Ejemplo n.º 1
0
        private async Task <ValidatorStatus> StartInternalAsync(IValidationRequest request)
        {
            var status = await _validatorStateService.GetStatusAsync(request);

            if (status.State != ValidationStatus.NotStarted)
            {
                _logger.LogWarning(
                    "Package Certificates validation with validationId {ValidationId} ({PackageId} {PackageVersion}) has already started.",
                    request.ValidationId,
                    request.PackageId,
                    request.PackageVersion);

                return(status);
            }

            var package = await FindPackageSigningStateAsync(request);

            if (package.SigningStatus == PackageSigningStatus.Unsigned)
            {
                _logger.LogInformation(
                    "Package {PackageId} {PackageVersion} is unsigned, no additional validations necessary",
                    request.PackageId,
                    request.PackageVersion);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded));
            }
            else if (package.SigningStatus == PackageSigningStatus.Invalid)
            {
                // Do NOT validate the package if its status is already marked as invalid. To revalidate the package,
                // it MUST first pass the PackageSigningValidator. The PackageSigningValidator will mark the package's
                // signing status as Valid, thereby allowing this validator to revalidate the package if necessary.
                _logger.LogError(
                    Error.PackageCertificateValidationAlreadyFailed,
                    "Package {PackageId} {PackageVersion} has already failed validation",
                    request.PackageId,
                    request.PackageVersion);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed));
            }

            var isRevalidationRequest = await _validatorStateService.IsRevalidationRequestAsync(request);

            // Find the signatures used to sign the package and see if any certificates known to be revoked
            // invalidate any of these signatures. Note that a revoked certificate is assumed to remain
            // revoked forever.
            var signature = await FindSignatureAsync(request);

            if (ShouldInvalidateSignature(signature, isRevalidationRequest))
            {
                InvalidatePackageSignature(request, package, signature);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed));
            }

            // Find the certificates that must be validated. A certificate must be validated if it has never been validated,
            // or, if it hasn't been validated in a while (and it hasn't been revoked).
            var certificates = FindCertificatesToValidateAsync(signature, isRevalidationRequest);

            if (certificates.Any())
            {
                var stopwatch = Stopwatch.StartNew();

                await StartCertificateValidationsAsync(request, certificates);

                var result = await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete);

                _telemetryService.TrackDurationToStartPackageCertificatesValidator(stopwatch.Elapsed);

                return(result);
            }
            else
            {
                PromoteSignature(request, signature);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded));
            }
        }
Ejemplo n.º 2
0
        public async Task <ValidationStatus> StartValidationAsync(IValidationRequest request)
        {
            var status = await _validatorStateService.GetStatusAsync(request);

            if (status.State != ValidationStatus.NotStarted)
            {
                _logger.LogWarning(
                    "Package Certificates validation with validationId {ValidationId} ({PackageId} {PackageVersion}) has already started.",
                    request.ValidationId,
                    request.PackageId,
                    request.PackageVersion);

                return(status.State);
            }

            var package = await FindPackageSigningStateAsync(request);

            if (package.SigningStatus == PackageSigningStatus.Unsigned)
            {
                _logger.LogInformation(
                    "Package {PackageId} {PackageVersion} is unsigned, no additional validations necessary",
                    request.PackageId,
                    request.PackageVersion);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded));
            }
            else if (package.SigningStatus == PackageSigningStatus.Invalid)
            {
                // Do NOT validate the package if its status is already marked as invalid. To revalidate the package,
                // it MUST first pass the PackageSigningValidator. The PackageSigningValidator will mark the package's
                // signing status as Valid, thereby allowing this validator to revalidate the package if necessary.
                _logger.LogError(
                    Error.PackageCertificateValidationAlreadyFailed,
                    "Package {PackageId} {PackageVersion} has already failed validation",
                    request.PackageId,
                    request.PackageVersion);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed));
            }

            var isRevalidationRequest = await _validatorStateService.IsRevalidationRequestAsync(request);

            // Find the signatures used to sign the package and see if any certificates known to be revoked
            // invalidate any of these signatures. Note that a revoked certificate is assumed to remain
            // revoked forever.
            var signatures = await FindSignaturesAsync(request);

            var invalidSignatures = FindSignaturesToInvalidate(signatures, isRevalidationRequest);

            if (invalidSignatures.Any())
            {
                InvalidatePackageSignatures(request, package, invalidSignatures);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed));
            }

            // Find the certificates that must be validated. A certificate must be validated if it has never been validated,
            // or, if it hasn't been validated in a while (and it hasn't been revoked).
            var certificates = FindCertificatesToValidateAsync(signatures, isRevalidationRequest);

            if (certificates.Any())
            {
                await StartCertificateValidationsAsync(request, certificates);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete));
            }
            else
            {
                _logger.LogInformation(
                    "All certificates for package {PackageId} {PackageVersion} have already been validated, no additional validations necessary",
                    request.PackageId,
                    request.PackageVersion);

                // Promote signatures out of the "Unknown" state to either "Valid" or "InGracePeriod".
                PromoteSignatures(signatures);

                return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded));
            }
        }