Exemplo n.º 1
0
        public async Task SignAsync_WhenChainBuildingFails_ThrowsAsync()
        {
            var package = new SimpleTestPackageContext();

            using (var packageStream = await package.CreateAsStreamAsync())
                using (var test = SignTest.Create(
                           _fixture.GetExpiredCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3018, exception.Code);
                    Assert.Equal("Certificate chain validation failed.", exception.Message);

                    Assert.Equal(1, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Contains(test.Logger.LogMessages, message =>
                                    message.Code == NuGetLogCode.NU3018 &&
                                    message.Level == LogLevel.Error &&
                                    message.Message == "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.");
                    Assert.Contains(test.Logger.LogMessages, message =>
                                    message.Code == NuGetLogCode.NU3018 &&
                                    message.Level == LogLevel.Warning &&
                                    message.Message == "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.");
                }
        }
Exemplo n.º 2
0
 public async Task SignAsync_WhenCancellationTokenIsCancelled_ThrowsAsync()
 {
     using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256))
     {
         await Assert.ThrowsAsync <OperationCanceledException>(
             () => SigningUtility.SignAsync(test.Options, test.Request, new CancellationToken(canceled: true)));
     }
 }
Exemplo n.º 3
0
 public async Task SignAsync_WhenCancellationTokenIsCancelled_Throws()
 {
     using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256))
     {
         await Assert.ThrowsAsync <OperationCanceledException>(
             () => test.Signer.SignAsync(
                 test.Request,
                 Mock.Of <ILogger>(),
                 new CancellationToken(canceled: true)));
     }
 }
Exemplo n.º 4
0
        public async Task SignAsync_WhenLoggerIsNull_Throws()
        {
            using (var test = SignTest.Create(new X509Certificate2(), HashAlgorithmName.SHA256))
            {
                var exception = await Assert.ThrowsAsync <ArgumentNullException>(
                    () => test.Signer.SignAsync(
                        test.Request,
                        logger: null,
                        token: CancellationToken.None));

                Assert.Equal("logger", exception.ParamName);
            }
        }
Exemplo n.º 5
0
        public async Task SignAsync_WhenPackageIsZip64_ThrowsAsync()
        {
            using (var test = SignTest.Create(
                       _fixture.GetDefaultCertificate(),
                       HashAlgorithmName.SHA256,
                       SigningTestUtility.GetResourceBytes("CentralDirectoryHeaderWithZip64ExtraField.zip")))
            {
                var exception = await Assert.ThrowsAsync <SignatureException>(
                    () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                Assert.Equal(NuGetLogCode.NU3006, exception.Code);
                Assert.Equal("Signed Zip64 packages are not supported.", exception.Message);
            }
        }
Exemplo n.º 6
0
        public async Task SignAsync_WhenCertificatePublicKeyLengthIsUnsupported_ThrowsAsync()
        {
            using (var certificate = SigningTestUtility.GenerateCertificate(
                       "test",
                       generator => { },
                       publicKeyLength: 1024))
                using (var test = SignTest.Create(certificate, HashAlgorithmName.SHA256))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3014, exception.Code);
                    Assert.Contains("The signing certificate does not meet a minimum public key length requirement.", exception.Message);
                }
        }
Exemplo n.º 7
0
        public async Task SignAsync_WhenCertificateSignatureAlgorithmIsUnsupported_ThrowsAsync()
        {
            using (var certificate = SigningTestUtility.GenerateCertificate(
                       "test",
                       generator => { },
                       "SHA256WITHRSAANDMGF1"))
                using (var test = SignTest.Create(certificate, HashAlgorithmName.SHA256))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3013, exception.Code);
                    Assert.Contains("The signing certificate has an unsupported signature algorithm.", exception.Message);
                }
        }
Exemplo n.º 8
0
        public async Task SignAsync_WhenPackageEntryCountWouldRequireZip64_FailsAsync()
        {
            const ushort desiredFileCount = 0xFFFF - 1;

            var package = new SimpleTestPackageContext();

            var requiredFileCount = desiredFileCount - package.Files.Count;

            for (var i = 0; i < requiredFileCount - 1 /*nuspec*/; ++i)
            {
                package.AddFile(i.ToString());
            }

            using (var packageStream = await package.CreateAsStreamAsync())
            {
                using (var zipArchive = new ZipArchive(packageStream, ZipArchiveMode.Read, leaveOpen: true))
                {
                    // Sanity check before testing.
                    Assert.Equal(desiredFileCount, zipArchive.Entries.Count());
                }

                packageStream.Position = 0;

                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3039, exception.Code);
                    Assert.Equal("The package cannot be signed as it would require the Zip64 format.", exception.Message);

                    Assert.Equal(0, test.Options.OutputPackageStream.Length);
                    Assert.Equal(0, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Equal(1, test.Logger.Messages.Count());
                    Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."));
                }
            }
        }
Exemplo n.º 9
0
        public async Task SignAsync_WhenChainBuildingFails_Throws()
        {
            using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => test.Signer.SignAsync(
                            test.Request,
                            Mock.Of <ILogger>(),
                            CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3018, exception.AsLogMessage().Code);
                    Assert.Equal("Certificate chain validation failed with error: UntrustedRoot", exception.Message);
                }
        }
Exemplo n.º 10
0
        public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
        {
            using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);

                    Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));

                    Assert.Equal(0, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Equal(1, test.Logger.Messages.Count());
                    Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."));
                }
        }
Exemplo n.º 11
0
        public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
        {
            var package = new SimpleTestPackageContext();

            using (var packageStream = await package.CreateAsStreamAsync())
                using (var test = SignTest.Create(
                           _fixture.GetDefaultCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);

                    Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));

                    Assert.Equal(0, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    Assert.Equal(1, test.Logger.Messages.Count());
                    SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning);
                }
        }
Exemplo n.º 12
0
        public async Task SignAsync_WhenChainBuildingFails_ThrowsAsync()
        {
            var package = new SimpleTestPackageContext();

            using (var packageStream = await package.CreateAsStreamAsync())
                using (var test = SignTest.Create(
                           _fixture.GetExpiredCertificate(),
                           HashAlgorithmName.SHA256,
                           packageStream.ToArray(),
                           new X509SignatureProvider(timestampProvider: null)))
                {
                    var exception = await Assert.ThrowsAsync <SignatureException>(
                        () => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));

                    Assert.Equal(NuGetLogCode.NU3018, exception.Code);
                    Assert.Equal("Certificate chain validation failed.", exception.Message);

                    Assert.Equal(1, test.Logger.Errors);
                    Assert.Equal(1, test.Logger.Warnings);
                    SigningTestUtility.AssertNotTimeValid(test.Logger.LogMessages, LogLevel.Error);
                    SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning);
                }
        }