internal Task <bool> IsSignedAsync()
{
using (var unused = new MemoryStream())
{
var signedPackage = new SignedPackageArchive(_writeStream, unused);
return(signedPackage.IsSignedAsync(CancellationToken.None));
}
}
public async Task StripsRepositorySignatures()
{
// Arrange
_message = new SignatureValidationMessage(
TestResources.UnsignedPackageId,
TestResources.UnsignedPackageVersion,
new Uri($"https://unit.test/validation/{TestResources.UnsignedPackage.ToLowerInvariant()}"),
Guid.NewGuid());
var packageBytes = await _fixture.GenerateSignedPackageBytesAsync(
TestResources.GetResourceStream(TestResources.UnsignedPackage),
new RepositorySignPackageRequest(
await _fixture.GetSigningCertificateAsync(),
NuGetHashAlgorithmName.SHA256,
NuGetHashAlgorithmName.SHA256,
new Uri("https://example-source/v3/index.json"),
new[] { "nuget", "microsoft" }),
await _fixture.GetTimestampServiceUrlAsync(),
_output);
var packageStream = new MemoryStream(packageBytes);
TestUtility.RequireUnsignedPackage(_corePackageService, TestResources.UnsignedPackageId);
// Act
var result = await _target.ValidateAsync(
_packageKey,
packageStream,
_message,
_token);
// Assert
VerifyPackageSigningStatus(result, ValidationStatus.Succeeded, PackageSigningStatus.Unsigned);
Assert.Empty(result.Issues);
Assert.Equal(_nupkgUri, result.NupkgUri);
Assert.NotNull(_savedPackageBytes);
using (var savedPackageStream = new MemoryStream(_savedPackageBytes))
using (var packageReader = new SignedPackageArchive(savedPackageStream, Stream.Null))
{
Assert.Equal("TestUnsigned", packageReader.NuspecReader.GetId());
Assert.Equal("1.0.0", packageReader.NuspecReader.GetVersion().ToNormalizedString());
Assert.False(await packageReader.IsSignedAsync(CancellationToken.None), "The package should no longer be signed.");
}
}
public async Task StripsRepositoryCounterSignatures()
{
// Arrange
var packageBytes = await _fixture.GenerateSignedPackageBytesAsync(
await GetSignedPackageStream1Async(),
new RepositorySignPackageRequest(
await _fixture.GetSigningCertificateAsync(),
NuGetHashAlgorithmName.SHA256,
NuGetHashAlgorithmName.SHA256,
new Uri("https://example-source/v3/index.json"),
new[] { "nuget", "microsoft" }),
await _fixture.GetTimestampServiceUrlAsync(),
_output);
var packageStream = new MemoryStream(packageBytes);
// Act
var result = await _target.ValidateAsync(
_packageKey,
packageStream,
_message,
_token);
// Assert
VerifyPackageSigningStatus(result, ValidationStatus.Succeeded, PackageSigningStatus.Valid);
Assert.Empty(result.Issues);
Assert.Equal(_nupkgUri, result.NupkgUri);
Assert.NotNull(_savedPackageBytes);
using (var savedPackageStream = new MemoryStream(_savedPackageBytes))
using (var packageReader = new SignedPackageArchive(savedPackageStream, Stream.Null))
{
Assert.Equal("TestSigned.leaf-1", packageReader.NuspecReader.GetId());
Assert.Equal("1.0.0", packageReader.NuspecReader.GetVersion().ToNormalizedString());
Assert.True(await packageReader.IsSignedAsync(CancellationToken.None), "The package should still be signed.");
var signature = await packageReader.GetPrimarySignatureAsync(CancellationToken.None);
Assert.Equal(SignatureType.Author, signature.Type);
Assert.Empty(signature.SignedCms.SignerInfos[0].CounterSignerInfos);
}
}
