public async Task GetCertificateChain_WithUnknownSignature_ReturnsCertificatesAsync() { using (var directory = TestDirectory.Create()) using (var certificate = _fixture.GetDefaultCertificate()) { var packageContext = new SimpleTestPackageContext(); var unsignedPackageFile = await packageContext.CreateAsFileAsync(directory, "Package.nupkg"); var signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync( directory, unsignedPackageFile, certificate); using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName)) { var signature = await packageReader.GetPrimarySignatureAsync(CancellationToken.None); using (var certificates = SignatureUtility.GetCertificateChain(signature)) { Assert.Equal(1, certificates.Count); Assert.Equal(certificate.RawData, certificates[0].RawData); } } } }
public async Task MSSignCommand_ResignPackageWithOverwriteSuccessAsync() { var package = new SimpleTestPackageContext(); // Arrange using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert)) { var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString()); var command = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}"; var commandWithOverwrite = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -Overwrite"; var result = CommandRunner.Run( _nugetExePath, test.Directory, command, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); result = CommandRunner.Run( _nugetExePath, test.Directory, commandWithOverwrite, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); } }
public async Task MSSignCommand_ResignPackageWithoutOverwriteFailsAsync() { var package = new SimpleTestPackageContext(); // Arrange using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert)) { var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString()); var command = $"mssign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}"; var result = CommandRunner.Run( _nugetExePath, test.Directory, command, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); result = CommandRunner.Run( _nugetExePath, test.Directory, command, waitForExit: true); result.Success.Should().BeFalse(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); result.Errors.Should().Contain("NU3001: The package already contains a signature. Please remove the existing signature before adding a new signature."); } }
public async Task ReposignCommand_Countersign_AuthorSignedPackage_WithTimestampAsync() { var package = new SimpleTestPackageContext(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); // Arrange using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert)) { var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString()); var authorSignCommand = $"mssign {unsignedPackageFile} -Timestamper {timestampService.Url} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint}"; var repoSignCommand = $"reposign {unsignedPackageFile} -Timestamper {timestampService.Url} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -V3ServiceIndexUrl https://v3serviceIndex.test/api/index.json"; var result = CommandRunner.Run( _nugetExePath, test.Directory, authorSignCommand, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().NotContain(_noTimestamperWarningCode); result = CommandRunner.Run( _nugetExePath, test.Directory, repoSignCommand, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().NotContain(_noTimestamperWarningCode); } }
public async Task ReposignCommand_Countersign_RepositorySignedPackage_FailAsync() { var package = new SimpleTestPackageContext(); // Arrange using (var test = new MSSignCommandTestContext(_trustedTestCertWithPrivateKey.TrustedCert)) { var unsignedPackageFile = await package.CreateAsFileAsync(test.Directory, Guid.NewGuid().ToString()); var command = $"reposign {unsignedPackageFile} -CertificateFile {test.CertificatePath} -CSPName \"{test.CertificateCSPName}\" -KeyContainer \"{test.CertificateKeyContainer}\" -CertificateFingerprint {test.Cert.Thumbprint} -V3ServiceIndexUrl https://v3serviceIndex.test/api/index.json"; var result = CommandRunner.Run( _nugetExePath, test.Directory, command, waitForExit: true); result.Success.Should().BeTrue(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); result = CommandRunner.Run( _nugetExePath, test.Directory, command, waitForExit: true); result.Success.Should().BeFalse(); result.AllOutput.Should().Contain(_noTimestamperWarningCode); result.Errors.Should().Contain("NU3033: A repository primary signature must not have a repository countersignature."); } }
internal static async Task <Test> CreateAsync(X509Certificate2 certificate) { var dir = TestDirectory.Create(); var packageContext = new SimpleTestPackageContext(); var packageFileName = Guid.NewGuid().ToString(); var package = await packageContext.CreateAsFileAsync(dir, packageFileName); return(new Test(certificate, dir, package)); }
public async Task VerifySignaturesAsync_WithBasicSignedCms_SucceedsAsync() { var settings = new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: true, allowNoTimestamp: true, allowUnknownRevocation: false, reportUnknownRevocation: true, verificationTarget: VerificationTarget.All, signaturePlacement: SignaturePlacement.Any, repositoryCountersignatureVerificationBehavior: SignatureVerificationBehavior.IfExistsAndIsNecessary, revocationMode: RevocationMode.Online); using (TestDirectory directory = TestDirectory.Create()) using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var packageContext = new SimpleTestPackageContext(); FileInfo unsignedPackageFile = await packageContext.CreateAsFileAsync(directory, "Package.nupkg"); FileInfo signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync( directory, unsignedPackageFile, certificate); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName)) { VerifySignaturesResult result = await verifier.VerifySignaturesAsync(packageReader, settings, CancellationToken.None); IEnumerable <PackageVerificationResult> resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); IEnumerable <ILogMessage> totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); Assert.Equal(1, result.Results.Count); var signedPackageVerificationResult = (SignedPackageVerificationResult)result.Results[0]; SignerInfo signer = signedPackageVerificationResult.Signature.SignedCms.SignerInfos[0]; Assert.Equal(0, signer.SignedAttributes.Count); Assert.Equal(0, signer.UnsignedAttributes.Count); Assert.Equal(0, resultsWithErrors.Count()); Assert.Equal(0, totalErrorIssues.Count()); } } }
public async Task VerifySignaturesAsync_WithBasicSignedCms_SucceedsAsync() { var settings = new SignedPackageVerifierSettings( allowUnsigned: false, allowIllegal: false, allowUntrusted: false, allowIgnoreTimestamp: false, allowMultipleTimestamps: true, allowNoTimestamp: true, allowUnknownRevocation: false, allowNoClientCertificateList: true, allowNoRepositoryCertificateList: true, alwaysVerifyCountersignature: false); using (var directory = TestDirectory.Create()) using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var packageContext = new SimpleTestPackageContext(); var unsignedPackageFile = await packageContext.CreateAsFileAsync(directory, "Package.nupkg"); var signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync( directory, unsignedPackageFile, certificate); var verifier = new PackageSignatureVerifier(_trustProviders); using (var packageReader = new PackageArchiveReader(signedPackageFile.FullName)) { var result = await verifier.VerifySignaturesAsync(packageReader, settings, CancellationToken.None); var resultsWithErrors = result.Results.Where(r => r.GetErrorIssues().Any()); var totalErrorIssues = resultsWithErrors.SelectMany(r => r.GetErrorIssues()); Assert.Equal(1, result.Results.Count); var signedPackageVerificationResult = (SignedPackageVerificationResult)result.Results[0]; var signer = signedPackageVerificationResult.Signature.SignedCms.SignerInfos[0]; Assert.Equal(0, signer.SignedAttributes.Count); Assert.Equal(0, signer.UnsignedAttributes.Count); Assert.Equal(0, resultsWithErrors.Count()); Assert.Equal(0, totalErrorIssues.Count()); } } }
internal static async Task <VerifyTest> CreateAsync(SignatureVerifySettings settings, X509Certificate2 certificate) { using (var certificateClone = new X509Certificate2(certificate)) { var directory = TestDirectory.Create(); var packageContext = new SimpleTestPackageContext(); var unsignedPackageFile = await packageContext.CreateAsFileAsync(directory, "package.nupkg"); var signedPackageFile = await SignedArchiveTestUtility.SignPackageFileWithBasicSignedCmsAsync( directory, unsignedPackageFile, certificateClone); var package = new SignedPackageArchive(signedPackageFile.OpenRead(), new MemoryStream()); var primarySignature = await package.GetPrimarySignatureAsync(CancellationToken.None); return(new VerifyTest(directory, package, primarySignature, settings)); } }
public async Task SignCommand_SignPackageWithUntrustedSelfIssuedCertificateInCertificateStoreAsync() { using (var directory = TestDirectory.Create()) { var packageContext = new SimpleTestPackageContext(); var packageFile = await packageContext.CreateAsFileAsync(directory, fileName : Guid.NewGuid().ToString()); using (var certificate = _testFixture.UntrustedSelfIssuedCertificateInCertificateStore) { var result = CommandRunner.Run( _nugetExePath, directory, $"sign {packageFile.FullName} -CertificateFingerprint {certificate.Thumbprint}", waitForExit: true); Assert.True(result.Success); Assert.Contains(_noTimestamperWarningCode, result.AllOutput); } } }
public async Task SignCommand_SignPackageWithUnsuportedTimestampHashAlgorithm_ShouldNotModifyPackageAsync() { var testServer = await _testFixture.GetSigningTestServerAsync(); var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync(); var options = new TimestampServiceOptions() { SignatureHashAlgorithm = new Oid(Oids.Sha1) }; var timestampService = TimestampService.Create(certificateAuthority, options); using (testServer.RegisterResponder(timestampService)) using (var directory = TestDirectory.Create()) { var packageContext = new SimpleTestPackageContext(); var packageFile = await packageContext.CreateAsFileAsync(directory, fileName : Guid.NewGuid().ToString()); var originalFile = File.ReadAllBytes(packageFile.FullName); using (var certificate = _testFixture.UntrustedSelfIssuedCertificateInCertificateStore) { var result = CommandRunner.Run( _nugetExePath, directory, $"sign {packageFile.FullName} -CertificateFingerprint {certificate.Thumbprint} -Timestamper {timestampService.Url}", waitForExit: true); Assert.False(result.Success); Assert.Contains(_timestampUnsupportedHashAlgorithmCode, result.AllOutput); Assert.Contains("The timestamp response has an unsupported digest algorithm (SHA1). The following algorithms are supported: SHA256, SHA384, SHA512.", result.AllOutput); var resultingFile = File.ReadAllBytes(packageFile.FullName); Assert.Equal(resultingFile, originalFile); } } }