Skip to content

Remove BouncyCastle, upgrade to .NET 10, fix bugs#102

Merged
andrei-m-code merged 2 commits intomasterfrom
remove-bouncycastle-upgrade-net10
Mar 23, 2026
Merged

Remove BouncyCastle, upgrade to .NET 10, fix bugs#102
andrei-m-code merged 2 commits intomasterfrom
remove-bouncycastle-upgrade-net10

Conversation

@andrei-m-code
Copy link
Copy Markdown
Owner

@andrei-m-code andrei-m-code commented Feb 25, 2026

Summary

BouncyCastle removal — replaced with built-in System.Security.Cryptography APIs:

  • ApnSender: replaced BouncyCastle PrivateKeyFactory + manual EC point multiplication with ECDsa.ImportPkcs8PrivateKey() (available since .NET Core 3.0)
  • FirebaseSender: replaced BouncyCastle PemReader + RsaDigestSigner with RSA.ImportFromPem() + RSA.SignData() (available since .NET 5)
  • Eliminates ~5MB transitive dependency

Upgrade to .NET 10 — target framework and CI/CD workflows updated.

Bug fixes included:

  • Fix Base64URL encoding in both ApnSender and FirebaseSender — was using plain Base64 instead of URL-safe Base64 (RFC 7617), which could produce malformed JWTs
  • Fix potential NullReferenceException in ApnSender error deserialization
  • Fix static token cache key collision — cache key now includes P8PrivateKeyId
  • Add deviceToken validation in ApnSender.SendAsync()
  • Propagate CancellationToken through FirebaseSender.GetJwtTokenAsync()
  • Remove infinite loop in CorePush.Tester
  • Remove unused System.IdentityModel.Tokens.Jwt dependency from tester

Test plan

  • Verify solution builds cleanly with 0 errors and 0 warnings
  • Test APN push notification sending with valid credentials
  • Test Firebase push notification sending with valid credentials
  • Verify JWT tokens are accepted by Apple and Google endpoints

@andrei-m-code
Remove BouncyCastle, upgrade to .NET 10, fix JWT and other issues
328f1a7 
- Replace BouncyCastle with built-in System.Security.Cryptography APIs
  - ApnSender: use ECDsa.ImportPkcs8PrivateKey for ECDSA signing
  - FirebaseSender: use RSA.ImportFromPem for RSA signing
- Upgrade target framework to .NET 10
- Fix Base64URL encoding in both senders (RFC 7617)
- Fix potential NullReferenceException in APN error handling
- Fix static token cache key collision by including key ID
- Add device token validation in ApnSender.SendAsync
- Propagate CancellationToken in FirebaseSender
- Update CI/CD workflows to .NET 10
- Remove infinite loop in CorePush.Tester
- Remove unused System.IdentityModel.Tokens.Jwt dependency
@andrei-m-code
Thread safety
899de97
@andrei-m-code andrei-m-code merged commit 71afc98 into master Mar 23, 2026
1 check passed
@andrei-m-code andrei-m-code deleted the remove-bouncycastle-upgrade-net10 branch March 23, 2026 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrei-m-code