From b12c90179f115f9b7979263da529921607412f6d Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Thu, 20 Feb 2020 16:06:41 -0500 Subject: [PATCH] Permit incorrectly DER sorted SET for decoding X500 names. (#32604) * Permit incorrectly DER sorted SET for decoding X500 names. * Add comment to explain. --- .../Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs | 4 +++- .../tests/X500DistinguishedNameTests.cs | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs index 334a2ae..877762e 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs @@ -29,7 +29,9 @@ namespace Internal.Cryptography.Pal while (x500NameSequenceReader.HasData) { - rdnReaders.Add(x500NameSequenceReader.ReadSetOf()); + // To match Windows' behavior, permit multi-value RDN SETs to not + // be DER sorted. + rdnReaders.Add(x500NameSequenceReader.ReadSetOf(skipSortOrderValidation: true)); } // We need to allocate a StringBuilder to hold the data as we're building it, and there's the usual diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs index 8981849..ce47e67 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs @@ -201,6 +201,15 @@ namespace System.Security.Cryptography.X509Certificates.Tests Assert.Equal("OID.1.1.1.2.2.3=123 654 7890, CN=Test", dn.Decode(X500DistinguishedNameFlags.None)); } + [Fact] + public static void OrganizationUnitMultiValueWithIncorrectlySortedDerSet() + { + X500DistinguishedName dn = new X500DistinguishedName( + "301C311A300B060355040B13047A7A7A7A300B060355040B130461616161".HexToByteArray()); + + Assert.Equal("OU=zzzz + OU=aaaa", dn.Decode(X500DistinguishedNameFlags.None)); + } + public static readonly object[][] WhitespaceBeforeCases = { // Regular space. -- 2.7.4