public async Task RejectsPackageWithMultipleSignatures(PackageSignatureType type, string resourceName) { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(resourceName); var existingPackageSignature1 = new PackageSignature { Key = 1, PackageKey = _packageKey, Type = type, }; var existingPackageSignature2 = new PackageSignature { Key = 2, PackageKey = _packageKey, Type = type, }; _entitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create(existingPackageSignature1, existingPackageSignature2)); // Act & Assert var ex = await Assert.ThrowsAsync <InvalidOperationException>( () => _target.ExtractAsync(_packageKey, signature, _token)); Assert.Equal("There should never be more than one package signature per package and signature type.", ex.Message); _entitiesContext.Verify( x => x.SaveChangesAsync(), Times.Never); Assert.Empty(_savedCertificates); }
public async Task RejectsPackageWithMultipleTimestamps() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); var existingPackageSignature = new PackageSignature { Key = 1, PackageKey = _packageKey, EndCertificate = new EndCertificate { Thumbprint = TestResources.Leaf1Thumbprint, }, TrustedTimestamps = new[] { new TrustedTimestamp(), new TrustedTimestamp(), }, Type = PackageSignatureType.Author, }; _entitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create(existingPackageSignature)); // Act & Assert var ex = await Assert.ThrowsAsync <InvalidOperationException>( () => _target.ExtractAsync(_packageKey, signature, _token)); Assert.Equal("There should never be more than one trusted timestamp per package signature.", ex.Message); _entitiesContext.Verify( x => x.SaveChangesAsync(), Times.Never); Assert.Empty(_savedCertificates); }
public async Task RejectsAuthorSignedPackageWithChangedSigningCertificateThumbprint() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); var existingPackageSignature = new PackageSignature { Key = 1, PackageKey = _packageKey, EndCertificate = new EndCertificate { Thumbprint = "something else", }, Type = PackageSignatureType.Author, }; _entitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create(existingPackageSignature)); // Act & Assert var ex = await Assert.ThrowsAsync <InvalidOperationException>( () => _target.ExtractAsync(_packageKey, signature, _token)); Assert.Equal("The thumbprint of the signature end certificate cannot change.", ex.Message); _entitiesContext.Verify( x => x.SaveChangesAsync(), Times.Never); Assert.Empty(_savedCertificates); }
public async Task SavesToStorageBeforeDatabaseCommit() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); const string database = "database"; const string storage = "storage"; var sequence = new List <string>(); _entitiesContext .Setup(x => x.SaveChangesAsync()) .ReturnsAsync(0) .Callback(() => sequence.Add(database)); _certificateStore .Setup(x => x.SaveAsync(It.IsAny <X509Certificate2>(), It.IsAny <CancellationToken>())) .Returns(Task.CompletedTask) .Callback(() => sequence.Add(storage)); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert Assert.NotEqual(database, storage); Assert.Single(sequence, database); Assert.Equal(database, sequence.Last()); Assert.Contains(storage, sequence); }
public async Task RejectsCertificateWithMultipleUses() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); var existingEndCertificate = new EndCertificate { Key = 1, Thumbprint = TestResources.Leaf1Thumbprint, Status = EndCertificateStatus.Good, Use = EndCertificateUse.Timestamping, CertificateChainLinks = new List <CertificateChainLink>(), }; _entitiesContext .Setup(x => x.EndCertificates) .Returns(DbSetMockFactory.Create(existingEndCertificate)); // Act & Assert var ex = await Assert.ThrowsAsync <InvalidOperationException>( () => _target.ExtractAsync(_packageKey, signature, _token)); Assert.Equal("The use of an end certificate cannot change.", ex.Message); _entitiesContext.Verify( x => x.SaveChangesAsync(), Times.Never); Assert.Empty(_savedCertificates); }
public async Task SaveSigningAndTimestampCertificatesForRepositoryPrimarySignature() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.RepoSignedPackageLeaf1); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert VerifyExtractedInformation(Leaf1Certificates, RepoSignedLeaf1TimestampValue, PackageSignatureType.Repository); }
public async Task SaveSigningAndTimestampCertificatesForAuthorAndReposignedPackage() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.AuthorAndRepoSignedPackageLeaf1); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert VerifyStoredCertificates(AuthorAndRepoSignedCertificates); VerifyPackageSignatureRecord(AuthorAndRepoSignedCertificates.PrimarySignature, AuthorAndRepoSignedPrimaryTimestampValue, PackageSignatureType.Author); VerifyPackageSignatureRecord(AuthorAndRepoSignedCertificates.Countersignature, AuthorAndRepoSignedCounterTimestampValue, PackageSignatureType.Repository); }
public async Task AcceptsRepoSignedPackageWithChangedSigningCertificateThumbprint() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.RepoSignedPackageLeaf1); var existingTrustedTimestamp = new TrustedTimestamp { EndCertificate = new EndCertificate { Thumbprint = "something else B", }, }; var existingPackageSignature = new PackageSignature { Key = 1, PackageKey = _packageKey, EndCertificate = new EndCertificate { Thumbprint = "something else A", }, Type = PackageSignatureType.Repository, TrustedTimestamps = new List <TrustedTimestamp> { existingTrustedTimestamp }, }; _entitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create(existingPackageSignature)); _entitiesContext .Setup(x => x.TrustedTimestamps) .Returns(DbSetMockFactory.Create(existingTrustedTimestamp)); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert var newPackageSignature = Assert.Single(_entitiesContext.Object.PackageSignatures); Assert.NotSame(existingPackageSignature, newPackageSignature); Assert.Equal(TestResources.Leaf1Thumbprint, newPackageSignature.EndCertificate.Thumbprint); var newTrustedTimestamp = Assert.Single(_entitiesContext.Object.TrustedTimestamps); Assert.NotSame(existingTrustedTimestamp, newTrustedTimestamp); Assert.Equal(TestResources.Leaf1TimestampThumbprint, newTrustedTimestamp.EndCertificate.Thumbprint); }
public async Task IgnoreExtraCertificates() { // Arrange var originalSignature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); var unrelatedSignature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf2); var signature = AddCertificates(originalSignature.SignedCms, unrelatedSignature.SignedCms); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author); Assert.Equal( Leaf1Certificates.Certificates.Count + 1, signature.SignedCms.Certificates.Count + signature.Timestamps.Sum(x => x.SignedCms.Certificates.Count)); }
public async Task DoesNotDuplicateWhenDataAlreadyExist() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); await _target.ExtractAsync(_packageKey, signature, _token); AssignIds(); _entitiesContext.ResetCalls(); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author); Assert.Equal(2, _entitiesContext.Object.EndCertificates.Count()); Assert.Equal(4, _entitiesContext.Object.ParentCertificates.Count()); Assert.Equal(4, _entitiesContext.Object.CertificateChainLinks.Count()); Assert.Equal(1, _entitiesContext.Object.PackageSignatures.Count()); Assert.Equal(1, _entitiesContext.Object.TrustedTimestamps.Count()); }
public async Task ProperlyInitializesEndCertificates() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert var endCertificates = _entitiesContext.Object.EndCertificates.ToList(); foreach (var endCertificate in endCertificates) { Assert.Null(endCertificate.LastVerificationTime); Assert.Null(endCertificate.NextStatusUpdateTime); Assert.Null(endCertificate.RevocationTime); Assert.Equal(EndCertificateStatus.Unknown, endCertificate.Status); Assert.NotEqual(default(EndCertificateUse), endCertificate.Use); Assert.Null(endCertificate.StatusUpdateTime); Assert.NotNull(endCertificate.Thumbprint); Assert.Equal(64, endCertificate.Thumbprint.Length); } }
public async Task DoesNotDuplicateWhenSomeDataAlreadyExist() { // Arrange var signature = await TestResources.LoadPrimarySignatureAsync(TestResources.SignedPackageLeaf1); var existingParentCertificate = new ParentCertificate { Key = 1, Thumbprint = TestResources.RootThumbprint, CertificateChainLinks = new List <CertificateChainLink>(), }; var existingEndCertificate = new EndCertificate { Key = 1, Thumbprint = TestResources.Leaf1Thumbprint, Status = EndCertificateStatus.Good, // Different than the default. Use = EndCertificateUse.CodeSigning, CertificateChainLinks = new List <CertificateChainLink>(), }; var existingLink = new CertificateChainLink { ParentCertificate = existingParentCertificate, ParentCertificateKey = existingParentCertificate.Key, EndCertificate = existingEndCertificate, EndCertificateKey = existingEndCertificate.Key, }; existingParentCertificate.CertificateChainLinks.Add(existingLink); existingEndCertificate.CertificateChainLinks.Add(existingLink); var existingPackageSignature = new PackageSignature { Key = 1, EndCertificate = existingEndCertificate, EndCertificateKey = existingEndCertificate.Key, Status = PackageSignatureStatus.Valid, CreatedAt = new DateTime(2017, 1, 1, 8, 30, 0, DateTimeKind.Utc), PackageKey = _packageKey, Type = PackageSignatureType.Author, TrustedTimestamps = new List <TrustedTimestamp>(), }; _entitiesContext .Setup(x => x.ParentCertificates) .Returns(DbSetMockFactory.Create(existingParentCertificate)); _entitiesContext .Setup(x => x.EndCertificates) .Returns(DbSetMockFactory.Create(existingEndCertificate)); _entitiesContext .Setup(x => x.CertificateChainLinks) .Returns(DbSetMockFactory.Create(existingLink)); _entitiesContext .Setup(x => x.PackageSignatures) .Returns(DbSetMockFactory.Create(existingPackageSignature)); // Act await _target.ExtractAsync(_packageKey, signature, _token); // Assert VerifyExtractedInformation(Leaf1Certificates, Leaf1TimestampValue, PackageSignatureType.Author); Assert.Equal(2, _entitiesContext.Object.EndCertificates.Count()); Assert.Equal(4, _entitiesContext.Object.ParentCertificates.Count()); Assert.Equal(4, _entitiesContext.Object.CertificateChainLinks.Count()); Assert.Equal(1, _entitiesContext.Object.PackageSignatures.Count()); Assert.Equal(1, _entitiesContext.Object.TrustedTimestamps.Count()); Assert.Equal(EndCertificateStatus.Good, existingEndCertificate.Status); Assert.Equal(PackageSignatureStatus.Valid, existingPackageSignature.Status); }