Skip to content

[HTTPS] Update certificate strategy for Mac OS #20022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 16, 2020
Merged

[HTTPS] Update certificate strategy for Mac OS #20022

merged 6 commits into from
Apr 16, 2020

Conversation

javiercn
Copy link
Member

@javiercn javiercn commented Mar 20, 2020
edited
Loading

After Mac OS Catalina started requiring notarized installers/packages we had to do a fix to allow the ASP.NET Core certificate to be accessible from dotnet apps.
Turns out that the command that we were running to make this doesn't work all the time, (and at this point, we don't want to pursue that strategy anymore) and that we wanted to go with a new approach for 5.0.

Given that we are having issues after the patch (we've given customers a workaround) we want to get this in early on 5.0 so that we can make sure it doesn't cause issues on customers machines and then, based on that update 3.1 to follow the new approach.

The changes here also include improvements for the tool that were long due and that were making the code brittle and hard to modify.

  • Revamps the HTTPS developer certificate tool implementation.
    • It accumulated a lot of cruft during the past few years and that has made making changes harder.
  • Separated the CertificateManager implementation into different classes per platform.
    • This centralizes the decision point of choosing a platform in a single place.
    • Makes clear what the flow is for a given platform.
    • Isolates changes needed for a given platform in the future.
  • Moved CertificateManager to a singleton
    • No more statics!
  • Updates logging to use EventSource
    • We didn't have a good way of performing logging as the code is shared and must run in multiple contexts and the set of dependencies need to be kept to a minimum.
    • Adding ETW allow us to log/monitor the the tool execution and capture the logs with dotnet trace without having to invent our own logging.
    • We can decide to write an EventListener in dotnet-dev-certs to write the results to the console output.
  • Updates the way we handle the dev-cert in Mac OS to use the security tool to import the certificate into the store instead of using the certificate store.

The new experience for Mac OS is shown below:

  • Running an application for the first time after the certificate was created by the dotnet new experience:
    image
  • Running dotnet dev-certs https for the first time after the first run experience
    image
  • Running from VS 4 Mac (we will have to adjust the messages)
    image
    image
    image
    image

@javiercn javiercn changed the title Javiercn/https mac os update 50 [HTTPS] Update certificate strategy for Mac OS Mar 20, 2020
@javiercn javiercn force-pushed the javiercn/https-mac-os-update-50 branch 4 times, most recently from 95d94e6 to cb39145 Compare March 20, 2020 12:36
@javiercn javiercn marked this pull request as ready for review March 20, 2020 13:55
@javiercn javiercn force-pushed the javiercn/https-mac-os-update-50 branch from 0607701 to c646883 Compare March 20, 2020 13:57
@javiercn javiercn removed the request for review from SteveSandersonMS March 20, 2020 15:28
Tratcher
Tratcher reviewed Mar 20, 2020
View reviewed changes
Tratcher
Tratcher reviewed Mar 20, 2020
View reviewed changes
@javiercn
Copy link
Member Author

/AzurePipelines run AspNetCore-ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

This was referenced Mar 23, 2020
Closed
Closed
Closed
@analogrelay analogrelay added this to the 5.0.0-preview3 milestone Mar 24, 2020
Tratcher
Tratcher approved these changes Mar 24, 2020
View reviewed changes
@shirhatti
Copy link
Contributor

@javiercn Are you blocked on this?

@javiercn javiercn force-pushed the javiercn/https-mac-os-update-50 branch from e76034f to 2837991 Compare April 13, 2020 11:29
@javiercn javiercn requested a review from dougbu as a code owner April 13, 2020 11:29
@javiercn
Copy link
Member Author

@javiercn Are you blocked on this?

I was running into some issues and had other blazor related deadlines to meet, I'm looking to see if I can get this merged today once I resolve the test issues.

@javiercn javiercn changed the base branch from master to release/5.0-preview3 April 13, 2020 12:34
javiercn added 3 commits April 13, 2020 10:44
@javiercn
Fixes and improvements for dotnet-dev-certs:
d85d8ab 
* Revamps the HTTPS developer certificate tool implementation.
  * It accumulated a lot of cruft during the past few years and that has made making changes harder.
* Separated the CertificateManager implementation into different classes per platform.
  * This centralizes the decision point of choosing a platform in a single place.
  * Makes clear what the flow is for a given platform.
  * Isolates changes needed for a given platform in the future.
* Moved CertificateManager to a singleton
  * No more statics!
* Updates logging to use EventSource
  * We didn't have a good way of performing logging as the code is shared and must run in multiple contexts and the set of dependencies need to be kept to a minimum.
  * Adding ETW allow us to log/monitor the the tool execution and capture the logs with `dotnet trace` without having to invent our own logging.
  * We can decide to write an EventListener in `dotnet-dev-certs` to write the results to the console output.
* Updates the way we handle the dev-cert in Mac OS to use the security tool to import the certificate into the store instead of using the certificate store.
@javiercn
Cleanups
2ac9a70
@javiercn
Fix tests
0794e88
@javiercn javiercn force-pushed the javiercn/https-mac-os-update-50 branch from 8b3a17c to ae2f168 Compare April 13, 2020 17:45
@javiercn javiercn requested a review from BrennanConroy as a code owner April 13, 2020 17:45
@javiercn javiercn requested a review from a team April 13, 2020 17:45
@javiercn javiercn changed the base branch from release/5.0-preview3 to master April 13, 2020 17:54
@javiercn javiercn force-pushed the javiercn/https-mac-os-update-50 branch from ae2f168 to 79d9315 Compare April 13, 2020 17:56
@javiercn javiercn removed request for BrennanConroy and a team April 13, 2020 17:56
@javiercn
Copy link
Member Author

/AzurePipelines run AspNetCore-ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@javiercn
Copy link
Member Author

/AzurePipelines run AspNetCore-ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@BrennanConroy
Copy link
Member

Why do you keep rerunning this since you definitely have a broken test...

@javiercn
Copy link
Member Author

/AzurePipelines run AspNetCore-ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@javiercn
Copy link
Member Author

/AzurePipelines run AspNetCore-ci

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@javiercn javiercn merged commit 8e1e81a into master Apr 16, 2020
@javiercn javiercn deleted the javiercn/https-mac-os-update-50 branch April 16, 2020 20:52
@javiercn javiercn mentioned this pull request Apr 17, 2020
Closed
@jaredpar jaredpar mentioned this pull request Apr 21, 2020
Closed
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tratcher Tratcher Tratcher approved these changes

@jkotalik jkotalik Awaiting requested review from jkotalik

Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Milestone
5.0.0-preview4
Development

Successfully merging this pull request may close these issues.
8 participants
@javiercn @shirhatti @BrennanConroy @Tratcher @analogrelay @pranavkm @Pilchie @amcasey