public void Constructor_InitializesProperties(
bool boolValue,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior signatureVerificationBehavior,
RevocationMode revocationMode)
{
// Arrange & Act
var settings = new SignedPackageVerifierSettings(
allowUnsigned: boolValue,
allowIllegal: boolValue,
allowUntrusted: boolValue,
allowIgnoreTimestamp: boolValue,
allowMultipleTimestamps: boolValue,
allowNoTimestamp: boolValue,
allowUnknownRevocation: boolValue,
reportUnknownRevocation: boolValue,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior,
revocationMode: revocationMode);
// Assert
settings.AllowUnsigned.Should().Be(boolValue);
settings.AllowIllegal.Should().Be(boolValue);
settings.AllowUntrusted.Should().Be(boolValue);
settings.AllowIgnoreTimestamp.Should().Be(boolValue);
settings.AllowMultipleTimestamps.Should().Be(boolValue);
settings.AllowNoTimestamp.Should().Be(boolValue);
settings.AllowUnknownRevocation.Should().Be(boolValue);
settings.ReportUnknownRevocation.Should().Be(boolValue);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior);
settings.RevocationMode.Should().Be(revocationMode);
}
public void ConstructorWithLists_WhenArgumentCombinationIsInvalid_Throws(
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
string parameterName1,
string parameterName2)
{
var exception = Assert.Throws <ArgumentException>(() => new SignedPackageVerifierSettings(
allowUnsigned: false,
allowIllegal: false,
allowUntrusted: false,
allowIgnoreTimestamp: false,
allowMultipleTimestamps: false,
allowNoTimestamp: false,
allowUnknownRevocation: false,
reportUnknownRevocation: true,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: repositoryCountersignatureVerificationBehavior,
allowNoRepositoryCertificateList: false,
allowNoClientCertificateList: false,
repoAllowListEntries: Array.Empty <VerificationAllowListEntry>(),
clientAllowListEntries: Array.Empty <VerificationAllowListEntry>()));
Assert.Equal(parameterName2, exception.ParamName);
Assert.StartsWith($"Invalid combination of arguments {parameterName1} and {parameterName2}.", exception.Message);
}
public CertificateEntryLookupEntry(VerificationTarget target, SignaturePlacement placement, CertificateItem certificate, ICollection <string> owners = null)
{
Target = target;
Placement = placement;
Certificate = certificate ?? throw new ArgumentNullException(nameof(certificate));
Owners = owners;
}
public SignedPackageVerifierSettings(
bool allowUnsigned,
bool allowIllegal,
bool allowUntrusted,
bool allowIgnoreTimestamp,
bool allowMultipleTimestamps,
bool allowNoTimestamp,
bool allowUnknownRevocation,
bool reportUnknownRevocation,
bool allowNoRepositoryCertificateList,
bool allowNoClientCertificateList,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
RevocationMode revocationMode)
: this(
allowUnsigned,
allowIllegal,
allowUntrusted,
allowIgnoreTimestamp,
allowMultipleTimestamps,
allowNoTimestamp,
allowUnknownRevocation,
reportUnknownRevocation,
allowNoRepositoryCertificateList,
allowNoClientCertificateList,
verificationTarget,
signaturePlacement,
repositoryCountersignatureVerificationBehavior,
revocationMode,
repoAllowListEntries : null,
clientAllowListEntries : null)
{
}
public void IsVerificationTarget_WhenSignatureTypeMatches_ReturnsTrue(
SignatureType signatureType,
VerificationTarget target)
{
var isVerificationTarget = VerificationUtility.IsVerificationTarget(signatureType, target);
Assert.True(isVerificationTarget);
}
public void IsVerificationTarget_WhenSignatureTypeDoesNotMatch_ReturnsFalse(
SignatureType signatureType,
VerificationTarget target)
{
var isVerificationTarget = VerificationUtility.IsVerificationTarget(signatureType, target);
Assert.False(isVerificationTarget);
}
public VerificationAllowListEntry(VerificationTarget target, SignaturePlacement placement)
{
if (target == VerificationTarget.Author && placement.HasFlag(SignaturePlacement.Countersignature))
{
throw new ArgumentException(Strings.ErrorAuthorTargetCannotBeACountersignature);
}
Target = target;
Placement = placement;
}
public TrustedSignerAllowListEntry(
VerificationTarget target,
SignaturePlacement placement,
string fingerprint,
HashAlgorithmName algorithm,
bool allowUntrustedRoot = false,
IReadOnlyList <string> owners = null)
: base(target, placement, fingerprint, algorithm)
{
AllowUntrustedRoot = allowUntrustedRoot;
Owners = owners;
}
private static void AddCertificateFingerprintIntoAllowList(
VerificationTarget target,
HashAlgorithmName algorithm,
IRepositoryCertificateInfo certInfo,
List <CertificateHashAllowListEntry> allowList)
{
var fingerprint = certInfo.Fingerprints[algorithm.ConvertToOidString()];
if (!string.IsNullOrEmpty(fingerprint))
{
allowList.Add(new CertificateHashAllowListEntry(target, fingerprint, algorithm));
}
}
public static bool IsVerificationTarget(SignatureType signatureType, VerificationTarget target)
{
switch (signatureType)
{
case SignatureType.Unknown:
return(target.HasFlag(VerificationTarget.Unknown));
case SignatureType.Author:
return(target.HasFlag(VerificationTarget.Author));
case SignatureType.Repository:
return(target.HasFlag(VerificationTarget.Repository));
default:
throw new NotImplementedException();
}
}
public void ConstructorWithLists_InitializesProperties(
bool boolValue,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior signatureVerificationBehavior,
RevocationMode revocationMode)
{
// Arrange
var repoList = new List <CertificateHashAllowListEntry>();
var clientList = new List <CertificateHashAllowListEntry>();
// Act
var settings = new SignedPackageVerifierSettings(
allowUnsigned: boolValue,
allowIllegal: boolValue,
allowUntrusted: boolValue,
allowIgnoreTimestamp: boolValue,
allowMultipleTimestamps: boolValue,
allowNoTimestamp: boolValue,
allowUnknownRevocation: boolValue,
reportUnknownRevocation: boolValue,
allowNoRepositoryCertificateList: boolValue,
allowNoClientCertificateList: boolValue,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior,
revocationMode: revocationMode,
repoAllowListEntries: repoList,
clientAllowListEntries: clientList);
// Assert
settings.AllowUnsigned.Should().Be(boolValue);
settings.AllowIllegal.Should().Be(boolValue);
settings.AllowUntrusted.Should().Be(boolValue);
settings.AllowIgnoreTimestamp.Should().Be(boolValue);
settings.AllowMultipleTimestamps.Should().Be(boolValue);
settings.AllowNoTimestamp.Should().Be(boolValue);
settings.AllowUnknownRevocation.Should().Be(boolValue);
settings.AllowNoRepositoryCertificateList.Should().Be(boolValue);
settings.AllowNoClientCertificateList.Should().Be(boolValue);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior);
settings.RevocationMode.Should().Be(revocationMode);
settings.RepositoryCertificateList.Should().BeSameAs(repoList);
settings.ClientCertificateList.Should().BeSameAs(clientList);
}
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm)
: base(target, placement)
{
if (!Enum.IsDefined(typeof(SignaturePlacement), placement))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
placement),
nameof(placement));
}
if (!Enum.IsDefined(typeof(HashAlgorithmName), algorithm))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
algorithm),
nameof(algorithm));
}
if ((placement.HasFlag(SignaturePlacement.Countersignature) && !target.HasFlag(VerificationTarget.Repository)) ||
(placement == SignaturePlacement.Countersignature && target != VerificationTarget.Repository))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(target),
nameof(placement)),
nameof(placement));
}
Fingerprint = fingerprint ?? throw new ArgumentNullException(nameof(fingerprint));
FingerprintAlgorithm = algorithm;
}
public SignedPackageVerifierSettings(
bool allowUnsigned,
bool allowIllegal,
bool allowUntrusted,
bool allowIgnoreTimestamp,
bool allowMultipleTimestamps,
bool allowNoTimestamp,
bool allowUnknownRevocation,
bool reportUnknownRevocation,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
RevocationMode revocationMode)
{
if (!Enum.IsDefined(typeof(VerificationTarget), verificationTarget))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
verificationTarget),
nameof(verificationTarget));
}
if (!Enum.IsDefined(typeof(SignaturePlacement), signaturePlacement))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
signaturePlacement),
nameof(signaturePlacement));
}
if (!Enum.IsDefined(typeof(SignatureVerificationBehavior), repositoryCountersignatureVerificationBehavior))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
repositoryCountersignatureVerificationBehavior),
nameof(repositoryCountersignatureVerificationBehavior));
}
if ((signaturePlacement.HasFlag(SignaturePlacement.Countersignature) && !verificationTarget.HasFlag(VerificationTarget.Repository)) ||
(signaturePlacement == SignaturePlacement.Countersignature && verificationTarget != VerificationTarget.Repository))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(verificationTarget),
nameof(signaturePlacement)),
nameof(signaturePlacement));
}
if ((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Never) ==
signaturePlacement.HasFlag(SignaturePlacement.Countersignature) ||
((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Always) &&
!signaturePlacement.HasFlag(SignaturePlacement.Countersignature)))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(signaturePlacement),
nameof(repositoryCountersignatureVerificationBehavior)),
nameof(repositoryCountersignatureVerificationBehavior));
}
AllowUnsigned = allowUnsigned;
AllowIllegal = allowIllegal;
AllowUntrusted = allowUntrusted;
AllowIgnoreTimestamp = allowIgnoreTimestamp;
AllowMultipleTimestamps = allowMultipleTimestamps;
AllowNoTimestamp = allowNoTimestamp;
AllowUnknownRevocation = allowUnknownRevocation;
ReportUnknownRevocation = reportUnknownRevocation;
VerificationTarget = verificationTarget;
SignaturePlacement = signaturePlacement;
RepositoryCountersignatureVerificationBehavior = repositoryCountersignatureVerificationBehavior;
RevocationMode = revocationMode;
}
private static bool IsSignatureTargeted(VerificationTarget target, Signature signature)
{
return((target.HasFlag(VerificationTarget.Author) && signature is AuthorPrimarySignature) ||
(target.HasFlag(VerificationTarget.Repository) && signature is RepositoryPrimarySignature) ||
(target.HasFlag(VerificationTarget.Repository) && signature is RepositoryCountersignature));
}
public VerificationAllowListEntry(VerificationTarget target)
{
VerificationTarget = target;
}
/// <summary>
/// Adds a trusted signer item to the settings based a signed package.
/// </summary>
/// <param name="name">Name of the trusted signer.</param>
/// <param name="package">Package to read signature from.</param>
/// <param name="trustTarget">Signature to trust from package.</param>
/// <param name="allowUntrustedRoot">Specifies if allowUntrustedRoot should be set to true.</param>
/// <param name="owners">Trusted owners that should be set when trusting a repository.</param>
/// <param name="token">Cancellation token for async request</param>
public async Task AddTrustedSignerAsync(string name, ISignedPackageReader package, VerificationTarget trustTarget, bool allowUntrustedRoot, IEnumerable <string> owners, CancellationToken token)
{
if (package == null)
{
throw new ArgumentNullException(nameof(package));
}
if (string.IsNullOrEmpty(name))
{
throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(name));
}
if (!Enum.IsDefined(typeof(VerificationTarget), trustTarget) || (trustTarget != VerificationTarget.Repository && trustTarget != VerificationTarget.Author))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Strings.Error_UnsupportedTrustTarget, trustTarget.ToString()));
}
if (trustTarget == VerificationTarget.Author && owners != null && owners.Any())
{
throw new ArgumentException(Strings.Error_TrustedAuthorNoOwners);
}
token.ThrowIfCancellationRequested();
string v3ServiceIndex = null;
IRepositorySignature repositorySignature = null;
var trustingRepository = trustTarget.HasFlag(VerificationTarget.Repository);
var primarySignature = await package.GetPrimarySignatureAsync(token);
if (primarySignature == null)
{
throw new InvalidOperationException(Strings.Error_PackageNotSigned);
}
if (trustingRepository)
{
if (primarySignature.Type == SignatureType.Repository)
{
repositorySignature = primarySignature as RepositoryPrimarySignature;
}
else
{
var countersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature);
repositorySignature = countersignature ?? throw new InvalidOperationException(Strings.Error_RepoTrustExpectedRepoSignature);
}
v3ServiceIndex = repositorySignature.V3ServiceIndexUrl.AbsoluteUri;
}
ValidateNoExistingSigner(name, v3ServiceIndex, trustingRepository);
if (trustingRepository)
{
var certificateItem = GetCertificateItemForSignature(repositorySignature, allowUntrustedRoot);
_trustedSignersProvider.AddOrUpdateTrustedSigner(new RepositoryItem(name, v3ServiceIndex, CreateOwnersList(owners), certificateItem));
await _logger.LogAsync(LogLevel.Information, string.Format(CultureInfo.CurrentCulture, Strings.SuccessfullyAddedTrustedRepository, name));
}
else
{
if (primarySignature.Type != SignatureType.Author)
{
throw new InvalidOperationException(Strings.Error_AuthorTrustExpectedAuthorSignature);
}
var certificateItem = GetCertificateItemForSignature(primarySignature, allowUntrustedRoot);
_trustedSignersProvider.AddOrUpdateTrustedSigner(new AuthorItem(name, certificateItem));
await _logger.LogAsync(LogLevel.Information, string.Format(CultureInfo.CurrentCulture, Strings.SuccessfullyAddedTrustedAuthor, name));
}
}
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm)
: base(target, placement)
{
Fingerprint = fingerprint;
FingerprintAlgorithm = algorithm;
}
public CertificateHashAllowListEntry(VerificationTarget target, string fingerprint)
: base(target)
{
CertificateFingerprint = fingerprint;
}
