private static async Task <MemoryStream> CreateSignedPackageAsync(
X509Certificate2 certificate,
Stream unsignedPackage = null)
{
if (unsignedPackage == null)
{
var packageContext = new SimpleTestPackageContext();
unsignedPackage = packageContext.CreateAsStream();
}
var signatureProvider = new X509SignatureProvider(timestampProvider: null);
var overwrite = true;
using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256))
using (var outputPackageStream = new MemoryStream())
using (var options = new SigningOptions(
new Lazy <Stream>(() => unsignedPackage),
new Lazy <Stream>(() => outputPackageStream),
overwrite,
signatureProvider,
NullLogger.Instance))
{
await SigningUtility.SignAsync(options, request, CancellationToken.None);
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(options.OutputPackageStream);
Assert.True(isSigned);
return(new MemoryStream(outputPackageStream.ToArray()));
}
}
public async Task RemoveSignatureAsync_RemovesPackageSignatureAsync()
{
using (var test = await Test.CreateAsync(_fixture))
{
await test.Package.RemoveSignatureAsync(CancellationToken.None);
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.OutputPackageStream);
Assert.False(isSigned);
}
}
public async Task RemoveSignatureAsync_WithUnsignedPackage_Throws()
{
using (var test = Test.CreateUnsigned())
{
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.InputPackageStream);
Assert.False(isSigned);
var exception = await Assert.ThrowsAsync <SignatureException>(
() => test.Package.RemoveSignatureAsync(CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3000, exception.Code);
Assert.Equal("The package is not signed. Unable to remove signature from an unsigned package.", exception.Message);
}
}
public async Task SignAsync_WithNotYetValidCertificate_ThrowsAsync()
{
using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificateNotYetValid.Source.Cert))
{
var exception = await Assert.ThrowsAsync <SignatureException>(
() => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3017, exception.Code);
Assert.Contains("The signing certificate is not yet valid", exception.Message);
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream);
Assert.False(isSigned);
Assert.False(test.OutputFile.Exists);
}
}
public async Task SignAsync_WithExpiredCertificate_ThrowsAsync()
{
using (var test = new Test(_testFixture.TrustedTestCertificateExpired.Source.Cert))
{
var exception = await Assert.ThrowsAsync <SignatureException>(
() => SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3018, exception.Code);
Assert.Contains("Certificate chain validation failed.", exception.Message);
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.InputPackageStream);
Assert.False(isSigned);
Assert.False(test.OutputFile.Exists);
}
}
internal async Task AuthorSignAsync()
{
using (var request = new AuthorSignPackageRequest(
new X509Certificate2(Certificate),
HashAlgorithmName.SHA256,
HashAlgorithmName.SHA256))
using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
using (var signedPackage = new MemoryStream())
{
await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage);
SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
}
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);
Assert.True(isSigned);
}
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
{
using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
using (var test = SignTest.Create(
_fixture.GetDefaultCertificate(),
HashAlgorithmName.SHA256,
packageStream.ToArray(),
new X509SignatureProvider(timestampProvider: null)))
{
await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);
Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));
Assert.Equal(0, test.Logger.Errors);
Assert.Equal(1, test.Logger.Warnings);
Assert.Equal(1, test.Logger.Messages.Count());
Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."));
}
}
public async Task SignAsync_WhenRepositoryCountersigningRepositoryCountersignedPackage_ThrowsAsync()
{
using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert))
{
await SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None);
using (var package = new PackageArchiveReader(test.Options.OutputPackageStream))
{
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream);
Assert.True(isSigned);
}
var countersignedPackageOutputPath = test.GetNewTempFilePath();
using (var countersignatureOptions = SigningOptions.CreateFromFilePaths(
test.OutputFile.FullName,
countersignedPackageOutputPath,
overwrite: false,
signatureProvider: new X509SignatureProvider(timestampProvider: null),
logger: NullLogger.Instance))
{
await SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None);
var isRepositoryCountersigned = await SignedArchiveTestUtility.IsRepositoryCountersignedAsync(countersignatureOptions.OutputPackageStream);
Assert.True(isRepositoryCountersigned);
}
using (var countersignatureOptions = SigningOptions.CreateFromFilePaths(
countersignedPackageOutputPath,
test.GetNewTempFilePath(),
overwrite: false,
signatureProvider: new X509SignatureProvider(timestampProvider: null),
logger: NullLogger.Instance))
{
var exception = await Assert.ThrowsAsync <SignatureException>(
() => SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3032, exception.Code);
Assert.Contains("The package already contains a repository countersignature", exception.Message);
}
}
}
internal async Task RepositorySignAsync()
{
using (var request = new RepositorySignPackageRequest(
new X509Certificate2(Certificate),
HashAlgorithmName.SHA256,
HashAlgorithmName.SHA256,
new Uri("https://test.test"),
packageOwners: null))
using (var originalPackage = new MemoryStream(Zip.ToByteArray(), writable: false))
using (var signedPackage = new MemoryStream())
{
await SignedArchiveTestUtility.CreateSignedPackageAsync(request, originalPackage, signedPackage);
SignedPackage = new MemoryStream(signedPackage.ToArray(), writable: false);
}
var isSigned = await SignedArchiveTestUtility.IsSignedAsync(SignedPackage);
Assert.True(isSigned);
}
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
{
var package = new SimpleTestPackageContext();
using (var packageStream = await package.CreateAsStreamAsync())
using (var test = SignTest.Create(
_fixture.GetDefaultCertificate(),
HashAlgorithmName.SHA256,
packageStream.ToArray(),
new X509SignatureProvider(timestampProvider: null)))
{
await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);
Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));
Assert.Equal(0, test.Logger.Errors);
Assert.Equal(1, test.Logger.Warnings);
Assert.Equal(1, test.Logger.Messages.Count());
SigningTestUtility.AssertUntrustedRoot(test.Logger.LogMessages, LogLevel.Warning);
}
}
