Bug 3897 - The X509Certificate2Collection.Find method doesn't work correctly with FindBySubjectName
Summary: The X509Certificate2Collection.Find method doesn't work correctly with FindBy...
Status: RESOLVED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: System ()
Version: master
Hardware: PC Linux
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-03-14 12:08 UTC by David Ferguson
Modified: 2012-03-23 11:53 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Unit test that passes on Windows and with the proposed fix. Fails on runtime without fix. (2.65 KB, text/plain)
2012-03-15 12:36 UTC, David Ferguson
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description David Ferguson 2012-03-14 12:08:52 UTC
According to the MS documentation, FindBySubjectName looks in the subject to see if it contains the passed in string:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509findtype.aspx

Suppose a X509Certificate2 has a subject name similar to:

O=Root, CN=MY_CN, T=MY_CERTIFICATE

In the current code, the .Find is executing the following code when passed the FindBySubjectName enumeration (with x being a X509Certificate2 object):

string sname = x.GetNameInfo (X509NameType.SimpleName, false);
value_match = (sname.IndexOf (str, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;

When testing GetNameInfo (X509Type.SimpleName, false) on Windows with the above subject, "MY_CN" is returned.  This is also the case on Mono.  However, if you execute the find method and pass in "MY_CERTIFICATE", Mono will not match because it uses the simple name returned from the method above.  .NET on Windows will match it.

I suggest a fix of the following code:

string sname = x.Subject;
value_match = (sname.IndexOf (str, StringComparison.InvariantCultureIgnoreCase) >= 0);
Comment 1 Sebastien Pouliot 2012-03-14 16:16:01 UTC
Could you please add a test case so:

* I can test it under Windows to confirm;

* I can add it to the unit test suite so it does not regress in the future

That will make it much quicker for me (and you ;-). Thanks
Comment 2 David Ferguson 2012-03-15 12:36:19 UTC
Created attachment 1521 [details]
Unit test that passes on Windows and with the proposed fix.  Fails on runtime without fix.
Comment 3 Sebastien Pouliot 2012-03-23 11:02:31 UTC
Thanks for the unit test. It will be added into our test suite.

Changing `GetNameInfo (X509NameType.SimpleName, false);` to `Subject` actually breaks another unit test. So the correct fix is likely a bit more complex.
Comment 4 Sebastien Pouliot 2012-03-23 11:53:44 UTC
It will now process every part of the subject name - but without the oid acronyms. Unit test updated to show this.

fixed in master: f805fe66edba3cc35e013c656f4c17ba7bf72481
mono-2-10: 28f09f89a236a74a7de1f4c90ac0a24a953014d8
thanks for the tests!