From 7eef23d712599954e2c81f8fa2fbbe3d7df5aea8 Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Wed, 17 Jul 2024 21:02:47 +0300 Subject: [PATCH 1/7] Update code --- azure-pipelines-arcade-PR.yml | 8 ++++---- azure-pipelines-arcade.yml | 5 ++--- eng/SendToHelix.proj | 8 ++++---- .../CertificateGeneratorLibrary.cs | 7 +++++-- .../CertificateGeneratorLibrary/CertificateHelper.cs | 2 +- .../CertificateGeneratorLibrary/CertificateManager.cs | 7 +++++-- .../tools/IISHostedWcfService/App_code/TestHost.cs | 10 ++++++++-- 7 files changed, 29 insertions(+), 18 deletions(-) diff --git a/azure-pipelines-arcade-PR.yml b/azure-pipelines-arcade-PR.yml index f862d72e6ea6..40efaf079a52 100644 --- a/azure-pipelines-arcade-PR.yml +++ b/azure-pipelines-arcade-PR.yml @@ -32,7 +32,7 @@ variables: - name: _RunAsInternal value: false - name: _RunWithCoreWcfService - value: true + value: false - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: - name: _RunAsPublic @@ -128,6 +128,7 @@ stages: -projects $(Build.SourcesDirectory)/eng/SendToHelix.proj $(_TestArgs) /p:TestJob=Windows + /p:RunWithCoreWcfService=$(_RunWithCoreWcfService) /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog displayName: Windows - Run Helix Tests env: @@ -136,7 +137,6 @@ stages: XUnitWorkItemTimeout: $(_xUnitWorkItemTimeout) RunAsPublic: $(_RunAsPublic) RunAsInternal: $(_RunAsInternal) - RunWithCoreWcfService: $(_RunWithCoreWcfService) IsWindowsBuild: true # Only build and test Linux in PR and CI builds. @@ -190,6 +190,7 @@ stages: --projects $(Build.SourcesDirectory)/eng/SendToHelix.proj $(_TestArgs) /p:TestJob=Linux + /p:RunWithCoreWcfService=$(_RunWithCoreWcfService) /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog displayName: Linux - Run Helix Tests env: @@ -197,7 +198,6 @@ stages: ServiceHost: $(_serviceUri) RunAsPublic: $(_RunAsPublic) RunAsInternal: $(_RunAsInternal) - RunWithCoreWcfService: $(_RunWithCoreWcfService) IsWindowsBuild: false # Only build and test MacOS in PR and CI builds. @@ -250,6 +250,7 @@ stages: -projects $(Build.SourcesDirectory)/eng/SendToHelix.proj $(_TestArgs) /p:TestJob=MacOS + /p:RunWithCoreWcfService=$(_RunWithCoreWcfService) /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog displayName: MacOS - Run Helix Tests env: @@ -257,5 +258,4 @@ stages: ServiceHost: $(_serviceUri) RunAsPublic: $(_RunAsPublic) RunAsInternal: $(_RunAsInternal) - RunWithCoreWcfService: $(_RunWithCoreWcfService) IsWindowsBuild: false \ No newline at end of file diff --git a/azure-pipelines-arcade.yml b/azure-pipelines-arcade.yml index 30629f24f19f..93608eb37b49 100644 --- a/azure-pipelines-arcade.yml +++ b/azure-pipelines-arcade.yml @@ -25,7 +25,7 @@ variables: - name: _RunAsInternal value: true - name: _RunWithCoreWcfService - value: true + value: false - group: DotNet-Wcf-SDLValidation-Params resources: repositories: @@ -97,7 +97,7 @@ extends: clean: true - script: eng\common\cibuild.cmd -configuration $(_BuildConfig) -preparemachine $(_InternalBuildArgs) $(_TestArgs) /p:Test=false displayName: Windows Build / Publish - - powershell: eng\common\build.ps1 -configuration $(_BuildConfig) -preparemachine -ci -test -integrationTest -projects $(Build.SourcesDirectory)/eng/SendToHelix.proj $(_TestArgs) /p:TestJob=Windows /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog + - powershell: eng\common\build.ps1 -configuration $(_BuildConfig) -preparemachine -ci -test -integrationTest -projects $(Build.SourcesDirectory)/eng/SendToHelix.proj $(_TestArgs) /p:TestJob=Windows /p:RunWithCoreWcfService=$(_RunWithCoreWcfService) /bl:$(Build.SourcesDirectory)/artifacts/log/$(_BuildConfig)/SendToHelix.binlog displayName: Windows - Run Helix Tests env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) @@ -105,7 +105,6 @@ extends: XUnitWorkItemTimeout: $(_xUnitWorkItemTimeout) RunAsPublic: $(_RunAsPublic) RunAsInternal: $(_RunAsInternal) - RunWithCoreWcfService: $(_RunWithCoreWcfService) IsWindowsBuild: true - ${{ if eq(variables._RunAsInternal, True) }}: - template: /eng/common/templates-official/post-build/post-build.yml@self diff --git a/eng/SendToHelix.proj b/eng/SendToHelix.proj index 78ad194a2d6d..7a7f87fe72c0 100644 --- a/eng/SendToHelix.proj +++ b/eng/SendToHelix.proj @@ -16,7 +16,7 @@ $(AGENT_JOBNAME) true - + @@ -71,10 +71,10 @@ - false + false - - + + $(HelixPreCommands);chmod a+x $HELIX_CORRELATION_PAYLOAD/InstallRootCertificate.sh $(HelixPreCommands);sudo -E -n $HELIX_CORRELATION_PAYLOAD/InstallRootCertificate.sh --service-host $(ServiceHost) --cert-file /tmp/wcfrootca.crt diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGeneratorLibrary.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGeneratorLibrary.cs index c80d10bae19f..9e2210bf86fc 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGeneratorLibrary.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGeneratorLibrary.cs @@ -23,9 +23,12 @@ public class CertificateGeneratorLibrary private static void RemoveCertificatesFromStore(StoreName storeName, StoreLocation storeLocation) { X509Store store = CertificateHelper.GetX509Store(storeName, storeLocation); - Console.WriteLine(" Checking StoreName '{0}'", storeName); + Console.WriteLine(" Checking StoreName '{0}', StoreLocation '{1}'", storeName, store.Location); { - store.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived); + if (!CertificateHelper.CurrentOperatingSystem.IsMacOS()) + { + store.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived); + } foreach (var cert in store.Certificates.Find(X509FindType.FindByIssuerName, CertificateIssuer, false)) { diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs index 62549f50b25e..c16f556e5437 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs @@ -52,7 +52,7 @@ public static X509Store GetX509Store(StoreName storeName, StoreLocation storeLoc else if (CurrentOperatingSystem.IsMacOS()) { // MacOS SafeKeychainHandle - GetMacOSX509Store(); + store = GetMacOSX509Store(); } return store; } diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateManager.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateManager.cs index 6edd5e3dacfe..e3fc2c15089b 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateManager.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateManager.cs @@ -49,9 +49,12 @@ public static bool AddToStoreIfNeeded(StoreName storeName, StoreLocation storeLo try { store = CertificateHelper.GetX509Store(storeName, storeLocation); - + // We assume Bridge is running elevated - store.Open(OpenFlags.ReadWrite); + if (!CertificateHelper.CurrentOperatingSystem.IsMacOS()) + { + store.Open(OpenFlags.ReadWrite); + } existingCert = CertificateFromThumbprint(store, certificate.Thumbprint); if (existingCert == null) { diff --git a/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestHost.cs b/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestHost.cs index d3a8b2e92fed..0d2650da58d5 100644 --- a/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestHost.cs +++ b/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/TestHost.cs @@ -214,7 +214,10 @@ public static X509Certificate2 CertificateFromSubject(StoreName name, StoreLocat try { store = CertificateHelper.GetX509Store(name, location); - store.Open(OpenFlags.ReadOnly); + if (!store.IsOpen) + { + store.Open(OpenFlags.ReadOnly); + } X509Certificate2Collection foundCertificates = store.Certificates.Find(X509FindType.FindBySubjectName, subjectName, validOnly: true); return foundCertificates.Count == 0 ? null : foundCertificates[0]; } @@ -234,7 +237,10 @@ public static X509Certificate2 CertificateFromFriendlyName(StoreName name, Store try { store = CertificateHelper.GetX509Store(name, location); - store.Open(OpenFlags.ReadOnly); + if (!store.IsOpen) + { + store.Open(OpenFlags.ReadOnly); + } X509Certificate2Collection foundCertificates = store.Certificates.Find(X509FindType.FindByIssuerName, "DO_NOT_TRUST_WcfBridgeRootCA", false); string friendlyNameHash = CertificateGenerator.HashFriendlyNameToString(friendlyName); From cdc49278bed59837a4eae583cd6bb6c4398b98d1 Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Tue, 30 Jul 2024 10:11:24 +0300 Subject: [PATCH 2/7] update MacOS cert options --- eng/SendToHelix.proj | 6 +++--- .../CertificateGeneratorLibrary/CertificateGenerator.cs | 9 ++++++++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/eng/SendToHelix.proj b/eng/SendToHelix.proj index 7a7f87fe72c0..a2ab9ba081ff 100644 --- a/eng/SendToHelix.proj +++ b/eng/SendToHelix.proj @@ -74,12 +74,12 @@ false - + $(HelixPreCommands);chmod a+x $HELIX_CORRELATION_PAYLOAD/InstallRootCertificate.sh $(HelixPreCommands);sudo -E -n $HELIX_CORRELATION_PAYLOAD/InstallRootCertificate.sh --service-host $(ServiceHost) --cert-file /tmp/wcfrootca.crt - + $(HelixPreCommands);set PATH=%HELIX_CORRELATION_PAYLOAD%\dotnet-cli%3B%PATH% $(HelixPreCommands);set DOTNET_ROOT=%HELIX_CORRELATION_PAYLOAD%\dotnet-cli;set DOTNET_CLI_TELEMETRY_OPTOUT=1 @@ -89,7 +89,7 @@ $(HelixPreCommands);%HELIX_CORRELATION_PAYLOAD%\SelfHostedCoreWCFService\$(Configuration)\net8.0\SelfHostedCoreWCFService bootstrap:true - + $(HelixPreCommands);export PATH=$HELIX_CORRELATION_PAYLOAD/dotnet-cli:$PATH $(HelixPreCommands);export DOTNET_ROOT=$HELIX_CORRELATION_PAYLOAD/dotnet-cli;export DOTNET_CLI_TELEMETRY_OPTOUT=1 $(HelixPreCommands);export DOTNET_CLI_HOME=$HELIX_WORKITEM_ROOT/.dotnet diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index 5680c8a0e46f..5a6b4a6e8453 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -463,7 +463,14 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach { // Otherwise, allow encode with the private key. note that X509Certificate2.RawData will not provide the private key // you will have to re-export this cert if needed - outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); + if (CertificateHelper.CurrentOperatingSystem.IsMacOS()) + { + outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); + } + else + { + outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); + } } container.Subject = subject; From 1c6cba5405d40d0eba5983c0015d14875349c949 Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Tue, 13 Aug 2024 16:34:37 +0300 Subject: [PATCH 3/7] update MacOS store --- .../CertificateGenerator.cs | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index 5a6b4a6e8453..e69d0a6dc83d 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -452,7 +452,7 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach container.Pfx = stream.ToArray(); } - X509Certificate2 outputCert; + X509Certificate2 outputCert = null; if (isAuthority) { @@ -465,7 +465,22 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach // you will have to re-export this cert if needed if (CertificateHelper.CurrentOperatingSystem.IsMacOS()) { - outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable); + //X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(); + //System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = new System.Security.Cryptography.X509Certificates.X509Store(); + //MacOsTempStore.Add(new X509Certificate2(cert.GetEncoded())); + + var MacOsTempCertCollection = new System.Security.Cryptography.X509Certificates.X509Certificate2Collection(); + MacOsTempCertCollection.Import(cert.GetEncoded(), _password, X509KeyStorageFlags.Exportable); + + foreach (X509Certificate2 certificate in MacOsTempCertCollection) + { + if (certificate.SerialNumber == cert.SerialNumber.ToString(16).ToUpper()) + { + outputCert = certificate; + Console.WriteLine("Found Certificate.."); + break; + } + } } else { From 1c71fecedda2d9fd123dc4fc24c4b60bce87554d Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Wed, 14 Aug 2024 22:44:53 +0300 Subject: [PATCH 4/7] update MacOS store --- .../CertificateGenerator.cs | 22 +++++++------------ .../CertificateHelper.cs | 13 +++++++---- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index e69d0a6dc83d..05f23145763b 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -465,21 +465,15 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach // you will have to re-export this cert if needed if (CertificateHelper.CurrentOperatingSystem.IsMacOS()) { - //X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(); - //System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = new System.Security.Cryptography.X509Certificates.X509Store(); - //MacOsTempStore.Add(new X509Certificate2(cert.GetEncoded())); + string tempKeychainFilePath = Path.GetTempFileName(); + System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(tempKeychainFilePath); + MacOsTempStore.Certificates.Import(container.Pfx, _password, X509KeyStorageFlags.Exportable); + outputCert = ((IEnumerable)MacOsTempStore.Certificates.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber, + cert.SerialNumber.ToString(16).ToUpper(), false)).FirstOrDefault(); - var MacOsTempCertCollection = new System.Security.Cryptography.X509Certificates.X509Certificate2Collection(); - MacOsTempCertCollection.Import(cert.GetEncoded(), _password, X509KeyStorageFlags.Exportable); - - foreach (X509Certificate2 certificate in MacOsTempCertCollection) - { - if (certificate.SerialNumber == cert.SerialNumber.ToString(16).ToUpper()) - { - outputCert = certificate; - Console.WriteLine("Found Certificate.."); - break; - } + if (outputCert == null) + { + Console.WriteLine("Couldn't find Certificate.."); } } else diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs index c16f556e5437..01a441ccc35d 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs @@ -62,16 +62,21 @@ public static X509Store GetX509Store(StoreName storeName, StoreLocation storeLoc internal static string OSXCustomKeychainPassword => "WCFKeychainFilePassword"; [MethodImpl(MethodImplOptions.NoInlining)] - public static X509Store GetMacOSX509Store() + public static X509Store GetMacOSX509Store(string storeFileName = null) { + if (storeFileName == null) + { + storeFileName = OSXCustomKeychainFilePath; + } + SafeKeychainHandle keychain; - if (!File.Exists(OSXCustomKeychainFilePath)) + if (!File.Exists(storeFileName)) { - keychain = SafeKeychainHandle.Create(OSXCustomKeychainFilePath, OSXCustomKeychainPassword); + keychain = SafeKeychainHandle.Create(storeFileName, OSXCustomKeychainPassword); } else { - keychain = SafeKeychainHandle.Open(OSXCustomKeychainFilePath, OSXCustomKeychainPassword); + keychain = SafeKeychainHandle.Open(storeFileName, OSXCustomKeychainPassword); } if (keychain.IsInvalid) From fb8dcc4e96b18f9054b7a94245fc5b5a6e274d1e Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Fri, 16 Aug 2024 17:51:12 +0300 Subject: [PATCH 5/7] update MacOS cert --- .../CertificateGenerator.cs | 9 ++++++++- .../CertificateGeneratorLibrary/CertificateHelper.cs | 12 ++++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index 05f23145763b..8da66fd37206 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -465,7 +465,8 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach // you will have to re-export this cert if needed if (CertificateHelper.CurrentOperatingSystem.IsMacOS()) { - string tempKeychainFilePath = Path.GetTempFileName(); + //string tempKeychainFilePath = Path.GetTempFileName(); + string tempKeychainFilePath = Path.Combine(Environment.CurrentDirectory, Path.GetRandomFileName()); System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(tempKeychainFilePath); MacOsTempStore.Certificates.Import(container.Pfx, _password, X509KeyStorageFlags.Exportable); outputCert = ((IEnumerable)MacOsTempStore.Certificates.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber, @@ -475,6 +476,12 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach { Console.WriteLine("Couldn't find Certificate.."); } + + MacOsTempStore.Dispose(); + if (File.Exists(tempKeychainFilePath)) + { + File.Delete(tempKeychainFilePath); + } } else { diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs index 01a441ccc35d..81aa53ba69d2 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateHelper.cs @@ -62,21 +62,21 @@ public static X509Store GetX509Store(StoreName storeName, StoreLocation storeLoc internal static string OSXCustomKeychainPassword => "WCFKeychainFilePassword"; [MethodImpl(MethodImplOptions.NoInlining)] - public static X509Store GetMacOSX509Store(string storeFileName = null) + public static X509Store GetMacOSX509Store(string storeFilePath = null) { - if (storeFileName == null) + if (storeFilePath == null) { - storeFileName = OSXCustomKeychainFilePath; + storeFilePath = OSXCustomKeychainFilePath; } SafeKeychainHandle keychain; - if (!File.Exists(storeFileName)) + if (!File.Exists(storeFilePath)) { - keychain = SafeKeychainHandle.Create(storeFileName, OSXCustomKeychainPassword); + keychain = SafeKeychainHandle.Create(storeFilePath, OSXCustomKeychainPassword); } else { - keychain = SafeKeychainHandle.Open(storeFileName, OSXCustomKeychainPassword); + keychain = SafeKeychainHandle.Open(storeFilePath, OSXCustomKeychainPassword); } if (keychain.IsInvalid) From 389094a6066d41d3dc3e1a0da83528bc567c5e2c Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Sat, 17 Aug 2024 01:11:31 +0300 Subject: [PATCH 6/7] update --- .../CertificateGeneratorLibrary/CertificateGenerator.cs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index 8da66fd37206..7c47e293a1b2 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -469,8 +469,7 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach string tempKeychainFilePath = Path.Combine(Environment.CurrentDirectory, Path.GetRandomFileName()); System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(tempKeychainFilePath); MacOsTempStore.Certificates.Import(container.Pfx, _password, X509KeyStorageFlags.Exportable); - outputCert = ((IEnumerable)MacOsTempStore.Certificates.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindBySerialNumber, - cert.SerialNumber.ToString(16).ToUpper(), false)).FirstOrDefault(); + outputCert = ((IEnumerable)MacOsTempStore.Certificates).FirstOrDefault(); if (outputCert == null) { From 8a506aae6de8384bfb65d385d2ae281e53197056 Mon Sep 17 00:00:00 2001 From: Ahmed Afifi Date: Thu, 22 Aug 2024 21:39:09 +0300 Subject: [PATCH 7/7] update MacOS cert store --- .../CertificateGeneratorLibrary/CertificateGenerator.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs index 7c47e293a1b2..3c18c6551f3e 100644 --- a/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs +++ b/src/System.Private.ServiceModel/tools/CertificateGenerator/CertificateGeneratorLibrary/CertificateGenerator.cs @@ -469,6 +469,11 @@ private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMach string tempKeychainFilePath = Path.Combine(Environment.CurrentDirectory, Path.GetRandomFileName()); System.Security.Cryptography.X509Certificates.X509Store MacOsTempStore = CertificateHelper.GetMacOSX509Store(tempKeychainFilePath); MacOsTempStore.Certificates.Import(container.Pfx, _password, X509KeyStorageFlags.Exportable); + MacOsTempStore.Close(); + MacOsTempStore.Dispose(); + + MacOsTempStore = CertificateHelper.GetMacOSX509Store(tempKeychainFilePath); + outputCert = ((IEnumerable)MacOsTempStore.Certificates).FirstOrDefault(); if (outputCert == null)