public async Task SignAsync_WhenChainBuildingFails_ThrowsAsync()
{
using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
using (var test = SignTest.Create(
_fixture.GetExpiredCertificate(),
HashAlgorithmName.SHA256,
packageStream.ToArray(),
new X509SignatureProvider(timestampProvider: null)))
{
var exception = await Assert.ThrowsAsync <SignatureException>(
() => SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3018, exception.Code);
Assert.Equal("Certificate chain validation failed.", exception.Message);
Assert.Equal(1, test.Logger.Errors);
Assert.Equal(1, test.Logger.Warnings);
Assert.Contains(test.Logger.LogMessages, message =>
message.Code == NuGetLogCode.NU3018 &&
message.Level == LogLevel.Error &&
message.Message == "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.");
Assert.Contains(test.Logger.LogMessages, message =>
message.Code == NuGetLogCode.NU3018 &&
message.Level == LogLevel.Warning &&
message.Message == "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.");
}
}
public async Task SignAsync_WhenChainBuildingFails_Throws()
{
using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
using (var test = SignTest.Create(
_fixture.GetDefaultCertificate(),
HashAlgorithmName.SHA256,
packageStream.ToArray(),
new X509SignatureProvider(timestampProvider: null)))
{
var exception = await Assert.ThrowsAsync <SignatureException>(
() => test.Signer.SignAsync(
test.Request,
Mock.Of <ILogger>(),
CancellationToken.None));
Assert.Equal(NuGetLogCode.NU3018, exception.AsLogMessage().Code);
Assert.Equal("Certificate chain validation failed with error: UntrustedRoot", exception.Message);
}
}
public async Task SignAsync_WithUntrustedSelfSignedCertificate_SucceedsAsync()
{
using (var packageStream = new SimpleTestPackageContext().CreateAsStream())
using (var test = SignTest.Create(
_fixture.GetDefaultCertificate(),
HashAlgorithmName.SHA256,
packageStream.ToArray(),
new X509SignatureProvider(timestampProvider: null)))
{
await SigningUtility.SignAsync(test.Options, test.Request, CancellationToken.None);
Assert.True(await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream));
Assert.Equal(0, test.Logger.Errors);
Assert.Equal(1, test.Logger.Warnings);
Assert.Equal(1, test.Logger.Messages.Count());
Assert.True(test.Logger.Messages.Contains("A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."));
}
}