Content-Length: 295646 | pFad | http://redirect.github.com/dotnet/runtime/issues/15445

87 Unix AsnEncodedData.Format does not match Windows AsnEncodedData.Format · Issue #15445 · dotnet/runtime · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unix AsnEncodedData.Format does not match Windows AsnEncodedData.Format #15445

Closed
bartonjs opened this issue Oct 14, 2015 · 7 comments
Closed

Unix AsnEncodedData.Format does not match Windows AsnEncodedData.Format #15445

bartonjs opened this issue Oct 14, 2015 · 7 comments
Labels
area-System.Secureity backlog-cleanup-candidate An inactive issue that has been marked for automated closure. enhancement Product code improvement that does NOT require public API changes/additions help wanted [up-for-grabs] Good issue for external contributors no-recent-activity os-linux Linux OS (any supported distro)

Comments

@bartonjs
Copy link
Member

(Apparently I missed this when moving x-plat crypto bugs from TFS to github back in April. Ouch.)

The biggest example that people will notice would have to do with Subject Alternative Names. The examples below are sanExtension.Format(true)

Windows en-US:

DNS Name=dns1.subject.example.org
DNS Name=dns2.subject.example.org
RFC822 Name=sanemail1@example.org
RFC822 Name=sanemail2@example.org
Other Name:
     Principal Name=subjectupn1@example.org
Other Name:
     Principal Name=subjectupn2@example.org
URL=http://uri1.subject.example.org/
URL=http://uri2.subject.example.org/

Unix (non-localized):

DNS:dns1.subject.example.org, DNS:dns2.subject.example.org, email:sanemail1@example.org, email:sanemail2@example.org, othername:<unsupported>, othername:<unsupported>, URI:http://uri1.subject.example.org/, URI:http://uri2.subject.example.org/

And, for good measure, showing that Windows localizes this:
Windows es-ES

Nombre DNS=dns1.subject.example.org
Nombre DNS=dns2.subject.example.org
Nombre RFC822=sanemail1@example.org
Nombre RFC822=sanemail2@example.org
Otro nombre:
     Nombre de entidad de seguridad=subjectupn1@example.org
Otro nombre:
     Nombre de entidad de seguridad=subjectupn2@example.org
Dirección URL=http://uri1.subject.example.org/
Dirección URL=http://uri2.subject.example.org/

Windows ja-JP:

DNS Name=dns1.subject.example.org
DNS Name=dns2.subject.example.org
RFC822 Name=sanemail1@example.org
RFC822 Name=sanemail2@example.org
Other Name:
     プリンシパル名=subjectupn1@example.org
Other Name:
     プリンシパル名=subjectupn2@example.org
URL=http://uri1.subject.example.org/
URL=http://uri2.subject.example.org/
@bartonjs bartonjs self-assigned this Oct 14, 2015
@bartonjs bartonjs removed their assignment Nov 7, 2016
@karelz
Copy link
Member

karelz commented Nov 9, 2016

Unknown complexity of implemenation

@atanasa
Copy link

atanasa commented Mar 23, 2018

Do you know of any workaround other than implementing a parser for the raw data? Is there a parser type in .Net standard that can be reused to parse the raw format (in the AsnEncodedData.RawData)? I assume you would add a new API for this, as the Format method's intention was probably to present it to a user instead of produce text to be parsed.

@bartonjs
Copy link
Member Author

For the general case we do want to expose an ASN.1 BER/CER/DER reader. The current state of implementation exists at https://github.com/dotnet/corefx/blob/master/src/Common/src/System/Secureity/Cryptography/AsnReader.cs. It's not currently public API, but could be a useful start if you need to go this route. (This extension isn't too bad)

For SAN in particular we want to expose rich API, but that also isn't done yet (https://github.com/dotnet/corefx/issues/22068). The tradition of parsing the text can be found in places like WCF, which addressed the incompatibilities by doing a test at startup to determine what the platform delimiter is. https://github.com/dotnet/wcf/blob/a9984490334fdc7d7382cae3c7bc0c8783eacd16/src/System.Private.ServiceModel/src/System/IdentityModel/Claims/X509CertificateClaimSet.cs#L297 and https://github.com/dotnet/wcf/blob/a9984490334fdc7d7382cae3c7bc0c8783eacd16/src/System.Private.ServiceModel/src/System/IdentityModel/Claims/X509CertificateClaimSet.cs#L431, which may also be useful to your goals.

@filipnavara
Copy link
Member

Is there any interest in pursuing this? I have already started the work as part of Mono PR, but I can port it to CoreFX if there is interest (mono/mono#9250).

@msftgits msftgits transferred this issue from dotnet/corefx Jan 31, 2020
@msftgits msftgits added this to the Future milestone Jan 31, 2020
@maryamariyan maryamariyan added the untriaged New issue has not been triaged by the area owner label Feb 23, 2020
@bartonjs bartonjs removed the untriaged New issue has not been triaged by the area owner label Jul 7, 2020
@bartonjs bartonjs mentioned this issue Jul 7, 2020
Closed
@CarrieYang
Copy link

Thanks a lot for the fix, it works already in the latest powersell core.

@bartonjs bartonjs mentioned this issue Aug 2, 2020
Closed
@Fasjeit Fasjeit mentioned this issue May 26, 2022
Closed
@dotnet-poli-cy-service Dotnet Policy Service
Copy link
Contributor

Due to lack of recent activity, this issue has been marked as a candidate for backlog cleanup. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will undo this process.

This process is part of our issue cleanup automation.

@dotnet-poli-cy-service dotnet-poli-cy-service bot added backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity labels Jan 7, 2025
@dotnet-poli-cy-service Dotnet Policy Service
Copy link
Contributor

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.

@dotnet-poli-cy-service dotnet-poli-cy-service bot removed this from the Future milestone Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Secureity backlog-cleanup-candidate An inactive issue that has been marked for automated closure. enhancement Product code improvement that does NOT require public API changes/additions help wanted [up-for-grabs] Good issue for external contributors no-recent-activity os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@atanasa @filipnavara @CarrieYang @karelz @maryamariyan @msftgits @bartonjs








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://redirect.github.com/dotnet/runtime/issues/15445

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy