private async Task <ValidatorStatus> StartInternalAsync(IValidationRequest request) { var status = await _validatorStateService.GetStatusAsync(request); if (status.State != ValidationStatus.NotStarted) { _logger.LogWarning( "Package Certificates validation with validationId {ValidationId} ({PackageId} {PackageVersion}) has already started.", request.ValidationId, request.PackageId, request.PackageVersion); return(status); } var package = await FindPackageSigningStateAsync(request); if (package.SigningStatus == PackageSigningStatus.Unsigned) { _logger.LogInformation( "Package {PackageId} {PackageVersion} is unsigned, no additional validations necessary", request.PackageId, request.PackageVersion); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded)); } else if (package.SigningStatus == PackageSigningStatus.Invalid) { // Do NOT validate the package if its status is already marked as invalid. To revalidate the package, // it MUST first pass the PackageSigningValidator. The PackageSigningValidator will mark the package's // signing status as Valid, thereby allowing this validator to revalidate the package if necessary. _logger.LogError( Error.PackageCertificateValidationAlreadyFailed, "Package {PackageId} {PackageVersion} has already failed validation", request.PackageId, request.PackageVersion); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed)); } var isRevalidationRequest = await _validatorStateService.IsRevalidationRequestAsync(request); // Find the signatures used to sign the package and see if any certificates known to be revoked // invalidate any of these signatures. Note that a revoked certificate is assumed to remain // revoked forever. var signature = await FindSignatureAsync(request); if (ShouldInvalidateSignature(signature, isRevalidationRequest)) { InvalidatePackageSignature(request, package, signature); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed)); } // Find the certificates that must be validated. A certificate must be validated if it has never been validated, // or, if it hasn't been validated in a while (and it hasn't been revoked). var certificates = FindCertificatesToValidateAsync(signature, isRevalidationRequest); if (certificates.Any()) { var stopwatch = Stopwatch.StartNew(); await StartCertificateValidationsAsync(request, certificates); var result = await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete); _telemetryService.TrackDurationToStartPackageCertificatesValidator(stopwatch.Elapsed); return(result); } else { PromoteSignature(request, signature); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded)); } }
public async Task <ValidationStatus> StartValidationAsync(IValidationRequest request) { var status = await _validatorStateService.GetStatusAsync(request); if (status.State != ValidationStatus.NotStarted) { _logger.LogWarning( "Package Certificates validation with validationId {ValidationId} ({PackageId} {PackageVersion}) has already started.", request.ValidationId, request.PackageId, request.PackageVersion); return(status.State); } var package = await FindPackageSigningStateAsync(request); if (package.SigningStatus == PackageSigningStatus.Unsigned) { _logger.LogInformation( "Package {PackageId} {PackageVersion} is unsigned, no additional validations necessary", request.PackageId, request.PackageVersion); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded)); } else if (package.SigningStatus == PackageSigningStatus.Invalid) { // Do NOT validate the package if its status is already marked as invalid. To revalidate the package, // it MUST first pass the PackageSigningValidator. The PackageSigningValidator will mark the package's // signing status as Valid, thereby allowing this validator to revalidate the package if necessary. _logger.LogError( Error.PackageCertificateValidationAlreadyFailed, "Package {PackageId} {PackageVersion} has already failed validation", request.PackageId, request.PackageVersion); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed)); } var isRevalidationRequest = await _validatorStateService.IsRevalidationRequestAsync(request); // Find the signatures used to sign the package and see if any certificates known to be revoked // invalidate any of these signatures. Note that a revoked certificate is assumed to remain // revoked forever. var signatures = await FindSignaturesAsync(request); var invalidSignatures = FindSignaturesToInvalidate(signatures, isRevalidationRequest); if (invalidSignatures.Any()) { InvalidatePackageSignatures(request, package, invalidSignatures); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Failed)); } // Find the certificates that must be validated. A certificate must be validated if it has never been validated, // or, if it hasn't been validated in a while (and it hasn't been revoked). var certificates = FindCertificatesToValidateAsync(signatures, isRevalidationRequest); if (certificates.Any()) { await StartCertificateValidationsAsync(request, certificates); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Incomplete)); } else { _logger.LogInformation( "All certificates for package {PackageId} {PackageVersion} have already been validated, no additional validations necessary", request.PackageId, request.PackageVersion); // Promote signatures out of the "Unknown" state to either "Valid" or "InGracePeriod". PromoteSignatures(signatures); return(await _validatorStateService.TryAddValidatorStatusAsync(request, status, ValidationStatus.Succeeded)); } }