diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs index 6ed0734deaa635625f07814b14c7e85c75a3e22f..e61ba53f9359b32b04f4ec60d64412952cfb7e42 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs @@ -6,6 +6,7 @@ using System.Collections.Generic; using System.Linq; using System.Security.Cryptography.X509Certificates; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.X509Certificates.Tests @@ -18,7 +19,7 @@ public class PfxIterationCountTests_CustomAppDomainDataLimit [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = iterationCount; _ = blob; @@ -28,6 +29,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2); @@ -41,7 +47,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = iterationCount; @@ -52,6 +58,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2); @@ -65,7 +76,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = iterationCount; _ = blob; @@ -75,6 +86,11 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", 0); @@ -88,7 +104,7 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = blob; @@ -99,6 +115,11 @@ public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefault throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppDomain.CurrentDomain.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -1); diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs index 18ab1381a026f7906c50ee875ad244491dc34c62..234ec5bf3e6224318e11e37d5a32082f8a29d261 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs @@ -22,13 +22,18 @@ public abstract partial class PfxIterationCountTests [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData))] - public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported) { throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations)) { X509Certificate cert = Import(blob); @@ -38,7 +43,7 @@ public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool uses [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))] - public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = iterationCount; @@ -48,19 +53,29 @@ public void Import_IterationCountLimitExceeded_Throws(string name, string passwo throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + CryptographicException ce = Assert.Throws(() => Import(blob)); Assert.Contains("2233907", ce.Message); } [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))] - public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported) { throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + using (TempFileHolder tempFile = new TempFileHolder(blob)) { string fileName = tempFile.FilePath; @@ -99,13 +114,18 @@ internal static void VerifyThrowsCryptoExButDoesNotThrowPfxWithoutPassword(Actio [ConditionalTheory] [MemberData(nameof(GetCertsWith_NonNullOrEmptyPassword_MemberData))] - public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported) { throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + CryptographicException ce = Assert.ThrowsAny(() => Import(blob)); if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations)) @@ -139,7 +159,7 @@ internal static List GetCertificates() certificates.Add(new PfxInfo( nameof(TestData.Pkcs12WindowsDotnetExportEmptyPassword), "", 6000, false, TestData.Pkcs12WindowsDotnetExportEmptyPassword.HexToByteArray())); certificates.Add(new PfxInfo( - nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated.HexToByteArray())); + nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated.HexToByteArray(), usesRC2: true)); certificates.Add(new PfxInfo( nameof(TestData.Pkcs12BuilderSaltWithMacNullPassword), null, 120000, true, TestData.Pkcs12BuilderSaltWithMacNullPassword.HexToByteArray())); certificates.Add(new PfxInfo( @@ -162,7 +182,7 @@ public static IEnumerable GetCertsWith_IterationCountNotExceedingDefau c => c.IterationCount <= DefaultIterationLimit && string.IsNullOrEmpty(c.Password))) { - yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } @@ -170,7 +190,7 @@ public static IEnumerable GetCertsWith_IterationCountExceedingDefaultL { foreach (PfxInfo p in s_Certificates.Where(c => c.IterationCount > DefaultIterationLimit)) { - yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } @@ -178,7 +198,7 @@ public static IEnumerable GetCertsWith_NonNullOrEmptyPassword_MemberDa { foreach(PfxInfo p in s_Certificates.Where(c => !string.IsNullOrEmpty(c.Password))) { - yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } } @@ -190,14 +210,16 @@ public class PfxInfo internal long IterationCount { get; set; } internal bool UsesPbes2 { get; set; } internal byte[] Blob { get; set; } + internal bool UsesRC2 { get; set; } - internal PfxInfo(string name, string? password, long iterationCount, bool usesPbes2, byte[] blob) + internal PfxInfo(string name, string password, long iterationCount, bool usesPbes2, byte[] blob, bool usesRC2 = false) { Name = name; Password = password; IterationCount = iterationCount; UsesPbes2 = usesPbes2; Blob = blob; + UsesRC2 = usesRC2; } } } diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs index f05849a64eb462a65f3d35ea1d2fa5fe7049197b..3c1669aa36573b7005912d6573271a9300028008 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs @@ -465,7 +465,7 @@ public static void CollectionPerphemeralImport_HasKeyName() [ConditionalTheory] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount) + public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount, bool usesRC2) { _ = iterationCount; @@ -477,6 +477,11 @@ public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob throw new SkipTestException(name + " uses PBES2 which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + try { long count = (long)target(blob);