Add telemetry to track stripped repository signatures (#392)

Progress on NuGet/Engineering#1207

Author: joelverhagen

src/Validation.PackageSigning.ProcessSignature/Job.cs

@@ -11,6 +11,7 @@
 using NuGet.Jobs.Validation.PackageSigning.Configuration;
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.PackageSigning.Telemetry;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Services.ServiceBus;
 using NuGet.Services.Storage;
@@ -31,6 +32,8 @@ protected override void ConfigureJobServices(IServiceCollection services, IConfi
 
             services.AddTransient<IEntityRepository<Certificate>, EntityRepository<Certificate>>();
 
+            services.AddTransient<ITelemetryService, TelemetryService>();
+
             services.AddTransient<ICertificateStore>(p =>
             {
                 var config = p.GetRequiredService<IOptionsSnapshot<CertificateStoreConfiguration>>().Value;
@@ -59,6 +62,7 @@ protected override void ConfigureJobServices(IServiceCollection services, IConfi
                 p.GetRequiredService<ISignaturePartsExtractor>(),
                 p.GetRequiredService<IProcessorPackageFileService>(),
                 p.GetRequiredService<IEntityRepository<Certificate>>(),
+                p.GetRequiredService<ITelemetryService>(),
                 p.GetRequiredService<ILogger<SignatureValidator>>()));
         }
 

src/Validation.PackageSigning.ProcessSignature/SignatureValidator.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
 using System.Security.Cryptography.Pkcs;
@@ -12,6 +13,7 @@
 using NuGet.Common;
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.PackageSigning.Telemetry;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Packaging.Signing;
 using NuGet.Services.Validation;
@@ -31,6 +33,7 @@ public class SignatureValidator : ISignatureValidator
         private readonly ISignaturePartsExtractor _signaturePartsExtractor;
         private readonly IProcessorPackageFileService _packageFileService;
         private readonly IEntityRepository<Certificate> _certificates;
+        private readonly ITelemetryService _telemetryService;
         private readonly ILogger<SignatureValidator> _logger;
 
         public SignatureValidator(
@@ -40,6 +43,7 @@ public SignatureValidator(
             ISignaturePartsExtractor signaturePartsExtractor,
             IProcessorPackageFileService packageFileService,
             IEntityRepository<Certificate> certificates,
+            ITelemetryService telemetryService,
             ILogger<SignatureValidator> logger)
         {
             _packageSigningStateService = packageSigningStateService ?? throw new ArgumentNullException(nameof(packageSigningStateService));
@@ -48,6 +52,7 @@ public SignatureValidator(
             _signaturePartsExtractor = signaturePartsExtractor ?? throw new ArgumentNullException(nameof(signaturePartsExtractor));
             _packageFileService = packageFileService ?? throw new ArgumentNullException(nameof(packageFileService));
             _certificates = certificates ?? throw new ArgumentNullException(nameof(certificates));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
@@ -208,12 +213,21 @@ private async Task<SignatureValidatorResult> StripRepositorySignaturesAsync(Cont
             {
                 packageStreamToDispose = FileStreamUtility.GetTemporaryFile();
 
-                var removed = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync(
+                var stopwatch = Stopwatch.StartNew();
+
+                var changed = await SignedPackageArchiveUtility.RemoveRepositorySignaturesAsync(
                     context.PackageStream,
                     packageStreamToDispose,
                     context.CancellationToken);
 
-                if (removed)
+                _telemetryService.TrackDurationToStripRepositorySignatures(
+                    stopwatch.Elapsed,
+                    context.Message.PackageId,
+                    context.Message.PackageVersion,
+                    context.Message.ValidationId,
+                    changed);
+
+                if (changed)
                 {
                     _logger.LogInformation(
                         "Repository signatures were removed from package {PackageId} {PackageVersion} for validation {ValidationId}.",
@@ -232,6 +246,8 @@ private async Task<SignatureValidatorResult> StripRepositorySignaturesAsync(Cont
                     packageStreamToDispose = null;
                     context.PackageReader = new SignedPackageArchive(context.PackageStream, packageWriteStream: Stream.Null);
 
+                    var initialSignature = context.Signature;
+
                     if (await context.PackageReader.IsSignedAsync(context.CancellationToken))
                     {
                         _logger.LogInformation(
@@ -241,6 +257,13 @@ private async Task<SignatureValidatorResult> StripRepositorySignaturesAsync(Cont
                             context.Message.ValidationId);
 
                         context.Signature = await context.PackageReader.GetPrimarySignatureAsync(context.CancellationToken);
+
+                        _telemetryService.TrackStrippedRepositorySignatures(
+                            context.Message.PackageId,
+                            context.Message.PackageVersion,
+                            context.Message.ValidationId,
+                            initialSignature,
+                            context.Signature);
                     }
                     else
                     {
@@ -253,6 +276,14 @@ private async Task<SignatureValidatorResult> StripRepositorySignaturesAsync(Cont
                         // The package is now unsigned. This would happen if the primary signature was a repository
                         // signature that was removed.
                         context.Signature = null;
+
+                        _telemetryService.TrackStrippedRepositorySignatures(
+                            context.Message.PackageId,
+                            context.Message.PackageVersion,
+                            context.Message.ValidationId,
+                            initialSignature,
+                            outputSignature: null);
+
                         return await HandleUnsignedPackageAsync(context);
                     }
                 }

src/Validation.PackageSigning.ProcessSignature/Telemetry/ITelemetryService.cs

@@ -0,0 +1,25 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using NuGet.Packaging.Signing;
+
+namespace NuGet.Jobs.Validation.PackageSigning.Telemetry
+{
+    public interface ITelemetryService
+    {
+        void TrackDurationToStripRepositorySignatures(
+            TimeSpan duration,
+            string packageId,
+            string normalizedVersion,
+            Guid validationId,
+            bool changed);
+
+        void TrackStrippedRepositorySignatures(
+            string packageId,
+            string normalizedVersion,
+            Guid validationId,
+            PrimarySignature inputSignature,
+            PrimarySignature outputSignature);
+    }
+}

src/Validation.PackageSigning.ProcessSignature/Telemetry/TelemetryService.cs

@@ -0,0 +1,82 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using NuGet.Packaging.Signing;
+using NuGet.Services.Logging;
+
+namespace NuGet.Jobs.Validation.PackageSigning.Telemetry
+{
+    public class TelemetryService : ITelemetryService
+    {
+        private const string Prefix = "ProcessSignature.";
+        private const string StrippedRepositorySignatures = Prefix + "StrippedRepositorySignatures";
+        private const string DurationToStripRepositorySignaturesSeconds = Prefix + "DurationToStripRepositorySignaturesSeconds";
+
+        private const string PackageId = "PackageId";
+        private const string NormalizedVersion = "NormalizedVersion";
+        private const string ValidationId = "ValidationId";
+        private const string InputSignatureType = "InputSignatureType";
+        private const string InputCounterSignatureCount = "InputCounterSignatureCount";
+        private const string OutputSignatureType = "OutputSignatureType";
+        private const string OutputCounterSignatureCount = "OutputCounterSignatureCount";
+        private const string Changed = "Changed";
+
+        private readonly ITelemetryClient _telemetryClient;
+
+        public TelemetryService(ITelemetryClient telemetryClient)
+        {
+            _telemetryClient = telemetryClient ?? throw new ArgumentNullException(nameof(telemetryClient));
+        }
+
+        public void TrackStrippedRepositorySignatures(
+            string packageId,
+            string normalizedVersion,
+            Guid validationId,
+            PrimarySignature inputSignature,
+            PrimarySignature outputSignature)
+        {
+            var properties = new Dictionary<string, string>
+            {
+                { PackageId, packageId },
+                { NormalizedVersion, normalizedVersion },
+                { ValidationId, validationId.ToString() },
+                { InputSignatureType, inputSignature.Type.ToString() },
+                { InputCounterSignatureCount, inputSignature.SignerInfo.CounterSignerInfos.Count.ToString() },
+            };
+
+            if (outputSignature != null)
+            {
+                properties.Add(OutputSignatureType, outputSignature.Type.ToString());
+                properties.Add(OutputCounterSignatureCount, outputSignature.SignerInfo.CounterSignerInfos.Count.ToString());
+            }
+
+            _telemetryClient.TrackMetric(
+                StrippedRepositorySignatures,
+                1,
+                properties);
+        }
+
+        public void TrackDurationToStripRepositorySignatures(
+            TimeSpan duration,
+            string packageId,
+            string normalizedVersion,
+            Guid validationId,
+            bool changed)
+        {
+            var properties = new Dictionary<string, string>
+            {
+                { PackageId, packageId },
+                { NormalizedVersion, normalizedVersion },
+                { ValidationId, validationId.ToString() },
+                { Changed, changed.ToString() },
+            };
+
+            _telemetryClient.TrackMetric(
+                DurationToStripRepositorySignaturesSeconds,
+                duration.TotalSeconds,
+                properties);
+        }
+    }
+}

src/Validation.PackageSigning.ProcessSignature/Validation.PackageSigning.ProcessSignature.csproj

@@ -57,6 +57,8 @@
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="SignatureValidationMessageHandler.cs" />
     <Compile Include="SignatureValidatorResult.cs" />
+    <Compile Include="Telemetry\ITelemetryService.cs" />
+    <Compile Include="Telemetry\TelemetryService.cs" />
   </ItemGroup>
   <ItemGroup>
     <None Include="App.config" />

tests/Validation.PackageSigning.ProcessSignature.Tests/SignatureValidatorFacts.cs

@@ -12,6 +12,7 @@
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Jobs.Validation.PackageSigning.ProcessSignature;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.PackageSigning.Telemetry;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Packaging.Signing;
 using NuGet.Services.Validation;
@@ -41,6 +42,7 @@ public class ValidateAsync
             private readonly Mock<IProcessorPackageFileService> _packageFileService;
             private readonly Uri _nupkgUri;
             private readonly SignatureValidator _target;
+            private readonly Mock<ITelemetryService> _telemetryService;
 
             public ValidateAsync(ITestOutputHelper output)
             {
@@ -82,13 +84,16 @@ public ValidateAsync(ITestOutputHelper output)
                     .Setup(x => x.GetReadAndDeleteUriAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<Guid>()))
                     .ReturnsAsync(() => _nupkgUri);
 
+                _telemetryService = new Mock<ITelemetryService>();
+
                 _target = new SignatureValidator(
                     _packageSigningStateService.Object,
                     _mimimalPackageSignatureVerifier.Object,
                     _fullPackageSignatureVerifier.Object,
                     _signaturePartsExtractor.Object,
                     _packageFileService.Object,
                     _certificates.Object,
+                    _telemetryService.Object,
                     _logger);
             }
 

tests/Validation.PackageSigning.ProcessSignature.Tests/SignatureValidatorIntegrationTests.cs

@@ -18,8 +18,10 @@
 using NuGet.Jobs.Validation.PackageSigning.Messages;
 using NuGet.Jobs.Validation.PackageSigning.ProcessSignature;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Jobs.Validation.PackageSigning.Telemetry;
 using NuGet.Jobs.Validation.Storage;
 using NuGet.Packaging.Signing;
+using NuGet.Services.Logging;
 using NuGet.Services.Validation;
 using NuGet.Services.Validation.Issues;
 using NuGetGallery;
@@ -44,6 +46,8 @@ public class SignatureValidatorIntegrationTests : IDisposable
         private readonly List<string> _trustedThumbprints;
         private readonly IPackageSignatureVerifier _minimalPackageSignatureVerifier;
         private readonly IPackageSignatureVerifier _fullPackageSignatureVerifier;
+        private readonly Mock<ITelemetryClient> _telemetryClient;
+        private readonly TelemetryService _telemetryService;
         private readonly RecordingLogger<SignatureValidator> _logger;
         private readonly int _packageKey;
         private Stream _packageStream;
@@ -91,6 +95,9 @@ public SignatureValidatorIntegrationTests(CertificateIntegrationTestFixture fixt
             _minimalPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateMinimal();
             _fullPackageSignatureVerifier = PackageSignatureVerifierFactory.CreateFull();
 
+            _telemetryClient = new Mock<ITelemetryClient>();
+            _telemetryService = new TelemetryService(_telemetryClient.Object);
+
             var loggerFactory = new LoggerFactory();
             loggerFactory.AddXunit(output);
             _logger = new RecordingLogger<SignatureValidator>(loggerFactory.CreateLogger<SignatureValidator>());
@@ -112,6 +119,7 @@ public SignatureValidatorIntegrationTests(CertificateIntegrationTestFixture fixt
                 _signaturePartsExtractor.Object,
                 _packageFileService.Object,
                 _certificates.Object,
+                _telemetryService,
                 _logger);
         }