NuGet.Packaging

An internal NuGetFramework marker for ManagedCodeConventions. Most conventions disallow the string 'any' as a txm, so to allow it for conventions with no txm in the path we use this special type.

Defines all the package conventions used by Managed Code packages

If matchOnly is true, then an empty string may be returned as a performance optimization. If matchOnly is false, the parsed result will be returned.

Identity parser, returns the input string as is. If matchOnly is true, then an empty string is returned as a performance optimization. If matchOnly is false, the string will be actualized.

If matchOnly is true, then an empty string is returned as a performance optimization. If matchOnly is false, the parsed result will be returned.

Pattern used to locate all files targetted at a specific runtime and/or framework

Pattern used to locate all files designed for loading as managed code assemblies at run-time

Pattern used to locate ref assemblies for compile.

Pattern used to locate lib assemblies for compile.

Pattern used to locate all files designed for loading as native code libraries at run-time

Pattern used to locate all files designed for loading as managed code resource assemblies at run-time

Pattern used to identify MSBuild targets and props files

Pattern used to identify MSBuild global targets and props files

Pattern used to identify content files

Pattern used to identify Tools assets for global tools

Pattern used to locate embed interop types assemblies

Pattern used to identify MSBuild transitive targets and props files

True if lib/contract exists

Populate the provided list with ContentItemGroups based on a provided pattern set.

The pattern set to match The list that will be mutated and populated with the item groups

False if the path would not match any patterns.

Defines a property that can be used in Content Model query patterns

Parse a ReadOnlyMemory char if it's off the form of this definition. A null return value means the ReadOnlyMemory char does not match this definition. If the bool is true, the return object will be non-null, and match what the ReadOnlyMemory char represents. If the bool is false, the return object will be non-null if the ReadOnlyMemory char represents a valid value for this definition. This is a performance optimization.

Looks up a definition for the given substring. Example, say this definition is for an assembly. If the name is "assembly.dll", this method would return true and the value would be the assembly name. If the name is "assembly.xml" this method would return flase and the value would be the null. If this is a match only lookup the value will be null, but the return bool will be true. This is a performance optimization since the value is unused.

The name to lookup. A replacement table. If name matches a value in the replacement table, it'll be returned instead. Whether this is a grouping match, or we actually want to actualize the value of name as a string. The out param. If matchonly, it will always be null. Otherwise, set to actualized value of name if the return is true, set to null if false. True if the name matches the definition. False otherwise.

Find the nearest compatible candidate.

A set of patterns that can be used to query a set of file paths for items matching a provided criteria.

Patterns used to select a group of items that matches the criteria

Pattern expressions.

Patterns used to select individual items that match the criteria

Path expressions.

Property definitions used for matching patterns

A pattern that can be used to match file paths given a provided criteria.

The pattern is defined as a sequence of literal path strings that must match exactly and property references, wrapped in {} characters, which are tested for compatibility with the consumer-provided criteria.

Replacement token table.

Replacement token table organized by property.

Lookup a token and get the replacement if it exists.

Property moniker Token name Replacement value

PropertyName moniker

Item name

Item replacement value

Represents a comparer of that uses string ordinal comparison.

Compares the id and version of a package

Default comparer Null ranges and the All range are treated as equal.

Default comparer

Compares the Id, Version, and Version release label. Version build metadata is ignored.

Default version range comparer.

Compare versions with a specific VersionComparison

Compare versions with a specific IVersionComparer

Default comparer that compares on the id, version, and version release labels.

True if the package identities are the same when ignoring build metadata.

Hash code of the id and version

Compares on the Id first, then version

metadata/contentFiles/files entry from a nuspec

Included files

Required

Excluded files

Build action

If true the item will be copied to the output folder.

If true the content items will keep the same folder structure in the output folder.

Callback invoked to extract a package file.

The path of the file in the package. The path to write to. The file . The file name if the file was written; otherwise .

A basic asynchronous package reader that provides the identity, min client version, and file access.

Higher level concepts used for normal development nupkgs should go at a higher level

Asynchronously gets the identity of the package.

A cancellation token. A task that represents the asynchronous operation. The task result () returns a . Thrown if is cancelled.

Asynchronously gets the minimum client version needed to consume the package.

A cancellation token. A task that represents the asynchronous operation. The task result () returns a . Thrown if is cancelled.

Asynchronously gets zero or more package types from the .nuspec.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns a file stream from the package.

The file path in the package. A cancellation token. A task that represents the asynchronous operation. The task result () returns a . Thrown if is cancelled.

Asynchronously gets all files in the package.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously gets files in a folder in the package.

A folder path in the package. A cancellation token. A task that represents the asynchronous operation. The task result () returns an for files under the specified folder. Thrown if is cancelled.

Asynchronously gets a nuspec stream.

A cancellation token. A task that represents the asynchronous operation. The task result () returns a . Thrown if is cancelled.

Asynchronously gets a nuspec file path.

A cancellation token. A task that represents the asynchronous operation. The task result () returns a representing the nuspec file path. Thrown if is cancelled.

Asynchronously copies files from a package to a new location.

The destination path to copy to. The package files to copy. A package file extraction delegate. A logger. A cancellation token. A task that represents the asynchronous operation. The task result () returns am for the copied file paths. Thrown if is cancelled.

A basic nuspec reader that understands ONLY the id, version, and min client version of a package.

Higher level concepts used for normal development nupkgs should go at a higher level

Package Id

Package Version

Minimum client version needed to consume the package.

Gets zero or more package types from the .nuspec.

Id and Version of a package.

Package metadata in the nuspec

Basic package reader that provides the identity, min client version, and file access.

Higher level concepts used for normal development nupkgs should go at a higher level

Gets the package identity.

A package identity.

Gets the minimum client version needed to consume the package.

A NuGet version.

Gets zero or more package types from the .nuspec.

A readonly list of package types.

Gets a file stream from the package.

A stream for a file in the package.

Gets all files in the package.

An enumerable of files in the package.

Gets files in a folder in the package.

Folder path An enumerable of files under specified folder.

Gets a nuspec stream.

A stream for the nuspec.

Gets a nuspec file path.

The nuspec file path.

Copies files from a package to a new location.

The destination folder path. The package files to copy. A package file extraction delegate. A logger. A cancellation token. An enumerable of paths of files copied to the destination.

A basic nuspec reader that understand id, version, and a flat list of dependencies.

Read a nuspec from a stream.

Reads a nuspec from XML

Returns a flat list of dependencies from a nuspec

A very basic Nuspec reader that understands the Id, Version, PackageType, and MinClientVersion of a package.

Read a nuspec from a path.

Read a nuspec from a stream.

Reads a nuspec from XML

Id of the package

Version of the package

The minimum client version this package supports.

Gets zero or more package types from the .nuspec.

Returns if the package is serviceable.

The developmentDependency attribute

Nuspec Metadata

Returns a nuspec metadata value or string.Empty.

Indexed metadata values of the XML elements in the nuspec. If duplicate keys exist only the first is used.

Raw XML doc

Until NuspecReader and Manifest are unified, this is a place to share implementations of reading and parsing specific elements out of the .nuspec XML.

Gets the package types from a .nuspec metadata XML element.

The metadata XML element. Whether or not to use the metadata element's namespace when finding the package type nodes. If false is specified, only the local names of the package type nodes are used for comparison. If true is specified, the package type nodes must have the same namespace as the metadata node. A list of package types. If no package types are found in the metadata node, an empty list is returned.

Gets the value of serviceable element from a .nuspec metadata XML element.

The metadata XML element. true if the serviceable element is set in the .nuspec file as true, else false.

Gets the FrameworkReference groups. This refers to the FrameworkReference concept added in .NET Core 3.0

The metadata node A FrameworkNameProvider Whether or not to use the metadata element's namespace when getting the framework reference nodes. If false is specified, only the local names of the FrameworkReference nodes are used for comparison. If true is specified, the fremeworkreference nodes must have the same namespace as the metadata node.

Represents a package dependency Id and allowed version range.

Dependency package Id

Types to include from the dependency package.

Types to exclude from the dependency package.

Range of versions allowed for the depenency

Hash code from the default PackageDependencyComparer

Id and Version range string

Represents a package identity and the dependencies of a package.

This class does not support groups of dependencies, the group will need to be selected before populating this.

Package dependencies

Represents a package identity and the dependencies of a package.

package name package version package dependencies

Hash code from the default PackageDependencyInfoComparer

Example: Id : Dependency1, Dependency2

Represents the core identity of a nupkg.

Creates a new package identity.

name version

Package name

Package Version

can be null

True if the version is non-null

True if the package identities are the same.

True if the identity objects are equal based on the given comparison mode.

Sorts based on the id, then version

Compare using the default comparer.

Creates a hash code using the default comparer.

An equality comparer that checks the id, version, and version release label.

PackageIdentity.ToString returns packageId.packageVersion"

It is important that this type remains immutable due to the cloning of package specs

_._ denotes an empty folder since OPC does not allow an actual empty folder.

/_._ can be used to check empty folders from package readers where the / is normalized.

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to The assembly '{0}' is placed directly under 'lib' folder. It is recommended that assemblies be placed inside a framework-specific folder. Move it into a framework-specific folder..

Looks up a localized string similar to The assembly '{0}' is not inside the 'lib' folder and hence it won't be added as a reference when the package is installed into a project. Move it into the 'lib' folder if it needs to be referenced..

Looks up a localized string similar to - At least one {0} file was found in '{1}', but '{2}' was not..

Looks up a localized string similar to The value "{0}" for {1} is a sample value and should be removed. Replace it with an appropriate value or remove it and rebuild your package..

Looks up a localized string similar to - Add lib or ref assemblies for the.

Looks up a localized string similar to - Add a dependency group for.

Looks up a localized string similar to target framework.

Looks up a localized string similar to to the nuspec.

Looks up a localized string similar to Some target frameworks declared in the dependencies group of the nuspec and the lib/ref folder have compatible matches, but not exact matches in the other location. Unless intentional, consult the list of actions below:.

Looks up a localized string similar to Some target frameworks declared in the dependencies group of the nuspec and the lib/ref folder do not have exact matches in the other location. Consult the list of actions below:.

Looks up a localized string similar to The file '{0}' path, name, or both are too long. Your package might not work without long file path support. Please shorten the file path or file name..

Looks up a localized string similar to The 'PackageIconUrl'/'iconUrl' element is deprecated. Consider using the 'PackageIcon'/'icon' element instead. Learn more at https://aka.ms/deprecateIconUrl.

Looks up a localized string similar to The folder '{0}' under 'lib' is not recognized as a valid framework name or a supported culture identifier. Rename it to a valid framework name or culture identifier..

Looks up a localized string similar to The file at '{0}' uses the symbol for empty directory '_._', but it is present in a directory that contains other files. Please remove this file from directories that contain other files..

Looks up a localized string similar to A stable release of a package should not have a prerelease dependency. Either modify the version spec of dependency "{0}" or update the version field in the nuspec..

Looks up a localized string similar to The following dependency group(s) require(s) dots in the framework version: {0}.

Looks up a localized string similar to The following packaged file folder(s) require(s) dots in the framework version: {0}.

Looks up a localized string similar to The following framework assembly group(s) require(s) dots in the framework version: {0}.

Looks up a localized string similar to The following reference group(s) require(s) dots in the framework version: {0}.

Looks up a localized string similar to One or more target framework specifiers in your package are missing required dots in their framework version numbers. This is required as of .NET5.0. Please rename them to include dots as needed (e.g. 'net50' to 'net5.0')..

Looks up a localized string similar to The package version '{0}' uses SemVer 2.0.0 or components of SemVer 1.0.0 that are not supported on legacy clients. Change the package version to a SemVer 1.0.0 string. If the version contains a release label it must start with a letter. This message can be ignored if the package is not intended for older clients..

Looks up a localized string similar to The 'licenseUrl' element will be deprecated. Consider using the 'license' element instead..

Looks up a localized string similar to The assembly 'lib\{0}' will be ignored when the package is installed after the migration..

Looks up a localized string similar to 'content' assets will not be available when the package is installed after the migration..

Looks up a localized string similar to install.ps1 script will be ignored when the package is installed after the migration..

Looks up a localized string similar to XDT transform file '{0}' will not be applied when the package is installed after the migration..

Looks up a localized string similar to The file '{0}' will be ignored by NuGet because it is not directly under 'tools' folder. Place the file directly under 'tools' folder..

Looks up a localized string similar to The transform file '{0}' is outside the 'content' folder and hence will not be transformed during installation of this package. Move it into the 'content' folder..

Looks up a localized string similar to The package {0} is missing a readme. Go to https://aka.ms/nuget/authoring-best-practices/readme to learn why package readmes are important..

Looks up a localized string similar to This package does not contain a lib/ or ref/ folder, and will therefore be treated as compatible for all frameworks. Since framework specific files were found under the build/ directory for {0}, consider creating the following empty files to correctly narrow the compatibility of the package: {1}.

Looks up a localized string similar to An empty folder placeholder file '{0}' is in a non-empty folder and should be removed..

Looks up a localized string similar to References were found in the nuspec, but some reference assemblies were not found in both the nuspec and ref folder. Add the following reference assemblies:.

Looks up a localized string similar to - Add {0} to the {1} reference group in the nuspec.

Looks up a localized string similar to - Add {0} to the references element in the nuspec.

Looks up a localized string similar to - Add {0} to the ref/{1}/ directory.

Looks up a localized string similar to The script file '{0}' is outside the 'tools' folder and hence will not be executed during installation of this package. Move it into the 'tools' folder..

Looks up a localized string similar to The license identifier '{0}' is not recognized by the current toolset..

Looks up a localized string similar to The script file '{0}' is not recognized by NuGet and hence will not be executed during installation of this package. Rename it to install.ps1, uninstall.ps1 or init.ps1 and place it directly under 'tools'..

Looks up a localized string similar to The version of dependency '{0}' is not specified. Specify the version of dependency and rebuild your package..

Looks up a localized string similar to The file at '{0}' uses the obsolete 'WinRT' as the framework folder. Replace 'WinRT' or 'WinRT45' with 'NetCore45'..

Folders that are expected to have .dll and .winmd files

A group of FrameworkReference with the same target framework.

FrameworkReference group

group target framework FrameworkReferences

Group target framework

FrameworkReferences

A group of items/files from a nupkg with the same target framework.

Framework specific group

group target framework group items

Group target framework

Item relative paths

Package dependencies grouped to a target framework.

Dependency group

target framework dependant packages

Dependency group target framework

Package dependencies

An asynchronous package content reader.

Asynchronously returns all framework references found in the nuspec.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns all items under the build folder.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns all items under the tools folder.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns all items found in the content folder.

Some legacy behavior has been dropped here due to the mix of content folders and target framework folders here. A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns all lib items without any filtering.

Use GetReferenceItemsAsync(...) for the filtered list. A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns lib items + filtering based on the nuspec and other NuGet rules.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

Asynchronously returns package dependencies.

A cancellation token. A task that represents the asynchronous operation. The task result () returns an . Thrown if is cancelled.

A development package nuspec reader

The locale ID for the package, such as en-us.

Returns all framework references found in the nuspec.

Returns all items under the build folder.

Returns all items under the tools folder.

Returns all items found in the content folder.

Some legacy behavior has been dropped here due to the mix of content folders and target framework folders here.

Returns all lib items without any filtering. Use GetReferenceItems for the filtered list.

Returns lib items + filtering based on the nuspec and other NuGet rules.

Returns package dependencies.

A package downloader.

Gets an asynchronous package content reader.

Thrown if this object is disposed.

Gets an asynchronous package core reader.

Thrown if this object is disposed.

Asynchronously copies a .nupkg to a target file path.

The destination file path. A cancellation token. A task that represents the asynchronous operation. The task result () returns a indicating whether or not the copy was successful. Thrown if this object is disposed. Thrown if is either or empty. Thrown if is cancelled.

Asynchronously gets a package hash.

The hash algorithm. A cancellation token. A task that represents the asynchronous operation. The task result () returns a representing the package hash. Thrown if this object is disposed. Thrown if is either or empty. Thrown if is cancelled.

Sets an exception handler for package downloads.

The exception handler returns a task that represents the asynchronous operation. The task result () returns a indicating whether or not the exception was handled. To handle an exception and stop its propagation, the task should return . Otherwise, the exception will be rethrown. An exception handler. Thrown if is .

Sets a throttle for package downloads.

A throttle. Can be .

Core package resolver

Resolve a set of packages

Package or packages to install All relevant packages. This list must include the target packages. A set of packages meeting the package dependency requirements

Resolve a set of packages

Package or packages to install All relevant packages. This list must include the target packages and installed packages. Packages already installed into the project. These will be favored as dependency options. A set of packages meeting the package dependency requirements

Resolve a set of packages

Package or packages to install All relevant packages. This list must include the target packages. A set of packages meeting the package dependency requirements

Resolve a set of packages

Custom exception type for a package that has a higher minClientVersion than the current client.

Path resolver for the root package folder containing this package.

Package id.

Package version.

Creates a package folder path resolver that scans multiple folders to find a package.

NuGet paths loaded from NuGet.Config settings.

Returns the root directory of an installed package.

Package id. Package version. Returns the path if the package exists in any of the folders. Null if the package does not exist.

Returns the root directory of an installed package.

Package id. Package version. Returns the path if the package exists in any of the folders. Null if the package does not exist.

Returns the package info along with a path resolver specific to the folder where the package exists.

Package id. Package version. Returns the package info if the package exists in any of the folders. Null if the package does not exist.

Provides incremental hashing. This is non-private only to facilitate unit testing.

Gets the hash. Once GetHash is called, no further hash updates are allowed.

A base64-encoded hash.

Incrementally updates the hash.

The data to be included in the hash. The offset from which data should be read. The count of bytes to read.

Represents a token of a parsed license expression. The tokens are either operators, parentheses or values.

The token type

The value of this token.

A tokenizer for a license expression. This implementation assumes that the input has been sanitized and that there are no invalid characters.

value to be tokenized If the string is null or whitespace.

The valid characters for a license identifier are a-zA-Z0-9.-+ The valid characters for a license expression are the above whitespace and ().

Whether the value has valid characters.

Given a string, tokenizes by space into operators and values. The considered operators are, AND, OR, WITH, (, and ).

tokens, />

Parses a token type given a string. This method assumes that the brackets have been parsed out.

The token A parsed token, operator or value. This method assumes the brackets have already been parsed.

Represents the expression type of a . License type means that it's a . Operator means that it's a

A NuGetLicenseOperator. The operator options are: WITH or Logical operator, AND and OR. This is an abstract class so based on the NuGetLicenseOperatorType, it can be either a or a .

The operator type. LogicalOperator means it's AND or OR and NuGetLicenseWithOperator means it's the WITH operator and

Represents the type of .

The valid token types in a license expression. These are ordered by priority, be aware when changing them. See

A Logical Operator NuGetLicenseExpression. It is either an OR or an AND operator, represented by . This operator will always have a left and a right side, both of which are and never null.

Represents the logical operator type of NuGetLicenseExpression.

Represents the logical operator type of a .

NuGet's internal representation of a license identifier.

Identifier

Signifies whether the plus operator has been specified on this license

Signifies whether this is a standard license known by the NuGet APIs. Pack for example should warn for these.

Parse a licenseIdentifier. If a licenseIdentifier is deprecated, this will throw. Non-standard licenses get parsed into a object model as well.

license identifier to be parsed Whether the parser allows the UNLICENSED identifier Prased NuGetLicense object If the identifier is deprecated, contains invalid characters or is an exception identifier. If it's null or empty. The purpose of the switch is to allow the expression parser communicate at which operand location the unlicensed identifier is legal.

The valid characters for a license identifier are a-zA-Z0-9.- This method assumes that the trailing + operator has been stripped out.

The value to be validated. whether the value has valid characters

NuGet's internal representation of a license exception identifier.

The Exception's identifier

Parse an exceptionIdentifier. If the exceptionIdentifier is deprecated, this will throw. Non-standard exception do not get parsed into an object model.

Exception identifier to be parsed. Parsed License Exception If the identifier is deprecated, is a license or simply does not exist. If it's null or empty.

Represents a parsed NuGetLicenseExpression. This is an abstract class so based on the Type, it can be either a or a .

The type of the NuGetLicenseExpression. License type means that it's a . Operator means that it's a

The expression to be parsed. Parsed NuGet License Expression model. If the expression is empty or null. If the expression has invalid characters If the expression itself is invalid. Example: MIT OR OR Apache-2.0, or the MIT or Apache-2.0, because the expressions are case sensitive. If the expression's brackets are mismatched. If the licenseIdentifier is deprecated. If the exception identifier is deprecated.

Determines whether all the licenses and exceptions are not deprecated.

expression to be validated Whether this expression consists of licenses with standard identifiers

A leaf node in an expression can only be a License or an Exception. Run a func on each one.

The expression to be walked. A processor for the licenses. A processor for the exceptions.

Parses a License Expression if valid. The expression would be parsed correct, even if non-standard exceptions are encountered. The non-standard Licenses/Exceptions have metadata on them with which the caller can make decisions. Based on the Shunting Yard algorithm. This method first creates an postfix expression by separating the operators and operands. Later the postfix expression is evaluated into an object model that represents the expression. Note that brackets are dropped in this conversion and this is not round-trippable. The token precedence helps make sure that the expression is a valid infix one.

Tokenizes the expression as per the license expression rules. Throws if the string contains invalid characters.

Represents a that's a WITH operator. It has a License and Exception.

The license.

The exception.

Helpers for dealing with the NuGet client version and package minClientVersions.

Check the package minClientVersion and throw if it is greater than the current client version.

Verify minClientVersion.

Read the NuGet client version from the assembly info as a NuGetVersion.

Defines the source generated JSON serialization contract metadata for a given type.

The default associated with a default instance.

The source-generated options associated with this context.

Reads .nuspec files

Nuspec file reader.

Nuspec file reader

Nuspec file stream.

Nuspec file reader

Nuspec file xml data.

Nuspec file reader

Nuspec file stream. Framework mapping provider for NuGetFramework parsing.

Nuspec file reader

Nuspec file xml data. Framework mapping provider for NuGetFramework parsing.

Read package dependencies for all frameworks

Reference item groups

Framework assembly groups

Package language

Package License Url

Build action groups

Package title.

Package authors.

Package tags.

Package owners.

Package description.

Package release notes.

Package summary.

Package project url.

Package icon url.

Source control repository information.

Parses the license object if specified. The metadata can be of 2 types, Expression and File. The method will not fail if it sees values that invalid (empty/unparseable license etc), but it will rather add validation errors/warnings.

This method never throws. Bad data is still parsed. The licensemetadata if specified

Require license acceptance when installing the package.

Read package dependencies for all frameworks

Gets the icon metadata from the .nuspec

A string containing the icon path or null if no icon entry is found

Gets the readme metadata from the .nuspec

A string containing the readme path or null if no readme entry is found

Reads a development nupkg

Signature specifications.

Stream underlying the ZipArchive. Used to do signature verification on a SignedPackageArchive. If this is null then we cannot perform signature verification.

Nupkg package reader

Framework mapping provider for NuGetFramework parsing. Framework compatibility provider.

Nupkg package reader

Nupkg data stream.

Nupkg package reader

Nupkg data stream. Framework mapping provider for NuGetFramework parsing. Framework compatibility provider.

Nupkg package reader

Nupkg data stream. If true the nupkg stream will not be closed by the zip reader.

Nupkg package reader

Nupkg data stream. leave nupkg stream open Framework mapping provider for NuGetFramework parsing. Framework compatibility provider.

Nupkg package reader

ZipArchive containing the nupkg data.

Nupkg package reader

ZipArchive containing the nupkg data. Framework mapping provider for NuGetFramework parsing. Framework compatibility provider.

Asynchronously copies a package to the specified destination file path.

The destination file path. A cancellation token. A task that represents the asynchronous operation. The task result () returns a . Thrown if is either or an empty string. Thrown if is cancelled.

This class literally just exists so CopyToFile gets a file size

Validate all files in package are not traversed outside of the expected extraction path. Eg: file entry like ../../foo.dll can get outside of the expected extraction path.

Represents an empty framework folder in NuGet 2.0+ packages. An empty framework folder is represented by a file named "_._".

Gets the full path of the file inside the package.

Gets the path that excludes the root folder (content/lib/tools) and framework folder (if present).

If a package has the Path as 'content\[net40]\scripts\jQuery.js', the EffectivePath will be 'scripts\jQuery.js'. If it is 'tools\init.ps1', the EffectivePath will be 'init.ps1'.

FrameworkName object representing this package file's target framework. Deprecated. Must be null on net5.0 and greater.

NuGetFramework object representing this package file's target framework. Use this instead of TargetFramework.

Specifies assemblies from GAC that the package depends on.

Returns sets of References specified in the manifest.

Specifies sets other packages that the package depends on.

Returns sets of Content Files specified in the manifest.

Represents the Package LicenseMetadata details. All the relevant warnings and errors should parsed into this model and ideally the readers of this metadata never throw.

The LicenseType, never null

The license, never null, could be empty.

The license expression, could be null if the version is higher than the current supported or if the expression is not parseable.

Non-null when the expression parsing yielded some issues. This will be used to display the errors/warnings in the UI. Only populated when the metadata element is returned by the nuspec reader;

LicenseMetadata (expression) version. Never null.

Saves the current manifest to the specified stream.

The target stream.

Saves the current manifest to the specified stream.

The target stream. Write out a manifest that's consumable by legacy clients, by adding any necessary translations into legacy fields.

Saves the current manifest to the specified stream.

The target stream. The minimum manifest version that this class must use when saving.

Saves the current manifest to the specified stream.

The target stream. The minimum manifest version that this class must use when saving. Write out a manifest that's consumable by legacy clients, by adding any necessary translations into legacy fields.

Manifest (user created .nuspec) file metadata model

Constructs a ManifestMetadata instance from an IPackageMetadata instance

Checks that the metadata in the nuspec is enough to create a package

A iterable collection with the validation error messages Error codes are not associated with the validation error messages returned

Baseline schema

Added copyrights, references and release notes

Used if the version is a semantic version.

Added 'targetFramework' attribute for 'dependency' elements. Allow framework folders under 'content' and 'tools' folders.

Added 'targetFramework' attribute for 'references' elements. Added 'minClientVersion' attribute

Allows XDT transformation

Maximum Icon file size: 1 megabyte

Exposes the additional properties extracted by the metadata extractor or received from the command line.

ContentFiles section from the manifest for content v2

Looks for the specified file within the package

The file path to search for The list of files to search within If the file was not found, this will be a path which almost matched but had the incorrect case An matching the specified path or

Given a list of resolved files, determine which file will be used as the icon file and validate its size and extension.

Files resolved from the file entries in the nuspec icon entry found in the .nuspec When a validation rule is not met

Validate that the readme file is of the correct size/type and can be opened properly except for Symbol packages.

Files resolved from the file entries in the nuspec readmepath found in the .nuspec When a validation rule is not met

Determins the path of the file inside a package. For recursive wildcard paths, we preserve the path portion beginning with the wildcard. For non-recursive wildcard paths, we use the file name from the actual file path on disk.

Returns true if the path uses a known folder root.

Tags come in this format. tag1 tag2 tag3 etc..

Creates a new Package Reference Set

IEnumerable set of string references

Creates a new Package Reference Set

The target framework to use, pass Any for AnyFramework. Does not allow null. IEnumerable set of string references

Creates a new Package Reference Set

The target framework to use. IEnumerable set of string references

Path on disk

Path in package

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to Cannot create a package that has no dependencies nor content..

Looks up a localized string similar to Dependency '{0}' has an invalid version..

Looks up a localized string similar to '{0}' already has a dependency defined for '{1}'..

Looks up a localized string similar to Attempted to pack multiple files into the same location(s). The following destinations were used multiple times: {0}.

Looks up a localized string similar to Cannot open the icon file '{0}': {1}..

Looks up a localized string similar to The icon file is empty..

Looks up a localized string similar to The 'icon' element '{0}' has an invalid file extension. Valid options are .png, .jpg or .jpeg..

Looks up a localized string similar to The icon file size must not exceed 1 megabyte..

Looks up a localized string similar to The element 'icon' cannot be empty..

Looks up a localized string similar to The icon file '{0}' does not exist in the package..

Looks up a localized string similar to The icon file '{0}' does not exist in the package. (Did you mean '{1}'?).

Looks up a localized string similar to The schema version of '{0}' is incompatible with version {1} of NuGet. Please upgrade NuGet to the latest version from http://go.microsoft.com/fwlink/?LinkId=213942..

Looks up a localized string similar to The package ID '{0}' contains invalid characters. Examples of valid package IDs include 'MyPackage' and 'MyPackage.Sample'..

Looks up a localized string similar to <dependencies> element must not contain both <group> and <dependency> child elements..

Looks up a localized string similar to Exclude path '{0}' contains invalid characters..

Looks up a localized string similar to Id must not exceed 100 characters..

Looks up a localized string similar to The 'minClientVersion' attribute in the package manifest has invalid value. It must be a valid version string..

Looks up a localized string similar to Invalid assembly reference '{0}'. Ensure that a file named '{0}' exists in the lib directory..

Looks up a localized string similar to Assembly reference '{0}' contains invalid characters..

Looks up a localized string similar to The license file '{0}' has an invalid extension. Valid options are .txt, .md or none..

Looks up a localized string similar to The license file '{0}' does not exist in the package..

Looks up a localized string similar to The license file '{0}' does not exist in the package. (Did you mean '{1}'?).

Looks up a localized string similar to The licenseUrl and license elements cannot be used together..

Looks up a localized string similar to An error occured while trying to parse the value '{0}' of property '{1}' in the manifest file..

Looks up a localized string similar to <references> element must not contain both <group> and <reference> child elements..

Looks up a localized string similar to The element package\metadata\references\group must contain at least one <reference> child element..

Looks up a localized string similar to The required element '{0}' is missing from the manifest..

Looks up a localized string similar to {0} is required..

Looks up a localized string similar to EmitRequireLicenseAcceptance must not be set to false if RequireLicenseAcceptance is set to true..

Looks up a localized string similar to Enabling license acceptance requires a license or a licenseUrl to be specified. The licenseUrl will be deprecated, consider using the license metadata..

Looks up a localized string similar to Source path '{0}' contains invalid characters..

Looks up a localized string similar to Target path '{0}' contains invalid characters..

Looks up a localized string similar to {0} cannot be empty..

Looks up a localized string similar to File not found: '{0}'..

Looks up a localized string similar to Cannot open the readme file '{0}': {1}..

Looks up a localized string similar to The readme file is empty..

Looks up a localized string similar to The readme file '{0}' has an invalid extension..

Looks up a localized string similar to The element 'readme' cannot be empty..

Looks up a localized string similar to The readme file '{0}' does not exist in the package..

Looks up a localized string similar to Unknown schema version '{0}'..

Parses the specified string into FrameworkName object.

The string to be parse. if set to , parse the first folder of path even if it is unrecognized framework. returns the path after the parsed target framework

Parses the specified string into FrameworkName object.

The string to be parse. if set to , parse the first folder of path even if it is unrecognized framework. returns the path after the parsed target framework

Max allowed length for package Id. In case update this value please update in src\NuGet.Core\NuGet.Configuration\PackageSourceMapping\PackageSourceMapping.cs too.

Gets or sets the .

This property should only be used to override the default verifier on tests. It is public only so that NuGet.Commands.RestoreRequest can pass this property through

A package is deemed to be a satellite package if it has a language property set, the id of the package is of the format [.*].[Language] and it has at least one dependency with an id that maps to the runtime package .

This returns all the installed package files (does not include satellite files)

Default package save mode for v2 (packages.config)-style restore. This includes and .

Default package save mode for v3 (project.json)-style restore. This includes , , and .

Treat XML doc files as regular files (legacy behavior).

Do not extract XML documentation files

Compress XML doc files in a zip archive.

Nupkg reading helper methods

Extracts a package, using the packages.config directory layout

For PackageReference directory layout, use The source from which the package was downloaded A for the nupkg file that is being extracted. The V2 (packages.config) . The with settings for how the extraction should be configured. A cancellation token. Telemetry parent ID. A collection of files that were extracted. If packageReader, packagePathResolver, or packageExtractionContext are null. If packageStream is not seekable. If the package signature couldn't be validated. See exception message for more details.

Extracts a package, using the packages.config directory layout

For PackageReference directory layout, use The source from which the package was downloaded A with the package opened. A for the nupkg file that is being extracted. The V2 (packages.config) . The with settings for how the extraction should be configured. A cancellation token. Telemetry parent ID. A collection of files that were extracted. If packageReader, packagePathResolver, or packageExtractionContext are null. If packagestream is not seekable. If the package signature couldn't be validated. See exception message for more details.

Extracts a package, using the packages.config directory layout

For PackageReference directory layout, use The source from which the package was downloaded A with the package opened. The V2 (packages.config) . The with settings for how the extraction should be configured. A cancellation token. Telemetry parent ID. A collection of files that were extracted. If packageReader, packagePathResolver, or packageExtractionContext are null. If the package signature couldn't be validated. See exception message for more details.

Uses a copy function to install a package to a global packages directory with the PackageReference directory layout.

The source where the nupkg was downloaded from. The package id + version being installed. A function which should copy the package to the provided destination stream. The path resolver for PackageReference layout. The version folder path context, which encapsulates all of the parameters to observe while installing the package. The cancellation token. The telemetry parent ID. True if the package was installed. False if the package already exists and therefore resulted in no copy operation. If copyToAsync or packageExtractionContext is null. If the package signature couldn't be validated. See exception message for more details.

Delete the target directory path and the temp nupkg path in case of a failed extraction.

Uses a copy function to install a package to a global packages directory with the PackageReference directory layout.

The package id + version being installed. A to download the nupkg. The path resolver for PackageReference layout. The version folder path context, which encapsulates all of the parameters to observe while installing the package. The cancellation token. The telemetry parent ID. True if the package was installed. False if the package already exists and therefore resulted in no copy operation. If packageDownlaoder or packageExtractionContext is null. If the package signature couldn't be validated. See exception message for more details.

Reads an unzipped nupkg folder.

Package folder reader

root directory of an extracted nupkg

Package folder reader

root directory of an extracted nupkg framework mappings framework compatibility provider

Package folder reader

root directory of an extracted nupkg framework mappings framework compatibility provider

Opens a local file in read only mode.

True if the path does not contain /

True if the path ends with .nupkg

Build the relative path in the same format that ZipArchive uses

A V2 path resolver.

Initializes a new instance of the class, which calculates packages.config style package directory layouts.

See for PackageReference and global packages folder layouts. The root directory. A value indicating whether to use side-by-side paths. If rootDirectory is null, empty or does not contain an absolute path.

Abstract class that both the zip and folder package readers extend This class contains the path conventions for both zip and folder readers

Instantiates a new class.

A framework mapping provider. Thrown if is .

Instantiates a new class.

A framework mapping provider. A framework compatibility provider. Thrown if is . Thrown if is .

Nuspec reader

Frameworks mentioned in the package.

This method returns the target frameworks supported for packages.config projects. For PackageReference compatibility, use

Frameworks mentioned in the package.

This method returns the target frameworks supported for packages.config projects. For PackageReference compatibility, use

only packageId.targets and packageId.props should be used from the build folder

True only for assemblies that should be added as references to msbuild projects

Validate file entry in package is not traversed outside of the expected extraction path. Eg: file entry like ../../foo.dll can get outside of the expected extraction path.

Get contenthash for a package.

Represents a package element in the packages.config file

Creates a new packages config entry

Package id and version Package target framework installed to the project True if the user installed this package directly True if the package is a development dependency True if this package needs to be reinstalled Restrict package versions to the allowedVersions range

Id and Version of the package

The allowed range of versions that this package can be upgraded/downgraded to.

This is null if unbounded

True if allowedVersions exists.

Installed target framework version of the package.

Development dependency

True if the user installed or updated this package directly. False if this package was installed as a dependency by another package.

Require reinstallation

Displays the identity and target framework of the reference.

Determine if the package node has the attribute value as the targetValue.

Get a boolean attribute value, or false if it does not exist

Reads packages.config

Packages.config reader

Packages.config XML

Packages.config reader

Additional target framework mappings for parsing target frameworks Packages.config XML

Packages.config reader

Stream containing packages.config

Packages.config reader

Stream containing packages.config True will leave the stream open

Packages.config reader

Stream containing packages.config True will leave the stream open Additional target framework mappings for parsing target frameworks

Reads the minimum client version from packages.config

Minimum client version or the default of 2.5.0

Reads all package node entries in the config. If duplicate package ids exist an exception will be thrown.

Reads all package node entries in the config.

If True validation will be performed to ensure that only one entry exists for each unique package id.

Writes the packages.config XML file to a stream

Create a packages.config writer using file path

The full path to write the XML packages.config file into, or load existing packages.config from Whether to create a new packages.config file, or load an existing one

Create a packages.config writer using file path

The full path to write the XML packages.config file into, or load existing packages.config from Whether to create a new packages.config file, or load an existing one Framework mappings

Create a packages.config writer using stream

Stream to write the XML packages.config file into, or load existing packages.config from Whether to create a new packages.config file, or load an existing one

Create a packages.config writer using stream

Stream to write the XML packages.config file into, or load existing packages.config from Whether to create a new packages.config file, or load an existing one Framework mappings

Write a minimum client version to packages.config

Minumum version of the client required to parse and use this file.

Add a package entry

Package Id Package Version Package targetFramework that's compatible with current project

Adds a basic package entry to the file

Adds a package entry to the file

Package reference entry

Update a package entry to the file

Update a package entry using the original entry as a base if it exists.

Remove a package entry

Package Id Package version Package targetFramework

Remove a package identity from the file

Package identity Package targetFramework

Removes a package entry from the file

Package reference entry

Write the XDocument to the packages.config and disallow further changes.

the full path to packages.config file

Write the XDocument to the stream and close it to disallow further changes.

Represents the ".nuspec" extension.

A SHA-512 hash function that supports incremental hashing. This is non-private only to facilitate unit testing.

This class is used to hold metadata about the central directory archive structure

Position in bytes of the corresponding central directory header relative to the start of the archive

Offset in bytes to the corresponding file header relative to the start of the archive

Total size of corresponding file entry in bytes This should include size of local file header + encryption header + file data + data descriptor

Flag indicating if the entry is the package signature file

Size of central directory header, in bytes.

Value used to identify how much the position of the OffsetToFileHeader property will change by the presence of a signature file in bytes

Index in which the central directory record was read from the archive. This index represents the order of the central directory record as it is in the file.

Helper to calculate CRC-32 for data. Derivative of a .NET core implementation - https://source.dot.net/#System.IO.Compression.Tests/Common/System/IO/Compression/CRC.cs This is public to allow testing.

Calculates a 32 bit cyclic redundancy code for the input data.

Byte[] of the data. 32 bit cyclic redundancy code for the input data in uint.

Read bytes from a BinaryReader and write them to the BinaryWriter and stop when the provided position is the current position of the BinaryReader's base stream. It does not read the byte in the provided position.

Read bytes from this stream. Write bytes to this stream. Position to stop copying data.

Read bytes from a BinaryReader and hash them with a given HashAlgorithm and stop when the provided position is the current position of the BinaryReader's base stream. It does not hash the byte in the provided position.

Read bytes from this stream HashAlgorithm used to hash contents Position to stop copying data

Hashes given byte array with a specified HashAlgorithm

HashAlgorithm used to hash contents Content to hash

Read bytes from a BinaryReader and hash them with a given HashAlgorithm wrapper and stop when the provided position is the current position of the BinaryReader's base stream. It does not hash the byte in the provided position.

Read bytes from this stream HashAlgorithm wrapper used to hash contents cross platform Position to stop copying data

Hashes given byte array with a specified HashAlgorithm wrapper which works cross platform.

HashAlgorithm wrapper used to hash contents cross platform Content to hash

Hashes given byte array with a specified HashAlgorithm wrapper which works cross platform.

HashAlgorithm wrapper used to hash contents cross platform Content to hash The number of bytes in the input byte array to use as data.

Read ZIP's offsets and positions of offsets.

binary reader to zip archive boolean to skip validate signature entry metadata with offsets and positions for entries

Asserts the validity of central directory header and local file header for the package signature file entry.

BinaryReader on the package. Metadata for the package signature file's central directory header. Thrown if either header is invalid.

Writes the signature data into the zip using the writer. The reader is used to read the exisiting zip.

MemoryStream of the signature to be inserted into the zip. BinaryReader to be used to read the existing zip data. BinaryWriter to be used to write the signature into the zip.

Writes a local file header into a zip using the writer starting at the writer.BaseStream.Position.

BinaryWriter to be used to write file. Byte[] of the corresponding file to be written into the zip. CRC-32 for the file. Last modified DateTime for the file data. Number of total bytes written into the zip.

Writes a file into a zip using the writer starting at the writer.BaseStream.Position.

BinaryWriter to be used to write file. Byte[] of the file to be written into the zip. Number of total bytes written into the zip.

Writes a central directory header into a zip using the writer starting at the writer.BaseStream.Position.

BinaryWriter to be used to write file. Byte[] of the file to be written into the zip. CRC-32 checksum for the file. Last modified DateTime for the file data. Offset, in bytes, for the local file header of the corresponding file from the start of the archive. Number of total bytes written into the zip.

Writes the end of central directory header into a zip using the writer starting at the writer.BaseStream.Position. The new end of central directory record will be based on the one at reader.BaseStream.Position.

BinaryReader to be used to read the existing end of central directory record. BinaryWriter to be used to write the updated end of central directory record. The change to central directory header counts. Size of the central directory header for the signature file. Size of the signature file and the corresponding local file header.

Converts a DateTime value into a unit in the MS-DOS date time format. Reference - https://docs.microsoft.com/en-us/cpp/c-runtime-library/32-bit-windows-time-date-formats Reference - https://source.dot.net/#System.IO.Compression/System/IO/Compression/ZipHelper.cs,91

DateTime value to be converted. uint representing the MS-DOS equivalent date time.

This class is used to hold metadata about the signed package archive being verified.

List of central directory metadata ordered by the same order the central directory headers are in the archive

Offset, in bytes, to the first file header relative to the start of the archive. Should typically be 0.

Offset, in bytes, to the end of central directory headers relative to the start of the archive.

Index of the signature central directory header in CentralDirectoryHeaders. If the CentralDirectoryHeaders list is ordered by IndexInHeaders this index indicates the position on the list for the signature.

Utility method to know if a zip archive is signed.

Binary reader pointing to a zip archive. true if the given archive is signed

Opens a read-only stream for the package signature file.

Callers should first verify that a package is signed before calling this method. A binary reader for a signed package. A readable stream. Thrown if is . Thrown if a package signature file is invalid or missing.

Gets the signature type.

Instantiates a new instance of the class.

The signing certificate. The signature and timestamp hash algorithm. Thrown if is . Thrown if is invalid.

Instantiates a new instance of the class.

The signing certificate. The signature hash algorithm. The timestamp hash algorithm. Thrown if is . Thrown if is invalid. Thrown if is invalid.

Creates Signatures that can be added to packages.

Create a signature.

Signing request with all the information needed to create signature. SignatureContent containing the Hash of the package and the signature version. Logger Cancellation token. A signature for the package.

Create a repository countersignature.

Signing request with all the information needed to create signature. Primary signature to be countersigned. Logger Cancellation token. A signature for the package.

Gets the repository V3 service index URL.

Gets a read-only list of package owners.

Gets the signature type.

Instantiates a new instance of the class.

The signing certificate. The signature hash algorithm. The timestamp hash algorithm. The V3 service index URL. A read-only list of package owners. Thrown if is . Thrown if is invalid. Thrown if is invalid. Thrown if is . Thrown if is neither absolute nor HTTPS. Thrown if is either empty or contains an invalid value.

Readable stream for the package that will be used as an input for any signing operation.

Readable and writeable stream for the output package for any signing operation.

Switch used to indicate if an existing signature should be overwritten.

Provider to create a Signature that can be added to the package.

Logger to be used to display the logs during the execution of signing actions.

Instantiates a new object.

A readable stream for the package that will be used as input for any signing operation. A readable and writeable stream for the output package for any signing operation. A flag indicating if an existing signature should be overwritten. A provider to create a Signature that can be added to the package. A logger. Signing operations cannot be done in place; therefore, and should be different streams. Thrown if is . Thrown if is . Thrown if is . Thrown if is . Thrown if and are the same object.

Creates a new object from file paths.

The file path of the package that will be used as input for any signing operation. The file path of the package that will be the output for any signing operation. A flag indicating if an existing signature should be overwritten. A provider to create a Signature that can be added to the package. A logger. Signing operations cannot be done in place; therefore, and should be different file paths. Thrown if is , an empty string, or equivalent to . Thrown if is , an empty string, or equivalent to . Thrown if is . Thrown if is .

Contains a request for generating package signature.

Hash algorithm used to create the package signature.

Hash algorithm used to timestamp the signed package.

Certificate used to sign the package.

Gets a collection of additional certificates for building a chain for the signing certificate.

Gets the signature type.

Disposes of this instance.

Sign a manifest hash with an X509Certificate2.

Sign the package stream hash with an X509Certificate2.

Countersign the primary signature with a X509Certificate2.

Represents a wrapper around to enable custom behaviors (e.g.: retry on failure).

Read a section of key value pairs from the file. Throw for invalid formats.

Returns an empty set if the file has reached the end.

Throw if the expected value does not exist.

Write key:value with EOL to the manifest stream.

Write an empty line.

Write an end of line to the manifest writer.

key:value

SignedCms.ContentInfo.Content for the primary signature.

Hashing algorithm used.

Base64 package stream hash.

Write the content to a stream.

Write the content to byte array.

Load from a byte array.

Load content from a stream.

Writes data encoded via the Distinguished Encoding Rules for Abstract Syntax Notation 1 (ASN.1) data.

Encode the segments { tag, length, value } of a boolean.

The boolean to encode The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of an unsigned integer.

The value to encode. The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of an unsigned integer.

The value to encode, in big integer representation. The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of an unsigned integer represented within a bounded array.

The value to encode, in big integer representation. The offset into bigEndianBytes to read The count of bytes to read, must be greater than 0 The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of a BIT STRING which is wrapped over other DER-encoded data.

Despite containing other DER-encoded data this does not get the constructed bit, because it doesn't when encoding public keys in SubjectPublicKeyInfo

Encode the segments { tag, length, value } of a bit string where all bits are significant.

The data to encode The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of a bit string where the least significant of the last byte are padding.

The number of padding bits (0-7) in the last byte The data to encode The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of a bit string value based upon a NamedBitList. (([0] >> 7) & 1) is considered the "leading" bit, proceeding through the array for up to .

The data in big endian order, the most significant bit of byte 0 is the leading bit (corresponds to the named value for "bit 0"). Any bits beyond are ignored, and any missing bits are assumed to be unset. The total number of named bits. Since the bits are numbered with a zero index, this should be one higher than the largest defined bit. (namedBitsCount=10 covers bits 0-9) A triplet of { tag }, { length }, { data }. All trailing unset named bits are removed.

Encode the segments { tag, length, value } of an octet string (byte array).

The data to encode The encoded segments { tag, length, value }

Encode an object identifier (Oid).

The encoded OID

Encode the segments { tag, length, value } of an object identifier (Oid).

The encoded segments { tag, length, value }

Encode the segments { tag, length, value } of an object identifier (Oid).

The encoded segments { tag, length, value }

Encode a character string as a UTF8String value.

The characters to be encoded. The encoded segments { tag, length, value }

Encode a substring as a UTF8String value.

The characters whose substring is to be encoded. The character offset into at which to start. The total number of characters from to read. The encoded segments { tag, length, value }

Make a constructed SEQUENCE of the byte-triplets of the contents, but leave the value in a segmented form (to be included in a larger SEQUENCE).

Series of Tag-Length-Value triplets to build into one sequence. The encoded segments { tag, length, value }

Make a context-specific tagged value which is constructed of other DER encoded values. Logically the same as a SEQUENCE, but providing context as to data interpretation (and usually indicates an optional element adjacent to another SEQUENCE).

The value's context ID Series of Tag-Length-Value triplets to build into one sequence. The encoded segments { tag, length, value }

Make a constructed SET of the byte-triplets of the contents, but leave the value in a segmented form (to be included in a larger SEQUENCE).

Series of Tag-Length-Value triplets to build into one set. The encoded segments { tag, length, value }

Make a constructed SET of the byte-triplets of the contents, but leave the value in a segmented form (to be included in a larger SEQUENCE). This method assumes that the data is presorted, and writes it as-is.

Series of Tag-Length-Value triplets to build into one set. The encoded segments { tag, length, value }

Test to see if the input characters contains only characters permitted by the ASN.1 PrintableString restricted character set.

The characters to test. if all of the characters in are valid PrintableString characters, otherwise.

Test to see if the input substring contains only characters permitted by the ASN.1 PrintableString restricted character set.

The character string to test. The starting character position within . The number of characters from to read. if all of the indexed characters in are valid PrintableString characters, otherwise.

Encode a character string as a PrintableString value.

The characters to be encoded. The encoded segments { tag, length, value }

Encode a substring as a PrintableString value.

The character string whose substring is to be encoded. The character offset into at which to start. The total number of characters from to read. The encoded segments { tag, length, value }

Encode a string of characters as a IA5String value.

The characters to be encoded. The encoded segments { tag, length, value }

Encode a substring as a IA5String value.

The characters whose substring is to be encoded. The character offset into at which to start. The total number of characters from to read. The encoded segments { tag, length, value }

Make a constructed SEQUENCE of the byte-triplets of the contents. Each byte[][] should be a byte[][3] of {tag (1 byte), length (1-5 bytes), payload (variable)}.

This is public only to facilitate testing.

Reads data encoded via the Distinguished Encoding Rules for Abstract Syntax Notation 1 (ASN.1) data.

Returns the next value encoded (this includes tag and length)

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to The OID value was invalid..

Looks up a localized string similar to ASN1 corrupted data..

Looks up a localized string similar to The string contains a character not in the 7 bit ASCII character set..

A package that can read and write signatures.

A readonly package that can provide signatures and a sign manifest from a package.

Get package signature.

Returns a null if the package is unsigned.

Check if a package contains signing information.

True if the package is signed.

Gets the hash of an archive to be embedded in the package signature.

Checks for the integrity of a package

SignatureContent with expected hash value and hash algorithm used

Get the hash of the package content excluding signature context for signed package. If the package is not signed it calculates it from the whole package.

Cancellation token. Function to return the hash in case the package is not signed. The method takes an optional function to get the hash of an unsigned package instead of calculating it. hash of the unsigned content of the package.

Indicates if the the ISignedPackageReader instance can verify signed packages.

Package verification settings. Include information about what is allowed. if the ISignedPackageReader does not support signed packages

A writer that only allows editing for the package signature.

A nupkg that supports both reading and writing signatures.

Stream underlying the ZipArchive. Used to do signature verification on a SignedPackageArchive. If this is null then we cannot perform signature verification.

Adds a signature to a package if it is not already signed.

Stream of the signature SignedCms object to be added to the package. Cancellation Token.

Remove a signature from the package, if it exists.

Cancellation token.

Individual trust results.

Log message for signature verification.

Converts an SignatureLog into a Restore This is needed when an SignatureLog needs to be logged and loggers do not have visibility to SignatureLog.

RestoreLogMessage equivalent to the SignatureLog. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing.

Retrieve the bytes of the signed cms signature.

Package signature information.

Indicates signature placement.

The primary signature.

A countersignature on the primary signature.

A primary signature or a countersignature.

Indicates author or repository signing.

Default unknown value.

Signed by the author.

Signed by the repository.

Settings to customize Signature.Verify behavior.

Allow packages with signatures that do not conform to the specification.

Specifies that a signing certificate's chain that chains to an untrusted root is allowed

Specifies that a signing certificate's chain with unknown revocation is allowed. If set to true, offline revocation is allowed.

Indicates if unknown revocation status should be reported.

Indicates if a signing certificate that chains to an untrusted root should be reported.

Gets how the revocation verification should be performed.

Get default settings values for relaxed verification on a signature

This is public only to facilitate testing. This is public only to facilitate testing.

Abstract class representing which paths may be used for signing in a package.

v1.0.0 signing settings.

Gets the signature format version.

Returns the path for the signature file.

Returns the set of allowed hash algorithms.

Returns the set of allowed hash algorithm Oids.

Returns the set of allowed signature algorithms.

Returns the set of allowed signature algorithm Oids.

Returns minumum length required for RSA public keys.

Encoding used to generate the signature.

Initialize a signing specification with a root folder.

Allowed digest algorithms for signature and timestamp hashing.

Allowed digest algorithm Oids for signature and timestamp hashing.

Allowed signature algorithms.

Allowed signature algorithm Oids.

Gets the signature format version.

This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing. This is public only to facilitate testing.

A provider for RFC 3161 timestamps https://tools.ietf.org/html/rfc3161

Timestamp a signature.

Represents an RFC3161 TSTInfo. This class should be removed once we can reference it throught the .NET Core framework.

Internally used by Rfc3161TimestampProvider. This class should be removed once we can reference it throught the .NET Core framework.

Provides convinience method for verification of a RFC 3161 Timestamp.

Internally used by Rfc3161TimestampProvider. This class should be removed once we can reference it throught the .NET Core framework.

Exceptions that are generated while creating a package timestamp.

Request for timestamping a signature

Signing Specification for this timestamp request.

Gets the hashed message to be timestamped.

Gets the hash algorithm used to generate .

Gets the target signature for the timestamp

This is public only to facilitate testing.

Get a list of all the trusted signer entries under the computer trusted signers section.

Adds a new trusted signer or updates an existing one in the settings.

Trusted signers to be added or updated

Removes trusted signers from the settings.

Trusted signers to be removed

This exists purely to avoid breaking existing public API's which require an instance. Internally, we should be cautious about using . Calling X509Chain.Build(...) directly (vs. IX509Chain.Build(...)) will break . Calling any other X509Chain member is safe.

Represents the X.509 trust store that package signing and signed package verification will use.

Initializes the X.509 trust store for NuGet .NET SDK scenarios and logs details about the attempt. If initialization has already happened, a call to this method will have no effect.

A logger. Thrown if is .

Create a list of certificates in chain order with the leaf first and root last.

The certificate for which a chain should be built. A certificate store containing additional certificates necessary for chain building. A logger. The certificate type. A certificate chain. This is intended to be used only during signing and timestamping operations, not verification. Thrown if is . Thrown if is . Thrown if is . Thrown if is undefined.

Create an ordered list of certificates. The leaf node is returned first.

Certificate chain to be converted to list. This does not check validity or trust. It returns the chain as-is.

Converts a X509Certificate2 to a human friendly string of the following format - Subject Name: CN=name SHA1 hash: hash Issued by: CN=issuer Valid from: issue date time to expiry date time in local time

X509Certificate2 to be converted to string. Algorithm used to calculate certificate fingerprint string representation of the X509Certificate2.

Converts a X509Certificate2 to a collection of log messages for various verbosity levels - Subject Name: CN=name SHA1 hash: hash Issued by: CN=issuer Valid from: issue date time to expiry date time in local time

X509Certificate2 to be converted to string. Algorithm used to calculate certificate fingerprint string representation of the X509Certificate2.

Converts a X509Certificate2Collection to a human friendly string of the following format - Subject Name: CN=name SHA1 hash: hash Issued by: CN=issuer Valid from: issue date time to expiry date time in local time Subject Name: CN=name SHA1 hash: hash Issued by: CN=issuer Valid from: issue date time to expiry date time in local time ... N more.

X509Certificate2Collection to be converted to string. Algorithm used to calculate certificate fingerprint string representation of the X509Certificate2Collection.

Determines if a certificate's signature algorithm is supported.

Certificate to validate True if the certificate's signature algorithm is supported.

Validates the public key requirements for a certificate

Certificate to validate True if the certificate's public key is valid within NuGet signature requirements

Validates if the certificate contains the lifetime signing EKU

Certificate to validate True if the certificate has the lifetime signing EKU

Checks if an X509Certificate2 contains a particular Extended Key Usage (EKU).

X509Certificate2 to be checked. String OID of the Extended Key Usage A bool indicating if the X509Certificate2 contains specified OID in its Extended Key Usage.

Checks if an X509Certificate2 is valid for a particular purpose.

This must not be used in evaluation of a signed package. A more accurate test is building a chain with the specified EKU asserted in the application policy. X509Certificate2 to be checked. String OID of the Extended Key Usage A bool indicating if the X509Certificate2 contains specified OID string in its Extended Key Usage.

Gets the certificate fingerprint with the given hashing algorithm

X509Certificate2 to be compute fingerprint Hash algorithm for fingerprint A byte array representing the certificate hash.

Gets the certificate fingerprint string with the given hashing algorithm

X509Certificate2 to be compute fingerprint Hash algorithm for fingerprint A string representing the certificate hash.

Determines if a certificate is self-issued.

Warning: this method does not evaluate certificate trust, revocation status, or validity! This method attempts to build a chain for the provided certificate, and although revocation status checking is explicitly skipped, the underlying chain building engine may go online to fetch additional information (e.g.: the issuer's certificate). This method is not a guaranteed offline check. The certificate to check. if the certificate is self-issued; otherwise, . Thrown if is .

Tries to deduce the hash algorithm from the given certificate fingerprint.

The certificate fingerprint. The deduced hash algorithm name. true if the hash algorithm was successfully deduced; otherwise, false.

Determines if the given string represents a valid hexadecimal value.

The string to check. true if the string is a valid hexadecimal value; otherwise, false.

Represents a certificate chain ordered from end certificate (index 0) to root certificate.

Gets SignedPackageVerifierSettings from a given RepositorySignatureInfo.

RepositorySignatureInfo to be used. SignedPackageVerifierSettings to be used if RepositorySignatureInfo is unavailable. SignedPackageVerifierSettings based on the RepositorySignatureInfo and SignedPackageVerifierSettings.

Utility methods for signing.

Add a signature to a package.

Creates and performs cleanup on an instance.

Certificates held by individual X509ChainElement objects should be disposed immediately after use to minimize finalizer impact.

Avoid using this internally.

Current policy the client is on.

Verification settings corresponding the current client policy.

List of signatures allowed in verification.

Loads trust providers and verifies package signatures.

Verifies package signature.

Package to be verified. SignedPackageVerifierSettings to be used when verifying the package. Cancellation Token. Guid of the parent event. VerifySignaturesResult containing the result of the verify operation.

Providers signature trust information.

Check if is trusted by the provider.

True if a provider trusts the package signature.

Represents a signature check result and any additional information needed to display to the user.

Trust result

List of issues found in the verification process

PackageVerificationResult

Do not verify a signature.

Verify a signature if and only if it exists.

Verify a signature if and only if it exists and is necessary (e.g.: trust evaluation of another signature depends on it).

Verify a signature always. If the signature is not present, it is an error.

Represents the trust result of a signature.

The order of the elements on this enum is important. It should be ordered from most severe to valid. When a verification with multiple steps wants to be strict it should take the min out of each step as the status for the whole verification.

Default unknown value.

Invalid package signature.

This could happen because the package integrity check fails or the certificate is revoked.

The signature is disallowed based on verification settings.

Signature is valid for the verification step.

There was no error found

A signature was not found

Signer certificate was not found

Multiple signatures were found

A call to SignedCms.CheckSignature failed

Signature algorithm is not supported

Public key does not conform with the requirements of the spec

Signing certificate has lifetimeSigningEku

Signer certificate's validity is in the future

Signing certificate has expired

Hashing algorithm is not supported

Message imprint uses a hash algorithm that is not supported

Integrity check of the signature failed

Chain building failures. Some specific chain building failures (like revocation, revocation status unavailable, certificate expired, etc.) are not covered by this flag because they are covered specially by another status flag.

Revocation information was unavailable or was offline for the signer certificate

Signing certificate was revoked

Signing certificate chains to a certificate untrusted by the computer performing the verification

The Timestamp's generalized time was outside certificate's validity period

A valid timestamp was not found.

Multiple timestamps were found.

Unknown build status.

Flags which indicate that the signed package is suspect.

Flags which indicate that the signed package is illegal.

Flags which indicate that the signed package is untrusted.

Type of the signature that was verified

Status of the verification

Reasons for the status.

Timestamp used to validate certificate.

Expiration Date and Time for signature

This field will only be set if the certificate is expired.

Signature

Feed settings used to verify packages.

Allow packages that do not contain signatures.

Allow packages with signatures that do not conform to the specification.

Allow packages that have not been explicitly trusted by the consumer.

Allow ignoring timestamp.

Allow more than one timestamp.

Allow no timestamp.

Treat unknown revocation status as a warning instead of an error during verification.

Report unknown revocation status.

Gets the verification target(s).

Gets the placement of verification target(s).

Gets the repository countersignature verification behavior.

Gets how the revocation verification should be performed.

Default settings.

An instance or for the default environment variable reader. A instance.

The accept mode policy.

An instance or for the default environment variable reader. A instance.

The require mode policy.

An instance or for the default environment variable reader. A instance.

Default policy for nuget.exe verify --signatures command.

An instance or for the default environment variable reader. A instance.

List of allowed owners for a repository signature

Describe if the certificate should be allowed to chain to an untrusted certificate

Target type of signature to verify.

Signature placement to verify.

Indicates the type of signature a verification is targeting

This target makes no assumption about the placement of the signature. It only refers to author or repository type of signature. If a specific placement is needed use the enum.

Don't target any signatures.

Target unknown primary signatures.

Target author signatures

Target repository signatures

Target all available signatures.

Collection of signature verification results.

True if signature is valid.

True if the package is signed.

Individual trust results.

RepositorySignatureInfoProvdier is a static cache for repository signature information for package source.

Try to get repository signature information for the source.

Package source URL. Contains the RepositorySignatureInfo when the method returns. It is null if repository signature information is unavailable. True if the repository signature information was found. Otherwise, False.

Add or update the repository signature information for the source.

Package source URL. RepositorySignatureInfo for the source url.

A strongly-typed resource class, for looking up localized strings, etc.

Returns the cached ResourceManager instance used by this class.

Overrides the current thread's CurrentUICulture property for all resource lookups using this strongly typed resource class.

Looks up a localized string similar to An absolute URI is required..

Looks up a localized string similar to The argument cannot be null or empty..

Looks up a localized string similar to author primary signature.

Looks up a localized string similar to A complete certificate chain could not be built for the signing certificate..

Looks up a localized string similar to Certificate chain validation failed..

Looks up a localized string similar to {0} hash: {1}.

Looks up a localized string similar to SHA1 hash: {0}.

Looks up a localized string similar to Issued by: {0}.

Looks up a localized string similar to Subject Name: {0}.

Looks up a localized string similar to Valid from: {0} to {1}.

Looks up a localized string similar to ... {0} more..

Looks up a localized string similar to The following certificates meet all given criteria:.

Looks up a localized string similar to X.509 certificate chain validation will use the default trust store selected by .NET for code signing..

Looks up a localized string similar to X.509 certificate chain validation will use the default trust store selected by .NET for timestamping..

Looks up a localized string similar to X.509 certificate chain validation will use the fallback certificate bundle at '{0}'..

Looks up a localized string similar to X.509 certificate chain validation will not have any trusted roots. Chain building will fail with an untrusted status..

Looks up a localized string similar to X.509 certificate chain validation will use the system certificate bundle at '{0}'..

Looks up a localized string similar to The commitment-type-indication attribute is invalid..

Looks up a localized string similar to The commitment-type-indication attribute contains an invalid combination of values..

Looks up a localized string similar to There are two certificates with conflicting allowUntrustedRoot attributes in the computed settings. The allowUntrustedRoot attribute is going to be set to false. Certificate: {0}-{1}.

Looks up a localized string similar to A list of trusted signers is required but none was found..

Looks up a localized string similar to The package signature certificate fingerprint does not match any certificate fingerprint in the allow list..

Looks up a localized string similar to Unsupported targetFramework value '{0}'..

Looks up a localized string similar to Error parsing nupkg metadata file {0} : {1}.

Looks up a localized string similar to The package is missing the required nuspec file. .

Looks up a localized string similar to signatureValidationMode is set to require, so packages are allowed only if signed by trusted signers; however, no trusted signers were specified..

Looks up a localized string similar to This package is signed but not by a trusted signer..

Looks up a localized string similar to This package was not repository signed with a certificate listed by this repository..

Looks up a localized string similar to This repository indicated that all its packages are repository signed; however, it listed no signing certificates..

Looks up a localized string similar to The package signature file does not contain exactly one primary signature..

Looks up a localized string similar to The package signature contains multiple repository countersignatures..

Looks up a localized string similar to This repository indicated that all its packages are repository signed; however, this package is unsigned..

Looks up a localized string similar to A repository primary signature must not have a repository countersignature..

Looks up a localized string similar to signatureValidationMode is set to require, so packages are allowed only if signed by trusted signers; however, this package is unsigned..

Looks up a localized string similar to Cannot target author signatures that are countersignatures..

Looks up a localized string similar to Byte signature not found in package archive: 0x{0}.

Looks up a localized string similar to There are duplicate packages: {0}.

Looks up a localized string similar to Invalid allowedVersions for package id '{0}': '{1}'.

Looks up a localized string similar to Certificate chain validation failed for an unspecified reason..

Looks up a localized string similar to Invalid minClientVersion: '{0}'.

Looks up a localized string similar to Invalid package archive..

Looks up a localized string similar to Invalid package version for package id '{0}': '{1}'.

Looks up a localized string similar to Invalid package version for a dependency with id '{0}' in package '{1}': '{2}'.

Looks up a localized string similar to Manifest file not found at '{0}'.

Looks up a localized string similar to Multiple timestamps are not accepted..

Looks up a localized string similar to The signature should be timestamped to enable long-term signature validity after the certificate has expired..

Looks up a localized string similar to Null or empty package id.

Looks up a localized string similar to The package is not signed..

Looks up a localized string similar to The package signature is invalid or cannot be verified on this platform..

Looks up a localized string similar to An unexpected error occurred while checking package entries..

Looks up a localized string similar to Unable to delete temporary file '{0}'. Error: '{1}'..

Looks up a localized string similar to The package '{0}' contains an entry '{1}' which is unsafe for extraction..

Looks up a localized string similar to Signed Zip64 packages are not supported..

Looks up a localized string similar to Exactly one {0} attribute is required..

Looks up a localized string similar to The {0} attribute must have exactly one attribute value..

Looks up a localized string similar to Package '{0} {1}' from source '{2}': {3}.

Looks up a localized string similar to Failed to update file time for {0}: {1}.

Looks up a localized string similar to Fail to load packages.config as XML file. Please check it. .

Looks up a localized string similar to Failed to write packages.config as XML file '{0}'. Error: '{1}'..

Looks up a localized string similar to Unable to find fallback package folder '{0}'..

Looks up a localized string similar to HTTP or HTTPS is required..

Looks up a localized string similar to The argument is invalid..

Looks up a localized string similar to Invalid combination of arguments {0} and {1}..

Looks up a localized string similar to The ASN.1 data is invalid..

Looks up a localized string similar to The version string '{0}' is not supported by this toolset. The highest supported version is '{1}'. Either use a lower version or upgrade your toolset..

Looks up a localized string similar to {0} This validation error occurred in a '{1}' element..

Looks up a localized string similar to The nuspec contains an invalid entry '{0}' in package '{1}' ..

Looks up a localized string similar to The framework in the folder name of '{0}' in package '{1}' could not be parsed..

Looks up a localized string similar to The file is not a valid nupkg. File path: {0}.

Looks up a localized string similar to The package contains an invalid package signature file..

Looks up a localized string similar to The package signature file entry is invalid. {0}.

Looks up a localized string similar to The central directory header field '{0}' has an invalid value ({1})..

Looks up a localized string similar to The local file header field '{0}' has an invalid value ({1})..

Looks up a localized string similar to Nuspec file contains a package type with an invalid package version '{0}'..

Looks up a localized string similar to The primary signature is invalid..

Looks up a localized string similar to The repository countersignature is invalid..

Looks up a localized string similar to The package signature content is invalid..

Looks up a localized string similar to The timestamp signature is invalid..

Looks up a localized string similar to The URL value is invalid..

Looks up a localized string similar to Invalid X.509 store purpose..

Looks up a localized string similar to Installed {0} {1} from {2} to {3} with content hash {4}..

Looks up a localized string similar to Path: {0}.

Looks up a localized string similar to MinClientVersion already exists in packages.config.

Looks up a localized string similar to Nuspec file does not contain the '{0}' node..

Looks up a localized string similar to Nuspec file contains a package type that is missing the name attribute..

Looks up a localized string similar to Some dependency group TFMs are missing a platform version: {0}.

Looks up a localized string similar to Some reference assembly group TFMs are missing a platform version: {0}.

Looks up a localized string similar to Some framework assembly reference TFMs are missing a platform version: {0}.

Looks up a localized string similar to Some included files are included under TFMs which are missing a platform version: {0}.

Looks up a localized string similar to Some reference group TFMs are missing a platform version: {0}.

Looks up a localized string similar to Multiple {0} attributes are not allowed..

Looks up a localized string similar to Package contains multiple nuspec files..

Looks up a localized string similar to The package contains multiple package signature files..

Looks up a localized string similar to '{0}' must contain an absolute path '{1}'..

Looks up a localized string similar to The package does not contain a valid package signature file..

Looks up a localized string similar to Verification settings require a repository countersignature, but the package does not have a repository countersignature..

Looks up a localized string similar to The license version string '{0}' is invalid..

Looks up a localized string similar to Unrecognized license type '{0}'.

Looks up a localized string similar to The license element value is empty. This is likely due to an authoring error. .

Looks up a localized string similar to The license version string '{0}' is higher than the one supported by this toolset '{1}'..

Looks up a localized string similar to The element 'license' cannot be empty. .

Looks up a localized string similar to The identifier '{0}' is deprecated..

Looks up a localized string similar to The identifier '{0}' is a license. It cannot be used as an exception..

Looks up a localized string similar to The 'UNLICENSED' license identifier cannot be combined with the '+' operator..

Looks up a localized string similar to The license expression '{0}' contains invalid characters..

Looks up a localized string similar to The identifier '{0}' is not a standard exception..

Looks up a localized string similar to The license expression is invalid..

Looks up a localized string similar to Invalid element '{0}'..

Looks up a localized string similar to The identifier '{0}' is an exception. It cannot be used as a license..

Looks up a localized string similar to The license identifier '{0}' contains invalid characters..

Looks up a localized string similar to Mismatched parentheses in the expression..

Looks up a localized string similar to The license identifier(s) '{0}' is(are) not recognized by the current toolset..

Looks up a localized string similar to Unexpected license identifier '{0}'. The identifier is not allowed in this context..

Looks up a localized string similar to The owner has marked this package as 'UNLICENSED'. This means that there is no license that allows this package to be used outside of the copyright owner..

Looks up a localized string similar to Owners: {0}.

Looks up a localized string similar to The nuget-package-owners attribute is invalid..

Looks up a localized string similar to One or more package owner values are invalid..

Looks up a localized string similar to Service index: {0}.

Looks up a localized string similar to The nuget-v3-service-index-url attribute is invalid..

Looks up a localized string similar to The nuget-v3-service-index-url attribute value is invalid..

Looks up a localized string similar to Package entry already exists in packages.config. Id: {0}.

Looks up a localized string similar to Package entry does not exists in packages.config. Id: {0}, Version: {1}.

Looks up a localized string similar to The '{0}' package requires NuGet client version '{1}' or above, but the current NuGet version is '{2}'. To upgrade NuGet, please go to https://docs.nuget.org/consume/installing-nuget.

Looks up a localized string similar to PackageSignatureVerificationLog: PackageIdentity: {0} Source: {1} PackageSignatureValidity: {2}.

Looks up a localized string similar to Packages node does not exists in packages.config at {0}..

Looks up a localized string similar to Package stream should be seekable.

Looks up a localized string similar to primary signature.

Looks up a localized string similar to The primary signature does not have a timestamp..

Looks up a localized string similar to '{0}' cannot be null..

Looks up a localized string similar to Arguments {0} and {1} were out of bounds for the array..

Looks up a localized string similar to repository countersignature.

Looks up a localized string similar to The repository countersignature does not have a signing certificate..

Looks up a localized string similar to The repository countersignature does not have a timestamp..

Looks up a localized string similar to repository primary signature.

Looks up a localized string similar to Package signature contains an invalid attribute: {0}.

Looks up a localized string similar to Signature hash OID found: {0}.

Looks up a localized string similar to The package hash uses an unsupported hash algorithm..

Looks up a localized string similar to signature.

Looks up a localized string similar to Signature Hash Algorithm: {0}.

Looks up a localized string similar to The package integrity check failed. The package has changed since it was signed. Try clearing the local http-cache and run nuget operation again..

Looks up a localized string similar to Signature type: {0}.

Looks up a localized string similar to The package already contains a signature. Please remove the existing signature before adding a new signature..

Looks up a localized string similar to Package stream read position cannot be longer than the length of the stream..

Looks up a localized string similar to Package stream read position cannot be before the current position in the stream..

Looks up a localized string similar to The package is not signed. Unable to remove signature from an unsigned package..

Looks up a localized string similar to The package is not signed. Unable to verify signature from an unsigned package..

Looks up a localized string similar to The package already contains a repository countersignature. Please remove the existing signature before adding a new repository countersignature..

Looks up a localized string similar to The package was not opened correctly to perform signature operations. Please use a Stream-based constructor to have access to signature attributes of the package..

Looks up a localized string similar to The timestamp certificate does not meet a minimum public key length requirement..

Looks up a localized string similar to The timestamp's generalized time is outside the timestamping certificate's validity period..

Looks up a localized string similar to The timestamp integrity check failed..

Looks up a localized string similar to The timestamp does not have a signing certificate..

Looks up a localized string similar to The timestamp signing certificate is not yet valid..

Looks up a localized string similar to The timestamp signature validation failed..

Looks up a localized string similar to The following certificate cannot be used for package signing as the private key provider is unsupported:.

Looks up a localized string similar to {0} and {1} should be different. Package signing cannot be done in place..

Looks up a localized string similar to The signing-certificate attribute is not allowed..

Looks up a localized string similar to A certificate referenced by the signing-certificate attribute could not be found..

Looks up a localized string similar to The signing-certificate attribute is invalid..

Looks up a localized string similar to Either the signing-certificate or signing-certificate-v2 attribute must be present..

Looks up a localized string similar to A certificate referenced by the signing-certificate-v2 attribute could not be found..

Looks up a localized string similar to The signing-certificate-v2 attribute is invalid..

Looks up a localized string similar to The signing-certificate-v2 attribute uses an unsupported hash algorithm..

Looks up a localized string similar to The signing certificate does not meet a minimum public key length requirement..

Looks up a localized string similar to The lifetime signing EKU in the signing certificate is not supported..

Looks up a localized string similar to The signing certificate has an unsupported signature algorithm..

Looks up a localized string similar to The signing certificate is not yet valid..

Looks up a localized string similar to The package cannot be signed as it would require the Zip64 format..

Looks up a localized string similar to The stream must be readable..

Looks up a localized string similar to The stream must be seekable..

Looks up a localized string similar to String argument '{0}' cannot be null or empty.

Looks up a localized string similar to The timestamp certificate has an unsupported signature algorithm ({0}). The following algorithms are supported: {1}..

Looks up a localized string similar to The timestamper URL '{0}' has an invalid URI scheme. The supported schemes are '{1}' and '{2}'..

Looks up a localized string similar to The timestamp response is invalid. Nonces did not match..

Looks up a localized string similar to The timestamp service responded with HTTP status code '{0}' ('{1}')..

Looks up a localized string similar to The timestamp signature has an unsupported digest algorithm ({0}). The following algorithms are supported: {1}..

Looks up a localized string similar to Timestamp: {0}.

Looks up a localized string similar to An error occurred while updating packages.config. The file was closed before the entry could be added..

Looks up a localized string similar to Unable to parse the current NuGet client version..

Looks up a localized string similar to Package hash information could not be read from the package signature..

Looks up a localized string similar to An unexpected error occurred while verifying a package signature..

Looks up a localized string similar to The enum value '{0}' is unrecognized..

Looks up a localized string similar to The primary signature and repository countersignature are unrelated..

Looks up a localized string similar to The ASN.1 data is unsupported..

Looks up a localized string similar to The package signature format version is not supported. Updating your client may solve this problem..

Looks up a localized string similar to The following X.509 root certificate is untrusted because it is not present in the certificate bundle at {0}. For more information, see documentation for NU3042. Subject: {1} Fingerprint (SHA-256): {2} Certificate (PEM): {3}.

Looks up a localized string similar to The following X.509 root certificate is untrusted because no certificate bundle was found. For more information, see documentation for NU3042. Subject: {0} Fingerprint (SHA-256): {1} Certificate (PEM): {2}.

Looks up a localized string similar to Verifying the {0} with certificate: {1}.

Looks up a localized string similar to Verifying {0}'s timestamp with timestamping service certificate: {1}.

Looks up a localized string similar to The {0} does not have a signing certificate..

Looks up a localized string similar to The revocation function was unable to check revocation because the certificate is not available in the cached certificate revocation list and NUGET_CERT_REVOCATION_MODE environment variable has been set to offline. For more information, visit https://aka.ms/certificateRevocationMode..

Looks up a localized string similar to The revocation function was unable to check revocation because the revocation server could not be reached. For more information, visit https://aka.ms/certificateRevocationMode..

Looks up a localized string similar to The {0} found a chain building issue: {1}.

Looks up a localized string similar to The {0}'s signing certificate is not trusted by the trust provider..

Looks up a localized string similar to The {0}'s certificate does not meet a minimum public key length requirement..

Looks up a localized string similar to The lifetime signing EKU in the {0}'s certificate is not supported..

Looks up a localized string similar to The {0}'s certificate has an unsupported signature algorithm..

Looks up a localized string similar to The {0}'s certificate is not yet valid..

Looks up a localized string similar to The {0}'s certificate chain validation failed with error(s): {1}.

Looks up a localized string similar to The {0} validity period has expired..

Looks up a localized string similar to The {0} validation failed..

Looks up a localized string similar to The {0}'s timestamp certificate does not meet a minimum public key length requirement..

Looks up a localized string similar to The {0}'s timestamp's generalized time is outside the timestamping certificate's validity period..

Looks up a localized string similar to The {0}'s timestamp integrity check failed..

Looks up a localized string similar to The {0} contains an invalid timestamp..

Looks up a localized string similar to The {0} timestamp's message imprint uses an unsupported hash algorithm..

Looks up a localized string similar to The {0}'s timestamp does not have a signing certificate..

Looks up a localized string similar to The {0}'s timestamp signing certificate is not yet valid..

Looks up a localized string similar to The {0}'s timestamp signature has an unsupported digest algorithm..

Looks up a localized string similar to The {0}'s timestamp signature validation failed..

Looks up a localized string similar to The {0}'s timestamp certificate has an unsupported signature algorithm..

Looks up a localized string similar to The {0}'s timestamp found a chain building issue: {1}.

Looks up a localized string similar to The {0}'s timestamping certificate is not trusted by the trust provider..

Looks up a localized string similar to '{0}' changed from '{1}' to '{2}'.

Looks up a localized string similar to The zip format supports a limited date range. The following files are outside the supported range:.

Order dependencies by children first.

Items to sort. Comparer for Ids. Retrieve the id of the item. Retrieve dependency ids.

Order dependencies by children first.

A path resolver to calculate package paths for PackageReference (Global Packages Folder) style directory layouts.

Gets the packages directory root folder.

Gets a flag indicating whether or not package ID's and versions are made lowercase.

Initializes a new class.

The packages directory root folder.

Initializes a new class.

The packages directory root folder. if package ID's and versions are made lowercase; otherwise .

Gets the package install path.

The package ID. The package version. The package install path.

Gets the package version list path.

The package ID. The package version list path.

Gets the package file path.

The package ID. The package version. The package file path.

Gets the manifest file path.

The package ID. The package version. The manifest file path.

Gets the hash file path.

The package ID. The package version. The hash file path.

Gets the hash file name.

The package ID. The package version. The hash file name.

Gets the new hash file path which represents the original hash of the package.

The package ID. The package version. The hash file path.

Gets the version list directory.

The package ID. The version list directory.

Gets the package directory.

The package ID. The package version. The package directory.

Gets the package file name.

The package ID. The package version. The package file name.

Gets the package download marker file name.

The package ID. The package download marker file name.

Gets the manifest file name.

The package ID. The package version. The manifest file name.

Provides functionality for writing an object graph. The output format is defined by implementors.

Writes the start of the root object or an object in an array. This new object becomes the scope for all other method calls until either WriteObjectStart is called again to start a new nested object or WriteObjectEnd is called. Every call to WriteObjectStart must be balanced by a corresponding call to WriteObjectEnd.

Thrown if this object is disposed.

Writes the start of a nested object. This new object becomes the scope for all other method calls until either WriteObjectStart is called again to start a new nested object or WriteObjectEnd is called. Every call to WriteObjectStart must be balanced by a corresponding call to WriteObjectEnd.

The name of the object. Thrown if is . Thrown if this object is disposed.

Writes the end of a nested object. The parent object for this object becomes the scope for subsequent method calls. If this object is the root object, no further writing is allowed. Every call to WriteObjectStart must be balanced by a corresponding call to WriteObjectEnd.

Thrown if this object is disposed.

Writes a name-value pair.

The name of the datum. The datum. Thrown if is . Thrown if this object is disposed.

Writes a name-value pair.

The name of the datum. The datum. Thrown if is . Thrown if this object is disposed.

Writes a name-value pair.

The name of the datum. The datum. Thrown if is . Thrown if this object is disposed.

Writes a name-collection pair.

The name of the data. The data. Thrown if is . Thrown if this object is disposed.

Writes a name-collection pair only if is not empty.

The name of the data. The data. Thrown if is . Thrown if this object is disposed.

Writes the start of an array. The new object becomes the scope of all other methods until WriteArrayStart is called to start a new object in the array, or WriteArrayEnd is called. Every call to WriteArrayStart needs to be balanced with a corresponding call to WriteArrayEnd and not WriteObjectEnd.

The array name Thrown if is . Thrown if this object is disposed.

Writes the end of an array. The parent object for this array becomes the scope for subsequent method calls. If this object is the root object, no further writing is allowed. Every call to WriteArrayStart needs to be balanced with a corresponding call to WriteArrayEnd and not WriteObjectEnd.

Thrown if this object is disposed.

Generates JSON from an object graph. This is non-private only to facilitate unit testing.

Immutable.

Package Id

Package dependencies

Immutable.

RID specific package dependencies, keyed by .

Merges the content of the other runtime description in to this runtime description

The other description to merge in to this description

Gets a singleton, immutable, empty instance of .

Gets a map of keyed by .

Merges the content of two runtime graphs and returns the combined graph.

The other graph to merge in to this graph

Find all compatible RIDs including the current RID.

Determines if two runtime identifiers are compatible, based on the import graph

The criteria being tested The value the criteria is being tested against true if an asset for the runtime in can be installed in a project targeting , false otherwise

Helper for renting hashsets and lists.

RID + package id

RID -> RID compatibility key

A package dependency for a specific RID.

Immutable.

Dependency package id.

Dependency version constraint.

Compares two enumerables for equality, ordered according to the specified key and optional comparer. Handles null values gracefully.

The type of the list The type of the sorting key This list The other list The function to extract the key from each item in the list An optional comparer for comparing keys An optional comparer for sequences

Compares two collections for equality, ordered according to the specified key and optional comparer. Handles null values gracefully.

Compares two lists for equality, ordered according to the specified key and optional comparer. Handles null values gracefully.

Compares two sequence for equality, allowing either sequence to be null. If one is null, both have to be null for equality.

Compares two collections for equality, allowing either collection to be null. If one is null, both have to be null for equality.

Compares two lists for equality, allowing either list to be null. If one is null, both have to be null for equality.

Compares two sets for equality, allowing either sequence to be null. If one is null, both have to be null for equality.

Determines if the current string contains a value equal "false". Leading and trailing whitespace are trimmed and the comparison is case-insensitive

The string to compare. if the current string is equal to a value of "false", otherwise .

Hash code creator, based on the original NuGet hash code combiner/ASP hash code combiner implementations

Create a unique hash code for the given set of items

Return the enumerable as a List of T, copying if required. Optimized for common case where it is an List of T. Avoid mutating the return value.

https://aspnetwebstack.codeplex.com/SourceControl/latest#src/Common/CollectionExtensions.cs

Return the ISet as a HashSet of T, copying if required. Optimized for common case where it is a HashSet of T. Avoid mutating the return value.

Helper function to append an to a . Calling directly causes an allocation by first converting the to a string and then appending that result:


             public StringBuilder Append(int value)
             {
                 return Append(value.ToString(CultureInfo.CurrentCulture));
             }

Note that this uses the current culture to do the conversion while does not do any cultural sensitive conversion.

The to append to. The to append.

Creates a new from a file.

The complete file path to be read into a new . An that contains the contents of the specified file.

Creates a new from a file. Optionally, whitespace can be preserved.

The complete file path to be read into a new . A set of . An that contains the contents of the specified file.

Creates a new from a stream.

The stream that contains the XML data. An that contains the contents of the specified stream.

Creates a new System.Xml.Linq.XDocument from a stream. Optionally, whitespace can be preserved.

The stream that contains the XML data. A set of . An that contains the contents of the specified stream.

Converts the name to a valid XML local name, if it is invalid.

The name to be encoded. The encoded name.

Creates an instance of with safe settings A set of .

Avoids allocating an enumerator when enumerating an .

Returns a struct-based enumerator that avoids heap allocation during enumeration. If the underlying type is then this method will delegate to , otherwise the collection's items are accessed by index via 's indexer directly. When using a struct-based enumerator, no heap allocation occurs during enumeration via . This is in contrast to the interface-based enumerator which will always be allocated on the heap.


              list = ...;
            
             foreach (string item in list.NoAllocEnumerate())
             {
                 // ...
             }]]>

Provides a struct-based enumerator for use with . Do not use this type directly. Use instead.

A struct-based enumerator for use with . Do not use this type directly. Use instead.

Avoids allocating an enumerator when enumerating an where the concrete type has a well known struct enumerator, such as for , or when index-based access is possible via .

Several collection types (e.g. ) provide a struct-based enumerator type (e.g. ) which the compiler can use in statements. When using a struct-based enumerator, no heap allocation occurs during such enumeration. This is in contrast to the interface-based enumerator which will always be allocated on the heap. This method returns a custom struct enumerator that will avoid any heap allocation if (which is declared via interface ) is actually of known concrete type that provides its own struct enumerator. If so, it delegates to that type's enumerator without any boxing or other heap allocation. If is not of a known concrete type, the returned enumerator falls back to the interface-based enumerator, which will be allocated on the heap. Benchmarking shows the overhead in such cases is low enough to be within the measurement error, meaning this is an inexpensive optimization that won't regress behavior and with low downside for cases where it cannot apply an optimization.


              source = ...;
            
             foreach (string item in source.NoAllocEnumerate())
             {
                 // ...
             }]]>

Provides a struct-based enumerator for use with . Do not use this type directly. Use instead.

A struct-based enumerator for use with . Do not use this type directly. Use instead.

Avoids allocating an enumerator when enumerating an where the concrete type has a well known struct enumerator, such as for .


              dictionary = ...;
            
             foreach ((string key, string value) in dictionary.NoAllocEnumerate())
             {
                 // ...
             }]]>

Provides a struct-based enumerator for use with . Do not use this type directly. Use instead.

A struct-based enumerator for use with . Do not use this type directly. Use instead.

Provides a resource pool that enables reusing instances of instances.

Renting and returning buffers with an can increase performance in situations where instances are created and destroyed frequently, resulting in significant memory pressure on the garbage collector. This class is thread-safe. All members may be used by multiple threads concurrently.

Retrieves a shared instance.

Retrieves a that is at least the requested length.

The minimum capacity of the needed. A that is at least in length. This buffer is loaned to the caller and should be returned to the same pool via so that it may be reused in subsequent usage of . It is not a fatal error to not return a rented string builder, but failure to do so may lead to decreased application performance, as the pool may need to create a new instance to replace the one lost.

Returns to the pool an array that was previously obtained via on the same instance, returning the built string.

The previously obtained from to return to the pool. Once a has been returned to the pool, the caller gives up all ownership of the instance and must not use it. The reference returned from a given call to must only be returned via once. The default may hold onto the returned instance in order to rent it again, or it may release the returned instance if it's determined that the pool already has enough instances stored. The string, built from .

Gets a that's completed successfully with the result of .

Returns a that's completed successfully with the result of .

Gets a that's completed successfully with the result of .

Returns a that's completed successfully with the result of .

Returns a of type that's completed successfully with the result of .

Returns a whose value is an empty enumerable of type .

Returns a whose value is an empty array with element type .

Specifies that a type has required members or that a member is required.

Indicates that compiler support for a particular feature is required for the location where this attribute is applied.

The name of the compiler feature.

If true, the compiler can choose to allow access to the location where this attribute is applied if it does not understand .

The used for the ref structs C# feature.

The used for the required members C# feature.

Specifies that null is allowed as an input even if the corresponding type disallows it.

Specifies that null is disallowed as an input even if the corresponding type allows it.

Specifies that an output may be null even if the corresponding type disallows it.

Specifies that an output will not be null even if the corresponding type allows it. Specifies that an input argument was not null when the call returns.

Specifies that when a method returns , the parameter may be null even if the corresponding type disallows it.

Initializes the attribute with the specified return value condition.

The return value condition. If the method returns this value, the associated parameter may be null.

Gets the return value condition.

Specifies that when a method returns , the parameter will not be null even if the corresponding type allows it.

Initializes the attribute with the specified return value condition.

The return value condition. If the method returns this value, the associated parameter will not be null.

Gets the return value condition.

Specifies that the output will be non-null if the named parameter is non-null.

Initializes the attribute with the associated parameter name.

The associated parameter name. The output will be non-null if the argument to the parameter specified is non-null.

Gets the associated parameter name.

Applied to a method that will never return under any circumstance.

Specifies that the method will not return if the associated Boolean parameter is passed the specified value.

Initializes the attribute with the specified parameter value.

The condition parameter value. Code after the method will be considered unreachable by diagnostics if the argument to the associated parameter matches this value.

Gets the condition parameter value.

Specifies that the method or property will ensure that the listed field and property members have not-null values.

Initializes the attribute with a field or property member.

The field or property member that is promised to be not-null.

Initializes the attribute with the list of field and property members.

The list of field and property members that are promised to be not-null.

Gets field or property member names.

Specifies that the method or property will ensure that the listed field and property members have not-null values when returning with the specified return value condition.

Initializes the attribute with the specified return value condition and a field or property member.

The return value condition. If the method returns this value, the associated parameter will not be null. The field or property member that is promised to be not-null.

Initializes the attribute with the specified return value condition and list of field and property members.

The return value condition. If the method returns this value, the associated parameter will not be null. The list of field and property members that are promised to be not-null.

Gets the return value condition.

Gets field or property member names.

Specifies that this constructor sets all required members for the current type, and callers do not need to set any required members themselves.