Merge branch 'dev' into loshar-revalidate-startup

NuGet · Apr 16, 2018 · 57ded38 · 57ded38
2 parents 5e75c48 + c67227e
commit 57ded38
Show file tree

Hide file tree

Showing 24 changed files with 947 additions and 259 deletions.
diff --git a/src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj b/src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj
@@ -107,7 +107,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="NuGet.Services.Validation.Issues">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
   </ItemGroup>
   <ItemGroup>

diff --git a/...alidation.Orchestrator/PackageSigning/ValidateCertificate/PackageCertificatesValidator.cs b/...alidation.Orchestrator/PackageSigning/ValidateCertificate/PackageCertificatesValidator.cs
@@ -236,6 +236,7 @@ private Task<PackageSignature> FindSignatureAsync(IValidationRequest request)
                         .PackageSignatures
                         .Include(s => s.EndCertificate)
                         .Include(s => s.TrustedTimestamps.Select(t => t.EndCertificate))
+                        .Where(s => s.Type == PackageSignatureType.Author)
                         .SingleAsync(s => s.PackageKey == request.PackageKey);
         }
 

diff --git a/src/Validation.Common.Job/Storage/ValidatorStateService.cs b/src/Validation.Common.Job/Storage/ValidatorStateService.cs
@@ -9,7 +9,6 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using NuGet.Services.Validation;
-using NuGet.Services.Validation.Orchestrator;
 
 namespace NuGet.Jobs.Validation.PackageSigning.Storage
 {
@@ -21,20 +20,11 @@ public class ValidatorStateService : IValidatorStateService
 
         public ValidatorStateService(
             IValidationEntitiesContext validationContext,
-            IValidatorProvider validatorProvider,
             string validatorName,
             ILogger<ValidatorStateService> logger)
         {
             _validationContext = validationContext ?? throw new ArgumentNullException(nameof(validationContext));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
-            if (validatorProvider == null)
-            {
-                throw new ArgumentNullException(nameof(validatorProvider));
-            }
-            if (!validatorProvider.IsValidator(validatorName))
-            {
-                throw new ArgumentException($"\"{validatorName}\" is not a proper validator alias.", nameof(validatorName));
-            }
             _validatorName = validatorName ?? throw new ArgumentNullException(nameof(validatorName));
         }
 

diff --git a/src/Validation.Common.Job/Validation.Common.Job.csproj b/src/Validation.Common.Job/Validation.Common.Job.csproj
@@ -88,19 +88,19 @@
       <Version>1.1.2</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Packaging">
-      <Version>4.7.0-preview1.5029</Version>
+      <Version>4.7.0-preview4.5067</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Configuration">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Logging">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Storage">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Validation">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGetGallery.Core">
       <Version>4.4.4-dev-26726</Version>

diff --git a/src/Validation.Common.Job/Validation.Common.Job.nuspec b/src/Validation.Common.Job/Validation.Common.Job.nuspec
@@ -15,11 +15,11 @@
         <dependency id="Microsoft.ApplicationInsights" version="2.2.0" />
         <dependency id="Microsoft.Extensions.DependencyInjection" version="1.1.1" />
         <dependency id="Microsoft.Extensions.Options.ConfigurationExtensions" version="1.1.2" />
-        <dependency id="NuGet.Packaging" version="4.7.0-preview1.5029" />
-        <dependency id="NuGet.Services.Configuration" version="2.22.0" />
-        <dependency id="NuGet.Services.Logging" version="2.22.0" />
-        <dependency id="NuGet.Services.Storage" version="2.22.0" />
-        <dependency id="NuGet.Services.Validation" version="2.22.0" />
+        <dependency id="NuGet.Packaging" version="4.7.0-preview4.5067" />
+        <dependency id="NuGet.Services.Configuration" version="2.23.0" />
+        <dependency id="NuGet.Services.Logging" version="2.23.0" />
+        <dependency id="NuGet.Services.Storage" version="2.23.0" />
+        <dependency id="NuGet.Services.Validation" version="2.23.0" />
         <dependency id="NuGetGallery.Core" version="4.4.4-dev-26726" />
         <dependency id="Serilog" version="2.5.0" />
         <dependency id="System.Net.Http" version="4.3.3" />

diff --git a/src/Validation.Common/Validators/Vcs/VcsCallbackServer.cs b/src/Validation.Common/Validators/Vcs/VcsCallbackServer.cs
@@ -74,6 +74,10 @@ public VcsCallbackServerStartup()
 
         public void Configuration(IAppBuilder app)
         {
+            // Ensure that SSLv3 is disabled and that Tls v1.2 is enabled.
+            ServicePointManager.SecurityProtocol &= ~SecurityProtocolType.Ssl3;
+            ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;
+
             if (Services.Logging.ApplicationInsights.Initialized)
             {
                 app.Use<RequestTrackingMiddleware>();

diff --git a/src/Validation.PackageSigning.ProcessSignature/Job.cs b/src/Validation.PackageSigning.ProcessSignature/Job.cs
@@ -78,10 +78,6 @@ protected override void ConfigureAutofacServices(ContainerBuilder containerBuild
                     (pi, ctx) => ValidatorName.PackageSigning)
                 .As<IValidatorStateService>();
 
-            containerBuilder
-                .RegisterType<PackageSigningStateService>()
-                .As<IPackageSigningStateService>();
-
             containerBuilder
                 .RegisterType<ScopedMessageHandler<SignatureValidationMessage>>()
                 .Keyed<IMessageHandler<SignatureValidationMessage>>(validateSignatureBindingKey);

diff --git a/src/Validation.PackageSigning.ProcessSignature/MinimalSignatureVerificationProvider.cs b/src/Validation.PackageSigning.ProcessSignature/MinimalSignatureVerificationProvider.cs
@@ -21,7 +21,7 @@ public Task<PackageVerificationResult> GetTrustResultAsync(
             CancellationToken token)
         {
             var result = new SignedPackageVerificationResult(
-                SignatureVerificationStatus.Trusted,
+                SignatureVerificationStatus.Valid,
                 signature,
                 Enumerable.Empty<SignatureLog>());
 

diff --git a/src/Validation.PackageSigning.ProcessSignature/PackageSignatureVerifierFactory.cs b/src/Validation.PackageSigning.ProcessSignature/PackageSignatureVerifierFactory.cs
@@ -23,6 +23,7 @@ public static IPackageSignatureVerifier CreateMinimal()
 
             var settings = new SignedPackageVerifierSettings(
                 allowUnsigned: true,
+                allowIllegal: false,
                 allowUntrusted: false, // Invalid format of the signature uses this flag to determine success.
                 allowUntrustedSelfIssuedCertificate: true,
                 allowIgnoreTimestamp: true,
@@ -48,6 +49,7 @@ public static IPackageSignatureVerifier CreateFull()
 
             var settings = new SignedPackageVerifierSettings(
                 allowUnsigned: false,
+                allowIllegal: false,
                 allowUntrusted: false,
                 allowUntrustedSelfIssuedCertificate: false,
                 allowIgnoreTimestamp: false,