public async Task SignAsync_WhenChainBuildingFails_ThrowsAsync() { var package = new SimpleTestPackageContext(); using (var packageStream = await package.CreateAsStreamAsync()) using (var test = SignTest.Create( _fixture.GetExpiredCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3018, exception.Code); Assert.Equal("Certificate chain validation failed.", exception.Message); Assert.Equal(1, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Contains(test.Logger.LogMessages, message => message.Code == NuGetLogCode.NU3018 && message.Level == LogLevel.Error && message.Message == "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file."); Assert.Contains(test.Logger.LogMessages, message => message.Code == NuGetLogCode.NU3018 && message.Level == LogLevel.Warning && message.Message == "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."); } }
public async Task SignAsync_WhenCancellationTokenIsCancelled_ThrowsAsync() { using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256)) { await Assert.ThrowsAsync <OperationCanceledException>( () => SigningUtility.SignAsync(test.Options, test.Request, new CancellationToken(canceled: true))); } }
public async Task SignAsync_WhenCancellationTokenIsCancelled_Throws() { using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256)) { await Assert.ThrowsAsync <OperationCanceledException>( () => test.Signer.SignAsync( test.Request, Mock.Of <ILogger>(), new CancellationToken(canceled: true))); } }
public async Task SignAsync_WhenLoggerIsNull_Throws() { using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256)) { var exception = await Assert.ThrowsAsync <ArgumentNullException>( () => test.Signer.SignAsync( test.Request, logger: null, token: CancellationToken.None)); Assert.Equal("logger", exception.ParamName); } }
public async Task SignAsync_WhenPackageIsZip64_ThrowsAsync() { using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, SigningTestUtility.GetResourceBytes("CentralDirectoryHeaderWithZip64ExtraField.zip"))) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3006, exception.Code); Assert.Equal("Signed Zip64 packages are not supported.", exception.Message); } }
public async Task SignAsync_WhenCertificatePublicKeyLengthIsUnsupported_ThrowsAsync() { using (var certificate = SigningTestUtility.GenerateCertificate( "test", generator => { }, publicKeyLength: 1024)) using (var test = SignTest.Create(certificate, HashAlgorithmName.SHA256)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3014, exception.Code); Assert.Contains("The signing certificate does not meet a minimum public key length requirement.", exception.Message); } }
public async Task SignAsync_WhenCertificateSignatureAlgorithmIsUnsupported_ThrowsAsync() { using (var certificate = SigningTestUtility.GenerateCertificate( "test", generator => { }, "SHA256WITHRSAANDMGF1")) using (var test = SignTest.Create(certificate, HashAlgorithmName.SHA256)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3013, exception.Code); Assert.Contains("The signing certificate has an unsupported signature algorithm.", exception.Message); } }
public async Task SignAsync_WhenPackageEntryCountWouldRequireZip64_FailsAsync() { const ushort desiredFileCount = 0xFFFF - 1; var package = new SimpleTestPackageContext(); var requiredFileCount = desiredFileCount - package.Files.Count; for (var i = 0; i < requiredFileCount - 1 /*nuspec*/; ++i) { package.AddFile(i.ToString()); } using (var packageStream = await package.CreateAsStreamAsync()) { using (var zipArchive = new ZipArchive(packageStream, ZipArchiveMode.Read, leaveOpen: true)) { // Sanity check before testing. Assert.Equal(desiredFileCount, zipArchive.Entries.Count()); } packageStream.Position = 0; using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3039, exception.Code); Assert.Equal("The package cannot be signed as it would require the Zip64 format.", exception.Message); Assert.Equal(0, test.Options.OutputPackageStream.Length); Assert.Equal(0, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Equal(1, test.Logger.Messages.Count()); Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.")); } } }
public async Task SignAsync_WhenChainBuildingFails_Throws() { using (var packageStream = new SimpleTestPackageContext().CreateAsStream()) using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { var exception = await Assert.ThrowsAsync <SignatureException>( () => test.Signer.SignAsync( test.Request, Mock.Of <ILogger>(), CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3018, exception.AsLogMessage().Code); Assert.Equal("Certificate chain validation failed with error: UntrustedRoot", exception.Message); } }
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync() { using (var packageStream = new SimpleTestPackageContext().CreateAsStream()) using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None); Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream)); Assert.Equal(0, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Equal(1, test.Logger.Messages.Count()); Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.")); } }
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync() { var package = new SimpleTestPackageContext(); using (var packageStream = await package.CreateAsStreamAsync()) using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None); Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream)); Assert.Equal(0, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Equal(1, test.Logger.Messages.Count()); SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning); } }
public async Task SignAsync_WhenChainBuildingFails_ThrowsAsync() { var package = new SimpleTestPackageContext(); using (var packageStream = await package.CreateAsStreamAsync()) using (var test = SignTest.Create( _fixture.GetExpiredCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3018, exception.Code); Assert.Equal("Certificate chain validation failed.", exception.Message); Assert.Equal(1, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); SigningTestUtility.AssertNotTimeValid(test.Logger.LogMessages, LogLevel.Error); SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning); } }