Add certificated signfile.pfx to test NuGet and DotNetNuGet

CHANGELOG.md

@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Add `NuGet` with `delete`, `verify` and `sign` commands.
 - Add `DotNetNuGet` with `push`, `delete`, `verify` and `sign` commands.
 - Update namespace to `Nuke.Local.Tools` to prevent conflicts with `Nuke.Common` namespace.
+- Add certificated `signfile.pfx` to test `NuGet` and `DotNetNuGet`, the password is `signfile`.
 
 ## [1.0.0] / 2024-12-04
 ### Build

Nuke.NuGetKeyVaultSignTool/DotNetNuGetTests.cs

@@ -0,0 +1,101 @@
+using NUnit.Framework;
+using System.IO;
+using System;
+using Nuke.Local.Tools.DotNet;
+using Nuke.Common.Tooling;
+using Nuke.Local.Tools.NuGet;
+using System.Linq;
+
+namespace Nuke.NuGetKeyVaultSignTool
+{
+    public class DotNetNuGetTests
+    {
+        public static void DefaultConsole(OutputType type, string output)
+        {
+            if (type == OutputType.Std)
+                Console.WriteLine(output);
+            else
+                Console.WriteLine(output);
+        }
+
+        [TestCase("Files/package.nupkg")]
+        public void SignPackage(string fileName)
+        {
+            // Copy File to temp folder
+            var tempFolder = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
+            Directory.CreateDirectory(tempFolder);
+            var tempFile = Path.Combine(tempFolder, Path.GetFileName(fileName));
+            File.Copy(fileName, tempFile);
+
+            DotNetTasks.DotNetLogger = DefaultConsole;
+
+            DotNetTasks.DotNetNuGetSign(x => x
+                .SetTargetPath(tempFile)
+                .SetCertificatePath("Files/signfile.pfx")
+                .SetCertificatePassword("signfile")
+                .SetTimestamper("http://timestamp.digicert.com")
+            );
+
+            try
+            {
+                DotNetTasks.DotNetNuGetVerify(x => x
+                    .SetTargetPath(tempFile)
+                    .SetCertificateFingerprint("E413994364668939A34B235D378FC8C2CA12C56C0BF9ECC56538FC6079576855")
+            );
+            }
+            catch { }
+        }
+    }
+
+    public class NuGetTests
+    {
+        [OneTimeSetUp]
+        public void SetupEnvironmentToolPath()
+        {
+            var packageId = NuGetTasks.NuGetPackageId;
+
+            var userFolder = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
+            var packagesFolder = Path.Combine(userFolder, ".nuget", "packages");
+
+            var packageIdFolder = Path.Combine(packagesFolder, packageId);
+            var packageExe = Directory.GetFiles(packageIdFolder, "*.exe", SearchOption.AllDirectories).FirstOrDefault();
+            Environment.SetEnvironmentVariable(Path.GetFileNameWithoutExtension(packageExe).ToUpper() + "_EXE", packageExe);
+        }
+
+        public static void DefaultConsole(OutputType type, string output)
+        {
+            if (type == OutputType.Std)
+                Console.WriteLine(output);
+            else
+                Console.WriteLine(output);
+        }
+
+        [TestCase("Files/package.nupkg")]
+        public void SignPackage(string fileName)
+        {
+            // Copy File to temp folder
+            var tempFolder = Path.Combine(Path.GetTempPath(), Path.GetRandomFileName());
+            Directory.CreateDirectory(tempFolder);
+            var tempFile = Path.Combine(tempFolder, Path.GetFileName(fileName));
+            File.Copy(fileName, tempFile);
+
+            NuGetTasks.NuGetLogger = DefaultConsole;
+
+            NuGetTasks.NuGetSign(x => x
+                .SetTargetPath(tempFile)
+                .SetCertificatePath("Files/signfile.pfx")
+                .SetCertificatePassword("signfile")
+                .SetTimestamper("http://timestamp.digicert.com")
+            );
+
+            try
+            {
+                NuGetTasks.NuGetVerify(x => x
+                    .SetTargetPath(tempFile)
+                    .SetCertificateFingerprint("E413994364668939A34B235D378FC8C2CA12C56C0BF9ECC56538FC6079576855")
+                );
+            }
+            catch { }
+        }
+    }
+}

Nuke.NuGetKeyVaultSignTool/Nuke.NuGetKeyVaultSignTool.csproj

@@ -10,6 +10,7 @@
     <PackageReference Include="Nuke.Tooling.Generator" Version="8.*" />
     <PackageDownload Include="AzureSignTool" Version="[6.0.0]" />
     <PackageDownload Include="NuGetKeyVaultSignTool" Version="[3.2.3]" />
+    <PackageReference Include="NuGet.CommandLine" Version="*" />
   </ItemGroup>
 
   <ItemGroup>
@@ -28,6 +29,9 @@
     <None Update="Files\package.nupkg">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Update="Files\signfile.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Update="Tools\NuGetKeyVaultSignTool.json">
       <CopyToOutputDirectory>Never</CopyToOutputDirectory>
     </None>

Nuke.NuGetKeyVaultSignTool/Tools/DotNet.Generated.cs

@@ -265,6 +265,60 @@ public static IReadOnlyCollection<Output> DotNetNuGetSign(Configure<DotNetNuGetS
     {
         return configurator.Invoke(DotNetNuGetSign, DotNetLogger, degreeOfParallelism, completeOnFailure);
     }
+    /// <summary>
+    ///   <p>The dotnet nuget verify command verifies a signed NuGet package.</p>
+    ///   <p>For more details, visit the <a href="https://docs.microsoft.com/en-us/dotnet/core/tools/">official website</a>.</p>
+    /// </summary>
+    /// <remarks>
+    ///   <p>This is a <a href="http://www.nuke.build/docs/authoring-builds/cli-tools.html#fluent-apis">CLI wrapper with fluent API</a> that allows to modify the following arguments:</p>
+    ///   <ul>
+    ///     <li><c>&lt;targetPath&gt;</c> via <see cref="DotNetNuGetVerifySettings.TargetPath"/></li>
+    ///     <li><c>--certificate-fingerprint</c> via <see cref="DotNetNuGetVerifySettings.CertificateFingerprint"/></li>
+    ///     <li><c>--configfile</c> via <see cref="DotNetNuGetVerifySettings.ConfigFile"/></li>
+    ///     <li><c>--verbosity</c> via <see cref="DotNetNuGetVerifySettings.Verbosity"/></li>
+    ///   </ul>
+    /// </remarks>
+    public static IReadOnlyCollection<Output> DotNetNuGetVerify(DotNetNuGetVerifySettings toolSettings = null)
+    {
+        toolSettings = toolSettings ?? new DotNetNuGetVerifySettings();
+        using var process = ProcessTasks.StartProcess(toolSettings);
+        toolSettings.ProcessExitHandler.Invoke(toolSettings, process.AssertWaitForExit());
+        return process.Output;
+    }
+    /// <summary>
+    ///   <p>The dotnet nuget verify command verifies a signed NuGet package.</p>
+    ///   <p>For more details, visit the <a href="https://docs.microsoft.com/en-us/dotnet/core/tools/">official website</a>.</p>
+    /// </summary>
+    /// <remarks>
+    ///   <p>This is a <a href="http://www.nuke.build/docs/authoring-builds/cli-tools.html#fluent-apis">CLI wrapper with fluent API</a> that allows to modify the following arguments:</p>
+    ///   <ul>
+    ///     <li><c>&lt;targetPath&gt;</c> via <see cref="DotNetNuGetVerifySettings.TargetPath"/></li>
+    ///     <li><c>--certificate-fingerprint</c> via <see cref="DotNetNuGetVerifySettings.CertificateFingerprint"/></li>
+    ///     <li><c>--configfile</c> via <see cref="DotNetNuGetVerifySettings.ConfigFile"/></li>
+    ///     <li><c>--verbosity</c> via <see cref="DotNetNuGetVerifySettings.Verbosity"/></li>
+    ///   </ul>
+    /// </remarks>
+    public static IReadOnlyCollection<Output> DotNetNuGetVerify(Configure<DotNetNuGetVerifySettings> configurator)
+    {
+        return DotNetNuGetVerify(configurator(new DotNetNuGetVerifySettings()));
+    }
+    /// <summary>
+    ///   <p>The dotnet nuget verify command verifies a signed NuGet package.</p>
+    ///   <p>For more details, visit the <a href="https://docs.microsoft.com/en-us/dotnet/core/tools/">official website</a>.</p>
+    /// </summary>
+    /// <remarks>
+    ///   <p>This is a <a href="http://www.nuke.build/docs/authoring-builds/cli-tools.html#fluent-apis">CLI wrapper with fluent API</a> that allows to modify the following arguments:</p>
+    ///   <ul>
+    ///     <li><c>&lt;targetPath&gt;</c> via <see cref="DotNetNuGetVerifySettings.TargetPath"/></li>
+    ///     <li><c>--certificate-fingerprint</c> via <see cref="DotNetNuGetVerifySettings.CertificateFingerprint"/></li>
+    ///     <li><c>--configfile</c> via <see cref="DotNetNuGetVerifySettings.ConfigFile"/></li>
+    ///     <li><c>--verbosity</c> via <see cref="DotNetNuGetVerifySettings.Verbosity"/></li>
+    ///   </ul>
+    /// </remarks>
+    public static IEnumerable<(DotNetNuGetVerifySettings Settings, IReadOnlyCollection<Output> Output)> DotNetNuGetVerify(CombinatorialConfigure<DotNetNuGetVerifySettings> configurator, int degreeOfParallelism = 1, bool completeOnFailure = false)
+    {
+        return configurator.Invoke(DotNetNuGetVerify, DotNetLogger, degreeOfParallelism, completeOnFailure);
+    }
 }
 #region DotNetNuGetPushSettings
 /// <summary>
@@ -495,6 +549,49 @@ protected override Arguments ConfigureProcessArguments(Arguments arguments)
     }
 }
 #endregion
+#region DotNetNuGetVerifySettings
+/// <summary>
+///   Used within <see cref="DotNetTasks"/>.
+/// </summary>
+[PublicAPI]
+[ExcludeFromCodeCoverage]
+[Serializable]
+public partial class DotNetNuGetVerifySettings : ToolSettings
+{
+    /// <summary>
+    ///   Path to the DotNet executable.
+    /// </summary>
+    public override string ProcessToolPath => base.ProcessToolPath ?? DotNetTasks.DotNetPath;
+    public override Action<OutputType, string> ProcessLogger => base.ProcessLogger ?? DotNetTasks.DotNetLogger;
+    public override Action<ToolSettings, IProcess> ProcessExitHandler => base.ProcessExitHandler ?? DotNetTasks.DotNetExitHandler;
+    /// <summary>
+    ///   Path of the package to verify.
+    /// </summary>
+    public virtual string TargetPath { get; internal set; }
+    /// <summary>
+    ///   Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option can be supplied multiple times to provide multiple fingerprints.
+    /// </summary>
+    public virtual string CertificateFingerprint { get; internal set; }
+    /// <summary>
+    ///   The NuGet configuration file (nuget.config) to use.
+    /// </summary>
+    public virtual string ConfigFile { get; internal set; }
+    /// <summary>
+    ///   Sets the verbosity level of the command. Allowed values are <c>q[uiet]</c>, <c>m[inimal]</c>, <c>n[ormal]</c>, <c>d[etailed]</c>, and <c>diag[nostic]</c>.
+    /// </summary>
+    public virtual DotNetVerbosity Verbosity { get; internal set; }
+    protected override Arguments ConfigureProcessArguments(Arguments arguments)
+    {
+        arguments
+          .Add("nuget verify")
+          .Add("{value}", TargetPath)
+          .Add("--certificate-fingerprint {value}", CertificateFingerprint)
+          .Add("--configfile {value}", ConfigFile)
+          .Add("--verbosity {value}", Verbosity);
+        return base.ConfigureProcessArguments(arguments);
+    }
+}
+#endregion
 #region DotNetNuGetPushSettingsExtensions
 /// <summary>
 ///   Used within <see cref="DotNetTasks"/>.
@@ -1623,6 +1720,112 @@ public static T ResetVerbosity<T>(this T toolSettings) where T : DotNetNuGetSign
     #endregion
 }
 #endregion
+#region DotNetNuGetVerifySettingsExtensions
+/// <summary>
+///   Used within <see cref="DotNetTasks"/>.
+/// </summary>
+[PublicAPI]
+[ExcludeFromCodeCoverage]
+public static partial class DotNetNuGetVerifySettingsExtensions
+{
+    #region TargetPath
+    /// <summary>
+    ///   <p><em>Sets <see cref="DotNetNuGetVerifySettings.TargetPath"/></em></p>
+    ///   <p>Path of the package to verify.</p>
+    /// </summary>
+    [Pure]
+    public static T SetTargetPath<T>(this T toolSettings, string targetPath) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.TargetPath = targetPath;
+        return toolSettings;
+    }
+    /// <summary>
+    ///   <p><em>Resets <see cref="DotNetNuGetVerifySettings.TargetPath"/></em></p>
+    ///   <p>Path of the package to verify.</p>
+    /// </summary>
+    [Pure]
+    public static T ResetTargetPath<T>(this T toolSettings) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.TargetPath = null;
+        return toolSettings;
+    }
+    #endregion
+    #region CertificateFingerprint
+    /// <summary>
+    ///   <p><em>Sets <see cref="DotNetNuGetVerifySettings.CertificateFingerprint"/></em></p>
+    ///   <p>Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option can be supplied multiple times to provide multiple fingerprints.</p>
+    /// </summary>
+    [Pure]
+    public static T SetCertificateFingerprint<T>(this T toolSettings, string certificateFingerprint) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.CertificateFingerprint = certificateFingerprint;
+        return toolSettings;
+    }
+    /// <summary>
+    ///   <p><em>Resets <see cref="DotNetNuGetVerifySettings.CertificateFingerprint"/></em></p>
+    ///   <p>Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option can be supplied multiple times to provide multiple fingerprints.</p>
+    /// </summary>
+    [Pure]
+    public static T ResetCertificateFingerprint<T>(this T toolSettings) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.CertificateFingerprint = null;
+        return toolSettings;
+    }
+    #endregion
+    #region ConfigFile
+    /// <summary>
+    ///   <p><em>Sets <see cref="DotNetNuGetVerifySettings.ConfigFile"/></em></p>
+    ///   <p>The NuGet configuration file (nuget.config) to use.</p>
+    /// </summary>
+    [Pure]
+    public static T SetConfigFile<T>(this T toolSettings, string configFile) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.ConfigFile = configFile;
+        return toolSettings;
+    }
+    /// <summary>
+    ///   <p><em>Resets <see cref="DotNetNuGetVerifySettings.ConfigFile"/></em></p>
+    ///   <p>The NuGet configuration file (nuget.config) to use.</p>
+    /// </summary>
+    [Pure]
+    public static T ResetConfigFile<T>(this T toolSettings) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.ConfigFile = null;
+        return toolSettings;
+    }
+    #endregion
+    #region Verbosity
+    /// <summary>
+    ///   <p><em>Sets <see cref="DotNetNuGetVerifySettings.Verbosity"/></em></p>
+    ///   <p>Sets the verbosity level of the command. Allowed values are <c>q[uiet]</c>, <c>m[inimal]</c>, <c>n[ormal]</c>, <c>d[etailed]</c>, and <c>diag[nostic]</c>.</p>
+    /// </summary>
+    [Pure]
+    public static T SetVerbosity<T>(this T toolSettings, DotNetVerbosity verbosity) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.Verbosity = verbosity;
+        return toolSettings;
+    }
+    /// <summary>
+    ///   <p><em>Resets <see cref="DotNetNuGetVerifySettings.Verbosity"/></em></p>
+    ///   <p>Sets the verbosity level of the command. Allowed values are <c>q[uiet]</c>, <c>m[inimal]</c>, <c>n[ormal]</c>, <c>d[etailed]</c>, and <c>diag[nostic]</c>.</p>
+    /// </summary>
+    [Pure]
+    public static T ResetVerbosity<T>(this T toolSettings) where T : DotNetNuGetVerifySettings
+    {
+        toolSettings = toolSettings.NewInstance();
+        toolSettings.Verbosity = null;
+        return toolSettings;
+    }
+    #endregion
+}
+#endregion
 #region DotNetVerbosity
 /// <summary>
 ///   Used within <see cref="DotNetTasks"/>.

Nuke.NuGetKeyVaultSignTool/Tools/DotNet.json

@@ -249,6 +249,40 @@
           }
         ]
       }
+    },
+    {
+      "help": "The dotnet nuget verify command verifies a signed NuGet package.",
+      "postfix": "NuGetVerify",
+      "omitCommonProperties": true,
+      "definiteArgument": "nuget verify",
+      "settingsClass": {
+        "properties": [
+          {
+            "name": "TargetPath",
+            "type": "string",
+            "format": "{value}",
+            "help": "Path of the package to verify."
+          },
+          {
+            "name": "CertificateFingerprint",
+            "type": "string",
+            "format": "--certificate-fingerprint {value}",
+            "help": "Verify that the signer certificate matches with one of the specified SHA256 fingerprints. This option can be supplied multiple times to provide multiple fingerprints."
+          },
+          {
+            "name": "ConfigFile",
+            "type": "string",
+            "format": "--configfile {value}",
+            "help": "The NuGet configuration file (nuget.config) to use."
+          },
+          {
+            "name": "Verbosity",
+            "type": "DotNetVerbosity",
+            "format": "--verbosity {value}",
+            "help": "Sets the verbosity level of the command. Allowed values are <c>q[uiet]</c>, <c>m[inimal]</c>, <c>n[ormal]</c>, <c>d[etailed]</c>, and <c>diag[nostic]</c>."
+          }
+        ]
+      }
     }
   ],
   "commonTaskProperties": [