public void SignNullPassword()
{
Exception ex = Record.Exception(() => PGPSignature.Sign(new byte[0], privateKey, null));
Assert.NotNull(ex);
Assert.IsType <NullReferenceException>(ex);
}
/// <summary>
/// Digitally signs the specified manifest, adds the signature to the manifest, and returns it.
/// </summary>
/// <param name="manifest">The manifest to sign.</param>
/// <param name="privateKey">The PGP private key with which to sign the file.</param>
/// <param name="passphrase">The passphrase for the PGP private key.</param>
/// <param name="keybaseUsername">
/// The Keybase.io username of the account hosting the PGP public key used for digest verification.
/// </param>
/// <returns>The signed manifest.</returns>
private PackageManifest SignManifest(PackageManifest manifest, string privateKey, string passphrase, string keybaseUsername)
{
Info("Digitally signing manifest...");
// insert a signature into the manifest. the signer must be included in the hash to prevent tampering.
PackageManifestSignature signature = new PackageManifestSignature();
signature.Issuer = PackagingConstants.KeyIssuer;
signature.Subject = keybaseUsername;
manifest.Signature = signature;
Verbose("Creating SHA512 hash of serialized manifest...");
string manifestHash = Utility.ComputeSHA512Hash(manifest.ToJson());
Verbose($"Hash computed successfully: {manifestHash}.");
byte[] manifestBytes = Encoding.ASCII.GetBytes(manifest.ToJson());
Verbose("Creating digest...");
byte[] digestBytes = PGPSignature.Sign(manifestBytes, privateKey, passphrase);
Verbose("Digest created successfully.");
Verbose("Adding signature to manifest...");
manifest.Signature.Digest = Encoding.ASCII.GetString(digestBytes);
Success("Manifest signed successfully.");
return(manifest);
}
public void SignNullKey()
{
Exception ex = Record.Exception(() => PGPSignature.Sign(new byte[0], null, password));
Assert.NotNull(ex);
Assert.IsType <PgpKeyValidationException>(ex);
}
public void SignNullBytes()
{
Exception ex = Record.Exception(() => PGPSignature.Sign(null, privateKey, password));
Assert.NotNull(ex);
Assert.IsType <NullReferenceException>(ex);
}
public void SignBadPassword()
{
Exception ex = Record.Exception(() => PGPSignature.Sign(new byte[0], privateKey, string.Empty));
Assert.NotNull(ex);
Assert.IsType <PgpException>(ex);
}
/// <summary>
/// Adds a Trust to the <see cref="PackageManifest"/> within the specified package using the PGP private key in the
/// specified file and the specified passphrase.
/// </summary>
/// <param name="packageFile">The Package for which the Trust is to be added.</param>
/// <param name="privateKey">The ASCII armored PGP private key.</param>
/// <param name="passphrase">The passphrase for the specified PGP private key.</param>
public void TrustPackage(string packageFile, string privateKey, string passphrase)
{
ArgumentValidator.ValidatePackageFileArgumentForWriting(packageFile, true);
ArgumentValidator.ValidatePrivateKeyArguments(privateKey, passphrase);
Info($"Adding Trust to Package '{Path.GetFileName(packageFile)}'...");
Exception deferredException = default(Exception);
string tempDirectory = Path.Combine(Path.GetTempPath(), GetType().Namespace.Split('.')[0], Guid.NewGuid().ToString());
try
{
PackageManifest manifest = new ManifestExtractor().ExtractManifest(packageFile);
Verbose("Checking (but not validating) Digest...");
if (manifest.Signature == default(PackageManifestSignature) || string.IsNullOrEmpty(manifest.Signature.Digest))
{
throw new InvalidOperationException("The Package is not signed and can not be trusted.");
}
Verbose("Digest OK.");
Verbose("Signing Digest to create the Trust...");
byte[] digestBytes = Encoding.ASCII.GetBytes(manifest.Signature.Digest);
byte[] trustBytes = PGPSignature.Sign(digestBytes, privateKey, passphrase);
string trust = Encoding.ASCII.GetString(trustBytes);
Verbose("Trust created successfully.");
manifest.Signature.Trust = trust;
UpdatePackageManifest(packageFile, manifest, tempDirectory);
}
catch (Exception ex)
{
deferredException = ex;
}
finally
{
Verbose("Deleting temporary files...");
if (Directory.Exists(tempDirectory))
{
Directory.Delete(tempDirectory, true);
}
Verbose("Temporary files deleted successfully.");
if (deferredException != default(Exception))
{
throw deferredException;
}
}
Success($"Trust added to Package '{Path.GetFileName(packageFile)}' successfully.");
}
public void Sign()
{
string text = "hello world!";
byte[] bytes = Encoding.ASCII.GetBytes(text);
byte[] signatureBytes = PGPSignature.Sign(bytes, privateKey, password);
string signature = Encoding.ASCII.GetString(signatureBytes);
Assert.NotNull(signature);
Assert.NotEqual(string.Empty, signature);
}
/// <summary>
/// Returns a PGP signature of the specified text using the default private key.
/// </summary>
/// <param name="text">The text for which the signature will be generated.</param>
/// <returns>The generated PGP signature.</returns>
private byte[] GetSignature(string text)
{
byte[] bytes = Encoding.ASCII.GetBytes(text);
return(PGPSignature.Sign(bytes, privateKey, password));
}
public void SignZeroBytes()
{
byte[] signature = PGPSignature.Sign(new byte[0], privateKey, password);
Assert.NotNull(Encoding.ASCII.GetString(signature));
}
