveMode, NullLogger.Instance, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()); downloadResult.PackageStream.Position = 0; await PackageExtractor.InstallFromSourceAsync( downloadResult.PackageSource, packageIdentity, stream => downloadResult.PackageStream.CopyToAsync(stream, BufferSize, token), defaultPackagePathResolver, packageExtractionContext, token); }
/// <summary> /// Adds refresh files to the specified project for all assemblies references belonging to the packages /// specified by packageNames. /// </summary> /// <param name="project">The project.</param> /// <param name="repositoryPath">The file system pointing to 'packages' folder under the solution.</param> /// <param name="packageNames">The package names.</param> private void AddRefreshFilesForReferences(EnvDTE.Project project, string repositoryPath, IEnumerable <PackageIdentity> packageNames) { if (project == null) { throw new ArgumentNullException("project"); } if (repositoryPath == null) { throw new ArgumentNullException("repositoryPath"); } if (!packageNames.Any()) { return; } VSAPIProjectContext context = new VSAPIProjectContext(skipAssemblyReferences: true, bindingRedirectsDisabled: true); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); context.PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, new LoggerAdapter(context), signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()); WebSiteProjectSystem projectSystem = new WebSiteProjectSystem(_vsProjectAdapterProvider.CreateAdapterForFullyLoadedProject(project), context); foreach (var packageName in packageNames) { string packagePath = String.Format(CultureInfo.InvariantCulture, "{0}.{1}", packageName.Id, packageName.Version); DirectoryInfo packageFolder = new DirectoryInfo(Path.Combine(repositoryPath, packagePath)); PackageFolderReader reader = new PackageFolderReader(packageFolder); var frameworkGroups = reader.GetReferenceItems(); var groups = reader.GetReferenceItems(); var fwComparer = new NuGetFrameworkFullComparer(); FrameworkReducer reducer = new FrameworkReducer(); NuGetFramework targetGroupFramework = reducer.GetNearest(projectSystem.TargetFramework, groups.Select(e => e.TargetFramework)); if (targetGroupFramework != null) { var refGroup = groups.Where(e => fwComparer.Equals(targetGroupFramework, e.TargetFramework)).FirstOrDefault(); foreach (string refItem in refGroup.Items) { string sourcePath = Path.Combine(packageFolder.FullName, refItem.Replace('/', Path.DirectorySeparatorChar)); // create one refresh file for each assembly reference, as per required by Website projects // projectSystem.CreateRefreshFile(assemblyPath); RefreshFileUtility.CreateRefreshFile(projectSystem, sourcePath); } } } }
public VsPackageInstaller( ISourceRepositoryProvider sourceRepositoryProvider, Configuration.ISettings settings, IVsSolutionManager solutionManager, IVsPackageInstallerServices packageServices, IDeleteOnRestartManager deleteOnRestartManager) { _sourceRepositoryProvider = sourceRepositoryProvider; _settings = settings; _solutionManager = solutionManager; _packageServices = packageServices; _deleteOnRestartManager = deleteOnRestartManager; _isCPSJTFLoaded = false; _projectContext = new Lazy <INuGetProjectContext>(() => { var projectContext = new VSAPIProjectContext(); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var logger = new LoggerAdapter(projectContext); projectContext.PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(_settings, logger)); return(projectContext); }); PumpingJTF = new PumpingJTF(NuGetUIThreadHelper.JoinableTaskFactory); }
public void InstallPackagesFromRegistryRepository(string keyName, bool isPreUnzipped, bool skipAssemblyReferences, bool ignoreDependencies, Project project, IDictionary <string, string> packageVersions) { if (string.IsNullOrEmpty(keyName)) { throw new ArgumentException(CommonResources.Argument_Cannot_Be_Null_Or_Empty, nameof(keyName)); } if (project == null) { throw new ArgumentNullException(nameof(project)); } if (packageVersions == null || !packageVersions.Any()) { throw new ArgumentException(CommonResources.Argument_Cannot_Be_Null_Or_Empty, nameof(packageVersions)); } RunJTFWithCorrectContext(project, async() => { // HACK !!! : This is a hack for PCL projects which send isPreUnzipped = true, but their package source // (located at C:\Program Files (x86)\Microsoft SDKs\NuGetPackages) follows the V3 // folder version format. if (isPreUnzipped) { var isProjectJsonProject = await EnvDTEProjectUtility.HasBuildIntegratedConfig(project); isPreUnzipped = isProjectJsonProject ? false : isPreUnzipped; } // create a repository provider with only the registry repository var repoProvider = new PreinstalledRepositoryProvider(ErrorHandler, _sourceRepositoryProvider); repoProvider.AddFromRegistry(keyName, isPreUnzipped); var toInstall = GetIdentitiesFromDict(packageVersions); // Skip assembly references and disable binding redirections should be done together var disableBindingRedirects = skipAssemblyReferences; var projectContext = new VSAPIProjectContext(skipAssemblyReferences, disableBindingRedirects); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var logger = new LoggerAdapter(projectContext); projectContext.PackageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv2, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(_settings, logger)); await InstallInternalAsync( project, toInstall, repoProvider, projectContext, includePrerelease: false, ignoreDependencies: ignoreDependencies, token: CancellationToken.None); }); }
public static async Task <VerifySignaturesResult> VerifySignatureAsync(SignedPackageArchive signPackage, SignedPackageVerifierSettings settings) { var verificationProviders = new[] { new SignatureTrustAndValidityVerificationProvider() }; var verifier = new PackageSignatureVerifier(verificationProviders, settings); var result = await verifier.VerifySignaturesAsync(signPackage, CancellationToken.None); return(result); }
public async Task <bool> VerifyAsync(string file, StringBuilder buffer) { if (file == null) { throw new ArgumentNullException(nameof(file)); } if (buffer == null) { throw new ArgumentNullException(nameof(buffer)); } var trustProviders = new ISignatureVerificationProvider[] { new IntegrityVerificationProvider(), new SignatureTrustAndValidityVerificationProvider() }; var verifier = new PackageSignatureVerifier(trustProviders); try { var result = 0; using (var package = new PackageArchiveReader(file)) { var verificationResult = await verifier.VerifySignaturesAsync(package, SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(), CancellationToken.None); if (verificationResult.IsValid) { return(verificationResult.IsValid); } else { var logMessages = verificationResult.Results.SelectMany(p => p.Issues).Select(p => p.AsRestoreLogMessage()).ToList(); foreach (var msg in logMessages) { buffer.AppendLine(msg.Message); } if (logMessages.Any(m => m.Level >= NuGet.Common.LogLevel.Warning)) { var errors = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Error).Count(); var warnings = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Warning).Count(); buffer.AppendLine($"Finished with {errors} errors and {warnings} warnings."); result = errors; } return(false); } } } catch (Exception e) { logger.LogError(e, e.Message); return(false); } }
public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs) { if (verifyArgs.Verifications.Count == 0) { verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported)); return(FailureCode); } var errorCount = 0; if (ShouldExecuteVerification(verifyArgs, Verification.Signatures)) { var packagesToVerify = verifyArgs.PackagePaths.SelectMany(packagePath => { var packages = LocalFolderUtility.ResolvePackageFromPath(packagePath); LocalFolderUtility.EnsurePackageFileExists(packagePath, packages); return(packages); }); var allowListEntries = verifyArgs.CertificateFingerprint.Select(fingerprint => new CertificateHashAllowListEntry( VerificationTarget.Author | VerificationTarget.Repository, SignaturePlacement.PrimarySignature, fingerprint, _defaultFingerprintAlgorithm)).ToList(); var verifierSettings = SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(); var verificationProviders = new List <ISignatureVerificationProvider>() { new IntegrityVerificationProvider(), new SignatureTrustAndValidityVerificationProvider() }; verificationProviders.Add( new AllowListVerificationProvider( allowListEntries, requireNonEmptyAllowList: false, noMatchErrorMessage: Strings.Error_NoMatchingCertificate)); var verifier = new PackageSignatureVerifier(verificationProviders); foreach (var package in packagesToVerify) { try { errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier, verifierSettings); } catch (InvalidDataException e) { verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package)); ExceptionUtilities.LogException(e, verifyArgs.Logger); } } } return(errorCount == 0 ? SuccessCode : FailureCode); }
public async Task VerifySignaturesAsync_ExpiredCertificateAndTimestampWithTooLargeRange_FailsAsync() { ISigningTestServer testServer = await _testFixture.GetSigningTestServerAsync(); CertificateAuthority ca = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync(); var accuracy = new BcAccuracy(seconds: new DerInteger(30), millis: null, micros: null); var serviceOptions = new TimestampServiceOptions() { Accuracy = accuracy }; TimestampService timestampService = TimestampService.Create(ca, serviceOptions); AsymmetricCipherKeyPair keyPair = SigningTestUtility.GenerateKeyPair(publicKeyLength: 2048); DateTimeOffset now = DateTimeOffset.UtcNow; var issueOptions = new IssueCertificateOptions() { KeyPair = keyPair, NotAfter = now.AddSeconds(10), NotBefore = now.AddSeconds(-2), SubjectName = new X509Name("CN=NuGet Test Expired Certificate") }; BcX509Certificate bcCertificate = ca.IssueCertificate(issueOptions); using (testServer.RegisterResponder(timestampService)) using (TestDirectory directory = TestDirectory.Create()) using (X509Certificate2 certificate = CertificateUtilities.GetCertificateWithPrivateKey(bcCertificate, keyPair)) { var packageContext = new SimpleTestPackageContext(); string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( certificate, packageContext, directory, timestampService.Url); await SignatureTestUtility.WaitForCertificateExpirationAsync(certificate); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { VerifySignaturesResult results = await verifier.VerifySignaturesAsync(packageReader, _verifyCommandSettings, CancellationToken.None); PackageVerificationResult result = results.Results.Single(); Assert.False(results.IsValid); Assert.Equal(SignatureVerificationStatus.Disallowed, result.Trust); Assert.Equal(1, result.Issues.Count(issue => issue.Level == LogLevel.Error)); Assert.Equal(0, result.Issues.Count(issue => issue.Level == LogLevel.Warning)); Assert.Contains(result.Issues, issue => issue.Code == NuGetLogCode.NU3037 && issue.Level == LogLevel.Error && issue.Message.Contains("validity period has expired.")); } } }
public async Task ClientPolicies_WithoutSignerInTrustedSignersList_WithMatchingOwnersAsync(SigningTestType signature, string validationMode, bool expectedResult, int expectedErrors, int expectedWarnings) { // Arrange using (var dir = TestDirectory.Create()) using (var authorCertificate = new X509Certificate2(_trustedAuthorTestCert.Source.Cert)) using (var repoCertificate = new X509Certificate2(_trustedRepoTestCert.Source.Cert)) { var authorCertificateFingerprintString = SignatureTestUtility.GetFingerprint(authorCertificate, HashAlgorithmName.SHA256); var repoCertificateFingerprintString = SignatureTestUtility.GetFingerprint(repoCertificate, HashAlgorithmName.SHA256); var signedPackagePath = await CreateSignedPackageAsync(dir, signature, authorCertificate, repoCertificate); var config = $@" <configuration> <config> <add key=""signatureValidationMode"" value=""{validationMode}"" /> </config> <trustedSigners> <repository name=""repo1"" serviceIndex=""https://api.v3serviceIndex.test/json""> <certificate fingerprint=""abc"" hashAlgorithm=""SHA256"" allowUntrustedRoot=""false"" /> <owners>owner1</owners> </repository> </trustedSigners> </configuration>"; var nugetConfigPath = "NuGet.Config"; SettingsTestUtils.CreateConfigurationFile(nugetConfigPath, dir, config); // Act and Assert var settings = new Settings(dir); var verifierSettings = SignedPackageVerifierSettings.GetClientPolicy(settings, NullLogger.Instance); var trustProviders = new[] { new AllowListVerificationProvider() }; var verifier = new PackageSignatureVerifier(trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, verifierSettings, CancellationToken.None); var resultsWithWarnings = result.Results.Where(r => r.GetWarningIssues().Any()); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); var totalWarningIssues = resultsWithWarnings.SelectMany(r => r.GetWarningIssues()); var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); // Assert result.Valid.Should().Be(expectedResult); totalWarningIssues.Count().Should().Be(expectedWarnings); totalErrorIssues.Count().Should().Be(expectedErrors); } } }
public static async Task <DownloadResourceResult> AddPackageAsync( string source, PackageIdentity packageIdentity, Stream packageStream, string globalPackagesFolder, Guid parentId, ILogger logger, CancellationToken token) { if (packageIdentity == null) { throw new ArgumentNullException(nameof(packageIdentity)); } if (packageStream == null) { throw new ArgumentNullException(nameof(packageStream)); } if (globalPackagesFolder == null) { throw new ArgumentNullException(nameof(globalPackagesFolder)); } var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); // The following call adds it to the global packages folder. // Addition is performed using ConcurrentUtils, such that, // multiple processes may add at the same time var packageExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv3, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault()); var versionFolderPathResolver = new VersionFolderPathResolver(globalPackagesFolder); await PackageExtractor.InstallFromSourceAsync( source, packageIdentity, stream => packageStream.CopyToAsync(stream, BufferSize, token), versionFolderPathResolver, packageExtractionContext, token, parentId); var package = GetPackage(packageIdentity, globalPackagesFolder); Debug.Assert(package.PackageStream.CanSeek); Debug.Assert(package.PackageReader != null); return(package); }
private PackageExtractionContext GetPathContext() { var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); return(new PackageExtractionContext( _request.PackageSaveMode, _request.XmlDocFileSaveMode, _request.Log, signedPackageVerifier, SignedPackageVerifierSettings.GetDefault())); }
internal PackageExtractionContext GetPackageExtractionContext(ISettings settings) { var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); return(new PackageExtractionContext( PackageSaveMode, PackageExtractionBehavior.XmlDocFileSaveMode, Log, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(settings, Log))); }
protected async Task CheckMissingPackagesAsync() { var solutionDirectory = VsSolutionManager.SolutionDirectory; var packages = await PackageRestoreManager.GetPackagesInSolutionAsync(solutionDirectory, CancellationToken.None); if (packages.Any(p => p.IsMissing)) { var packageRestoreConsent = new PackageRestoreConsent(ConfigSettings); if (packageRestoreConsent.IsGranted) { await TaskScheduler.Default; using (var cacheContext = new SourceCacheContext()) { var logger = new LoggerAdapter(this); var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var downloadContext = new PackageDownloadContext(cacheContext) { ParentId = OperationId, ExtractionContext = new PackageExtractionContext( PackageSaveMode.Defaultv3, PackageExtractionBehavior.XmlDocFileSaveMode, logger, signedPackageVerifier, SignedPackageVerifierSettings.GetClientPolicy(ConfigSettings, logger)) }; var result = await PackageRestoreManager.RestoreMissingPackagesAsync( solutionDirectory, packages, this, downloadContext, logger, Token); if (result.Restored) { await PackageRestoreManager.RaisePackagesMissingEventForSolutionAsync(solutionDirectory, CancellationToken.None); return; } } } ErrorHandler.HandleException( new InvalidOperationException(Resources.Cmdlet_MissingPackages), terminating: true, errorId: NuGetErrorId.MissingPackages, category: ErrorCategory.InvalidOperation); } }
public async Task VerifySignaturesAsync_WithExpiredPrimarySignature_ValidCountersignature_AndPrimarySignatureExpiredAtCountersignTime_FailsAsync() { // Arrange var nupkg = new SimpleTestPackageContext(); TimestampService timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var settings = new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowIgnoreTimestamp: true, allowMultipleTimestamps: true, allowNoTimestamp: true, allowUnknownRevocation: true, reportUnknownRevocation: true, verificationTarget: VerificationTarget.All, signaturePlacement: SignaturePlacement.Any, repositoryCountersignatureVerificationBehavior: SignatureVerificationBehavior.IfExists, revocationMode: RevocationMode.Online); using (TestDirectory dir = TestDirectory.Create()) using (TrustedTestCert <TestCertificate> trustedCertificate = _testFixture.CreateTrustedTestCertificateThatWillExpireSoon()) using (var willExpireCert = new X509Certificate2(trustedCertificate.Source.Cert)) using (var repoTestCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( willExpireCert, nupkg, dir); await SignatureTestUtility.WaitForCertificateExpirationAsync(willExpireCert); string countersignedPackagePath = await SignedArchiveTestUtility.RepositorySignPackageAsync( repoTestCertificate, signedPackagePath, dir, TestServiceIndexUrl, timestampService.Url); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(countersignedPackagePath)) { // Act VerifySignaturesResult result = await verifier.VerifySignaturesAsync(packageReader, settings, CancellationToken.None); IEnumerable <PackageVerificationResult> resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); // Assert result.IsValid.Should().BeFalse(); resultsWithErrors.Count().Should().Be(1); } } }
public override async Task ExecuteCommandAsync() { // Arguments[0] or Arguments[1] will not be null at this point. // Because, this command has MinArgs set to 2. var source = Arguments[0]; var destination = Arguments[1]; OfflineFeedUtility.ThrowIfInvalidOrNotFound( source, isDirectory: true, resourceString: LocalizedResourceManager.GetString(nameof(NuGetResources.InitCommand_FeedIsNotFound))); // If the Destination Feed Folder does not exist, it will be created. OfflineFeedUtility.ThrowIfInvalid(destination); var packagePaths = GetPackageFilePaths(source, "*" + PackagingCoreConstants.NupkgExtension); if (packagePaths.Count > 0) { var signedPackageVerifier = new PackageSignatureVerifier(SignatureVerificationProviderFactory.GetSignatureVerificationProviders()); var signingSettings = SignedPackageVerifierSettings.GetClientPolicy(Settings, Console); var packageExtractionContext = new PackageExtractionContext( Expand ? PackageSaveMode.Defaultv3 : PackageSaveMode.Nuspec | PackageSaveMode.Nupkg, PackageExtractionBehavior.XmlDocFileSaveMode, Console, signedPackageVerifier, signingSettings); foreach (var packagePath in packagePaths) { var offlineFeedAddContext = new OfflineFeedAddContext( packagePath, destination, Console, // IConsole is an ILogger throwIfSourcePackageIsInvalid: false, throwIfPackageExistsAndInvalid: false, throwIfPackageExists: false, extractionContext: packageExtractionContext); await OfflineFeedUtility.AddPackageToSource(offlineFeedAddContext, CancellationToken.None); } } else { var message = string.Format( CultureInfo.CurrentCulture, LocalizedResourceManager.GetString(nameof(NuGetResources.InitCommand_FeedContainsNoPackages)), source); Console.LogMinimal(message); } }