Skip to content

Support displaying AttributeValue in binary form #88144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 29, 2023
Merged

Support displaying AttributeValue in binary form #88144

merged 5 commits into from
Jun 29, 2023

Conversation

@vcsjones
Copy link
Member

@vcsjones vcsjones commented Jun 28, 2023
edited
Loading

If an X500DistinguishedName contains an AttributeValue that is not a DirectoryString, the managed decoder will currently throw, catch the error, and return an empty string.

This changes the managed decoding to match the behavior of Windows. If an attribute is a binary value, then it is displayed in a hex encoded value, prefixed with a hash.

There is special handling if the binary value is an OCTET STRING. If the binary content is an octet string, the hex value displayed is the inner content. The outer OCTET STRING bytes are not displayed.

Fixes #88037.

Note: This only changes displaying binary content. Handling the reverse, parsing the strings like new X500DistinguishedName("CN=#1234") will be a separate pull request. That will be a breaking change on non-Windows, and we may decide not to take it. This pull request is not a breaking change and simply unblocks a scenario.

@vcsjones vcsjones requested a review from bartonjs June 28, 2023 14:49
@ghost ghost added the area-System.Security label Jun 28, 2023
@ghost ghost assigned vcsjones Jun 28, 2023
@ghost
Copy link

ghost commented Jun 28, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

If an X500DistinguishedName contains an AttributeValue that is not a DirectoryString, the managed decoder will currently throw, catch the error, and return an empty string.

This changes the managed decoding to match the behavior of Windows. If an attribute is a binary value, then it is displayed in a hex encoded value, prefixed with a hash.

There is special handling if the binary value is an OCTET STRING. If the binary content is an octet string, the hex value displayed is the inner content. The outer OCTET STRING bytes are not displayed.

Author: vcsjones
Assignees: vcsjones
Labels:

area-System.Security
Milestone: -

This was referenced Jun 28, 2023
Closed
Closed
@vcsjones
Copy link
Member Author

vcsjones commented Jun 29, 2023

Test failure is being tracked by #88172. Merging.

@vcsjones vcsjones merged commit d3d537f into dotnet:main Jun 29, 2023
@vcsjones vcsjones deleted the binary-attribute-values branch June 29, 2023 15:08
@vcsjones vcsjones added this to the 8.0.0 milestone Jun 29, 2023
@vcsjones vcsjones mentioned this pull request Jun 29, 2023
Open
@ghost ghost locked as resolved and limited conversation to collaborators Jul 29, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

8.0.0

Development

Successfully merging this pull request may close these issues.

X509Certificate2 class unable to read Subject data from some certificates on WSL/Docker containers/Linux

2 participants

@vcsjones @bartonjs