Table of Contents

Interface ISignedPackageReader

Namespace
NuGet.Packaging.Signing
Assembly
Chocolatey.NuGet.Packaging.dll

A readonly package that can provide signatures and a sign manifest from a package.

public interface ISignedPackageReader : IDisposable
Inherited Members

Methods

CanVerifySignedPackages(SignedPackageVerifierSettings)

Indicates if the the ISignedPackageReader instance can verify signed packages.

bool CanVerifySignedPackages(SignedPackageVerifierSettings verifierSettings)

Parameters

verifierSettings SignedPackageVerifierSettings

Package verification settings. Include information about what is allowed.

Returns

bool

Exceptions

SignatureException

if the ISignedPackageReader does not support signed packages

GetArchiveHashAsync(HashAlgorithmName, CancellationToken)

Gets the hash of an archive to be embedded in the package signature.

Task<byte[]> GetArchiveHashAsync(HashAlgorithmName hashAlgorithm, CancellationToken token)

Parameters

hashAlgorithm HashAlgorithmName
token CancellationToken

Returns

Task<byte[]>

GetContentHash(CancellationToken, Func<string>)

Get the hash of the package content excluding signature context for signed package. If the package is not signed it calculates it from the whole package.

string GetContentHash(CancellationToken token, Func<string> GetUnsignedPackageHash = null)

Parameters

token CancellationToken

Cancellation token.

GetUnsignedPackageHash Func<string>

Function to return the hash in case the package is not signed.

Returns

string

hash of the unsigned content of the package.

Remarks

The method takes an optional function to get the hash of an unsigned package instead of calculating it.

GetPrimarySignatureAsync(CancellationToken)

Get package signature.

Task<PrimarySignature> GetPrimarySignatureAsync(CancellationToken token)

Parameters

token CancellationToken

Returns

Task<PrimarySignature>

Remarks

Returns a null if the package is unsigned.

IsSignedAsync(CancellationToken)

Check if a package contains signing information.

Task<bool> IsSignedAsync(CancellationToken token)

Parameters

token CancellationToken

Returns

Task<bool>

True if the package is signed.

ValidateIntegrityAsync(SignatureContent, CancellationToken)

Checks for the integrity of a package

Task ValidateIntegrityAsync(SignatureContent signatureContent, CancellationToken token)

Parameters

signatureContent SignatureContent

SignatureContent with expected hash value and hash algorithm used

token CancellationToken

Returns

Task