public void IsSigned_WithIncorrectSignatureFileNameInLocalFileHeader_ReturnsFalse() { var zipBytes = SigningTestUtility.GetResourceBytes("SignatureFileEntry.zip"); var fileName = Encoding.ASCII.GetBytes(SigningSpecifications.V1.SignaturePath.ToUpper()); Array.Copy(fileName, sourceIndex: 0, destinationArray: zipBytes, destinationIndex: 0x1e, length: fileName.Length); using (var test = new Test(zipBytes)) { var isSigned = SignedPackageArchiveUtility.IsSigned(test.Reader); Assert.False(isSigned); } }
public async Task RemoveRepositorySignaturesAsync_WithUnsignedPackage_DoesNotChangePackage() { using (var test = new RemoveTest(_fixture)) using (var input = new MemoryStream(test.Zip.ToByteArray(), writable: false)) { var wasSomethingRemoved = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync( input, test.UnsignedPackage, CancellationToken.None); Assert.False(wasSomethingRemoved); Assert.Equal(0, test.UnsignedPackage.Length); } }
public async Task RemoveRepositorySignaturesAsync_WithRepositoryPrimarySignature_ReturnsUnsignedPackage() { using (var test = new RemoveTest(_fixture)) { await test.RepositorySignAsync(); var wasSomethingRemoved = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync( test.SignedPackage, test.UnsignedPackage, CancellationToken.None); Assert.True(wasSomethingRemoved); Assert.Equal(test.Zip.ToByteArray(), test.UnsignedPackage.ToArray()); } }
public async Task RemoveRepositorySignaturesAsync_WithAuthorPrimarySignature_DoesNotChangePackage() { using (var test = new RemoveTest(_fixture)) { await test.AuthorSignAsync(); var wasSomethingRemoved = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync( test.SignedPackage, test.UnsignedPackage, CancellationToken.None); Assert.False(wasSomethingRemoved); Assert.Equal(0, test.UnsignedPackage.Length); } }
public void OpenPackageSignatureFileStream_WithFakeContent_ReturnsContent() { using (var test = new Test(GetResource("SignatureFileWithFakeContent.zip"))) using (var stream = SignedPackageArchiveUtility.OpenPackageSignatureFileStream(test.Reader)) { Assert.False(stream.CanWrite); using (var reader = new BinaryReader(stream)) { var expectedBytes = Encoding.ASCII.GetBytes("content"); var actualBytes = reader.ReadBytes((int)reader.BaseStream.Length); Assert.Equal(expectedBytes, actualBytes); } } }
public override async Task <PrimarySignature> GetPrimarySignatureAsync(CancellationToken token) { token.ThrowIfCancellationRequested(); ThrowIfZipReadStreamIsNull(); PrimarySignature signature = null; if (await IsSignedAsync(token)) { using (var bufferedStream = new ReadOnlyBufferedStream(ZipReadStream, leaveOpen: true)) using (var reader = new BinaryReader(bufferedStream, new UTF8Encoding(), leaveOpen: true)) using (var stream = SignedPackageArchiveUtility.OpenPackageSignatureFileStream(reader)) { #if IS_DESKTOP signature = PrimarySignature.Load(stream); #endif } } return(signature); }
public override string GetContentHashForSignedPackage(CancellationToken token) { token.ThrowIfCancellationRequested(); ThrowIfZipReadStreamIsNull(); using (var zip = new ZipArchive(ZipReadStream, ZipArchiveMode.Read, leaveOpen: true)) { var signatureEntry = zip.GetEntry(SigningSpecifications.SignaturePath); if (signatureEntry == null || !string.Equals(signatureEntry.Name, SigningSpecifications.SignaturePath, StringComparison.Ordinal)) { return(null); } } using (var bufferedStream = new ReadOnlyBufferedStream(ZipReadStream, leaveOpen: true)) using (var reader = new BinaryReader(bufferedStream, new UTF8Encoding(), leaveOpen: true)) { return(SignedPackageArchiveUtility.GetPackageContentHash(reader)); } }
public override async Task <PrimarySignature> GetPrimarySignatureAsync(CancellationToken token) { token.ThrowIfCancellationRequested(); if (ZipReadStream == null) { throw new SignatureException(Strings.SignedPackageUnableToAccessSignature); } PrimarySignature signature = null; if (await IsSignedAsync(token)) { using (var reader = new BinaryReader(ZipReadStream, new UTF8Encoding(), leaveOpen: true)) using (var stream = SignedPackageArchiveUtility.OpenPackageSignatureFileStream(reader)) { #if IS_DESKTOP signature = PrimarySignature.Load(stream); #endif } } return(signature); }
internal static bool VerifySignedNupkgIntegrity(string filePath) { bool isSigned = false; using (BinaryReader binaryReader = new BinaryReader(File.OpenRead(filePath))) { isSigned = SignedPackageArchiveUtility.IsSigned(binaryReader); #if NETFRAMEWORK if (isSigned) { try { // A package will fail integrity checks if, for example, the package is signed and then: // - it is repacked // - it has its symbols stripped // - it is otherwise modified using (Stream stream = SignedPackageArchiveUtility.OpenPackageSignatureFileStream(binaryReader)) { using (PackageArchiveReader par = new PackageArchiveReader(filePath)) { var signature = par.GetPrimarySignatureAsync(CancellationToken.None).Result; var task = par.ValidateIntegrityAsync(signature.SignatureContent, CancellationToken.None); task.Wait(); } } } catch (Exception) { isSigned = false; } } #endif } return(isSigned); }
private async Task <SignatureValidatorResult> StripRepositorySignaturesAsync(Context context) { Stream packageStreamToDispose = null; try { packageStreamToDispose = FileStreamUtility.GetTemporaryFile(); var stopwatch = Stopwatch.StartNew(); var changed = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync( context.PackageStream, packageStreamToDispose, context.CancellationToken); _telemetryService.TrackDurationToStripRepositorySignatures( stopwatch.Elapsed, context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId, changed); if (changed) { _logger.LogInformation( "Repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.", context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId); // The input stream and the input signed package reader are no longer useful since they contain // the removed repository signatures. We need to initialize the new signed package archive // reader and signature. context.PackageReader.Dispose(); context.PackageStream.Dispose(); context.PackageStream = packageStreamToDispose; context.Changed = true; packageStreamToDispose = null; context.PackageReader = new SignedPackageArchive(context.PackageStream, packageWriteStream: Stream.Null); var initialSignature = context.Signature; if (await context.PackageReader.IsSignedAsync(context.CancellationToken)) { _logger.LogInformation( "The package {PackageId} {PackageVersion} for validation {ValidationId} is still signed.", context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId); context.Signature = await context.PackageReader.GetPrimarySignatureAsync(context.CancellationToken); _telemetryService.TrackStrippedRepositorySignatures( context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId, initialSignature, context.Signature); } else { _logger.LogInformation( "The package {PackageId} {PackageVersion} for validation {ValidationId} is no longer signed.", context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId); // The package is now unsigned. This would happen if the primary signature was a repository // signature that was removed. context.Signature = null; _telemetryService.TrackStrippedRepositorySignatures( context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId, initialSignature, outputSignature: null); return(await HandleUnsignedPackageAsync(context)); } } else { _logger.LogInformation( "No repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.", context.Message.PackageId, context.Message.PackageVersion, context.Message.ValidationId); } } finally { packageStreamToDispose?.Dispose(); } return(null); }