X509Certificate wrongly parsed the subject from the given raw data of certificate in MacOs

[shidouli]

Name Value

---

PSVersion 6.1.0-rc.1
PSEdition Core
GitCommitId 6.1.0-rc.1
OS Darwin 16.7.0 Darwin Kernel Version 16.7.0: Mon Nov 13 21:56:25 PST 2017; root:xnu-3789.72.11~1/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

X509Certificate2 x509Certificate = new X509Certificate2(certData); // certData is byte[]

In MacOS, the result of x509Certificate is as followed
PS /Users/administrator> $cert.Subject
OID.2.23.133.2.3=id:00020065, OID.2.23.133.2.2=, OID.2.23.133.2.1=id:564D5700

While in ubuntu or windows, the result is:
TPMVersion=id:00020065, TPMModel=, TPMManufacturer=id:564D5700

[filipnavara]

It would greatly help if you could actually attach the certificate data. It doesn't necessarily sound wrong to me, it just doesn't translate the OIDs to the nice names.

Note that recently we also dropped the OpenSSL -based X.500 name parsing, so the output should now be the same on macOS and Linux. I checked OpenSSL sources for any mention of "TPMVersion" and I could not find one, so I am a bit puzzled how would you get that output on Ubuntu.

[filipnavara]

Reduced test case:

using System;
using System.Security.Cryptography.X509Certificates;
					
public class Program
{
	public static void Main()
	{
		var n = new X500DistinguishedName("OID.2.23.133.2.3=id:00020065, OID.2.23.133.2.2=, OID.2.23.133.2.1=id:564D5700");
		var d = n.RawData;
		n = new X500DistinguishedName(d);
		Console.WriteLine(n.Decode(X500DistinguishedNameFlags.Reversed));
	}
}

On NetFX it prints:

TPMVersion=id:00020065, TPMModel="", TPMManufacturer=id:564D5700

[bartonjs]

Yeah, that's just a case of the system not providing us with OID mappings. (macOS doesn't provide any; on Linux we get some from OpenSSL)

If Windows doesn't localize the value differently across { en-US, ja-JP, es-ES } (or another CJK and another Latin) then we could add it to the static lookup table.

[shidouli]

Thanks filipnavara and bartonjs for following up this issue. Do you still need the raw data of the certificate?

[shidouli]

This issue also happens in Ubuntu, so it's an issue in powershell core.

[bartonjs]

It looks like Windows defines these three values as non-localized:

• 2.23.133.2.1 => "TPMManufacturer"
• 2.23.133.2.2 => "TPMModel"
• 2.23.133.2.3 => "TPMVersion"

These can therefore be added to the static lookup table (https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.Encoding/src/Internal/Cryptography/OidLookup.cs) without undue loss of generality.