private static async Task <MemoryStream> CreateSignedPackageAsync( X509Certificate2 certificate, Stream unsignedPackage = null) { if (unsignedPackage == null) { var packageContext = new SimpleTestPackageContext(); unsignedPackage = packageContext.CreateAsStream(); } var signatureProvider = new X509SignatureProvider(timestampProvider: null); var overwrite = true; using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256)) using (var outputPackageStream = new MemoryStream()) using (var options = new SigningOptions( new Lazy <Stream>(() => unsignedPackage), new Lazy <Stream>(() => outputPackageStream), overwrite, signatureProvider, NullLogger.Instance)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(options.OutputPackageStream); Assert.True(isSigned); return(new MemoryStream(outputPackageStream.ToArray())); } }
public async Task RemoveSignatureAsync_RemovesPackageSignatureAsync() { using (var test = await Test.CreateAsync(_fixture)) { await test.Package.RemoveSignatureAsync(CancellationToken.None); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.OutputPackageStream); Assert.False(isSigned); } }
public async Task RemoveSignatureAsync_WithUnsignedPackage_Throws() { using (var test = Test.CreateUnsigned()) { var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.InputPackageStream); Assert.False(isSigned); var exception = await Assert.ThrowsAsync <SignatureException>( () => test.Package.RemoveSignatureAsync(CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("The package is not signed. Unable to remove signature from an unsigned package.", exception.Message); } }
public async Task SignAsync_WithNotYetValidCertificate_ThrowsAsync() { using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificateNotYetValid.Source.Cert)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3017, exception.Code); Assert.Contains("The signing certificate is not yet valid", exception.Message); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream); Assert.False(isSigned); Assert.False(test.OutputFile.Exists); } }
public async Task SignAsync_WithExpiredCertificate_ThrowsAsync() { using (var test = new Test(_testFixture.TrustedTestCertificateExpired.Source.Cert)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3018, exception.Code); Assert.Contains("Certificate chain validation failed.", exception.Message); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream); Assert.False(isSigned); Assert.False(test.OutputFile.Exists); } }
internal async Task AuthorSignAsync() { using (var request = new AuthorSignPackageRequest( new X509Certificate2(Certificate), HashAlgorithmName.SHA256, HashAlgorithmName.SHA256)) using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false)) using (var signedPackage = new MemoryStream()) { await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage); SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false); } var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage); Assert.True(isSigned); }
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync() { using (var packageStream = new SimpleTestPackageContext().CreateAsStream()) using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None); Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream)); Assert.Equal(0, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Equal(1, test.Logger.Messages.Count()); Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.")); } }
public async Task SignAsync_WhenRepositoryCountersigningRepositoryCountersignedPackage_ThrowsAsync() { using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert)) { await SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None); using (var package = new PackageArchiveReader(test.Options.OutputPackageStream)) { var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream); Assert.True(isSigned); } var countersignedPackageOutputPath = test.GetNewTempFilePath(); using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( test.OutputFile.FullName, countersignedPackageOutputPath, overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { await SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None); var isRepositoryCountersigned = await SignedArchiveTestUtility.IsRepositoryCountersignedAsync(countersignatureOptions.OutputPackageStream); Assert.True(isRepositoryCountersigned); } using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( countersignedPackageOutputPath, test.GetNewTempFilePath(), overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3032, exception.Code); Assert.Contains("The package already contains a repository countersignature", exception.Message); } } }
internal async Task RepositorySignAsync() { using (var request = new RepositorySignPackageRequest( new X509Certificate2(Certificate), HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test.test"), packageOwners: null)) using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false)) using (var signedPackage = new MemoryStream()) { await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage); SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false); } var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage); Assert.True(isSigned); }
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync() { var package = new SimpleTestPackageContext(); using (var packageStream = await package.CreateAsStreamAsync()) using (var test = SignTest.Create( _fixture.GetDefaultCertificate(), HashAlgorithmName.SHA256, packageStream.ToArray(), new X509SignatureProvider(timestampProvider: null))) { await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None); Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream)); Assert.Equal(0, test.Logger.Errors); Assert.Equal(1, test.Logger.Warnings); Assert.Equal(1, test.Logger.Messages.Count()); SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning); } }