-
-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend AssemblyAssertions with methods to check on assemblies being signed or not #2209
Comments
Thanks for opening this proposal. "Signing" seems to be an overloaded term which can both refer to "strong-name signing" and "digital signature signing". I fiddled around with different tools, and it seems they do not agree in what casing public keys should be printed. public AndConstraint<AssemblyAssertions> HavePublicKey(byte[] publicKey, string because = "", params object[] becauseArgs); Should there be an overload that validates only if an assembly has a public key, but not its contents? public AndWhichConstraint<AssemblyAssertions, byte[]> HavePublicKey(string because = "", params object[] becauseArgs); |
I disagree with providing a public key as byte array. Take my library (Qowaiv). It's public key is I see no use case for only checking that an assembly has a public key, as if it is in your control you should ensure that the key does never change, and if it is not in your control, there is nothing you can do any way. And if being signed of a dependent assembly is required, the compiler will warn you, or even fail to compile. |
I actually agree with you @Corniel. |
Since it seems we can use To illustrate my point, see how I can construct a key starting with either using System.Reflection;
using System.Text;
var asm = Assembly.GetExecutingAssembly();
// v
var str = "a024000004800000940000000602000000240000525341310004000001000100ef35df58aa7fec73a11e70572e6b3791601006ef3fb1c6c1f1a402ba83bb2edc975c61e8a32d792edb864127f0d2c67eb7a64a9d3a0cdb0b1bb37ff2d0fcfd7990304623c044439d04dac49624cc6d7937581419d995c2689f9898ec09c941b3eb3cab8e4fc8f90b4ae5d45ab03d691d4d1f4b68450dad41fed46671376934b0";
var key = Encoding.ASCII.GetBytes(str);
var asmName = asm.GetName();
asmName.SetPublicKey(key);
Console.WriteLine(Encoding.ASCII.GetString(asmName.GetPublicKey()));
// v
str = "A024000004800000940000000602000000240000525341310004000001000100ef35df58aa7fec73a11e70572e6b3791601006ef3fb1c6c1f1a402ba83bb2edc975c61e8a32d792edb864127f0d2c67eb7a64a9d3a0cdb0b1bb37ff2d0fcfd7990304623c044439d04dac49624cc6d7937581419d995c2689f9898ec09c941b3eb3cab8e4fc8f90b4ae5d45ab03d691d4d1f4b68450dad41fed46671376934b0";
key = Encoding.ASCII.GetBytes(str);
asmName.SetPublicKey(key);
Console.WriteLine(Encoding.ASCII.GetString(asmName.GetPublicKey())); output
|
I always thought, that a key is always meant to be case-insensitive. That's kinda weird... |
You're completely right @IT-VBFK! It's the string comparison of hex strings that should be case-insensitive. |
I've updated the proposal with the approved API. |
I see the reasoning behind For me |
In the context of an assembly, I do have to admit that I like |
Background and motivation
To ensure that the public key of an signed assembly does not accidentally changes, having an assertion
.HavePublicKey(string)
can help. For completeness/symmetry reasons adding.BeUnsigned()
might be beneficial too.API Proposal
API Usage
Alternative Designs
No response
Risks
No response
The text was updated successfully, but these errors were encountered: