private static async Task <MemoryStream> CreateSignedPackageAsync( X509Certificate2 certificate, Stream unsignedPackage = null) { if (unsignedPackage == null) { var packageContext = new SimpleTestPackageContext(); unsignedPackage = packageContext.CreateAsStream(); } var signatureProvider = new X509SignatureProvider(timestampProvider: null); var overwrite = true; using (var request = new AuthorSignPackageRequest(certificate, HashAlgorithmName.SHA256)) using (var outputPackageStream = new MemoryStream()) using (var options = new SigningOptions( new Lazy <Stream>(() => unsignedPackage), new Lazy <Stream>(() => outputPackageStream), overwrite, signatureProvider, NullLogger.Instance)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); var isSigned = await SignedArchiveTestUtility.IsSignedAsync(options.OutputPackageStream); Assert.True(isSigned); return(new MemoryStream(outputPackageStream.ToArray())); } }
public async Task SignAsync_WhenRepositoryCountersigningRepositorySignedPackage_ThrowsAsync() { using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert)) { await SigningUtility.SignAsync(test.Options, test.RepositoryRequest, CancellationToken.None); using (var package = new PackageArchiveReader(test.Options.OutputPackageStream)) { var primarySignature = await package.GetPrimarySignatureAsync(CancellationToken.None); Assert.IsType <RepositoryPrimarySignature>(primarySignature); } using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( test.OutputFile.FullName, test.GetNewTempFilePath(), overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3033, exception.Code); Assert.Contains("A repository primary signature must not have a repository countersignature", exception.Message); } } }
public async Task SignAsync_WhenRepositoryCountersigningPrimarySignature_SucceedsAsync() { using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert)) { await SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None); using (var package = new PackageArchiveReader(test.Options.OutputPackageStream)) { var primarySignature = await package.GetPrimarySignatureAsync(CancellationToken.None); Assert.IsType <AuthorPrimarySignature>(primarySignature); } using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( test.OutputFile.FullName, test.GetNewTempFilePath(), overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { await SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None); var isRepositoryCountersigned = await SignedArchiveTestUtility.IsRepositoryCountersignedAsync(countersignatureOptions.OutputPackageStream); Assert.True(isRepositoryCountersigned); } } }
public TransactionSignature Sign(Key key, SigningOptions signingOptions) { if (this.IsFinalized()) { return(null); } signingOptions ??= new SigningOptions(); CheckCompatibleSigHash(signingOptions.SigHash); if (PartialSigs.ContainsKey(key.PubKey)) { var signature = PartialSigs[key.PubKey]; if (signingOptions.SigHash != signature.SigHash) { throw new InvalidOperationException("A signature with a different sighash is already in the partial sigs"); } return(signature); } AssertSanity(); var coin = GetSignableCoin(); if (coin == null) { return(null); } var builder = Parent.CreateTransactionBuilder(); builder.AddCoins(coin); builder.AddKeys(key); if (builder.TrySignInput(Transaction, Index, signingOptions, out var signature2)) { this.PartialSigs.TryAdd(key.PubKey, signature2); } return(signature2); }
public void CreateFromFilePaths_WithValidInput_InitializesProperties() { using (var directory = TestDirectory.Create()) { var inputPackageFilePath = Path.Combine(directory, "a"); var outputPackageFilePath = Path.Combine(directory, "b"); var overwrite = false; var signatureProvider = Mock.Of <ISignatureProvider>(); var logger = Mock.Of <ILogger>(); File.WriteAllBytes(inputPackageFilePath, Array.Empty <byte>()); using (var options = SigningOptions.CreateFromFilePaths( inputPackageFilePath, outputPackageFilePath, overwrite, signatureProvider, logger)) { Assert.NotNull(options.InputPackageStream); Assert.NotNull(options.OutputPackageStream); Assert.Equal(overwrite, options.Overwrite); Assert.Same(signatureProvider, options.SignatureProvider); Assert.Same(logger, options.Logger); } } }
public async Task <bool> SignAsync(string packagePath, string outputPath, string timestampUrl, Uri v3ServiceIndex, IReadOnlyList <string> packageOwners, SignatureType signatureType, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm, bool overwrite, X509Certificate2 publicCertificate, System.Security.Cryptography.RSA rsa, CancellationToken cancellationToken = default) { var packagesToSign = LocalFolderUtility.ResolvePackageFromPath(packagePath); var signatureProvider = new KeyVaultSignatureProvider(rsa, new Rfc3161TimestampProvider(new Uri(timestampUrl))); SignPackageRequest request = null; if (signatureType == SignatureType.Author) { request = new AuthorSignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm); } else if (signatureType == SignatureType.Repository) { request = new RepositorySignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm, v3ServiceIndex, packageOwners); } else { throw new ArgumentOutOfRangeException(nameof(signatureType)); } string originalPackageCopyPath = null; foreach (var package in packagesToSign) { cancellationToken.ThrowIfCancellationRequested(); logger.LogInformation($"{nameof(SignAsync)} [{package}]: Begin Signing {Path.GetFileName(package)}"); try { originalPackageCopyPath = CopyPackage(package); using var options = SigningOptions.CreateFromFilePaths(originalPackageCopyPath, outputPath, overwrite, signatureProvider, new NuGetLogger(logger, package)); await SigningUtility.SignAsync(options, request, cancellationToken); } catch (Exception e) { logger.LogError(e, e.Message); return(false); } finally { try { FileUtility.Delete(originalPackageCopyPath); } catch { } logger.LogInformation($"{nameof(SignAsync)} [{package}]: End Signing {Path.GetFileName(package)}"); } } return(true); }
private SignTest(SignPackageRequest request, TestDirectory directory, SigningOptions options, TestLogger logger) { Request = request; Options = options; Logger = logger; _directory = directory; }
public TransactionSignature Sign(uint256 hash, SigningOptions signingOptions) { if (hash == null) { throw new ArgumentNullException(nameof(hash)); } AssertNotDisposed(); signingOptions ??= new SigningOptions(); return(new TransactionSignature(Sign(hash, signingOptions.EnforceLowR), signingOptions.SigHash)); }
public void CreateFromFilePaths_WhenLoggerIsNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => SigningOptions.CreateFromFilePaths( inputPackageFilePath: Path.Combine(Path.GetTempPath(), "a"), outputPackageFilePath: Path.Combine(Path.GetTempPath(), "b"), overwrite: true, signatureProvider: Mock.Of <ISignatureProvider>(), logger: null)); Assert.Equal("logger", exception.ParamName); }
public void CreateFromFilePaths_WhenInputPackageFilePathAndOutputPackageFilePathAreEquivalent_Throws() { var exception = Assert.Throws <ArgumentException>( () => SigningOptions.CreateFromFilePaths( inputPackageFilePath: Path.Combine(Path.GetTempPath(), "file"), outputPackageFilePath: Path.Combine(Path.GetTempPath(), "FILE"), overwrite: true, signatureProvider: Mock.Of <ISignatureProvider>(), logger: Mock.Of <ILogger>())); Assert.Equal("inputPackageFilePath and outputPackageFilePath should be different. Package signing cannot be done in place.", exception.Message); }
public void CreateFromFilePaths_WhenOutputPackageFilePathIsNullOrEmpty_Throws(string outputPackageFilePath) { var exception = Assert.Throws <ArgumentException>( () => SigningOptions.CreateFromFilePaths( inputPackageFilePath: "a", outputPackageFilePath: outputPackageFilePath, overwrite: true, signatureProvider: Mock.Of <ISignatureProvider>(), logger: Mock.Of <ILogger>())); Assert.Equal("outputPackageFilePath", exception.ParamName); }
public static async Task CreateSignedPackageAsync( SignPackageRequest request, Stream packageReadStream, Stream packageWriteStream) { using (var signedPackage = new SignedPackageArchive(packageReadStream, packageWriteStream)) using (var options = new SigningOptions( new Lazy <Stream>(() => packageReadStream), new Lazy <Stream>(() => packageWriteStream), overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } }
public void Constructor_WithValidInput_InitializesProperties() { var inputPackageStream = new Lazy <Stream>(() => Stream.Null); var outputPackageStream = new Lazy <Stream>(() => Stream.Null); var overwrite = true; var signatureProvider = Mock.Of <ISignatureProvider>(); var logger = Mock.Of <ILogger>(); using (var options = new SigningOptions(inputPackageStream, outputPackageStream, overwrite, signatureProvider, logger)) { Assert.Same(inputPackageStream.Value, options.InputPackageStream); Assert.Same(outputPackageStream.Value, options.OutputPackageStream); Assert.Equal(overwrite, options.Overwrite); Assert.Same(signatureProvider, options.SignatureProvider); Assert.Same(logger, options.Logger); } }
public void Dispose_DisposesStreams() { var inputPackageStream = new Lazy <Stream>(() => new MemoryStream()); var outputPackageStream = new Lazy <Stream>(() => new MemoryStream()); var overwrite = true; var signatureProvider = Mock.Of <ISignatureProvider>(); var logger = Mock.Of <ILogger>(); using (var options = new SigningOptions(inputPackageStream, outputPackageStream, overwrite, signatureProvider, logger)) { Assert.True(inputPackageStream.Value.CanWrite); Assert.True(outputPackageStream.Value.CanWrite); } Assert.False(inputPackageStream.Value.CanWrite); Assert.False(outputPackageStream.Value.CanWrite); }
private Test(X509Certificate2 certificate, TestDirectory dir, FileInfo package) { _authorCertificate = new X509Certificate2(certificate); _repositoryCertificate = new X509Certificate2(certificate); _directory = dir; var outputPath = GetNewTempFilePath(); OutputFile = new FileInfo(outputPath); var signatureProvider = new X509SignatureProvider(timestampProvider: null); AuthorRequest = new AuthorSignPackageRequest(_authorCertificate, HashAlgorithmName.SHA256); RepositoryRequest = new RepositorySignPackageRequest(_repositoryCertificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test/api/index.json"), packageOwners: null); var overwrite = true; Options = SigningOptions.CreateFromFilePaths(package.FullName, outputPath, overwrite, signatureProvider, NullLogger.Instance); }
public async Task SignAsync_WhenRepositoryCountersigningRepositoryCountersignedPackage_ThrowsAsync() { using (var test = await Test.CreateAsync(_testFixture.TrustedTestCertificate.Source.Cert)) { await SigningUtility.SignAsync(test.Options, test.AuthorRequest, CancellationToken.None); using (var package = new PackageArchiveReader(test.Options.OutputPackageStream)) { var isSigned = await SignedArchiveTestUtility.IsSignedAsync(test.Options.OutputPackageStream); Assert.True(isSigned); } var countersignedPackageOutputPath = test.GetNewTempFilePath(); using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( test.OutputFile.FullName, countersignedPackageOutputPath, overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { await SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None); var isRepositoryCountersigned = await SignedArchiveTestUtility.IsRepositoryCountersignedAsync(countersignatureOptions.OutputPackageStream); Assert.True(isRepositoryCountersigned); } using (var countersignatureOptions = SigningOptions.CreateFromFilePaths( countersignedPackageOutputPath, test.GetNewTempFilePath(), overwrite: false, signatureProvider: new X509SignatureProvider(timestampProvider: null), logger: NullLogger.Instance)) { var exception = await Assert.ThrowsAsync <SignatureException>( () => SigningUtility.SignAsync(countersignatureOptions, test.RepositoryRequest, CancellationToken.None)); Assert.Equal(NuGetLogCode.NU3032, exception.Code); Assert.Contains("The package already contains a repository countersignature", exception.Message); } } }
/// <summary> /// Sign and timestamp a package for test purposes. /// This method timestamps a package and should only be used with tests marked with [CIOnlyFact] /// </summary> private static async Task SignAndTimeStampPackageAsync( TestLogger testLogger, string inputPackagePath, string outputPackagePath, Uri timestampService, AuthorSignPackageRequest request) { var testSignatureProvider = new X509SignatureProvider(new Rfc3161TimestampProvider(timestampService)); var overwrite = false; using (var options = SigningOptions.CreateFromFilePaths( inputPackagePath, outputPackagePath, overwrite, testSignatureProvider, testLogger)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } }
/// <summary> /// Sign a package for test purposes. /// This does not timestamp a signature and can be used outside corp network. /// </summary> private static async Task SignPackageAsync(TestLogger testLogger, X509Certificate2 certificate, string inputPackagePath, string outputPackagePath) { #if IS_DESKTOP var testSignatureProvider = new X509SignatureProvider(timestampProvider: null); using (var cert = new X509Certificate2(certificate)) using (var request = new AuthorSignPackageRequest(cert, HashAlgorithmName.SHA256)) { const bool overwrite = false; using (var options = SigningOptions.CreateFromFilePaths( inputPackagePath, outputPackagePath, overwrite, testSignatureProvider, testLogger)) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } } #endif }
public async Task <bool> SignAsync(string packagePath, string outputPath, string timestampUrl, HashAlgorithmName signatureHashAlgorithm, HashAlgorithmName timestampHashAlgorithm, bool overwrite, X509Certificate2 publicCertificate, System.Security.Cryptography.RSA rsa) { var fileName = Path.GetFileName(packagePath); logger.LogInformation($"{nameof(SignAsync)} [{fileName}]: Begin Signing {packagePath}"); var signatureProvider = new KeyVaultSignatureProvider(rsa, new Rfc3161TimestampProvider(new Uri(timestampUrl))); var request = new AuthorSignPackageRequest(publicCertificate, signatureHashAlgorithm, timestampHashAlgorithm); string originalPackageCopyPath = null; try { originalPackageCopyPath = CopyPackage(packagePath); using (var options = SigningOptions.CreateFromFilePaths(originalPackageCopyPath, outputPath, overwrite, signatureProvider, new NuGetLogger(logger, fileName))) { await SigningUtility.SignAsync(options, request, CancellationToken.None); } } catch (Exception e) { logger.LogError(e, e.Message); return(false); } finally { try { FileUtility.Delete(originalPackageCopyPath); } catch { } logger.LogInformation($"{nameof(SignAsync)} [{fileName}]: End Signing {packagePath}"); } return(true); }
internal static SignTest Create( X509Certificate2 certificate, HashAlgorithmName hashAlgorithm, byte[] package = null, ISignatureProvider signatureProvider = null) { var directory = TestDirectory.Create(); var signedPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); var outputPackageFile = new FileInfo(Path.Combine(directory, Guid.NewGuid().ToString())); if (package == null) { File.WriteAllBytes(signedPackageFile.FullName, Array.Empty <byte>()); } else { using (var fileStream = signedPackageFile.Create()) { fileStream.Write(package, 0, package.Length); } } signatureProvider = signatureProvider ?? Mock.Of <ISignatureProvider>(); var logger = new TestLogger(); var request = new AuthorSignPackageRequest(certificate, hashAlgorithm); var overwrite = false; var options = SigningOptions.CreateFromFilePaths( signedPackageFile.FullName, outputPackageFile.FullName, overwrite, signatureProvider, logger); return(new SignTest( request, directory, options, logger)); }
internal Test(X509Certificate2 certificate) { _directory = TestDirectory.Create(); _authorCertificate = new X509Certificate2(certificate); _repositoryCertificate = new X509Certificate2(certificate); var outputPath = GetNewTempFilePath(); OutputFile = new FileInfo(outputPath); var packageContext = new SimpleTestPackageContext(); var packageFileName = Guid.NewGuid().ToString(); var package = packageContext.CreateAsFile(_directory, packageFileName); var signatureProvider = new X509SignatureProvider(timestampProvider: null); AuthorRequest = new AuthorSignPackageRequest(_authorCertificate, HashAlgorithmName.SHA256); RepositoryRequest = new RepositorySignPackageRequest(_repositoryCertificate, HashAlgorithmName.SHA256, HashAlgorithmName.SHA256, new Uri("https://test/api/index.json"), packageOwners: null); var overwrite = true; Options = SigningOptions.CreateFromFilePaths(package.FullName, outputPath, overwrite, signatureProvider, NullLogger.Instance); }
public void TrySign(IHDScriptPubKey accountHDScriptPubKey, IHDKey accountKey, RootedKeyPath accountKeyPath, SigningOptions signingOptions) { if (accountKey == null) { throw new ArgumentNullException(nameof(accountKey)); } if (accountHDScriptPubKey == null) { throw new ArgumentNullException(nameof(accountHDScriptPubKey)); } if (IsFinalized()) { return; } var cache = accountKey.AsHDKeyCache(); accountHDScriptPubKey = accountHDScriptPubKey.AsHDKeyCache(); foreach (var hdk in this.HDKeysFor(accountHDScriptPubKey, cache, accountKeyPath)) { if (((HDKeyCache)cache.Derive(hdk.AddressKeyPath)).Inner is ISecret k) { Sign(k.PrivateKey, signingOptions); } else { throw new ArgumentException(paramName: nameof(accountKey), message: "This should be a private key"); } } }
private static void ConfigureTokenValidationParameters(TokenValidationParameters validationParameters, JwtBearerTokenOptions tokenOptions, SigningOptions signingOptions) { validationParameters.IssuerSigningKey = signingOptions.SecurityKey; validationParameters.ValidAudience = tokenOptions.Audience; validationParameters.ValidIssuer = tokenOptions.Issuer; validationParameters.ValidateIssuerSigningKey = true; validationParameters.ValidateLifetime = true; validationParameters.ClockSkew = TimeSpan.Zero; }
/// <summary> Constructor. </summary> /// <param name="options"> The settings service. </param> /// <param name="dataService"> The data service. </param> public SigningCredentialStore(SigningOptions options, IIdentityServerDataService dataService) { _signingOptions = options; _dataService = dataService; }
public async Task <int> ExecuteCommandAsync( IEnumerable <string> packagesToSign, SignPackageRequest signPackageRequest, string timestamper, ILogger logger, string outputDirectory, bool overwrite, CancellationToken token) { var success = true; try { SigningUtility.Verify(signPackageRequest, logger); } catch (Exception e) { success = false; ExceptionUtilities.LogException(e, logger); } if (success) { var signatureProvider = GetSignatureProvider(timestamper); foreach (var packagePath in packagesToSign) { // Set the output of the signing operation to a temp file because signing cannot be done in place. var tempPackageFile = new FileInfo(Path.GetTempFileName()); try { string outputPath; if (string.IsNullOrEmpty(outputDirectory)) { outputPath = packagePath; } else { outputPath = Path.Combine(outputDirectory, Path.GetFileName(packagePath)); } using (var options = SigningOptions.CreateFromFilePaths( packagePath, tempPackageFile.FullName, overwrite, signatureProvider, logger)) { await SigningUtility.SignAsync(options, signPackageRequest, token); } if (tempPackageFile.Length > 0) { FileUtility.Replace(tempPackageFile.FullName, outputPath); } else { throw new SignatureException(Strings.Error_UnableToSignPackage); } } catch (Exception e) { success = false; ExceptionUtilities.LogException(e, logger); } finally { FileUtility.Delete(tempPackageFile.FullName); } } } if (success) { logger.LogInformation(Strings.SignCommandSuccess); } return(success ? 0 : 1); }
public IdServerOptions() { Signing = new SigningOptions(); }
public JwtBearerGenerator(IOptions <JwtBearerTokenOptions> jwtBearerTokenOptions, IOptions <SigningOptions> signingOptions) { _jwtBearerTokenOptions = jwtBearerTokenOptions.Value; _signingOptions = signingOptions.Value; }