public void Constructor_InitializesProperties( bool boolValue, VerificationTarget verificationTarget, SignaturePlacement signaturePlacement, SignatureVerificationBehavior signatureVerificationBehavior, RevocationMode revocationMode) { // Arrange & Act var settings = new SignedPackageVerifierSettings( allowUnsigned: boolValue, allowIllegal: boolValue, allowUntrusted: boolValue, allowIgnoreTimestamp: boolValue, allowMultipleTimestamps: boolValue, allowNoTimestamp: boolValue, allowUnknownRevocation: boolValue, reportUnknownRevocation: boolValue, verificationTarget: verificationTarget, signaturePlacement: signaturePlacement, repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior, revocationMode: revocationMode); // Assert settings.AllowUnsigned.Should().Be(boolValue); settings.AllowIllegal.Should().Be(boolValue); settings.AllowUntrusted.Should().Be(boolValue); settings.AllowIgnoreTimestamp.Should().Be(boolValue); settings.AllowMultipleTimestamps.Should().Be(boolValue); settings.AllowNoTimestamp.Should().Be(boolValue); settings.AllowUnknownRevocation.Should().Be(boolValue); settings.ReportUnknownRevocation.Should().Be(boolValue); settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior); settings.RevocationMode.Should().Be(revocationMode); }
public void ConstructorWithLists_WhenArgumentCombinationIsInvalid_Throws( VerificationTarget verificationTarget, SignaturePlacement signaturePlacement, SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior, string parameterName1, string parameterName2) { var exception = Assert.Throws <ArgumentException>(() => new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: false, allowNoTimestamp: false, allowUnknownRevocation: false, reportUnknownRevocation: true, verificationTarget: verificationTarget, signaturePlacement: signaturePlacement, repositoryCountersignatureVerificationBehavior: repositoryCountersignatureVerificationBehavior, allowNoRepositoryCertificateList: false, allowNoClientCertificateList: false, repoAllowListEntries: Array.Empty <VerificationAllowListEntry>(), clientAllowListEntries: Array.Empty <VerificationAllowListEntry>())); Assert.Equal(parameterName2, exception.ParamName); Assert.StartsWith($"Invalid combination of arguments {parameterName1} and {parameterName2}.", exception.Message); }
public CertificateEntryLookupEntry(VerificationTarget target, SignaturePlacement placement, CertificateItem certificate, ICollection <string> owners = null) { Target = target; Placement = placement; Certificate = certificate ?? throw new ArgumentNullException(nameof(certificate)); Owners = owners; }
public SignedPackageVerifierSettings( bool allowUnsigned, bool allowIllegal, bool allowUntrusted, bool allowIgnoreTimestamp, bool allowMultipleTimestamps, bool allowNoTimestamp, bool allowUnknownRevocation, bool reportUnknownRevocation, bool allowNoRepositoryCertificateList, bool allowNoClientCertificateList, VerificationTarget verificationTarget, SignaturePlacement signaturePlacement, SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior, RevocationMode revocationMode) : this( allowUnsigned, allowIllegal, allowUntrusted, allowIgnoreTimestamp, allowMultipleTimestamps, allowNoTimestamp, allowUnknownRevocation, reportUnknownRevocation, allowNoRepositoryCertificateList, allowNoClientCertificateList, verificationTarget, signaturePlacement, repositoryCountersignatureVerificationBehavior, revocationMode, repoAllowListEntries : null, clientAllowListEntries : null) { }
public void IsVerificationTarget_WhenSignatureTypeMatches_ReturnsTrue( SignatureType signatureType, VerificationTarget target) { var isVerificationTarget = VerificationUtility.IsVerificationTarget(signatureType, target); Assert.True(isVerificationTarget); }
public void IsVerificationTarget_WhenSignatureTypeDoesNotMatch_ReturnsFalse( SignatureType signatureType, VerificationTarget target) { var isVerificationTarget = VerificationUtility.IsVerificationTarget(signatureType, target); Assert.False(isVerificationTarget); }
public VerificationAllowListEntry(VerificationTarget target, SignaturePlacement placement) { if (target == VerificationTarget.Author && placement.HasFlag(SignaturePlacement.Countersignature)) { throw new ArgumentException(Strings.ErrorAuthorTargetCannotBeACountersignature); } Target = target; Placement = placement; }
public TrustedSignerAllowListEntry( VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm, bool allowUntrustedRoot = false, IReadOnlyList <string> owners = null) : base(target, placement, fingerprint, algorithm) { AllowUntrustedRoot = allowUntrustedRoot; Owners = owners; }
private static void AddCertificateFingerprintIntoAllowList( VerificationTarget target, HashAlgorithmName algorithm, IRepositoryCertificateInfo certInfo, List <CertificateHashAllowListEntry> allowList) { var fingerprint = certInfo.Fingerprints[algorithm.ConvertToOidString()]; if (!string.IsNullOrEmpty(fingerprint)) { allowList.Add(new CertificateHashAllowListEntry(target, fingerprint, algorithm)); } }
public static bool IsVerificationTarget(SignatureType signatureType, VerificationTarget target) { switch (signatureType) { case SignatureType.Unknown: return(target.HasFlag(VerificationTarget.Unknown)); case SignatureType.Author: return(target.HasFlag(VerificationTarget.Author)); case SignatureType.Repository: return(target.HasFlag(VerificationTarget.Repository)); default: throw new NotImplementedException(); } }
public void ConstructorWithLists_InitializesProperties( bool boolValue, VerificationTarget verificationTarget, SignaturePlacement signaturePlacement, SignatureVerificationBehavior signatureVerificationBehavior, RevocationMode revocationMode) { // Arrange var repoList = new List <CertificateHashAllowListEntry>(); var clientList = new List <CertificateHashAllowListEntry>(); // Act var settings = new SignedPackageVerifierSettings( allowUnsigned: boolValue, allowIllegal: boolValue, allowUntrusted: boolValue, allowIgnoreTimestamp: boolValue, allowMultipleTimestamps: boolValue, allowNoTimestamp: boolValue, allowUnknownRevocation: boolValue, reportUnknownRevocation: boolValue, allowNoRepositoryCertificateList: boolValue, allowNoClientCertificateList: boolValue, verificationTarget: verificationTarget, signaturePlacement: signaturePlacement, repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior, revocationMode: revocationMode, repoAllowListEntries: repoList, clientAllowListEntries: clientList); // Assert settings.AllowUnsigned.Should().Be(boolValue); settings.AllowIllegal.Should().Be(boolValue); settings.AllowUntrusted.Should().Be(boolValue); settings.AllowIgnoreTimestamp.Should().Be(boolValue); settings.AllowMultipleTimestamps.Should().Be(boolValue); settings.AllowNoTimestamp.Should().Be(boolValue); settings.AllowUnknownRevocation.Should().Be(boolValue); settings.AllowNoRepositoryCertificateList.Should().Be(boolValue); settings.AllowNoClientCertificateList.Should().Be(boolValue); settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior); settings.RevocationMode.Should().Be(revocationMode); settings.RepositoryCertificateList.Should().BeSameAs(repoList); settings.ClientCertificateList.Should().BeSameAs(clientList); }
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm) : base(target, placement) { if (!Enum.IsDefined(typeof(SignaturePlacement), placement)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.UnrecognizedEnumValue, placement), nameof(placement)); } if (!Enum.IsDefined(typeof(HashAlgorithmName), algorithm)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.UnrecognizedEnumValue, algorithm), nameof(algorithm)); } if ((placement.HasFlag(SignaturePlacement.Countersignature) && !target.HasFlag(VerificationTarget.Repository)) || (placement == SignaturePlacement.Countersignature && target != VerificationTarget.Repository)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.InvalidArgumentCombination, nameof(target), nameof(placement)), nameof(placement)); } Fingerprint = fingerprint ?? throw new ArgumentNullException(nameof(fingerprint)); FingerprintAlgorithm = algorithm; }
public SignedPackageVerifierSettings( bool allowUnsigned, bool allowIllegal, bool allowUntrusted, bool allowIgnoreTimestamp, bool allowMultipleTimestamps, bool allowNoTimestamp, bool allowUnknownRevocation, bool reportUnknownRevocation, VerificationTarget verificationTarget, SignaturePlacement signaturePlacement, SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior, RevocationMode revocationMode) { if (!Enum.IsDefined(typeof(VerificationTarget), verificationTarget)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.UnrecognizedEnumValue, verificationTarget), nameof(verificationTarget)); } if (!Enum.IsDefined(typeof(SignaturePlacement), signaturePlacement)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.UnrecognizedEnumValue, signaturePlacement), nameof(signaturePlacement)); } if (!Enum.IsDefined(typeof(SignatureVerificationBehavior), repositoryCountersignatureVerificationBehavior)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.UnrecognizedEnumValue, repositoryCountersignatureVerificationBehavior), nameof(repositoryCountersignatureVerificationBehavior)); } if ((signaturePlacement.HasFlag(SignaturePlacement.Countersignature) && !verificationTarget.HasFlag(VerificationTarget.Repository)) || (signaturePlacement == SignaturePlacement.Countersignature && verificationTarget != VerificationTarget.Repository)) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.InvalidArgumentCombination, nameof(verificationTarget), nameof(signaturePlacement)), nameof(signaturePlacement)); } if ((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Never) == signaturePlacement.HasFlag(SignaturePlacement.Countersignature) || ((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Always) && !signaturePlacement.HasFlag(SignaturePlacement.Countersignature))) { throw new ArgumentException( string.Format( CultureInfo.CurrentCulture, Strings.InvalidArgumentCombination, nameof(signaturePlacement), nameof(repositoryCountersignatureVerificationBehavior)), nameof(repositoryCountersignatureVerificationBehavior)); } AllowUnsigned = allowUnsigned; AllowIllegal = allowIllegal; AllowUntrusted = allowUntrusted; AllowIgnoreTimestamp = allowIgnoreTimestamp; AllowMultipleTimestamps = allowMultipleTimestamps; AllowNoTimestamp = allowNoTimestamp; AllowUnknownRevocation = allowUnknownRevocation; ReportUnknownRevocation = reportUnknownRevocation; VerificationTarget = verificationTarget; SignaturePlacement = signaturePlacement; RepositoryCountersignatureVerificationBehavior = repositoryCountersignatureVerificationBehavior; RevocationMode = revocationMode; }
private static bool IsSignatureTargeted(VerificationTarget target, Signature signature) { return((target.HasFlag(VerificationTarget.Author) && signature is AuthorPrimarySignature) || (target.HasFlag(VerificationTarget.Repository) && signature is RepositoryPrimarySignature) || (target.HasFlag(VerificationTarget.Repository) && signature is RepositoryCountersignature)); }
public VerificationAllowListEntry(VerificationTarget target) { VerificationTarget = target; }
/// <summary> /// Adds a trusted signer item to the settings based a signed package. /// </summary> /// <param name="name">Name of the trusted signer.</param> /// <param name="package">Package to read signature from.</param> /// <param name="trustTarget">Signature to trust from package.</param> /// <param name="allowUntrustedRoot">Specifies if allowUntrustedRoot should be set to true.</param> /// <param name="owners">Trusted owners that should be set when trusting a repository.</param> /// <param name="token">Cancellation token for async request</param> public async Task AddTrustedSignerAsync(string name, ISignedPackageReader package, VerificationTarget trustTarget, bool allowUntrustedRoot, IEnumerable <string> owners, CancellationToken token) { if (package == null) { throw new ArgumentNullException(nameof(package)); } if (string.IsNullOrEmpty(name)) { throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(name)); } if (!Enum.IsDefined(typeof(VerificationTarget), trustTarget) || (trustTarget != VerificationTarget.Repository && trustTarget != VerificationTarget.Author)) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Strings.Error_UnsupportedTrustTarget, trustTarget.ToString())); } if (trustTarget == VerificationTarget.Author && owners != null && owners.Any()) { throw new ArgumentException(Strings.Error_TrustedAuthorNoOwners); } token.ThrowIfCancellationRequested(); string v3ServiceIndex = null; IRepositorySignature repositorySignature = null; var trustingRepository = trustTarget.HasFlag(VerificationTarget.Repository); var primarySignature = await package.GetPrimarySignatureAsync(token); if (primarySignature == null) { throw new InvalidOperationException(Strings.Error_PackageNotSigned); } if (trustingRepository) { if (primarySignature.Type == SignatureType.Repository) { repositorySignature = primarySignature as RepositoryPrimarySignature; } else { var countersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); repositorySignature = countersignature ?? throw new InvalidOperationException(Strings.Error_RepoTrustExpectedRepoSignature); } v3ServiceIndex = repositorySignature.V3ServiceIndexUrl.AbsoluteUri; } ValidateNoExistingSigner(name, v3ServiceIndex, trustingRepository); if (trustingRepository) { var certificateItem = GetCertificateItemForSignature(repositorySignature, allowUntrustedRoot); _trustedSignersProvider.AddOrUpdateTrustedSigner(new RepositoryItem(name, v3ServiceIndex, CreateOwnersList(owners), certificateItem)); await _logger.LogAsync(LogLevel.Information, string.Format(CultureInfo.CurrentCulture, Strings.SuccessfullyAddedTrustedRepository, name)); } else { if (primarySignature.Type != SignatureType.Author) { throw new InvalidOperationException(Strings.Error_AuthorTrustExpectedAuthorSignature); } var certificateItem = GetCertificateItemForSignature(primarySignature, allowUntrustedRoot); _trustedSignersProvider.AddOrUpdateTrustedSigner(new AuthorItem(name, certificateItem)); await _logger.LogAsync(LogLevel.Information, string.Format(CultureInfo.CurrentCulture, Strings.SuccessfullyAddedTrustedAuthor, name)); } }
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm) : base(target, placement) { Fingerprint = fingerprint; FingerprintAlgorithm = algorithm; }
public CertificateHashAllowListEntry(VerificationTarget target, string fingerprint) : base(target) { CertificateFingerprint = fingerprint; }