Skip to content

Commit

Permalink
Fix KeyInfoX509Data encoding negative serial numbers.
Browse files Browse the repository at this point in the history 
.NET Framework treats the serial number from an X509Certificate as unsigned, and encodes the serial number as a positive integer. This changes the .NET Core implementation to encode the serial number in the same way.
  • Loading branch information
@vcsjones @matouskozak
vcsjones authored and matouskozak committed Apr 30, 2024
1 parent d88216d commit 2dddda9
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .../System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,15 @@ public void AddIssuerSerial(string issuerName, string serialNumber)
if (!BigInteger.TryParse(serialNumber, NumberStyles.AllowHexSpecifier, NumberFormatInfo.CurrentInfo, out h))
throw new ArgumentException(SR.Cryptography_Xml_InvalidX509IssuerSerialNumber, nameof(serialNumber));

// NetFx compat: .NET Framework treats the input as unsigned and we need to write down the X509SerialNumber
// as a positive number.
if (h < BigInteger.Zero)
{
byte[] bytes = h.ToByteArray();
Array.Resize(ref bytes, bytes.Length + 1);
h = new BigInteger(bytes);
}

_issuerSerials ??= new ArrayList();
_issuerSerials.Add(Utils.CreateX509IssuerSerial(issuerName, h.ToString()));
}
Expand Down
9 changes: 9 additions & 0 deletions src/libraries/System.Security.Cryptography.Xml/tests/KeyInfoX509DataTest.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,5 +335,14 @@ public void InvalidKeyNode3()
KeyInfoX509Data data1 = new KeyInfoX509Data();
Assert.Throws<CryptographicException>(() => data1.LoadXml(doc.DocumentElement));
}

[Fact]
public void AddIssuerSerial_NegativeSerial()
{
KeyInfoX509Data data = new KeyInfoX509Data();
data.AddIssuerSerial("CN=Vince", "FF");
X509IssuerSerial serial = (X509IssuerSerial)Assert.Single(data.IssuerSerials);
Assert.Equal("255", serial.SerialNumber);
}
}
}

0 comments on commit 2dddda9

Please sign in to comment.