Merge pull request #263 from NuGet/dev

[ReleasePrep][2017.11.27] RI of dev into master

Author: loic-sharma

NuGet.Jobs.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26923.0
+VisualStudioVersion = 15.0.27121.1
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGet.Jobs.Common", "src\NuGet.Jobs.Common\NuGet.Jobs.Common.csproj", "{4B4B1EFB-8F33-42E6-B79F-54E7F3293D31}"
 EndProject
@@ -97,6 +97,12 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NuGet.Services.Validation.O
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.Common.Tests", "tests\Validation.Common.Tests\Validation.Common.Tests.csproj", "{F9690B52-3C92-42A0-B41F-1A6040C2D2EE}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.PackageSigning.Core", "src\Validation.PackageSigning.Core\Validation.PackageSigning.Core.csproj", "{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.PackageSigning.ExtractAndValidateSignature", "src\Validation.PackageSigning.ExtractAndValidateSignature\Validation.PackageSigning.ExtractAndValidateSignature.csproj", "{DD043977-6BCD-475A-BEE2-8C34309EC622}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.PackageSigning.ExtractAndValidateSignature.Tests", "tests\Validation.PackageSigning.ExtractAndValidateSignature.Tests\Validation.PackageSigning.ExtractAndValidateSignature.Tests.csproj", "{26435822-8938-48C9-96FD-0DCCF8F7CE00}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -241,6 +247,18 @@ Global
 		{F9690B52-3C92-42A0-B41F-1A6040C2D2EE}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F9690B52-3C92-42A0-B41F-1A6040C2D2EE}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{F9690B52-3C92-42A0-B41F-1A6040C2D2EE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10}.Release|Any CPU.Build.0 = Release|Any CPU
+		{DD043977-6BCD-475A-BEE2-8C34309EC622}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{DD043977-6BCD-475A-BEE2-8C34309EC622}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{DD043977-6BCD-475A-BEE2-8C34309EC622}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{DD043977-6BCD-475A-BEE2-8C34309EC622}.Release|Any CPU.Build.0 = Release|Any CPU
+		{26435822-8938-48C9-96FD-0DCCF8F7CE00}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{26435822-8938-48C9-96FD-0DCCF8F7CE00}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{26435822-8938-48C9-96FD-0DCCF8F7CE00}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{26435822-8938-48C9-96FD-0DCCF8F7CE00}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -279,6 +297,9 @@ Global
 		{0C887292-C5AB-4107-946C-A53B18A38D22} = {6A776396-02B1-475D-A104-26940ADB04AB}
 		{A3B0B15D-22D9-4F1F-94C4-B24B28ECF632} = {6A776396-02B1-475D-A104-26940ADB04AB}
 		{F9690B52-3C92-42A0-B41F-1A6040C2D2EE} = {6A776396-02B1-475D-A104-26940ADB04AB}
+		{91C060DA-736F-4DA9-A57F-CB3AC0E6CB10} = {678D7B14-F8BC-4193-99AF-2EE8AA390A02}
+		{DD043977-6BCD-475A-BEE2-8C34309EC622} = {678D7B14-F8BC-4193-99AF-2EE8AA390A02}
+		{26435822-8938-48C9-96FD-0DCCF8F7CE00} = {6A776396-02B1-475D-A104-26940ADB04AB}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {284A7AC3-FB43-4F1F-9C9C-2AF0E1F46C2B}

build.ps1

@@ -102,7 +102,8 @@ Invoke-BuildStep 'Set version metadata in AssemblyInfo.cs' { `
             "$PSScriptRoot\src\CopyAzureContainer\Properties\AssemblyInfo.g.cs",
             "$PSScriptRoot\src\NuGetCDNRedirect\Properties\AssemblyInfo.g.cs",
             "$PSScriptRoot\src\NuGet.Services.Validation.Orchestrator\Properties\AssemblyInfo.g.cs",
-            "$PSScriptRoot\src\Stats.CollectAzureChinaCDNLogs\Properties\AssemblyInfo.g.cs"
+            "$PSScriptRoot\src\Stats.CollectAzureChinaCDNLogs\Properties\AssemblyInfo.g.cs",
+            "$PSScriptRoot\src\Validation.PackageSigning.ExtractAndValidateSignature\Properties\AssemblyInfo.g.cs"
 
 
         $versionMetadata | ForEach-Object {
@@ -150,7 +151,8 @@ Invoke-BuildStep 'Creating artifacts' {
             "src/CopyAzureContainer/CopyAzureContainer.csproj", `
             "src/NuGetCDNRedirect/NuGetCDNRedirect.csproj", `
             "src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj", `
-            "src/Stats.CollectAzureChinaCDNLogs/Stats.CollectAzureChinaCDNLogs.csproj"
+            "src/Stats.CollectAzureChinaCDNLogs/Stats.CollectAzureChinaCDNLogs.csproj", `
+            "src/Validation.PackageSigning.ExtractAndValidateSignature/Validation.PackageSigning.ExtractAndValidateSignature.csproj"
 
         Foreach ($Project in $Projects) {
             New-Package (Join-Path $PSScriptRoot "$Project") -Configuration $Configuration -BuildNumber $BuildNumber -Version $SemanticVersion -Branch $Branch -MSBuildVersion "$msBuildVersion"

src/LoadTests/DownloadPackageApiV2.webtest

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <WebTest Name="DownloadPackageApiV2" Id="f0c6d88d-bc9d-4256-b1f0-c70866d59e2e" Owner="" Priority="2147483647" Enabled="True" CssProjectStructure="" CssIteration="" Timeout="0" WorkItemIds="" xmlns="http://microsoft.com/schemas/VisualStudio/TeamTest/2010" Description="" CredentialUserName="" CredentialPassword="" PreAuthenticate="True" Proxy="default" StopOnError="False" RecordedResultFile="WebTest1.7ffeba66-45d9-4625-9ca6-ca2b95c6c76a.rec.webtestresult" ResultsLocale="">
   <Items>
-    <Request Method="GET" Guid="ea523c76-15f8-4fae-96cd-ac46a2a3fe40" Version="1.1" Url="https://dev.nugettest.org/api/v2/package/Newtonsoft.Json/6.0.1-beta1" ThinkTime="25" Timeout="300" ParseDependentRequests="True" FollowRedirects="True" RecordResult="True" Cache="False" ResponseTimeGoal="0" Encoding="utf-8" ExpectedHttpStatusCode="0" ExpectedResponseUrl="https://f168.wpc.azureedge.net/80F168/nugetdevlegacy.blob.core.windows.net/packages/newtonsoft.json.6.0.1-beta1.nupkg" ReportingName="Download package through v2 API" IgnoreHttpStatusCode="False" />
+    <Request Method="GET" Guid="ea523c76-15f8-4fae-96cd-ac46a2a3fe40" Version="1.1" Url="https://dev.nugettest.org/api/v2/package/Newtonsoft.Json/6.0.1-beta1" ThinkTime="25" Timeout="300" ParseDependentRequests="True" FollowRedirects="True" RecordResult="True" Cache="False" ResponseTimeGoal="0" Encoding="utf-8" ExpectedHttpStatusCode="0" ExpectedResponseUrl="https://az640577.vo.msecnd.net/packages/newtonsoft.json.6.0.1-beta1.nupkg" ReportingName="Download package through v2 API" IgnoreHttpStatusCode="False" />
   </Items>
   <ValidationRules>
     <ValidationRule Classname="Microsoft.VisualStudio.TestTools.WebTesting.Rules.ValidateResponseUrl, Microsoft.VisualStudio.QualityTools.WebTestFramework, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" DisplayName="Response URL" Description="Validates that the response URL after redirects are followed is the same as the recorded response URL.  QueryString parameters are ignored." Level="Low" ExectuionOrder="BeforeDependents" />

src/NuGet.Services.Validation.Orchestrator/App.config

@@ -4,8 +4,8 @@
     <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
   </configSections>
   <startup> 
-    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
   </startup>
   <entityFramework codeConfigurationType="NuGetGallery.EntitiesConfiguration, NuGetGallery.Core">
   </entityFramework>
-</configuration>
+</configuration>

src/NuGet.Services.Validation.Orchestrator/Error.cs

@@ -14,5 +14,12 @@ public static class Error
         public static EventId VcsValidationUnexpectedAuditFound = new EventId(5, "VCS validation unexpected audit found");
         public static EventId OrchestratorOnMessageException = new EventId(6, "Failed to process orchestrator message");
         public static EventId UpdatingPackageDbStatusFailed = new EventId(7, "Failed to update package status in DB");
+
+        public static EventId PackageSigningValidationAlreadyStarted = new EventId(100, "Package Signing validation already started");
+
+        public static EventId PackageCertificateValidationAlreadyFailed = new EventId(200, "Package Signing state is already invalid");
+        public static EventId PackageCertificateValidationInvalidSignatureState = new EventId(201, "Package Signature has invalid Status");
+
+        // NOTE: EventIds 1000-1999 are reserved for the "Validation.PackageSigning.Core" project.
     }
 }

src/NuGet.Services.Validation.Orchestrator/Job.cs

@@ -16,9 +16,13 @@
 using NuGet.Jobs;
 using NuGet.Jobs.Configuration;
 using NuGet.Jobs.Validation.Common;
+using NuGet.Jobs.Validation.PackageSigning.Messages;
+using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Services.Configuration;
 using NuGet.Services.KeyVault;
 using NuGet.Services.ServiceBus;
+using NuGet.Services.Validation.PackageCertificates;
+using NuGet.Services.Validation.PackageSigning;
 using NuGet.Services.Validation.Vcs;
 
 namespace NuGet.Services.Validation.Orchestrator
@@ -30,12 +34,17 @@ public class Job : JobBase
 
         private const string ConfigurationSectionName = "Configuration";
         private const string VcsSectionName = "Vcs";
+        private const string PackageSigningSectionName = "PackageSigning";
+        private const string PackageCertificatesSectionName = "PackageCertificates";
         private const string RunnerConfigurationSectionName = "RunnerConfiguration";
         private const string GalleryDbConfigurationSectionName = "GalleryDb";
         private const string ValidationDbConfigurationSectionName = "ValidationDb";
         private const string ServiceBusConfigurationSectionName = "ServiceBus";
 
         private const string VcsBindingKey = VcsSectionName;
+        private const string PackageVerificationTopicClientBindingKey = "PackageVerificationTopicClient";
+        private const string PackageSigningBindingKey = PackageSigningSectionName;
+        private const string PackageCertificatesBindingKey = PackageCertificatesSectionName;
         private const string ValidationStorageBindingKey = "ValidationStorage";
         private const string OrchestratorBindingKey = "Orchestrator";
 
@@ -123,6 +132,8 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
         {
             services.Configure<ValidationConfiguration>(configurationRoot.GetSection(ConfigurationSectionName));
             services.Configure<VcsConfiguration>(configurationRoot.GetSection(VcsSectionName));
+            services.Configure<PackageSigningConfiguration>(configurationRoot.GetSection(PackageSigningSectionName));
+            services.Configure<PackageCertificatesConfiguration>(configurationRoot.GetSection(PackageCertificatesSectionName));
             services.Configure<OrchestrationRunnerConfiguration>(configurationRoot.GetSection(RunnerConfigurationSectionName));
             services.Configure<GalleryDbConfiguration>(configurationRoot.GetSection(GalleryDbConfigurationSectionName));
             services.Configure<ValidationDbConfiguration>(configurationRoot.GetSection(ValidationDbConfigurationSectionName));
@@ -138,6 +149,8 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
             services.AddScoped(serviceProvider =>
                 new ValidationEntitiesContext(
                     serviceProvider.GetRequiredService<IOptionsSnapshot<ValidationDbConfiguration>>().Value.ConnectionString));
+            services.AddScoped<IValidationEntitiesContext>(serviceProvider =>
+                serviceProvider.GetRequiredService<ValidationEntitiesContext>());
             services.AddScoped<IValidationStorageService, ValidationStorageService>();
             services.Add(ServiceDescriptor.Transient(typeof(NuGetGallery.IEntityRepository<>), typeof(NuGetGallery.EntityRepository<>)));
             services.AddTransient<NuGetGallery.ICorePackageService, NuGetGallery.CorePackageService>();
@@ -159,6 +172,10 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
             services.AddTransient<IBrokeredMessageSerializer<PackageValidationMessageData>, PackageValidationMessageDataSerializationAdapter>();
             services.AddTransient<IPackageCriteriaEvaluator, PackageCriteriaEvaluator>();
             services.AddTransient<VcsValidator>();
+            services.AddTransient<IPackageSignatureVerificationEnqueuer, PackageSignatureVerificationEnqueuer>();
+            services.AddTransient<IBrokeredMessageSerializer<SignatureValidationMessage>, SignatureValidationMessageSerializer>();
+            services.AddTransient<IValidatorStateService, ValidatorStateService>();
+            services.AddTransient<PackageSigningValidator>();
         }
 
         private static IServiceProvider CreateProvider(IServiceCollection services)
@@ -177,6 +194,14 @@ private static IServiceProvider CreateProvider(IServiceCollection services)
                     return cloudStorageAccount;
                 })
                 .Keyed<CloudStorageAccount>(VcsBindingKey);
+            containerBuilder
+                .Register(c =>
+                {
+                    var serviceBusConfiguration = c.Resolve<IOptionsSnapshot<ServiceBusConfiguration>>();
+                    var topicClient = new TopicClientWrapper(serviceBusConfiguration.Value.ConnectionString, serviceBusConfiguration.Value.TopicPath);
+                    return topicClient;
+                })
+                .Keyed<TopicClientWrapper>(PackageVerificationTopicClientBindingKey);
 
             containerBuilder
                 .RegisterType<PackageValidationService>()
@@ -194,6 +219,17 @@ private static IServiceProvider CreateProvider(IServiceCollection services)
                     (pi, ctx) => ctx.Resolve<IOptionsSnapshot<VcsConfiguration>>().Value.ContainerName))
                 .As<IPackageValidationAuditor>();
 
+            containerBuilder
+                .RegisterType<PackageSignatureVerificationEnqueuer>()
+                .WithParameter(new ResolvedParameter(
+                    (pi, ctx) => pi.ParameterType == typeof(ITopicClient),
+                    (pi, ctx) => ctx.ResolveKeyed<TopicClientWrapper>(PackageVerificationTopicClientBindingKey)))
+                .WithParameter(new ResolvedParameter(
+                    (pi, ctx) => pi.ParameterType == typeof(IBrokeredMessageSerializer<SignatureValidationMessage>),
+                    (pi, ctx) => ctx.Resolve<SignatureValidationMessageSerializer>()
+                    ))
+                .As<IPackageSignatureVerificationEnqueuer>();
+
             containerBuilder
                 .Register(c => 
                 {
@@ -235,9 +271,79 @@ private static IServiceProvider CreateProvider(IServiceCollection services)
                     IMessageHandler<PackageValidationMessageData>>(
                         OrchestratorBindingKey);
 
+            ConfigurePackageSigningValidator(containerBuilder);
+            ConfigurePackageCertificatesValidator(containerBuilder);
+
             return new AutofacServiceProvider(containerBuilder.Build());
         }
 
+        private static void ConfigurePackageSigningValidator(ContainerBuilder builder)
+        {
+            // Configure the validator state service for the package certificates validator.
+            builder
+                .RegisterType<ValidatorStateService>()
+                .WithParameter(
+                    (pi, ctx) => pi.ParameterType == typeof(Type),
+                    (pi, ctx) => typeof(PackageSigningValidator))
+                .Keyed<IValidatorStateService>(PackageSigningBindingKey);
+
+            // Configure the package signature verification enqueuer.
+            builder
+                .Register(c =>
+                {
+                    var configuration = c.Resolve<IOptionsSnapshot<PackageSigningConfiguration>>().Value.ServiceBus;
+
+                    return new TopicClientWrapper(configuration.ConnectionString, configuration.TopicPath);
+                })
+                .Keyed<ITopicClient>(PackageSigningBindingKey);
+
+            builder
+                .RegisterType<PackageSignatureVerificationEnqueuer>()
+                .WithKeyedParameter(typeof(ITopicClient), PackageSigningBindingKey)
+                .As<IPackageSignatureVerificationEnqueuer>();
+
+            // Configure the package signing validator.
+            builder
+                .RegisterType<PackageSigningValidator>()
+                .WithKeyedParameter(typeof(IValidatorStateService), PackageSigningBindingKey)
+                .As<PackageSigningValidator>();
+        }
+
+        private static void ConfigurePackageCertificatesValidator(ContainerBuilder builder)
+        {
+            // Configure the validator state service for the package certificates validator.
+            builder
+                .RegisterType<ValidatorStateService>()
+                .WithParameter(
+                    (pi, ctx) => pi.ParameterType == typeof(Type),
+                    (pi, ctx) => typeof(PackageCertificatesValidator))
+                .Keyed<IValidatorStateService>(PackageCertificatesBindingKey);
+
+            // Configure the certificate verification enqueuer.
+            builder
+                .Register(c =>
+                {
+                    var configuration = c.Resolve<IOptionsSnapshot<PackageCertificatesConfiguration>>().Value.ServiceBus;
+
+                    return new TopicClientWrapper(configuration.ConnectionString, configuration.TopicPath);
+                })
+                .Keyed<ITopicClient>(PackageCertificatesBindingKey);
+
+            builder
+                .RegisterType<CertificateVerificationEnqueuer>()
+                .WithKeyedParameter(typeof(ITopicClient), PackageCertificatesBindingKey)
+                .As<ICertificateVerificationEnqueuer>();
+
+            // Configure the certificates validator.
+            builder
+                .RegisterType<PackageCertificatesValidator>()
+                .WithKeyedParameter(typeof(IValidatorStateService), PackageCertificatesBindingKey)
+                .WithParameter(
+                    (pi, ctx) => pi.ParameterType == typeof(TimeSpan?),
+                    (pi, ctx) => ctx.Resolve<IOptionsSnapshot<PackageCertificatesConfiguration>>().Value.CertificateRevalidationThreshold)
+                .As<PackageCertificatesValidator>();
+        }
+
         private T GetRequiredService<T>()
         {
             return _serviceProvider.GetRequiredService<T>();