public async Task VerifySignaturesAsync_ValidCertificateAndTimestampWithDifferentHashAlgorithms_Success() { var packageContext = new SimpleTestPackageContext(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); using (var directory = TestDirectory.Create()) using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA512, HashAlgorithmName.SHA256); var signedPackagePath = await SignedArchiveTestUtility.CreateSignedAndTimeStampedPackageAsync( certificate, packageContext, directory, timestampService.Url, request); var verifier = new PackageSignatureVerifier(_trustProviders, SignedPackageVerifierSettings.VerifyCommandDefaultPolicy); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { var result = await verifier.VerifySignaturesAsync(packageReader, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); result.Valid.Should().BeTrue(); resultsWithErrors.Count().Should().Be(0); } } }
/// <summary> /// Generates a signed copy of a package and returns the path to that package /// This method timestamps a package and should only be used with tests marked with [CIOnlyFact] /// </summary> /// <param name="certificate">Certificate to be used while signing the package</param> /// <param name="nupkg">Package to be signed</param> /// <param name="dir">Directory for placing the signed package</param> /// <param name="timestampService">RFC 3161 timestamp service URL.</param> /// <param name="request">An author signing request.</param> /// <returns>Path to the signed copy of the package</returns> public static async Task <string> CreateSignedAndTimeStampedPackageAsync( X509Certificate2 certificate, SimpleTestPackageContext nupkg, string dir, Uri timestampService, AuthorSignPackageRequest request = null) { var testLogger = new TestLogger(); using (var zipReadStream = nupkg.CreateAsStream()) using (var zipWriteStream = nupkg.CreateAsStream()) { var signedPackagePath = Path.Combine(dir, Guid.NewGuid().ToString()); using (var signPackage = new SignedPackageArchive(zipReadStream, zipWriteStream)) { request = request ?? new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256); // Sign the package await SignAndTimeStampPackageAsync(testLogger, certificate, signPackage, timestampService, request); } zipWriteStream.Seek(offset: 0, loc: SeekOrigin.Begin); using (Stream fileStream = File.OpenWrite(signedPackagePath)) { zipWriteStream.CopyTo(fileStream); } return(signedPackagePath); } }
private static async Task <MemoryStream> CreateSignedPackageAsync( X509Certificate2 certificate, Stream unsignedPackage = null) { if (unsignedPackage == null) { var packageContext = new SimpleTestPackageContext(); unsignedPackage = packageContext.CreateAsStream(); } var signatureProvider = new X509SignatureProvider(timestampProvider: null); var overwrite = true; using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256)) using (var outputPackageStream = new MemoryStream()) using (var options = new SigningOptions( new Lazy <Stream>(() => unsignedPackage), new Lazy <Stream>(() => outputPackageStream), overwrite, signatureProvider, NullLogger.Instance)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(options.OutputPackageStream); Assert.True(isSigned); return(new MemoryStream(outputPackageStream.ToArray())); } }
public AuthorSignPackageRequest GetAuthorSignRequest() { ValidatePackagePath(); WarnIfNoTimestamper(Console); ValidateCertificateInputs(); EnsureOutputDirectory(); var signingSpec = SigningSpecifications.V1; var signatureHashAlgorithm = ValidateAndParseHashAlgorithm(HashAlgorithm, nameof(HashAlgorithm), signingSpec); var timestampHashAlgorithm = ValidateAndParseHashAlgorithm(TimestampHashAlgorithm, nameof(TimestampHashAlgorithm), signingSpec); var certCollection = GetCertificateCollection(); var certificate = GetCertificate(certCollection); var privateKey = GetPrivateKey(certificate); var request = new AuthorSignPackageRequest( certificate, signatureHashAlgorithm, timestampHashAlgorithm) { PrivateKey = privateKey }; request.AdditionalCertificates.AddRange(certCollection); return(request); }
internal static SignTest Create( X509Certificate2 certificate, HashAlgorithmName hashAlgorithm, byte[] package = null, ISignatureProvider signatureProvider = null) { ISignedPackage signedPackage; MemoryStream readStream = null; MemoryStream writeStream = null; if (package == null) { signedPackage = Mock.Of <ISignedPackage>(); } else { readStream = new MemoryStream(package); writeStream = new MemoryStream(); signedPackage = new SignedPackageArchive(readStream, writeStream); } signatureProvider = signatureProvider ?? Mock.Of <ISignatureProvider>(); var signer = new Signer(signedPackage, signatureProvider); var request = new AuthorSignPackageRequest(certificate, hashAlgorithm); return(new SignTest( signer, signedPackage, signatureProvider, request, readStream, writeStream)); }
/// <summary> /// Generates a signed copy of a package and returns the path to that package /// This method timestamps a package and should only be used with tests marked with [CIOnlyFact] /// </summary> /// <param name="certificate">Certificate to be used while signing the package</param> /// <param name="nupkg">Package to be signed</param> /// <param name="dir">Directory for placing the signed package</param> /// <param name="timestampService">RFC 3161 timestamp service URL.</param> /// <param name="request">An author signing request.</param> /// <returns>Path to the signed copy of the package</returns> public static async Task <string> CreateSignedAndTimeStampedPackageAsync( X509Certificate2 certificate, SimpleTestPackageContext nupkg, string dir, Uri timestampService, AuthorSignPackageRequest request = null) { var testLogger = new TestLogger(); var signedPackagePath = Path.Combine(dir, Guid.NewGuid().ToString()); var tempPath = Path.GetTempFileName(); using (var packageStream = nupkg.CreateAsStream()) using (var fileStream = File.OpenWrite(tempPath)) { packageStream.CopyTo(fileStream); } #if IS_DESKTOP using (var cert = new X509Certificate2(certificate)) using (request = request ?? new AuthorSignPackageRequest(cert, HashAlgorithmName.SHA256)) { await SignAndTimeStampPackageAsync(testLogger, tempPath, signedPackagePath, timestampService, request); } #endif FileUtility.Delete(tempPath); return(signedPackagePath); }
/// <summary> /// Generates an author signed copy of a package and returns the path to that package /// This method can timestamp a package and should only be used with tests marked with [CIOnlyFact] /// </summary> /// <param name="certificate">Certificate to be used while signing the package</param> /// <param name="nupkg">Package to be signed</param> /// <param name="dir">Directory for placing the signed package</param> /// <param name="timestampService">RFC 3161 timestamp service URL.</param> /// <param name="signatureHashAlgorithm">Hash algorithm to be used in the signature. Defaults to SHA256</param> /// <param name="timestampHashAlgorithm">Hash algorithm to be used in the timestamp. Defaults to SHA256</param> /// <returns>Path to the signed copy of the package</returns> public static async Task <string> AuthorSignPackageAsync( X509Certificate2 certificate, SimpleTestPackageContext nupkg, string dir, Uri timestampService = null, HashAlgorithmName signatureHashAlgorithm = HashAlgorithmName.SHA256, HashAlgorithmName timestampHashAlgorithm = HashAlgorithmName.SHA256) { var testLogger = new TestLogger(); var signedPackagePath = Path.Combine(dir, $"{nupkg.Id}.{nupkg.Version}.nupkg"); var tempPath = Path.GetTempFileName(); using (var packageStream = await nupkg.CreateAsStreamAsync()) using (var fileStream = File.OpenWrite(tempPath)) { packageStream.CopyTo(fileStream); } using (var originalPackage = File.OpenRead(tempPath)) using (var signedPackage = File.Open(signedPackagePath, FileMode.OpenOrCreate, FileAccess.ReadWrite)) using (var request = new AuthorSignPackageRequest( new X509Certificate2(certificate), signatureHashAlgorithm, timestampHashAlgorithm)) { await CreateSignedPackageAsync(request, originalPackage, signedPackage, timestampService); } FileUtility.Delete(tempPath); return(signedPackagePath); }
private async Task <int> SignPackageAsync( string packagePath, string outputPath, ILogger logger, bool Overwrite, ISignatureProvider signatureProvider, AuthorSignPackageRequest request, CancellationToken token) { // For overwrite we need to first remove the signature and then sign the unsigned package if (Overwrite) { var originalPackageCopyPath = CopyPackage(packagePath); await RemoveSignatureAsync(logger, signatureProvider, packagePath, originalPackageCopyPath, token); await AddSignatureAndUpdatePackageAsync(logger, signatureProvider, request, originalPackageCopyPath, outputPath, token); FileUtility.Delete(originalPackageCopyPath); } else { await AddSignatureAndUpdatePackageAsync(logger, signatureProvider, request, packagePath, outputPath, token); } return(0); }
/// <summary> /// Sign a package for test purposes. /// This does not timestamp a signature and can be used outside corp network. /// </summary> private static async Task SignPackageAsync(TestLogger testLogger, X509Certificate2 certificate, SignedPackageArchive signPackage) { var testSignatureProvider = new X509SignatureProvider(timestampProvider: null); var signer = new Signer(signPackage, testSignatureProvider); var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256); await signer.SignAsync(request, testLogger, CancellationToken.None); }
public void Verify_WithValidInput_DoesNotThrow() { using (var certificate = new X509Certificate2(_testFixture.TrustedTestCertificate.Source.PublicCert.RawData)) using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256)) { SigningUtility.Verify(request, NullLogger.Instance); } }
public async Task <bool> SignAsync(string packagePath, string outputPath, string timestampUrl, Uri v3ServiceIndex, IReadOnlyList <string> packageOwners, SignatureType signatureType, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm, bool overwrite, X509Certificate2 publicCertificate, System.Security.Cryptography.RSA rsa, CancellationToken cancellationToken = default) { var packagesToSign = LocalFolderUtility.ResolvePackageFromPath(packagePath); var signatureProvider = new KeyVaultSignatureProvider(rsa, new Rfc3161TimestampProvider(new Uri(timestampUrl))); SignPackageRequest request = null; if (signatureType == SignatureType.Author) { request = new AuthorSignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm); } else if (signatureType == SignatureType.Repository) { request = new RepositorySignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm, v3ServiceIndex, packageOwners); } else { throw new ArgumentOutOfRangeException(nameof(signatureType)); } string originalPackageCopyPath = null; foreach (var package in packagesToSign) { cancellationToken.ThrowIfCancellationRequested(); logger.LogInformation($"{nameof(SignAsync)} [{package}]: Begin Signing {Path.GetFileName(package)}"); try { originalPackageCopyPath = CopyPackage(package); using var options = SigningOptions.CreateFromFilePaths(originalPackageCopyPath, outputPath, overwrite, signatureProvider, new NuGetLogger(logger, package)); await SigningUtility.SignAsync(options, request, cancellationToken); } catch (Exception e) { logger.LogError(e, e.Message); return(false); } finally { try { FileUtility.Delete(originalPackageCopyPath); } catch { } logger.LogInformation($"{nameof(SignAsync)} [{package}]: End Signing {Path.GetFileName(package)}"); } } return(true); }
public async Task <int> ExecuteCommandAsync(SignArgs signArgs) { // resolve path into multiple packages if needed. IEnumerable <string> packagesToSign = signArgs.PackagePaths.SelectMany(packagePath => { IEnumerable <string> packages = LocalFolderUtility.ResolvePackageFromPath(packagePath); LocalFolderUtility.EnsurePackageFileExists(packagePath, packages); return(packages); }); var success = true; X509Certificate2 cert = null; try { cert = await GetCertificateAsync(signArgs); } catch (Exception e) { success = false; ExceptionUtilities.LogException(e, signArgs.Logger); } if (success) { signArgs.Logger.LogInformation(Environment.NewLine); signArgs.Logger.LogInformation(Strings.SignCommandDisplayCertificate); signArgs.Logger.LogInformation(CertificateUtility.X509Certificate2ToString(cert, HashAlgorithmName.SHA256)); if (!string.IsNullOrEmpty(signArgs.Timestamper)) { signArgs.Logger.LogInformation(Strings.SignCommandDisplayTimestamper); signArgs.Logger.LogInformation(signArgs.Timestamper); } if (!string.IsNullOrEmpty(signArgs.OutputDirectory)) { signArgs.Logger.LogInformation(Strings.SignCommandOutputPath); signArgs.Logger.LogInformation(signArgs.OutputDirectory); } using (var signRequest = new AuthorSignPackageRequest(cert, signArgs.SignatureHashAlgorithm, signArgs.TimestampHashAlgorithm)) { return(await ExecuteCommandAsync( packagesToSign, signRequest, signArgs.Timestamper, signArgs.Logger, signArgs.OutputDirectory, signArgs.Overwrite, signArgs.Token)); } } return(success ? 0 : 1); }
public async Task <int> ExecuteCommandAsync( IEnumerable <string> packagesToSign, AuthorSignPackageRequest signPackageRequest, string timestamper, ILogger logger, string outputDirectory, bool overwrite, CancellationToken token) { var success = true; try { SigningUtility.Verify(signPackageRequest, logger); } catch (Exception e) { success = false; ExceptionUtilities.LogException(e, logger); } if (success) { var signatureProvider = GetSignatureProvider(timestamper); foreach (var packagePath in packagesToSign) { try { string outputPath; if (string.IsNullOrEmpty(outputDirectory)) { outputPath = packagePath; } else { outputPath = Path.Combine(outputDirectory, Path.GetFileName(packagePath)); } await SignPackageAsync(packagePath, outputPath, logger, overwrite, signatureProvider, signPackageRequest, token); } catch (Exception e) { success = false; ExceptionUtilities.LogException(e, logger); } } } if (success) { logger.LogInformation(Strings.SignCommandSuccess); } return(success ? 0 : 1); }
public void CreateCmsSigner_WhenLoggerNull_Throws() { using (var request = new AuthorSignPackageRequest(new X509Certificate2(), Common.HashAlgorithmName.SHA256)) { var exception = Assert.Throws <ArgumentNullException>( () => SigningUtility.CreateCmsSigner(request, logger: null)); Assert.Equal("logger", exception.ParamName); } }
public void Constructor_CertificateHashAlgorithm_WithValidInput_InitializesProperties() { using (var certificate = _fixture.GetDefaultCertificate()) { var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA512); Assert.Equal(SignatureType.Author, request.SignatureType); Assert.Same(certificate, request.Certificate); Assert.Equal(HashAlgorithmName.SHA512, request.SignatureHashAlgorithm); Assert.Equal(HashAlgorithmName.SHA512, request.TimestampHashAlgorithm); } }
/// <summary> /// Sign and timestamp a package for test purposes. /// This method timestamps a package and should only be used with tests marked with [CIOnlyFact] /// </summary> private static async Task SignAndTimeStampPackageAsync( TestLogger testLogger, X509Certificate2 certificate, SignedPackageArchive signPackage, Uri timestampService, AuthorSignPackageRequest request) { var testSignatureProvider = new X509SignatureProvider(new Rfc3161TimestampProvider(timestampService)); var signer = new Signer(signPackage, testSignatureProvider); await signer.SignAsync(request, testLogger, CancellationToken.None); }
/// <summary> /// Generates a Signature for a package. /// </summary> /// <param name="testCert">Certificate to be used while generating the signature.</param> /// <param name="packageStream">Package stream for which the signature has to be generated.</param> /// <param name="timestampProvider">An optional timestamp provider.</param> /// <returns>Signature for the package.</returns> public static async Task <PrimarySignature> CreateAuthorSignatureForPackageAsync( X509Certificate2 testCert, Stream packageStream, ITimestampProvider timestampProvider = null) { var hashAlgorithm = HashAlgorithmName.SHA256; using (var request = new AuthorSignPackageRequest(testCert, hashAlgorithm)) using (var package = new PackageArchiveReader(packageStream, leaveStreamOpen: true)) { return(await CreatePrimarySignatureForPackageAsync(package, request, timestampProvider)); } }
public void CreateCmsSigner_WithAuthorSignPackageRequest_ReturnsInstance() { using (var certificate = _fixture.GetDefaultCertificate()) using (var request = new AuthorSignPackageRequest(certificate, Common.HashAlgorithmName.SHA256)) { var signer = SigningUtility.CreateCmsSigner(request, NullLogger.Instance); Assert.Equal(request.Certificate, signer.Certificate); Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), signer.DigestAlgorithm.Value); VerifyAttributes(signer.SignedAttributes, request); } }
internal Test(X509Certificate2 certificate) { _directory = TestDirectory.Create(); _certificate = new X509Certificate2(certificate); var packageContext = new SimpleTestPackageContext(); ReadStream = packageContext.CreateAsStream(); WriteStream = packageContext.CreateAsStream(); Package = new SignedPackageArchive(ReadStream, WriteStream); Request = new AuthorSignPackageRequest(_certificate, HashAlgorithmName.SHA256); var signatureProvider = new X509SignatureProvider(timestampProvider: null); Signer = new Signer(Package, signatureProvider); }
public async Task GetTrustResultAsync_SettingsRequireExactlyOneTimestamp_MultipleTimestamps_Fails() { // Arrange var nupkg = new SimpleTestPackageContext(); var testLogger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var setting = new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowUntrustedSelfIssuedCertificate: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: false, allowNoTimestamp: false, allowUnknownRevocation: false, allowNoClientCertificateList: true, allowNoRepositoryCertificateList: true); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var verificationProvider = new SignatureTrustAndValidityVerificationProvider(); using (var package = new PackageArchiveReader(nupkg.CreateAsStream(), leaveStreamOpen: false)) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) using (var signatureRequest = new AuthorSignPackageRequest(testCertificate, HashAlgorithmName.SHA256)) { var signature = await SignedArchiveTestUtility.CreatePrimarySignatureForPackageAsync(package, signatureRequest); var timestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, signature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger); var reTimestampedSignature = await SignedArchiveTestUtility.TimestampSignature(timestampProvider, timestampedSignature, signatureRequest.TimestampHashAlgorithm, SignaturePlacement.PrimarySignature, testLogger); timestampedSignature.Timestamps.Count.Should().Be(1); reTimestampedSignature.Timestamps.Count.Should().Be(2); // Act var result = await verificationProvider.GetTrustResultAsync(package, reTimestampedSignature, setting, CancellationToken.None); var totalErrorIssues = result.GetErrorIssues(); // Assert result.Trust.Should().Be(SignatureVerificationStatus.Illegal); totalErrorIssues.Count().Should().Be(1); totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3000); } }
internal async Task AuthorSignAsync() { using (var request = new AuthorSignPackageRequest( new X509Certificate2(Certificate), HashAlgorithmName.SHA256, HashAlgorithmName.SHA256)) using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false)) using (var signedPackage = new MemoryStream()) { await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage); SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false); } var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage); Assert.True(isSigned); }
/// <summary> /// Generates a SignedCMS object for some content. /// </summary> /// <param name="content"></param> /// <param name="cert">Certificate for cms signer</param> /// <returns>SignedCms object</returns> public static SignedCms GenerateRepositoryCountersignedSignedCms(X509Certificate2 cert, byte[] content) { var contentInfo = new ContentInfo(content); var hashAlgorithm = NuGet.Common.HashAlgorithmName.SHA256; using (var primarySignatureRequest = new AuthorSignPackageRequest(new X509Certificate2(cert), hashAlgorithm)) using (var countersignatureRequest = new RepositorySignPackageRequest(new X509Certificate2(cert), hashAlgorithm, hashAlgorithm, new Uri("https://api.nuget.org/v3/index.json"), null)) { var cmsSigner = SigningUtility.CreateCmsSigner(primarySignatureRequest, NullLogger.Instance); var cms = new SignedCms(contentInfo); cms.ComputeSignature(cmsSigner); var counterCmsSigner = SigningUtility.CreateCmsSigner(countersignatureRequest, NullLogger.Instance); cms.SignerInfos[0].ComputeCounterSignature(counterCmsSigner); return(cms); } }
private Test(X509Certificate2 certificate, TestDirectory dir, FileInfo package) { _authorCertificate = new X509Certificate2(certificate); _repositoryCertificate = new X509Certificate2(certificate); _directory = dir; var outputPath = GetNewTempFilePath(); OutputFile = new FileInfo(outputPath); var signatureProvider = new X509SignatureProvider(timestampProvider: null); AuthorRequest = new AuthorSignPackageRequest(_authorCertificate, HashAlgorithmName.SHA256); RepositoryRequest = new RepositorySignPackageRequest(_repositoryCertificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test/api/index.json"), packageOwners: null); var overwrite = true; Options = SigningOptions.CreateFromFilePaths(package.FullName, outputPath, overwrite, signatureProvider, NullLogger.Instance); }
/// <summary> /// Sign and timestamp a package for test purposes. /// This method timestamps a package and should only be used with tests marked with [CIOnlyFact] /// </summary> private static async Task SignAndTimeStampPackageAsync( TestLogger testLogger, string inputPackagePath, string outputPackagePath, Uri timestampService, AuthorSignPackageRequest request) { var testSignatureProvider = new X509SignatureProvider(new Rfc3161TimestampProvider(timestampService)); var overwrite = false; using (var options = SigningOptions.CreateFromFilePaths( inputPackagePath, outputPackagePath, overwrite, testSignatureProvider, testLogger)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } }
/// <summary> /// Sign a package for test purposes. /// This does not timestamp a signature and can be used outside corp network. /// </summary> private static async Task SignPackageAsync(TestLogger testLogger, X509Certificate2 certificate, string inputPackagePath, string outputPackagePath) { #if IS_DESKTOP var testSignatureProvider = new X509SignatureProvider(timestampProvider: null); using (var cert = new X509Certificate2(certificate)) using (var request = new AuthorSignPackageRequest(cert, HashAlgorithmName.SHA256)) { const bool overwrite = false; using (var options = SigningOptions.CreateFromFilePaths( inputPackagePath, outputPackagePath, overwrite, testSignatureProvider, testLogger)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } } #endif }
/// <summary> /// Generates a Signature for a package. /// </summary> /// <param name="testCert">Certificate to be used while generating the signature.</param> /// <param name="packageStream">Package stream for which the signature has to be generated.</param> /// <param name="timestampProvider">An optional timestamp provider.</param> /// <returns>Signature for the package.</returns> public static async Task <Signature> CreateSignatureForPackageAsync( X509Certificate2 testCert, Stream packageStream, ITimestampProvider timestampProvider = null) { var testLogger = new TestLogger(); var hashAlgorithm = HashAlgorithmName.SHA256; using (var request = new AuthorSignPackageRequest(testCert, hashAlgorithm)) using (var package = new PackageArchiveReader(packageStream, leaveStreamOpen: true)) { var zipArchiveHash = await package.GetArchiveHashAsync(request.SignatureHashAlgorithm, CancellationToken.None); var base64ZipArchiveHash = Convert.ToBase64String(zipArchiveHash); var signatureContent = new SignatureContent(SigningSpecifications.V1, hashAlgorithm, base64ZipArchiveHash); var testSignatureProvider = new X509SignatureProvider(timestampProvider); return(await testSignatureProvider.CreateSignatureAsync(request, signatureContent, testLogger, CancellationToken.None)); } }
private static async Task AddSignatureAndUpdatePackageAsync( ILogger logger, ISignatureProvider signatureProvider, AuthorSignPackageRequest request, string packagePath, string outputPath, CancellationToken token) { var originalPackageCopyPath = CopyPackage(packagePath); using (var packageReadStream = File.OpenRead(packagePath)) using (var packageWriteStream = File.Open(originalPackageCopyPath, FileMode.Open)) using (var package = new SignedPackageArchive(packageReadStream, packageWriteStream)) { var signer = new Signer(package, signatureProvider); await signer.SignAsync(request, logger, token); } OverwritePackage(originalPackageCopyPath, outputPath); FileUtility.Delete(originalPackageCopyPath); }
public async Task <bool> SignAsync(string packagePath, string outputPath, string timestampUrl, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm, bool overwrite, X509Certificate2 publicCertificate, System.Security.Cryptography.RSA rsa) { var fileName = Path.GetFileName(packagePath); logger.LogInformation($"{nameof(SignAsync)} [{fileName}]: Begin Signing {packagePath}"); var signatureProvider = new KeyVaultSignatureProvider(rsa, new Rfc3161TimestampProvider(new Uri(timestampUrl))); var request = new AuthorSignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm); string originalPackageCopyPath = null; try { originalPackageCopyPath = CopyPackage(packagePath); using (var options = SigningOptions.CreateFromFilePaths(originalPackageCopyPath, outputPath, overwrite, signatureProvider, new NuGetLogger(logger, fileName))) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } } catch (Exception e) { logger.LogError(e, e.Message); return(false); } finally { try { FileUtility.Delete(originalPackageCopyPath); } catch { } logger.LogInformation($"{nameof(SignAsync)} [{fileName}]: End Signing {packagePath}"); } return(true); }
internal Test(X509Certificate2 certificate) { _directory = TestDirectory.Create(); _authorCertificate = new X509Certificate2(certificate); _repositoryCertificate = new X509Certificate2(certificate); var outputPath = GetNewTempFilePath(); OutputFile = new FileInfo(outputPath); var packageContext = new SimpleTestPackageContext(); var packageFileName = Guid.NewGuid().ToString(); var package = packageContext.CreateAsFile(_directory, packageFileName); var signatureProvider = new X509SignatureProvider(timestampProvider: null); AuthorRequest = new AuthorSignPackageRequest(_authorCertificate, HashAlgorithmName.SHA256); RepositoryRequest = new RepositorySignPackageRequest(_repositoryCertificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test/api/index.json"), packageOwners: null); var overwrite = true; Options = SigningOptions.CreateFromFilePaths(package.FullName, outputPath, overwrite, signatureProvider, NullLogger.Instance); }
internal static SignTest Create( X509Certificate2 certificate, HashAlgorithmName hashAlgorithm, byte[] package = null, ISignatureProvider signatureProvider = null) { var directory = TestDirectory.Create(); var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); var outputPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); if (package == null) { File.WriteAllBytes(signedPackageFile.FullName, Array.Empty <byte>()); } else { using (var fileStream = signedPackageFile.Create()) { fileStream.Write(package, 0, package.Length); } } signatureProvider = signatureProvider ?? Mock.Of <ISignatureProvider>(); var logger = new TestLogger(); var request = new AuthorSignPackageRequest(certificate, hashAlgorithm); var overwrite = false; var options = SigningOptions.CreateFromFilePaths( signedPackageFile.FullName, outputPackageFile.FullName, overwrite, signatureProvider, logger); return(new SignTest( request, directory, options, logger)); }