public async Task Install_TamperedPackage_FailsAsync()
{
// Arrange
var nupkg = new SimpleTestPackageContext("A", "1.0.0");
using (var context = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory);
SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
var args = new string[]
{
nupkg.Id,
"-Version",
nupkg.Version,
"-DirectDownload",
"-NoCache",
"-Source",
context.WorkingDirectory,
"-OutputDirectory",
Path.Combine(context.WorkingDirectory, "packages")
};
// Act
var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory)));
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
}
}
public async Task Restore_TamperedPackage_FailsAsync()
{
// Arrange
using (var pathContext = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
// Set up solution, project, and packages
var solution = new SimpleTestSolutionContext(pathContext.SolutionRoot);
var projectA = SimpleTestProjectContext.CreateNETCore(
"a",
pathContext.SolutionRoot,
NuGetFramework.Parse("NETStandard2.0"));
var packageX = new SimpleTestPackageContext("X", "9.0.0");
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, packageX, pathContext.PackageSource);
SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
projectA.AddPackageToAllFrameworks(packageX);
solution.Projects.Add(projectA);
solution.Create(pathContext.SolutionRoot);
var args = new string[]
{
projectA.ProjectPath,
"-Source",
pathContext.PackageSource
};
// Act
var result = RunRestore(_nugetExePath, pathContext, expectedExitCode: 1, additionalArgs: args);
var reader = new LockFileFormat();
var lockFile = reader.Read(projectA.AssetsFileOutputPath);
var errors = lockFile.LogMessages.Where(m => m.Level == LogLevel.Error);
var warnings = lockFile.LogMessages.Where(m => m.Level == LogLevel.Warning);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, packageX.Identity, pathContext.PackageSource)));
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, packageX.Identity, pathContext.PackageSource))}");
errors.Count().Should().Be(1);
errors.First().Code.Should().Be(NuGetLogCode.NU3008);
errors.First().Message.Should().Be(SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, packageX.Identity, pathContext.PackageSource));
errors.First().LibraryId.Should().Be(packageX.Id);
warnings.Count().Should().Be(1);
warnings.First().Code.Should().Be(NuGetLogCode.NU3027);
warnings.First().Message.Should().Be(SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, packageX.Identity, pathContext.PackageSource));
warnings.First().LibraryId.Should().Be(packageX.Id);
}
}
public async Task Restore_TamperedPackageInPackagesConfig_FailsWithErrorAsync()
{
// Arrange
var packagesConfigContent = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
"<packages>" +
" <package id=\"X\" version=\"9.0.0\" targetFramework=\"net461\" />" +
"</packages>";
using (var pathContext = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
// Set up solution, project, and packages
var solution = new SimpleTestSolutionContext(pathContext.SolutionRoot);
var projectA = new SimpleTestProjectContext(
"a",
ProjectStyle.PackagesConfig,
pathContext.SolutionRoot);
var packageX = new SimpleTestPackageContext("X", "9.0.0");
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, packageX, pathContext.PackageSource);
SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
projectA.AddPackageToAllFrameworks(packageX);
solution.Projects.Add(projectA);
solution.Create(pathContext.SolutionRoot);
var packagesConfigPath = Path.Combine(Directory.GetParent(projectA.ProjectPath).FullName, "packages.config");
File.WriteAllBytes(packagesConfigPath, Encoding.ASCII.GetBytes(packagesConfigContent));
var args = new string[]
{
projectA.ProjectPath,
"-Source",
pathContext.PackageSource,
"-PackagesDirectory",
"./packages"
};
// Act
var result = RunRestore(_nugetExePath, pathContext, expectedExitCode: 1, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, packageX.Identity, pathContext.PackageSource)));
result.AllOutput.Should().Contain(string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, packageX.Identity, pathContext.PackageSource)));
}
}
public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsync()
{
// Arrange
var nupkg = new SimpleTestPackageContext("A", "1.0.0");
var testServer = await _testFixture.GetSigningTestServerAsync();
var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
var issueOptions = IssueCertificateOptions.CreateDefaultForEndCertificate();
var bcCertificate = certificateAuthority.IssueCertificate(issueOptions);
using (var context = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(bcCertificate.GetEncoded()))
{
testCertificate.PrivateKey = DotNetUtilities.ToRSA(issueOptions.KeyPair.Private as RsaPrivateCrtKeyParameters);
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory);
SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate);
certificateAuthority.Revoke(
bcCertificate,
RevocationReason.KeyCompromise,
DateTimeOffset.UtcNow.AddSeconds(-1));
var args = new string[]
{
nupkg.Id,
"-Version",
nupkg.Version,
"-DirectDownload",
"-NoCache",
"-Source",
context.WorkingDirectory,
"-OutputDirectory",
Path.Combine(context.WorkingDirectory, "packages")
};
// Act
var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory)));
result.Errors.Should().Contain(string.Format(_NU3012, SigningTestUtility.AddSignatureLogPrefix(_NU3012Message, nupkg.Identity, context.WorkingDirectory)));
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
}
}
public async Task Restore_PackageWithCompressedSignature_RequireMode_FailsAndDoesNotExpandAsync()
{
// Arrange
var packageX = new SimpleTestPackageContext();
using (var pathContext = new SimpleTestPathContext())
using (var packageStream = await packageX.CreateAsStreamAsync())
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signature = await SignedArchiveTestUtility.CreateAuthorSignatureForPackageAsync(testCertificate, packageStream);
using (var package = new ZipArchive(packageStream, ZipArchiveMode.Update, leaveOpen: true))
{
var signatureEntry = package.CreateEntry(SigningSpecifications.V1.SignaturePath);
using (var signatureStream = new MemoryStream(signature.GetBytes()))
using (var signatureEntryStream = signatureEntry.Open())
{
signatureStream.CopyTo(signatureEntryStream);
}
}
var packagePath = Path.Combine(pathContext.PackageSource, $"{packageX.ToString()}.nupkg");
packageStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
packageStream.CopyTo(fileStream);
}
// Set up solution, project, and packages
var solution = new SimpleTestSolutionContext(pathContext.SolutionRoot);
var propsFile = Path.Combine(pathContext.SolutionRoot, "NuGet.Config");
using (var stream = File.OpenWrite(propsFile))
using (var textWritter = new StreamWriter(stream))
{
textWritter.Write(@"<configuration><config><add key=""signatureValidationMode"" value=""require"" /></config></configuration>");
}
var projectA = SimpleTestProjectContext.CreateNETCore(
"a",
pathContext.SolutionRoot,
NuGetFramework.Parse("NETStandard2.0"));
projectA.AddPackageToAllFrameworks(packageX);
solution.Projects.Add(projectA);
solution.Create(pathContext.SolutionRoot);
var args = new string[]
{
projectA.ProjectPath
};
// Act
var result = RunRestore(_nugetExePath, pathContext, expectedExitCode: 1, additionalArgs: args);
var assetFileReader = new LockFileFormat();
var assetsFile = assetFileReader.Read(projectA.AssetsFileOutputPath);
var errors = assetsFile.LogMessages.Where(m => m.Level == LogLevel.Error);
var warnings = assetsFile.LogMessages.Where(m => m.Level == LogLevel.Warning);
// Assert
result.ExitCode.Should().Be(1);
result.Errors.Should().Contain(string.Format(_NU3005, SigningTestUtility.AddSignatureLogPrefix(_NU3005CompressedMessage, packageX.Identity, pathContext.PackageSource)));
errors.Count().Should().Be(1);
errors.First().Code.Should().Be(NuGetLogCode.NU3005);
errors.First().Message.Should().Be(SigningTestUtility.AddSignatureLogPrefix(_NU3005CompressedMessage, packageX.Identity, pathContext.PackageSource));
errors.First().LibraryId.Should().Be(packageX.Identity.Id.ToString());
warnings.Count().Should().Be(0);
var installedPackageDir = Path.Combine(pathContext.UserPackagesFolder, packageX.Identity.Id);
Directory.Exists(installedPackageDir).Should().BeFalse();
}
}
public async Task Install_RepoSignedPackage_SucceedsAsync()
{
// Arrange
var nupkg = new SimpleTestPackageContext("A", "1.0.0");
using (var context = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
await SignedArchiveTestUtility.RepositorySignPackageAsync(testCertificate, nupkg, context.WorkingDirectory, new Uri("https://v3serviceIndex.test/api/index.json"));
var args = new string[]
{
nupkg.Id,
"-Version",
nupkg.Version,
"-DirectDownload",
"-NoCache",
"-Source",
context.WorkingDirectory,
"-OutputDirectory",
Path.Combine(context.WorkingDirectory, "packages")
};
// Act
var result = RunInstall(_nugetExePath, context, expectedExitCode: 0, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(0);
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
}
}
public async Task Install_UntrustedCertSignedPackage_WarnsAsync()
{
// Arrange
var nupkg = new SimpleTestPackageContext("A", "1.0.0");
using (var context = new SimpleTestPathContext())
using (var testCertificate = new X509Certificate2(_testFixture.UntrustedSelfIssuedCertificateInCertificateStore))
{
await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory);
var args = new string[]
{
nupkg.Id,
"-Version",
nupkg.Version,
"-DirectDownload",
"-NoCache",
"-Source",
context.WorkingDirectory,
"-OutputDirectory",
Path.Combine(context.WorkingDirectory, "packages")
};
// Act
var result = RunInstall(_nugetExePath, context, expectedExitCode: 0, additionalArgs: args);
// Assert
result.ExitCode.Should().Be(0);
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3018, SigningTestUtility.AddSignatureLogPrefix(_NU3018Message, nupkg.Identity, context.WorkingDirectory))}");
result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
}
}