public async Task RejectsPackageWithMultipleSignatures(PackageSignatureType type, string resourceName)
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(resourceName);
var existingPackageSignature1 = new PackageSignature
{
Key = 1,
PackageKey = _packageKey,
Type = type,
};
var existingPackageSignature2 = new PackageSignature
{
Key = 2,
PackageKey = _packageKey,
Type = type,
};
_entitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create(existingPackageSignature1, existingPackageSignature2));
// Act & Assert
var ex = await Assert.ThrowsAsync <InvalidOperationException>(
() => _target.ExtractAsync(_packageKey, signature, _token));
Assert.Equal("There should never be more than one package signature per package and signature type.", ex.Message);
_entitiesContext.Verify(
x => x.SaveChangesAsync(),
Times.Never);
Assert.Empty(_savedCertificates);
}
public async Task RejectsPackageWithMultipleTimestamps()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
var existingPackageSignature = new PackageSignature
{
Key = 1,
PackageKey = _packageKey,
EndCertificate = new EndCertificate
{
Thumbprint = TestResources.Leaf1Thumbprint,
},
TrustedTimestamps = new[]
{
new TrustedTimestamp(),
new TrustedTimestamp(),
},
Type = PackageSignatureType.Author,
};
_entitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create(existingPackageSignature));
// Act & Assert
var ex = await Assert.ThrowsAsync <InvalidOperationException>(
() => _target.ExtractAsync(_packageKey, signature, _token));
Assert.Equal("There should never be more than one trusted timestamp per package signature.", ex.Message);
_entitiesContext.Verify(
x => x.SaveChangesAsync(),
Times.Never);
Assert.Empty(_savedCertificates);
}
public async Task RejectsAuthorSignedPackageWithChangedSigningCertificateThumbprint()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
var existingPackageSignature = new PackageSignature
{
Key = 1,
PackageKey = _packageKey,
EndCertificate = new EndCertificate
{
Thumbprint = "something else",
},
Type = PackageSignatureType.Author,
};
_entitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create(existingPackageSignature));
// Act & Assert
var ex = await Assert.ThrowsAsync <InvalidOperationException>(
() => _target.ExtractAsync(_packageKey, signature, _token));
Assert.Equal("The thumbprint of the signature end certificate cannot change.", ex.Message);
_entitiesContext.Verify(
x => x.SaveChangesAsync(),
Times.Never);
Assert.Empty(_savedCertificates);
}
public async Task SavesToStorageBeforeDatabaseCommit()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
const string database = "database";
const string storage = "storage";
var sequence = new List <string>();
_entitiesContext
.Setup(x => x.SaveChangesAsync())
.ReturnsAsync(0)
.Callback(() => sequence.Add(database));
_certificateStore
.Setup(x => x.SaveAsync(It.IsAny <X509Certificate2>(), It.IsAny <CancellationToken>()))
.Returns(Task.CompletedTask)
.Callback(() => sequence.Add(storage));
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
Assert.NotEqual(database, storage);
Assert.Single(sequence, database);
Assert.Equal(database, sequence.Last());
Assert.Contains(storage, sequence);
}
public async Task RejectsCertificateWithMultipleUses()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
var existingEndCertificate = new EndCertificate
{
Key = 1,
Thumbprint = TestResources.Leaf1Thumbprint,
Status = EndCertificateStatus.Good,
Use = EndCertificateUse.Timestamping,
CertificateChainLinks = new List <CertificateChainLink>(),
};
_entitiesContext
.Setup(x => x.EndCertificates)
.Returns(DbSetMockFactory.Create(existingEndCertificate));
// Act & Assert
var ex = await Assert.ThrowsAsync <InvalidOperationException>(
() => _target.ExtractAsync(_packageKey, signature, _token));
Assert.Equal("The use of an end certificate cannot change.", ex.Message);
_entitiesContext.Verify(
x => x.SaveChangesAsync(),
Times.Never);
Assert.Empty(_savedCertificates);
}
public async Task SaveSigningAndTimestampCertificatesForRepositoryPrimarySignature()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.RepoSignedPackageLeaf1);
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
VerifyExtractedInformation(Leaf1Certificates, RepoSignedLeaf1TimestampValue, PackageSignatureType.Repository);
}
public async Task SaveSigningAndTimestampCertificatesForAuthorAndReposignedPackage()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.AuthorAndRepoSignedPackageLeaf1);
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
VerifyStoredCertificates(AuthorAndRepoSignedCertificates);
VerifyPackageSignatureRecord(AuthorAndRepoSignedCertificates.PrimarySignature, AuthorAndRepoSignedPrimaryTimestampValue, PackageSignatureType.Author);
VerifyPackageSignatureRecord(AuthorAndRepoSignedCertificates.Countersignature, AuthorAndRepoSignedCounterTimestampValue, PackageSignatureType.Repository);
}
public async Task AcceptsRepoSignedPackageWithChangedSigningCertificateThumbprint()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.RepoSignedPackageLeaf1);
var existingTrustedTimestamp = new TrustedTimestamp
{
EndCertificate = new EndCertificate
{
Thumbprint = "something else B",
},
};
var existingPackageSignature = new PackageSignature
{
Key = 1,
PackageKey = _packageKey,
EndCertificate = new EndCertificate
{
Thumbprint = "something else A",
},
Type = PackageSignatureType.Repository,
TrustedTimestamps = new List <TrustedTimestamp>
{
existingTrustedTimestamp
},
};
_entitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create(existingPackageSignature));
_entitiesContext
.Setup(x => x.TrustedTimestamps)
.Returns(DbSetMockFactory.Create(existingTrustedTimestamp));
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
var newPackageSignature = Assert.Single(_entitiesContext.Object.PackageSignatures);
Assert.NotSame(existingPackageSignature, newPackageSignature);
Assert.Equal(TestResources.Leaf1Thumbprint, newPackageSignature.EndCertificate.Thumbprint);
var newTrustedTimestamp = Assert.Single(_entitiesContext.Object.TrustedTimestamps);
Assert.NotSame(existingTrustedTimestamp, newTrustedTimestamp);
Assert.Equal(TestResources.Leaf1TimestampThumbprint, newTrustedTimestamp.EndCertificate.Thumbprint);
}
public async Task IgnoreExtraCertificates()
{
// Arrange
var originalSignature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
var unrelatedSignature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf2);
var signature = AddCertificates(originalSignature.SignedCms, unrelatedSignature.SignedCms);
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author);
Assert.Equal(
Leaf1Certificates.Certificates.Count + 1,
signature.SignedCms.Certificates.Count + signature.Timestamps.Sum(x => x.SignedCms.Certificates.Count));
}
public async Task DoesNotDuplicateWhenDataAlreadyExist()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
await _target.ExtractAsync(_packageKey, signature, _token);
AssignIds();
_entitiesContext.ResetCalls();
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author);
Assert.Equal(2, _entitiesContext.Object.EndCertificates.Count());
Assert.Equal(4, _entitiesContext.Object.ParentCertificates.Count());
Assert.Equal(4, _entitiesContext.Object.CertificateChainLinks.Count());
Assert.Equal(1, _entitiesContext.Object.PackageSignatures.Count());
Assert.Equal(1, _entitiesContext.Object.TrustedTimestamps.Count());
}
public async Task ProperlyInitializesEndCertificates()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
var endCertificates = _entitiesContext.Object.EndCertificates.ToList();
foreach (var endCertificate in endCertificates)
{
Assert.Null(endCertificate.LastVerificationTime);
Assert.Null(endCertificate.NextStatusUpdateTime);
Assert.Null(endCertificate.RevocationTime);
Assert.Equal(EndCertificateStatus.Unknown, endCertificate.Status);
Assert.NotEqual(default(EndCertificateUse), endCertificate.Use);
Assert.Null(endCertificate.StatusUpdateTime);
Assert.NotNull(endCertificate.Thumbprint);
Assert.Equal(64, endCertificate.Thumbprint.Length);
}
}
public async Task DoesNotDuplicateWhenSomeDataAlreadyExist()
{
// Arrange
var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1);
var existingParentCertificate = new ParentCertificate
{
Key = 1,
Thumbprint = TestResources.RootThumbprint,
CertificateChainLinks = new List <CertificateChainLink>(),
};
var existingEndCertificate = new EndCertificate
{
Key = 1,
Thumbprint = TestResources.Leaf1Thumbprint,
Status = EndCertificateStatus.Good, // Different than the default.
Use = EndCertificateUse.CodeSigning,
CertificateChainLinks = new List <CertificateChainLink>(),
};
var existingLink = new CertificateChainLink
{
ParentCertificate = existingParentCertificate,
ParentCertificateKey = existingParentCertificate.Key,
EndCertificate = existingEndCertificate,
EndCertificateKey = existingEndCertificate.Key,
};
existingParentCertificate.CertificateChainLinks.Add(existingLink);
existingEndCertificate.CertificateChainLinks.Add(existingLink);
var existingPackageSignature = new PackageSignature
{
Key = 1,
EndCertificate = existingEndCertificate,
EndCertificateKey = existingEndCertificate.Key,
Status = PackageSignatureStatus.Valid,
CreatedAt = new DateTime(2017, 1, 1, 8, 30, 0, DateTimeKind.Utc),
PackageKey = _packageKey,
Type = PackageSignatureType.Author,
TrustedTimestamps = new List <TrustedTimestamp>(),
};
_entitiesContext
.Setup(x => x.ParentCertificates)
.Returns(DbSetMockFactory.Create(existingParentCertificate));
_entitiesContext
.Setup(x => x.EndCertificates)
.Returns(DbSetMockFactory.Create(existingEndCertificate));
_entitiesContext
.Setup(x => x.CertificateChainLinks)
.Returns(DbSetMockFactory.Create(existingLink));
_entitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create(existingPackageSignature));
// Act
await _target.ExtractAsync(_packageKey, signature, _token);
// Assert
VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author);
Assert.Equal(2, _entitiesContext.Object.EndCertificates.Count());
Assert.Equal(4, _entitiesContext.Object.ParentCertificates.Count());
Assert.Equal(4, _entitiesContext.Object.CertificateChainLinks.Count());
Assert.Equal(1, _entitiesContext.Object.PackageSignatures.Count());
Assert.Equal(1, _entitiesContext.Object.TrustedTimestamps.Count());
Assert.Equal(EndCertificateStatus.Good, existingEndCertificate.Status);
Assert.Equal(PackageSignatureStatus.Valid, existingPackageSignature.Status);
}