public async Task <bool> VerifyAsync(string file, StringBuilder buffer)
{
if (file == null)
{
throw new ArgumentNullException(nameof(file));
}
if (buffer == null)
{
throw new ArgumentNullException(nameof(buffer));
}
var trustProviders = new ISignatureVerificationProvider[]
{
new IntegrityVerificationProvider(),
new SignatureTrustAndValidityVerificationProvider()
};
var verifier = new PackageSignatureVerifier(trustProviders);
try
{
var result = 0;
using (var package = new PackageArchiveReader(file))
{
var verificationResult = await verifier.VerifySignaturesAsync(package, SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(), CancellationToken.None);
if (verificationResult.IsValid)
{
return(verificationResult.IsValid);
}
else
{
var logMessages = verificationResult.Results.SelectMany(p => p.Issues).Select(p => p.AsRestoreLogMessage()).ToList();
foreach (var msg in logMessages)
{
buffer.AppendLine(msg.Message);
}
if (logMessages.Any(m => m.Level >= NuGet.Common.LogLevel.Warning))
{
var errors = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Error).Count();
var warnings = logMessages.Where(m => m.Level == NuGet.Common.LogLevel.Warning).Count();
buffer.AppendLine($"Finished with {errors} errors and {warnings} warnings.");
result = errors;
}
return(false);
}
}
}
catch (Exception e)
{
logger.LogError(e, e.Message);
return(false);
}
}
public async Task VerifySignatureAsync()
{
using (var reader = new PackageArchiveReader(_streamFactory(), false))
{
var signed = await reader.IsSignedAsync(CancellationToken.None);
if (signed)
{
// Check verification
var trustProviders = new ISignatureVerificationProvider[]
{
new IntegrityVerificationProvider(),
new SignatureTrustAndValidityVerificationProvider()
};
var verifier = new PackageSignatureVerifier(trustProviders);
VerificationResult = await verifier.VerifySignaturesAsync(reader, SignedPackageVerifierSettings.GetVerifyCommandDefaultPolicy(), CancellationToken.None);
}
}
}
/// <summary>
/// Initializes a verifier that performs all integrity and trust checks required by the server.
/// </summary>
public static IPackageSignatureVerifier CreateFull()
{
var verificationProviders = new ISignatureVerificationProvider[]
{
new IntegrityVerificationProvider(),
new SignatureTrustAndValidityVerificationProvider(),
};
var settings = new SignedPackageVerifierSettings(
allowUnsigned: false,
allowIllegal: false,
allowUntrusted: false,
allowUntrustedSelfIssuedCertificate: false,
allowIgnoreTimestamp: false,
allowMultipleTimestamps: false,
allowNoTimestamp: false,
allowUnknownRevocation: true);
return(new PackageSignatureVerifier(
verificationProviders,
settings));
}
