Skip to content

Commit

Permalink
Az.codesigning - fix regressions (#26801)
Browse files Browse the repository at this point in the history
* fix: regression failure using azure codesigning crypto provider

By migrating to the rebranded Azure.Developer.TrustedSigning.CryptoProvider

* docs: added changelog.md entries

* fix: Polly dependency is still used on this version

* fix: package of Polly should be on version 7.2.4
  • Loading branch information
Jaxelr authored Dec 5, 2024
1 parent e7bc36e commit 89c87bf
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 14 deletions.
8 changes: 3 additions & 5 deletions src/CodeSigning/CodeSigning/Az.CodeSigning.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,8 @@ DotNetFrameworkVersion = '4.7.2'
RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '3.0.3'; })

# Assemblies that must be loaded prior to importing this module
RequiredAssemblies = 'Azure.CodeSigning.Client.CryptoProvider.dll',
'Azure.CodeSigning.Client.CryptoProvider.Models.dll',
'Azure.CodeSigning.Client.CryptoProvider.Utilities.dll',
'Azure.CodeSigning.dll', 'Polly.dll'
RequiredAssemblies = 'Azure.Developer.TrustedSigning.CryptoProvider.dll',
'Azure.CodeSigning.dll'

# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
Expand All @@ -75,7 +73,7 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.CodeSigning.dll')
FunctionsToExport = @()

# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert',
CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert',
'Get-AzCodeSigningCertChain', 'Invoke-AzCodeSigningCIPolicySigning'

# Variables to export from this module
Expand Down
2 changes: 2 additions & 0 deletions src/CodeSigning/CodeSigning/ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
-->
## Upcoming Release
* Upgraded Azure.Core to 1.44.1.
* Upgraded to rebranded package Azure.Developer.TrustedSigning.CryptoProvider.
* Upgraded to updated Azure.Codesigning.Sdk.

## Version 0.2.0
* Added `Get-AzCodeSigningCertChain` cmdlet to retrieve the certificate chain for a certificate profile.
Expand Down
4 changes: 2 additions & 2 deletions src/CodeSigning/CodeSigning/CodeSigning.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@

<ItemGroup>
<PackageReference Include="Polly" Version="7.2.4" />
<PackageReference Include="Azure.CodeSigning.Client.CryptoProvider" Version="0.1.16" />
<PackageReference Include="Azure.CodeSigning.Sdk" Version="0.1.106" />
<PackageReference Include="Azure.Developer.TrustedSigning.CryptoProvider" Version="0.1.38" />
<PackageReference Include="Azure.CodeSigning.Sdk" Version="0.1.127" />
<PackageReference Include="System.Formats.Asn1" Version="6.0.1" />
<PackageReference Include="System.Security.Cryptography.Pkcs" Version="6.0.3" />
</ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ private void WriteMessage(string message)

private void ValidateFileType(string fullInPath)
{
if (System.IO.Path.GetExtension(fullInPath).ToLower() == ".bin")
if (string.Equals(System.IO.Path.GetExtension(fullInPath), ".bin", StringComparison.OrdinalIgnoreCase))
{
WriteMessage(Environment.NewLine);
WriteMessage("CI Policy file submitted");
Expand Down
10 changes: 5 additions & 5 deletions src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// limitations under the License.
// ----------------------------------------------------------------------------------

using Azure.CodeSigning.Client.CryptoProvider;
using Azure.Developer.TrustedSigning.CryptoProvider;
using Azure.Core;
using System;
using System.IO;
Expand All @@ -33,10 +33,10 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c
{
try
{
var context = new AzCodeSignContext(tokenCred, accountName, certProfile, endpointUrl);
var context = new AzSignContext(tokenCred, accountName, certProfile, new Uri(endpointUrl));

var cert = context.InitializeChainAsync().Result;
RSA rsa = new RSAAzCodeSign(context);
var cert = context.GetSigningCertificate();
RSA rsa = new RSAAzSign(context);

var cipolicy = File.ReadAllBytes(unsignedCIFilePath);
var cmscontent = new ContentInfo(new Oid("1.3.6.1.4.1.311.79.1"), cipolicy);
Expand Down Expand Up @@ -84,7 +84,7 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c
retry--;
if (retry == 0 || ex.Message == "Input TimeStamperUrl is not valid Uri. Please check.")
{
throw ex;
throw;
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ public string[] GetCodeSigningEku(string accountName, string profileName, string
GetCertificateProfileClient(endpoint);

var eku = CertificateProfileClient.GetSignEku(accountName, profileName);
return eku.Value?.ToArray();

return eku.Value?.Distinct().ToArray();
}
public string[] GetCodeSigningEku(string metadataPath)
{
Expand Down

0 comments on commit 89c87bf

Please sign in to comment.