public PackageExtractionContext(
PackageSaveMode packageSaveMode,
XmlDocFileSaveMode xmlDocFileSaveMode,
ILogger logger,
IPackageSignatureVerifier signedPackageVerifier)
{
Logger = logger ?? throw new ArgumentNullException(nameof(logger));
PackageSaveMode = packageSaveMode;
XmlDocFileSaveMode = xmlDocFileSaveMode;
SignedPackageVerifier = signedPackageVerifier;
}
public SignatureValidator(
IPackageSigningStateService packageSigningStateService,
IPackageSignatureVerifier minimalPackageSignatureVerifier,
IPackageSignatureVerifier fullPackageSignatureVerifier,
ISignaturePartsExtractor signaturePartsExtractor,
IProcessorPackageFileService packageFileService,
ICorePackageService corePackageService,
ITelemetryService telemetryService,
ILogger <SignatureValidator> logger)
{
_packageSigningStateService = packageSigningStateService ?? throw new ArgumentNullException(nameof(packageSigningStateService));
_minimalPackageSignatureVerifier = minimalPackageSignatureVerifier ?? throw new ArgumentNullException(nameof(minimalPackageSignatureVerifier));
_fullPackageSignatureVerifier = fullPackageSignatureVerifier ?? throw new ArgumentNullException(nameof(fullPackageSignatureVerifier));
_signaturePartsExtractor = signaturePartsExtractor ?? throw new ArgumentNullException(nameof(signaturePartsExtractor));
_packageFileService = packageFileService ?? throw new ArgumentNullException(nameof(packageFileService));
_corePackageService = corePackageService ?? throw new ArgumentNullException(nameof(corePackageService));
_telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
private async Task <SignatureValidatorResult> GetVerifyResult(
Context context,
string verificationName,
IPackageSignatureVerifier verifier)
{
var verifyResult = await verifier.VerifySignaturesAsync(
context.PackageReader,
context.CancellationToken,
parentId : Guid.Empty); // Pass an empty GUID, since we don't use client telemetry infrastructure.
var errorIssues = verifyResult
.Results
.SelectMany(x => x.GetErrorIssues())
.ToList();
var warningsForLogs = verifyResult
.Results
.SelectMany(x => x.GetWarningIssues())
.Select(x => $"{x.Code}: {x.Message}")
.ToList();
var errorsForLogs = errorIssues
.Select(x => $"{x.Code}: {x.Message}")
.ToList();
if (!verifyResult.Valid)
{
_logger.LogInformation(
"Signed package {PackageId} {PackageVersion} is blocked during {VerificationName} for validation {ValidationId} . Errors: [{Errors}] Warnings: [{Warnings}]",
context.Message.PackageId,
context.Message.PackageVersion,
verificationName,
context.Message.ValidationId,
errorsForLogs,
warningsForLogs);
// Treat the "signature format version" error specially. This is because the message provided by the
// client does not make sense in the server context.
IValidationIssue[] errorValidationIssues;
if (errorIssues.Any(x => x.Code == NuGetLogCode.NU3007))
{
errorValidationIssues = new[]
{
ValidationIssue.OnlySignatureFormatVersion1Supported,
};
}
else
{
errorValidationIssues = errorIssues
.Select(x => new ClientSigningVerificationFailure(x.Code.ToString(), x.Message))
.ToArray();
}
return(await RejectAsync(context, errorValidationIssues));
}
else
{
_logger.LogInformation(
"Signed package {PackageId} {PackageVersion} passed {VerificationName} for validation {ValidationId}. Errors: [{Errors}] Warnings: [{Warnings}]",
context.Message.PackageId,
context.Message.PackageVersion,
verificationName,
context.Message.ValidationId,
errorsForLogs,
warningsForLogs);
return(null);
}
}
public SignatureValidatorIntegrationTests(CertificateIntegrationTestFixture fixture, ITestOutputHelper output)
{
_fixture = fixture ?? throw new ArgumentNullException(nameof(fixture));
_output = output ?? throw new ArgumentNullException(nameof(output));
_validationEntitiesContext = new Mock <IValidationEntitiesContext>();
_validationEntitiesContext
.Setup(x => x.PackageSigningStates)
.Returns(DbSetMockFactory.Create <PackageSigningState>());
_validationEntitiesContext
.Setup(x => x.ParentCertificates)
.Returns(DbSetMockFactory.Create <ParentCertificate>());
_validationEntitiesContext
.Setup(x => x.EndCertificates)
.Returns(DbSetMockFactory.Create <EndCertificate>());
_validationEntitiesContext
.Setup(x => x.CertificateChainLinks)
.Returns(DbSetMockFactory.Create <CertificateChainLink>());
_validationEntitiesContext
.Setup(x => x.PackageSignatures)
.Returns(DbSetMockFactory.Create <PackageSignature>());
_validationEntitiesContext
.Setup(x => x.TrustedTimestamps)
.Returns(DbSetMockFactory.Create <TrustedTimestamp>());
var loggerFactory = new LoggerFactory();
loggerFactory.AddXunit(output);
_packageSigningStateService = new PackageSigningStateService(
_validationEntitiesContext.Object,
loggerFactory.CreateLogger <PackageSigningStateService>());
_certificateStore = new Mock <ICertificateStore>();
_signaturePartsExtractor = new SignaturePartsExtractor(
_certificateStore.Object,
_validationEntitiesContext.Object,
loggerFactory.CreateLogger <SignaturePartsExtractor>());
_packageFileService = new Mock <IProcessorPackageFileService>();
_nupkgUri = new Uri("https://example-storage/TestProcessor/b777135f-1aac-4ec2-a3eb-1f64fe1880d5/nuget.versioning.4.3.0.nupkg");
_packageFileService
.Setup(x => x.GetReadAndDeleteUriAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>()))
.ReturnsAsync(() => _nupkgUri);
_packageFileService
.Setup(x => x.SaveAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Guid>(), It.IsAny <Stream>()))
.Returns(Task.CompletedTask)
.Callback <string, string, Guid, Stream>((_, __, ___, s) =>
{
using (var memoryStream = new MemoryStream())
{
s.Position = 0;
s.CopyTo(memoryStream);
_savedPackageBytes = memoryStream.ToArray();
}
});
_corePackageService = new Mock <ICorePackageService>();
// These dependencies are concrete.
_minimalPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateMinimal();
_fullPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateFull();
_telemetryClient = new Mock <ITelemetryClient>();
_telemetryService = new TelemetryService(_telemetryClient.Object);
_logger = new RecordingLogger <SignatureValidator>(loggerFactory.CreateLogger <SignatureValidator>());
// Initialize data.
_packageKey = 23;
_message = new SignatureValidationMessage(
"SomePackageId",
"1.2.3",
new Uri("https://example/validation/somepackageid.1.2.3.nupkg"),
new Guid("8eb5affc-2d0e-4315-9b79-5a194d39ebd1"));
_token = CancellationToken.None;
// Initialize the subject of testing.
_target = new SignatureValidator(
_packageSigningStateService,
_minimalPackageSignatureVerifier,
_fullPackageSignatureVerifier,
_signaturePartsExtractor,
_packageFileService.Object,
_corePackageService.Object,
_telemetryService,
_logger);
}
