public async Task VerifyAsync_WithRevokedCountersignatureCertificate_ReturnsSuspect()
{
var testServer = await _fixture.GetSigningTestServerAsync();
var certificateAuthority = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();
var issueCertificateOptions = IssueCertificateOptions.CreateDefaultForEndCertificate();
var bcCertificate = certificateAuthority.IssueCertificate(issueCertificateOptions);
var timestampService = await _fixture.GetDefaultTrustedTimestampServiceAsync();
using (var certificate = new X509Certificate2(bcCertificate.GetEncoded()))
{
certificate.PrivateKey = DotNetUtilities.ToRSA(issueCertificateOptions.KeyPair.Private as RsaPrivateCrtKeyParameters);
using (var test = await Test.CreateAuthorSignedRepositoryCountersignedPackageAsync(
_fixture.TrustedTestCertificate.Source.Cert,
certificate,
timestampService.Url,
timestampService.Url))
using (var packageReader = new PackageArchiveReader(test.PackageFile.FullName))
{
await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate);
certificateAuthority.Revoke(
bcCertificate,
RevocationReason.KeyCompromise,
DateTimeOffset.UtcNow.AddHours(-1));
var status = await _verifier.VerifyAsync(packageReader, CancellationToken.None);
Assert.Equal(SignatureVerificationStatus.Suspect, status);
}
}
}
public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsync()
{
// Arrange
var nupkg = new SimpleTestPackageContext("A", "1.0.0");
var testServer = await _testFixture.GetSigningTestServerAsync();
var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
var issueOptions = IssueCertificateOptions.CreateDefaultForEndCertificate();
var bcCertificate = certificateAuthority.IssueCertificate(issueOptions);
using (var context = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(bcCertificate.GetEncoded()))
{
testCertificate.PrivateKey = DotNetUtilities.ToRSA(issueOptions.KeyPair.Private as RsaPrivateCrtKeyParameters);
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory);
SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate);
certificateAuthority.Revoke(
bcCertificate,
RevocationReason.KeyCompromise,
DateTimeOffset.UtcNow.AddSeconds(-1));
var args = new string[]
{
nupkg.Id,
"-Version",
nupkg.Version,
"-DirectDownload",
"-NoCache",
"-Source",
context.WorkingDirectory,
"-OutputDirectory",
Path.Combine(context.WorkingDirectory, "packages")
};
// Act
var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory)));
result.Errors.Should().Contain(string.Format(_NU3012, SigningTestUtility.AddSignatureLogPrefix(_NU3012Message, nupkg.Identity, context.WorkingDirectory)));
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
}
}