ClientCertificateCredential doesn't support more than one cert in a file #5978

ahsonkhan · 2024-09-12T16:59:50Z

There is a couple of assumptions within the ClientCertificateCredential implementation being made:

Assuming there is only one cert in the file (and that is the signing cert).
Assuming the private key in the file is for the first cert.

In practice, these assumptions won't always hold. The parsing logic should be resilient to these, and these assumptions should be documented otherwise.

azure-sdk-for-cpp/sdk/identity/azure-identity/src/client_certificate_credential.cpp

Lines 232 to 240 in df6f5c9

    
           std::tuple<CertificateThumbprint, UniquePrivateKey> ReadPemCertificate(std::string const& path) 
        
           { 
        
             auto pemContent{FileBodyStream(path).ReadToEnd()}; 
        
             std::string pem{pemContent.begin(), pemContent.end()}; 
        
             pemContent = {}; 
        
             auto certContext = ImportPemCertificate(pem); 
        
             return std::make_tuple(GetThumbprint(certContext.get()), ImportPemPrivateKey(pem)); 
        
           }

ahsonkhan added bug This issue requires a change to an existing behavior in the product in order to be resolved. Azure.Identity labels Sep 12, 2024

ahsonkhan self-assigned this Sep 12, 2024

ahsonkhan added this to the 2024-10 milestone Sep 12, 2024

ahsonkhan modified the milestones: 2024-10, 2024-11 Oct 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ClientCertificateCredential doesn't support more than one cert in a file #5978

ClientCertificateCredential doesn't support more than one cert in a file #5978

ahsonkhan commented Sep 12, 2024

ClientCertificateCredential doesn't support more than one cert in a file #5978

ClientCertificateCredential doesn't support more than one cert in a file #5978

Comments

ahsonkhan commented Sep 12, 2024