private static async Task <List <SignatureLog> > VerifyUnavailableRevocationInfo( SignatureVerificationStatus expectedStatus, LogLevel expectedLogLevel, SignedPackageVerifierSettings setting) { var verificationProvider = new SignatureTrustAndValidityVerificationProvider(); using (var nupkgStream = new MemoryStream(GetResource("UnavailableCrlPackage.nupkg"))) using (var package = new PackageArchiveReader(nupkgStream, leaveStreamOpen: false)) { // Read a signature that is valid in every way except that the CRL information is unavailable. var signature = await package.GetSignatureAsync(CancellationToken.None); var rootCertificate = SignatureUtility.GetPrimarySignatureCertificates(signature).Last(); // Trust the root CA of the signing certificate. using (var testCertificate = TrustedTestCert.Create( rootCertificate, StoreName.Root, StoreLocation.LocalMachine, maximumValidityPeriod: TimeSpan.MaxValue)) { // Act var result = await verificationProvider.GetTrustResultAsync(package, signature, setting, CancellationToken.None); // Assert Assert.Equal(expectedStatus, result.Trust); return(result .Issues .Where(x => x.Level >= expectedLogLevel) .OrderBy(x => x.Message) .ToList()); } } }
public async Task GetTrustResultAsync_WithInvalidSignature_Throws() { var package = new SimpleTestPackageContext(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); using (var directory = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var packageFilePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync( testCertificate, package, directory, timestampService.Url); using (var packageReader = new PackageArchiveReader(packageFilePath)) { var signature = await packageReader.GetSignatureAsync(CancellationToken.None); var invalidSignature = SignedArchiveTestUtility.GenerateInvalidSignature(signature); var provider = new SignatureTrustAndValidityVerificationProvider(); var result = await provider.GetTrustResultAsync( packageReader, invalidSignature, SignedPackageVerifierSettings.Default, CancellationToken.None); var issue = result.Issues.FirstOrDefault(log => log.Code == NuGetLogCode.NU3012); Assert.NotNull(issue); Assert.Equal("Primary signature validation failed.", issue.Message); } } }
public async Task GetTrustResultAsync_WithNoSigningCertificate_Throws() { var package = new SimpleTestPackageContext(); using (var directory = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var packageFilePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync(testCertificate, package, directory); using (var packageReader = new PackageArchiveReader(packageFilePath)) { var signature = (await packageReader.GetSignaturesAsync(CancellationToken.None)).Single(); var signatureWithNoCertificates = GenerateSignatureWithNoCertificates(signature); var provider = new SignatureTrustAndValidityVerificationProvider(); var result = await provider.GetTrustResultAsync( packageReader, signatureWithNoCertificates, SignedPackageVerifierSettings.Default, CancellationToken.None); var issue = result.Issues.FirstOrDefault(log => log.Code == NuGetLogCode.NU3010); Assert.NotNull(issue); Assert.Equal("The primary signature does not have a signing certificate.", issue.Message); } } }
private GetTrustResultAsyncTest( TestDirectory directory, SignedPackageArchive package, Signature signature, SignedPackageVerifierSettings settings) { _directory = directory; Package = package; Signature = signature; Settings = settings; Provider = new SignatureTrustAndValidityVerificationProvider(); }
public async Task GetTrustResultAsync_SettingsRequireExactlyOneTimestamp_MultipleTimestamps_Fails() { // Arrange var nupkg = new SimpleTestPackageContext(); var testLogger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var setting = new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowUntrustedSelfIssuedCertificate: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: false, allowNoTimestamp: false, allowUnknownRevocation: false, allowNoClientCertificateList: true, allowNoRepositoryCertificateList: true); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var verificationProvider = new SignatureTrustAndValidityVerificationProvider(); using (var package = new PackageArchiveReader(nupkg.CreateAsStream(), leaveStreamOpen: false)) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) using (var signatureRequest = new AuthorSignPackageRequest(testCertificate, HashAlgorithmName.SHA256)) { var signature = await SignedArchiveTestUtility.CreatePrimarySignatureForPackageAsync(package, signatureRequest); var timestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, signature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger); var reTimestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, timestampedSignature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger); timestampedSignature.Timestamps.Count.Should().Be(1); reTimestampedSignature.Timestamps.Count.Should().Be(2); // Act var result = await verificationProvider.GetTrustResultAsync(package, reTimestampedSignature, setting, CancellationToken.None); var totalErrorIssues = result.GetErrorIssues(); // Assert result.Trust.Should().Be(SignatureVerificationStatus.Illegal); totalErrorIssues.Count().Should().Be(1); totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3000); } }
public SignatureTrustAndValidityVerificationProviderTests() { _provider = new SignatureTrustAndValidityVerificationProvider(); }