Exemplo n.º 1
0
        public async Task SignCommand_SignPackageWithUnsuportedTimestampHashAlgorithm_ShouldNotModifyPackageAsync()
        {
            var testServer = await _testFixture.GetSigningTestServerAsync();

            var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();

            var options = new TimestampServiceOptions()
            {
                SignatureHashAlgorithm = new Oid(Oids.Sha1)
            };
            var timestampService = TimestampService.Create(certificateAuthority, options);

            using (testServer.RegisterResponder(timestampService))
                using (var directory = TestDirectory.Create())
                {
                    var packageContext = new SimpleTestPackageContext();
                    var packageFile    = packageContext.CreateAsFile(directory, fileName: Guid.NewGuid().ToString());
                    var originalFile   = File.ReadAllBytes(packageFile.FullName);

                    using (var certificate = _testFixture.UntrustedSelfIssuedCertificateInCertificateStore)
                    {
                        var result = CommandRunner.Run(
                            _nugetExePath,
                            directory,
                            $"sign {packageFile.FullName} -CertificateFingerprint {certificate.Thumbprint} -Timestamper {timestampService.Url}",
                            waitForExit: true);

                        Assert.False(result.Success);
                        Assert.Contains("The timestamp certificate has an unsupported signature algorithm.", result.AllOutput);

                        var resultingFile = File.ReadAllBytes(packageFile.FullName);
                        Assert.Equal(resultingFile, originalFile);
                    }
                }
        }
Exemplo n.º 2
0
        public async Task VerifySignaturesAsync_WithBasicSignedCms_Succeeds()
        {
            var settings = new SignedPackageVerifierSettings(
                allowUnsigned: false,
                allowIllegal: false,
                allowUntrusted: false,
                allowIgnoreTimestamp: false,
                allowMultipleTimestamps: true,
                allowNoTimestamp: true,
                allowUnknownRevocation: false,
                allowNoClientCertificateList: true,
                allowNoRepositoryCertificateList: true,
                alwaysVerifyCountersignature: false);

            using (var directory = TestDirectory.Create())
                using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
                {
                    var packageContext      = new SimpleTestPackageContext();
                    var unsignedPackageFile = packageContext.CreateAsFile(directory, "Package.nupkg");
                    var signedPackageFile   = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync(
                        directory,
                        unsignedPackageFile,
                        certificate);

                    var verifier = new PackageSignatureVerifier(_trustProviders);

                    using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName))
                    {
                        var result = await verifier.VerifySignaturesAsync(packageReader, settings, CancellationToken.None);

                        var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any());
                        var totalErrorIssues  = resultsWithErrors.SelectMany(r => r.GetErrorIssues());

                        Assert.Equal(1, result.Results.Count);

                        var signedPackageVerificationResult = (SignedPackageVerificationResult)result.Results[0];
                        var signer = signedPackageVerificationResult.Signature.SignedCms.SignerInfos[0];

                        Assert.Equal(0, signer.SignedAttributes.Count);
                        Assert.Equal(0, signer.UnsignedAttributes.Count);

                        Assert.Equal(0, resultsWithErrors.Count());
                        Assert.Equal(0, totalErrorIssues.Count());
                    }
                }
        }
            internal static async Task <GetTrustResultAsyncTest> CreateAsync(SignedPackageVerifierSettings settings, X509Certificate2 certificate)
            {
                using (var certificateClone = new X509Certificate2(certificate))
                {
                    var directory           = TestDirectory.Create();
                    var packageContext      = new SimpleTestPackageContext();
                    var unsignedPackageFile = packageContext.CreateAsFile(directory, "package.nupkg");
                    var signedPackageFile   = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync(
                        directory,
                        unsignedPackageFile,
                        certificateClone);

                    var package   = new SignedPackageArchive(signedPackageFile.OpenRead(), new MemoryStream());
                    var signature = await package.GetSignatureAsync(CancellationToken.None);

                    return(new GetTrustResultAsyncTest(directory, package, signature, settings));
                }
            }
Exemplo n.º 4
0
        public void SignCommand_SignPackageWithUntrustedSelfIssuedCertificateInCertificateStore()
        {
            using (var directory = TestDirectory.Create())
            {
                var packageContext = new SimpleTestPackageContext();
                var packageFile    = packageContext.CreateAsFile(directory, fileName: Guid.NewGuid().ToString());

                using (var certificate = _testFixture.UntrustedSelfIssuedCertificateInCertificateStore)
                {
                    var result = CommandRunner.Run(
                        _nugetExePath,
                        directory,
                        $"sign {packageFile.FullName} -CertificateFingerprint {certificate.Thumbprint}",
                        waitForExit: true);

                    Assert.True(result.Success);
                    Assert.Contains(_noTimestamperWarningCode, result.AllOutput);
                }
            }
        }
Exemplo n.º 5
0
            internal Test(X509Certificate2 certificate)
            {
                _directory             = TestDirectory.Create();
                _authorCertificate     = new X509Certificate2(certificate);
                _repositoryCertificate = new X509Certificate2(certificate);

                var outputPath = GetNewTempFilePath();

                OutputFile = new FileInfo(outputPath);

                var packageContext    = new SimpleTestPackageContext();
                var packageFileName   = Guid.NewGuid().ToString();
                var package           = packageContext.CreateAsFile(_directory, packageFileName);
                var signatureProvider = new X509SignatureProvider(timestampProvider: null);

                AuthorRequest     = new AuthorSignPackageRequest(_authorCertificate, HashAlgorithmName.SHA256);
                RepositoryRequest = new RepositorySignPackageRequest(_repositoryCertificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test/api/index.json"), packageOwners: null);

                var overwrite = true;

                Options = SigningOptions.CreateFromFilePaths(package.FullName, outputPath, overwrite, signatureProvider, NullLogger.Instance);
            }
Exemplo n.º 6
0
        public async Task GetPrimarySignatureCertificates_WithUnknownSignature_ReturnsCertificates()
        {
            using (var directory = TestDirectory.Create())
                using (var certificate = _fixture.GetDefaultCertificate())
                {
                    var packageContext      = new SimpleTestPackageContext();
                    var unsignedPackageFile = packageContext.CreateAsFile(directory, "Package.nupkg");
                    var signedPackageFile   = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync(
                        directory,
                        unsignedPackageFile,
                        certificate);

                    using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName))
                    {
                        var signature = await packageReader.GetPrimarySignatureAsync(CancellationToken.None);

                        var certificates = SignatureUtility.GetPrimarySignatureCertificates(signature);

                        Assert.Equal(1, certificates.Count);
                        Assert.Equal(certificate.RawData, certificates[0].RawData);
                    }
                }
        }