public PackageExtractionContext( PackageSaveMode packageSaveMode, XmlDocFileSaveMode xmlDocFileSaveMode, ILogger logger, IPackageSignatureVerifier signedPackageVerifier) { Logger = logger ?? throw new ArgumentNullException(nameof(logger)); PackageSaveMode = packageSaveMode; XmlDocFileSaveMode = xmlDocFileSaveMode; SignedPackageVerifier = signedPackageVerifier; }
public SignatureValidator( IPackageSigningStateService packageSigningStateService, IPackageSignatureVerifier minimalPackageSignatureVerifier, IPackageSignatureVerifier fullPackageSignatureVerifier, ISignaturePartsExtractor signaturePartsExtractor, IProcessorPackageFileService packageFileService, ICorePackageService corePackageService, ITelemetryService telemetryService, ILogger <SignatureValidator> logger) { _packageSigningStateService = packageSigningStateService ?? throw new ArgumentNullException(nameof(packageSigningStateService)); _minimalPackageSignatureVerifier = minimalPackageSignatureVerifier ?? throw new ArgumentNullException(nameof(minimalPackageSignatureVerifier)); _fullPackageSignatureVerifier = fullPackageSignatureVerifier ?? throw new ArgumentNullException(nameof(fullPackageSignatureVerifier)); _signaturePartsExtractor = signaturePartsExtractor ?? throw new ArgumentNullException(nameof(signaturePartsExtractor)); _packageFileService = packageFileService ?? throw new ArgumentNullException(nameof(packageFileService)); _corePackageService = corePackageService ?? throw new ArgumentNullException(nameof(corePackageService)); _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
private async Task <SignatureValidatorResult> GetVerifyResult( Context context, string verificationName, IPackageSignatureVerifier verifier) { var verifyResult = await verifier.VerifySignaturesAsync( context.PackageReader, context.CancellationToken, parentId : Guid.Empty); // Pass an empty GUID, since we don't use client telemetry infrastructure. var errorIssues = verifyResult .Results .SelectMany(x => x.GetErrorIssues()) .ToList(); var warningsForLogs = verifyResult .Results .SelectMany(x => x.GetWarningIssues()) .Select(x => $"{x.Code}: {x.Message}") .ToList(); var errorsForLogs = errorIssues .Select(x => $"{x.Code}: {x.Message}") .ToList(); if (!verifyResult.Valid) { _logger.LogInformation( "Signed package {PackageId} {PackageVersion} is blocked during {VerificationName} for validation {ValidationId} . Errors: [{Errors}] Warnings: [{Warnings}]", context.Message.PackageId, context.Message.PackageVersion, verificationName, context.Message.ValidationId, errorsForLogs, warningsForLogs); // Treat the "signature format version" error specially. This is because the message provided by the // client does not make sense in the server context. IValidationIssue[] errorValidationIssues; if (errorIssues.Any(x => x.Code == NuGetLogCode.NU3007)) { errorValidationIssues = new[] { ValidationIssue.OnlySignatureFormatVersion1Supported, }; } else { errorValidationIssues = errorIssues .Select(x => new ClientSigningVerificationFailure(x.Code.ToString(), x.Message)) .ToArray(); } return(await RejectAsync(context, errorValidationIssues)); } else { _logger.LogInformation( "Signed package {PackageId} {PackageVersion} passed {VerificationName} for validation {ValidationId}. Errors: [{Errors}] Warnings: [{Warnings}]", context.Message.PackageId, context.Message.PackageVersion, verificationName, context.Message.ValidationId, errorsForLogs, warningsForLogs); return(null); } }
public SignatureValidatorIntegrationTests(CertificateIntegrationTestFixture fixture, ITestOutputHelper output) { _fixture = fixture ?? throw new ArgumentNullException(nameof(fixture)); _output = output ?? throw new ArgumentNullException(nameof(output)); _validationEntitiesContext = new Mock <IValidationEntitiesContext>(); _validationEntitiesContext .Setup(x => x.PackageSigningStates) .Returns(DbSetMockFactory.Create <PackageSigningState>()); _validationEntitiesContext .Setup(x => x.ParentCertificates) .Returns(DbSetMockFactory.Create <ParentCertificate>()); _validationEntitiesContext .Setup(x => x.EndCertificates) .Returns(DbSetMockFactory.Create <EndCertificate>()); _validationEntitiesContext .Setup(x => x.CertificateChainLinks) .Returns(DbSetMockFactory.Create <CertificateChainLink>()); _validationEntitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create <PackageSignature>()); _validationEntitiesContext .Setup(x => x.TrustedTimestamps) .Returns(DbSetMockFactory.Create <TrustedTimestamp>()); var loggerFactory = new LoggerFactory(); loggerFactory.AddXunit(output); _packageSigningStateService = new PackageSigningStateService( _validationEntitiesContext.Object, loggerFactory.CreateLogger <PackageSigningStateService>()); _certificateStore = new Mock <ICertificateStore>(); _signaturePartsExtractor = new SignaturePartsExtractor( _certificateStore.Object, _validationEntitiesContext.Object, loggerFactory.CreateLogger <SignaturePartsExtractor>()); _packageFileService = new Mock <IProcessorPackageFileService>(); _nupkgUri = new Uri("https://example-storage/TestProcessor/b777135f-1aac-4ec2-a3eb-1f64fe1880d5/nuget.versioning.4.3.0.nupkg"); _packageFileService .Setup(x => x.GetReadAndDeleteUriAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>())) .ReturnsAsync(() => _nupkgUri); _packageFileService .Setup(x => x.SaveAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>(), It.IsAny <Stream>())) .Returns(Task.CompletedTask) .Callback <string, string, Guid, Stream>((_, __, ___, s) => { using (var memoryStream = new MemoryStream()) { s.Position = 0; s.CopyTo(memoryStream); _savedPackageBytes = memoryStream.ToArray(); } }); _corePackageService = new Mock <ICorePackageService>(); // These dependencies are concrete. _minimalPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateMinimal(); _fullPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateFull(); _telemetryClient = new Mock <ITelemetryClient>(); _telemetryService = new TelemetryService(_telemetryClient.Object); _logger = new RecordingLogger <SignatureValidator>(loggerFactory.CreateLogger <SignatureValidator>()); // Initialize data. _packageKey = 23; _message = new SignatureValidationMessage( "SomePackageId", "1.2.3", new Uri("https://example/validation/somepackageid.1.2.3.nupkg"), new Guid("8eb5affc-2d0e-4315-9b79-5a194d39ebd1")); _token = CancellationToken.None; // Initialize the subject of testing. _target = new SignatureValidator( _packageSigningStateService, _minimalPackageSignatureVerifier, _fullPackageSignatureVerifier, _signaturePartsExtractor, _packageFileService.Object, _corePackageService.Object, _telemetryService, _logger); }