public void VerifyCommand_VerifySignedPackageSucceeds()
{
// Arrange
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
var signResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {_trustedTestCert.Source.Cert.Thumbprint} -CertificateStoreName {_trustedTestCert.StoreName} -CertificateStoreLocation {_trustedTestCert.StoreLocation}",
waitForExit: true);
signResult.Success.Should().BeTrue();
// Act
var verifyResult = CommandRunner.Run(
_nugetExePath,
dir,
$"verify {packagePath} -Signatures",
waitForExit: true);
// Assert
verifyResult.Success.Should().BeTrue();
verifyResult.AllOutput.Should().Contain(_noTimestamperWarningCode);
}
}
public void SignCommand_SignPackageWithInvalidEkuFails()
{
// Arrange
var invalidEkuCert = _testFixture.TrustedTestCertificateWithInvalidEku;
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
// Act
var result = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {invalidEkuCert.Source.Cert.Thumbprint} -CertificateStoreName {invalidEkuCert.StoreName} -CertificateStoreLocation {invalidEkuCert.StoreLocation}",
waitForExit: true);
// Assert
result.Success.Should().BeFalse();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
result.AllOutput.Should().Contain(_chainBuildFailureErrorCode);
result.AllOutput.Should().Contain("The certificate is not valid for the requested usage");
}
}
public void SignCommand_ResignPackageWithoutOverwriteFails()
{
// Arrange
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
var firstResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {_trustedTestCert.Source.Cert.Thumbprint} -CertificateStoreName {_trustedTestCert.StoreName} -CertificateStoreLocation {_trustedTestCert.StoreLocation}",
waitForExit: true);
// Act
var secondResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {_trustedTestCert.Source.Cert.Thumbprint} -CertificateStoreName {_trustedTestCert.StoreName} -CertificateStoreLocation {_trustedTestCert.StoreLocation}",
waitForExit: true);
// Assert
firstResult.Success.Should().BeTrue();
firstResult.AllOutput.Should().Contain(_noTimestamperWarningCode);
secondResult.Success.Should().BeFalse();
secondResult.Errors.Should().Contain(_packageAlreadySignedError);
}
}
public void SignCommand_SignPackageWithOutputDirectory()
{
// Arrange
using (var dir = TestDirectory.Create())
using (var outputDir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packageFileName = Guid.NewGuid().ToString();
var packagePath = Path.Combine(dir, packageFileName);
var signedPackagePath = Path.Combine(outputDir, packageFileName);
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
// Act
var result = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {_trustedTestCert.Source.Cert.Thumbprint} -CertificateStoreName {_trustedTestCert.StoreName} -CertificateStoreLocation {_trustedTestCert.StoreLocation} -OutputDirectory {outputDir}",
waitForExit: true);
// Assert
result.Success.Should().BeTrue();
result.AllOutput.Should().Contain(_noTimestamperWarningCode);
File.Exists(signedPackagePath).Should().BeTrue();
}
}
public async Task SignCommand_SignPackageWithTimestamping()
{
// Arrange
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
// Act
var result = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {_trustedTestCert.Source.Cert.Thumbprint} -CertificateStoreName {_trustedTestCert.StoreName} -CertificateStoreLocation {_trustedTestCert.StoreLocation} -Timestamper {timestampService.Url.OriginalString}",
waitForExit: true);
// Assert
result.Success.Should().BeTrue();
result.AllOutput.Should().NotContain(_noTimestamperWarningCode);
}
}
public void SignCommand_SignPackageWithPfxFileWithNonInteractiveAndStdInPasswordFails()
{
// Arrange
var testLogger = new TestLogger();
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
var pfxPath = Path.Combine(dir, Guid.NewGuid().ToString());
var password = Guid.NewGuid().ToString();
var pfxBytes = _trustedTestCert.Source.Cert.Export(X509ContentType.Pfx, password);
using (var fileStream = File.OpenWrite(pfxPath))
using (var pfxStream = new MemoryStream(pfxBytes))
{
pfxStream.CopyTo(fileStream);
}
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
// Act
var firstResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificatePath {pfxPath} -NonInteractive",
waitForExit: true,
inputAction: (w) =>
{
w.WriteLine(Guid.NewGuid().ToString());
});
// Assert
firstResult.Success.Should().BeFalse();
firstResult.AllOutput.Should().Contain(string.Format(_invalidPasswordErrorCode, pfxPath));
}
}
public void VerifyCommand_VerifyOnPackageSignedWithAllowedCertificateSucceeds()
{
// Arrange
var cert = _testFixture.TrustedTestCertificateChain.Leaf;
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
var signResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificateFingerprint {cert.Source.Cert.Thumbprint} -CertificateStoreName {cert.StoreName} -CertificateStoreLocation {cert.StoreLocation}",
waitForExit: true);
signResult.Success.Should().BeTrue();
var certificateFingerprint = CertificateUtility.GetHash(cert.Source.Cert, HashAlgorithmName.SHA256);
var certificateFingerprintString = BitConverter.ToString(certificateFingerprint).Replace("-", "");
// Act
var verifyResult = CommandRunner.Run(
_nugetExePath,
dir,
$"verify {packagePath} -Signatures -CertificateFingerprint {certificateFingerprintString};abc;def",
waitForExit: true);
// Assert
verifyResult.Success.Should().BeTrue();
verifyResult.AllOutput.Should().Contain(_noTimestamperWarningCode);
}
}
public void SignCommand_SignPackageWithPfxFileSuccess()
{
// Arrange
var testLogger = new TestLogger();
using (var dir = TestDirectory.Create())
using (var zipStream = new SimpleTestPackageContext().CreateAsStream())
{
var packagePath = Path.Combine(dir, Guid.NewGuid().ToString());
var pfxPath = Path.Combine(dir, Guid.NewGuid().ToString());
var password = Guid.NewGuid().ToString();
var pfxBytes = _trustedTestCert.Source.Cert.Export(X509ContentType.Pfx, password);
using (var fileStream = File.OpenWrite(pfxPath))
using (var pfxStream = new MemoryStream(pfxBytes))
{
pfxStream.CopyTo(fileStream);
}
zipStream.Seek(offset: 0, loc: SeekOrigin.Begin);
using (var fileStream = File.OpenWrite(packagePath))
{
zipStream.CopyTo(fileStream);
}
// Act
var firstResult = CommandRunner.Run(
_nugetExePath,
dir,
$"sign {packagePath} -CertificatePath {pfxPath} -CertificatePassword {password}",
waitForExit: true);
// Assert
firstResult.Success.Should().BeTrue();
firstResult.AllOutput.Should().Contain(_noTimestamperWarningCode);
}
}