public async Task Signer_VerifyOnTamperedPackage_FileDeletedAsync(string policyString) { // Arrange var nupkg = new SimpleTestPackageContext(); var policy = GetSettingsPolicy(policyString); using (var dir = TestDirectory.Create()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, dir); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackagePath)) { // Act var result = await verifier.VerifySignaturesAsync(packageReader, policy, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); // Assert result.IsValid.Should().BeFalse(); resultsWithErrors.Count().Should().Be(1); totalErrorIssues.Count().Should().Be(1); totalErrorIssues.First().Code.Should().Be(NuGetLogCode.NU3008); totalErrorIssues.First().Message.Should().Be(_packageTamperedError); } } }
public async Task Install_TamperedPackage_FailsAsync() { // Arrange var nupkg = new SimpleTestPackageContext("A", "1.0.0"); using (var context = new SimpleTestPathContext()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); var args = new string[] { nupkg.Id, "-Version", nupkg.Version, "-DirectDownload", "-NoCache", "-Source", context.WorkingDirectory, "-OutputDirectory", Path.Combine(context.WorkingDirectory, "packages") }; // Act var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args); // Assert result.ExitCode.Should().Be(1); result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory))); result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}"); } }
public async Task Restore_TamperedPackage_FailsAsync() { // Arrange var nupkg = new SimpleTestPackageContext("A", "1.0.0"); using (var pathContext = new SimpleTestPathContext()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { // Set up solution, project, and packages var solution = new SimpleTestSolutionContext(pathContext.SolutionRoot); var projectA = SimpleTestProjectContext.CreateNETCore( "a", pathContext.SolutionRoot, NuGetFramework.Parse("NETStandard2.0")); var packageX = new SimpleTestPackageContext("X", "9.0.0"); var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, packageX, pathContext.PackageSource); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); projectA.AddPackageToAllFrameworks(packageX); solution.Projects.Add(projectA); solution.Create(pathContext.SolutionRoot); var args = new string[] { projectA.ProjectPath, "-Source", pathContext.PackageSource }; // Act var result = RunRestore(_nugetExePath, pathContext, expectedExitCode: 1, additionalArgs: args); var reader = new LockFileFormat(); var lockFile = reader.Read(projectA.AssetsFileOutputPath); var errors = lockFile.LogMessages.Where(m => m.Level == LogLevel.Error); var warnings = lockFile.LogMessages.Where(m => m.Level == LogLevel.Warning); // Assert result.ExitCode.Should().Be(1); result.Errors.Should().Contain(_NU3008); result.AllOutput.Should().Contain($"WARNING: {_NU3027}"); errors.Count().Should().Be(1); errors.First().Code.Should().Be(NuGetLogCode.NU3008); errors.First().Message.Should().Be(_NU3008Message); errors.First().LibraryId.Should().Be(packageX.ToString()); warnings.Count().Should().Be(1); warnings.First().Code.Should().Be(NuGetLogCode.NU3027); warnings.First().Message.Should().Be(_NU3027Message); warnings.First().LibraryId.Should().Be("X.9.0.0"); } }
public async Task Restore_TamperedPackageInPackagesConfig_FailsWithErrorAsync() { // Arrange var nupkg = new SimpleTestPackageContext("A", "1.0.0"); var packagesConfigContent = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + "<packages>" + " <package id=\"X\" version=\"9.0.0\" targetFramework=\"net461\" />" + "</packages>"; using (var pathContext = new SimpleTestPathContext()) using (var testCertificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { // Set up solution, project, and packages var solution = new SimpleTestSolutionContext(pathContext.SolutionRoot); var projectA = new SimpleTestProjectContext( "a", ProjectStyle.PackagesConfig, pathContext.SolutionRoot); var packageX = new SimpleTestPackageContext("X", "9.0.0"); var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, packageX, pathContext.PackageSource); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); projectA.AddPackageToAllFrameworks(packageX); solution.Projects.Add(projectA); solution.Create(pathContext.SolutionRoot); var packagesConfigPath = Path.Combine(Directory.GetParent(projectA.ProjectPath).FullName, "packages.config"); File.WriteAllBytes(packagesConfigPath, Encoding.ASCII.GetBytes(packagesConfigContent)); var args = new string[] { projectA.ProjectPath, "-Source", pathContext.PackageSource, "-PackagesDirectory", "./packages" }; // Act var result = RunRestore(_nugetExePath, pathContext, expectedExitCode: 1, additionalArgs: args); // Assert result.ExitCode.Should().Be(1); result.Errors.Should().Contain(_NU3008); result.AllOutput.Should().Contain(_NU3027); } }
public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsync() { // Arrange var nupkg = new SimpleTestPackageContext("A", "1.0.0"); var testServer = await _testFixture.GetSigningTestServerAsync(); var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync(); var issueOptions = IssueCertificateOptions.CreateDefaultForEndCertificate(); var bcCertificate = certificateAuthority.IssueCertificate(issueOptions); using (var context = new SimpleTestPathContext()) using (var testCertificate = new X509Certificate2(bcCertificate.GetEncoded())) { testCertificate.PrivateKey = DotNetUtilities.ToRSA(issueOptions.KeyPair.Private as RsaPrivateCrtKeyParameters); var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory); SignedArchiveTestUtility.TamperWithPackage(signedPackagePath); await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate); certificateAuthority.Revoke( bcCertificate, RevocationReason.KeyCompromise, DateTimeOffset.UtcNow.AddSeconds(-1)); var args = new string[] { nupkg.Id, "-Version", nupkg.Version, "-DirectDownload", "-NoCache", "-Source", context.WorkingDirectory, "-OutputDirectory", Path.Combine(context.WorkingDirectory, "packages") }; // Act var result = RunInstall(_nugetExePath, context, expectedExitCode: 1, additionalArgs: args); // Assert result.ExitCode.Should().Be(1); result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory))); result.Errors.Should().Contain(string.Format(_NU3012, SigningTestUtility.AddSignatureLogPrefix(_NU3012Message, nupkg.Identity, context.WorkingDirectory))); result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}"); } }
public void InstallSignedTamperedPackageFromPMCAndFailForPC(ProjectTemplate projectTemplate) { // Arrange EnsureVisualStudioHost(); var signedPackage = _fixture.SignedTestPackage; using (var testContext = new ApexTestContext(VisualStudio, projectTemplate, XunitLogger)) { SimpleTestPackageUtility.CreatePackages(testContext.PackageSource, signedPackage); SignedArchiveTestUtility.TamperWithPackage(Path.Combine(testContext.PackageSource, signedPackage.PackageName)); var nugetConsole = GetConsole(testContext.Project); nugetConsole.InstallPackageFromPMC(signedPackage.Id, signedPackage.Version); nugetConsole.IsMessageFoundInPMC("package integrity check failed").Should().BeTrue("Integrity failed message shown."); Utils.AssetPackageNotInPackagesConfig(VisualStudio, testContext.Project, signedPackage.Id, signedPackage.Version, XunitLogger); } }
public async Task Tampered_InstallFromPMCForPR_FailAsync(ProjectTemplate projectTemplate) { // Arrange EnsureVisualStudioHost(); var signedPackage = _fixture.AuthorSignedTestPackage; using (var testContext = new ApexTestContext(VisualStudio, projectTemplate, XunitLogger)) { await SimpleTestPackageUtility.CreatePackagesAsync(testContext.PackageSource, signedPackage); SignedArchiveTestUtility.TamperWithPackage(Path.Combine(testContext.PackageSource, signedPackage.PackageName)); var nugetConsole = GetConsole(testContext.Project); nugetConsole.InstallPackageFromPMC(signedPackage.Id, signedPackage.Version); nugetConsole.IsMessageFoundInPMC("package integrity check failed").Should().BeTrue("Integrity failed message shown."); testContext.SolutionService.Build(); testContext.NuGetApexTestService.WaitForAutoRestore(); CommonUtility.AssertPackageReferenceDoesNotExist(VisualStudio, testContext.Project, signedPackage.Id, signedPackage.Version, XunitLogger); } }