public static bool HasRepositoryCountersignature(PrimarySignature primarySignature)
{
if (primarySignature == null)
{
throw new ArgumentNullException(nameof(primarySignature));
}
if (primarySignature is RepositoryPrimarySignature)
{
return(false);
}
var counterSignatures = primarySignature.SignerInfo.CounterSignerInfos;
foreach (var counterSignature in counterSignatures)
{
var countersignatureType = AttributeUtility.GetSignatureType(counterSignature.SignedAttributes);
if (countersignatureType == SignatureType.Repository)
{
return(true);
}
}
return(false);
}
private static IX509CertificateChain GetPrimarySignatureCertificates(
SignedCms signedCms,
SignerInfo signerInfo,
SigningSpecifications signingSpecifications,
string signatureFriendlyName,
bool includeChain)
{
if (signedCms == null)
{
throw new ArgumentNullException(nameof(signedCms));
}
if (signerInfo == null)
{
throw new ArgumentNullException(nameof(signerInfo));
}
var errors = new Errors(
noCertificate: NuGetLogCode.NU3010,
noCertificateString: string.Format(CultureInfo.CurrentCulture, Strings.Verify_ErrorNoCertificate, signatureFriendlyName),
invalidSignature: NuGetLogCode.NU3011,
invalidSignatureString: Strings.InvalidPrimarySignature,
chainBuildingFailed: NuGetLogCode.NU3018);
var signatureType = AttributeUtility.GetSignatureType(signerInfo.SignedAttributes);
SigningCertificateRequirement signingCertificateRequirement;
bool isIssuerSerialRequired;
switch (signatureType)
{
case SignatureType.Author:
case SignatureType.Repository:
signingCertificateRequirement = SigningCertificateRequirement.OnlyV2;
isIssuerSerialRequired = true;
break;
default:
signingCertificateRequirement = SigningCertificateRequirement.NoRequirement;
isIssuerSerialRequired = false;
break;
}
return(GetCertificates(
signedCms,
signerInfo,
signingCertificateRequirement,
isIssuerSerialRequired,
errors,
signingSpecifications,
includeChain));
}
public static PrimarySignature CreateSignature(SignedCms signedCms)
{
var signatureType = AttributeUtility.GetSignatureType(signedCms.SignerInfos[0].SignedAttributes);
switch (signatureType)
{
case SignatureType.Author:
return(new AuthorPrimarySignature(signedCms));
case SignatureType.Repository:
return(new RepositoryPrimarySignature(signedCms));
default:
return(new UnknownPrimarySignature(signedCms));
}
}
private static bool TryRemoveRepositoryCountersignatures(SignedCms signedCms, out SignedCms updatedSignedCms)
{
updatedSignedCms = null;
// SignerInfo.CouterSignerInfos returns a mutable copy of countersigners. This copy does not reflect
// the removal of countersigners via SignerInfo.RemoveCounterSignature(...).
// Also, SignerInfo.UnsignedAttributes is defined as an ASN.1 SET, which is an unordered collection.
// The underlying platform may reorder elements when modifying the collection, so obtaining updated
// indicies is necessary after removing an attribute.
var tempSignedCms = new SignedCms();
tempSignedCms = Reencode(signedCms);
while (true)
{
var repositoryCountersignatureFound = false;
var primarySigner = tempSignedCms.SignerInfos[0];
var countersigners = primarySigner.CounterSignerInfos;
for (var i = 0; i < countersigners.Count; ++i)
{
var countersigner = countersigners[i];
if (AttributeUtility.GetSignatureType(countersigner.SignedAttributes) == SignatureType.Repository)
{
repositoryCountersignatureFound = true;
primarySigner.RemoveCounterSignature(i);
// This is a workaround to SignerInfo.CounterSignerInfos not reflecting changes in the signed CMS.
tempSignedCms = Reencode(tempSignedCms);
updatedSignedCms = tempSignedCms;
// Indices of other countersignatures may have changed unexpectedly as a result
// of removing a countersignature.
break;
}
}
if (!repositoryCountersignatureFound)
{
break;
}
}
return(updatedSignedCms != null);
}
public static RepositoryCountersignature GetRepositoryCountersignature(PrimarySignature primarySignature)
{
if (primarySignature == null)
{
throw new ArgumentNullException(nameof(primarySignature));
}
if (primarySignature.Type == SignatureType.Repository)
{
throw new SignatureException(NuGetLogCode.NU3033, Strings.Error_RepositorySignatureShouldNotHaveARepositoryCountersignature);
}
var countersignatures = primarySignature.SignerInfo.CounterSignerInfos;
RepositoryCountersignature repositoryCountersignature = null;
// Only look for repository countersignatures.
foreach (var countersignature in countersignatures)
{
var countersignatureType = AttributeUtility.GetSignatureType(countersignature.SignedAttributes);
if (countersignatureType == SignatureType.Repository)
{
if (repositoryCountersignature != null)
{
throw new SignatureException(NuGetLogCode.NU3032, Strings.Error_NotOneRepositoryCounterSignature);
}
var v3ServiceIndexUrl = AttributeUtility.GetNuGetV3ServiceIndexUrl(countersignature.SignedAttributes);
var packageOwners = AttributeUtility.GetNuGetPackageOwners(countersignature.SignedAttributes);
repositoryCountersignature = new RepositoryCountersignature(
primarySignature,
countersignature,
v3ServiceIndexUrl,
packageOwners);
}
}
return(repositoryCountersignature);
}
