private async Task <ValidatorStatus> GetStatusAsync(IValidationRequest request)
{
// Look up this validator's state in the database.
var status = await _validatorStateService.GetStatusAsync(request);
if (status.State != ValidationStatus.Incomplete)
{
return(status);
}
// Wait until ALL certificate validations kicked off by this validation request have finished.
if (!await AllCertificateValidationsAreFinishedAsync(request))
{
// We know this status is incomplete.
return(status);
}
// All of the requested certificate validations have finished. At this point, the signature
// may have a status of "Unknown" if the package is at ingestion and its signature has passed
// all validations, "Invalid" if one or more of the signature's certificates has failed validations,
// or "InGracePeriod" or "Valid" if this is a revalidation request.
var signature = await FindAuthorSignatureAsync(request);
if (signature == null)
{
_logger.LogError(
"Could not find author signature for {PackageKey} {PackageId} {PackageVersion} {ValidationId}",
request.PackageKey,
request.PackageId,
request.PackageVersion,
request.ValidationId);
throw new InvalidOperationException($"Package with key {request.PackageKey} does not have an author signature");
}
if (signature.Status == PackageSignatureStatus.Invalid)
{
_logger.LogWarning(
"Failing validation {ValidationId} ({PackageId} {PackageVersion}) due to invalidated signature: {SignatureKey}",
request.ValidationId,
request.PackageId,
request.PackageVersion,
signature.Key);
return(await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Failed));
}
else
{
_logger.LogInformation(
"Successful validation {ValidationId} ({PackageId} {PackageVersion})",
request.ValidationId,
request.PackageId,
request.PackageVersion);
PromoteSignature(request, signature);
return(await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Succeeded));
}
}
public async Task <ValidationStatus> GetStatusAsync(IValidationRequest request)
{
// Look up this validator's state in the database.
var status = await _validatorStateService.GetStatusAsync(request);
if (status.State != ValidationStatus.Incomplete)
{
return(status.State);
}
// Wait until ALL certificate validations kicked off by this validation request have finished.
if (!await AllCertificateValidationsAreFinishedAsync(request))
{
return(ValidationStatus.Incomplete);
}
// All of the requested certificate validations have finished. Fail the validation if any
// signatures have been invalidated.
var signatures = await FindSignaturesAsync(request);
foreach (var signature in signatures)
{
// Signatures at this point MUST have a state of either "Unknown" or "Invalid" at this point as the
// PackageSigningValidator will set all signatures to an "Unknown" status, and the ValidateCertificate
// job may set signatures to the "Invalid" state.
if (signature.Status == PackageSignatureStatus.Invalid)
{
_logger.LogWarning(
"Failing validation {ValidationId} ({PackageId} {PackageVersion}) due to invalidated signature: {SignatureKey}",
request.ValidationId,
request.PackageId,
request.PackageVersion,
signature.Key);
return(await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Failed));
}
if (signature.Status != PackageSignatureStatus.Unknown)
{
_logger.LogError(
Error.PackageCertificateValidationInvalidSignatureState,
"Failing validation {ValidationId} ({PackageId} {PackageVersion}) due to invalid signature status: {SignatureStatus}",
request.ValidationId,
request.PackageId,
request.PackageVersion,
signature.Status);
return(await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Failed));
}
}
// All signatures are valid. Promote signatures out of the "Unknown" state to either "Valid" or "InGracePeriod".
PromoteSignatures(signatures);
return(await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Succeeded));
}