Add job to verify hashes of existing packages based on DB value (#340)

Progress on NuGet/Engineering#1168

Author: joelverhagen

NuGet.Jobs.sln

@@ -111,6 +111,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.PackageSigning.C
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Validation.Common.Job", "src\Validation.Common.Job\Validation.Common.Job.csproj", "{FA87D075-A934-4443-8D0B-5DB32640B6D7}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PackageHash", "src\PackageHash\PackageHash.csproj", "{40843020-6F0A-48F0-AC28-42FFE3A5C21E}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -283,6 +285,10 @@ Global
 		{FA87D075-A934-4443-8D0B-5DB32640B6D7}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FA87D075-A934-4443-8D0B-5DB32640B6D7}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{FA87D075-A934-4443-8D0B-5DB32640B6D7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{40843020-6F0A-48F0-AC28-42FFE3A5C21E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{40843020-6F0A-48F0-AC28-42FFE3A5C21E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{40843020-6F0A-48F0-AC28-42FFE3A5C21E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{40843020-6F0A-48F0-AC28-42FFE3A5C21E}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -329,6 +335,7 @@ Global
 		{2C5BE067-ADFD-49E3-BA9F-13A74436E5DB} = {6A776396-02B1-475D-A104-26940ADB04AB}
 		{B4B7564A-965B-447B-927F-6749E2C08880} = {6A776396-02B1-475D-A104-26940ADB04AB}
 		{FA87D075-A934-4443-8D0B-5DB32640B6D7} = {678D7B14-F8BC-4193-99AF-2EE8AA390A02}
+		{40843020-6F0A-48F0-AC28-42FFE3A5C21E} = {FA5644B5-4F08-43F6-86B3-039374312A47}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {284A7AC3-FB43-4F1F-9C9C-2AF0E1F46C2B}

src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj

@@ -93,7 +93,9 @@
     <Compile Include="ValidatorProvider.cs" />
   </ItemGroup>
   <ItemGroup>
-    <None Include="App.config" />
+    <None Include="App.config">
+      <SubType>Designer</SubType>
+    </None>
     <None Include="settings.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
@@ -102,9 +104,6 @@
     <PackageReference Include="NuGet.Services.Validation.Issues">
       <Version>2.14.0</Version>
     </PackageReference>
-    <PackageReference Include="NuGet.Versioning">
-      <Version>4.3.0</Version>
-    </PackageReference>
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\NuGet.Jobs.Common\NuGet.Jobs.Common.csproj">

src/PackageHash/BatchProcessor.cs

@@ -0,0 +1,104 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using NuGet.Common;
+
+namespace NuGet.Services.PackageHash
+{
+    public class BatchProcessor : IBatchProcessor
+    {
+        private readonly IPackageHashCalculator _calculator;
+        private readonly IOptionsSnapshot<PackageHashConfiguration> _configuration;
+        private readonly ILogger<BatchProcessor> _logger;
+
+        public BatchProcessor(
+            IPackageHashCalculator calculator,
+            IOptionsSnapshot<PackageHashConfiguration> configuration,
+            ILogger<BatchProcessor> logger)
+        {
+            _calculator = calculator ?? throw new ArgumentNullException(nameof(configuration));
+            _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
+            _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+        }
+
+        public async Task<IReadOnlyList<InvalidPackageHash>> ProcessBatchAsync(
+            IReadOnlyList<PackageHash> batch,
+            string hashAlgorithmId,
+            CancellationToken token)
+        {
+            // Build up a bag of work.
+            var remainingWork = new ConcurrentBag<Work>();
+            var failures = new ConcurrentBag<InvalidPackageHash>();
+            foreach (var source in _configuration.Value.Sources)
+            {
+                foreach (var package in batch)
+                {
+                    remainingWork.Add(new Work(source, package));
+                }
+            }
+
+            // Perform the work in parallel.
+            _logger.LogInformation(
+                "Starting to check hashes for {PackageCount} packages from {SourceCount} sources ({WorkCount} total" +
+                " checks, {DegreeOfParallelism} tasks).",
+                batch.Count,
+                _configuration.Value.Sources.Count,
+                remainingWork.Count,
+                _configuration.Value.DegreeOfParallelism);
+
+            var tasks = Enumerable
+                .Range(0, _configuration.Value.DegreeOfParallelism)
+                .Select(x => ProcessWorkAsync(remainingWork, failures, hashAlgorithmId, token))
+                .ToList();
+
+            await Task.WhenAll(tasks);
+
+            _logger.LogInformation(
+                "Completed the batch. {FailureResultCount} failure results were found.",
+                failures.Count);
+
+            return failures.ToList();
+        }
+
+        private async Task ProcessWorkAsync(
+            ConcurrentBag<Work> remainingWork,
+            ConcurrentBag<InvalidPackageHash> failures,
+            string hashAlgorithmId,
+            CancellationToken token)
+        {
+            while (remainingWork.TryTake(out var work) && !token.IsCancellationRequested)
+            {
+                var actualHash = await _calculator.GetPackageHashAsync(
+                    work.Source,
+                    work.Package.Identity,
+                    hashAlgorithmId,
+                    token);
+
+                if (work.Package.ExpectedHash != actualHash)
+                {
+                    failures.Add(new InvalidPackageHash(work.Source, work.Package, actualHash));
+                }
+            }
+        }
+
+        private class Work
+        {
+            public Work(PackageSource source, PackageHash package)
+            {
+                Source = source ?? throw new ArgumentNullException(nameof(source));
+                Package = package ?? throw new ArgumentNullException(nameof(package));
+            }
+
+            public PackageSource Source { get; }
+            public PackageHash Package { get; }
+        }
+    }
+}

src/PackageHash/ConsistentHash.cs

@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace NuGet.Services.PackageHash
+{
+    public static class ConsistentHash
+    {
+        public static int DetermineBucket(string key, int bucketCount)
+        {
+            using (var hashAlgorithm = SHA256.Create())
+            {
+                var hashBytes = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(key));
+                var reducedHash = 0;
+                for (var i = 0; i < hashBytes.Length; i += sizeof(int))
+                {
+                    reducedHash ^= BitConverter.ToInt32(hashBytes, i);
+                }
+
+                return reducedHash % bucketCount;
+            }
+        }
+    }
+}

src/PackageHash/IBatchProcessor.cs

@@ -0,0 +1,17 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace NuGet.Services.PackageHash
+{
+    public interface IBatchProcessor
+    {
+        Task<IReadOnlyList<InvalidPackageHash>> ProcessBatchAsync(
+            IReadOnlyList<PackageHash> batch,
+            string hashAlgorithm,
+            CancellationToken token);
+    }
+}

src/PackageHash/IPackageHashCalculator.cs

@@ -0,0 +1,18 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading;
+using System.Threading.Tasks;
+using NuGet.Packaging.Core;
+
+namespace NuGet.Services.PackageHash
+{
+    public interface IPackageHashCalculator
+    {
+        Task<string> GetPackageHashAsync(
+            PackageSource source,
+            PackageIdentity package,
+            string hashAlgorithmId,
+            CancellationToken token);
+    }
+}

src/PackageHash/IPackageHashProcessor.cs

@@ -0,0 +1,10 @@
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace NuGet.Services.PackageHash
+{
+    public interface IPackageHashProcessor
+    {
+        Task ExecuteAsync(int bucketNumber, int bucketCount, CancellationToken token);
+    }
+}

src/PackageHash/IResultRecorder.cs

@@ -0,0 +1,10 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace NuGet.Services.PackageHash
+{
+    public interface IResultRecorder
+    {
+        Task RecordAsync(IReadOnlyList<InvalidPackageHash> results);
+    }
+}

src/PackageHash/InvalidPackageHash.cs

@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGet.Services.PackageHash
+{
+    public class InvalidPackageHash
+    {
+        public InvalidPackageHash(PackageSource source, PackageHash package, string invalidHash)
+        {
+            Source = source;
+            Package = package;
+            InvalidHash = invalidHash;
+        }
+
+        public PackageSource Source { get; }
+        public PackageHash Package { get; }
+        public string InvalidHash { get; }
+    }
+}