NuGet
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/Job.cs‎
Lines changed: 20 additions & 12 deletions b/‎src/NuGet.Services.Validation.Orchestrator/Job.cs‎
Lines changed: 20 additions & 12 deletions
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj‎
Lines changed: 3 additions & 1 deletion b/‎src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎…cessSignature/PackageSigningValidator.cs‎ ‎…ocessSignature/BaseSignatureProcessor.cs‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSigningValidator.cs renamed to src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/BaseSignatureProcessor.cs
Lines changed: 16 additions & 17 deletions b/‎…cessSignature/PackageSigningValidator.cs‎ ‎…ocessSignature/BaseSignatureProcessor.cs‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSigningValidator.cs renamed to src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/BaseSignatureProcessor.cs
Lines changed: 16 additions & 17 deletions
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/IProcessSignatureEnqueuer.cs‎
Lines changed: 11 additions & 5 deletions b/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/IProcessSignatureEnqueuer.cs‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureProcessor.cs‎
Lines changed: 47 additions & 0 deletions b/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureProcessor.cs‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureValidator.cs‎
Lines changed: 95 additions & 0 deletions b/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureValidator.cs‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/ProcessSignatureConfiguration.cs‎
Lines changed: 1 addition & 1 deletion b/‎src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/ProcessSignatureConfiguration.cs‎
Lines changed: 1 addition & 1 deletion
@@ -57,7 +57,7 @@ public class Job : JobBase
 
         private const string VcsBindingKey = VcsSectionName;
         private const string PackageVerificationTopicClientBindingKey = "PackageVerificationTopicClient";
-        private const string PackageSigningBindingKey = PackageSigningSectionName;
+        private const string PackageSignatureBindingKey = PackageSigningSectionName;
         private const string PackageCertificatesBindingKey = PackageCertificatesSectionName;
         private const string ValidationStorageBindingKey = "ValidationStorage";
         private const string OrchestratorBindingKey = "Orchestrator";
@@ -206,7 +206,8 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
             services.AddTransient<IBrokeredMessageSerializer<CertificateValidationMessage>, CertificateValidationMessageSerializer>();
             services.AddTransient<IValidatorStateService, ValidatorStateService>();
             services.AddTransient<ISimpleCloudBlobProvider, SimpleCloudBlobProvider>();
-            services.AddTransient<PackageSigningValidator>();
+            services.AddTransient<PackageSignatureProcessor>();
+            services.AddTransient<PackageSignatureValidator>();
             services.AddTransient<MailSenderConfiguration>(serviceProvider =>
             {
                 var smtpConfigurationAccessor = serviceProvider.GetRequiredService<IOptionsSnapshot<SmtpConfiguration>>();
@@ -326,21 +327,21 @@ private static IServiceProvider CreateProvider(IServiceCollection services)
                     IMessageHandler<PackageValidationMessageData>>(
                         OrchestratorBindingKey);
 
-            ConfigurePackageSigningValidator(containerBuilder);
+            ConfigurePackageSigningValidators(containerBuilder);
             ConfigurePackageCertificatesValidator(containerBuilder);
 
             return new AutofacServiceProvider(containerBuilder.Build());
         }
 
-        private static void ConfigurePackageSigningValidator(ContainerBuilder builder)
+        private static void ConfigurePackageSigningValidators(ContainerBuilder builder)
         {
             // Configure the validator state service for the package certificates validator.
             builder
                 .RegisterType<ValidatorStateService>()
                 .WithParameter(
                     (pi, ctx) => pi.ParameterType == typeof(string),
-                    (pi, ctx) => ValidatorName.PackageSigning)
-                .Keyed<IValidatorStateService>(PackageSigningBindingKey);
+                    (pi, ctx) => ValidatorName.PackageSignatureProcessor)
+                .Keyed<IValidatorStateService>(PackageSignatureBindingKey);
 
             // Configure the package signature verification enqueuer.
             builder
@@ -350,18 +351,25 @@ private static void ConfigurePackageSigningValidator(ContainerBuilder builder)
 
                     return new TopicClientWrapper(configuration.ConnectionString, configuration.TopicPath);
                 })
-                .Keyed<ITopicClient>(PackageSigningBindingKey);
+                .Keyed<ITopicClient>(PackageSignatureBindingKey);
 
             builder
                 .RegisterType<ProcessSignatureEnqueuer>()
-                .WithKeyedParameter(typeof(ITopicClient), PackageSigningBindingKey)
+                .WithKeyedParameter(typeof(ITopicClient), PackageSignatureBindingKey)
                 .As<IProcessSignatureEnqueuer>();
 
-            // Configure the package signing validator.
+            // Configure the package signature validators. The processor runs before packages are
+            // repository signed and can strip unacceptable repository signatures. The validator
+            // runs after packages are repository signed.
             builder
-                .RegisterType<PackageSigningValidator>()
-                .WithKeyedParameter(typeof(IValidatorStateService), PackageSigningBindingKey)
-                .As<PackageSigningValidator>();
+                .RegisterType<PackageSignatureProcessor>()
+                .WithKeyedParameter(typeof(IValidatorStateService), PackageSignatureBindingKey)
+                .As<PackageSignatureProcessor>();
+
+            builder
+                .RegisterType<PackageSignatureValidator>()
+                .WithKeyedParameter(typeof(IValidatorStateService), PackageSignatureBindingKey)
+                .As<PackageSignatureValidator>();
         }
 
         private static void ConfigurePackageCertificatesValidator(ContainerBuilder builder)
 
@@ -62,14 +62,16 @@
     <Compile Include="MessageService.cs" />
     <Compile Include="OrchestrationRunner.cs" />
     <Compile Include="Configuration\OrchestrationRunnerConfiguration.cs" />
+    <Compile Include="PackageSigning\ProcessSignature\BaseSignatureProcessor.cs" />
     <Compile Include="PackageSigning\ProcessSignature\IProcessSignatureEnqueuer.cs" />
-    <Compile Include="PackageSigning\ProcessSignature\PackageSigningValidator.cs" />
+    <Compile Include="PackageSigning\ProcessSignature\PackageSignatureProcessor.cs" />
     <Compile Include="PackageSigning\ProcessSignature\ProcessSignatureConfiguration.cs" />
     <Compile Include="PackageSigning\ProcessSignature\ProcessSignatureEnqueuer.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\IValidateCertificateEnqueuer.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\PackageCertificatesValidator.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\ValidateCertificateConfiguration.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\ValidateCertificateEnqueuer.cs" />
+    <Compile Include="PackageSigning\ProcessSignature\PackageSignatureValidator.cs" />
     <Compile Include="PackageStatusProcessor.cs" />
     <Compile Include="PackageValidationMessageDataSerializer.cs" />
     <Compile Include="Program.cs" />
 
@@ -2,31 +2,28 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
-using System.Diagnostics;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using NuGet.Jobs.Validation;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Services.Validation.Orchestrator.Telemetry;
 
 namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
 {
-    [ValidatorName(ValidatorName.PackageSigning)]
-    public class PackageSigningValidator : IProcessor
+    public abstract class BaseSignatureProcessor
     {
         private readonly IValidatorStateService _validatorStateService;
         private readonly IProcessSignatureEnqueuer _signatureVerificationEnqueuer;
         private readonly ISimpleCloudBlobProvider _blobProvider;
         private readonly ITelemetryService _telemetryService;
-        private readonly ILogger<PackageSigningValidator> _logger;
+        private readonly ILogger<BaseSignatureProcessor> _logger;
 
-        public PackageSigningValidator(
+        public BaseSignatureProcessor(
             IValidatorStateService validatorStateService,
             IProcessSignatureEnqueuer signatureVerificationEnqueuer,
             ISimpleCloudBlobProvider blobProvider,
             ITelemetryService telemetryService,
-            ILogger<PackageSigningValidator> logger)
+            ILogger<BaseSignatureProcessor> logger)
         {
             _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
             _signatureVerificationEnqueuer = signatureVerificationEnqueuer ?? throw new ArgumentNullException(nameof(signatureVerificationEnqueuer));
@@ -35,14 +32,14 @@ public PackageSigningValidator(
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
-        public async Task<IValidationResult> GetResultAsync(IValidationRequest request)
+        public virtual async Task<IValidationResult> GetResultAsync(IValidationRequest request)
         {
             var validatorStatus = await _validatorStateService.GetStatusAsync(request);
 
             return validatorStatus.ToValidationResult();
         }
 
-        public async Task<IValidationResult> StartAsync(IValidationRequest request)
+        public virtual async Task<IValidationResult> StartAsync(IValidationRequest request)
         {
             var validatorStatus = await StartInternalAsync(request);
 
@@ -68,6 +65,11 @@ public async Task CleanUpAsync(IValidationRequest request)
             await blob.DeleteIfExistsAsync();
         }
 
+        /// <summary>
+        /// Whether the package MUST have an acceptable repository signature to pass validation.
+        /// </summary>
+        protected abstract bool RequiresRepositorySignature { get; }
+
         private async Task<ValidatorStatus> StartInternalAsync(IValidationRequest request)
         {
             // Check that this is the first validation for this specific request.
@@ -86,15 +88,12 @@ private async Task<ValidatorStatus> StartInternalAsync(IValidationRequest reques
 
             // Kick off the verification process. Note that the jobs will not verify the package until the
             // state of this validator has been persisted to the database.
-            var stopwatch = Stopwatch.StartNew();
-
-            await _signatureVerificationEnqueuer.EnqueueVerificationAsync(request);
-
-            var result = await _validatorStateService.TryAddValidatorStatusAsync(request, validatorStatus, ValidationStatus.Incomplete);
-
-            _telemetryService.TrackDurationToStartPackageSigningValidator(stopwatch.Elapsed);
+            using (_telemetryService.TrackDurationToStartPackageSigningValidator())
+            {
+                await _signatureVerificationEnqueuer.EnqueueProcessSignatureAsync(request, RequiresRepositorySignature);
 
-            return result;
+                return await _validatorStateService.TryAddValidatorStatusAsync(request, validatorStatus, ValidationStatus.Incomplete);
+            }
         }
     }
 }
@@ -11,13 +11,19 @@ namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
     public interface IProcessSignatureEnqueuer
     {
         /// <summary>
-        /// Kicks off the package verification process for the given request. Verification will begin when the
-        /// <see cref="ValidationEntitiesContext"/> has a <see cref="ValidatorStatus"/> that matches the
-        /// <see cref="IValidationRequest"/>'s validationId. Once verification completes, the <see cref="ValidatorStatus"/>'s
-        /// State will be updated to "Succeeded" or "Failed".
+        /// Processes the package's signatures, if any. Unacceptable repository signatures will be stripped off.
+        /// Author signatures that fail trust or integrity verification will fail the validation.
         /// </summary>
+        /// <remarks>
+        /// Verification will begin when the <see cref="ValidationEntitiesContext"/> has a <see cref="ValidatorStatus"/>
+        /// that matches the <see cref="IValidationRequest"/>'s validationId. Once verification completes,
+        /// the <see cref="ValidatorStatus"/>'s State will be updated to "Succeeded" or "Failed".
+        /// </remarks>
         /// <param name="request">The request that details the package to be verified.</param>
+        /// <param name="requireRepositorySignature">
+        /// If true, the package must have an acceptable repository signature to pass validation.
+        /// </param>
         /// <returns>A task that will complete when the verification process has been queued.</returns>
-        Task EnqueueVerificationAsync(IValidationRequest request);
+        Task EnqueueProcessSignatureAsync(IValidationRequest request, bool requireRepositorySignature);
     }
 }
@@ -0,0 +1,47 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Microsoft.Extensions.Logging;
+using NuGet.Jobs.Validation;
+using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.Storage;
+using NuGet.Services.Validation.Orchestrator.Telemetry;
+
+namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
+{
+    /// <summary>
+    /// The processor that strips unacceptable repository signatures and then validates signed packages.
+    /// This runs before a package is repository signed.
+    /// </summary>
+    [ValidatorName(ValidatorName.PackageSignatureProcessor)]
+    public class PackageSignatureProcessor : BaseSignatureProcessor, IProcessor
+    {
+        private readonly IValidatorStateService _validatorStateService;
+        private readonly IProcessSignatureEnqueuer _signatureVerificationEnqueuer;
+        private readonly ISimpleCloudBlobProvider _blobProvider;
+        private readonly ITelemetryService _telemetryService;
+        private readonly ILogger<PackageSignatureProcessor> _logger;
+
+        public PackageSignatureProcessor(
+            IValidatorStateService validatorStateService,
+            IProcessSignatureEnqueuer signatureVerificationEnqueuer,
+            ISimpleCloudBlobProvider blobProvider,
+            ITelemetryService telemetryService,
+            ILogger<PackageSignatureProcessor> logger)
+          : base(validatorStateService, signatureVerificationEnqueuer, blobProvider, telemetryService, logger)
+        {
+            _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
+            _signatureVerificationEnqueuer = signatureVerificationEnqueuer ?? throw new ArgumentNullException(nameof(signatureVerificationEnqueuer));
+            _blobProvider = blobProvider ?? throw new ArgumentNullException(nameof(blobProvider));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
+        /// <summary>
+        /// This processor runs before packages are repository signed. Unacceptable
+        /// repository signatures, if present, will be stripped.
+        /// </summary>
+        protected override bool RequiresRepositorySignature => false;
+    }
+}
@@ -0,0 +1,95 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using NuGet.Jobs.Validation;
+using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.Storage;
+using NuGet.Services.Validation.Orchestrator.Telemetry;
+
+namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
+{
+    /// <summary>
+    /// The validator that ensures the package's repository signature is valid. This does the
+    /// final signature validation after a package has been repository signed.
+    /// </summary>
+    [ValidatorName(ValidatorName.PackageSignatureValidator)]
+    public class PackageSignatureValidator : BaseSignatureProcessor, IValidator
+    {
+        private readonly IValidatorStateService _validatorStateService;
+        private readonly IProcessSignatureEnqueuer _signatureVerificationEnqueuer;
+        private readonly ISimpleCloudBlobProvider _blobProvider;
+        private readonly ITelemetryService _telemetryService;
+        private readonly ILogger<PackageSignatureValidator> _logger;
+
+        public PackageSignatureValidator(
+            IValidatorStateService validatorStateService,
+            IProcessSignatureEnqueuer signatureVerificationEnqueuer,
+            ISimpleCloudBlobProvider blobProvider,
+            ITelemetryService telemetryService,
+            ILogger<PackageSignatureValidator> logger)
+          : base(validatorStateService, signatureVerificationEnqueuer, blobProvider, telemetryService, logger)
+        {
+            _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
+            _signatureVerificationEnqueuer = signatureVerificationEnqueuer ?? throw new ArgumentNullException(nameof(signatureVerificationEnqueuer));
+            _blobProvider = blobProvider ?? throw new ArgumentNullException(nameof(blobProvider));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
+        /// <summary>
+        /// This validator runs after packages are repository signed. It will verify that the repository
+        /// signature is acceptable.
+        /// </summary>
+        protected override bool RequiresRepositorySignature => true;
+
+        public override async Task<IValidationResult> GetResultAsync(IValidationRequest request)
+        {
+            var result = await base.GetResultAsync(request);
+
+            return Validate(result);
+        }
+
+        public override async Task<IValidationResult> StartAsync(IValidationRequest request)
+        {
+            var result = await base.StartAsync(request);
+
+            return Validate(result);
+        }
+
+        private IValidationResult Validate(IValidationResult result)
+        {
+            /// The package signature validator runs after the <see cref="PackageSignatureProcessor" />.
+            /// All signature validation issues should be caught and handled by the processor.
+            if (result.Status == ValidationStatus.Failed || result.NupkgUrl != null)
+            {
+                _logger.LogCritical(
+                    "Unexpected validation result in package signature validator. This may be caused by an invalid repository " +
+                    "signature. Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
+                    result.Status,
+                    result.NupkgUrl,
+                    result.Issues.Select(i => i.IssueCode));
+
+                throw new InvalidOperationException("Package signature validator has an unexpected validation result");
+            }
+
+            /// Suppress all validation issues. The <see cref="PackageSignatureProcessor"/> should
+            /// have already reported any issues related to the author signature. Customers should
+            /// not be notified of validation issues due to the repository signature.
+            if (result.Issues.Count != 0)
+            {
+                _logger.LogWarning(
+                    "Ignoring {ValidationIssueCount} validation issues from result. Issues: {Issues}",
+                    result.Issues.Count,
+                    result.Issues.Select(i => i.IssueCode));
+
+                return new ValidationResult(result.Status);
+            }
+
+            return result;
+        }
+    }
+}
@@ -7,7 +7,7 @@
 namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
 {
     /// <summary>
-    /// Configuration for initializing the <see cref="PackageSigningValidator"/>.
+    /// Configuration for initializing the <see cref="ProcessSignatureEnqueuer"/>.
     /// </summary>
     public class ProcessSignatureConfiguration
     {
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`namespace NuGet.Services.Validation.PackageSigning.ProcessSignature`
`8`	`8`	`{`
`9`	`9`	`/// <summary>`
`10`		`- /// Configuration for initializing the <see cref="PackageSigningValidator"/>.`
	`10`	`+ /// Configuration for initializing the <see cref="ProcessSignatureEnqueuer"/>.`
`11`	`11`	`/// </summary>`
`12`	`12`	`public class ProcessSignatureConfiguration`
`13`	`13`	`{`