public void GetAuthorSignRequest_InvalidCertificateFile()
{
var mockConsole = new Mock <IConsole>();
var timestampUri = "http://timestamp.test/url";
// Arrange
using (var dir = TestDirectory.Create())
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var signCommand = new MSSignCommand
{
Console = mockConsole.Object,
Timestamper = timestampUri,
CertificateFile = Path.Combine(dir, "non-existant-cert.pfx"),
CSPName = test.CertificateCSPName,
KeyContainer = test.CertificateKeyContainer,
CertificateFingerprint = test.Cert.Thumbprint,
};
signCommand.Arguments.Add(Path.Combine(dir, "package.nupkg"));
// Act & Assert
var ex = Assert.Throws <CryptographicException>(() => signCommand.GetAuthorSignRequest());
Assert.Contains("The system cannot find the file specified.", ex.Message);
}
}
public void GetAuthorSignRequest_InvalidKeyContainer()
{
var mockConsole = new Mock <IConsole>();
var timestampUri = "http://timestamp.test/url";
// Arrange
using (var dir = TestDirectory.Create())
using (var test = new MSSignCommandTestContext(_trustedTestCertWithoutPrivateKey.TrustedCert, exportPfx: false))
{
var signCommand = new MSSignCommand
{
Console = mockConsole.Object,
Timestamper = timestampUri,
CertificateFile = test.CertificatePath,
CSPName = test.CertificateCSPName,
KeyContainer = "invalid-key-container",
CertificateFingerprint = test.Cert.Thumbprint,
};
signCommand.Arguments.Add(Path.Combine(dir, "package.nupkg"));
// Act & Assert
var ex = Assert.Throws <InvalidOperationException>(() => signCommand.GetAuthorSignRequest());
Assert.Equal("Can't find cng key.", ex.Message);
}
}
public async Task MSSignCommand_ResignPackageWithoutOverwriteFailsAsync()
{
var package = new SimpleTestPackageContext();
// Arrange
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString());
var command = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}";
var result = CommandRunner.Run(
_nugetExePath,
test.Directory,
command,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result = CommandRunner.Run(
_nugetExePath,
test.Directory,
command,
waitForExit: true);
result.Success.Should().BeFalse();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result.Errors.Should().Contain("NU3001: The package already contains a signature. Please remove the existing signature before adding a new signature.");
}
}
public async Task MSSignCommand_ResignPackageWithOverwriteSuccessAsync()
{
var package = new SimpleTestPackageContext();
// Arrange
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString());
var command = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}";
var commandWithOverwrite = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -Overwrite";
var result = CommandRunner.Run(
_nugetExePath,
test.Directory,
command,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result = CommandRunner.Run(
_nugetExePath,
test.Directory,
commandWithOverwrite,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
}
}
public void GetAuthorSignRequest_Success()
{
var mockConsole = new Mock <IConsole>();
var timestampUri = "http://timestamp.test/url";
// Arrange
using (var dir = TestDirectory.Create())
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var signCommand = new MSSignCommand
{
Console = mockConsole.Object,
Timestamper = timestampUri,
CertificateFile = test.CertificatePath,
CSPName = test.CertificateCSPName,
KeyContainer = test.CertificateKeyContainer,
CertificateFingerprint = test.Cert.Thumbprint,
};
signCommand.Arguments.Add(Path.Combine(dir, "package.nupkg"));
// Act
var signRequest = signCommand.GetAuthorSignRequest();
// Assert
Assert.Equal(SignatureType.Author, signRequest.SignatureType);
Assert.NotNull(signRequest.Certificate);
Assert.Equal(signRequest.Certificate.Thumbprint, test.Cert.Thumbprint, StringComparer.Ordinal);
Assert.NotNull(signRequest.PrivateKey);
}
}
public void GetRepositorySignRequest_InvalidCSPName()
{
var mockConsole = new Mock <IConsole>();
var v3serviceIndex = "https://v3serviceindex.test/api/index.json";
var timestampUri = "http://timestamp.test/url";
// Arrange
using (var dir = TestDirectory.Create())
using (var test = new MSSignCommandTestContext(_trustedTestCertWithoutPrivateKey.TrustedCert, exportPfx: false))
{
var reposignCommand = new RepoSignCommand
{
Console = mockConsole.Object,
Timestamper = timestampUri,
CertificateFile = test.CertificatePath,
CSPName = "random nonexistant csp name",
KeyContainer = test.CertificateKeyContainer,
CertificateFingerprint = test.Cert.Thumbprint,
V3ServiceIndexUrl = v3serviceIndex,
};
reposignCommand.Arguments.Add(Path.Combine(dir, "package.nupkg"));
// Act & Assert
var ex = Assert.Throws <InvalidOperationException>(() => reposignCommand.GetRepositorySignRequest());
Assert.Equal("Can't find cng key.", ex.Message);
}
}
public async Task ReposignCommand_Countersign_AuthorSignedPackage_WithTimestampAsync()
{
var package = new SimpleTestPackageContext();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
// Arrange
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString());
var authorSignCommand = $"mssign {unsignedPackageFile} -Timestamper {timestampService.Url} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}";
var repoSignCommand = $"reposign {unsignedPackageFile} -Timestamper {timestampService.Url} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -V3ServiceIndexUrl https://v3serviceIndex.test/api/index.json";
var result = CommandRunner.Run(
_nugetExePath,
test.Directory,
authorSignCommand,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().NotContain(_noTimestamperWarningCode);
result = CommandRunner.Run(
_nugetExePath,
test.Directory,
repoSignCommand,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().NotContain(_noTimestamperWarningCode);
}
}
public async Task ReposignCommand_Countersign_RepositorySignedPackage_FailAsync()
{
var package = new SimpleTestPackageContext();
// Arrange
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString());
var command = $"reposign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -V3ServiceIndexUrl https://v3serviceIndex.test/api/index.json";
var result = CommandRunner.Run(
_nugetExePath,
test.Directory,
command,
waitForExit: true);
result.Success.Should().BeTrue();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result = CommandRunner.Run(
_nugetExePath,
test.Directory,
command,
waitForExit: true);
result.Success.Should().BeFalse();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result.Errors.Should().Contain("NU3033: A repository primary signature must not have a repository countersignature.");
}
}
public void GetRepositorySignRequest_Success()
{
var mockConsole = new Mock <IConsole>();
var v3serviceIndex = "https://v3serviceindex.test/api/index.json";
var timestampUri = "http://timestamp.test/url";
// Arrange
using (var dir = TestDirectory.Create())
using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert))
{
var reposignCommand = new RepoSignCommand
{
Console = mockConsole.Object,
Timestamper = timestampUri,
CertificateFile = test.CertificatePath,
CSPName = test.CertificateCSPName,
KeyContainer = test.CertificateKeyContainer,
CertificateFingerprint = test.Cert.Thumbprint,
V3ServiceIndexUrl = v3serviceIndex,
};
reposignCommand.Arguments.Add(Path.Combine(dir, "package.nupkg"));
// Act
var signRequest = reposignCommand.GetRepositorySignRequest();
// Assert
Assert.Equal(v3serviceIndex, signRequest.V3ServiceIndexUrl.AbsoluteUri, StringComparer.Ordinal);
Assert.Equal(SignatureType.Repository, signRequest.SignatureType);
Assert.NotNull(signRequest.Certificate);
Assert.Equal(signRequest.Certificate.Thumbprint, test.Cert.Thumbprint, StringComparer.Ordinal);
Assert.NotNull(signRequest.PrivateKey);
}
}
