Skip to content

Add versioning to dotnet-dev-certs #10908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Jun 6, 2019
Merged

Add versioning to dotnet-dev-certs #10908

merged 14 commits into from
Jun 6, 2019

Conversation

jkotalik
Copy link
Contributor

@jkotalik jkotalik commented Jun 5, 2019

Fixes #9810

Also does a few cleanup items:

  • Uses EnsureValidCertificateExists that returns diagnostic info.
  • Increases log level on dotnet dev-certs https --check to info rather than verbose.

@jkotalik jkotalik requested review from analogrelay and javiercn June 5, 2019 17:58
javiercn
javiercn reviewed Jun 5, 2019
View reviewed changes
@jkotalik jkotalik requested a review from Tratcher June 5, 2019 18:07
@jkotalik
Copy link
Contributor Author

jkotalik commented Jun 5, 2019

I got a very weird exception on the mac agents.

  Microsoft.Net.Http.Headers -> /Users/vsts/agent/2.150.3/work/1/s/artifacts/bin/Microsoft.Net.Http.Headers-ref/Release/netcoreapp3.0/Microsoft.Net.Http.Headers.dll
System.Runtime.InteropServices.SEHException: External component has thrown an exception.
   at System.TimeSpan.get_TotalMilliseconds()
   at System.Text.RegularExpressions.RegexRunner.Scan(System.Text.RegularExpressions.Regex, System.String, Int32, Int32, Int32, Int32, Boolean, System.TimeSpan)
   at System.Text.RegularExpressions.Regex.Run(Boolean, Int32, System.String, Int32, Int32, Int32)
   at System.Text.RegularExpressions.Regex.Match(System.String, Int32)
   at System.Text.RegularExpressions.Regex.Replace(System.Text.RegularExpressions.MatchEvaluator, System.Text.RegularExpressions.Regex, System.String, Int32, Int32)
   at Microsoft.Build.Evaluation.Expander`2+MetadataExpander[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ExpandMetadataLeaveEscaped(System.String, Microsoft.Build.Evaluation.IMetadataTable, Microsoft.Build.Evaluation.ExpanderOptions, Microsoft.Build.Shared.IElementLocation)
   at Microsoft.Build.Evaluation.Expander`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ExpandIntoStringLeaveEscaped(System.String, Microsoft.Build.Evaluation.ExpanderOptions, Microsoft.Build.Shared.IElementLocation)
   at Microsoft.Build.Evaluation.ConditionEvaluator+ConditionEvaluationState`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ExpandIntoStringBreakEarly(System.String)
   at Microsoft.Build.Evaluation.StringExpressionNode.EvaluatesToEmpty(IConditionEvaluationState)
   at Microsoft.Build.Evaluation.MultipleComparisonNode.BoolEvaluate(IConditionEvaluationState)
   at Microsoft.Build.Evaluation.ConditionEvaluator.EvaluateConditionCollectingConditionedProperties[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]](System.String, Microsoft.Build.Evaluation.ParserOptions, Microsoft.Build.Evaluation.Expander`2<System.__Canon,System.__Canon>, Microsoft.Build.Evaluation.ExpanderOptions, System.Collections.Generic.Dictionary`2<System.String,System.Collections.Generic.List`1<System.String>>, System.String, Microsoft.Build.Construction.ElementLocation, Microsoft.Build.BackEnd.Logging.ILoggingService, Microsoft.Build.Framework.BuildEventContext, Microsoft.Build.Shared.FileSystem.IFileSystem, Microsoft.Build.Evaluation.ProjectRootElementCache)
   at Microsoft.Build.BackEnd.ItemGroupIntrinsicTask.ExecuteTask(Microsoft.Build.BackEnd.Lookup)
   at Microsoft.Build.BackEnd.TaskBuilder+<ExecuteBucket>d__19.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TaskBuilder+<ExecuteBucket>d__19, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ExecuteBucket>d__19 ByRef)
   at Microsoft.Build.BackEnd.TaskBuilder.ExecuteBucket(Microsoft.Build.BackEnd.TaskHost, Microsoft.Build.BackEnd.ItemBucket, Microsoft.Build.BackEnd.TaskExecutionMode, System.Collections.Generic.Dictionary`2<System.String,System.String>)
   at Microsoft.Build.BackEnd.TaskBuilder+<ExecuteTask>d__18.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TaskBuilder+<ExecuteTask>d__18, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ExecuteTask>d__18 ByRef)
   at Microsoft.Build.BackEnd.TaskBuilder.ExecuteTask(Microsoft.Build.BackEnd.TaskExecutionMode, Microsoft.Build.BackEnd.Lookup)
   at Microsoft.Build.BackEnd.TaskBuilder+<ExecuteTask>d__13.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TaskBuilder+<ExecuteTask>d__13, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ExecuteTask>d__13 ByRef)
   at Microsoft.Build.BackEnd.TaskBuilder.ExecuteTask(Microsoft.Build.BackEnd.Logging.TargetLoggingContext, Microsoft.Build.BackEnd.BuildRequestEntry, Microsoft.Build.BackEnd.ITargetBuilderCallback, Microsoft.Build.Execution.ProjectTargetInstanceChild, Microsoft.Build.BackEnd.TaskExecutionMode, Microsoft.Build.BackEnd.Lookup, Microsoft.Build.BackEnd.Lookup, System.Threading.CancellationToken)
   at Microsoft.Build.BackEnd.TargetEntry+<ProcessBucket>d__51.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TargetEntry+<ProcessBucket>d__51, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ProcessBucket>d__51 ByRef)
   at Microsoft.Build.BackEnd.TargetEntry.ProcessBucket(Microsoft.Build.BackEnd.ITaskBuilder, Microsoft.Build.BackEnd.Logging.TargetLoggingContext, Microsoft.Build.BackEnd.TaskExecutionMode, Microsoft.Build.BackEnd.Lookup, Microsoft.Build.BackEnd.Lookup)
   at Microsoft.Build.BackEnd.TargetEntry+<ExecuteTarget>d__44.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TargetEntry+<ExecuteTarget>d__44, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ExecuteTarget>d__44 ByRef)
   at Microsoft.Build.BackEnd.TargetEntry.ExecuteTarget(Microsoft.Build.BackEnd.ITaskBuilder, Microsoft.Build.BackEnd.BuildRequestEntry, Microsoft.Build.BackEnd.Logging.ProjectLoggingContext, System.Threading.CancellationToken)
   at Microsoft.Build.BackEnd.TargetBuilder+<ProcessTargetStack>d__21.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TargetBuilder+<ProcessTargetStack>d__21, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<ProcessTargetStack>d__21 ByRef)
   at Microsoft.Build.BackEnd.TargetBuilder.ProcessTargetStack(Microsoft.Build.BackEnd.ITaskBuilder)
   at Microsoft.Build.BackEnd.TargetBuilder+<BuildTargets>d__10.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.TargetBuilder+<BuildTargets>d__10, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<BuildTargets>d__10 ByRef)
   at Microsoft.Build.BackEnd.TargetBuilder.BuildTargets(Microsoft.Build.BackEnd.Logging.ProjectLoggingContext, Microsoft.Build.BackEnd.BuildRequestEntry, Microsoft.Build.BackEnd.IRequestBuilderCallback, System.String[], Microsoft.Build.BackEnd.Lookup, System.Threading.CancellationToken)
   at Microsoft.Build.BackEnd.RequestBuilder+<BuildProject>d__58.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.RequestBuilder+<BuildProject>d__58, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<BuildProject>d__58 ByRef)
   at Microsoft.Build.BackEnd.RequestBuilder.BuildProject()
   at Microsoft.Build.BackEnd.RequestBuilder+<BuildAndReport>d__50.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.RequestBuilder+<BuildAndReport>d__50, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<BuildAndReport>d__50 ByRef)
   at Microsoft.Build.BackEnd.RequestBuilder.BuildAndReport()
   at Microsoft.Build.BackEnd.RequestBuilder+<RequestThreadProc>d__49.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Microsoft.Build.BackEnd.RequestBuilder+<RequestThreadProc>d__49, Microsoft.Build, Version=15.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]](<RequestThreadProc>d__49 ByRef)
   at Microsoft.Build.BackEnd.RequestBuilder.RequestThreadProc(Boolean)
   at System.Threading.Tasks.Task`1[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef, System.Threading.Thread)
   at System.Threading.Tasks.Task.ExecuteEntry()
   at Microsoft.Build.BackEnd.RequestBuilder+DedicatedThreadsTaskScheduler.<InjectThread>b__6_0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

@jkotalik jkotalik added the area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI label Jun 5, 2019
Tratcher
Tratcher reviewed Jun 5, 2019
View reviewed changes
Tratcher
Tratcher approved these changes Jun 5, 2019
View reviewed changes
@jkotalik
Copy link
Contributor Author

jkotalik commented Jun 5, 2019

@javiercn do you still want to take another look before I merge?

@javiercn
Copy link
Member

javiercn commented Jun 5, 2019

@jkotalik Yes, I started but wasn't done

analogrelay
analogrelay reviewed Jun 5, 2019
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but leaving it to @javiercn to sign-off ;)

src/Shared/CertificateGeneration/CertificateManager.cs
@@ -171,10 +195,22 @@ public X509Certificate2 CreateAspNetCoreHttpsDevelopmentCertificate(DateTimeOffs
pathLengthConstraint: 0,
critical: true);

byte[] bytePayload;

if (AspNetHttpsCertificateVersion != 0)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This raises the question of if we need to support creating old cert versions. I don't think we do, at least not yet. The new cert should be compatible with old code (it just adds some EKUs that were technically required anyway). If we make a breaking change to the cert we could add this kind of logic back.

That would also mean AspNetHttpCertificateVersion can be static readonly.

Copy link
Contributor Author

@jkotalik jkotalik Jun 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I doubt we need to, and even if we need to, we can work around it. I'd rather not over-engineer this. The only reason AspNetHttpCertificateVersion is public is for testing. I can make it internal.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to support going back and I don't think we would ever need. The cert needs to be backwards compatible or we would have to use a different OID if we have to make breaking changes

analogrelay
analogrelay reviewed Jun 5, 2019
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but leaving it to @javiercn to sign-off ;)

analogrelay
analogrelay reviewed Jun 5, 2019
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but leaving it to @javiercn to sign-off ;)

analogrelay
analogrelay reviewed Jun 5, 2019
View reviewed changes
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but leaving it to @javiercn to sign-off ;)

@jkotalik
Copy link
Contributor Author

jkotalik commented Jun 5, 2019

@javiercn added a swanky fixture to cleanup certs on startup and shutdown (still need to clean up before each test).

@jkotalik
Copy link
Contributor Author

jkotalik commented Jun 6, 2019

@aspnet-hello triage https://dev.azure.com/dnceng/public/_build/results?buildId=214090

@jkotalik jkotalik added this to the 3.0.0-preview7 milestone Jun 6, 2019
@jkotalik jkotalik merged commit fdba8a9 into master Jun 6, 2019
@ghost ghost deleted the jkotalik/devCert branch June 6, 2019 05:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@analogrelay analogrelay analogrelay left review comments

@Tratcher Tratcher Tratcher approved these changes

@javiercn javiercn javiercn approved these changes

Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI
Projects
None yet
Milestone
3.0.0-preview7
Development

Successfully merging this pull request may close these issues.

Dev Certs tool should handle "upgrading" certificates as necessary
4 participants
@jkotalik @javiercn @analogrelay @Tratcher