private async Task HandleSignedPackageAsync(
ISignedPackageReader signedPackageReader,
ValidatorStatus validation,
SignatureValidationMessage message,
CancellationToken cancellationToken)
{
// Block packages that don't have exactly one signature.
var packageSignatures = await signedPackageReader.GetSignaturesAsync(cancellationToken);
if (packageSignatures.Count != 1)
{
_logger.LogInformation(
"Signed package {PackageId} {PackageVersion} is blocked for validation {ValidationId} since it has {SignatureCount} signatures.",
message.PackageId,
message.PackageVersion,
message.ValidationId,
packageSignatures.Count);
await RejectAsync(validation, message);
return;
}
// Block packages with any unknown signing certificates.
var packageThumbprints = GetThumbprints(packageSignatures);
var knownThumbprints = _certificates
.GetAll()
.Where(c => packageThumbprints.Contains(c.Thumbprint))
.Select(c => c.Thumbprint)
.ToList();
var unknownThumbprints = packageThumbprints.Except(knownThumbprints);
if (unknownThumbprints.Any())
{
_logger.LogInformation(
"Signed package {PackageId} {PackageVersion} is blocked for validation {ValidationId} since it has unknown certificate thumbprints: {UnknownThumbprints}",
message.PackageId,
message.PackageVersion,
message.ValidationId,
unknownThumbprints);
await RejectAsync(validation, message);
return;
}
// For now, we assume safe-listed certificates are totally valid.
_logger.LogInformation(
"Signed package {PackageId} {PackageVersion} is accepted for validation {ValidationId} with certificate thumbprints: {PackageThumbprints}",
message.PackageId,
message.PackageVersion,
message.ValidationId,
packageThumbprints);
await AcceptAsync(validation, message, PackageSigningStatus.Valid);
return;
}
public async Task <VerifySignaturesResult> VerifySignaturesAsync(ISignedPackageReader package, CancellationToken token)
{
var valid = false;
var trustResults = new List <PackageVerificationResult>();
var isSigned = await package.IsSignedAsync(token);
if (isSigned)
{
try
{
// Read package signatures
var signatures = await package.GetSignaturesAsync(token);
var signaturesAreValid = signatures.Count > 0; // Fail if there are no signatures
// Verify that the signatures are trusted
foreach (var signature in signatures)
{
var sigTrustResults = await Task.WhenAll(_verificationProviders.Select(e => e.GetTrustResultAsync(package, signature, _settings, token)));
signaturesAreValid &= IsValid(sigTrustResults, _settings.AllowUntrusted);
trustResults.AddRange(sigTrustResults);
}
valid = signaturesAreValid;
}
catch (SignatureException e)
{
// SignatureException generated while parsing signatures
var issues = new[] {
SignatureLog.Issue(!_settings.AllowUntrusted, e.Code, e.Message),
SignatureLog.DebugLog(e.ToString())
};
trustResults.Add(new InvalidSignaturePackageVerificationResult(SignatureVerificationStatus.Untrusted, issues));
valid = _settings.AllowUntrusted;
}
catch (CryptographicException e)
{
// CryptographicException generated while parsing the SignedCms object
var issues = new[] {
SignatureLog.Issue(!_settings.AllowUntrusted, NuGetLogCode.NU3003, Strings.ErrorPackageSignatureInvalid),
SignatureLog.DebugLog(e.ToString())
};
trustResults.Add(new InvalidSignaturePackageVerificationResult(SignatureVerificationStatus.Untrusted, issues));
valid = _settings.AllowUntrusted;
}
}
else if (_settings.AllowUnsigned)
{
// An unsigned package is valid only if unsigned packages are allowed.
valid = true;
}
else
{
var issues = new[] { SignatureLog.Issue(fatal: true, code: NuGetLogCode.NU3004, message: Strings.ErrorPackageNotSigned) };
trustResults.Add(new UnsignedPackageVerificationResult(SignatureVerificationStatus.Invalid, issues));
valid = false;
}
return(new VerifySignaturesResult(valid, trustResults));
}