public void CreateCommitmentTypeIndication_WithRepositorySignature_ReturnsReceiptType() { var attribute = AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository); var attributes = new CryptographicAttributeObjectCollection(attribute); AttributeUtility.GetSignatureType(attributes).Should().Be(SignatureType.Repository); }
public void GetRepositoryCountersignature_WithRepositoryCountersignatureWithoutV3ServiceIndexUrl_Throws() { using (var test = new Test(_fixture)) { test.CreateValidAuthorPrimarySignature(); // Generate countersignature test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); test.CounterCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); // Create counter signature test.PrimarySignedCms.SignerInfos[0].ComputeCounterSignature(test.CounterCmsSigner); // Load primary signature var primarySignature = PrimarySignature.Load(test.PrimarySignedCms.Encode()); // Validate countersignature var exception = Assert.Throws <SignatureException>( () => RepositoryCountersignature.GetRepositoryCountersignature(primarySignature)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("Exactly one nuget-v3-service-index-url attribute is required.", exception.Message); } }
public void CreateCommitmentTypeIndication_WithAuthorSignature_ReturnsOriginType() { var attribute = AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author); var attributes = new CryptographicAttributeObjectCollection(attribute); AttributeUtility.GetSignatureType(attributes).Should().Be(SignatureType.Author); }
public void CreateCommitmentTypeIndication_WithUnknownSignature_Throws() { var exception = Assert.Throws <ArgumentOutOfRangeException>( () => AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Unknown)); Assert.Contains("signatureType", exception.Message); }
public async Task RejectsAuthorCounterSignatures() { // Arrange var packageStream = await GetSignedPackageStream1Async(); ModifySignatureContent( packageStream, configuredSignedCms: signedCms => { using (var counterCertificate = SigningTestUtility.GenerateCertificate(subjectName: null, modifyGenerator: null)) { TestUtility.RequireSignedPackage(_corePackageService, _message.PackageId, counterCertificate.ComputeSHA256Thumbprint()); var cmsSigner = new CmsSigner(counterCertificate); cmsSigner.SignedAttributes.Add(AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner); } }); // Act var result = await _target.ValidateAsync( _packageKey, _packageStream, _message, _token); // Assert VerifyPackageSigningStatus(result, ValidationStatus.Failed, PackageSigningStatus.Invalid); var issue = Assert.Single(result.Issues); Assert.Equal(ValidationIssueCode.AuthorCounterSignaturesNotSupported, issue.IssueCode); }
public void GetRepositoryCountersignature_WithRepositoryPrimarySignature_Throws() { using (var test = new Test(_fixture)) { test.CreateValidRepositoryPrimarySignature(); // Generate valid countersignature test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateNuGetV3ServiceIndexUrl(new Uri("https://api.nuget.org/v3/index.json"))); test.CounterCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); // Create counter signature test.PrimarySignedCms.SignerInfos[0].ComputeCounterSignature(test.CounterCmsSigner); // Load primary signature var primarySignature = PrimarySignature.Load(test.PrimarySignedCms.Encode()); // Validate countersignature var exception = Assert.Throws <SignatureException>( () => RepositoryCountersignature.GetRepositoryCountersignature(primarySignature)); Assert.Equal(NuGetLogCode.NU3033, exception.Code); Assert.Equal("A repository primary signature must not have a repository countersignature.", exception.Message); } }
public void GetRepositoryCountersignature_WithValidRepositoryCountersignature_ReturnsRepositoryCountersignature() { using (var test = new Test(_fixture)) { test.CreateValidAuthorPrimarySignature(); // Generate valid countersignature test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateNuGetV3ServiceIndexUrl(new Uri("https://api.nuget.org/v3/index.json"))); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateNuGetPackageOwners(new List <string> { "microsoft", "nuget" })); test.CounterCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); // Create counter signature test.PrimarySignedCms.SignerInfos[0].ComputeCounterSignature(test.CounterCmsSigner); // Load primary signature var primarySignature = PrimarySignature.Load(test.PrimarySignedCms.Encode()); // Validate countersignature var countersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); Assert.Equal(SignatureType.Repository, countersignature.Type); } }
internal void CreateValidAuthorPrimarySignature() { var PrimaryCmsSigner = new CmsSigner(Certificate); // Generate valid primary signature PrimaryCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); PrimaryCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); PrimaryCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(Certificate, HashAlgorithmName.SHA256)); // Create primary signature PrimarySignedCms.ComputeSignature(PrimaryCmsSigner); }
public void Load_WithAuthorSignatureWithoutSigningCertificateV2Attribute_Throws() { using (var test = new LoadTest(_fixture)) { test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); test.CmsSigner.SignedAttributes.Add(new Pkcs9SigningTime()); test.SignedCms.ComputeSignature(test.CmsSigner); var exception = Assert.Throws <SignatureException>( () => PrimarySignature.Load(test.SignedCms.Encode())); Assert.Equal(NuGetLogCode.NU3011, exception.Code); Assert.Equal("Exactly one signing-certificate-v2 attribute is required.", exception.Message); } }
public void Load_WithAuthorSignature_ReturnsSignature() { using (var test = new LoadTest(_fixture)) { test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); test.CmsSigner.SignedAttributes.Add(new Pkcs9SigningTime()); test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); test.SignedCms.ComputeSignature(test.CmsSigner); var signature = PrimarySignature.Load(test.SignedCms.Encode()); Assert.Equal(SignatureType.Author, signature.Type); } }
internal void CreateValidRepositoryPrimarySignature() { var PrimaryCmsSigner = new CmsSigner(Certificate); // Generate valid primary signature PrimaryCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); PrimaryCmsSigner.SignedAttributes.Add( AttributeUtility.CreateNuGetV3ServiceIndexUrl(new Uri("https://api.nuget.org/v3/index.json"))); PrimaryCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); PrimaryCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(Certificate, HashAlgorithmName.SHA256)); // Create primary signature PrimarySignedCms.ComputeSignature(PrimaryCmsSigner); }
public void Load_WithAuthorSignatureWithoutPkcs9SigningTimeAttribute_Throws() { using (var test = new LoadTest(_fixture)) { test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); test.SignedCms.ComputeSignature(test.CmsSigner); var exception = Assert.Throws <SignatureException>( () => PrimarySignature.Load(test.SignedCms.Encode())); Assert.Equal(NuGetLogCode.NU3011, exception.Code); Assert.Equal("The primary signature is invalid.", exception.Message); } }
public void GetRepositoryCountersignature_WithRepositoryCountersignatureWithInvalidPackageOwners_Throws() { using (var test = new Test(_fixture)) { test.CreateValidAuthorPrimarySignature(); // Generate countersignature test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); var invalidPackageOwnersBytes = DerEncoder.ConstructSequence( (new List <string> { "", " " }).Select(packageOwner => DerEncoder.SegmentedEncodeUtf8String(packageOwner.ToCharArray()))); var invalidPackageOwners = new System.Security.Cryptography.CryptographicAttributeObject( new System.Security.Cryptography.Oid(Oids.NuGetPackageOwners), new System.Security.Cryptography.AsnEncodedDataCollection(new System.Security.Cryptography.AsnEncodedData(Oids.NuGetPackageOwners, invalidPackageOwnersBytes))); test.CounterCmsSigner.SignedAttributes.Add( invalidPackageOwners); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateNuGetV3ServiceIndexUrl(new Uri("https://api.nuget.org/v3/index.json"))); test.CounterCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); // Create counter signature test.PrimarySignedCms.SignerInfos[0].ComputeCounterSignature(test.CounterCmsSigner); // Load primary signature var primarySignature = PrimarySignature.Load(test.PrimarySignedCms.Encode()); // Validate countersignature var exception = Assert.Throws <SignatureException>( () => RepositoryCountersignature.GetRepositoryCountersignature(primarySignature)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("The nuget-package-owners attribute is invalid.", exception.Message); } }
public async Task RejectsMutuallyExclusiveCounterSignaturesCommitmentTypes(SignatureType[] counterSignatureTypes) { // Arrange var packageStream = await GetSignedPackageStream1Async(); ModifySignatureContent( packageStream, configuredSignedCms: signedCms => { using (var counterCertificate = SigningTestUtility.GenerateCertificate(subjectName: null, modifyGenerator: null)) { TestUtility.RequireSignedPackage(_corePackageService, _message.PackageId, counterCertificate.ComputeSHA256Thumbprint()); var cmsSigner = new CmsSigner(counterCertificate); foreach (var type in counterSignatureTypes) { cmsSigner.SignedAttributes.Add(AttributeUtility.CreateCommitmentTypeIndication(type)); } signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner); } }); // Act var result = await _target.ValidateAsync( _packageKey, _packageStream, _message, _token); // Assert VerifyPackageSigningStatus(result, ValidationStatus.Failed, PackageSigningStatus.Invalid); var issue = Assert.Single(result.Issues); Assert.Equal(ValidationIssueCode.ClientSigningVerificationFailure, issue.IssueCode); var typedIssue = Assert.IsType <ClientSigningVerificationFailure>(issue); Assert.Equal("NU3000", typedIssue.ClientCode); Assert.Equal("The commitment-type-indication attribute contains an invalid combination of values.", typedIssue.ClientMessage); }
public void GetRepositoryCountersignature_WithRepositoryCountersignatureWithInvalidV3ServiceIndexUrl_Throws() { using (var test = new Test(_fixture)) { test.CreateValidAuthorPrimarySignature(); // Generate countersignature test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Repository)); var invalidV3ServiceIndexBytes = DerEncoder.SegmentedEncodeIA5String("notAValidUri".ToCharArray()) .SelectMany(x => x) .ToArray(); var invalidV3ServiceIndex = new System.Security.Cryptography.CryptographicAttributeObject( new System.Security.Cryptography.Oid(Oids.NuGetV3ServiceIndexUrl), new System.Security.Cryptography.AsnEncodedDataCollection(new System.Security.Cryptography.AsnEncodedData(Oids.NuGetV3ServiceIndexUrl, invalidV3ServiceIndexBytes))); test.CounterCmsSigner.SignedAttributes.Add( invalidV3ServiceIndex); test.CounterCmsSigner.SignedAttributes.Add( new Pkcs9SigningTime()); test.CounterCmsSigner.SignedAttributes.Add( AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256)); // Create counter signature test.PrimarySignedCms.SignerInfos[0].ComputeCounterSignature(test.CounterCmsSigner); // Load primary signature var primarySignature = PrimarySignature.Load(test.PrimarySignedCms.Encode()); // Validate countersignature var exception = Assert.Throws <SignatureException>( () => RepositoryCountersignature.GetRepositoryCountersignature(primarySignature)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("The nuget-v3-service-index-url attribute is invalid.", exception.Message); } }
public void Load_WithAuthorSignatureWithMultipleSigningCertificateV2AttributeValues_Throws() { using (var test = new LoadTest(_fixture)) { test.CmsSigner.SignedAttributes.Add( AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Author)); test.CmsSigner.SignedAttributes.Add(new Pkcs9SigningTime()); var attribute = AttributeUtility.CreateSigningCertificateV2(test.Certificate, HashAlgorithmName.SHA256); attribute.Values.Add(attribute.Values[0]); test.CmsSigner.SignedAttributes.Add(attribute); test.SignedCms.ComputeSignature(test.CmsSigner); var exception = Assert.Throws <SignatureException>( () => PrimarySignature.Load(test.SignedCms.Encode())); Assert.Equal(NuGetLogCode.NU3011, exception.Code); Assert.Equal("The signing-certificate-v2 attribute must have exactly one attribute value.", exception.Message); } }
public void CreateCommitmentTypeIndication_WithUnknownSignature_Throws() { Assert.Throws <ArgumentException>( () => AttributeUtility.CreateCommitmentTypeIndication(SignatureType.Unknown)); }