Example #1
0
            private static async Task <MemoryStream> CreateSignedPackageAsync(
                X509Certificate2 certificate,
                Stream unsignedPackage = null)
            {
                if (unsignedPackage == null)
                {
                    var packageContext = new SimpleTestPackageContext();
                    unsignedPackage = packageContext.CreateAsStream();
                }

                var signatureProvider = new X509SignatureProvider(timestampProvider: null);
                var overwrite         = true;

                using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256))
                    using (var outputPackageStream = new MemoryStream())
                        using (var options = new SigningOptions(
                                   new Lazy <Stream>(() => unsignedPackage),
                                   new Lazy <Stream>(() => outputPackageStream),
                                   overwrite,
                                   signatureProvider,
                                   NullLogger.Instance))
                        {
                            await SigningUtility.SignAsync(options, request, CancellationToken.None);

                            var isSigned = await SignedArchiveTestUtility.IsSignedAsync(options.OutputPackageStream);

                            Assert.True(isSigned);

                            return(new MemoryStream(outputPackageStream.ToArray()));
                        }
            }
Example #2
0
        public async Task RemoveSignatureAsync_RemovesPackageSignatureAsync()
        {
            using (var test = await Test.CreateAsync(_fixture))
            {
                await test.Package.RemoveSignatureAsync(CancellationToken.None);

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.OutputPackageStream);

                Assert.False(isSigned);
            }
        }
Example #3
0
        public async Task RemoveSignatureAsync_WithUnsignedPackage_Throws()
        {
            using (var test = Test.CreateUnsigned())
            {
                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.InputPackageStream);

                Assert.False(isSigned);

                var exception = await Assert.ThrowsAsync <SignatureException>(
                    () => test.Package.RemoveSignatureAsync(CancellationToken.None));

                Assert.Equal(NuGetLogCode.NU3000, exception.Code);
                Assert.Equal("The package is not signed. Unable to remove signature from an unsigned package.", exception.Message);
            }
        }
        public async Task SignAsync_WithNotYetValidCertificate_ThrowsAsync()
        {
            using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificateNotYetValid.Source.Cert))
            {
                var exception = await Assert.ThrowsAsync <SignatureException>(
                    () => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None));

                Assert.Equal(NuGetLogCode.NU3017, exception.Code);
                Assert.Contains("The signing certificate is not yet valid", exception.Message);

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream);

                Assert.False(isSigned);

                Assert.False(test.OutputFile.Exists);
            }
        }
Example #5
0
        public async Task SignAsync_WithExpiredCertificate_ThrowsAsync()
        {
            using (var test = new Test(_testFixture.TrustedTestCertificateExpired.Source.Cert))
            {
                var exception = await Assert.ThrowsAsync <SignatureException>(
                    () => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None));

                Assert.Equal(NuGetLogCode.NU3018, exception.Code);
                Assert.Contains("Certificate chain validation failed.", exception.Message);

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream);

                Assert.False(isSigned);

                Assert.False(test.OutputFile.Exists);
            }
        }
            internal async Task AuthorSignAsync()
            {
                using (var request = new AuthorSignPackageRequest(
                           new X509Certificate2(Certificate),
                           HashAlgorithmName.SHA256,
                           HashAlgorithmName.SHA256))
                    using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
                        using (var signedPackage = new MemoryStream())
                        {
                            await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage);

                            SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
                        }

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);

                Assert.True(isSigned);
            }
        public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
        {
            using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);

                    Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));

                    Assert.Equal(0, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Equal(1, test.Logger.Messages.Count());
                    Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."));
                }
        }
        public async Task SignAsync_WhenRepositoryCountersigningRepositoryCountersignedPackage_ThrowsAsync()
        {
            using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert))
            {
                await SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None);

                using (var package = new PackageArchiveReader(test.Options.OutputPackageStream))
                {
                    var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream);

                    Assert.True(isSigned);
                }

                var countersignedPackageOutputPath = test.GetNewTempFilePath();
                using (var countersignatureOptions = SigningOptions.CreateFromFilePaths(
                           test.OutputFile.FullName,
                           countersignedPackageOutputPath,
                           overwrite: false,
                           signatureProvider: new X509SignatureProvider(timestampProvider: null),
                           logger: NullLogger.Instance))
                {
                    await SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None);

                    var isRepositoryCountersigned = await SignedArchiveTestUtility.IsRepositoryCountersignedAsync(countersignatureOptions.OutputPackageStream);

                    Assert.True(isRepositoryCountersigned);
                }

                using (var countersignatureOptions = SigningOptions.CreateFromFilePaths(
                           countersignedPackageOutputPath,
                           test.GetNewTempFilePath(),
                           overwrite: false,
                           signatureProvider: new X509SignatureProvider(timestampProvider: null),
                           logger: NullLogger.Instance))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3032, exception.Code);
                    Assert.Contains("The package already contains a repository countersignature", exception.Message);
                }
            }
        }
            internal async Task RepositorySignAsync()
            {
                using (var request = new RepositorySignPackageRequest(
                           new X509Certificate2(Certificate),
                           HashAlgorithmName.SHA256,
                           HashAlgorithmName.SHA256,
                           new Uri("https://test.test"),
                           packageOwners: null))
                    using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
                        using (var signedPackage = new MemoryStream())
                        {
                            await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage);

                            SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
                        }

                var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);

                Assert.True(isSigned);
            }
        public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
        {
            var package = new SimpleTestPackageContext();

            using (var packageStream = await package.CreateAsStreamAsync())
                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);

                    Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));

                    Assert.Equal(0, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Equal(1, test.Logger.Messages.Count());
                    SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning);
                }
        }