private VerifyTest(
TestDirectory directory,
SignedPackageArchive package,
PrimarySignature primarySignature,
SignatureVerifySettings settings)
{
_directory = directory;
Package = package;
PrimarySignature = primarySignature;
Settings = settings;
}
private VerifyTest(
TestDirectory directory,
FileStream signedPackageReadStream,
SignedPackageArchive package,
PrimarySignature primarySignature,
SignatureVerifySettings settings)
{
_directory = directory;
_signedPackageReadStream = signedPackageReadStream;
Package = package;
PrimarySignature = primarySignature;
Settings = settings;
}
internal static async Task <VerifyTest> CreateAsync(SignatureVerifySettings settings, X509Certificate2 certificate)
{
using (var certificateClone = new X509Certificate2(certificate))
{
var directory = TestDirectory.Create();
var packageContext = new SimpleTestPackageContext();
var unsignedPackageFile = packageContext.CreateAsFile(directory, "package.nupkg");
var signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync(
directory,
unsignedPackageFile,
certificateClone);
var package = new SignedPackageArchive(signedPackageFile.OpenRead(), new MemoryStream());
var primarySignature = await package.GetPrimarySignatureAsync(CancellationToken.None);
return(new VerifyTest(directory, package, primarySignature, settings));
}
}
public async Task Verify_WithUntrustedSelfSignedCertificateAndAllowUntrusted_SucceedsAsync()
{
var settings = new SignatureVerifySettings(
allowIllegal: false,
allowUntrusted: true,
allowUnknownRevocation: false,
reportUnknownRevocation: true);
using (var test = await VerifyTest.CreateAsync(settings, _untrustedTestCertificate.Cert))
{
var result = test.PrimarySignature.Verify(
timestamp: null,
settings: settings,
fingerprintAlgorithm: HashAlgorithmName.SHA256,
certificateExtraStore: test.PrimarySignature.SignedCms.Certificates);
Assert.Equal(SignatureVerificationStatus.Valid, result.Status);
Assert.Equal(0, result.Issues.Count(issue => issue.Level == LogLevel.Error));
}
}
public async Task Verify_WithUntrustedSelfSignedCertificateAndNotAllowUntrustedRoot_FailsAsync()
{
var settings = new SignatureVerifySettings(
treatIssuesAsErrors: true,
allowUntrustedRoot: false,
allowUnknownRevocation: false,
logOnSignatureExpired: true);
using (var test = await VerifyTest.CreateAsync(settings, _untrustedTestCertificate.Cert))
{
var issues = new List <SignatureLog>();
var result = test.PrimarySignature.Verify(
timestamp: null,
settings: settings,
fingerprintAlgorithm: HashAlgorithmName.SHA256,
certificateExtraStore: test.PrimarySignature.SignedCms.Certificates,
issues: issues);
Assert.Equal(SignatureVerificationStatus.Untrusted, result.Status);
Assert.Equal(1, issues.Count(issue => issue.Level == LogLevel.Error));
AssertUntrustedRoot(issues, LogLevel.Error);
}
}
