public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs)
{
if (verifyArgs.Verifications.Count == 0)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported));
return(FailureCode);
}
var errorCount = 0;
if (ShouldExecuteVerification(verifyArgs, Verification.Signatures))
{
var packagesToVerify = LocalFolderUtility.ResolvePackageFromPath(verifyArgs.PackagePath);
LocalFolderUtility.EnsurePackageFileExists(verifyArgs.PackagePath, packagesToVerify);
var verificationProviders = SignatureVerificationProviderFactory.GetSignatureVerificationProviders();
var verifier = new PackageSignatureVerifier(verificationProviders, SignedPackageVerifierSettings.VerifyCommandDefaultPolicy);
foreach (var package in packagesToVerify)
{
try
{
errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier);
}
catch (InvalidDataException e)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package));
ExceptionUtilities.LogException(e, verifyArgs.Logger);
}
}
}
return(errorCount == 0 ? SuccessCode : FailureCode);
}
private async Task PushPackage(string packagePath,
string source,
string apiKey,
bool noServiceEndpoint,
TimeSpan requestTimeout,
ILogger log,
CancellationToken token)
{
var sourceUri = UriUtility.CreateSourceUri(source);
if (string.IsNullOrEmpty(apiKey) && !sourceUri.IsFile)
{
log.LogWarning(string.Format(CultureInfo.CurrentCulture,
Strings.NoApiKeyFound,
GetSourceDisplayName(source)));
}
var packagesToPush = LocalFolderUtility.ResolvePackageFromPath(packagePath);
LocalFolderUtility.EnsurePackageFileExists(packagePath, packagesToPush);
foreach (var packageToPush in packagesToPush)
{
await PushPackageCore(source, apiKey, packageToPush, noServiceEndpoint, requestTimeout, log, token);
}
}
private async Task PushPackage(string packagePath,
string source,
string apiKey,
bool noServiceEndpoint,
bool skipDuplicate,
TimeSpan requestTimeout,
ILogger log,
CancellationToken token)
{
var nupkgsToPush = LocalFolderUtility.ResolvePackageFromPath(packagePath, isSnupkg: false);
if (!(nupkgsToPush != null && nupkgsToPush.Any()))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
Strings.UnableToFindFile,
packagePath));
}
var sourceUri = UriUtility.CreateSourceUri(source);
if (string.IsNullOrEmpty(apiKey) && !sourceUri.IsFile)
{
log.LogWarning(string.Format(CultureInfo.CurrentCulture,
Strings.NoApiKeyFound,
GetSourceDisplayName(source)));
}
await PushAll(source, apiKey, noServiceEndpoint, skipDuplicate, requestTimeout, log, packagesToPush : nupkgsToPush, token);
}
protected IEnumerable <string> GetPackages()
{
// resolve path into multiple packages if needed.
var packagesToSign = LocalFolderUtility.ResolvePackageFromPath(Arguments[0]);
LocalFolderUtility.EnsurePackageFileExists(Arguments[0], packagesToSign);
return(packagesToSign);
}
public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs)
{
if (verifyArgs.Verifications.Count == 0)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported));
return(FailureCode);
}
var errorCount = 0;
if (ShouldExecuteVerification(verifyArgs, Verification.Signatures))
{
var packagesToVerify = verifyArgs.PackagePaths.SelectMany(packagePath =>
{
var packages = LocalFolderUtility.ResolvePackageFromPath(packagePath);
LocalFolderUtility.EnsurePackageFileExists(packagePath, packages);
return(packages);
});
var allowListEntries = verifyArgs.CertificateFingerprint.Select(fingerprint =>
new CertificateHashAllowListEntry(
VerificationTarget.Author | VerificationTarget.Repository,
SignaturePlacement.PrimarySignature,
fingerprint,
_defaultFingerprintAlgorithm)).ToList();
var verifierSettings = SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy();
var verificationProviders = new List <ISignatureVerificationProvider>()
{
new IntegrityVerificationProvider(),
new SignatureTrustAndValidityVerificationProvider()
};
verificationProviders.Add(
new AllowListVerificationProvider(
allowListEntries,
requireNonEmptyAllowList: false,
noMatchErrorMessage: Strings.Error_NoMatchingCertificate));
var verifier = new PackageSignatureVerifier(verificationProviders);
foreach (var package in packagesToVerify)
{
try
{
errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier, verifierSettings);
}
catch (InvalidDataException e)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package));
ExceptionUtilities.LogException(e, verifyArgs.Logger);
}
}
}
return(errorCount == 0 ? SuccessCode : FailureCode);
}
public async Task <int> ExecuteCommandAsync(SignArgs signArgs)
{
// resolve path into multiple packages if needed.
IEnumerable <string> packagesToSign = signArgs.PackagePaths.SelectMany(packagePath =>
{
IEnumerable <string> packages = LocalFolderUtility.ResolvePackageFromPath(packagePath);
LocalFolderUtility.EnsurePackageFileExists(packagePath, packages);
return(packages);
});
var success = true;
X509Certificate2 cert = null;
try
{
cert = await GetCertificateAsync(signArgs);
}
catch (Exception e)
{
success = false;
ExceptionUtilities.LogException(e, signArgs.Logger);
}
if (success)
{
signArgs.Logger.LogInformation(Environment.NewLine);
signArgs.Logger.LogInformation(Strings.SignCommandDisplayCertificate);
signArgs.Logger.LogInformation(CertificateUtility.X509Certificate2ToString(cert, HashAlgorithmName.SHA256));
if (!string.IsNullOrEmpty(signArgs.Timestamper))
{
signArgs.Logger.LogInformation(Strings.SignCommandDisplayTimestamper);
signArgs.Logger.LogInformation(signArgs.Timestamper);
}
if (!string.IsNullOrEmpty(signArgs.OutputDirectory))
{
signArgs.Logger.LogInformation(Strings.SignCommandOutputPath);
signArgs.Logger.LogInformation(signArgs.OutputDirectory);
}
using (var signRequest = new AuthorSignPackageRequest(cert, signArgs.SignatureHashAlgorithm, signArgs.TimestampHashAlgorithm))
{
return(await ExecuteCommandAsync(
packagesToSign,
signRequest,
signArgs.Timestamper,
signArgs.Logger,
signArgs.OutputDirectory,
signArgs.Overwrite,
signArgs.Token));
}
}
return(success ? 0 : 1);
}
public async Task <bool> SignAsync(string packagePath, string outputPath, string timestampUrl, Uri v3ServiceIndex, IReadOnlyList <string> packageOwners,
SignatureType signatureType, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm,
bool overwrite, X509Certificate2 publicCertificate, System.Security.Cryptography.RSA rsa, CancellationToken cancellationToken = default)
{
var packagesToSign = LocalFolderUtility.ResolvePackageFromPath(packagePath);
var signatureProvider = new KeyVaultSignatureProvider(rsa, new Rfc3161TimestampProvider(new Uri(timestampUrl)));
SignPackageRequest request = null;
if (signatureType == SignatureType.Author)
{
request = new AuthorSignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm);
}
else if (signatureType == SignatureType.Repository)
{
request = new RepositorySignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm, v3ServiceIndex, packageOwners);
}
else
{
throw new ArgumentOutOfRangeException(nameof(signatureType));
}
string originalPackageCopyPath = null;
foreach (var package in packagesToSign)
{
cancellationToken.ThrowIfCancellationRequested();
logger.LogInformation($"{nameof(SignAsync)} [{package}]: Begin Signing {Path.GetFileName(package)}");
try
{
originalPackageCopyPath = CopyPackage(package);
using var options = SigningOptions.CreateFromFilePaths(originalPackageCopyPath, outputPath, overwrite, signatureProvider, new NuGetLogger(logger, package));
await SigningUtility.SignAsync(options, request, cancellationToken);
}
catch (Exception e)
{
logger.LogError(e, e.Message);
return(false);
}
finally
{
try
{
FileUtility.Delete(originalPackageCopyPath);
}
catch
{
}
logger.LogInformation($"{nameof(SignAsync)} [{package}]: End Signing {Path.GetFileName(package)}");
}
}
return(true);
}
private async Task PushSymbolsPath(string packagePath,
string symbolSource,
string apiKey,
bool noServiceEndpoint,
bool skipDuplicate,
SymbolPackageUpdateResourceV3 symbolPackageUpdateResource,
TimeSpan requestTimeout,
ILogger log,
bool explicitSymbolsPush,
CancellationToken token)
{
bool isSymbolEndpointSnupkgCapable = symbolPackageUpdateResource != null;
// Get the symbol package for this package
string symbolPackagePath = GetSymbolsPath(packagePath, isSymbolEndpointSnupkgCapable);
IEnumerable <string> symbolsToPush = LocalFolderUtility.ResolvePackageFromPath(symbolPackagePath, isSnupkg: isSymbolEndpointSnupkgCapable);
bool symbolsPathResolved = symbolsToPush != null && symbolsToPush.Any();
//No files were resolved.
if (!symbolsPathResolved)
{
if (explicitSymbolsPush)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
Strings.UnableToFindFile,
packagePath));
}
}
else
{
Uri symbolSourceUri = UriUtility.CreateSourceUri(symbolSource);
// See if the api key exists
if (string.IsNullOrEmpty(apiKey) && !symbolSourceUri.IsFile)
{
log.LogWarning(string.Format(CultureInfo.CurrentCulture,
Strings.Warning_SymbolServerNotConfigured,
Path.GetFileName(symbolPackagePath),
Strings.DefaultSymbolServer));
}
foreach (string packageToPush in symbolsToPush)
{
await PushPackageCore(symbolSource, apiKey, packageToPush, noServiceEndpoint, skipDuplicate, requestTimeout, log, token);
}
}
}
public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs)
{
if (verifyArgs.Verifications.Count == 0)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported));
return(FailureCode);
}
var errorCount = 0;
if (ShouldExecuteVerification(verifyArgs, Verification.Signatures))
{
var packagesToVerify = LocalFolderUtility.ResolvePackageFromPath(verifyArgs.PackagePath);
LocalFolderUtility.EnsurePackageFileExists(verifyArgs.PackagePath, packagesToVerify);
var allowListEntries = verifyArgs.CertificateFingerprint.Select(fingerprint =>
new CertificateHashAllowListEntry(
VerificationTarget.Author | VerificationTarget.Repository,
SignaturePlacement.PrimarySignature,
fingerprint,
_defaultFingerprintAlgorithm)).ToList();
var verifierSettings = SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(clientAllowListEntries: allowListEntries);
var verificationProviders = SignatureVerificationProviderFactory.GetSignatureVerificationProviders();
var verifier = new PackageSignatureVerifier(verificationProviders);
foreach (var package in packagesToVerify)
{
try
{
errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier, verifierSettings);
}
catch (InvalidDataException e)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package));
ExceptionUtilities.LogException(e, verifyArgs.Logger);
}
}
}
return(errorCount == 0 ? SuccessCode : FailureCode);
}
public async Task <int> ExecuteCommandAsync(SignArgs signArgs)
{
// resolve path into multiple packages if needed.
var packagesToSign = LocalFolderUtility.ResolvePackageFromPath(signArgs.PackagePath);
LocalFolderUtility.EnsurePackageFileExists(signArgs.PackagePath, packagesToSign);
var cert = await GetCertificateAsync(signArgs);
signArgs.Logger.LogInformation(Environment.NewLine);
signArgs.Logger.LogInformation(Strings.SignCommandDisplayCertificate);
signArgs.Logger.LogInformation(CertificateUtility.X509Certificate2ToString(cert, HashAlgorithmName.SHA256));
if (!string.IsNullOrEmpty(signArgs.Timestamper))
{
signArgs.Logger.LogInformation(Strings.SignCommandDisplayTimestamper);
signArgs.Logger.LogInformation(signArgs.Timestamper);
}
if (!string.IsNullOrEmpty(signArgs.OutputDirectory))
{
signArgs.Logger.LogInformation(Strings.SignCommandOutputPath);
signArgs.Logger.LogInformation(signArgs.OutputDirectory);
}
using (var signRequest = GenerateSignPackageRequest(signArgs, cert))
{
return(await ExecuteCommandAsync(
packagesToSign,
signRequest,
signArgs.Timestamper,
signArgs.Logger,
signArgs.OutputDirectory,
signArgs.Overwrite,
signArgs.Token));
}
}
/// <summary>
/// Push nupkgs, and if successful, push any corresponding symbols.
/// </summary>
/// <exception cref="ArgumentException">Thrown when any resolved file path does not exist.</exception>
private async Task PushPackagePath(string packagePath,
string source,
string symbolSource, // empty to not push symbols
string apiKey,
Func <string, string> getSymbolApiKey,
bool noServiceEndpoint,
bool skipDuplicate,
SymbolPackageUpdateResourceV3 symbolPackageUpdateResource,
TimeSpan requestTimeout,
ILogger log,
CancellationToken token)
{
IEnumerable <string> nupkgsToPush = LocalFolderUtility.ResolvePackageFromPath(packagePath, isSnupkg: false);
bool alreadyWarnedSymbolServerNotConfigured = false;
if (!(nupkgsToPush != null && nupkgsToPush.Any()))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
Strings.UnableToFindFile,
packagePath));
}
Uri packageSourceUri = UriUtility.CreateSourceUri(source);
if (string.IsNullOrEmpty(apiKey) && !packageSourceUri.IsFile)
{
log.LogWarning(string.Format(CultureInfo.CurrentCulture,
Strings.NoApiKeyFound,
GetSourceDisplayName(source)));
}
foreach (string nupkgToPush in nupkgsToPush)
{
bool packageWasPushed = await PushPackageCore(source, apiKey, nupkgToPush, noServiceEndpoint, skipDuplicate, requestTimeout, log, token);
// Push corresponding symbols, if successful.
if (packageWasPushed && !string.IsNullOrEmpty(symbolSource))
{
bool isSymbolEndpointSnupkgCapable = symbolPackageUpdateResource != null;
string symbolPackagePath = GetSymbolsPath(nupkgToPush, isSnupkg: isSymbolEndpointSnupkgCapable);
// There may not be a snupkg with the same filename. Ignore it since this isn't an explicit snupkg push.
if (!File.Exists(symbolPackagePath))
{
continue;
}
if (!alreadyWarnedSymbolServerNotConfigured)
{
Uri symbolSourceUri = UriUtility.CreateSourceUri(symbolSource);
// See if the api key exists
if (string.IsNullOrEmpty(apiKey) && !symbolSourceUri.IsFile)
{
log.LogWarning(string.Format(CultureInfo.CurrentCulture,
Strings.Warning_SymbolServerNotConfigured,
Path.GetFileName(symbolPackagePath),
Strings.DefaultSymbolServer));
alreadyWarnedSymbolServerNotConfigured = true;
}
}
string symbolApiKey = getSymbolApiKey(symbolSource);
await PushPackageCore(symbolSource, symbolApiKey, symbolPackagePath, noServiceEndpoint, skipDuplicate, requestTimeout, log, token);
}
}
}
public async Task <int> ExecuteCommandAsync(VerifyArgs verifyArgs)
{
if (verifyArgs.Verifications.Count == 0)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_VerificationTypeNotSupported));
return(FailureCode);
}
var errorCount = 0;
if (ShouldExecuteVerification(verifyArgs, Verification.Signatures))
{
if (!IsSignatureVerifyCommandSupported())
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_NotSupported));
return(FailureCode);
}
var packagesToVerify = verifyArgs.PackagePaths.SelectMany(packagePath =>
{
var packages = LocalFolderUtility.ResolvePackageFromPath(packagePath);
LocalFolderUtility.EnsurePackageFileExists(packagePath, packages);
return(packages);
});
ClientPolicyContext clientPolicyContext = ClientPolicyContext.GetClientPolicy(verifyArgs.Settings, verifyArgs.Logger);
// List of values passed through --certificate-fingerprint option read
var allowListEntries = verifyArgs.CertificateFingerprint.Select(fingerprint =>
new CertificateHashAllowListEntry(
VerificationTarget.Author | VerificationTarget.Repository,
SignaturePlacement.PrimarySignature,
fingerprint,
_defaultFingerprintAlgorithm)).ToList();
var verifierSettings = SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy();
var verificationProviders = new List <ISignatureVerificationProvider>()
{
new IntegrityVerificationProvider()
};
// trustedSigners section >> Owners are considered here.
verificationProviders.Add(
new AllowListVerificationProvider(
clientPolicyContext.AllowList,
requireNonEmptyAllowList: clientPolicyContext.Policy == SignatureValidationMode.Require,
emptyListErrorMessage: Strings.Error_NoClientAllowList,
noMatchErrorMessage: Strings.Error_NoMatchingClientCertificate));
IEnumerable <KeyValuePair <string, HashAlgorithmName> > trustedSignerAllowUntrustedRootList = clientPolicyContext.AllowList?
.Where(c => c.AllowUntrustedRoot)
.Select(c => new KeyValuePair <string, HashAlgorithmName>(c.Fingerprint, c.FingerprintAlgorithm));
// trustedSigners section >> allowUntrustedRoot set true are considered here.
verificationProviders.Add(new SignatureTrustAndValidityVerificationProvider(trustedSignerAllowUntrustedRootList));
// List of values passed through --certificate-fingerprint option are considered here.
verificationProviders.Add(
new AllowListVerificationProvider(
allowListEntries,
requireNonEmptyAllowList: false,
noMatchErrorMessage: Strings.Error_NoMatchingCertificate));
var verifier = new PackageSignatureVerifier(verificationProviders);
foreach (var package in packagesToVerify)
{
try
{
errorCount += await VerifySignatureForPackageAsync(package, verifyArgs.Logger, verifier, verifierSettings);
}
catch (InvalidDataException e)
{
verifyArgs.Logger.LogError(string.Format(CultureInfo.CurrentCulture, Strings.VerifyCommand_PackageIsNotValid, package));
ExceptionUtilities.LogException(e, verifyArgs.Logger);
}
}
}
return(errorCount == 0 ? SuccessCode : FailureCode);
}
public async Task <int> ExecuteCommandAsync(TrustedSignersArgs trustedSignersArgs)
{
var logger = trustedSignersArgs.Logger ?? NullLogger.Instance;
var actionsProvider = new TrustedSignerActionsProvider(_trustedSignersProvider, logger);
switch (trustedSignersArgs.Action)
{
case TrustedSignersAction.List:
ValidateListArguments(trustedSignersArgs);
await ListAllTrustedSignersAsync(logger);
break;
case TrustedSignersAction.Add:
ValidateNameExists(trustedSignersArgs.Name);
var isPackagePathProvided = !string.IsNullOrEmpty(trustedSignersArgs.PackagePath);
var isServiceIndexProvided = !string.IsNullOrEmpty(trustedSignersArgs.ServiceIndex);
var isFingerprintProvided = !string.IsNullOrEmpty(trustedSignersArgs.CertificateFingerprint);
var isAlgorithmProvided = !string.IsNullOrEmpty(trustedSignersArgs.FingerprintAlgorithm);
if (isPackagePathProvided)
{
#if IS_DESKTOP
if (isServiceIndexProvided || isFingerprintProvided || isAlgorithmProvided)
{
throw new CommandLineArgumentCombinationException(string.Format(CultureInfo.CurrentCulture, Strings.Error_CouldNotAdd, Strings.Error_InvalidCombinationOfArguments));
}
if (!(trustedSignersArgs.Repository ^ trustedSignersArgs.Author))
{
throw new CommandLineArgumentCombinationException(string.Format(CultureInfo.CurrentCulture, Strings.Error_NoSignatureTrustedForPackage, trustedSignersArgs.PackagePath));
}
var trustTarget = VerificationTarget.None;
if (trustedSignersArgs.Author)
{
if (!trustedSignersArgs.Repository && trustedSignersArgs.Owners != null && trustedSignersArgs.Owners.Any())
{
throw new CommandLineArgumentCombinationException(Strings.Error_CannotTrustOwnersForAuthor);
}
trustTarget |= VerificationTarget.Author;
}
if (trustedSignersArgs.Repository)
{
trustTarget |= VerificationTarget.Repository;
}
if (trustTarget == VerificationTarget.None)
{
trustTarget = VerificationTarget.Unknown;
}
var packagesToTrust = LocalFolderUtility.ResolvePackageFromPath(trustedSignersArgs.PackagePath);
LocalFolderUtility.EnsurePackageFileExists(trustedSignersArgs.PackagePath, packagesToTrust);
foreach (var package in packagesToTrust)
{
using (var packageReader = new PackageArchiveReader(package))
{
await actionsProvider.AddTrustedSignerAsync(
trustedSignersArgs.Name,
packageReader,
trustTarget,
trustedSignersArgs.AllowUntrustedRoot,
trustedSignersArgs.Owners,
CancellationToken.None);
}
}
break;
#else
throw new NotSupportedException();
#endif
}
if (isServiceIndexProvided)
{
if (isFingerprintProvided || isAlgorithmProvided || trustedSignersArgs.Author || trustedSignersArgs.Repository)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Strings.Error_CouldNotAdd, Strings.Error_InvalidCombinationOfArguments));
}
var serviceIndex = ValidateAndParseV3ServiceIndexUrl(trustedSignersArgs.ServiceIndex);
await actionsProvider.AddTrustedRepositoryAsync(
trustedSignersArgs.Name,
serviceIndex,
trustedSignersArgs.Owners,
CancellationToken.None);
break;
}
if (isFingerprintProvided)
{
if (trustedSignersArgs.Owners != null && trustedSignersArgs.Owners.Any())
{
throw new ArgumentException(Strings.Error_CannotTrustOwnersForAuthor);
}
var hashAlgorithm = ValidateAndParseFingerprintAlgorithm(trustedSignersArgs.FingerprintAlgorithm);
actionsProvider.AddOrUpdateTrustedSigner(
trustedSignersArgs.Name,
trustedSignersArgs.CertificateFingerprint,
hashAlgorithm,
trustedSignersArgs.AllowUntrustedRoot);
break;
}
if (isAlgorithmProvided || trustedSignersArgs.Author || trustedSignersArgs.Repository)
{
throw new CommandLineArgumentCombinationException(string.Format(CultureInfo.CurrentCulture, Strings.Error_CouldNotAdd, Strings.Error_InvalidCombinationOfArguments));
}
if (_packageSourceProvider == null)
{
throw new ArgumentException(Strings.Error_NoSourcesInformation);
}
var packageSource = _packageSourceProvider.GetPackageSourceByName(trustedSignersArgs.Name);
if (packageSource == null || string.IsNullOrEmpty(packageSource.Source))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Strings.Error_UnavailableSource, trustedSignersArgs.Name));
}
var sourceServiceIndex = ValidateAndParseV3ServiceIndexUrl(packageSource.Source);
await actionsProvider.AddTrustedRepositoryAsync(
trustedSignersArgs.Name,
sourceServiceIndex,
trustedSignersArgs.Owners,
CancellationToken.None);
break;
case TrustedSignersAction.Remove:
ValidateRemoveArguments(trustedSignersArgs);
await RemoveTrustedSignerAsync(trustedSignersArgs.Name, logger);
break;
case TrustedSignersAction.Sync:
ValidateSyncArguments(trustedSignersArgs);
await actionsProvider.SyncTrustedRepositoryAsync(trustedSignersArgs.Name, CancellationToken.None);
break;
}
return(SuccessCode);
}
public async Task <bool> VerifyAsync(string file, StringBuilder buffer)
{
if (file == null)
{
throw new ArgumentNullException(nameof(file));
}
if (buffer == null)
{
throw new ArgumentNullException(nameof(buffer));
}
var trustProviders = new ISignatureVerificationProvider[]
{
new IntegrityVerificationProvider(),
new SignatureTrustAndValidityVerificationProvider()
};
var verifier = new PackageSignatureVerifier(trustProviders);
var allPackagesVerified = true;
try
{
var result = 0;
var packagesToVerify = LocalFolderUtility.ResolvePackageFromPath(file);
foreach (var packageFile in packagesToVerify)
{
using var package = new PackageArchiveReader(packageFile);
var verificationResult = await verifier.VerifySignaturesAsync(package, SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(), CancellationToken.None);
if (verificationResult.IsValid)
{
allPackagesVerified = true;
}
else
{
var logMessages = verificationResult.Results.SelectMany(p => p.Issues).Select(p => p.AsRestoreLogMessage()).ToList();
foreach (var msg in logMessages)
{
buffer.AppendLine(msg.Message);
}
if (logMessages.Any(m => m.Level >= NuGet.Common.LogLevel.Warning))
{
var errors = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Error).Count();
var warnings = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Warning).Count();
buffer.AppendLine($"Finished with {errors} errors and {warnings} warnings.");
result = errors;
}
allPackagesVerified = false;
}
}
}
catch (Exception e)
{
logger.LogError(e, e.Message);
return(false);
}
return(allPackagesVerified);
}
