Persist repository signature information in database (#401)

Progress on NuGet/NuGetGallery#5754

Author: joelverhagen

src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj

@@ -107,7 +107,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="NuGet.Services.Validation.Issues">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
   </ItemGroup>
   <ItemGroup>

src/Validation.Common.Job/Storage/ValidatorStateService.cs

@@ -9,7 +9,6 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using NuGet.Services.Validation;
-using NuGet.Services.Validation.Orchestrator;
 
 namespace NuGet.Jobs.Validation.PackageSigning.Storage
 {
@@ -21,20 +20,11 @@ public class ValidatorStateService : IValidatorStateService
 
         public ValidatorStateService(
             IValidationEntitiesContext validationContext,
-            IValidatorProvider validatorProvider,
             string validatorName,
             ILogger<ValidatorStateService> logger)
         {
             _validationContext = validationContext ?? throw new ArgumentNullException(nameof(validationContext));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
-            if (validatorProvider == null)
-            {
-                throw new ArgumentNullException(nameof(validatorProvider));
-            }
-            if (!validatorProvider.IsValidator(validatorName))
-            {
-                throw new ArgumentException($"\"{validatorName}\" is not a proper validator alias.", nameof(validatorName));
-            }
             _validatorName = validatorName ?? throw new ArgumentNullException(nameof(validatorName));
         }
 

src/Validation.Common.Job/Validation.Common.Job.csproj

@@ -88,19 +88,19 @@
       <Version>1.1.2</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Packaging">
-      <Version>4.7.0-preview1.5029</Version>
+      <Version>4.7.0-preview4.5067</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Configuration">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Logging">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Storage">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Validation">
-      <Version>2.22.0</Version>
+      <Version>2.23.0</Version>
     </PackageReference>
     <PackageReference Include="NuGetGallery.Core">
       <Version>4.4.4-dev-26726</Version>

src/Validation.Common.Job/Validation.Common.Job.nuspec

@@ -15,11 +15,11 @@
         <dependency id="Microsoft.ApplicationInsights" version="2.2.0" />
         <dependency id="Microsoft.Extensions.DependencyInjection" version="1.1.1" />
         <dependency id="Microsoft.Extensions.Options.ConfigurationExtensions" version="1.1.2" />
-        <dependency id="NuGet.Packaging" version="4.7.0-preview1.5029" />
-        <dependency id="NuGet.Services.Configuration" version="2.22.0" />
-        <dependency id="NuGet.Services.Logging" version="2.22.0" />
-        <dependency id="NuGet.Services.Storage" version="2.22.0" />
-        <dependency id="NuGet.Services.Validation" version="2.22.0" />
+        <dependency id="NuGet.Packaging" version="4.7.0-preview4.5067" />
+        <dependency id="NuGet.Services.Configuration" version="2.23.0" />
+        <dependency id="NuGet.Services.Logging" version="2.23.0" />
+        <dependency id="NuGet.Services.Storage" version="2.23.0" />
+        <dependency id="NuGet.Services.Validation" version="2.23.0" />
         <dependency id="NuGetGallery.Core" version="4.4.4-dev-26726" />
         <dependency id="Serilog" version="2.5.0" />
         <dependency id="System.Net.Http" version="4.3.3" />

src/Validation.PackageSigning.ProcessSignature/Job.cs

@@ -78,10 +78,6 @@ protected override void ConfigureAutofacServices(ContainerBuilder containerBuild
                     (pi, ctx) => ValidatorName.PackageSigning)
                 .As<IValidatorStateService>();
 
-            containerBuilder
-                .RegisterType<PackageSigningStateService>()
-                .As<IPackageSigningStateService>();
-
             containerBuilder
                 .RegisterType<ScopedMessageHandler<SignatureValidationMessage>>()
                 .Keyed<IMessageHandler<SignatureValidationMessage>>(validateSignatureBindingKey);

src/Validation.PackageSigning.ProcessSignature/MinimalSignatureVerificationProvider.cs

@@ -21,7 +21,7 @@ public Task<PackageVerificationResult> GetTrustResultAsync(
             CancellationToken token)
         {
             var result = new SignedPackageVerificationResult(
-                SignatureVerificationStatus.Trusted,
+                SignatureVerificationStatus.Valid,
                 signature,
                 Enumerable.Empty<SignatureLog>());
 

src/Validation.PackageSigning.ProcessSignature/PackageSignatureVerifierFactory.cs

@@ -23,6 +23,7 @@ public static IPackageSignatureVerifier CreateMinimal()
 
             var settings = new SignedPackageVerifierSettings(
                 allowUnsigned: true,
+                allowIllegal: false,
                 allowUntrusted: false, // Invalid format of the signature uses this flag to determine success.
                 allowUntrustedSelfIssuedCertificate: true,
                 allowIgnoreTimestamp: true,
@@ -48,6 +49,7 @@ public static IPackageSignatureVerifier CreateFull()
 
             var settings = new SignedPackageVerifierSettings(
                 allowUnsigned: false,
+                allowIllegal: false,
                 allowUntrusted: false,
                 allowUntrustedSelfIssuedCertificate: false,
                 allowIgnoreTimestamp: false,