public void CanReadAndWriteStream()
{
// Arrange
using (var stream = FileStreamUtility.GetTemporaryFile())
using (var reader = new StreamReader(stream))
using (var writer = new StreamWriter(stream))
{
// Act & Assert
writer.Write(FileContent);
writer.Flush();
stream.Position = 0;
var actualContent = reader.ReadToEnd();
Assert.Equal(FileContent, actualContent);
}
}
public void ReturnsFileStreamThatDeletesOnDispose()
{
// Arrange
string fileName;
using (var stream = FileStreamUtility.GetTemporaryFile())
using (var writer = new StreamWriter(stream))
{
fileName = stream.Name;
writer.WriteLine(FileContent);
writer.Flush();
// Act & Assert
Assert.True(File.Exists(fileName), "The file should still exist.");
}
Assert.False(File.Exists(fileName), "The file should no longer exist.");
}
private async Task <SignatureValidatorResult> StripRepositorySignaturesAsync(Context context)
{
Stream packageStreamToDispose = null;
try
{
packageStreamToDispose = FileStreamUtility.GetTemporaryFile();
var stopwatch = Stopwatch.StartNew();
var changed = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync(
context.PackageStream,
packageStreamToDispose,
context.CancellationToken);
_telemetryService.TrackDurationToStripRepositorySignatures(
stopwatch.Elapsed,
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId,
changed);
if (changed)
{
_logger.LogInformation(
"Repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.",
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId);
// The input stream and the input signed package reader are no longer useful since they contain
// the removed repository signatures. We need to initialize the new signed package archive
// reader and signature.
context.PackageReader.Dispose();
context.PackageStream.Dispose();
context.PackageStream = packageStreamToDispose;
context.Changed = true;
packageStreamToDispose = null;
context.PackageReader = new SignedPackageArchive(context.PackageStream, packageWriteStream: Stream.Null);
var initialSignature = context.Signature;
if (await context.PackageReader.IsSignedAsync(context.CancellationToken))
{
_logger.LogInformation(
"The package {PackageId} {PackageVersion} for validation {ValidationId} is still signed.",
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId);
context.Signature = await context.PackageReader.GetPrimarySignatureAsync(context.CancellationToken);
_telemetryService.TrackStrippedRepositorySignatures(
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId,
initialSignature,
context.Signature);
}
else
{
_logger.LogInformation(
"The package {PackageId} {PackageVersion} for validation {ValidationId} is no longer signed.",
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId);
// The package is now unsigned. This would happen if the primary signature was a repository
// signature that was removed.
context.Signature = null;
_telemetryService.TrackStrippedRepositorySignatures(
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId,
initialSignature,
outputSignature: null);
return(await HandleUnsignedPackageAsync(context));
}
}
else
{
_logger.LogInformation(
"No repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.",
context.Message.PackageId,
context.Message.PackageVersion,
context.Message.ValidationId);
}
}
finally
{
packageStreamToDispose?.Dispose();
}
return(null);
}