From 447cef817d34c5f7ed391c48b915e61488e0d7c0 Mon Sep 17 00:00:00 2001 From: Jaxel Rojas Lopez Date: Mon, 2 Dec 2024 16:56:37 -0400 Subject: [PATCH 1/4] fix: regression failure using azure codesigning crypto provider By migrating to the rebranded Azure.Developer.TrustedSigning.CryptoProvider --- src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 | 8 +++----- src/CodeSigning/CodeSigning/CodeSigning.csproj | 5 ++--- .../CodeSigning/Commands/InvokeCIPolicySigning.cs | 2 +- src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs | 10 +++++----- .../CodeSigning/Models/CodeSigningServiceClient.cs | 3 ++- 5 files changed, 13 insertions(+), 15 deletions(-) diff --git a/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 b/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 index 1575a8688766..d58f93b3aa01 100644 --- a/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 +++ b/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 @@ -54,10 +54,8 @@ DotNetFrameworkVersion = '4.7.2' RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '3.0.3'; }) # Assemblies that must be loaded prior to importing this module -RequiredAssemblies = 'Azure.CodeSigning.Client.CryptoProvider.dll', - 'Azure.CodeSigning.Client.CryptoProvider.Models.dll', - 'Azure.CodeSigning.Client.CryptoProvider.Utilities.dll', - 'Azure.CodeSigning.dll', 'Polly.dll' +RequiredAssemblies = 'Azure.Developer.TrustedSigning.CryptoProvider.dll', + 'Azure.CodeSigning.dll' # Script files (.ps1) that are run in the caller's environment prior to importing this module. # ScriptsToProcess = @() @@ -75,7 +73,7 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.CodeSigning.dll') FunctionsToExport = @() # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. -CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert', +CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert', 'Get-AzCodeSigningCertChain', 'Invoke-AzCodeSigningCIPolicySigning' # Variables to export from this module diff --git a/src/CodeSigning/CodeSigning/CodeSigning.csproj b/src/CodeSigning/CodeSigning/CodeSigning.csproj index 445f0de0cd8c..0248d1abb507 100644 --- a/src/CodeSigning/CodeSigning/CodeSigning.csproj +++ b/src/CodeSigning/CodeSigning/CodeSigning.csproj @@ -22,9 +22,8 @@ - - - + + diff --git a/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs b/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs index fc4b1bc8ecc9..08a228d69a8c 100644 --- a/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs +++ b/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs @@ -140,7 +140,7 @@ private void WriteMessage(string message) private void ValidateFileType(string fullInPath) { - if (System.IO.Path.GetExtension(fullInPath).ToLower() == ".bin") + if (string.Equals(System.IO.Path.GetExtension(fullInPath), ".bin", StringComparison.OrdinalIgnoreCase)) { WriteMessage(Environment.NewLine); WriteMessage("CI Policy file submitted"); diff --git a/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs b/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs index 954198a30c49..04aaaa00853b 100644 --- a/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs +++ b/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs @@ -12,7 +12,7 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Azure.CodeSigning.Client.CryptoProvider; +using Azure.Developer.TrustedSigning.CryptoProvider; using Azure.Core; using System; using System.IO; @@ -33,10 +33,10 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c { try { - var context = new AzCodeSignContext(tokenCred, accountName, certProfile, endpointUrl); + var context = new AzSignContext(tokenCred, accountName, certProfile, new Uri(endpointUrl)); - var cert = context.InitializeChainAsync().Result; - RSA rsa = new RSAAzCodeSign(context); + var cert = context.GetSigningCertificate(); + RSA rsa = new RSAAzSign(context); var cipolicy = File.ReadAllBytes(unsignedCIFilePath); var cmscontent = new ContentInfo(new Oid("1.3.6.1.4.1.311.79.1"), cipolicy); @@ -84,7 +84,7 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c retry--; if (retry == 0 || ex.Message == "Input TimeStamperUrl is not valid Uri. Please check.") { - throw ex; + throw; } } } diff --git a/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs b/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs index 4c5891c507b2..64c7a28cb08f 100644 --- a/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs +++ b/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs @@ -78,7 +78,8 @@ public string[] GetCodeSigningEku(string accountName, string profileName, string GetCertificateProfileClient(endpoint); var eku = CertificateProfileClient.GetSignEku(accountName, profileName); - return eku.Value?.ToArray(); + + return eku.Value?.Distinct().ToArray(); } public string[] GetCodeSigningEku(string metadataPath) { From ac6eafb12e259ce602c8d44bd98ab386f5a070e6 Mon Sep 17 00:00:00 2001 From: Jaxel Rojas Lopez Date: Mon, 2 Dec 2024 16:59:38 -0400 Subject: [PATCH 2/4] docs: added changelog.md entries --- src/CodeSigning/CodeSigning/ChangeLog.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/CodeSigning/CodeSigning/ChangeLog.md b/src/CodeSigning/CodeSigning/ChangeLog.md index a91ea8baac12..82ae32826972 100644 --- a/src/CodeSigning/CodeSigning/ChangeLog.md +++ b/src/CodeSigning/CodeSigning/ChangeLog.md @@ -19,6 +19,9 @@ --> ## Upcoming Release * Upgraded Azure.Core to 1.44.1. +* Upgraded to rebranded package Azure.Developer.TrustedSigning.CryptoProvider. +* Upgraded to updated Azure.Codesigning.Sdk. +* Removed deprecated package dependency on Polly. ## Version 0.2.0 * Added `Get-AzCodeSigningCertChain` cmdlet to retrieve the certificate chain for a certificate profile. From 2f8f64b35235dac031d2638996d6e85bfe89f986 Mon Sep 17 00:00:00 2001 From: Jaxel Rojas Lopez Date: Tue, 3 Dec 2024 13:16:59 -0400 Subject: [PATCH 3/4] fix: Polly dependency is still used on this version --- src/CodeSigning/CodeSigning/ChangeLog.md | 1 - src/CodeSigning/CodeSigning/CodeSigning.csproj | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CodeSigning/CodeSigning/ChangeLog.md b/src/CodeSigning/CodeSigning/ChangeLog.md index 82ae32826972..445d7bfb98e0 100644 --- a/src/CodeSigning/CodeSigning/ChangeLog.md +++ b/src/CodeSigning/CodeSigning/ChangeLog.md @@ -21,7 +21,6 @@ * Upgraded Azure.Core to 1.44.1. * Upgraded to rebranded package Azure.Developer.TrustedSigning.CryptoProvider. * Upgraded to updated Azure.Codesigning.Sdk. -* Removed deprecated package dependency on Polly. ## Version 0.2.0 * Added `Get-AzCodeSigningCertChain` cmdlet to retrieve the certificate chain for a certificate profile. diff --git a/src/CodeSigning/CodeSigning/CodeSigning.csproj b/src/CodeSigning/CodeSigning/CodeSigning.csproj index 0248d1abb507..f01a60dd0abd 100644 --- a/src/CodeSigning/CodeSigning/CodeSigning.csproj +++ b/src/CodeSigning/CodeSigning/CodeSigning.csproj @@ -22,6 +22,7 @@ + From 10be758be8ed822e22d1a659a489524a81544c17 Mon Sep 17 00:00:00 2001 From: Jaxel Rojas Lopez Date: Wed, 4 Dec 2024 08:25:11 -0400 Subject: [PATCH 4/4] fix: package of Polly should be on version 7.2.4 --- src/CodeSigning/CodeSigning/CodeSigning.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CodeSigning/CodeSigning/CodeSigning.csproj b/src/CodeSigning/CodeSigning/CodeSigning.csproj index f01a60dd0abd..1d01f24646b4 100644 --- a/src/CodeSigning/CodeSigning/CodeSigning.csproj +++ b/src/CodeSigning/CodeSigning/CodeSigning.csproj @@ -22,7 +22,7 @@ - +