public async Task GetTrustResultAsync_WhenPackageIsNull_Throws()
        {
            var exception = await Assert.ThrowsAsync <ArgumentNullException>(
                () => _provider.GetTrustResultAsync(
                    package: null,
                    signature: _signature.Value,
                    settings: SignedPackageVerifierSettings.GetDefault(),
                    token: CancellationToken.None));

            Assert.Equal("package", exception.ParamName);
        }
        private static async Task <List <SignatureLog> > VerifyUnavailableRevocationInfo(
            SignatureVerificationStatus expectedStatus,
            LogLevel expectedLogLevel,
            SignedPackageVerifierSettings setting)
        {
            var verificationProvider = new SignatureTrustAndValidityVerificationProvider();

            using (var nupkgStream = new MemoryStream(GetResource("UnavailableCrlPackage.nupkg")))
                using (var package = new PackageArchiveReader(nupkgStream, leaveStreamOpen: false))
                {
                    // Read a signature that is valid in every way except that the CRL information is unavailable.
                    var signature = await package.GetSignatureAsync(CancellationToken.None);

                    var rootCertificate = SignatureUtility.GetPrimarySignatureCertificates(signature).Last();

                    // Trust the root CA of the signing certificate.
                    using (var testCertificate = TrustedTestCert.Create(
                               rootCertificate,
                               StoreName.Root,
                               StoreLocation.LocalMachine,
                               maximumValidityPeriod: TimeSpan.MaxValue))
                    {
                        // Act
                        var result = await verificationProvider.GetTrustResultAsync(package, signature, setting, CancellationToken.None);

                        // Assert
                        Assert.Equal(expectedStatus, result.Trust);
                        return(result
                               .Issues
                               .Where(x => x.Level >= expectedLogLevel)
                               .OrderBy(x => x.Message)
                               .ToList());
                    }
                }
        }
        public async Task GetTrustResultAsync_WithInvalidSignature_Throws()
        {
            var package          = new SimpleTestPackageContext();
            var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();

            using (var directory = TestDirectory.Create())
                using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                {
                    var packageFilePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync(
                        testCertificate,
                        package,
                        directory,
                        timestampService.Url);

                    using (var packageReader = new PackageArchiveReader(packageFilePath))
                    {
                        var signature = await packageReader.GetSignatureAsync(CancellationToken.None);

                        var invalidSignature = SignedArchiveTestUtility.GenerateInvalidSignature(signature);
                        var provider         = new SignatureTrustAndValidityVerificationProvider();

                        var result = await provider.GetTrustResultAsync(
                            packageReader,
                            invalidSignature,
                            SignedPackageVerifierSettings.Default,
                            CancellationToken.None);

                        var issue = result.Issues.FirstOrDefault(log => log.Code == NuGetLogCode.NU3012);

                        Assert.NotNull(issue);
                        Assert.Equal("Primary signature validation failed.", issue.Message);
                    }
                }
        }
Exemple #4
0
        public async Task GetTrustResultAsync_WithNoSigningCertificate_Throws()
        {
            var package = new SimpleTestPackageContext();

            using (var directory = TestDirectory.Create())
                using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                {
                    var packageFilePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync(testCertificate, package, directory);

                    using (var packageReader = new PackageArchiveReader(packageFilePath))
                    {
                        var signature = (await packageReader.GetSignaturesAsync(CancellationToken.None)).Single();
                        var signatureWithNoCertificates = GenerateSignatureWithNoCertificates(signature);
                        var provider = new SignatureTrustAndValidityVerificationProvider();

                        var result = await provider.GetTrustResultAsync(
                            packageReader,
                            signatureWithNoCertificates,
                            SignedPackageVerifierSettings.Default,
                            CancellationToken.None);

                        var issue = result.Issues.FirstOrDefault(log => log.Code == NuGetLogCode.NU3010);

                        Assert.NotNull(issue);
                        Assert.Equal("The primary signature does not have a signing certificate.", issue.Message);
                    }
                }
        }
Exemple #5
0
        public async Task GetTrustResultAsync_SettingsRequireExactlyOneTimestamp_MultipleTimestamps_Fails()
        {
            // Arrange
            var nupkg            = new SimpleTestPackageContext();
            var testLogger       = new TestLogger();
            var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();

            var setting = new SignedPackageVerifierSettings(
                allowUnsigned: false,
                allowIllegal: false,
                allowUntrusted: false,
                allowUntrustedSelfIssuedCertificate: false,
                allowIgnoreTimestamp: false,
                allowMultipleTimestamps: false,
                allowNoTimestamp: false,
                allowUnknownRevocation: false,
                allowNoClientCertificateList: true,
                allowNoRepositoryCertificateList: true);

            var timestampProvider    = new Rfc3161TimestampProvider(timestampService.Url);
            var verificationProvider = new SignatureTrustAndValidityVerificationProvider();

            using (var package = new PackageArchiveReader(nupkg.CreateAsStream(), leaveStreamOpen: false))
                using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                    using (var signatureRequest = new AuthorSignPackageRequest(testCertificate, HashAlgorithmName.SHA256))
                    {
                        var signature = await SignedArchiveTestUtility.CreatePrimarySignatureForPackageAsync(package, signatureRequest);

                        var timestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, signature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger);

                        var reTimestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, timestampedSignature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger);

                        timestampedSignature.Timestamps.Count.Should().Be(1);
                        reTimestampedSignature.Timestamps.Count.Should().Be(2);

                        // Act
                        var result = await verificationProvider.GetTrustResultAsync(package, reTimestampedSignature, setting, CancellationToken.None);

                        var totalErrorIssues = result.GetErrorIssues();

                        // Assert
                        result.Trust.Should().Be(SignatureVerificationStatus.Illegal);
                        totalErrorIssues.Count().Should().Be(1);
                        totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3000);
                    }
        }