public async Task TimestampData_AssertCompleteChain_Success()
{
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var nupkg = new SimpleTestPackageContext();
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
using (var packageStream = nupkg.CreateAsStream())
{
// Act
var signature = await SignedArchiveTestUtility.CreateSignatureForPackageAsync(authorCert, packageStream, timestampProvider);
var authorSignedCms = signature.SignedCms;
var timestamp = signature.Timestamps.First();
var timestampCms = timestamp.SignedCms;
IReadOnlyList <X509Certificate2> chainCertificates = new List <X509Certificate2>();
var chainBuildSuccess = true;
// rebuild the chain to get the list of certificates
using (var chainHolder = new X509ChainHolder())
{
var chain = chainHolder.Chain;
var policy = chain.ChainPolicy;
policy.ApplicationPolicy.Add(new Oid(Oids.TimeStampingEku));
policy.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid | X509VerificationFlags.IgnoreCtlNotTimeValid;
policy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
policy.RevocationMode = X509RevocationMode.Online;
var timestampSignerCertificate = timestampCms.SignerInfos[0].Certificate;
chainBuildSuccess = chain.Build(timestampSignerCertificate);
chainCertificates = CertificateChainUtility.GetCertificateListFromChain(chain);
}
// Assert
authorSignedCms.Should().NotBeNull();
authorSignedCms.Detached.Should().BeFalse();
authorSignedCms.ContentInfo.Should().NotBeNull();
authorSignedCms.SignerInfos.Count.Should().Be(1);
authorSignedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
authorSignedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute);
timestampCms.Should().NotBeNull();
timestampCms.Detached.Should().BeFalse();
timestampCms.ContentInfo.Should().NotBeNull();
chainBuildSuccess.Should().BeTrue();
chainCertificates.Count.Should().Be(timestampCms.Certificates.Count);
foreach (var cert in chainCertificates)
{
timestampCms.Certificates.Contains(cert).Should().BeTrue();
}
}
}
public async Task GetTrustResultAsync_SettingsRequireExactlyOneTimestamp_MultipleTimestamps_Fails()
{
// Arrange
var nupkg = new SimpleTestPackageContext();
var testLogger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var setting = new SignedPackageVerifierSettings(
allowUnsigned: false,
allowUntrusted: false,
allowUntrustedSelfSignedCertificate: false,
allowIgnoreTimestamp: false,
allowMultipleTimestamps: false,
allowNoTimestamp: false,
allowUnknownRevocation: false);
var signatureProvider = new X509SignatureProvider(timestampProvider: null);
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var verificationProvider = new SignatureTrustAndValidityVerificationProvider();
using (var package = new PackageArchiveReader(nupkg.CreateAsStream(), leaveStreamOpen: false))
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
using (var signatureRequest = new AuthorSignPackageRequest(testCertificate, HashAlgorithmName.SHA256))
{
var signature = await SignedArchiveTestUtility.CreateSignatureForPackageAsync(signatureProvider, package, signatureRequest, testLogger);
var timestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, signatureRequest, signature, testLogger);
var reTimestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, signatureRequest, timestampedSignature, testLogger);
timestampedSignature.Timestamps.Count.Should().Be(1);
reTimestampedSignature.Timestamps.Count.Should().Be(2);
// Act
var result = await verificationProvider.GetTrustResultAsync(package, reTimestampedSignature, setting, CancellationToken.None);
var totalErrorIssues = result.GetErrorIssues();
// Assert
result.Trust.Should().Be(SignatureVerificationStatus.Invalid);
totalErrorIssues.Count().Should().Be(1);
totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3000);
}
}
