From cd4c139156fa893fe4e04cee80f4ade9629bb9dd Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 23 Dec 2022 13:34:13 -0500 Subject: [PATCH 1/5] Fix SignedCms certificate collection modification with attribute certificates. When adding or removing certificates from the certificateSet collection, we assumed that the collection would only contain X.509 certificates. This changes the implementation so that when looking for duplicates, we skip over choices that are not an X.509 certificate when looking for a duplicate. The tests peek in to the SignedData ASN.1 to ensure that the attribute certificates are preserved during a round trip when encoding and decoding a CMS. --- .../Security/Cryptography/Pkcs/SignedCms.cs | 4 +- .../tests/SignedCms/SignedCmsTests.cs | 75 +++++++ .../tests/SignedCms/SignedDocuments.cs | 189 ++++++++++++++++++ ...em.Security.Cryptography.Pkcs.Tests.csproj | 3 + 4 files changed, 269 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs index bc38187f6edc2..07f7f8df07d2e 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs @@ -677,7 +677,7 @@ public void AddCertificate(X509Certificate2 certificate) { foreach (CertificateChoiceAsn cert in _signedData.CertificateSet!) { - if (cert.Certificate!.Value.Span.SequenceEqual(rawData)) + if (cert.Certificate is not null && cert.Certificate.Value.Span.SequenceEqual(rawData)) { throw new CryptographicException(SR.Cryptography_Cms_CertificateAlreadyInCollection); } @@ -712,7 +712,7 @@ public void RemoveCertificate(X509Certificate2 certificate) foreach (CertificateChoiceAsn cert in _signedData.CertificateSet!) { - if (cert.Certificate!.Value.Span.SequenceEqual(rawData)) + if (cert.Certificate is not null && cert.Certificate.Value.Span.SequenceEqual(rawData)) { PkcsHelpers.RemoveAt(ref _signedData.CertificateSet, idx); Reencode(); diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index c89cfa54bb8c2..a7154ef9b2057 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.Xml; @@ -1611,6 +1612,49 @@ public static void Decode_CanDecodeWithAttributeCertificate() cms.CheckSignature(verifySignatureOnly: true); } + [Fact] + public static void AddCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.CheckSignature(true); + + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + int certCount = signedCms.Certificates.Count; + + using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + { + CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); + + using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) + { + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); + + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); + } + } + } + + [Fact] + public static void RemoveCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + + signedCms.RemoveCertificate(signedCms.Certificates[0]); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore - 1, countAfter); + } + private static void CheckNoSignature(byte[] encoded, bool badOid=false) { SignedCms cms = new SignedCms(); @@ -1630,5 +1674,36 @@ private static void CheckNoSignature(byte[] encoded, bool badOid=false) cms.CheckHash(); } } + + public static int CountCertificateChoices(byte[] encoded) + { + AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); + reader = reader.ReadSequence(); + reader.ReadObjectIdentifier(); + reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); + reader = reader.ReadSequence(); + + reader.ReadInteger(); // version + reader.ReadSetOf(); // digestAlgorithms + reader.ReadSequence(); // encapsulatedContentInfo + + Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] + + if (reader.PeekTag() == expectedTag) + { + AsnReader certs = reader.ReadSetOf(expectedTag); + int count = 0; + + while (certs.HasData) + { + certs.ReadEncodedValue(); + count++; + } + + return count; + } + + return 0; + } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs index cce3114824794..83a8aa4da9ae9 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs @@ -1626,5 +1626,194 @@ internal static class SignedDocuments "6AB46C76047604BA7DF071EE0137B73F4D9DF616095C8F1CA9EB925B6D4C6ABC" + "FFEB73A81903169C6B487B316AFC951F696831A4B29B9ABCEA7EBCD243A553D2" + "F8B44FDA1B0AC0").HexToByteArray(); + + internal static readonly byte[] CmsWithAttributeCertificate = ( + "3082174e06092a864886f70d010702a082173f3082173b020103310f300d0609" + + "608648016503040201050030820161060b2a864886f70d0109100104a0820150" + + "0482014c30820148020101060a2b0601040184590a03013031300d0609608648" + + "01650304020105000420dffd6021bb2bd5b0af676290809ec3a53191dd81c7f7" + + "0a4b28688a362182986f020663a04d30704d1813323032323132323331343430" + + "34302e3133375a3004800201f4a081e0a481dd3081da310b3009060355040613" + + "025553311330110603550408130a57617368696e67746f6e3110300e06035504" + + "0713075265646d6f6e64311e301c060355040a13154d6963726f736f66742043" + + "6f72706f726174696f6e31253023060355040b131c4d6963726f736f66742041" + + "6d6572696361204f7065726174696f6e7331263024060355040b131d5468616c" + + "6573205453532045534e3a424237332d393646442d3737454631353033060355" + + "0403132c4d6963726f736f6674205075626c6963205253412054696d65205374" + + "616d70696e6720417574686f72697479a08211e6308207823082056aa0030201" + + "0202133300000005e5cf0fff662ec987000000000005300d06092a864886f70d" + + "01010c05003077310b3009060355040613025553311e301c060355040a13154d" + + "6963726f736f667420436f72706f726174696f6e314830460603550403133f4d" + + "6963726f736f6674204964656e7469747920566572696669636174696f6e2052" + + "6f6f7420436572746966696361746520417574686f726974792032303230301e" + + "170d3230313131393230333233315a170d3335313131393230343233315a3061" + + "310b3009060355040613025553311e301c060355040a13154d6963726f736f66" + + "7420436f72706f726174696f6e31323030060355040313294d6963726f736f66" + + "74205075626c6963205253412054696d657374616d70696e6720434120323032" + + "3030820222300d06092a864886f70d01010105000382020f003082020a028202" + + "01009e7ce75263fde0c59f057d63b50622a31c1ed7e79733d11305bd65464777" + + "91c15d706f7fb2ab43970c4aa1521c6aa0dbfa89858a8e431c2e1105c6f24078" + + "d70b0324fe5dd3398b60a018f19c6fde5624b8b0ec7ccb8812abc660e3d44401" + + "fe61b9784891044a7b7431b3c4a0a74d8a1c0ce711afd2b1a87c9d6a39849335" + + "c739e446c14fbbaadf0c7799786d566b5c084af964a4e428a1350b166f34f59d" + + "1962543c2e9ee2e45f58722165c802b09faca337f911e1f92ab9459f1a6328a4" + + "dabf07c53fa5da199196506f1365a893a20468025a9c7af6e2aa2a14cf562de0" + + "544ae773faa2f9d47c036322033d243749e1ed2a883466e6c39388442d04b19d" + + "f5585dd4c69dc6819c1eb442b12e6b3bdca1bf67e3247ae6950d042179a9e038" + + "4306278a50647e799e02344ddcb56e2ebd20d055e4a9f61d5268f57c51611fc9" + + "3c601a33ac46979ec48bde47530f4d57fb82df2163ae1734f3ba8b2506b0482d" + + "f1cd8fc45f3b13e08eec0dbc4e98cdab978b8a2ba784a6ead176e390da14e498" + + "6d614ae59806e9c518dbf6d4ab78376d002a66deb929c69ec04277672344a1bb" + + "f7e4d7fac4de85ac0ea317de38efe347bc28de58b09067733c9607827279e14c" + + "5b72417dd7802a1ce88457bc539c3d5aebdc3f513c708c4ba0a483cc20813aed" + + "2159d8f328dbbc6394b007596de5d421001632cd1dddc443bf4f52bf055177ad" + + "5ebd0203010001a382021b30820217300e0603551d0f0101ff04040302018630" + + "1006092b06010401823715010403020100301d0603551d0e041604146b69283a" + + "352f486340cf7bd8af49e93ed93ddb2130540603551d20044d304b3049060455" + + "1d20003041303f06082b060105050702011633687474703a2f2f7777772e6d69" + + "63726f736f66742e636f6d2f706b696f70732f446f63732f5265706f7369746f" + + "72792e68746d30130603551d25040c300a06082b06010505070308301906092b" + + "0601040182371402040c1e0a00530075006200430041300f0603551d130101ff" + + "040530030101ff301f0603551d23041830168014c87ed26a852a1bca19980407" + + "27cf50104f68a8a23081840603551d1f047d307b3079a077a075867368747470" + + "3a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f" + + "4d6963726f736f66742532304964656e74697479253230566572696669636174" + + "696f6e253230526f6f742532304365727469666963617465253230417574686f" + + "72697479253230323032302e63726c30819406082b0601050507010104818730" + + "818430818106082b060105050730028675687474703a2f2f7777772e6d696372" + + "6f736f66742e636f6d2f706b696f70732f63657274732f4d6963726f736f6674" + + "2532304964656e74697479253230566572696669636174696f6e253230526f6f" + + "742532304365727469666963617465253230417574686f726974792532303230" + + "32302e637274300d06092a864886f70d01010c050003820201005f8876c77e6d" + + "b55a1575e74c7868fa4ee1d844992515a5b8b13439afe93bee207bf5c48b35ef" + + "86cd18efe2956326f89c796e8017ac9c5a81184742d885a6b4a3324b539622f8" + + "b0a672b768be4979dc336de045ecf3b283a2061bf5e1849dd4a967964cef82cd" + + "bd5cd8d3f9cf2121f3d17bdaef54230f887ef33d9730e67363b610d0fb30f9eb" + + "72359d427acb9f536d75acbb252cab0ef05d9a06cd9c228d64f9a1ce86bc3dc7" + + "0e8909638d35ba19e3dee6c185b911f3745b7ccbe6cdda7785ed9bbc8533b523" + + "ae17346aacb7c4bec3e4547627bc7d70b58cabb79bd28622a1786a576b6016a6" + + "ca1de0e2724f8ff2d1d8205a2f20fed81b86642566a0d47f752a510b1968b748" + + "bbf5d28e0a19a838da9b308f26d38b8b6841c0bf8ab0287435bc1cdb57f9c6f3" + + "d2c329b4524af8a39b0270c51c4b2e9310feee315f115f4787ff824b1291b269" + + "ee8a8bc258839bf87ec34689fd4e5c72762161beef3ca34c37e4990d6c9c5393" + + "832117f2a06979f41b1747f1e9446b6226ab8e6069af03fa64e6f0b595c9db78" + + "cadc583ff6ea8cde3d0fd359f3572813a6905a6f3c4f021fe11e1865b3a930a3" + + "740b27a368f34de352c65c778250c626071dcf90ff000c70f52760abffab63b8" + + "e382ced7e9fa8f4d73e66820092951c03f5f681232480700f52f21db684801c4" + + "50a881848e89422bd17a9caf59c97e2586d86c187ba668005d5b308207963082" + + "057ea00302010202133300000020b001af2f87675c8b000000000020300d0609" + + "2a864886f70d01010c05003061310b3009060355040613025553311e301c0603" + + "55040a13154d6963726f736f667420436f72706f726174696f6e313230300603" + + "55040313294d6963726f736f6674205075626c6963205253412054696d657374" + + "616d70696e672043412032303230301e170d3232303730373138333732355a17" + + "0d3233303730373138333732355a3081da310b30090603550406130255533113" + + "30110603550408130a57617368696e67746f6e3110300e060355040713075265" + + "646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f72" + + "6174696f6e31253023060355040b131c4d6963726f736f667420416d65726963" + + "61204f7065726174696f6e7331263024060355040b131d5468616c6573205453" + + "532045534e3a424237332d393646442d37374546313530330603550403132c4d" + + "6963726f736f6674205075626c6963205253412054696d65205374616d70696e" + + "6720417574686f7269747930820222300d06092a864886f70d01010105000382" + + "020f003082020a028202010097eb0cf8c8029c1a4123dd594c6e00d8afe06644" + + "da86c76d821dd4b437aca798906da023ad208e467fafdd60424f8c1899b01f7c" + + "989b0b7b59eef74d99799740f92395d64d9e44e6c35320bd89562c5cd40a1059" + + "da37ff452790bd04c259d7798fb40630f81cb9ab39de3411299121b11cc9214f" + + "0d30c954a387c077d9426bc0b58749b7301821de54d42d87f47633f2ef0facaa" + + "267cd64d453599e13388812426a7cc2a772e41fbdceb71c6c815bc0782b98e50" + + "1a35649fc29ec6bb6d98d7217776b4a914ec1bacbb6d0a937eeb998b6300f782" + + "b5fdc0c5378f56ebb221fc5e8726cf542bbc0116186e1da016fd60c6456bdd60" + + "3fcfd476a2ed2662d8565a4a18df134ca6a0c5a17ee8d902e22f04b4299b697c" + + "6475dd0f9977fd3f1b09b59409f1e66f62df74b6bff626890e53efc7e7a435cd" + + "575081fa6dfd68badda8592044fe1fbc8beb9a1e79a3fa2508af74f736b0314b" + + "ac231b8a8d9cc8868a547e66089ed821a40aea030d7e25bc21e863d81e13b938" + + "9aa4cddba2ec4423614ef9ef4843e9017cf6f74bc9971db7624b6c0100a22f15" + + "bf6a7ba47ace7f7926c13875247cc49b88a45f02bb9705388e940a9024456460" + + "75e0a007e0d421a736546ec9e8705dc548774aaa1ba35201b566f7d04a70b9bf" + + "86312bbbd35dd6bf7d51c501efe555e4d685dda7870922a4c41a9536b97c664c" + + "42136c81a910098ef12f23790203010001a38201cb308201c7301d0603551d0e" + + "04160414b8420c5a3a4a34ef5498a0d88df07070f3bba7a5301f0603551d2304" + + "18301680146b69283a352f486340cf7bd8af49e93ed93ddb21306c0603551d1f" + + "046530633061a05fa05d865b687474703a2f2f7777772e6d6963726f736f6674" + + "2e636f6d2f706b696f70732f63726c2f4d6963726f736f66742532305075626c" + + "696325323052534125323054696d657374616d70696e67253230434125323032" + + "3032302e63726c307906082b06010505070101046d306b306906082b06010505" + + "073002865d687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b" + + "696f70732f63657274732f4d6963726f736f66742532305075626c6963253230" + + "52534125323054696d657374616d70696e672532304341253230323032302e63" + + "7274300c0603551d130101ff0402300030160603551d250101ff040c300a0608" + + "2b06010505070308300e0603551d0f0101ff04040302078030660603551d2004" + + "5f305d3051060c2b0601040182374c837d01013041303f06082b060105050702" + + "011633687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f" + + "70732f446f63732f5265706f7369746f72792e68746d3008060667810c010402" + + "300d06092a864886f70d01010c050003820201003e041f26747dbe76f22adc0d" + + "e56aa190c6c9937af491ef40a80098131f143214749d2688be45c99b6f8ddc6a" + + "0f2d93cfe974bf898777e5fa1c7dcecea3c2ea4a9f1f490d620d6873b53300b5" + + "197c01d4a1c709a0a462684e425b9ecb1358cf083c03fff797dc46f131066429" + + "de68aa9cbe560e778d77bac22008dc2d5106014a63d8c749d38c661dadadaae4" + + "27e82bd5b9316bdd98b765f8056a931b8ed14a6fa21ebc92ddb27d09f6a5ff12" + + "437d8edccfc7efba52e13ff0cf849097569c5ac5d8d4025af968b356bd79514d" + + "c12cf4ad4003c20e722e13968fb90ea37798a9c1916de9d1e53c38ad0b37e247" + + "6abcd607c2ab085d876857cf6fda8c1c52a1ddbbea33ba24293769ded15b40e9" + + "d8cfa7e63735637e5857f10a56284efc7dde724ac4a155860b298a5ecdd74f79" + + "289140a99492f21a66e8b4d0b1f99bdf488e3cfaebaf642f7eac022a06676a2d" + + "0b1e027f475f2baf2c0831b12f78b0ca01aaf4ead628cab94f0b14aa5efaeb87" + + "82fca84bd590bca0dfe8bb2a58cb3b740a0ee006a25c7279dcc3371d45b6e610" + + "fd9a03a25d0e3f4b0c75cd30d8d7db4791b00a49291b5cf59b6861bb966a1b84" + + "3b26700d8afe9afb3f54b20f076e9b629bedbe6fc1384532e39cec71c9026373" + + "77e884c5dc801bbc6d9577d47d90aaedd087337e7d1f24107971aaeb42e32499" + + "c499083fd610892d18bfe9a5e1b3979fd7507269a18202c23082022b02010130" + + "820108a181e0a481dd3081da310b300906035504061302555331133011060355" + + "0408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64" + + "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + + "31253023060355040b131c4d6963726f736f667420416d6572696361204f7065" + + "726174696f6e7331263024060355040b131d5468616c6573205453532045534e" + + "3a424237332d393646442d37374546313530330603550403132c4d6963726f73" + + "6f6674205075626c6963205253412054696d65205374616d70696e6720417574" + + "686f72697479a2230a0101300706052b0e03021a031500713fd5ca3151c27d82" + + "dff783846024d47dc89c92a0673065a4633061310b3009060355040613025553" + + "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + + "31323030060355040313294d6963726f736f6674205075626c69632052534120" + + "54696d657374616d70696e672043412032303230300d06092a864886f70d0101" + + "050500020500e75011b13022180f32303232313232333139333832355a180f32" + + "303232313232343139333832355a3077303d060a2b0601040184590a0401312f" + + "302d300a020500e75011b1020100300a020100020225a40201ff300702010002" + + "02103e300a020500e75163310201003036060a2b0601040184590a0402312830" + + "26300c060a2b0601040184590a0302a00a3008020100020307a120a10a300802" + + "010002030186a0300d06092a864886f70d01010505000381810089add4c4e06d" + + "5a634850da6fb8197070157501212b7669e5bd48eeb2de5b1d24d58fada655da" + + "ad85a1943bdcbf1a33c3ee3c8b6c2f9ba8873d2c449d447e1f43c4245fe9172e" + + "e5eab38442cf2eb81655486628db01452be945340eebd855a64e29181a4f578d" + + "f9cc14d02b6f1b3da3d41595463fe96a0ce961245201ae0ef664318203d43082" + + "03d002010130783061310b3009060355040613025553311e301c060355040a13" + + "154d6963726f736f667420436f72706f726174696f6e31323030060355040313" + + "294d6963726f736f6674205075626c6963205253412054696d657374616d7069" + + "6e67204341203230323002133300000020b001af2f87675c8b00000000002030" + + "0d06096086480165030402010500a082012d301a06092a864886f70d01090331" + + "0d060b2a864886f70d0109100104302f06092a864886f70d0109043122042015" + + "6a9c3cbbc59a83b57308b9ff5783c4f4af776cc3fe5291f086313f5aede03730" + + "81dd060b2a864886f70d010910022f3181cd3081ca3081c73081a00420586284" + + "fbd9a5cb98871b82c01557d1349c0fed98d9bcfcf3daa3c6b9c1e3f444307c30" + + "65a4633061310b3009060355040613025553311e301c060355040a13154d6963" + + "726f736f667420436f72706f726174696f6e31323030060355040313294d6963" + + "726f736f6674205075626c6963205253412054696d657374616d70696e672043" + + "41203230323002133300000020b001af2f87675c8b0000000000203022042047" + + "6a414df916ea44c176dfe014b74b7a722f3d3ab504771bc5907f76f1426dd330" + + "0d06092a864886f70d01010b050004820200269d12401fb57ddf9907e7679898" + + "e234e19c3eb32b3116ed721f6dafa61d6b71b0257d1b2b435bce97ff1ee0cf08" + + "64101ba287baba8b50ffdc437671e0cc64fd56e60d50db2aaefcc9c847414fca" + + "402d7e55e6ff58b901cfdf30cdb2b9aa165405a6e09eb3b199372b0413f43eef" + + "7ba80c7a8f2a51b92254cda91b68f86e725a63d21eb8fa1af733b8b2fc8db708" + + "3274f74627274a2f4481dacbd3a5153c8a7bbd573305681dab08a5a7b1137cf4" + + "e0a2b1b8f4f042a59219809fe756af513eab0e516226e7bc3ceb81b217fae92e" + + "8ae21fa649a9c22e06a674eaa50417dbc6a00d9f753b8e8c08ac066f4e77ab17" + + "b3f745772f286895d2ded5227a6826a0a0ae1614a1bdf9bde726c7c6ea1cf188" + + "334f037bfaad31baf4ce5cd8552fa82054c1002d32b22249b3d42da462725644" + + "9e46d7a0e4bbd3be1a048198afbbe1473d36a8cab276c4b000fb299976e7f30f" + + "c9cb466a2333f4b9a3f1aa92414cafd45a1de6c48d104835979a8e8381506e40" + + "5dd8af815dfc4b1001df062593e0bad41c2009efa00066d87a8eeb4bc46ece43" + + "6d59a536ffb519e66daca417775b43c69847ce45f5063a2001cfcac1aed7566b" + + "cf9cb2ffb1c40033defa93372e58c31be5bc715dda8d1d71231fb14c3d3bc1a5" + + "aace918310b8b9d6759e6dd574495e78d36d2ede72bbde11098944ab5443e430" + + "00318df0c8dbdc2f09164e96bb474731f6ee").HexToByteArray(); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj index b8291963b5a33..416549d442df4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj @@ -77,4 +77,7 @@ + + + From 02eb28a41161a9d9fbda9300c88a499d9ac75a05 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 23 Dec 2022 14:10:20 -0500 Subject: [PATCH 2/5] Tests are not applicable for .NET Framework --- .../tests/SignedCms/SignedCmsTests.cs | 75 ------------------- .../SignedCms/SignedCmsTests.netcoreapp.cs | 75 +++++++++++++++++++ ...em.Security.Cryptography.Pkcs.Tests.csproj | 3 - 3 files changed, 75 insertions(+), 78 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index a7154ef9b2057..c89cfa54bb8c2 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1,7 +1,6 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. -using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.Xml; @@ -1612,49 +1611,6 @@ public static void Decode_CanDecodeWithAttributeCertificate() cms.CheckSignature(verifySignatureOnly: true); } - [Fact] - public static void AddCertificate_CollectionContainsAttributeCertificate() - { - SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - signedCms.CheckSignature(true); - - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - int certCount = signedCms.Certificates.Count; - - using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) - { - CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); - - using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) - { - signedCms.AddCertificate(cert); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore + 1, countAfter); - - signedCms = new SignedCms(); - signedCms.Decode(reEncoded); - signedCms.CheckSignature(true); - } - } - } - - [Fact] - public static void RemoveCertificate_CollectionContainsAttributeCertificate() - { - SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - - signedCms.RemoveCertificate(signedCms.Certificates[0]); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore - 1, countAfter); - } - private static void CheckNoSignature(byte[] encoded, bool badOid=false) { SignedCms cms = new SignedCms(); @@ -1674,36 +1630,5 @@ private static void CheckNoSignature(byte[] encoded, bool badOid=false) cms.CheckHash(); } } - - public static int CountCertificateChoices(byte[] encoded) - { - AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); - reader = reader.ReadSequence(); - reader.ReadObjectIdentifier(); - reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); - reader = reader.ReadSequence(); - - reader.ReadInteger(); // version - reader.ReadSetOf(); // digestAlgorithms - reader.ReadSequence(); // encapsulatedContentInfo - - Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] - - if (reader.PeekTag() == expectedTag) - { - AsnReader certs = reader.ReadSetOf(expectedTag); - int count = 0; - - while (certs.HasData) - { - certs.ReadEncodedValue(); - count++; - } - - return count; - } - - return 0; - } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index cfa17458204e5..60f5f3824d0b4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Collections.Generic; +using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using Test.Cryptography; @@ -479,6 +480,49 @@ public static void CreateSignature_DigestAlgorithmWithSignatureOid_Prohibited() } } + [Fact] + public static void AddCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.CheckSignature(true); + + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + int certCount = signedCms.Certificates.Count; + + using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + { + CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); + + using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) + { + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); + + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); + } + } + } + + [Fact] + public static void RemoveCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + + signedCms.RemoveCertificate(signedCms.Certificates[0]); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore - 1, countAfter); + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData)) @@ -539,5 +583,36 @@ private static void VerifyCounterSignatureWithExplicitPrivateKey(X509Certificate Assert.Equal(counterSignerPubCert, cms.SignerInfos[0].CounterSignerInfos[0].Certificate); } } + + private static int CountCertificateChoices(byte[] encoded) + { + AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); + reader = reader.ReadSequence(); + reader.ReadObjectIdentifier(); + reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); + reader = reader.ReadSequence(); + + reader.ReadInteger(); // version + reader.ReadSetOf(); // digestAlgorithms + reader.ReadSequence(); // encapsulatedContentInfo + + Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] + + if (reader.PeekTag() == expectedTag) + { + AsnReader certs = reader.ReadSetOf(expectedTag); + int count = 0; + + while (certs.HasData) + { + certs.ReadEncodedValue(); + count++; + } + + return count; + } + + return 0; + } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj index 416549d442df4..b8291963b5a33 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj @@ -77,7 +77,4 @@ - - - From 98f5ed18e4411794587fc671efeaa81418084cda Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 30 Dec 2022 15:32:39 -0500 Subject: [PATCH 3/5] Clean up tests --- .../SignedCms/SignedCmsTests.netcoreapp.cs | 50 +++-- .../tests/SignedCms/SignedDocuments.cs | 189 ------------------ 2 files changed, 28 insertions(+), 211 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 60f5f3824d0b4..3cda9a1c865ec 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -484,38 +484,30 @@ public static void CreateSignature_DigestAlgorithmWithSignatureOid_Prohibited() public static void AddCertificate_CollectionContainsAttributeCertificate() { SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); signedCms.CheckSignature(true); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - int certCount = signedCms.Certificates.Count; + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); - using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.GetCertificate()) { - CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); - - using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) - { - signedCms.AddCertificate(cert); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore + 1, countAfter); - - signedCms = new SignedCms(); - signedCms.Decode(reEncoded); - signedCms.CheckSignature(true); - } + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); + + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); } } [Fact] - public static void RemoveCertificate_CollectionContainsAttributeCertificate() + public static void RemoveCertificate_Existing_CollectionContainsAttributeCertificate() { SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); signedCms.RemoveCertificate(signedCms.Certificates[0]); byte[] reEncoded = signedCms.Encode(); @@ -523,6 +515,20 @@ public static void RemoveCertificate_CollectionContainsAttributeCertificate() Assert.Equal(countBefore - 1, countAfter); } + [Fact] + public static void RemoveCertificate_NonExisting_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.GetCertificate()) + { + // Remove a non-existing certificate so that we are forced to enumerate the entire 'certificates[0]' + // collection (including attribute certificates) looking for it. + Assert.Throws(() => signedCms.RemoveCertificate(cert)); + } + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData)) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs index 83a8aa4da9ae9..cce3114824794 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs @@ -1626,194 +1626,5 @@ internal static class SignedDocuments "6AB46C76047604BA7DF071EE0137B73F4D9DF616095C8F1CA9EB925B6D4C6ABC" + "FFEB73A81903169C6B487B316AFC951F696831A4B29B9ABCEA7EBCD243A553D2" + "F8B44FDA1B0AC0").HexToByteArray(); - - internal static readonly byte[] CmsWithAttributeCertificate = ( - "3082174e06092a864886f70d010702a082173f3082173b020103310f300d0609" + - "608648016503040201050030820161060b2a864886f70d0109100104a0820150" + - "0482014c30820148020101060a2b0601040184590a03013031300d0609608648" + - "01650304020105000420dffd6021bb2bd5b0af676290809ec3a53191dd81c7f7" + - "0a4b28688a362182986f020663a04d30704d1813323032323132323331343430" + - "34302e3133375a3004800201f4a081e0a481dd3081da310b3009060355040613" + - "025553311330110603550408130a57617368696e67746f6e3110300e06035504" + - "0713075265646d6f6e64311e301c060355040a13154d6963726f736f66742043" + - "6f72706f726174696f6e31253023060355040b131c4d6963726f736f66742041" + - "6d6572696361204f7065726174696f6e7331263024060355040b131d5468616c" + - "6573205453532045534e3a424237332d393646442d3737454631353033060355" + - "0403132c4d6963726f736f6674205075626c6963205253412054696d65205374" + - "616d70696e6720417574686f72697479a08211e6308207823082056aa0030201" + - "0202133300000005e5cf0fff662ec987000000000005300d06092a864886f70d" + - "01010c05003077310b3009060355040613025553311e301c060355040a13154d" + - "6963726f736f667420436f72706f726174696f6e314830460603550403133f4d" + - "6963726f736f6674204964656e7469747920566572696669636174696f6e2052" + - "6f6f7420436572746966696361746520417574686f726974792032303230301e" + - "170d3230313131393230333233315a170d3335313131393230343233315a3061" + - "310b3009060355040613025553311e301c060355040a13154d6963726f736f66" + - "7420436f72706f726174696f6e31323030060355040313294d6963726f736f66" + - "74205075626c6963205253412054696d657374616d70696e6720434120323032" + - "3030820222300d06092a864886f70d01010105000382020f003082020a028202" + - "01009e7ce75263fde0c59f057d63b50622a31c1ed7e79733d11305bd65464777" + - "91c15d706f7fb2ab43970c4aa1521c6aa0dbfa89858a8e431c2e1105c6f24078" + - "d70b0324fe5dd3398b60a018f19c6fde5624b8b0ec7ccb8812abc660e3d44401" + - "fe61b9784891044a7b7431b3c4a0a74d8a1c0ce711afd2b1a87c9d6a39849335" + - "c739e446c14fbbaadf0c7799786d566b5c084af964a4e428a1350b166f34f59d" + - "1962543c2e9ee2e45f58722165c802b09faca337f911e1f92ab9459f1a6328a4" + - "dabf07c53fa5da199196506f1365a893a20468025a9c7af6e2aa2a14cf562de0" + - "544ae773faa2f9d47c036322033d243749e1ed2a883466e6c39388442d04b19d" + - "f5585dd4c69dc6819c1eb442b12e6b3bdca1bf67e3247ae6950d042179a9e038" + - "4306278a50647e799e02344ddcb56e2ebd20d055e4a9f61d5268f57c51611fc9" + - "3c601a33ac46979ec48bde47530f4d57fb82df2163ae1734f3ba8b2506b0482d" + - "f1cd8fc45f3b13e08eec0dbc4e98cdab978b8a2ba784a6ead176e390da14e498" + - "6d614ae59806e9c518dbf6d4ab78376d002a66deb929c69ec04277672344a1bb" + - "f7e4d7fac4de85ac0ea317de38efe347bc28de58b09067733c9607827279e14c" + - "5b72417dd7802a1ce88457bc539c3d5aebdc3f513c708c4ba0a483cc20813aed" + - "2159d8f328dbbc6394b007596de5d421001632cd1dddc443bf4f52bf055177ad" + - "5ebd0203010001a382021b30820217300e0603551d0f0101ff04040302018630" + - "1006092b06010401823715010403020100301d0603551d0e041604146b69283a" + - "352f486340cf7bd8af49e93ed93ddb2130540603551d20044d304b3049060455" + - "1d20003041303f06082b060105050702011633687474703a2f2f7777772e6d69" + - "63726f736f66742e636f6d2f706b696f70732f446f63732f5265706f7369746f" + - "72792e68746d30130603551d25040c300a06082b06010505070308301906092b" + - "0601040182371402040c1e0a00530075006200430041300f0603551d130101ff" + - "040530030101ff301f0603551d23041830168014c87ed26a852a1bca19980407" + - "27cf50104f68a8a23081840603551d1f047d307b3079a077a075867368747470" + - "3a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f" + - "4d6963726f736f66742532304964656e74697479253230566572696669636174" + - "696f6e253230526f6f742532304365727469666963617465253230417574686f" + - "72697479253230323032302e63726c30819406082b0601050507010104818730" + - "818430818106082b060105050730028675687474703a2f2f7777772e6d696372" + - "6f736f66742e636f6d2f706b696f70732f63657274732f4d6963726f736f6674" + - "2532304964656e74697479253230566572696669636174696f6e253230526f6f" + - "742532304365727469666963617465253230417574686f726974792532303230" + - "32302e637274300d06092a864886f70d01010c050003820201005f8876c77e6d" + - "b55a1575e74c7868fa4ee1d844992515a5b8b13439afe93bee207bf5c48b35ef" + - "86cd18efe2956326f89c796e8017ac9c5a81184742d885a6b4a3324b539622f8" + - "b0a672b768be4979dc336de045ecf3b283a2061bf5e1849dd4a967964cef82cd" + - "bd5cd8d3f9cf2121f3d17bdaef54230f887ef33d9730e67363b610d0fb30f9eb" + - "72359d427acb9f536d75acbb252cab0ef05d9a06cd9c228d64f9a1ce86bc3dc7" + - "0e8909638d35ba19e3dee6c185b911f3745b7ccbe6cdda7785ed9bbc8533b523" + - "ae17346aacb7c4bec3e4547627bc7d70b58cabb79bd28622a1786a576b6016a6" + - "ca1de0e2724f8ff2d1d8205a2f20fed81b86642566a0d47f752a510b1968b748" + - "bbf5d28e0a19a838da9b308f26d38b8b6841c0bf8ab0287435bc1cdb57f9c6f3" + - "d2c329b4524af8a39b0270c51c4b2e9310feee315f115f4787ff824b1291b269" + - "ee8a8bc258839bf87ec34689fd4e5c72762161beef3ca34c37e4990d6c9c5393" + - "832117f2a06979f41b1747f1e9446b6226ab8e6069af03fa64e6f0b595c9db78" + - "cadc583ff6ea8cde3d0fd359f3572813a6905a6f3c4f021fe11e1865b3a930a3" + - "740b27a368f34de352c65c778250c626071dcf90ff000c70f52760abffab63b8" + - "e382ced7e9fa8f4d73e66820092951c03f5f681232480700f52f21db684801c4" + - "50a881848e89422bd17a9caf59c97e2586d86c187ba668005d5b308207963082" + - "057ea00302010202133300000020b001af2f87675c8b000000000020300d0609" + - "2a864886f70d01010c05003061310b3009060355040613025553311e301c0603" + - "55040a13154d6963726f736f667420436f72706f726174696f6e313230300603" + - "55040313294d6963726f736f6674205075626c6963205253412054696d657374" + - "616d70696e672043412032303230301e170d3232303730373138333732355a17" + - "0d3233303730373138333732355a3081da310b30090603550406130255533113" + - "30110603550408130a57617368696e67746f6e3110300e060355040713075265" + - "646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f72" + - "6174696f6e31253023060355040b131c4d6963726f736f667420416d65726963" + - "61204f7065726174696f6e7331263024060355040b131d5468616c6573205453" + - "532045534e3a424237332d393646442d37374546313530330603550403132c4d" + - "6963726f736f6674205075626c6963205253412054696d65205374616d70696e" + - "6720417574686f7269747930820222300d06092a864886f70d01010105000382" + - "020f003082020a028202010097eb0cf8c8029c1a4123dd594c6e00d8afe06644" + - "da86c76d821dd4b437aca798906da023ad208e467fafdd60424f8c1899b01f7c" + - "989b0b7b59eef74d99799740f92395d64d9e44e6c35320bd89562c5cd40a1059" + - "da37ff452790bd04c259d7798fb40630f81cb9ab39de3411299121b11cc9214f" + - "0d30c954a387c077d9426bc0b58749b7301821de54d42d87f47633f2ef0facaa" + - "267cd64d453599e13388812426a7cc2a772e41fbdceb71c6c815bc0782b98e50" + - "1a35649fc29ec6bb6d98d7217776b4a914ec1bacbb6d0a937eeb998b6300f782" + - "b5fdc0c5378f56ebb221fc5e8726cf542bbc0116186e1da016fd60c6456bdd60" + - "3fcfd476a2ed2662d8565a4a18df134ca6a0c5a17ee8d902e22f04b4299b697c" + - "6475dd0f9977fd3f1b09b59409f1e66f62df74b6bff626890e53efc7e7a435cd" + - "575081fa6dfd68badda8592044fe1fbc8beb9a1e79a3fa2508af74f736b0314b" + - "ac231b8a8d9cc8868a547e66089ed821a40aea030d7e25bc21e863d81e13b938" + - "9aa4cddba2ec4423614ef9ef4843e9017cf6f74bc9971db7624b6c0100a22f15" + - "bf6a7ba47ace7f7926c13875247cc49b88a45f02bb9705388e940a9024456460" + - "75e0a007e0d421a736546ec9e8705dc548774aaa1ba35201b566f7d04a70b9bf" + - "86312bbbd35dd6bf7d51c501efe555e4d685dda7870922a4c41a9536b97c664c" + - "42136c81a910098ef12f23790203010001a38201cb308201c7301d0603551d0e" + - "04160414b8420c5a3a4a34ef5498a0d88df07070f3bba7a5301f0603551d2304" + - "18301680146b69283a352f486340cf7bd8af49e93ed93ddb21306c0603551d1f" + - "046530633061a05fa05d865b687474703a2f2f7777772e6d6963726f736f6674" + - "2e636f6d2f706b696f70732f63726c2f4d6963726f736f66742532305075626c" + - "696325323052534125323054696d657374616d70696e67253230434125323032" + - "3032302e63726c307906082b06010505070101046d306b306906082b06010505" + - "073002865d687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b" + - "696f70732f63657274732f4d6963726f736f66742532305075626c6963253230" + - "52534125323054696d657374616d70696e672532304341253230323032302e63" + - "7274300c0603551d130101ff0402300030160603551d250101ff040c300a0608" + - "2b06010505070308300e0603551d0f0101ff04040302078030660603551d2004" + - "5f305d3051060c2b0601040182374c837d01013041303f06082b060105050702" + - "011633687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f" + - "70732f446f63732f5265706f7369746f72792e68746d3008060667810c010402" + - "300d06092a864886f70d01010c050003820201003e041f26747dbe76f22adc0d" + - "e56aa190c6c9937af491ef40a80098131f143214749d2688be45c99b6f8ddc6a" + - "0f2d93cfe974bf898777e5fa1c7dcecea3c2ea4a9f1f490d620d6873b53300b5" + - "197c01d4a1c709a0a462684e425b9ecb1358cf083c03fff797dc46f131066429" + - "de68aa9cbe560e778d77bac22008dc2d5106014a63d8c749d38c661dadadaae4" + - "27e82bd5b9316bdd98b765f8056a931b8ed14a6fa21ebc92ddb27d09f6a5ff12" + - "437d8edccfc7efba52e13ff0cf849097569c5ac5d8d4025af968b356bd79514d" + - "c12cf4ad4003c20e722e13968fb90ea37798a9c1916de9d1e53c38ad0b37e247" + - "6abcd607c2ab085d876857cf6fda8c1c52a1ddbbea33ba24293769ded15b40e9" + - "d8cfa7e63735637e5857f10a56284efc7dde724ac4a155860b298a5ecdd74f79" + - "289140a99492f21a66e8b4d0b1f99bdf488e3cfaebaf642f7eac022a06676a2d" + - "0b1e027f475f2baf2c0831b12f78b0ca01aaf4ead628cab94f0b14aa5efaeb87" + - "82fca84bd590bca0dfe8bb2a58cb3b740a0ee006a25c7279dcc3371d45b6e610" + - "fd9a03a25d0e3f4b0c75cd30d8d7db4791b00a49291b5cf59b6861bb966a1b84" + - "3b26700d8afe9afb3f54b20f076e9b629bedbe6fc1384532e39cec71c9026373" + - "77e884c5dc801bbc6d9577d47d90aaedd087337e7d1f24107971aaeb42e32499" + - "c499083fd610892d18bfe9a5e1b3979fd7507269a18202c23082022b02010130" + - "820108a181e0a481dd3081da310b300906035504061302555331133011060355" + - "0408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64" + - "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + - "31253023060355040b131c4d6963726f736f667420416d6572696361204f7065" + - "726174696f6e7331263024060355040b131d5468616c6573205453532045534e" + - "3a424237332d393646442d37374546313530330603550403132c4d6963726f73" + - "6f6674205075626c6963205253412054696d65205374616d70696e6720417574" + - "686f72697479a2230a0101300706052b0e03021a031500713fd5ca3151c27d82" + - "dff783846024d47dc89c92a0673065a4633061310b3009060355040613025553" + - "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + - "31323030060355040313294d6963726f736f6674205075626c69632052534120" + - "54696d657374616d70696e672043412032303230300d06092a864886f70d0101" + - "050500020500e75011b13022180f32303232313232333139333832355a180f32" + - "303232313232343139333832355a3077303d060a2b0601040184590a0401312f" + - "302d300a020500e75011b1020100300a020100020225a40201ff300702010002" + - "02103e300a020500e75163310201003036060a2b0601040184590a0402312830" + - "26300c060a2b0601040184590a0302a00a3008020100020307a120a10a300802" + - "010002030186a0300d06092a864886f70d01010505000381810089add4c4e06d" + - "5a634850da6fb8197070157501212b7669e5bd48eeb2de5b1d24d58fada655da" + - "ad85a1943bdcbf1a33c3ee3c8b6c2f9ba8873d2c449d447e1f43c4245fe9172e" + - "e5eab38442cf2eb81655486628db01452be945340eebd855a64e29181a4f578d" + - "f9cc14d02b6f1b3da3d41595463fe96a0ce961245201ae0ef664318203d43082" + - "03d002010130783061310b3009060355040613025553311e301c060355040a13" + - "154d6963726f736f667420436f72706f726174696f6e31323030060355040313" + - "294d6963726f736f6674205075626c6963205253412054696d657374616d7069" + - "6e67204341203230323002133300000020b001af2f87675c8b00000000002030" + - "0d06096086480165030402010500a082012d301a06092a864886f70d01090331" + - "0d060b2a864886f70d0109100104302f06092a864886f70d0109043122042015" + - "6a9c3cbbc59a83b57308b9ff5783c4f4af776cc3fe5291f086313f5aede03730" + - "81dd060b2a864886f70d010910022f3181cd3081ca3081c73081a00420586284" + - "fbd9a5cb98871b82c01557d1349c0fed98d9bcfcf3daa3c6b9c1e3f444307c30" + - "65a4633061310b3009060355040613025553311e301c060355040a13154d6963" + - "726f736f667420436f72706f726174696f6e31323030060355040313294d6963" + - "726f736f6674205075626c6963205253412054696d657374616d70696e672043" + - "41203230323002133300000020b001af2f87675c8b0000000000203022042047" + - "6a414df916ea44c176dfe014b74b7a722f3d3ab504771bc5907f76f1426dd330" + - "0d06092a864886f70d01010b050004820200269d12401fb57ddf9907e7679898" + - "e234e19c3eb32b3116ed721f6dafa61d6b71b0257d1b2b435bce97ff1ee0cf08" + - "64101ba287baba8b50ffdc437671e0cc64fd56e60d50db2aaefcc9c847414fca" + - "402d7e55e6ff58b901cfdf30cdb2b9aa165405a6e09eb3b199372b0413f43eef" + - "7ba80c7a8f2a51b92254cda91b68f86e725a63d21eb8fa1af733b8b2fc8db708" + - "3274f74627274a2f4481dacbd3a5153c8a7bbd573305681dab08a5a7b1137cf4" + - "e0a2b1b8f4f042a59219809fe756af513eab0e516226e7bc3ceb81b217fae92e" + - "8ae21fa649a9c22e06a674eaa50417dbc6a00d9f753b8e8c08ac066f4e77ab17" + - "b3f745772f286895d2ded5227a6826a0a0ae1614a1bdf9bde726c7c6ea1cf188" + - "334f037bfaad31baf4ce5cd8552fa82054c1002d32b22249b3d42da462725644" + - "9e46d7a0e4bbd3be1a048198afbbe1473d36a8cab276c4b000fb299976e7f30f" + - "c9cb466a2333f4b9a3f1aa92414cafd45a1de6c48d104835979a8e8381506e40" + - "5dd8af815dfc4b1001df062593e0bad41c2009efa00066d87a8eeb4bc46ece43" + - "6d59a536ffb519e66daca417775b43c69847ce45f5063a2001cfcac1aed7566b" + - "cf9cb2ffb1c40033defa93372e58c31be5bc715dda8d1d71231fb14c3d3bc1a5" + - "aace918310b8b9d6759e6dd574495e78d36d2ede72bbde11098944ab5443e430" + - "00318df0c8dbdc2f09164e96bb474731f6ee").HexToByteArray(); } } From f361ff89fcb5f9af8f440ec2f4a2cd49bf10b1eb Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Wed, 4 Jan 2023 17:30:40 -0500 Subject: [PATCH 4/5] Update package for servicing --- .../src/System.Security.Cryptography.Pkcs.csproj | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj index abdc464da8efa..122d141eba6f7 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj @@ -6,7 +6,8 @@ enable $(NetCoreAppCurrent)-windows;$(NetCoreAppCurrent);netcoreapp3.1-windows;netcoreapp3.1;netstandard2.1-windows;netstandard2.1;netstandard2.0-windows;netstandard2.0;net461-windows true - 1 + true + 2 Provides support for PKCS and CMS algorithms. Commonly Used Types: From 4313a59a6de619c773f65f043144c943a24817ed Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Wed, 4 Jan 2023 17:19:59 -0500 Subject: [PATCH 5/5] Add tests for Compute{Counter}Signature with attribute certificates --- .../SignedCms/SignedCmsTests.netcoreapp.cs | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 3cda9a1c865ec..4fbce727908ae 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -529,6 +529,43 @@ public static void RemoveCertificate_NonExisting_CollectionContainsAttributeCert } } + [Fact] + public static void ComputeCounterSignature_PreservesAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) + { + CmsSigner signer = new CmsSigner(cert); + SignerInfo info = signedCms.SignerInfos[0]; + info.ComputeCounterSignature(signer); + } + + byte[] encoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(encoded); + Assert.Equal(countBefore + 1, countAfter); + } + + [Fact] + public static void ComputeSignature_PreservesAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) + { + CmsSigner signer = new CmsSigner(cert); + signedCms.ComputeSignature(signer); + } + + byte[] encoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(encoded); + Assert.Equal(countBefore + 1, countAfter); + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData))