public async Task GetCertificateChain_WithUnknownSignature_ReturnsCertificatesAsync() { using (var directory = TestDirectory.Create()) using (var certificate = _fixture.GetDefaultCertificate()) { var packageContext = new SimpleTestPackageContext(); var unsignedPackageFile = await packageContext.CreateAsFileAsync(directory, "Package.nupkg"); var signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync( directory, unsignedPackageFile, certificate); using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName)) { var signature = await packageReader.GetPrimarySignatureAsync(CancellationToken.None); using (var certificates = SignatureUtility.GetCertificateChain(signature)) { Assert.Equal(1, certificates.Count); Assert.Equal(certificate.RawData, certificates[0].RawData); } } } }
public void HasRepositoryCountersignature_WithNullPrimarySignature_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => SignatureUtility.HasRepositoryCountersignature(primarySignature: null)); Assert.Equal("primarySignature", exception.ParamName); }
public void GetCertificateChain_WhenPrimarySignatureNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => SignatureUtility.GetCertificateChain(primarySignature: null)); Assert.Equal("primarySignature", exception.ParamName); }
public void GetPrimarySignatureTimestampCertificates_WhenSignatureNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => SignatureUtility.GetPrimarySignatureTimestampCertificates(signature: null)); Assert.Equal("signature", exception.ParamName); }
protected void ValidateSignatureFromHeaderWithContent(string secretKey, string headerName) { var result = false; var signature = this.Request.Headers[headerName].FirstOrDefault() ?? string.Empty; if (this.Request.Body.CanRead && this.Request.Body.CanSeek) { MemoryStream stream = new MemoryStream(); this.Request.Body.Seek(0, SeekOrigin.Begin); this.Request.Body.CopyTo(stream); this.Request.Body.Seek(0, SeekOrigin.Begin); using (StreamReader reader = new StreamReader(stream)) { stream.Seek(0, SeekOrigin.Begin); var content = reader.ReadToEnd(); result = SignatureUtility.ValidateSignature(signature, secretKey, content); } } if (result == false) { throw new UnauthorizedException(); } }
private static async Task <List <SignatureLog> > VerifyUnavailableRevocationInfo( SignatureVerificationStatus expectedStatus, LogLevel expectedLogLevel, SignedPackageVerifierSettings setting) { var verificationProvider = new SignatureTrustAndValidityVerificationProvider(); using (var nupkgStream = new MemoryStream(GetResource("UnavailableCrlPackage.nupkg"))) using (var package = new PackageArchiveReader(nupkgStream, leaveStreamOpen: false)) { // Read a signature that is valid in every way except that the CRL information is unavailable. var signature = await package.GetSignatureAsync(CancellationToken.None); var rootCertificate = SignatureUtility.GetPrimarySignatureCertificates(signature).Last(); // Trust the root CA of the signing certificate. using (var testCertificate = TrustedTestCert.Create( rootCertificate, StoreName.Root, StoreLocation.LocalMachine, maximumValidityPeriod: TimeSpan.MaxValue)) { // Act var result = await verificationProvider.GetTrustResultAsync(package, signature, setting, CancellationToken.None); // Assert Assert.Equal(expectedStatus, result.Trust); return(result .Issues .Where(x => x.Level >= expectedLogLevel) .OrderBy(x => x.Message) .ToList()); } } }
private static ExtractedCertificates ExtractCertificates( Context context, RepositoryCountersignature repositoryCountersignature) { IX509CertificateChain signatureCertificates; if (repositoryCountersignature == null) { signatureCertificates = SignatureUtility.GetCertificateChain(context.PrimarySignature); } else { signatureCertificates = SignatureUtility.GetCertificateChain(context.PrimarySignature, repositoryCountersignature); } context.Disposables.Add(signatureCertificates); if (signatureCertificates == null || !signatureCertificates.Any()) { throw new InvalidOperationException("The provided signature must have at least one signing certificate."); } var hashedSignatureCertificates = signatureCertificates .Select(x => new HashedCertificate(x)) .ToList(); var signatureEndCertificate = hashedSignatureCertificates.First(); var signatureParentCertificates = hashedSignatureCertificates.Skip(1).ToList(); IX509CertificateChain timestampCertificates; if (repositoryCountersignature == null) { timestampCertificates = SignatureUtility.GetTimestampCertificateChain(context.PrimarySignature); } else { timestampCertificates = SignatureUtility.GetTimestampCertificateChain(context.PrimarySignature, repositoryCountersignature); } context.Disposables.Add(timestampCertificates); if (timestampCertificates == null || !timestampCertificates.Any()) { throw new InvalidOperationException("The provided signature must have at least one timestamp certificate."); } var hashedTimestampCertificates = timestampCertificates .Select(x => new HashedCertificate(x)) .ToList(); var timestampEndCertificate = hashedTimestampCertificates.First(); var timestampParentCertificates = hashedTimestampCertificates.Skip(1).ToList(); return(new ExtractedCertificates( signatureEndCertificate, signatureParentCertificates, timestampEndCertificate, timestampParentCertificates)); }
public void GetPrimarySignatureCertificates_WithAuthorSignature_ReturnsCertificates() { var signature = PrimarySignature.Load(SignTestUtility.GetResourceBytes("SignatureWithTimestamp.p7s")); var certificates = SignatureUtility.GetPrimarySignatureCertificates(signature); Assert.Equal(3, certificates.Count); Assert.Equal("8219f5772ef562a3ea9b90da00ca7b9523a96fbf", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("d8198d59087bbe6a6e7d69af62030145366be93e", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("6d73d582b73b5b3b18a27506acceedea75ab63c2", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); }
public void GetPrimarySignatureTimestampCertificates_WithValidTimestamp_ReturnsCertificates() { var signature = PrimarySignature.Load(SignTestUtility.GetResourceBytes("SignatureWithTimestamp.p7s")); var certificates = SignatureUtility.GetPrimarySignatureTimestampCertificates(signature); Assert.Equal(3, certificates.Count); Assert.Equal("ff162bef155cb3d5b5962bbe084b21fc4d740001", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("2aa752fe64c49abe82913c463529cf10ff2f04ee", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("3b1efd3a66ea28b16697394703a72ca340a05bd5", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); }
private string GetShaFromSamplePackage(string samplePackage) { using (var packageReader = new PackageArchiveReader(samplePackage)) { PrimarySignature primarySignature = packageReader.GetPrimarySignatureAsync(CancellationToken.None).GetAwaiter().GetResult(); using (IX509CertificateChain certificateChain = SignatureUtility.GetCertificateChain(primarySignature)) { return(certificateChain.First().GetCertHashString(HashAlgorithmName.SHA256)); } } }
public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain( SigningCertificateUsage signingCertificateUsage) { ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync(); CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync(); var options = new TimestampServiceOptions() { SigningCertificateUsage = signingCertificateUsage, SigningCertificateV1Hash = new byte[SHA1HashLength] }; TimestampService timestampService = TimestampService.Create(rootCa, options); using (testServer.RegisterResponder(timestampService)) { var nupkg = new SimpleTestPackageContext(); using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert)) using (var directory = TestDirectory.Create()) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( certificate, nupkg, directory, timestampService.Url); using (FileStream stream = File.OpenRead(signedPackagePath)) using (var reader = new PackageArchiveReader(stream)) { PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None); using (IX509CertificateChain actualChain = SignatureUtility.GetTimestampCertificateChain(signature)) { Assert.NotEmpty(actualChain); IReadOnlyList <Org.BouncyCastle.X509.X509Certificate> expectedChain = GetExpectedCertificateChain(timestampService); Assert.Equal(expectedChain.Count, actualChain.Count); for (var i = 0; i < expectedChain.Count; ++i) { Org.BouncyCastle.X509.X509Certificate expectedCertificate = expectedChain[i]; X509Certificate2 actualCertificate = actualChain[i]; Assert.True( expectedCertificate.GetEncoded().SequenceEqual(actualCertificate.RawData), $"The certificate at index {i} in the chain is unexpected."); } } } } } }
public static void CreateSignature_Should_Return_A_Signature() { // arrange var message = "some content"; var privateKey = "my-key"; // act var sign = SignatureUtility.CreateSignature(privateKey, message); // assert Assert.Equal("ae00f9ad096b6d2ca828e972bcda212ed74b338ebc1332c56b2d96bb06fc845e", sign); }
public void ValidateSignatureFromHeaderWithContent(string secretKey, string headerName) { var signature = this.Request.Headers[headerName].FirstOrDefault() ?? string.Empty; var content = RequestStream.FromStream(this.Request.Body).AsString() ?? string.Empty; var result = SignatureUtility.ValidateSignature(signature, secretKey, content); if (result == false) { throw new UnauthorizedException(); } }
public void GetTimestampCertificateChain_WithAuthorSignatureTimestamp_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); using (var certificates = SignatureUtility.GetTimestampCertificateChain(primarySignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("5f970d4b17786b091a77eabdd0cf92ff8d1fdb43", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("c5e93f93089bd49dc1d8e2b657093b9e29132dcf", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("a0e355c9f370a3069823afa3ce22b14a91475e77", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetTimestampCertificateChain_WithoutTimestamp_Throws() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); primarySignature = RemoveTimestamp(primarySignature); var exception = Assert.Throws <SignatureException>( () => SignatureUtility.GetTimestampCertificateChain(primarySignature)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("The primary signature does not have a timestamp.", exception.Message); }
public void GetCertificateChain_WithAuthorSignature_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); using (var certificates = SignatureUtility.GetCertificateChain(primarySignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("7d14ef1eaa95c41e3cb6c25bb177ce4f9bd7020c", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("0a08d814f1c1c4058bf709c4796a53a47df00e61", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("a1b6d9c348850849be54e3e8ac2ae9938e59e4b3", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public static void ValidateSignature_Should_Return_Unsuccess_Validate() { // arrange var message = "some content2"; var privateKey = "my-key"; var sign = "ae00f9ad096b6d2ca828e972bcda212ed74b338ebc1332c56b2d96bb06fc845e"; // act var result = SignatureUtility.ValidateSignature(sign, privateKey, message); // assert Assert.False(result); }
public void GetTimestampCertificateChain_WithRepositoryCountersignatureTimestamp_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); using (var certificates = SignatureUtility.GetTimestampCertificateChain(primarySignature, repositoryCountersignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("96b479acf63394f3bcc9928c396264afd60909ed", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("fa4e4ca3d9a26b92a73bb875f964972983b55ccd", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("88b288ff6d3d826469a9ef7816166a7def221885", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetCertificateChain_WithRepositoryCountersignature_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); using (var certificates = SignatureUtility.GetCertificateChain(primarySignature, repositoryCountersignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("8d8cc5bdf9e5f86b971d7fb961fe24b999486483", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("c8ae47bfd632870a15e3775784affd2bdc96cbf1", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("d4e8185475a062de3518d1aa693f13c4283f81ff", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetCertificateChain_WithUnrelatedRepositoryCountersignature_Throws() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); primarySignature = RemoveRepositoryCountersignature(primarySignature); var exception = Assert.Throws <ArgumentException>( () => SignatureUtility.GetCertificateChain(primarySignature, repositoryCountersignature)); Assert.Equal("repositoryCountersignature", exception.ParamName); Assert.StartsWith("The primary signature and repository countersignature are unrelated.", exception.Message); }
private string GetShaFromSamplePackage(string samplePackage) { var packageReader = new PackageArchiveReader(samplePackage); Directory.CreateDirectory(_tempDirectory.Value); FilePath targetFilePath = _tempDirectory.WithFile(Path.GetRandomFileName()); packageReader.ExtractFile(".signature.p7s", targetFilePath.Value, _logger); using var fs = new FileStream(targetFilePath.Value, FileMode.Open); PrimarySignature primarySignature = PrimarySignature.Load(fs); IX509CertificateChain certificateChain = SignatureUtility.GetCertificateChain(primarySignature); var shaFromPackage = certificateChain[0].GetCertHashString(HashAlgorithmName.SHA256); return(shaFromPackage); }
public static async Task <bool> IsRepositoryCountersignedAsync(Stream package) { using (var reader = new PackageArchiveReader(package, leaveStreamOpen: true)) { var primarySignature = await reader.GetPrimarySignatureAsync(CancellationToken.None); if (primarySignature != null) { #if IS_DESKTOP return(SignatureUtility.HasRepositoryCountersignature(primarySignature)); #endif } return(false); } }
public async Task HasRepositoryCountersignature_WithSignatureWithoutRepositoryCountersignature_ReturnsFalseAsync() { using (var certificate = _fixture.GetDefaultCertificate()) { var packageContext = new SimpleTestPackageContext(); var unsignedPackageStream = packageContext.CreateAsStream(); var signature = await SignedArchiveTestUtility.CreateAuthorSignatureForPackageAsync( certificate, unsignedPackageStream); var hasRepoCountersignature = SignatureUtility.HasRepositoryCountersignature(signature); Assert.False(hasRepoCountersignature); } }
public static void CreateSignatureFromObject_Should_Return_A_Signature_With_Ignored_Field() { // arrange var obj = new TestSign { SomeString = "test-x", SomeInt = 1, SomeNull = null, SomeBool = true }; var privateKey = "my-key"; // act var sign = SignatureUtility.CreateSignatureFromObject(privateKey, obj, "SomeInt"); // assert Assert.Equal("403ceaa302f5e6c47c72b8049c5700f331542c802e8a44bdc80896ff090afd79", sign); }
public static void CreateSignatureFromObject_Should_Return_A_Signature() { // arrange var obj = new TestSign { SomeString = "test-x", SomeInt = 1, SomeNull = null, SomeBool = true }; var privateKey = "my-key"; // act var sign = SignatureUtility.CreateSignatureFromObject(privateKey, obj); // assert Assert.Equal("24507965277b7d0a2e7db0b8d369eb3bf549c6d623523157125be92174363153", sign); }
public static void ValidateSignatureFromObject_Should_Return_Unsuccess_Validate() { // arrange var obj = new TestSign { SomeString = "test-y", SomeInt = 1, SomeNull = null, SomeBool = true }; var privateKey = "my-key"; var sign = "24507965277b7d0a2e7db0b8d369eb3bf549c6d623523157125be92174363153"; // act var result = SignatureUtility.ValidateSignatureFromObject(sign, privateKey, obj); // assert Assert.False(result); }
public async Task HasRepositoryCountersignature_WithSignatureWithRepositoryCountersignature_ReturnsTrueAsync() { using (var certificate = _fixture.GetDefaultCertificate()) using (var repositoryCertificate = _fixture.GetDefaultCertificate()) { var packageContext = new SimpleTestPackageContext(); var unsignedPackageStream = packageContext.CreateAsStream(); var signature = await SignedArchiveTestUtility.CreatePrimarySignatureForPackageAsync( certificate, unsignedPackageStream); var reposignedSignature = await SignedArchiveTestUtility.RepositoryCountersignPrimarySignatureAsync(repositoryCertificate, signature); var hasRepoCountersignature = SignatureUtility.HasRepositoryCountersignature(reposignedSignature); Assert.True(hasRepoCountersignature); } }
public static void ValidateSignatureFromObject_Should_Return_Unsuccess_Validate_With_Ignored_Field() { // arrange var obj = new TestSign { SomeString = "test-y", SomeInt = 1, SomeNull = null, SomeBool = true }; var privateKey = "my-key"; var sign = "403ceaa302f5e6c47c72b8049c5700f331542c802e8a44bdc80896ff090afd79"; // act var result = SignatureUtility.ValidateSignatureFromObject(sign, privateKey, obj, "SomeInt"); // assert Assert.False(result); }
public async Task GetTimestampCertificateChain_WithShortEssCertIdCertificateHash_Throws( SigningCertificateUsage signingCertificateUsage) { ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync(); CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync(); var options = new TimestampServiceOptions() { SigningCertificateUsage = signingCertificateUsage, SigningCertificateV1Hash = new byte[SHA1HashLength - 1] }; TimestampService timestampService = TimestampService.Create(rootCa, options); using (testServer.RegisterResponder(timestampService)) { var nupkg = new SimpleTestPackageContext(); using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert)) using (var directory = TestDirectory.Create()) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( certificate, nupkg, directory, timestampService.Url); using (FileStream stream = File.OpenRead(signedPackagePath)) using (var reader = new PackageArchiveReader(stream)) { PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None); var exception = Assert.Throws <SignatureException>( () => SignatureUtility.GetTimestampCertificateChain(signature)); Assert.Equal( "A certificate referenced by the signing-certificate attribute could not be found.", exception.Message); } } } }
public static void ValidateSignatureFromObject_Should_Return_Success_Validate_With_Ignored_List_Null() { // arrange var obj = new TestSign { SomeString = "test-x", SomeInt = 1, SomeNull = null, SomeBool = true }; var privateKey = "my-key"; var sign = "24507965277b7d0a2e7db0b8d369eb3bf549c6d623523157125be92174363153"; List <string> ignoredList = null; // act var result = SignatureUtility.ValidateSignatureFromObject(sign, privateKey, obj, ignoredList); // assert Assert.True(result); }