@@ -3617,5 +3617,41 @@ public void ContainerSigningWithoutDoNotUnpack()
36173617 "File 'ContainerOne.1.0.0.nupkg' Certificate='NuGet'" ,
36183618 } ) ;
36193619 }
3620+
3621+ [ Fact ]
3622+ public void ContainerSigningWithDoNotUnpackAndDetachedSignature ( )
3623+ {
3624+ // List of files to be considered for signing - with DoNotUnpack flag and detached signature
3625+ var itemsToSign = new List < ItemToSign > ( )
3626+ {
3627+ new ItemToSign ( GetResourcePath ( "test.zip" ) , collisionPriorityId : "123" , doNotUnpack : true )
3628+ } ;
3629+
3630+ var strongNameSignInfo = new Dictionary < string , List < SignInfo > > ( ) ;
3631+
3632+ // Configure the certificate to use detached signatures
3633+ var fileSignInfo = new Dictionary < ExplicitCertificateKey , string > ( )
3634+ {
3635+ { new ExplicitCertificateKey ( "test.zip" , collisionPriorityId : "123" ) , "ArchiveCert" }
3636+ } ;
3637+
3638+ var additionalCertificateInfo = new Dictionary < string , List < AdditionalCertificateInformation > > ( )
3639+ {
3640+ { "ArchiveCert" ,
3641+ new List < AdditionalCertificateInformation > ( ) {
3642+ new AdditionalCertificateInformation ( ) { GeneratesDetachedSignature = true , CollisionPriorityId = "123" }
3643+ }
3644+ }
3645+ } ;
3646+
3647+ // When DoNotUnpack is true with a certificate that generates detached signatures,
3648+ // only the top-level container should be signed with a detached signature (.sig file),
3649+ // and nested files should not be extracted or signed
3650+ ValidateFileSignInfos ( itemsToSign , strongNameSignInfo , fileSignInfo , s_fileExtensionSignInfoWithCollisionId , new [ ]
3651+ {
3652+ "File 'test.zip' Certificate='ArchiveCert'" ,
3653+ } ,
3654+ additionalCertificateInfo : additionalCertificateInfo ) ;
3655+ }
36203656 }
36213657}
0 commit comments