public CertificateEntryLookupEntry(VerificationTarget target, SignaturePlacement placement, CertificateItem certificate, ICollection <string> owners = null)
{
Target = target;
Placement = placement;
Certificate = certificate ?? throw new ArgumentNullException(nameof(certificate));
Owners = owners;
}
protected SignPackageRequest(
X509Certificate2 certificate,
HashAlgorithmName signatureHashAlgorithm,
HashAlgorithmName timestampHashAlgorithm,
SignaturePlacement signaturePlacement)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (!Enum.IsDefined(typeof(HashAlgorithmName), signatureHashAlgorithm) ||
signatureHashAlgorithm == HashAlgorithmName.Unknown)
{
throw new ArgumentException(Strings.InvalidArgument, nameof(signatureHashAlgorithm));
}
if (!Enum.IsDefined(typeof(HashAlgorithmName), timestampHashAlgorithm) ||
timestampHashAlgorithm == HashAlgorithmName.Unknown)
{
throw new ArgumentException(Strings.InvalidArgument, nameof(timestampHashAlgorithm));
}
if (!Enum.IsDefined(typeof(SignaturePlacement), signaturePlacement))
{
throw new ArgumentException(Strings.InvalidArgument, nameof(signaturePlacement));
}
Certificate = certificate;
SignatureHashAlgorithm = signatureHashAlgorithm;
TimestampHashAlgorithm = timestampHashAlgorithm;
SignaturePlacement = signaturePlacement;
AdditionalCertificates = new X509Certificate2Collection();
}
public void Constructor_InitializesProperties(
bool boolValue,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior signatureVerificationBehavior,
RevocationMode revocationMode)
{
// Arrange & Act
var settings = new SignedPackageVerifierSettings(
allowUnsigned: boolValue,
allowIllegal: boolValue,
allowUntrusted: boolValue,
allowIgnoreTimestamp: boolValue,
allowMultipleTimestamps: boolValue,
allowNoTimestamp: boolValue,
allowUnknownRevocation: boolValue,
reportUnknownRevocation: boolValue,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior,
revocationMode: revocationMode);
// Assert
settings.AllowUnsigned.Should().Be(boolValue);
settings.AllowIllegal.Should().Be(boolValue);
settings.AllowUntrusted.Should().Be(boolValue);
settings.AllowIgnoreTimestamp.Should().Be(boolValue);
settings.AllowMultipleTimestamps.Should().Be(boolValue);
settings.AllowNoTimestamp.Should().Be(boolValue);
settings.AllowUnknownRevocation.Should().Be(boolValue);
settings.ReportUnknownRevocation.Should().Be(boolValue);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior);
settings.RevocationMode.Should().Be(revocationMode);
}
public TimestampRequest(SigningSpecifications signingSpecifications, byte[] hashedMessage, HashAlgorithmName hashAlgorithm, SignaturePlacement target)
{
SigningSpecifications = signingSpecifications ?? throw new ArgumentNullException(nameof(signingSpecifications));
HashedMessage = hashedMessage ?? throw new ArgumentNullException(nameof(hashedMessage));
HashAlgorithm = hashAlgorithm;
Target = target;
}
public void ConstructorWithLists_WhenArgumentCombinationIsInvalid_Throws(
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
string parameterName1,
string parameterName2)
{
var exception = Assert.Throws <ArgumentException>(() => new SignedPackageVerifierSettings(
allowUnsigned: false,
allowIllegal: false,
allowUntrusted: false,
allowIgnoreTimestamp: false,
allowMultipleTimestamps: false,
allowNoTimestamp: false,
allowUnknownRevocation: false,
reportUnknownRevocation: true,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: repositoryCountersignatureVerificationBehavior,
allowNoRepositoryCertificateList: false,
allowNoClientCertificateList: false,
repoAllowListEntries: Array.Empty <VerificationAllowListEntry>(),
clientAllowListEntries: Array.Empty <VerificationAllowListEntry>()));
Assert.Equal(parameterName2, exception.ParamName);
Assert.StartsWith($"Invalid combination of arguments {parameterName1} and {parameterName2}.", exception.Message);
}
public SignedPackageVerifierSettings(
bool allowUnsigned,
bool allowIllegal,
bool allowUntrusted,
bool allowIgnoreTimestamp,
bool allowMultipleTimestamps,
bool allowNoTimestamp,
bool allowUnknownRevocation,
bool reportUnknownRevocation,
bool allowNoRepositoryCertificateList,
bool allowNoClientCertificateList,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
RevocationMode revocationMode)
: this(
allowUnsigned,
allowIllegal,
allowUntrusted,
allowIgnoreTimestamp,
allowMultipleTimestamps,
allowNoTimestamp,
allowUnknownRevocation,
reportUnknownRevocation,
allowNoRepositoryCertificateList,
allowNoClientCertificateList,
verificationTarget,
signaturePlacement,
repositoryCountersignatureVerificationBehavior,
revocationMode,
repoAllowListEntries : null,
clientAllowListEntries : null)
{
}
public VerificationAllowListEntry(VerificationTarget target, SignaturePlacement placement)
{
if (target == VerificationTarget.Author && placement.HasFlag(SignaturePlacement.Countersignature))
{
throw new ArgumentException(Strings.ErrorAuthorTargetCannotBeACountersignature);
}
Target = target;
Placement = placement;
}
private static VerificationTarget GetItemTarget(TrustedSignerItem item, out SignaturePlacement placement)
{
if (item is RepositoryItem)
{
placement = SignaturePlacement.Any;
return(VerificationTarget.Repository);
}
placement = SignaturePlacement.PrimarySignature;
return(VerificationTarget.Author);
}
public TrustedSignerAllowListEntry(
VerificationTarget target,
SignaturePlacement placement,
string fingerprint,
HashAlgorithmName algorithm,
bool allowUntrustedRoot = false,
IReadOnlyList <string> owners = null)
: base(target, placement, fingerprint, algorithm)
{
AllowUntrustedRoot = allowUntrustedRoot;
Owners = owners;
}
private static void AddCertificateFingerprintIntoAllowList(
VerificationTarget target,
SignaturePlacement placement,
HashAlgorithmName algorithm,
IRepositoryCertificateInfo certInfo,
List <CertificateHashAllowListEntry> allowList)
{
var fingerprint = certInfo.Fingerprints[algorithm.ConvertToOidString()];
if (!string.IsNullOrEmpty(fingerprint))
{
allowList.Add(new CertificateHashAllowListEntry(target, placement, fingerprint, algorithm));
}
}
public void ConstructorWithLists_InitializesProperties(
bool boolValue,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior signatureVerificationBehavior,
RevocationMode revocationMode)
{
// Arrange
var repoList = new List <CertificateHashAllowListEntry>();
var clientList = new List <CertificateHashAllowListEntry>();
// Act
var settings = new SignedPackageVerifierSettings(
allowUnsigned: boolValue,
allowIllegal: boolValue,
allowUntrusted: boolValue,
allowIgnoreTimestamp: boolValue,
allowMultipleTimestamps: boolValue,
allowNoTimestamp: boolValue,
allowUnknownRevocation: boolValue,
reportUnknownRevocation: boolValue,
allowNoRepositoryCertificateList: boolValue,
allowNoClientCertificateList: boolValue,
verificationTarget: verificationTarget,
signaturePlacement: signaturePlacement,
repositoryCountersignatureVerificationBehavior: signatureVerificationBehavior,
revocationMode: revocationMode,
repoAllowListEntries: repoList,
clientAllowListEntries: clientList);
// Assert
settings.AllowUnsigned.Should().Be(boolValue);
settings.AllowIllegal.Should().Be(boolValue);
settings.AllowUntrusted.Should().Be(boolValue);
settings.AllowIgnoreTimestamp.Should().Be(boolValue);
settings.AllowMultipleTimestamps.Should().Be(boolValue);
settings.AllowNoTimestamp.Should().Be(boolValue);
settings.AllowUnknownRevocation.Should().Be(boolValue);
settings.AllowNoRepositoryCertificateList.Should().Be(boolValue);
settings.AllowNoClientCertificateList.Should().Be(boolValue);
settings.RepositoryCountersignatureVerificationBehavior.Should().Be(signatureVerificationBehavior);
settings.RevocationMode.Should().Be(revocationMode);
settings.RepositoryCertificateList.Should().BeSameAs(repoList);
settings.ClientCertificateList.Should().BeSameAs(clientList);
}
/// <summary>
/// Instantiates a new instance of the <see cref="RepositorySignPackageRequest" /> class.
/// </summary>
/// <param name="certificate">The signing certificate.</param>
/// <param name="signatureHashAlgorithm">The signature hash algorithm.</param>
/// <param name="timestampHashAlgorithm">The timestamp hash algorithm.</param>
/// <param name="signaturePlacement">The signature placement.</param>
/// <param name="v3ServiceIndexUrl">The V3 service index URL.</param>
/// <param name="packageOwners">A read-only list of package owners.</param>
/// <exception cref="ArgumentNullException">Thrown if <paramref name="certificate" />
/// is <c>null</c>.</exception>
/// <exception cref="ArgumentException">Thrown if <paramref name="signatureHashAlgorithm" />
/// is invalid.</exception>
/// <exception cref="ArgumentException">Thrown if <paramref name="timestampHashAlgorithm" />
/// is invalid.</exception>
/// <exception cref="ArgumentException">Thrown if <paramref name="signaturePlacement" />
/// is invalid.</exception>
/// <exception cref="ArgumentNullException">Thrown if <paramref name="v3ServiceIndexUrl" />
/// is <c>null</c>.</exception>
/// <exception cref="ArgumentException">Thrown if <paramref name="v3ServiceIndexUrl" />
/// is neither absolute nor HTTPS.</exception>
/// <exception cref="ArgumentException">Thrown if <paramref name="packageOwners" />
/// is either empty or contains an invalid value.</exception>
public RepositorySignPackageRequest(
X509Certificate2 certificate,
HashAlgorithmName signatureHashAlgorithm,
HashAlgorithmName timestampHashAlgorithm,
SignaturePlacement signaturePlacement,
Uri v3ServiceIndexUrl,
IReadOnlyList <string> packageOwners)
: base(
certificate,
signatureHashAlgorithm,
timestampHashAlgorithm,
signaturePlacement)
{
if (v3ServiceIndexUrl == null)
{
throw new ArgumentNullException(nameof(v3ServiceIndexUrl));
}
if (!v3ServiceIndexUrl.IsAbsoluteUri)
{
throw new ArgumentException(Strings.InvalidUrl, nameof(v3ServiceIndexUrl));
}
if (!string.Equals(v3ServiceIndexUrl.Scheme, "https", StringComparison.Ordinal))
{
throw new ArgumentException(Strings.InvalidUrl, nameof(v3ServiceIndexUrl));
}
if (packageOwners != null)
{
if (packageOwners.Any(packageOwner => string.IsNullOrWhiteSpace(packageOwner)))
{
throw new ArgumentException(Strings.NuGetPackageOwnersInvalidValue, nameof(packageOwners));
}
if (!packageOwners.Any())
{
packageOwners = null;
}
}
V3ServiceIndexUrl = v3ServiceIndexUrl;
PackageOwners = packageOwners;
}
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm)
: base(target, placement)
{
if (!Enum.IsDefined(typeof(SignaturePlacement), placement))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
placement),
nameof(placement));
}
if (!Enum.IsDefined(typeof(HashAlgorithmName), algorithm))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
algorithm),
nameof(algorithm));
}
if ((placement.HasFlag(SignaturePlacement.Countersignature) && !target.HasFlag(VerificationTarget.Repository)) ||
(placement == SignaturePlacement.Countersignature && target != VerificationTarget.Repository))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(target),
nameof(placement)),
nameof(placement));
}
Fingerprint = fingerprint ?? throw new ArgumentNullException(nameof(fingerprint));
FingerprintAlgorithm = algorithm;
}
public static Task <PrimarySignature> TimestampSignature(ITimestampProvider timestampProvider, PrimarySignature primarySignature, HashAlgorithmName hashAlgorithm, SignaturePlacement target, ILogger logger)
{
Signature signatureToTimestamp = primarySignature;
if (target == SignaturePlacement.Countersignature)
{
signatureToTimestamp = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature);
}
var signatureValue = signatureToTimestamp.GetSignatureValue();
var messageHash = hashAlgorithm.ComputeHash(signatureValue);
var timestampRequest = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
hashAlgorithm,
target);
return(timestampProvider.TimestampSignatureAsync(primarySignature, timestampRequest, logger, CancellationToken.None));
}
public CertificateHashAllowListEntry(VerificationTarget target, SignaturePlacement placement, string fingerprint, HashAlgorithmName algorithm)
: base(target, placement)
{
Fingerprint = fingerprint;
FingerprintAlgorithm = algorithm;
}
public SignedPackageVerifierSettings(
bool allowUnsigned,
bool allowIllegal,
bool allowUntrusted,
bool allowIgnoreTimestamp,
bool allowMultipleTimestamps,
bool allowNoTimestamp,
bool allowUnknownRevocation,
bool reportUnknownRevocation,
VerificationTarget verificationTarget,
SignaturePlacement signaturePlacement,
SignatureVerificationBehavior repositoryCountersignatureVerificationBehavior,
RevocationMode revocationMode)
{
if (!Enum.IsDefined(typeof(VerificationTarget), verificationTarget))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
verificationTarget),
nameof(verificationTarget));
}
if (!Enum.IsDefined(typeof(SignaturePlacement), signaturePlacement))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
signaturePlacement),
nameof(signaturePlacement));
}
if (!Enum.IsDefined(typeof(SignatureVerificationBehavior), repositoryCountersignatureVerificationBehavior))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.UnrecognizedEnumValue,
repositoryCountersignatureVerificationBehavior),
nameof(repositoryCountersignatureVerificationBehavior));
}
if ((signaturePlacement.HasFlag(SignaturePlacement.Countersignature) && !verificationTarget.HasFlag(VerificationTarget.Repository)) ||
(signaturePlacement == SignaturePlacement.Countersignature && verificationTarget != VerificationTarget.Repository))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(verificationTarget),
nameof(signaturePlacement)),
nameof(signaturePlacement));
}
if ((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Never) ==
signaturePlacement.HasFlag(SignaturePlacement.Countersignature) ||
((repositoryCountersignatureVerificationBehavior == SignatureVerificationBehavior.Always) &&
!signaturePlacement.HasFlag(SignaturePlacement.Countersignature)))
{
throw new ArgumentException(
string.Format(
CultureInfo.CurrentCulture,
Strings.InvalidArgumentCombination,
nameof(signaturePlacement),
nameof(repositoryCountersignatureVerificationBehavior)),
nameof(repositoryCountersignatureVerificationBehavior));
}
AllowUnsigned = allowUnsigned;
AllowIllegal = allowIllegal;
AllowUntrusted = allowUntrusted;
AllowIgnoreTimestamp = allowIgnoreTimestamp;
AllowMultipleTimestamps = allowMultipleTimestamps;
AllowNoTimestamp = allowNoTimestamp;
AllowUnknownRevocation = allowUnknownRevocation;
ReportUnknownRevocation = reportUnknownRevocation;
VerificationTarget = verificationTarget;
SignaturePlacement = signaturePlacement;
RepositoryCountersignatureVerificationBehavior = repositoryCountersignatureVerificationBehavior;
RevocationMode = revocationMode;
}
public async Task ClientPolicies_WithSignerInTrustedSignersListAsync(SigningTestType signature, SignaturePlacement trustedSigner, string validationMode)
{
// Arrange
using (var dir = TestDirectory.Create())
using (var authorCertificate = new X509Certificate2(_trustedAuthorTestCert.Source.Cert))
using (var repoCertificate = new X509Certificate2(_trustedRepoTestCert.Source.Cert))
{
var authorCertificateFingerprintString = SignatureTestUtility.GetFingerprint(authorCertificate, HashAlgorithmName.SHA256);
var repoCertificateFingerprintString = SignatureTestUtility.GetFingerprint(repoCertificate, HashAlgorithmName.SHA256);
var signedPackagePath = await CreateSignedPackageAsync(dir, signature, authorCertificate, repoCertificate);
var trustedSignerString = "";
if (signature == SigningTestType.Author || (signature == SigningTestType.RepositoryCountersigned && trustedSigner == SignaturePlacement.PrimarySignature))
{
trustedSignerString = $@"<author name=""author1""><certificate fingerprint=""{authorCertificateFingerprintString}"" hashAlgorithm=""SHA256"" allowUntrustedRoot=""false"" /></author>";
}
else
{
trustedSignerString = $@"<repository name=""repo1"" serviceIndex=""https://api.v3serviceIndex.test/json""><certificate fingerprint=""{repoCertificateFingerprintString}"" hashAlgorithm=""SHA256"" allowUntrustedRoot=""false"" /></repository>";
}
var config = $@"
<configuration>
<config>
<add key=""signatureValidationMode"" value=""{validationMode}"" />
</config>
<trustedSigners>
{trustedSignerString}
</trustedSigners>
</configuration>";
var nugetConfigPath = "NuGet.Config";
SettingsTestUtils.CreateConfigurationFile(nugetConfigPath, dir, config);
// Act and Assert
var settings = new Settings(dir);
var verifierSettings = SignedPackageVerifierSettings.GetClientPolicy(settings, NullLogger.Instance);
var trustProviders = new[]
{
new AllowListVerificationProvider()
};
var verifier = new PackageSignatureVerifier(trustProviders);
using (var packageReader = new PackageArchiveReader(signedPackagePath))
{
// Act
var result = await verifier.VerifySignaturesAsync(packageReader, verifierSettings, CancellationToken.None);
var resultsWithWarnings = result.Results.Where(r => r.GetWarningIssues().Any());
var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any());
var totalWarningIssues = resultsWithWarnings.SelectMany(r => r.GetWarningIssues());
var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues());
// Assert
result.Valid.Should().BeTrue();
totalWarningIssues.Count().Should().Be(0);
totalErrorIssues.Count().Should().Be(0);
}
}
}
