Skip to content

Conversation

@bartonjs
Copy link
Member

The new certificate loader only loads one data type per method, unlike the previous loader mechanism (new X509Certiicate2(bytes, ...)). It also allows for caller configuration to control cost-of-work limits and some common usability gotchas around Windows PFX loading.

This change adds the new loader, and changes the X509Certificate2 ctors to use it; a followup will mark the ctors as Obsolete and update usage in the dotnet/runtime codebase.

Contributes to #91763.

The new certificate loader only loads one data type per method, unlike
the previous loader mechanism (new X509Certiicate2(bytes, ...)).  It also
allows for caller configuration to control cost-of-work limits and some
common usability gotchas around Windows PFX loading.

This change adds the new loader, and changes the X509Certificate2 ctors
to use it; a followup will mark the ctors as Obsolete and update usage in
the dotnet/runtime codebase.
@bartonjs bartonjs added this to the 9.0.0 milestone May 13, 2024
@bartonjs bartonjs self-assigned this May 13, 2024
@ghost
Copy link

ghost commented May 13, 2024

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

set
{
if (value < 0)
throw new ArgumentOutOfRangeException(nameof(value), SR.ArgumentOutOfRange_NeedNonNegNum);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Earlier an ifdef was used to use ObjectDisposedException.ThrowIf if it's available. I assume we're not doing so here with AOORE just because there are a bunch of them and it'd be abnoxious?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was the reason, yeah; but looking at it now in this file it's just repeating a negative check, so making a helper seems reasonable (it'll get re-used)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How "amusing"... I updated every instance except the one this comment was on. Fixed locally now.

{
if (!pfxAsn.VerifyMac(password, authSafeContents))
{
password = password.ContainsNull() ? "".AsSpan() : default;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not clear on the reasoning here. If it contains null we make it non-null and if it doesn't contain null we make it null?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. From the API perspective null and empty are the same thing, but from the algorithm perspective they're different. So if we got null, try again with empty, and if we got empty, try again with null.

Copy link
Member

@vcsjones vcsjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I have so far. Scrollbar says I have a ways to go still.

@vcsjones
Copy link
Member

/azp run runtime-androidemulator

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@bartonjs
Copy link
Member Author

/azp run runtime-androidemulator

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@bartonjs
Copy link
Member Author

/azp run runtime-androidemulator

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@vcsjones
Copy link
Member

/azp run runtime-ioslikesimulator

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@bartonjs bartonjs merged commit d4fe4a7 into dotnet:main Jun 25, 2024
@bartonjs bartonjs deleted the x509loader branch June 25, 2024 22:10
@pavelsavara
Copy link
Member

pavelsavara commented Jun 26, 2024

this is preventing code flow into azdo internal repo because the security scanner detects credentials.

 ! [remote rejected]         main -> main (VS403654: The push was rejected because it contains one or more secrets.

Resolve the following secrets before pushing again. For help, see https://aka.ms/1ESSecretScanning.

Secrets:

commit: d4fe4a7e987584bfa4904dd1027a873029b2005d
paths:
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2710,1-26) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2723,1-26) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2745,1-29) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2752,1-30) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2802,1-26) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2881,1-30) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(2964,1-26) : SEC101/013 : PemPrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(57,149-13) : SEC101/055 : Pkcs12PrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(1476,41-55) : SEC101/055 : Pkcs12PrivateKey
/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs(3443,13-26) : SEC101/055 : Pkcs12PrivateKey)

See also #104021

@github-actions github-actions bot locked and limited conversation to collaborators Jul 27, 2024
@bartonjs bartonjs added the cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. label Aug 15, 2024
@bartonjs bartonjs added the breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. label Sep 12, 2024
@dotnet-policy-service dotnet-policy-service bot added the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Sep 12, 2024
@bartonjs
Copy link
Member Author

Breaking change docs written. dotnet/docs#42613

@bartonjs bartonjs removed the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Sep 12, 2024
@bartonjs bartonjs added the tracking This issue is tracking the completion of other related issues. label Oct 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

area-System.Security breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. new-api-needs-documentation tracking This issue is tracking the completion of other related issues.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants