Esempi di codice in C# (CSharp) per ISigningTestServer

Esempio n. 1

0

Mostra file

        private void VerifyTimestampData(
            ISigningTestServer testServer,
            TimestampService timestampService,
            Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
        {
            using (testServer.RegisterResponder(timestampService))
            {
                var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);

                using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                {
                    var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
                    var content        = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "peach");
                    var signedCms      = SigningTestUtility.GenerateSignedCms(certificate, content.GetBytes());
                    var signature      = PrimarySignature.Load(signedCms.Encode());
                    var signatureValue = signature.GetSignatureValue();
                    var messageHash    = timestampHashAlgorithm.ComputeHash(signatureValue);

                    var request = new TimestampRequest(
                        SigningSpecifications.V1,
                        messageHash,
                        timestampHashAlgorithm,
                        SignaturePlacement.PrimarySignature);

                    verifyTimestampData(timestampProvider, request);
                }
            }
        }

Esempio n. 2

0

Mostra file

File: CrossFrameworkVerificationTest.cs Progetto: workgroupengineering/NuGet.Client

        public async Task GetTimestampCertificateChain_WithNoSigningCertificateUsage_Throws()
        {
            ISigningTestServer testServer = await _testFixture.GetSigningTestServerAsync();

            CertificateAuthority rootCa = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();

            var options = new TimestampServiceOptions()
            {
                SigningCertificateUsage = SigningCertificateUsage.None
            };
            TimestampService timestampService = TimestampService.Create(rootCa, options);

            using (testServer.RegisterResponder(timestampService))
            {
                var nupkg = new SimpleTestPackageContext();

                using (var certificate = new X509Certificate2(_testFixture.TrustedTestCertificate.Source.Cert))
                    using (TestDirectory directory = TestDirectory.Create())
                    {
                        string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
                            certificate,
                            nupkg,
                            directory,
                            timestampService.Url);

                        // Act
                        CommandRunnerResult result = RunVerifyCommand(signedPackagePath);

                        // Assert
                        result.Success.Should().BeFalse(because: result.AllOutput);
                        result.AllOutput.Should().Contain("Either the signing-certificate or signing-certificate-v2 attribute must be present.");
                        result.AllOutput.Should().NotContain(_successfullyVerified);
                    }
            }
        }

Esempio n. 3

0

Mostra file

        private void VerifyTimestampData(
            ISigningTestServer testServer,
            TimestampService timestampService,
            Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
        {
            using (testServer.RegisterResponder(timestampService))
            {
                var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);

                using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                {
                    var content   = Encoding.UTF8.GetBytes("peach");
                    var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content);

                    var request = new TimestampRequest()
                    {
                        SigningSpec            = SigningSpecifications.V1,
                        TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
                        Signature = signedCms.Encode()
                    };

                    verifyTimestampData(timestampProvider, request);
                }
            }
        }

Esempio n. 4

0

Mostra file

File: ExtensionMethods.cs Progetto: edyoung/NuGet.Jobs

        public static DisposableList <IDisposable> RegisterResponders(
            this ISigningTestServer testServer,
            CertificateAuthority ca,
            bool addCa   = true,
            bool addOcsp = true)
        {
            var responders = new DisposableList <IDisposable>();
            var currentCa  = ca;

            while (currentCa != null)
            {
                if (addCa)
                {
                    responders.Add(testServer.RegisterResponder(currentCa));
                }

                if (addOcsp)
                {
                    responders.Add(testServer.RegisterResponder(currentCa.OcspResponder));
                }

                currentCa = currentCa.Parent;
            }

            return(responders);
        }

Esempio n. 5

0

Mostra file

File: PackageSignatureVerifierTests.cs Progetto: workgroupengineering/NuGet.Client

            public async Task VerifySignaturesAsync_ExpiredCertificateAndTimestampWithTooLargeRange_FailsAsync()
            {
                ISigningTestServer testServer = await _testFixture.GetSigningTestServerAsync();

                CertificateAuthority ca = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();

                var accuracy       = new BcAccuracy(seconds: new DerInteger(30), millis: null, micros: null);
                var serviceOptions = new TimestampServiceOptions()
                {
                    Accuracy = accuracy
                };
                TimestampService        timestampService = TimestampService.Create(ca, serviceOptions);
                AsymmetricCipherKeyPair keyPair          = SigningTestUtility.GenerateKeyPair(publicKeyLength: 2048);
                DateTimeOffset          now = DateTimeOffset.UtcNow;
                var issueOptions            = new IssueCertificateOptions()
                {
                    KeyPair     = keyPair,
                    NotAfter    = now.AddSeconds(10),
                    NotBefore   = now.AddSeconds(-2),
                    SubjectName = new X509Name("CN=NuGet Test Expired Certificate")
                };
                BcX509Certificate bcCertificate = ca.IssueCertificate(issueOptions);

                using (testServer.RegisterResponder(timestampService))
                    using (TestDirectory directory = TestDirectory.Create())
                        using (X509Certificate2 certificate = CertificateUtilities.GetCertificateWithPrivateKey(bcCertificate, keyPair))
                        {
                            var    packageContext    = new SimpleTestPackageContext();
                            string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
                                certificate,
                                packageContext,
                                directory,
                                timestampService.Url);

                            await SignatureTestUtility.WaitForCertificateExpirationAsync(certificate);

                            var verifier = new PackageSignatureVerifier(_trustProviders);

                            using (var packageReader = new PackageArchiveReader(signedPackagePath))
                            {
                                VerifySignaturesResult results = await verifier.VerifySignaturesAsync(packageReader, _verifyCommandSettings, CancellationToken.None);

                                PackageVerificationResult result = results.Results.Single();

                                Assert.False(results.IsValid);
                                Assert.Equal(SignatureVerificationStatus.Disallowed, result.Trust);
                                Assert.Equal(1, result.Issues.Count(issue => issue.Level == LogLevel.Error));
                                Assert.Equal(0, result.Issues.Count(issue => issue.Level == LogLevel.Warning));

                                Assert.Contains(result.Issues, issue =>
                                                issue.Code == NuGetLogCode.NU3037 &&
                                                issue.Level == LogLevel.Error &&
                                                issue.Message.Contains("validity period has expired."));
                            }
                        }
            }

Esempio n. 6

0

Mostra file

File: SignatureUtilityTests.cs Progetto: workgroupengineering/NuGet.Client

        public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain(
            SigningCertificateUsage signingCertificateUsage)
        {
            ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync();

            CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();

            var options = new TimestampServiceOptions()
            {
                SigningCertificateUsage  = signingCertificateUsage,
                SigningCertificateV1Hash = new byte[SHA1HashLength]
            };
            TimestampService timestampService = TimestampService.Create(rootCa, options);

            using (testServer.RegisterResponder(timestampService))
            {
                var nupkg = new SimpleTestPackageContext();

                using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert))
                    using (var directory = TestDirectory.Create())
                    {
                        var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
                            certificate,
                            nupkg,
                            directory,
                            timestampService.Url);

                        using (FileStream stream = File.OpenRead(signedPackagePath))
                            using (var reader = new PackageArchiveReader(stream))
                            {
                                PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None);

                                using (IX509CertificateChain actualChain = SignatureUtility.GetTimestampCertificateChain(signature))
                                {
                                    Assert.NotEmpty(actualChain);

                                    IReadOnlyList <Org.BouncyCastle.X509.X509Certificate> expectedChain = GetExpectedCertificateChain(timestampService);

                                    Assert.Equal(expectedChain.Count, actualChain.Count);

                                    for (var i = 0; i < expectedChain.Count; ++i)
                                    {
                                        Org.BouncyCastle.X509.X509Certificate expectedCertificate = expectedChain[i];
                                        X509Certificate2 actualCertificate = actualChain[i];

                                        Assert.True(
                                            expectedCertificate.GetEncoded().SequenceEqual(actualCertificate.RawData),
                                            $"The certificate at index {i} in the chain is unexpected.");
                                    }
                                }
                            }
                    }
            }
        }

Esempio n. 7

0

Mostra file

File: ExtensionMethods.cs Progetto: nikhgup/NuGet.Jobs

        public static DisposableList <IDisposable> RegisterRespondersForEntireChain(
            this ISigningTestServer testServer,
            CertificateAuthority ca,
            bool addCa   = true,
            bool addOcsp = true)
        {
            var responders = new DisposableList <IDisposable>();
            var currentCa  = ca;

            while (currentCa != null)
            {
                responders.AddRange(testServer.RegisterResponders(currentCa, addCa, addOcsp));

                currentCa = currentCa.Parent;
            }

            return(responders);
        }

Esempio n. 8

0

Mostra file

        public static DisposableList <IDisposable> RegisterDefaultResponders(
            this ISigningTestServer testServer,
            TimestampService timestampService)
        {
            var responders = new DisposableList <IDisposable>();
            var ca         = timestampService.CertificateAuthority;

            while (ca != null)
            {
                responders.Add(testServer.RegisterResponder(ca));
                responders.Add(testServer.RegisterResponder(ca.OcspResponder));

                ca = ca.Parent;
            }

            responders.Add(testServer.RegisterResponder(timestampService));

            return(responders);
        }

Esempio n. 9

0

Mostra file

File: DotnetSignTests.cs Progetto: NuGet/NuGet.Client

        public async Task DotnetSign_SignPackageWithUnsuportedTimestampHashAlgorithm_FailsAsync()
        {
            // Arrange
            using (SimpleTestPathContext pathContext = _msbuildFixture.CreateSimpleTestPathContext())
            {
                await SimpleTestPackageUtility.CreatePackagesAsync(
                    pathContext.PackageSource,
                    new SimpleTestPackageContext("PackageA", "1.0.0"));

                string packageFilePath = Path.Combine(pathContext.PackageSource, "PackageA.1.0.0.nupkg");
                byte[] originalFile    = File.ReadAllBytes(packageFilePath);

                ISigningTestServer testServer = await _signFixture.GetSigningTestServerAsync();

                CertificateAuthority certificateAuthority = await _signFixture.GetDefaultTrustedCertificateAuthorityAsync();

                var options = new TimestampServiceOptions()
                {
                    SignatureHashAlgorithm = new Oid(Oids.Sha1)
                };
                TimestampService      timestampService = TimestampService.Create(certificateAuthority, options);
                IX509StoreCertificate storeCertificate = _signFixture.UntrustedSelfIssuedCertificateInCertificateStore;

                using (testServer.RegisterResponder(timestampService))
                {
                    // Act
                    CommandRunnerResult result = _msbuildFixture.RunDotnet(
                        pathContext.PackageSource,
                        $"nuget sign {packageFilePath} " +
                        $"--certificate-fingerprint {storeCertificate.Certificate.Thumbprint} " +
                        $"--timestamper {timestampService.Url}",
                        ignoreExitCode: true);

                    // Assert
                    result.Success.Should().BeFalse(because: result.AllOutput);
                    result.AllOutput.Should().Contain(_timestampUnsupportedDigestAlgorithmCode);
                    Assert.Contains("The timestamp signature has an unsupported digest algorithm (SHA1). The following algorithms are supported: SHA256, SHA384, SHA512.", result.AllOutput);

                    byte[] resultingFile = File.ReadAllBytes(packageFilePath);
                    Assert.Equal(resultingFile, originalFile);
                }
            }
        }

Esempio n. 10

0

Mostra file

File: ExtensionMethods.cs Progetto: nikhgup/NuGet.Jobs

        public static DisposableList <IDisposable> RegisterRespondersForTimestampServiceAndEntireChain(
            this ISigningTestServer testServer,
            TimestampService timestampService,
            bool addCa          = true,
            bool addOcsp        = true,
            bool addTimestamper = true)
        {
            var responders = testServer.RegisterRespondersForEntireChain(
                timestampService.CertificateAuthority,
                addCa,
                addOcsp);

            if (addTimestamper)
            {
                responders.Add(testServer.RegisterResponder(timestampService));
            }

            return(responders);
        }

Esempio n. 11

0

Mostra file

File: SignatureUtilityTests.cs Progetto: workgroupengineering/NuGet.Client

        public async Task GetTimestampCertificateChain_WithShortEssCertIdCertificateHash_Throws(
            SigningCertificateUsage signingCertificateUsage)
        {
            ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync();

            CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();

            var options = new TimestampServiceOptions()
            {
                SigningCertificateUsage  = signingCertificateUsage,
                SigningCertificateV1Hash = new byte[SHA1HashLength - 1]
            };
            TimestampService timestampService = TimestampService.Create(rootCa, options);

            using (testServer.RegisterResponder(timestampService))
            {
                var nupkg = new SimpleTestPackageContext();

                using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert))
                    using (var directory = TestDirectory.Create())
                    {
                        var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
                            certificate,
                            nupkg,
                            directory,
                            timestampService.Url);

                        using (FileStream stream = File.OpenRead(signedPackagePath))
                            using (var reader = new PackageArchiveReader(stream))
                            {
                                PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None);

                                var exception = Assert.Throws <SignatureException>(
                                    () => SignatureUtility.GetTimestampCertificateChain(signature));

                                Assert.Equal(
                                    "A certificate referenced by the signing-certificate attribute could not be found.",
                                    exception.Message);
                            }
                    }
            }
        }

Esempio n. 12

0

Mostra file

File: ExtensionMethods.cs Progetto: nikhgup/NuGet.Jobs

        public static DisposableList <IDisposable> RegisterResponders(
            this ISigningTestServer testServer,
            CertificateAuthority ca,
            bool addCa   = true,
            bool addOcsp = true)
        {
            var responders = new DisposableList <IDisposable>();

            if (addCa)
            {
                responders.Add(testServer.RegisterResponder(ca));
            }

            if (addOcsp)
            {
                responders.Add(testServer.RegisterResponder(ca.OcspResponder));
            }

            return(responders);
        }

Esempio n. 13

0

Mostra file

        private CertificateAuthority CreateOfflineRevocationCA(ISigningTestServer testServer, DisposableList <IDisposable> responders)
        {
            var rootCa         = CertificateAuthority.Create(testServer.Url);
            var intermediateCa = rootCa.CreateIntermediateCertificateAuthority();

            var rootCertificate = new X509Certificate2(rootCa.Certificate.GetEncoded());

            var trustedServerRoot = TrustedTestCert.Create(
                rootCertificate,
                StoreName.Root,
                StoreLocation.LocalMachine);

            var ca = intermediateCa;

            while (ca != null)
            {
                responders.Add(testServer.RegisterResponder(ca));

                ca = ca.Parent;
            }

            return(intermediateCa);
        }

Esempio n. 14

0

Mostra file

File: CrossFrameworkVerificationTest.cs Progetto: workgroupengineering/NuGet.Client

        public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain(
            SigningCertificateUsage signingCertificateUsage)
        {
            ISigningTestServer testServer = await _testFixture.GetSigningTestServerAsync();

            CertificateAuthority rootCa = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();

            var options = new TimestampServiceOptions()
            {
                SigningCertificateUsage  = signingCertificateUsage,
                SigningCertificateV1Hash = new byte[SHA1HashLength]
            };
            TimestampService timestampService = TimestampService.Create(rootCa, options);

            using (testServer.RegisterResponder(timestampService))
            {
                var nupkg = new SimpleTestPackageContext();

                using (var certificate = new X509Certificate2(_testFixture.TrustedTestCertificate.Source.Cert))
                    using (TestDirectory directory = TestDirectory.Create())
                    {
                        string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
                            certificate,
                            nupkg,
                            directory,
                            timestampService.Url);

                        // Act
                        CommandRunnerResult result = RunVerifyCommand(signedPackagePath);

                        // Assert
                        result.Success.Should().BeTrue(because: result.AllOutput);
                        result.AllOutput.Should().Contain(_successfullyVerified);
                        Regex.Matches(result.AllOutput, _noTimestamperWarning).Count.Should().Be(0);
                    }
            }
        }

Esempi in C# (CSharp) per ISigningTestServer