public void Verify_WhenChainBuildingFails_Throws()
{
using (var certificate = _fixture.GetExpiredCertificate())
using (var request = CreateRequest(certificate))
{
var logger = new TestLogger();
var exception = Assert.Throws <SignatureException>(
() => SigningUtility.Verify(request, logger));
Assert.Equal(NuGetLogCode.NU3018, exception.Code);
Assert.Equal("Certificate chain validation failed.", exception.Message);
Assert.Equal(RuntimeEnvironmentHelper.IsWindows ? 1 : 2, logger.Errors);
Assert.Equal(1, logger.Warnings);
if (RuntimeEnvironmentHelper.IsWindows)
{
AssertUntrustedRoot(logger.LogMessages, LogLevel.Warning);
AssertNotTimeValid(logger.LogMessages, LogLevel.Error);
}
else
{
AssertUntrustedRoot(logger.LogMessages, LogLevel.Error);
AssertPartialChain(logger.LogMessages, LogLevel.Error);
AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning);
}
}
}
public void Verify_WhenChainBuildingFails_Throws()
{
using (var certificate = _fixture.GetExpiredCertificate())
using (var request = CreateRequest(certificate))
{
var logger = new TestLogger();
var exception = Assert.Throws <SignatureException>(
() => SigningUtility.Verify(request, logger));
Assert.Equal(NuGetLogCode.NU3018, exception.Code);
Assert.Equal("Certificate chain validation failed.", exception.Message);
Assert.Equal(1, logger.Errors);
if (RuntimeEnvironmentHelper.IsLinux)
{
#if NETCORE5_0
Assert.Equal(1, logger.Warnings);
#else
Assert.Equal(2, logger.Warnings);
SigningTestUtility.AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning);
#endif
}
else
{
Assert.Equal(1, logger.Warnings);
}
SigningTestUtility.AssertNotTimeValid(logger.LogMessages, LogLevel.Error);
SigningTestUtility.AssertUntrustedRoot(logger.LogMessages, LogLevel.Warning);
}
}
public void Verify_WhenRequestNull_Throws()
{
var exception = Assert.Throws <ArgumentNullException>(
() => SigningUtility.Verify(request: null, logger: NullLogger.Instance));
Assert.Equal("request", exception.ParamName);
}
public void Verify_WithUntrustedSelfSignedCertificate_Succeeds()
{
using (var certificate = _fixture.GetDefaultCertificate())
using (var request = CreateRequest(certificate))
{
var logger = new TestLogger();
SigningUtility.Verify(request, logger);
Assert.Equal(0, logger.Errors);
#if (IS_DESKTOP || NETCORE5_0)
Assert.Equal(1, logger.Warnings);
#else
Assert.Equal(RuntimeEnvironmentHelper.IsLinux ? 2 : 1, logger.Warnings);
#endif
SigningTestUtility.AssertUntrustedRoot(logger.LogMessages, LogLevel.Warning);
#if !NETCORE5_0
if (RuntimeEnvironmentHelper.IsLinux)
{
SigningTestUtility.AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning);
}
#endif
}
}
public void Verify_WithValidInput_DoesNotThrow()
{
using (var certificate = new X509Certificate2(_testFixture.TrustedTestCertificate.Source.PublicCert.RawData))
using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256))
{
SigningUtility.Verify(request, NullLogger.Instance);
}
}
public async Task <int> ExecuteCommandAsync(
IEnumerable <string> packagesToSign,
AuthorSignPackageRequest signPackageRequest,
string timestamper,
ILogger logger,
string outputDirectory,
bool overwrite,
CancellationToken token)
{
var success = true;
try
{
SigningUtility.Verify(signPackageRequest, logger);
}
catch (Exception e)
{
success = false;
ExceptionUtilities.LogException(e, logger);
}
if (success)
{
var signatureProvider = GetSignatureProvider(timestamper);
foreach (var packagePath in packagesToSign)
{
try
{
string outputPath;
if (string.IsNullOrEmpty(outputDirectory))
{
outputPath = packagePath;
}
else
{
outputPath = Path.Combine(outputDirectory, Path.GetFileName(packagePath));
}
await SignPackageAsync(packagePath, outputPath, logger, overwrite, signatureProvider, signPackageRequest, token);
}
catch (Exception e)
{
success = false;
ExceptionUtilities.LogException(e, logger);
}
}
}
if (success)
{
logger.LogInformation(Strings.SignCommandSuccess);
}
return(success ? 0 : 1);
}
public void Verify_WhenLoggerNull_Throws()
{
using (var certificate = _fixture.GetDefaultCertificate())
using (var request = CreateRequest(certificate))
{
var exception = Assert.Throws <ArgumentNullException>(
() => SigningUtility.Verify(request, logger: null));
Assert.Equal("logger", exception.ParamName);
}
}
public void Verify_WithNotYetValidCertificate_Throws()
{
using (var certificate = _fixture.GetNotYetValidCertificate())
using (var request = CreateRequest(certificate))
{
var exception = Assert.Throws <SignatureException>(
() => SigningUtility.Verify(request, NullLogger.Instance));
Assert.Equal(NuGetLogCode.NU3017, exception.Code);
Assert.Equal("The signing certificate is not yet valid.", exception.Message);
}
}
public void Verify_WithCertificateWithLifetimeSigningEku_Throws()
{
using (var certificate = _fixture.GetLifetimeSigningCertificate())
using (var request = CreateRequest(certificate))
{
var exception = Assert.Throws <SignatureException>(
() => SigningUtility.Verify(request, NullLogger.Instance));
Assert.Equal(NuGetLogCode.NU3015, exception.Code);
Assert.Equal("The lifetime signing EKU is not supported.", exception.Message);
}
}
public void Verify_WithCertificateWithUnsupportedSignatureAlgorithm_Throws()
{
using (var certificate = _fixture.GetRsaSsaPssCertificate())
using (var request = CreateRequest(certificate))
{
var exception = Assert.Throws <SignatureException>(
() => SigningUtility.Verify(request, NullLogger.Instance));
Assert.Equal(NuGetLogCode.NU3013, exception.Code);
Assert.Equal("The signing certificate has an unsupported signature algorithm.", exception.Message);
}
}
public void Verify_WithUntrustedSelfSignedCertificate_Succeeds()
{
using (var certificate = _fixture.GetDefaultCertificate())
using (var request = CreateRequest(certificate))
{
var logger = new TestLogger();
SigningUtility.Verify(request, logger);
Assert.Equal(0, logger.Errors);
Assert.Equal(RuntimeEnvironmentHelper.IsWindows ? 1 : 2, logger.Warnings);
AssertUntrustedRoot(logger.LogMessages, LogLevel.Warning);
if (!RuntimeEnvironmentHelper.IsWindows)
{
AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning);
}
}
}
public async Task <int> ExecuteCommandAsync(
IEnumerable <string> packagesToSign,
SignPackageRequest signPackageRequest,
string timestamper,
ILogger logger,
string outputDirectory,
bool overwrite,
CancellationToken token)
{
var success = true;
try
{
SigningUtility.Verify(signPackageRequest, logger);
}
catch (Exception e)
{
success = false;
ExceptionUtilities.LogException(e, logger);
}
if (success)
{
var signatureProvider = GetSignatureProvider(timestamper);
foreach (var packagePath in packagesToSign)
{
// Set the output of the signing operation to a temp file because signing cannot be done in place.
var tempPackageFile = new FileInfo(Path.GetTempFileName());
try
{
string outputPath;
if (string.IsNullOrEmpty(outputDirectory))
{
outputPath = packagePath;
}
else
{
outputPath = Path.Combine(outputDirectory, Path.GetFileName(packagePath));
}
using (var options = SigningOptions.CreateFromFilePaths(
packagePath,
tempPackageFile.FullName,
overwrite,
signatureProvider,
logger))
{
await SigningUtility.SignAsync(options, signPackageRequest, token);
}
if (tempPackageFile.Length > 0)
{
FileUtility.Replace(tempPackageFile.FullName, outputPath);
}
else
{
throw new SignatureException(Strings.Error_UnableToSignPackage);
}
}
catch (Exception e)
{
success = false;
ExceptionUtilities.LogException(e, logger);
}
finally
{
FileUtility.Delete(tempPackageFile.FullName);
}
}
}
if (success)
{
logger.LogInformation(Strings.SignCommandSuccess);
}
return(success ? 0 : 1);
}