Bump to .NET 10. (#331)

Author: vcsjones

.github/workflows/pr.yml

@@ -17,7 +17,7 @@ jobs:
       name: Checkout
     - uses: actions/setup-dotnet@v5
       with:
-        dotnet-version: '8.0'
+        dotnet-version: '10.0'
     - run: dotnet test
 
   dependency-review:

Directory.Packages.props

@@ -3,12 +3,12 @@
     <PackageVersion Include="Azure.Identity" Version="1.17.0" />
     <PackageVersion Include="Azure.Security.KeyVault.Certificates" Version="4.8.0" />
     <PackageVersion Include="Azure.Security.KeyVault.Keys" Version="4.8.0" />
-    <PackageVersion Include="Microsoft.Extensions.FileSystemGlobbing" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.1" />
-    <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="8.0.1" />
+    <PackageVersion Include="Microsoft.Extensions.FileSystemGlobbing" Version="10.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="10.0.0" />
 
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.6" />
+    <PackageVersion Include="System.Text.Json" Version="10.0.0" />
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
 
     <PackageVersion Include="XenoAtom.CommandLine" Version="1.0.1" />

src/AzureSign.Core/AzureSign.Core.csproj

@@ -4,7 +4,6 @@
     <TargetFrameworks>netstandard2.0;net8.0</TargetFrameworks>
     <Description>Authenticode signing library.</Description>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
-    <RuntimeIdentifiers>win-x64;win-arm64;win-x86</RuntimeIdentifiers>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <MinVerTagPrefix>v</MinVerTagPrefix>
     <Nullable>enable</Nullable>

src/AzureSignTool/AzureSignTool.csproj

@@ -2,11 +2,10 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
     <PackAsTool>true</PackAsTool>
     <ToolCommandName>azuresigntool</ToolCommandName>
     <Description>Azure Sign Tool is similar to signtool in the Windows SDK, with the major difference being that it uses Azure Key Vault for performing the signing process. The usage is like signtool, except with a limited set of options for signing and options for authenticating to Azure Key Vault.</Description>
-    <RuntimeIdentifiers>win-x64;win-arm64;win-x86</RuntimeIdentifiers>
     <MinVerTagPrefix>v</MinVerTagPrefix>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <PublishAot Condition="$(RuntimeIdentifier.EndsWith('64'))">true</PublishAot>

src/AzureSignTool/KeyVaultConfigurationDiscoverer.cs

@@ -64,7 +64,7 @@ public async Task<ErrorOr<AzureKeyVaultMaterializedConfiguration>> Materialize(A
                 }
                 _logger.LogTrace($"Retrieved certificate with Id {azureCertificate.Id}.");
 
-                certificate = new X509Certificate2(azureCertificate.Cer);
+                certificate = X509CertificateLoader.LoadCertificate(azureCertificate.Cer);
             }
             catch (Exception e)
             {

src/AzureSignTool/Program.cs

@@ -563,7 +563,7 @@ private static ErrorOr<X509Certificate2Collection> GetAdditionalCertificates(IEn
                         case X509ContentType.Cert:
                         case X509ContentType.Authenticode:
                         case X509ContentType.SerializedCert:
-                            var certificate = new X509Certificate2(path);
+                            var certificate = X509CertificateLoader.LoadCertificateFromFile(path);
                             logger.LogTrace("Including additional certificate {thumbprint}.", certificate.Thumbprint);
                             collection.Add(certificate);
                             break;

test/AzureSign.Core.Tests/AuthenticodeKeyVaultSignerTests.cs

@@ -22,7 +22,7 @@ public AuthenticodeKeyVaultSignerTests()
         [MemberData(nameof(RsaCertificates))]
         public void ShouldSignExeWithRSASigningCertificates_Sha1FileDigest(string certificate)
         {
-            var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
+            var signingCert = X509CertificateLoader.LoadPkcs12FromFile(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
             var signer = new AuthenticodeKeyVaultSigner(signingCert.GetRSAPrivateKey(), signingCert, HashAlgorithmName.SHA1, TimeStampConfiguration.None);
             var fileToSign = GetFileToSign();
             var result = signer.SignFile(fileToSign, null, null, null);
@@ -40,7 +40,7 @@ public void ShouldSignExeWithRSASigningCertificates_Sha1FileDigest(string certif
         [MemberData(nameof(RsaCertificates))]
         public void ShouldSignExeWithRSASigningCertificates_Sha256FileDigest(string certificate)
         {
-            var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
+            var signingCert = X509CertificateLoader.LoadPkcs12FromFile(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
             var signer = new AuthenticodeKeyVaultSigner(signingCert.GetRSAPrivateKey(), signingCert, HashAlgorithmName.SHA256, TimeStampConfiguration.None);
             var fileToSign = GetFileToSign();
             var result = signer.SignFile(fileToSign, null, null, null);
@@ -59,7 +59,7 @@ public void ShouldSignExeWithRSASigningCertificates_Sha256FileDigest(string cert
         [MemberData(nameof(ECDsaCertificates))]
         public void ShouldSignExeWithECDsaSigningCertificates_Sha256FileDigest(string certificate)
         {
-            var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
+            var signingCert = X509CertificateLoader.LoadPkcs12FromFile(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
             var signer = new AuthenticodeKeyVaultSigner(signingCert.GetECDsaPrivateKey(), signingCert, HashAlgorithmName.SHA256, TimeStampConfiguration.None);
             var fileToSign = GetFileToSign();
             var result = signer.SignFile(fileToSign, null, null, null);
@@ -77,7 +77,7 @@ public void ShouldSignExeWithECDsaSigningCertificates_Sha256FileDigest(string ce
         [MemberData(nameof(ECDsaCertificates))]
         public void ShouldSignExeWithECDsaSigningCertificates_Sha256FileDigest_WithTimestamps(string certificate)
         {
-            var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
+            var signingCert = X509CertificateLoader.LoadPkcs12FromFile(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
             var timestampConfig = new TimeStampConfiguration("http://timestamp.digicert.com", HashAlgorithmName.SHA256, TimeStampType.RFC3161);
             var signer = new AuthenticodeKeyVaultSigner(signingCert.GetECDsaPrivateKey(), signingCert, HashAlgorithmName.SHA256, timestampConfig);
             var fileToSign = GetFileToSign();
@@ -97,7 +97,7 @@ public void ShouldSignExeWithECDsaSigningCertificates_Sha256FileDigest_WithTimes
         [MemberData(nameof(RsaCertificates))]
         public void ShouldSignExeWithRSASigningCertificates_Sha256FileDigest_WithTimestamps(string certificate)
         {
-            var signingCert = new X509Certificate2(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
+            var signingCert = X509CertificateLoader.LoadPkcs12FromFile(certificate, "test", X509KeyStorageFlags.EphemeralKeySet);
             var timestampConfig = new TimeStampConfiguration("http://timestamp.digicert.com", HashAlgorithmName.SHA256, TimeStampType.RFC3161);
             var signer = new AuthenticodeKeyVaultSigner(signingCert.GetRSAPrivateKey(), signingCert, HashAlgorithmName.SHA256, timestampConfig);
             var fileToSign = GetFileToSign();

test/AzureSign.Core.Tests/AzureSign.Core.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>

test/AzureSign.Core.Tests/MemoryCertificateStoreTests.cs

@@ -29,7 +29,7 @@ public void ShouldAddCertificate()
         {
             using (var store = MemoryCertificateStore.Create())
             {
-                using (var cert = new X509Certificate2("testcerts\\kevin_jones.cer"))
+                using (var cert = X509CertificateLoader.LoadCertificateFromFile("testcerts\\kevin_jones.cer"))
                 {
                     Assert.Empty(store.Certificates);
                     store.Add(cert);

test/AzureSignTool.Tests/AzureSignTool.Tests.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net8.0</TargetFrameworks>
+    <TargetFrameworks>net10.0</TargetFrameworks>
 
     <IsPackable>false</IsPackable>
   </PropertyGroup>