Skip to content

[release/7.0] Fix SignedCms certificate collection modification with attribute certificates #80188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 9, 2023
Merged

[release/7.0] Fix SignedCms certificate collection modification with attribute certificates #80188

merged 5 commits into from
Jan 9, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jan 4, 2023
edited by vcsjones
Loading

Backport of #79940 and #80195 to release/7.0

/cc @vcsjones

Customer Impact

Reported by a partner for dotnet/sign at #79935. When using SignedCms with a CMS that contains an attribute certificate, such as an RFC3161 timestamp issued by Azure Codesigning, the AddCertificate and RemoveCertificate APIs would raise an exception when adding or removing an X.509 certificate because they did not know how to process the attribute certificate. The impact of this is that these two APIs cannot function in the presence of an attribute certificate.

Testing

This introduces tests to validate behavior of a CMS that contains attribute certificates to prevent regressions.

Risk

Low. The changes are isolated and well understood.

IMPORTANT: Is this backport for a servicing release? Yes.

@vcsjones
Fix SignedCms certificate collection modification with attribute cert…
5ebd265 
…ificates.

When adding or removing certificates from the certificateSet collection, we assumed that the collection would
only contain X.509 certificates. This changes the implementation so that when looking for duplicates, we skip
over choices that are not an X.509 certificate when looking for a duplicate.

The tests peek in to the SignedData ASN.1 to ensure that the attribute certificates are preserved during a round
trip when encoding and decoding a CMS.
@vcsjones
Tests are not applicable for .NET Framework
2316e18
@vcsjones
Clean up tests
ca039cd
@ghost ghost added the area-System.Security label Jan 4, 2023
@ghost
Copy link

ghost commented Jan 4, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #79940 to release/7.0

/cc @vcsjones

Customer Impact

Testing

Risk

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security
Milestone: -

@vcsjones

This comment was marked as outdated.

Sign in to view
@vcsjones vcsjones closed this Jan 4, 2023
@vcsjones vcsjones reopened this Jan 4, 2023
@carlossanlop carlossanlop requested a review from bartonjs January 5, 2023 20:25
@carlossanlop
Copy link
Contributor

@bartonjs when this is ready, please add the servicing-consider label and send an email to Tactics requesting approval.

@bartonjs bartonjs added Servicing-consider Issue for next servicing release review Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Jan 5, 2023
@carlossanlop carlossanlop added this to the 7.0.3 milestone Jan 9, 2023
@carlossanlop
Copy link
Contributor

Approved by Tactics (7.0.3).
Signed off by area owner.
Required OOB changes look good.
CI green.
Ready to merge. :shipit:

@carlossanlop carlossanlop merged commit baf7e5d into release/7.0 Jan 9, 2023
@carlossanlop carlossanlop deleted the backport/pr-79940-to-release/7.0 branch January 9, 2023 17:37
@dtivel dtivel mentioned this pull request Feb 2, 2023
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Feb 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees
No one assigned
Labels
area-System.Security Servicing-approved Approved for servicing release
Projects
None yet
Milestone
7.0.3
Development

Successfully merging this pull request may close these issues.
3 participants
@vcsjones @carlossanlop @bartonjs