From 5ebd26531333eb4a36022e8ab10e670b4a76b1a1 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 23 Dec 2022 13:34:13 -0500 Subject: [PATCH 1/5] Fix SignedCms certificate collection modification with attribute certificates. When adding or removing certificates from the certificateSet collection, we assumed that the collection would only contain X.509 certificates. This changes the implementation so that when looking for duplicates, we skip over choices that are not an X.509 certificate when looking for a duplicate. The tests peek in to the SignedData ASN.1 to ensure that the attribute certificates are preserved during a round trip when encoding and decoding a CMS. --- .../Security/Cryptography/Pkcs/SignedCms.cs | 4 +- .../tests/SignedCms/SignedCmsTests.cs | 75 +++++++ .../tests/SignedCms/SignedDocuments.cs | 189 ++++++++++++++++++ ...em.Security.Cryptography.Pkcs.Tests.csproj | 3 + 4 files changed, 269 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs index 8a88fb2b482bee..0b0700d2658410 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs @@ -686,7 +686,7 @@ public void AddCertificate(X509Certificate2 certificate) { foreach (CertificateChoiceAsn cert in _signedData.CertificateSet!) { - if (cert.Certificate!.Value.Span.SequenceEqual(rawData)) + if (cert.Certificate is not null && cert.Certificate.Value.Span.SequenceEqual(rawData)) { throw new CryptographicException(SR.Cryptography_Cms_CertificateAlreadyInCollection); } @@ -721,7 +721,7 @@ public void RemoveCertificate(X509Certificate2 certificate) foreach (CertificateChoiceAsn cert in _signedData.CertificateSet!) { - if (cert.Certificate!.Value.Span.SequenceEqual(rawData)) + if (cert.Certificate is not null && cert.Certificate.Value.Span.SequenceEqual(rawData)) { PkcsHelpers.RemoveAt(ref _signedData.CertificateSet, idx); Reencode(); diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 7eee42aa5db719..8a7793942f654f 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1,6 +1,7 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.Xml; @@ -1611,6 +1612,49 @@ public static void Decode_CanDecodeWithAttributeCertificate() cms.CheckSignature(verifySignatureOnly: true); } + [Fact] + public static void AddCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.CheckSignature(true); + + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + int certCount = signedCms.Certificates.Count; + + using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + { + CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); + + using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) + { + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); + + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); + } + } + } + + [Fact] + public static void RemoveCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + + signedCms.RemoveCertificate(signedCms.Certificates[0]); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore - 1, countAfter); + } + private static void CheckNoSignature(byte[] encoded, bool badOid=false) { SignedCms cms = new SignedCms(); @@ -1630,5 +1674,36 @@ private static void CheckNoSignature(byte[] encoded, bool badOid=false) cms.CheckHash(); } } + + public static int CountCertificateChoices(byte[] encoded) + { + AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); + reader = reader.ReadSequence(); + reader.ReadObjectIdentifier(); + reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); + reader = reader.ReadSequence(); + + reader.ReadInteger(); // version + reader.ReadSetOf(); // digestAlgorithms + reader.ReadSequence(); // encapsulatedContentInfo + + Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] + + if (reader.PeekTag() == expectedTag) + { + AsnReader certs = reader.ReadSetOf(expectedTag); + int count = 0; + + while (certs.HasData) + { + certs.ReadEncodedValue(); + count++; + } + + return count; + } + + return 0; + } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs index cce3114824794e..83a8aa4da9ae98 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs @@ -1626,5 +1626,194 @@ internal static class SignedDocuments "6AB46C76047604BA7DF071EE0137B73F4D9DF616095C8F1CA9EB925B6D4C6ABC" + "FFEB73A81903169C6B487B316AFC951F696831A4B29B9ABCEA7EBCD243A553D2" + "F8B44FDA1B0AC0").HexToByteArray(); + + internal static readonly byte[] CmsWithAttributeCertificate = ( + "3082174e06092a864886f70d010702a082173f3082173b020103310f300d0609" + + "608648016503040201050030820161060b2a864886f70d0109100104a0820150" + + "0482014c30820148020101060a2b0601040184590a03013031300d0609608648" + + "01650304020105000420dffd6021bb2bd5b0af676290809ec3a53191dd81c7f7" + + "0a4b28688a362182986f020663a04d30704d1813323032323132323331343430" + + "34302e3133375a3004800201f4a081e0a481dd3081da310b3009060355040613" + + "025553311330110603550408130a57617368696e67746f6e3110300e06035504" + + "0713075265646d6f6e64311e301c060355040a13154d6963726f736f66742043" + + "6f72706f726174696f6e31253023060355040b131c4d6963726f736f66742041" + + "6d6572696361204f7065726174696f6e7331263024060355040b131d5468616c" + + "6573205453532045534e3a424237332d393646442d3737454631353033060355" + + "0403132c4d6963726f736f6674205075626c6963205253412054696d65205374" + + "616d70696e6720417574686f72697479a08211e6308207823082056aa0030201" + + "0202133300000005e5cf0fff662ec987000000000005300d06092a864886f70d" + + "01010c05003077310b3009060355040613025553311e301c060355040a13154d" + + "6963726f736f667420436f72706f726174696f6e314830460603550403133f4d" + + "6963726f736f6674204964656e7469747920566572696669636174696f6e2052" + + "6f6f7420436572746966696361746520417574686f726974792032303230301e" + + "170d3230313131393230333233315a170d3335313131393230343233315a3061" + + "310b3009060355040613025553311e301c060355040a13154d6963726f736f66" + + "7420436f72706f726174696f6e31323030060355040313294d6963726f736f66" + + "74205075626c6963205253412054696d657374616d70696e6720434120323032" + + "3030820222300d06092a864886f70d01010105000382020f003082020a028202" + + "01009e7ce75263fde0c59f057d63b50622a31c1ed7e79733d11305bd65464777" + + "91c15d706f7fb2ab43970c4aa1521c6aa0dbfa89858a8e431c2e1105c6f24078" + + "d70b0324fe5dd3398b60a018f19c6fde5624b8b0ec7ccb8812abc660e3d44401" + + "fe61b9784891044a7b7431b3c4a0a74d8a1c0ce711afd2b1a87c9d6a39849335" + + "c739e446c14fbbaadf0c7799786d566b5c084af964a4e428a1350b166f34f59d" + + "1962543c2e9ee2e45f58722165c802b09faca337f911e1f92ab9459f1a6328a4" + + "dabf07c53fa5da199196506f1365a893a20468025a9c7af6e2aa2a14cf562de0" + + "544ae773faa2f9d47c036322033d243749e1ed2a883466e6c39388442d04b19d" + + "f5585dd4c69dc6819c1eb442b12e6b3bdca1bf67e3247ae6950d042179a9e038" + + "4306278a50647e799e02344ddcb56e2ebd20d055e4a9f61d5268f57c51611fc9" + + "3c601a33ac46979ec48bde47530f4d57fb82df2163ae1734f3ba8b2506b0482d" + + "f1cd8fc45f3b13e08eec0dbc4e98cdab978b8a2ba784a6ead176e390da14e498" + + "6d614ae59806e9c518dbf6d4ab78376d002a66deb929c69ec04277672344a1bb" + + "f7e4d7fac4de85ac0ea317de38efe347bc28de58b09067733c9607827279e14c" + + "5b72417dd7802a1ce88457bc539c3d5aebdc3f513c708c4ba0a483cc20813aed" + + "2159d8f328dbbc6394b007596de5d421001632cd1dddc443bf4f52bf055177ad" + + "5ebd0203010001a382021b30820217300e0603551d0f0101ff04040302018630" + + "1006092b06010401823715010403020100301d0603551d0e041604146b69283a" + + "352f486340cf7bd8af49e93ed93ddb2130540603551d20044d304b3049060455" + + "1d20003041303f06082b060105050702011633687474703a2f2f7777772e6d69" + + "63726f736f66742e636f6d2f706b696f70732f446f63732f5265706f7369746f" + + "72792e68746d30130603551d25040c300a06082b06010505070308301906092b" + + "0601040182371402040c1e0a00530075006200430041300f0603551d130101ff" + + "040530030101ff301f0603551d23041830168014c87ed26a852a1bca19980407" + + "27cf50104f68a8a23081840603551d1f047d307b3079a077a075867368747470" + + "3a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f" + + "4d6963726f736f66742532304964656e74697479253230566572696669636174" + + "696f6e253230526f6f742532304365727469666963617465253230417574686f" + + "72697479253230323032302e63726c30819406082b0601050507010104818730" + + "818430818106082b060105050730028675687474703a2f2f7777772e6d696372" + + "6f736f66742e636f6d2f706b696f70732f63657274732f4d6963726f736f6674" + + "2532304964656e74697479253230566572696669636174696f6e253230526f6f" + + "742532304365727469666963617465253230417574686f726974792532303230" + + "32302e637274300d06092a864886f70d01010c050003820201005f8876c77e6d" + + "b55a1575e74c7868fa4ee1d844992515a5b8b13439afe93bee207bf5c48b35ef" + + "86cd18efe2956326f89c796e8017ac9c5a81184742d885a6b4a3324b539622f8" + + "b0a672b768be4979dc336de045ecf3b283a2061bf5e1849dd4a967964cef82cd" + + "bd5cd8d3f9cf2121f3d17bdaef54230f887ef33d9730e67363b610d0fb30f9eb" + + "72359d427acb9f536d75acbb252cab0ef05d9a06cd9c228d64f9a1ce86bc3dc7" + + "0e8909638d35ba19e3dee6c185b911f3745b7ccbe6cdda7785ed9bbc8533b523" + + "ae17346aacb7c4bec3e4547627bc7d70b58cabb79bd28622a1786a576b6016a6" + + "ca1de0e2724f8ff2d1d8205a2f20fed81b86642566a0d47f752a510b1968b748" + + "bbf5d28e0a19a838da9b308f26d38b8b6841c0bf8ab0287435bc1cdb57f9c6f3" + + "d2c329b4524af8a39b0270c51c4b2e9310feee315f115f4787ff824b1291b269" + + "ee8a8bc258839bf87ec34689fd4e5c72762161beef3ca34c37e4990d6c9c5393" + + "832117f2a06979f41b1747f1e9446b6226ab8e6069af03fa64e6f0b595c9db78" + + "cadc583ff6ea8cde3d0fd359f3572813a6905a6f3c4f021fe11e1865b3a930a3" + + "740b27a368f34de352c65c778250c626071dcf90ff000c70f52760abffab63b8" + + "e382ced7e9fa8f4d73e66820092951c03f5f681232480700f52f21db684801c4" + + "50a881848e89422bd17a9caf59c97e2586d86c187ba668005d5b308207963082" + + "057ea00302010202133300000020b001af2f87675c8b000000000020300d0609" + + "2a864886f70d01010c05003061310b3009060355040613025553311e301c0603" + + "55040a13154d6963726f736f667420436f72706f726174696f6e313230300603" + + "55040313294d6963726f736f6674205075626c6963205253412054696d657374" + + "616d70696e672043412032303230301e170d3232303730373138333732355a17" + + "0d3233303730373138333732355a3081da310b30090603550406130255533113" + + "30110603550408130a57617368696e67746f6e3110300e060355040713075265" + + "646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f72" + + "6174696f6e31253023060355040b131c4d6963726f736f667420416d65726963" + + "61204f7065726174696f6e7331263024060355040b131d5468616c6573205453" + + "532045534e3a424237332d393646442d37374546313530330603550403132c4d" + + "6963726f736f6674205075626c6963205253412054696d65205374616d70696e" + + "6720417574686f7269747930820222300d06092a864886f70d01010105000382" + + "020f003082020a028202010097eb0cf8c8029c1a4123dd594c6e00d8afe06644" + + "da86c76d821dd4b437aca798906da023ad208e467fafdd60424f8c1899b01f7c" + + "989b0b7b59eef74d99799740f92395d64d9e44e6c35320bd89562c5cd40a1059" + + "da37ff452790bd04c259d7798fb40630f81cb9ab39de3411299121b11cc9214f" + + "0d30c954a387c077d9426bc0b58749b7301821de54d42d87f47633f2ef0facaa" + + "267cd64d453599e13388812426a7cc2a772e41fbdceb71c6c815bc0782b98e50" + + "1a35649fc29ec6bb6d98d7217776b4a914ec1bacbb6d0a937eeb998b6300f782" + + "b5fdc0c5378f56ebb221fc5e8726cf542bbc0116186e1da016fd60c6456bdd60" + + "3fcfd476a2ed2662d8565a4a18df134ca6a0c5a17ee8d902e22f04b4299b697c" + + "6475dd0f9977fd3f1b09b59409f1e66f62df74b6bff626890e53efc7e7a435cd" + + "575081fa6dfd68badda8592044fe1fbc8beb9a1e79a3fa2508af74f736b0314b" + + "ac231b8a8d9cc8868a547e66089ed821a40aea030d7e25bc21e863d81e13b938" + + "9aa4cddba2ec4423614ef9ef4843e9017cf6f74bc9971db7624b6c0100a22f15" + + "bf6a7ba47ace7f7926c13875247cc49b88a45f02bb9705388e940a9024456460" + + "75e0a007e0d421a736546ec9e8705dc548774aaa1ba35201b566f7d04a70b9bf" + + "86312bbbd35dd6bf7d51c501efe555e4d685dda7870922a4c41a9536b97c664c" + + "42136c81a910098ef12f23790203010001a38201cb308201c7301d0603551d0e" + + "04160414b8420c5a3a4a34ef5498a0d88df07070f3bba7a5301f0603551d2304" + + "18301680146b69283a352f486340cf7bd8af49e93ed93ddb21306c0603551d1f" + + "046530633061a05fa05d865b687474703a2f2f7777772e6d6963726f736f6674" + + "2e636f6d2f706b696f70732f63726c2f4d6963726f736f66742532305075626c" + + "696325323052534125323054696d657374616d70696e67253230434125323032" + + "3032302e63726c307906082b06010505070101046d306b306906082b06010505" + + "073002865d687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b" + + "696f70732f63657274732f4d6963726f736f66742532305075626c6963253230" + + "52534125323054696d657374616d70696e672532304341253230323032302e63" + + "7274300c0603551d130101ff0402300030160603551d250101ff040c300a0608" + + "2b06010505070308300e0603551d0f0101ff04040302078030660603551d2004" + + "5f305d3051060c2b0601040182374c837d01013041303f06082b060105050702" + + "011633687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f" + + "70732f446f63732f5265706f7369746f72792e68746d3008060667810c010402" + + "300d06092a864886f70d01010c050003820201003e041f26747dbe76f22adc0d" + + "e56aa190c6c9937af491ef40a80098131f143214749d2688be45c99b6f8ddc6a" + + "0f2d93cfe974bf898777e5fa1c7dcecea3c2ea4a9f1f490d620d6873b53300b5" + + "197c01d4a1c709a0a462684e425b9ecb1358cf083c03fff797dc46f131066429" + + "de68aa9cbe560e778d77bac22008dc2d5106014a63d8c749d38c661dadadaae4" + + "27e82bd5b9316bdd98b765f8056a931b8ed14a6fa21ebc92ddb27d09f6a5ff12" + + "437d8edccfc7efba52e13ff0cf849097569c5ac5d8d4025af968b356bd79514d" + + "c12cf4ad4003c20e722e13968fb90ea37798a9c1916de9d1e53c38ad0b37e247" + + "6abcd607c2ab085d876857cf6fda8c1c52a1ddbbea33ba24293769ded15b40e9" + + "d8cfa7e63735637e5857f10a56284efc7dde724ac4a155860b298a5ecdd74f79" + + "289140a99492f21a66e8b4d0b1f99bdf488e3cfaebaf642f7eac022a06676a2d" + + "0b1e027f475f2baf2c0831b12f78b0ca01aaf4ead628cab94f0b14aa5efaeb87" + + "82fca84bd590bca0dfe8bb2a58cb3b740a0ee006a25c7279dcc3371d45b6e610" + + "fd9a03a25d0e3f4b0c75cd30d8d7db4791b00a49291b5cf59b6861bb966a1b84" + + "3b26700d8afe9afb3f54b20f076e9b629bedbe6fc1384532e39cec71c9026373" + + "77e884c5dc801bbc6d9577d47d90aaedd087337e7d1f24107971aaeb42e32499" + + "c499083fd610892d18bfe9a5e1b3979fd7507269a18202c23082022b02010130" + + "820108a181e0a481dd3081da310b300906035504061302555331133011060355" + + "0408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64" + + "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + + "31253023060355040b131c4d6963726f736f667420416d6572696361204f7065" + + "726174696f6e7331263024060355040b131d5468616c6573205453532045534e" + + "3a424237332d393646442d37374546313530330603550403132c4d6963726f73" + + "6f6674205075626c6963205253412054696d65205374616d70696e6720417574" + + "686f72697479a2230a0101300706052b0e03021a031500713fd5ca3151c27d82" + + "dff783846024d47dc89c92a0673065a4633061310b3009060355040613025553" + + "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + + "31323030060355040313294d6963726f736f6674205075626c69632052534120" + + "54696d657374616d70696e672043412032303230300d06092a864886f70d0101" + + "050500020500e75011b13022180f32303232313232333139333832355a180f32" + + "303232313232343139333832355a3077303d060a2b0601040184590a0401312f" + + "302d300a020500e75011b1020100300a020100020225a40201ff300702010002" + + "02103e300a020500e75163310201003036060a2b0601040184590a0402312830" + + "26300c060a2b0601040184590a0302a00a3008020100020307a120a10a300802" + + "010002030186a0300d06092a864886f70d01010505000381810089add4c4e06d" + + "5a634850da6fb8197070157501212b7669e5bd48eeb2de5b1d24d58fada655da" + + "ad85a1943bdcbf1a33c3ee3c8b6c2f9ba8873d2c449d447e1f43c4245fe9172e" + + "e5eab38442cf2eb81655486628db01452be945340eebd855a64e29181a4f578d" + + "f9cc14d02b6f1b3da3d41595463fe96a0ce961245201ae0ef664318203d43082" + + "03d002010130783061310b3009060355040613025553311e301c060355040a13" + + "154d6963726f736f667420436f72706f726174696f6e31323030060355040313" + + "294d6963726f736f6674205075626c6963205253412054696d657374616d7069" + + "6e67204341203230323002133300000020b001af2f87675c8b00000000002030" + + "0d06096086480165030402010500a082012d301a06092a864886f70d01090331" + + "0d060b2a864886f70d0109100104302f06092a864886f70d0109043122042015" + + "6a9c3cbbc59a83b57308b9ff5783c4f4af776cc3fe5291f086313f5aede03730" + + "81dd060b2a864886f70d010910022f3181cd3081ca3081c73081a00420586284" + + "fbd9a5cb98871b82c01557d1349c0fed98d9bcfcf3daa3c6b9c1e3f444307c30" + + "65a4633061310b3009060355040613025553311e301c060355040a13154d6963" + + "726f736f667420436f72706f726174696f6e31323030060355040313294d6963" + + "726f736f6674205075626c6963205253412054696d657374616d70696e672043" + + "41203230323002133300000020b001af2f87675c8b0000000000203022042047" + + "6a414df916ea44c176dfe014b74b7a722f3d3ab504771bc5907f76f1426dd330" + + "0d06092a864886f70d01010b050004820200269d12401fb57ddf9907e7679898" + + "e234e19c3eb32b3116ed721f6dafa61d6b71b0257d1b2b435bce97ff1ee0cf08" + + "64101ba287baba8b50ffdc437671e0cc64fd56e60d50db2aaefcc9c847414fca" + + "402d7e55e6ff58b901cfdf30cdb2b9aa165405a6e09eb3b199372b0413f43eef" + + "7ba80c7a8f2a51b92254cda91b68f86e725a63d21eb8fa1af733b8b2fc8db708" + + "3274f74627274a2f4481dacbd3a5153c8a7bbd573305681dab08a5a7b1137cf4" + + "e0a2b1b8f4f042a59219809fe756af513eab0e516226e7bc3ceb81b217fae92e" + + "8ae21fa649a9c22e06a674eaa50417dbc6a00d9f753b8e8c08ac066f4e77ab17" + + "b3f745772f286895d2ded5227a6826a0a0ae1614a1bdf9bde726c7c6ea1cf188" + + "334f037bfaad31baf4ce5cd8552fa82054c1002d32b22249b3d42da462725644" + + "9e46d7a0e4bbd3be1a048198afbbe1473d36a8cab276c4b000fb299976e7f30f" + + "c9cb466a2333f4b9a3f1aa92414cafd45a1de6c48d104835979a8e8381506e40" + + "5dd8af815dfc4b1001df062593e0bad41c2009efa00066d87a8eeb4bc46ece43" + + "6d59a536ffb519e66daca417775b43c69847ce45f5063a2001cfcac1aed7566b" + + "cf9cb2ffb1c40033defa93372e58c31be5bc715dda8d1d71231fb14c3d3bc1a5" + + "aace918310b8b9d6759e6dd574495e78d36d2ede72bbde11098944ab5443e430" + + "00318df0c8dbdc2f09164e96bb474731f6ee").HexToByteArray(); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj index 8523c0d8296ea5..630f891e124cc1 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj @@ -74,4 +74,7 @@ + + + From 2316e18b705970669a8086a3a1bb58af51a5b3c4 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 23 Dec 2022 14:10:20 -0500 Subject: [PATCH 2/5] Tests are not applicable for .NET Framework --- .../tests/SignedCms/SignedCmsTests.cs | 75 ------------------- .../SignedCms/SignedCmsTests.netcoreapp.cs | 75 +++++++++++++++++++ ...em.Security.Cryptography.Pkcs.Tests.csproj | 3 - 3 files changed, 75 insertions(+), 78 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs index 8a7793942f654f..7eee42aa5db719 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.cs @@ -1,7 +1,6 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. -using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.Xml; @@ -1612,49 +1611,6 @@ public static void Decode_CanDecodeWithAttributeCertificate() cms.CheckSignature(verifySignatureOnly: true); } - [Fact] - public static void AddCertificate_CollectionContainsAttributeCertificate() - { - SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - signedCms.CheckSignature(true); - - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - int certCount = signedCms.Certificates.Count; - - using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) - { - CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); - - using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) - { - signedCms.AddCertificate(cert); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore + 1, countAfter); - - signedCms = new SignedCms(); - signedCms.Decode(reEncoded); - signedCms.CheckSignature(true); - } - } - } - - [Fact] - public static void RemoveCertificate_CollectionContainsAttributeCertificate() - { - SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - - signedCms.RemoveCertificate(signedCms.Certificates[0]); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore - 1, countAfter); - } - private static void CheckNoSignature(byte[] encoded, bool badOid=false) { SignedCms cms = new SignedCms(); @@ -1674,36 +1630,5 @@ private static void CheckNoSignature(byte[] encoded, bool badOid=false) cms.CheckHash(); } } - - public static int CountCertificateChoices(byte[] encoded) - { - AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); - reader = reader.ReadSequence(); - reader.ReadObjectIdentifier(); - reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); - reader = reader.ReadSequence(); - - reader.ReadInteger(); // version - reader.ReadSetOf(); // digestAlgorithms - reader.ReadSequence(); // encapsulatedContentInfo - - Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] - - if (reader.PeekTag() == expectedTag) - { - AsnReader certs = reader.ReadSetOf(expectedTag); - int count = 0; - - while (certs.HasData) - { - certs.ReadEncodedValue(); - count++; - } - - return count; - } - - return 0; - } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 255bc691b72d1e..73d896e0e0478d 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Collections.Generic; +using System.Formats.Asn1; using System.Linq; using System.Security.Cryptography.X509Certificates; using Test.Cryptography; @@ -604,6 +605,49 @@ public static void CreateSignature_Ecdsa_ThrowsWithRsaSignaturePadding() } } + [Fact] + public static void AddCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.CheckSignature(true); + + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + int certCount = signedCms.Certificates.Count; + + using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + { + CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); + + using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) + { + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); + + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); + } + } + } + + [Fact] + public static void RemoveCertificate_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + + signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + + signedCms.RemoveCertificate(signedCms.Certificates[0]); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore - 1, countAfter); + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData)) @@ -664,5 +708,36 @@ private static void VerifyCounterSignatureWithExplicitPrivateKey(X509Certificate Assert.Equal(counterSignerPubCert, cms.SignerInfos[0].CounterSignerInfos[0].Certificate); } } + + private static int CountCertificateChoices(byte[] encoded) + { + AsnReader reader = new AsnReader(encoded, AsnEncodingRules.BER); + reader = reader.ReadSequence(); + reader.ReadObjectIdentifier(); + reader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0)); + reader = reader.ReadSequence(); + + reader.ReadInteger(); // version + reader.ReadSetOf(); // digestAlgorithms + reader.ReadSequence(); // encapsulatedContentInfo + + Asn1Tag expectedTag = new Asn1Tag(TagClass.ContextSpecific, 0, true); // certificates[0] + + if (reader.PeekTag() == expectedTag) + { + AsnReader certs = reader.ReadSetOf(expectedTag); + int count = 0; + + while (certs.HasData) + { + certs.ReadEncodedValue(); + count++; + } + + return count; + } + + return 0; + } } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj index 630f891e124cc1..8523c0d8296ea5 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/System.Security.Cryptography.Pkcs.Tests.csproj @@ -74,7 +74,4 @@ - - - From ca039cd6956fa92ebc371df740de4642f7d52bde Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Fri, 30 Dec 2022 15:32:39 -0500 Subject: [PATCH 3/5] Clean up tests --- .../SignedCms/SignedCmsTests.netcoreapp.cs | 48 +++-- .../tests/SignedCms/SignedDocuments.cs | 189 ------------------ 2 files changed, 27 insertions(+), 210 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 73d896e0e0478d..054a07cd6e001f 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -609,38 +609,30 @@ public static void CreateSignature_Ecdsa_ThrowsWithRsaSignaturePadding() public static void AddCertificate_CollectionContainsAttributeCertificate() { SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); signedCms.CheckSignature(true); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); - int certCount = signedCms.Certificates.Count; + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); - using (ECDsa ec = ECDsa.Create(ECCurve.NamedCurves.nistP256)) + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.GetCertificate()) { - CertificateRequest req = new("CN=test", ec, HashAlgorithmName.SHA256); + signedCms.AddCertificate(cert); + byte[] reEncoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(reEncoded); + Assert.Equal(countBefore + 1, countAfter); - using (X509Certificate2 cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now)) - { - signedCms.AddCertificate(cert); - byte[] reEncoded = signedCms.Encode(); - int countAfter = CountCertificateChoices(reEncoded); - Assert.Equal(countBefore + 1, countAfter); - - signedCms = new SignedCms(); - signedCms.Decode(reEncoded); - signedCms.CheckSignature(true); - } + signedCms = new SignedCms(); + signedCms.Decode(reEncoded); + signedCms.CheckSignature(true); } } [Fact] - public static void RemoveCertificate_CollectionContainsAttributeCertificate() + public static void RemoveCertificate_Existing_CollectionContainsAttributeCertificate() { SignedCms signedCms = new SignedCms(); - - signedCms.Decode(SignedDocuments.CmsWithAttributeCertificate); - int countBefore = CountCertificateChoices(SignedDocuments.CmsWithAttributeCertificate); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); signedCms.RemoveCertificate(signedCms.Certificates[0]); byte[] reEncoded = signedCms.Encode(); @@ -648,6 +640,20 @@ public static void RemoveCertificate_CollectionContainsAttributeCertificate() Assert.Equal(countBefore - 1, countAfter); } + [Fact] + public static void RemoveCertificate_NonExisting_CollectionContainsAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.GetCertificate()) + { + // Remove a non-existing certificate so that we are forced to enumerate the entire 'certificates[0]' + // collection (including attribute certificates) looking for it. + Assert.Throws(() => signedCms.RemoveCertificate(cert)); + } + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData)) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs index 83a8aa4da9ae98..cce3114824794e 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedDocuments.cs @@ -1626,194 +1626,5 @@ internal static class SignedDocuments "6AB46C76047604BA7DF071EE0137B73F4D9DF616095C8F1CA9EB925B6D4C6ABC" + "FFEB73A81903169C6B487B316AFC951F696831A4B29B9ABCEA7EBCD243A553D2" + "F8B44FDA1B0AC0").HexToByteArray(); - - internal static readonly byte[] CmsWithAttributeCertificate = ( - "3082174e06092a864886f70d010702a082173f3082173b020103310f300d0609" + - "608648016503040201050030820161060b2a864886f70d0109100104a0820150" + - "0482014c30820148020101060a2b0601040184590a03013031300d0609608648" + - "01650304020105000420dffd6021bb2bd5b0af676290809ec3a53191dd81c7f7" + - "0a4b28688a362182986f020663a04d30704d1813323032323132323331343430" + - "34302e3133375a3004800201f4a081e0a481dd3081da310b3009060355040613" + - "025553311330110603550408130a57617368696e67746f6e3110300e06035504" + - "0713075265646d6f6e64311e301c060355040a13154d6963726f736f66742043" + - "6f72706f726174696f6e31253023060355040b131c4d6963726f736f66742041" + - "6d6572696361204f7065726174696f6e7331263024060355040b131d5468616c" + - "6573205453532045534e3a424237332d393646442d3737454631353033060355" + - "0403132c4d6963726f736f6674205075626c6963205253412054696d65205374" + - "616d70696e6720417574686f72697479a08211e6308207823082056aa0030201" + - "0202133300000005e5cf0fff662ec987000000000005300d06092a864886f70d" + - "01010c05003077310b3009060355040613025553311e301c060355040a13154d" + - "6963726f736f667420436f72706f726174696f6e314830460603550403133f4d" + - "6963726f736f6674204964656e7469747920566572696669636174696f6e2052" + - "6f6f7420436572746966696361746520417574686f726974792032303230301e" + - "170d3230313131393230333233315a170d3335313131393230343233315a3061" + - "310b3009060355040613025553311e301c060355040a13154d6963726f736f66" + - "7420436f72706f726174696f6e31323030060355040313294d6963726f736f66" + - "74205075626c6963205253412054696d657374616d70696e6720434120323032" + - "3030820222300d06092a864886f70d01010105000382020f003082020a028202" + - "01009e7ce75263fde0c59f057d63b50622a31c1ed7e79733d11305bd65464777" + - "91c15d706f7fb2ab43970c4aa1521c6aa0dbfa89858a8e431c2e1105c6f24078" + - "d70b0324fe5dd3398b60a018f19c6fde5624b8b0ec7ccb8812abc660e3d44401" + - "fe61b9784891044a7b7431b3c4a0a74d8a1c0ce711afd2b1a87c9d6a39849335" + - "c739e446c14fbbaadf0c7799786d566b5c084af964a4e428a1350b166f34f59d" + - "1962543c2e9ee2e45f58722165c802b09faca337f911e1f92ab9459f1a6328a4" + - "dabf07c53fa5da199196506f1365a893a20468025a9c7af6e2aa2a14cf562de0" + - "544ae773faa2f9d47c036322033d243749e1ed2a883466e6c39388442d04b19d" + - "f5585dd4c69dc6819c1eb442b12e6b3bdca1bf67e3247ae6950d042179a9e038" + - "4306278a50647e799e02344ddcb56e2ebd20d055e4a9f61d5268f57c51611fc9" + - "3c601a33ac46979ec48bde47530f4d57fb82df2163ae1734f3ba8b2506b0482d" + - "f1cd8fc45f3b13e08eec0dbc4e98cdab978b8a2ba784a6ead176e390da14e498" + - "6d614ae59806e9c518dbf6d4ab78376d002a66deb929c69ec04277672344a1bb" + - "f7e4d7fac4de85ac0ea317de38efe347bc28de58b09067733c9607827279e14c" + - "5b72417dd7802a1ce88457bc539c3d5aebdc3f513c708c4ba0a483cc20813aed" + - "2159d8f328dbbc6394b007596de5d421001632cd1dddc443bf4f52bf055177ad" + - "5ebd0203010001a382021b30820217300e0603551d0f0101ff04040302018630" + - "1006092b06010401823715010403020100301d0603551d0e041604146b69283a" + - "352f486340cf7bd8af49e93ed93ddb2130540603551d20044d304b3049060455" + - "1d20003041303f06082b060105050702011633687474703a2f2f7777772e6d69" + - "63726f736f66742e636f6d2f706b696f70732f446f63732f5265706f7369746f" + - "72792e68746d30130603551d25040c300a06082b06010505070308301906092b" + - "0601040182371402040c1e0a00530075006200430041300f0603551d130101ff" + - "040530030101ff301f0603551d23041830168014c87ed26a852a1bca19980407" + - "27cf50104f68a8a23081840603551d1f047d307b3079a077a075867368747470" + - "3a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f" + - "4d6963726f736f66742532304964656e74697479253230566572696669636174" + - "696f6e253230526f6f742532304365727469666963617465253230417574686f" + - "72697479253230323032302e63726c30819406082b0601050507010104818730" + - "818430818106082b060105050730028675687474703a2f2f7777772e6d696372" + - "6f736f66742e636f6d2f706b696f70732f63657274732f4d6963726f736f6674" + - "2532304964656e74697479253230566572696669636174696f6e253230526f6f" + - "742532304365727469666963617465253230417574686f726974792532303230" + - "32302e637274300d06092a864886f70d01010c050003820201005f8876c77e6d" + - "b55a1575e74c7868fa4ee1d844992515a5b8b13439afe93bee207bf5c48b35ef" + - "86cd18efe2956326f89c796e8017ac9c5a81184742d885a6b4a3324b539622f8" + - "b0a672b768be4979dc336de045ecf3b283a2061bf5e1849dd4a967964cef82cd" + - "bd5cd8d3f9cf2121f3d17bdaef54230f887ef33d9730e67363b610d0fb30f9eb" + - "72359d427acb9f536d75acbb252cab0ef05d9a06cd9c228d64f9a1ce86bc3dc7" + - "0e8909638d35ba19e3dee6c185b911f3745b7ccbe6cdda7785ed9bbc8533b523" + - "ae17346aacb7c4bec3e4547627bc7d70b58cabb79bd28622a1786a576b6016a6" + - "ca1de0e2724f8ff2d1d8205a2f20fed81b86642566a0d47f752a510b1968b748" + - "bbf5d28e0a19a838da9b308f26d38b8b6841c0bf8ab0287435bc1cdb57f9c6f3" + - "d2c329b4524af8a39b0270c51c4b2e9310feee315f115f4787ff824b1291b269" + - "ee8a8bc258839bf87ec34689fd4e5c72762161beef3ca34c37e4990d6c9c5393" + - "832117f2a06979f41b1747f1e9446b6226ab8e6069af03fa64e6f0b595c9db78" + - "cadc583ff6ea8cde3d0fd359f3572813a6905a6f3c4f021fe11e1865b3a930a3" + - "740b27a368f34de352c65c778250c626071dcf90ff000c70f52760abffab63b8" + - "e382ced7e9fa8f4d73e66820092951c03f5f681232480700f52f21db684801c4" + - "50a881848e89422bd17a9caf59c97e2586d86c187ba668005d5b308207963082" + - "057ea00302010202133300000020b001af2f87675c8b000000000020300d0609" + - "2a864886f70d01010c05003061310b3009060355040613025553311e301c0603" + - "55040a13154d6963726f736f667420436f72706f726174696f6e313230300603" + - "55040313294d6963726f736f6674205075626c6963205253412054696d657374" + - "616d70696e672043412032303230301e170d3232303730373138333732355a17" + - "0d3233303730373138333732355a3081da310b30090603550406130255533113" + - "30110603550408130a57617368696e67746f6e3110300e060355040713075265" + - "646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f72" + - "6174696f6e31253023060355040b131c4d6963726f736f667420416d65726963" + - "61204f7065726174696f6e7331263024060355040b131d5468616c6573205453" + - "532045534e3a424237332d393646442d37374546313530330603550403132c4d" + - "6963726f736f6674205075626c6963205253412054696d65205374616d70696e" + - "6720417574686f7269747930820222300d06092a864886f70d01010105000382" + - "020f003082020a028202010097eb0cf8c8029c1a4123dd594c6e00d8afe06644" + - "da86c76d821dd4b437aca798906da023ad208e467fafdd60424f8c1899b01f7c" + - "989b0b7b59eef74d99799740f92395d64d9e44e6c35320bd89562c5cd40a1059" + - "da37ff452790bd04c259d7798fb40630f81cb9ab39de3411299121b11cc9214f" + - "0d30c954a387c077d9426bc0b58749b7301821de54d42d87f47633f2ef0facaa" + - "267cd64d453599e13388812426a7cc2a772e41fbdceb71c6c815bc0782b98e50" + - "1a35649fc29ec6bb6d98d7217776b4a914ec1bacbb6d0a937eeb998b6300f782" + - "b5fdc0c5378f56ebb221fc5e8726cf542bbc0116186e1da016fd60c6456bdd60" + - "3fcfd476a2ed2662d8565a4a18df134ca6a0c5a17ee8d902e22f04b4299b697c" + - "6475dd0f9977fd3f1b09b59409f1e66f62df74b6bff626890e53efc7e7a435cd" + - "575081fa6dfd68badda8592044fe1fbc8beb9a1e79a3fa2508af74f736b0314b" + - "ac231b8a8d9cc8868a547e66089ed821a40aea030d7e25bc21e863d81e13b938" + - "9aa4cddba2ec4423614ef9ef4843e9017cf6f74bc9971db7624b6c0100a22f15" + - "bf6a7ba47ace7f7926c13875247cc49b88a45f02bb9705388e940a9024456460" + - "75e0a007e0d421a736546ec9e8705dc548774aaa1ba35201b566f7d04a70b9bf" + - "86312bbbd35dd6bf7d51c501efe555e4d685dda7870922a4c41a9536b97c664c" + - "42136c81a910098ef12f23790203010001a38201cb308201c7301d0603551d0e" + - "04160414b8420c5a3a4a34ef5498a0d88df07070f3bba7a5301f0603551d2304" + - "18301680146b69283a352f486340cf7bd8af49e93ed93ddb21306c0603551d1f" + - "046530633061a05fa05d865b687474703a2f2f7777772e6d6963726f736f6674" + - "2e636f6d2f706b696f70732f63726c2f4d6963726f736f66742532305075626c" + - "696325323052534125323054696d657374616d70696e67253230434125323032" + - "3032302e63726c307906082b06010505070101046d306b306906082b06010505" + - "073002865d687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b" + - "696f70732f63657274732f4d6963726f736f66742532305075626c6963253230" + - "52534125323054696d657374616d70696e672532304341253230323032302e63" + - "7274300c0603551d130101ff0402300030160603551d250101ff040c300a0608" + - "2b06010505070308300e0603551d0f0101ff04040302078030660603551d2004" + - "5f305d3051060c2b0601040182374c837d01013041303f06082b060105050702" + - "011633687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f" + - "70732f446f63732f5265706f7369746f72792e68746d3008060667810c010402" + - "300d06092a864886f70d01010c050003820201003e041f26747dbe76f22adc0d" + - "e56aa190c6c9937af491ef40a80098131f143214749d2688be45c99b6f8ddc6a" + - "0f2d93cfe974bf898777e5fa1c7dcecea3c2ea4a9f1f490d620d6873b53300b5" + - "197c01d4a1c709a0a462684e425b9ecb1358cf083c03fff797dc46f131066429" + - "de68aa9cbe560e778d77bac22008dc2d5106014a63d8c749d38c661dadadaae4" + - "27e82bd5b9316bdd98b765f8056a931b8ed14a6fa21ebc92ddb27d09f6a5ff12" + - "437d8edccfc7efba52e13ff0cf849097569c5ac5d8d4025af968b356bd79514d" + - "c12cf4ad4003c20e722e13968fb90ea37798a9c1916de9d1e53c38ad0b37e247" + - "6abcd607c2ab085d876857cf6fda8c1c52a1ddbbea33ba24293769ded15b40e9" + - "d8cfa7e63735637e5857f10a56284efc7dde724ac4a155860b298a5ecdd74f79" + - "289140a99492f21a66e8b4d0b1f99bdf488e3cfaebaf642f7eac022a06676a2d" + - "0b1e027f475f2baf2c0831b12f78b0ca01aaf4ead628cab94f0b14aa5efaeb87" + - "82fca84bd590bca0dfe8bb2a58cb3b740a0ee006a25c7279dcc3371d45b6e610" + - "fd9a03a25d0e3f4b0c75cd30d8d7db4791b00a49291b5cf59b6861bb966a1b84" + - "3b26700d8afe9afb3f54b20f076e9b629bedbe6fc1384532e39cec71c9026373" + - "77e884c5dc801bbc6d9577d47d90aaedd087337e7d1f24107971aaeb42e32499" + - "c499083fd610892d18bfe9a5e1b3979fd7507269a18202c23082022b02010130" + - "820108a181e0a481dd3081da310b300906035504061302555331133011060355" + - "0408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64" + - "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + - "31253023060355040b131c4d6963726f736f667420416d6572696361204f7065" + - "726174696f6e7331263024060355040b131d5468616c6573205453532045534e" + - "3a424237332d393646442d37374546313530330603550403132c4d6963726f73" + - "6f6674205075626c6963205253412054696d65205374616d70696e6720417574" + - "686f72697479a2230a0101300706052b0e03021a031500713fd5ca3151c27d82" + - "dff783846024d47dc89c92a0673065a4633061310b3009060355040613025553" + - "311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e" + - "31323030060355040313294d6963726f736f6674205075626c69632052534120" + - "54696d657374616d70696e672043412032303230300d06092a864886f70d0101" + - "050500020500e75011b13022180f32303232313232333139333832355a180f32" + - "303232313232343139333832355a3077303d060a2b0601040184590a0401312f" + - "302d300a020500e75011b1020100300a020100020225a40201ff300702010002" + - "02103e300a020500e75163310201003036060a2b0601040184590a0402312830" + - "26300c060a2b0601040184590a0302a00a3008020100020307a120a10a300802" + - "010002030186a0300d06092a864886f70d01010505000381810089add4c4e06d" + - "5a634850da6fb8197070157501212b7669e5bd48eeb2de5b1d24d58fada655da" + - "ad85a1943bdcbf1a33c3ee3c8b6c2f9ba8873d2c449d447e1f43c4245fe9172e" + - "e5eab38442cf2eb81655486628db01452be945340eebd855a64e29181a4f578d" + - "f9cc14d02b6f1b3da3d41595463fe96a0ce961245201ae0ef664318203d43082" + - "03d002010130783061310b3009060355040613025553311e301c060355040a13" + - "154d6963726f736f667420436f72706f726174696f6e31323030060355040313" + - "294d6963726f736f6674205075626c6963205253412054696d657374616d7069" + - "6e67204341203230323002133300000020b001af2f87675c8b00000000002030" + - "0d06096086480165030402010500a082012d301a06092a864886f70d01090331" + - "0d060b2a864886f70d0109100104302f06092a864886f70d0109043122042015" + - "6a9c3cbbc59a83b57308b9ff5783c4f4af776cc3fe5291f086313f5aede03730" + - "81dd060b2a864886f70d010910022f3181cd3081ca3081c73081a00420586284" + - "fbd9a5cb98871b82c01557d1349c0fed98d9bcfcf3daa3c6b9c1e3f444307c30" + - "65a4633061310b3009060355040613025553311e301c060355040a13154d6963" + - "726f736f667420436f72706f726174696f6e31323030060355040313294d6963" + - "726f736f6674205075626c6963205253412054696d657374616d70696e672043" + - "41203230323002133300000020b001af2f87675c8b0000000000203022042047" + - "6a414df916ea44c176dfe014b74b7a722f3d3ab504771bc5907f76f1426dd330" + - "0d06092a864886f70d01010b050004820200269d12401fb57ddf9907e7679898" + - "e234e19c3eb32b3116ed721f6dafa61d6b71b0257d1b2b435bce97ff1ee0cf08" + - "64101ba287baba8b50ffdc437671e0cc64fd56e60d50db2aaefcc9c847414fca" + - "402d7e55e6ff58b901cfdf30cdb2b9aa165405a6e09eb3b199372b0413f43eef" + - "7ba80c7a8f2a51b92254cda91b68f86e725a63d21eb8fa1af733b8b2fc8db708" + - "3274f74627274a2f4481dacbd3a5153c8a7bbd573305681dab08a5a7b1137cf4" + - "e0a2b1b8f4f042a59219809fe756af513eab0e516226e7bc3ceb81b217fae92e" + - "8ae21fa649a9c22e06a674eaa50417dbc6a00d9f753b8e8c08ac066f4e77ab17" + - "b3f745772f286895d2ded5227a6826a0a0ae1614a1bdf9bde726c7c6ea1cf188" + - "334f037bfaad31baf4ce5cd8552fa82054c1002d32b22249b3d42da462725644" + - "9e46d7a0e4bbd3be1a048198afbbe1473d36a8cab276c4b000fb299976e7f30f" + - "c9cb466a2333f4b9a3f1aa92414cafd45a1de6c48d104835979a8e8381506e40" + - "5dd8af815dfc4b1001df062593e0bad41c2009efa00066d87a8eeb4bc46ece43" + - "6d59a536ffb519e66daca417775b43c69847ce45f5063a2001cfcac1aed7566b" + - "cf9cb2ffb1c40033defa93372e58c31be5bc715dda8d1d71231fb14c3d3bc1a5" + - "aace918310b8b9d6759e6dd574495e78d36d2ede72bbde11098944ab5443e430" + - "00318df0c8dbdc2f09164e96bb474731f6ee").HexToByteArray(); } } From fd3e7142761682f9f46f734c6cfae6dc78b454b8 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Wed, 4 Jan 2023 13:44:50 -0500 Subject: [PATCH 4/5] Update package for servicing --- .../src/System.Security.Cryptography.Pkcs.csproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj index be33237e616414..bb2f422b6023e4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj @@ -5,6 +5,8 @@ true $(NoWarn);CA5384 true + true + 1 Provides support for PKCS and CMS algorithms. Commonly Used Types: From e2d2d0f70894c204d45cd583b6c58819de0c1569 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Wed, 4 Jan 2023 17:19:59 -0500 Subject: [PATCH 5/5] Add tests for Compute{Counter}Signature with attribute certificates --- .../SignedCms/SignedCmsTests.netcoreapp.cs | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs index 054a07cd6e001f..8ede25072e17e9 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/tests/SignedCms/SignedCmsTests.netcoreapp.cs @@ -654,6 +654,43 @@ public static void RemoveCertificate_NonExisting_CollectionContainsAttributeCert } } + [Fact] + public static void ComputeCounterSignature_PreservesAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) + { + CmsSigner signer = new CmsSigner(cert); + SignerInfo info = signedCms.SignerInfos[0]; + info.ComputeCounterSignature(signer); + } + + byte[] encoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(encoded); + Assert.Equal(countBefore + 1, countAfter); + } + + [Fact] + public static void ComputeSignature_PreservesAttributeCertificate() + { + SignedCms signedCms = new SignedCms(); + signedCms.Decode(SignedDocuments.TstWithAttributeCertificate); + int countBefore = CountCertificateChoices(SignedDocuments.TstWithAttributeCertificate); + + using (X509Certificate2 cert = Certificates.RSA2048SignatureOnly.TryGetCertificateWithPrivateKey()) + { + CmsSigner signer = new CmsSigner(cert); + signedCms.ComputeSignature(signer); + } + + byte[] encoded = signedCms.Encode(); + int countAfter = CountCertificateChoices(encoded); + Assert.Equal(countBefore + 1, countAfter); + } + private static void VerifyWithExplicitPrivateKey(X509Certificate2 cert, AsymmetricAlgorithm key) { using (var pubCert = new X509Certificate2(cert.RawData))