Merge pull request #134 from microsoft/user/elantigua/print-exception

elantiguamsft · web-flow · commit dee3d1095cb2 · 2025-07-18T10:40:50.000-07:00
BugFix: Include Exception in Verbose Out
diff --git a/CoseHandler/ValidationResult.cs b/CoseHandler/ValidationResult.cs
@@ -129,7 +129,7 @@ public readonly string ToString(bool verbose = false, bool showCertDetails = fal
                 : string.Empty;
 
         // Do the same for exceptions.
-        List<Exception>? innerExceptions = allIncludes?.Where(e => e.GetType() == typeof(Exception)).Cast<Exception>().ToList();
+        List<Exception>? innerExceptions = allIncludes?.Where(e => e.GetType().IsSubclassOf(typeof(Exception))).Cast<Exception>().ToList();
         string exceptionBlock =
             innerExceptions?.Count > 0
                 ? $"Exceptions:{newline}{string.Join(newline + tab, innerExceptions.Select(e => $"{e.GetType()}: {e.Message}"))}"
diff --git a/CoseSignTool.Tests/ValidateCommandTests.cs b/CoseSignTool.Tests/ValidateCommandTests.cs
@@ -149,6 +149,35 @@ public void ValidateSucceedsWithRootPassedIn()
         result.ToString(true).Should().Contain("Detached");
     }
 
+    /// <summary>
+    /// Validates that signatures made from "untrusted" chains are accepted when root is passed in as trusted
+    /// </summary>
+    [TestMethod]
+    public void ValidateFailsWithWrongCommonName()
+    {
+        string payloadFilePath = FileSystemUtils.GeneratePayloadFile();
+        FileInfo payloadFile = new(payloadFilePath);
+        string sigFilePath = $"{payloadFilePath}.cose";
+        FileInfo sigFile = new(sigFilePath);
+
+        // sign detached
+        CoseHandler.Sign(File.ReadAllBytes(payloadFilePath), new X509Certificate2CoseSigningKeyProvider(null, Leaf1Priv, [Int1Priv]), false, sigFile);
+
+        string commonName = $"CN={Guid.NewGuid()}";
+
+        var validator = new ValidateCommand();
+        var result = validator.RunCoseHandlerCommand(
+            sigFile.OpenRead(),
+            payloadFile,
+            [Root1Priv],
+            X509RevocationMode.NoCheck,
+            commonName);
+
+        result.Success.Should().BeFalse();
+        result.ContentValidationType.Should().Be(ContentValidationType.ContentValidationNotPerformed);
+        result.ToString(true).Should().Contain(commonName);
+    }
+
     /// <summary>
     /// Validates that modified payloads are rejected
     /// </summary>
