Update gallery certificate info in ProcessSignature job (#497)

Progress on NuGet/NuGetGallery#6183
NuGet · Jul 30, 2018 · 8748c13 · 8748c13
1 parent e7b9e8e
commit 8748c13
Show file tree

Hide file tree

Showing 6 changed files with 232 additions and 73 deletions.
diff --git a/src/Validation.Common.Job/LoggerDiagnosticsSource.cs b/src/Validation.Common.Job/LoggerDiagnosticsSource.cs
@@ -91,7 +91,7 @@ private static IDictionary<string, string> GetProperties(
 
         public void Log<TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func<TState, Exception, string> formatter)
         {
-            _logger.Log<TState>(logLevel, eventId, state, exception, formatter);
+            _logger.Log(logLevel, eventId, state, exception, formatter);
         }
 
         public bool IsEnabled(LogLevel logLevel)
@@ -101,7 +101,7 @@ public bool IsEnabled(LogLevel logLevel)
 
         public IDisposable BeginScope<TState>(TState state)
         {
-            return _logger.BeginScope<TState>(state);
+            return _logger.BeginScope(state);
         }
 
         /// <summary>

diff --git a/src/Validation.Common.Job/Validation.Common.Job.csproj b/src/Validation.Common.Job/Validation.Common.Job.csproj
@@ -115,7 +115,7 @@
       <Version>2.27.0</Version>
     </PackageReference>
     <PackageReference Include="NuGetGallery.Core">
-      <Version>4.4.5-dev-35743</Version>
+      <Version>4.4.5-dev-36135</Version>
     </PackageReference>
     <PackageReference Include="Serilog">
       <Version>2.5.0</Version>

diff --git a/src/Validation.Common.Job/Validation.Common.Job.nuspec b/src/Validation.Common.Job/Validation.Common.Job.nuspec
@@ -23,7 +23,7 @@
       <dependency id="NuGet.Services.Storage" version="2.27.0" />
       <dependency id="NuGet.Services.Validation" version="2.27.0" />
       <dependency id="NuGet.Services.Validation.Issues" version="2.27.0" />
-      <dependency id="NuGetGallery.Core" version="4.4.5-dev-35743" />
+      <dependency id="NuGetGallery.Core" version="4.4.5-dev-36135" />
       <dependency id="Serilog" version="2.5.0" />
       <dependency id="System.Net.Http" version="4.3.3" />
     </dependencies>

diff --git a/src/Validation.PackageSigning.ProcessSignature/SignaturePartsExtractor.cs b/src/Validation.PackageSigning.ProcessSignature/SignaturePartsExtractor.cs
@@ -12,24 +12,28 @@
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Packaging.Signing;
 using NuGet.Services.Validation;
+using NuGetGallery;
 
 namespace NuGet.Jobs.Validation.PackageSigning.ProcessSignature
 {
     public class SignaturePartsExtractor : ISignaturePartsExtractor
     {
         private readonly ICertificateStore _certificateStore;
-        private readonly IValidationEntitiesContext _entitiesContext;
+        private readonly IValidationEntitiesContext _validationEntitiesContext;
+        private readonly IEntitiesContext _galleryEntitiesContext;
         private readonly IOptionsSnapshot<ProcessSignatureConfiguration> _configuration;
         private readonly ILogger<SignaturePartsExtractor> _logger;
 
         public SignaturePartsExtractor(
             ICertificateStore certificateStore,
-            IValidationEntitiesContext entitiesContext,
+            IValidationEntitiesContext validationEntitiesContext,
+            IEntitiesContext galleryEntitiesContext,
             IOptionsSnapshot<ProcessSignatureConfiguration> configuration,
             ILogger<SignaturePartsExtractor> logger)
         {
             _certificateStore = certificateStore ?? throw new ArgumentNullException(nameof(certificateStore));
-            _entitiesContext = entitiesContext ?? throw new ArgumentNullException(nameof(entitiesContext));
+            _validationEntitiesContext = validationEntitiesContext ?? throw new ArgumentNullException(nameof(validationEntitiesContext));
+            _galleryEntitiesContext = galleryEntitiesContext ?? throw new ArgumentNullException(nameof(galleryEntitiesContext));
             _configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
@@ -53,8 +57,61 @@ public async Task ExtractAsync(int packageKey, PrimarySignature primarySignature
                 await SaveCertificatesToStoreAsync(context);
 
                 // Commit the database changes.
-                await _entitiesContext.SaveChangesAsync();
+                await _validationEntitiesContext.SaveChangesAsync();
+
+                // Update certificate information in the gallery.
+                await UpdateCertificateInformationAsync(context);
+            }
+        }
+
+        private async Task UpdateCertificateInformationAsync(Context context)
+        {
+            // Only operate on author signatures. Packages that only have a repository signature are not interesting
+            // for this purpose.
+            if (context.PrimarySignature.Type != SignatureType.Author)
+            {
+                return;
             }
+
+            var hashedCertificate = context
+                .Author
+                .Certificates
+                .SignatureEndCertificate;
+            var certificate = hashedCertificate.Certificate;
+            var thumbprint = hashedCertificate.Thumbprint;
+
+            // Fetch the certificate record from the gallery database using the SHA-256 thumbprint.
+            var certificateRecord = await _galleryEntitiesContext
+                .Certificates
+                .Where(c => c.Thumbprint == thumbprint)
+                .FirstOrDefaultAsync();            
+            if (certificateRecord == null)
+            {
+                _logger.LogWarning(
+                    "No certificate record was found in the gallery database for thumbprint {Thumbprint}.",
+                    thumbprint);
+                return;
+            }
+
+            // Do nothing if the certificate details are already populated.
+            var expiration = certificate.NotAfter.ToUniversalTime();
+            if (certificateRecord.Expiration == expiration
+                && certificateRecord.Subject == certificate.Subject
+                && certificateRecord.Issuer == certificate.Issuer)
+            {
+                return;
+            }
+
+            // Save the certificate details to the gallery record.
+            certificateRecord.Expiration = expiration;
+            certificateRecord.Subject = certificate.Subject;
+            certificateRecord.Issuer = certificate.Issuer;
+
+            await _galleryEntitiesContext.SaveChangesAsync();
+
+            _logger.LogInformation(
+                "Gallery certificate information for certificate with thumbprint {Thumbprint} has been populated.",
+                thumbprint);
         }
 
         private static void ExtractSignaturesAndCertificates(Context context)
@@ -260,7 +317,7 @@ private async Task<PackageSignature> InitializePackageSignatureAsync(
             IReadOnlyDictionary<string, EndCertificate> thumbprintToEndCertificate,
             bool replacePackageSignature)
         {
-            var packageSignatures = await _entitiesContext
+            var packageSignatures = await _validationEntitiesContext
                 .PackageSignatures
                 .Include(x => x.TrustedTimestamps)
                 .Include(x => x.EndCertificate)
@@ -309,10 +366,10 @@ private async Task<PackageSignature> InitializePackageSignatureAsync(
                         // explicit and to facilitate unit testing, we explicitly remove them.
                         foreach (var trustedTimestamp in packageSignature.TrustedTimestamps)
                         {
-                            _entitiesContext.TrustedTimestamps.Remove(trustedTimestamp);
+                            _validationEntitiesContext.TrustedTimestamps.Remove(trustedTimestamp);
                         }
 
-                        _entitiesContext.PackageSignatures.Remove(packageSignature);
+                        _validationEntitiesContext.PackageSignatures.Remove(packageSignature);
 
                         packageSignature = InitializePackageSignature(
                             packageKey,
@@ -356,7 +413,7 @@ private PackageSignature InitializePackageSignature(
             };
 
             packageSignature.EndCertificateKey = packageSignature.EndCertificate.Key;
-            _entitiesContext.PackageSignatures.Add(packageSignature);
+            _validationEntitiesContext.PackageSignatures.Add(packageSignature);
 
             return packageSignature;
         }
@@ -394,7 +451,7 @@ private void InitializeTrustedTimestamp(
                 };
                 trustedTimestamp.EndCertificateKey = trustedTimestamp.EndCertificate.Key;
                 packageSignature.TrustedTimestamps.Add(trustedTimestamp);
-                _entitiesContext.TrustedTimestamps.Add(trustedTimestamp);
+                _validationEntitiesContext.TrustedTimestamps.Add(trustedTimestamp);
             }
             else
             {
@@ -454,7 +511,7 @@ private void ConnectCertificates(
                         EndCertificate = endCertificateEntity,
                         ParentCertificate = parentCertificateEntity,
                     };
-                    _entitiesContext.CertificateChainLinks.Add(link);
+                    _validationEntitiesContext.CertificateChainLinks.Add(link);
                     endCertificateEntity.CertificateChainLinks.Add(link);
                     parentCertificateEntity.CertificateChainLinks.Add(link);
 
@@ -476,7 +533,7 @@ private async Task<IReadOnlyDictionary<string, EndCertificate>> InitializeEndCer
 
             // Find all of the end certificate entities that intersect with the set of certificates found in the
             // package that is currently being processed.
-            var existingEntities = await _entitiesContext
+            var existingEntities = await _validationEntitiesContext
                 .EndCertificates
                 .Include(x => x.CertificateChainLinks)
                 .Where(x => thumbprints.Contains(x.Thumbprint))
@@ -495,7 +552,7 @@ private async Task<IReadOnlyDictionary<string, EndCertificate>> InitializeEndCer
                         Thumbprint = certificateAndUse.Certificate.Thumbprint,
                         CertificateChainLinks = new List<CertificateChainLink>(),
                     };
-                    _entitiesContext.EndCertificates.Add(entity);
+                    _validationEntitiesContext.EndCertificates.Add(entity);
 
                     thumbprintToEntity[certificateAndUse.Certificate.Thumbprint] = entity;
                 }
@@ -524,7 +581,7 @@ private async Task<IReadOnlyDictionary<string, ParentCertificate>> InitializePar
 
             // Find all of the parent certificate entities that intersect with the set of certificates found in the
             // package that is currently being processed.
-            var existingEntities = await _entitiesContext
+            var existingEntities = await _validationEntitiesContext
                 .ParentCertificates
                 .Include(x => x.CertificateChainLinks)
                 .Where(x => thumbprints.Contains(x.Thumbprint))
@@ -541,7 +598,7 @@ private async Task<IReadOnlyDictionary<string, ParentCertificate>> InitializePar
                         Thumbprint = certificate.Thumbprint,
                         CertificateChainLinks = new List<CertificateChainLink>(),
                     };
-                    _entitiesContext.ParentCertificates.Add(entity);
+                    _validationEntitiesContext.ParentCertificates.Add(entity);
 
                     thumbprintToEntity[certificate.Thumbprint] = entity;
                 }