public async Task DotnetSign_SignPackageWithUnsuportedTimestampHashAlgorithm_FailsAsync()
{
// Arrange
using (SimpleTestPathContext pathContext = _msbuildFixture.CreateSimpleTestPathContext())
{
await SimpleTestPackageUtility.CreatePackagesAsync(
pathContext.PackageSource,
new SimpleTestPackageContext("PackageA", "1.0.0"));
string packageFilePath = Path.Combine(pathContext.PackageSource, "PackageA.1.0.0.nupkg");
byte[] originalFile = File.ReadAllBytes(packageFilePath);
ISigningTestServer testServer = await _signFixture.GetSigningTestServerAsync();
CertificateAuthority certificateAuthority = await _signFixture.GetDefaultTrustedCertificateAuthorityAsync();
var options = new TimestampServiceOptions()
{
SignatureHashAlgorithm = new Oid(Oids.Sha1)
};
TimestampService timestampService = TimestampService.Create(certificateAuthority, options);
IX509StoreCertificate storeCertificate = _signFixture.UntrustedSelfIssuedCertificateInCertificateStore;
using (testServer.RegisterResponder(timestampService))
{
// Act
CommandRunnerResult result = _msbuildFixture.RunDotnet(
pathContext.PackageSource,
$"nuget sign {packageFilePath} " +
$"--certificate-fingerprint {storeCertificate.Certificate.Thumbprint} " +
$"--timestamper {timestampService.Url}",
ignoreExitCode: true);
// Assert
result.Success.Should().BeFalse(because: result.AllOutput);
result.AllOutput.Should().Contain(_timestampUnsupportedDigestAlgorithmCode);
Assert.Contains("The timestamp signature has an unsupported digest algorithm (SHA1). The following algorithms are supported: SHA256, SHA384, SHA512.", result.AllOutput);
byte[] resultingFile = File.ReadAllBytes(packageFilePath);
Assert.Equal(resultingFile, originalFile);
}
}
}