public void CreateCmsSigner_WhenRequestNull_Throws()
{
var exception = Assert.Throws <ArgumentNullException>(
() => SigningUtility.CreateCmsSigner(request: null, logger: NullLogger.Instance));
Assert.Equal("request", exception.ParamName);
}
internal async Task CountersignAsync()
{
PrimarySignature primarySignature;
using (var archiveReader = new PackageArchiveReader(SignedPackage))
{
primarySignature = await archiveReader.GetPrimarySignatureAsync(CancellationToken.None);
}
using (var request = new UnknownSignPackageRequest(
new X509Certificate2(Certificate),
HashAlgorithmName.SHA256))
{
var cmsSigner = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
var signedCms = primarySignature.SignedCms;
signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
primarySignature = PrimarySignature.Load(signedCms.Encode());
}
using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
using (var signedPackage = new MemoryStream())
using (var archive = new SignedPackageArchive(originalPackage, signedPackage))
using (var signatureStream = new MemoryStream(primarySignature.GetBytes()))
{
await archive.AddSignatureAsync(signatureStream, CancellationToken.None);
SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
}
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);
Assert.True(isSigned);
}
internal static async Task <Test> CreateAsync(
X509Certificate2 certificate,
Uri v3ServiceIndexUrl = null,
IReadOnlyList <string> packageOwners = null)
{
v3ServiceIndexUrl = v3ServiceIndexUrl ?? new Uri("https://test.test");
var packageContext = new SimpleTestPackageContext();
var test = await CreateWithoutRepositoryCountersignatureAsync(certificate);
var request = new RepositorySignPackageRequest(
certificate,
HashAlgorithmName.SHA256,
HashAlgorithmName.SHA256,
SignaturePlacement.Countersignature,
v3ServiceIndexUrl,
packageOwners);
var cmsSigner = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
var signedCms = test.PrimarySignature.SignedCms;
signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
var primarySignature = PrimarySignature.Load(signedCms.Encode());
return(new Test(request, primarySignature));
}
public void CreateCmsSigner_WhenLoggerNull_Throws()
{
using (var request = new AuthorSignPackageRequest(new X509Certificate2(), Common.HashAlgorithmName.SHA256))
{
var exception = Assert.Throws <ArgumentNullException>(
() => SigningUtility.CreateCmsSigner(request, logger: null));
Assert.Equal("logger", exception.ParamName);
}
}
public void CreateCmsSigner_WithAuthorSignPackageRequest_ReturnsInstance()
{
using (var certificate = _fixture.GetDefaultCertificate())
using (var request = new AuthorSignPackageRequest(certificate, Common.HashAlgorithmName.SHA256))
{
var signer = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
Assert.Equal(request.Certificate, signer.Certificate);
Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), signer.DigestAlgorithm.Value);
VerifyAttributes(signer.SignedAttributes, request);
}
}
/// <summary>
/// Generates a SignedCMS object for some content.
/// </summary>
/// <param name="content"></param>
/// <param name="cert">Certificate for cms signer</param>
/// <returns>SignedCms object</returns>
public static SignedCms GenerateRepositoryCountersignedSignedCms(X509Certificate2 cert, byte[] content)
{
var contentInfo = new ContentInfo(content);
var hashAlgorithm = NuGet.Common.HashAlgorithmName.SHA256;
using (var primarySignatureRequest = new AuthorSignPackageRequest(new X509Certificate2(cert), hashAlgorithm))
using (var countersignatureRequest = new RepositorySignPackageRequest(new X509Certificate2(cert), hashAlgorithm, hashAlgorithm, new Uri("https://api.nuget.org/v3/index.json"), null))
{
var cmsSigner = SigningUtility.CreateCmsSigner(primarySignatureRequest, NullLogger.Instance);
var cms = new SignedCms(contentInfo);
cms.ComputeSignature(cmsSigner);
var counterCmsSigner = SigningUtility.CreateCmsSigner(countersignatureRequest, NullLogger.Instance);
cms.SignerInfos[0].ComputeCounterSignature(counterCmsSigner);
return(cms);
}
}
public void CreateCmsSigner_WithRepositorySignPackageRequest_ReturnsInstance()
{
var v3ServiceIndexUrl = new Uri("https://test.test", UriKind.Absolute);
var packageOwners = new[] { "a", "b", "c" };
using (var certificate = _fixture.GetDefaultCertificate())
using (var request = new RepositorySignPackageRequest(
certificate,
Common.HashAlgorithmName.SHA256,
Common.HashAlgorithmName.SHA256,
v3ServiceIndexUrl,
packageOwners))
{
var signer = SigningUtility.CreateCmsSigner(request, NullLogger.Instance);
Assert.Equal(request.Certificate, signer.Certificate);
Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), signer.DigestAlgorithm.Value);
VerifyAttributesRepository(signer.SignedAttributes, request);
}
}