From 89c87bfae8eb92a95d8b1bd3e2e2267945d88b35 Mon Sep 17 00:00:00 2001 From: Jaxel Rojas Date: Thu, 5 Dec 2024 03:53:19 -0400 Subject: [PATCH] Az.codesigning - fix regressions (#26801) * fix: regression failure using azure codesigning crypto provider By migrating to the rebranded Azure.Developer.TrustedSigning.CryptoProvider * docs: added changelog.md entries * fix: Polly dependency is still used on this version * fix: package of Polly should be on version 7.2.4 --- src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 | 8 +++----- src/CodeSigning/CodeSigning/ChangeLog.md | 2 ++ src/CodeSigning/CodeSigning/CodeSigning.csproj | 4 ++-- .../CodeSigning/Commands/InvokeCIPolicySigning.cs | 2 +- src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs | 10 +++++----- .../CodeSigning/Models/CodeSigningServiceClient.cs | 3 ++- 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 b/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 index 1575a8688766..d58f93b3aa01 100644 --- a/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 +++ b/src/CodeSigning/CodeSigning/Az.CodeSigning.psd1 @@ -54,10 +54,8 @@ DotNetFrameworkVersion = '4.7.2' RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '3.0.3'; }) # Assemblies that must be loaded prior to importing this module -RequiredAssemblies = 'Azure.CodeSigning.Client.CryptoProvider.dll', - 'Azure.CodeSigning.Client.CryptoProvider.Models.dll', - 'Azure.CodeSigning.Client.CryptoProvider.Utilities.dll', - 'Azure.CodeSigning.dll', 'Polly.dll' +RequiredAssemblies = 'Azure.Developer.TrustedSigning.CryptoProvider.dll', + 'Azure.CodeSigning.dll' # Script files (.ps1) that are run in the caller's environment prior to importing this module. # ScriptsToProcess = @() @@ -75,7 +73,7 @@ NestedModules = @('Microsoft.Azure.PowerShell.Cmdlets.CodeSigning.dll') FunctionsToExport = @() # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. -CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert', +CmdletsToExport = 'Get-AzCodeSigningCustomerEku', 'Get-AzCodeSigningRootCert', 'Get-AzCodeSigningCertChain', 'Invoke-AzCodeSigningCIPolicySigning' # Variables to export from this module diff --git a/src/CodeSigning/CodeSigning/ChangeLog.md b/src/CodeSigning/CodeSigning/ChangeLog.md index a91ea8baac12..445d7bfb98e0 100644 --- a/src/CodeSigning/CodeSigning/ChangeLog.md +++ b/src/CodeSigning/CodeSigning/ChangeLog.md @@ -19,6 +19,8 @@ --> ## Upcoming Release * Upgraded Azure.Core to 1.44.1. +* Upgraded to rebranded package Azure.Developer.TrustedSigning.CryptoProvider. +* Upgraded to updated Azure.Codesigning.Sdk. ## Version 0.2.0 * Added `Get-AzCodeSigningCertChain` cmdlet to retrieve the certificate chain for a certificate profile. diff --git a/src/CodeSigning/CodeSigning/CodeSigning.csproj b/src/CodeSigning/CodeSigning/CodeSigning.csproj index 445f0de0cd8c..1d01f24646b4 100644 --- a/src/CodeSigning/CodeSigning/CodeSigning.csproj +++ b/src/CodeSigning/CodeSigning/CodeSigning.csproj @@ -23,8 +23,8 @@ - - + + diff --git a/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs b/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs index fc4b1bc8ecc9..08a228d69a8c 100644 --- a/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs +++ b/src/CodeSigning/CodeSigning/Commands/InvokeCIPolicySigning.cs @@ -140,7 +140,7 @@ private void WriteMessage(string message) private void ValidateFileType(string fullInPath) { - if (System.IO.Path.GetExtension(fullInPath).ToLower() == ".bin") + if (string.Equals(System.IO.Path.GetExtension(fullInPath), ".bin", StringComparison.OrdinalIgnoreCase)) { WriteMessage(Environment.NewLine); WriteMessage("CI Policy file submitted"); diff --git a/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs b/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs index 954198a30c49..04aaaa00853b 100644 --- a/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs +++ b/src/CodeSigning/CodeSigning/Helpers/CmsSigner.cs @@ -12,7 +12,7 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Azure.CodeSigning.Client.CryptoProvider; +using Azure.Developer.TrustedSigning.CryptoProvider; using Azure.Core; using System; using System.IO; @@ -33,10 +33,10 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c { try { - var context = new AzCodeSignContext(tokenCred, accountName, certProfile, endpointUrl); + var context = new AzSignContext(tokenCred, accountName, certProfile, new Uri(endpointUrl)); - var cert = context.InitializeChainAsync().Result; - RSA rsa = new RSAAzCodeSign(context); + var cert = context.GetSigningCertificate(); + RSA rsa = new RSAAzSign(context); var cipolicy = File.ReadAllBytes(unsignedCIFilePath); var cmscontent = new ContentInfo(new Oid("1.3.6.1.4.1.311.79.1"), cipolicy); @@ -84,7 +84,7 @@ public void SignCIPolicy(TokenCredential tokenCred, string accountName, string c retry--; if (retry == 0 || ex.Message == "Input TimeStamperUrl is not valid Uri. Please check.") { - throw ex; + throw; } } } diff --git a/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs b/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs index 4c5891c507b2..64c7a28cb08f 100644 --- a/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs +++ b/src/CodeSigning/CodeSigning/Models/CodeSigningServiceClient.cs @@ -78,7 +78,8 @@ public string[] GetCodeSigningEku(string accountName, string profileName, string GetCertificateProfileClient(endpoint); var eku = CertificateProfileClient.GetSignEku(accountName, profileName); - return eku.Value?.ToArray(); + + return eku.Value?.Distinct().ToArray(); } public string[] GetCodeSigningEku(string metadataPath) {