AWS Lambda, Net 7, Native AOT.: Failed to sign manifest

[eimantas]

I'm trying to deploy an AWS Lambda function that creates passes for me. However when testing a function with sample input I always get the following exception:

fail    Passbook.Generator.Exceptions.ManifestSigningException: Failed to sign manifest
---> System.Security.Cryptography.Asn1.AsnSerializationConstraintException: An instance of [Choice] type 'System.Security.Cryptography.Pkcs.Asn1.SignedAttributesSet' has no non-null fields.
at System.Security.Cryptography.Asn1.AsnSerializer.SerializeChoice(Type, Object, AsnWriter) + 0x160
at System.Security.Cryptography.Asn1.AsnSerializer.Serialize[T](T, AsnEncodingRules) + 0x65
at System.Security.Cryptography.Pkcs.CmsSigner.Sign(ReadOnlyMemory`1, String, Boolean, X509Certificate2Collection&) + 0x4ce
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner, Boolean) + 0x121
at Passbook.Generator.PassGenerator.SignManifestFile(PassGeneratorRequest request) + 0x14e

I got to it gradually by trial and error as provided runtime for AWS Lambda is rather constrained. I turned off trimming for Passbook.Generator assembly and checked whether all the data (certificates) is actually there as they are fetched from S3. All data is there and it seems that only the signing fails. I am actually stumped now as I am not very well versed in all things cryptography. I'd appreciate any pointers.

FWIW — I've used the flags described in README.md in case of cloud signing woes. No luck :(

[tomasmcguinness]

Hi,

Unfortunately, I have no experience with running this code on AWS Lambda. Does it work if you run locally with the certificates?

This might be a compatibility issues. I know that, for example, the signing code won't work on Mono. Perhaps this is a similar scenario?

[eimantas]

Decided to move away from lambda for now, so can't provide more info on this.