Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
dotNET Platform
runtime
提交
21209de7
R
runtime
项目概览
dotNET Platform
/
runtime
大约 1 年 前同步成功
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
runtime
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
21209de7
编写于
7月 17, 2023
作者:
G
github-actions[bot]
提交者:
GitHub
7月 17, 2023
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Skip RC2 encrypted PKCS12 files on Android for iteration counting (#89020)
Co-authored-by:
N
Kevin Jones
<
kevin@vcsjones.com
>
上级
477ff99a
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
62 addition
and
14 deletion
+62
-14
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs
.../tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs
+25
-4
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs
...tography.X509Certificates/tests/PfxIterationCountTests.cs
+31
-9
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs
....Security.Cryptography.X509Certificates/tests/PfxTests.cs
+6
-1
未找到文件。
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.CustomAppDomainDataLimit.cs
浏览文件 @
21209de7
...
...
@@ -6,6 +6,7 @@
using
System.Collections.Generic
;
using
System.Linq
;
using
System.Security.Cryptography.X509Certificates
;
using
Test.Cryptography
;
using
Xunit
;
namespace
System.Security.Cryptography.X509Certificates.Tests
...
...
@@ -18,7 +19,7 @@ public class PfxIterationCountTests_CustomAppDomainDataLimit
[
ConditionalTheory
(
typeof
(
RemoteExecutor
),
nameof
(
RemoteExecutor
.
IsSupported
))]
[
MemberData
(
memberName
:
nameof
(
PfxIterationCountTests
.
GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData
),
MemberType
=
typeof
(
PfxIterationCountTests
))]
public
void
Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
_
=
iterationCount
;
_
=
blob
;
...
...
@@ -28,6 +29,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
RemoteExecutor
.
Invoke
((
certName
)
=>
{
AppDomain
.
CurrentDomain
.
SetData
(
"System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit"
,
-
2
);
...
...
@@ -41,7 +47,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountNo
[
ConditionalTheory
(
typeof
(
RemoteExecutor
),
nameof
(
RemoteExecutor
.
IsSupported
))]
[
MemberData
(
memberName
:
nameof
(
PfxIterationCountTests
.
GetCertsWith_IterationCountExceedingDefaultLimit_MemberData
),
MemberType
=
typeof
(
PfxIterationCountTests
))]
public
void
Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
_
=
password
;
_
=
iterationCount
;
...
...
@@ -52,6 +58,11 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
RemoteExecutor
.
Invoke
((
certName
)
=>
{
AppDomain
.
CurrentDomain
.
SetData
(
"System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit"
,
-
2
);
...
...
@@ -65,7 +76,7 @@ public void Import_AppDomainDataWithValueTwo_ActsAsDefaultLimit_IterationCountLi
[
ConditionalTheory
(
typeof
(
RemoteExecutor
),
nameof
(
RemoteExecutor
.
IsSupported
))]
[
MemberData
(
memberName
:
nameof
(
PfxIterationCountTests
.
GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData
),
MemberType
=
typeof
(
PfxIterationCountTests
))]
public
void
Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
_
=
iterationCount
;
_
=
blob
;
...
...
@@ -75,6 +86,11 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
RemoteExecutor
.
Invoke
((
certName
)
=>
{
AppDomain
.
CurrentDomain
.
SetData
(
"System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit"
,
0
);
...
...
@@ -88,7 +104,7 @@ public void Import_AppDomainDataWithValueZero_IterationCountNotExceedingDefaultL
[
ConditionalTheory
(
typeof
(
RemoteExecutor
),
nameof
(
RemoteExecutor
.
IsSupported
))]
[
MemberData
(
memberName
:
nameof
(
PfxIterationCountTests
.
GetCertsWith_IterationCountExceedingDefaultLimit_MemberData
),
MemberType
=
typeof
(
PfxIterationCountTests
))]
public
void
Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefaultLimit
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
_
=
password
;
_
=
blob
;
...
...
@@ -99,6 +115,11 @@ public void Import_AppDomainDataWithValueMinusOne_IterationCountExceedingDefault
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
RemoteExecutor
.
Invoke
((
certName
)
=>
{
AppDomain
.
CurrentDomain
.
SetData
(
"System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit"
,
-
1
);
...
...
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxIterationCountTests.cs
浏览文件 @
21209de7
...
...
@@ -22,13 +22,18 @@ public abstract partial class PfxIterationCountTests
[
ConditionalTheory
]
[
MemberData
(
nameof
(
GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData
))]
public
void
Import_IterationCounLimitNotExceeded_Succeeds
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_IterationCounLimitNotExceeded_Succeeds
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
if
(
usesPbes2
&&
!
PfxTests
.
Pkcs12PBES2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
if
(
PfxTests
.
IsPkcs12IterationCountAllowed
(
iterationCount
,
PfxTests
.
DefaultIterations
))
{
X509Certificate
cert
=
Import
(
blob
);
...
...
@@ -38,7 +43,7 @@ public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool uses
[
ConditionalTheory
]
[
MemberData
(
nameof
(
GetCertsWith_IterationCountExceedingDefaultLimit_MemberData
))]
public
void
Import_IterationCountLimitExceeded_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_IterationCountLimitExceeded_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
_
=
password
;
_
=
iterationCount
;
...
...
@@ -48,19 +53,29 @@ public void Import_IterationCountLimitExceeded_Throws(string name, string passwo
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
CryptographicException
ce
=
Assert
.
Throws
<
CryptographicException
>(()
=>
Import
(
blob
));
Assert
.
Contains
(
"2233907"
,
ce
.
Message
);
}
[
ConditionalTheory
]
[
MemberData
(
nameof
(
GetCertsWith_IterationCountExceedingDefaultLimit_MemberData
))]
public
void
ImportWithPasswordOrFileName_IterationCountLimitExceeded
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
ImportWithPasswordOrFileName_IterationCountLimitExceeded
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
if
(
usesPbes2
&&
!
PfxTests
.
Pkcs12PBES2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
using
(
TempFileHolder
tempFile
=
new
TempFileHolder
(
blob
))
{
string
fileName
=
tempFile
.
FilePath
;
...
...
@@ -99,13 +114,18 @@ internal static void VerifyThrowsCryptoExButDoesNotThrowPfxWithoutPassword(Actio
[
ConditionalTheory
]
[
MemberData
(
nameof
(
GetCertsWith_NonNullOrEmptyPassword_MemberData
))]
public
void
Import_NonNullOrEmptyPasswordExpected_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
)
public
void
Import_NonNullOrEmptyPasswordExpected_Throws
(
string
name
,
string
password
,
bool
usesPbes2
,
byte
[]
blob
,
long
iterationCount
,
bool
usesRC2
)
{
if
(
usesPbes2
&&
!
PfxTests
.
Pkcs12PBES2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
CryptographicException
ce
=
Assert
.
ThrowsAny
<
CryptographicException
>(()
=>
Import
(
blob
));
if
(
PfxTests
.
IsPkcs12IterationCountAllowed
(
iterationCount
,
PfxTests
.
DefaultIterations
))
...
...
@@ -139,7 +159,7 @@ internal static List<PfxInfo> GetCertificates()
certificates
.
Add
(
new
PfxInfo
(
nameof
(
TestData
.
Pkcs12WindowsDotnetExportEmptyPassword
),
""
,
6000
,
false
,
TestData
.
Pkcs12WindowsDotnetExportEmptyPassword
.
HexToByteArray
()));
certificates
.
Add
(
new
PfxInfo
(
nameof
(
TestData
.
Pkcs12MacosKeychainCreated
),
null
,
4097
,
false
,
TestData
.
Pkcs12MacosKeychainCreated
.
HexToByteArray
()));
nameof
(
TestData
.
Pkcs12MacosKeychainCreated
),
null
,
4097
,
false
,
TestData
.
Pkcs12MacosKeychainCreated
.
HexToByteArray
()
,
usesRC2
:
true
));
certificates
.
Add
(
new
PfxInfo
(
nameof
(
TestData
.
Pkcs12BuilderSaltWithMacNullPassword
),
null
,
120000
,
true
,
TestData
.
Pkcs12BuilderSaltWithMacNullPassword
.
HexToByteArray
()));
certificates
.
Add
(
new
PfxInfo
(
...
...
@@ -162,7 +182,7 @@ public static IEnumerable<object[]> GetCertsWith_IterationCountNotExceedingDefau
c
=>
c
.
IterationCount
<=
DefaultIterationLimit
&&
string
.
IsNullOrEmpty
(
c
.
Password
)))
{
yield
return
new
object
[]
{
p
.
Name
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
};
yield
return
new
object
[]
{
p
.
Name
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
,
p
.
UsesRC2
};
}
}
...
...
@@ -170,7 +190,7 @@ public static IEnumerable<object[]> GetCertsWith_IterationCountExceedingDefaultL
{
foreach
(
PfxInfo
p
in
s_Certificates
.
Where
(
c
=>
c
.
IterationCount
>
DefaultIterationLimit
))
{
yield
return
new
object
[]
{
p
.
Name
,
p
.
Password
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
};
yield
return
new
object
[]
{
p
.
Name
,
p
.
Password
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
,
p
.
UsesRC2
};
}
}
...
...
@@ -178,7 +198,7 @@ public static IEnumerable<object[]> GetCertsWith_NonNullOrEmptyPassword_MemberDa
{
foreach
(
PfxInfo
p
in
s_Certificates
.
Where
(
c
=>
!
string
.
IsNullOrEmpty
(
c
.
Password
)))
{
yield
return
new
object
[]
{
p
.
Name
,
p
.
Password
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
};
yield
return
new
object
[]
{
p
.
Name
,
p
.
Password
,
p
.
UsesPbes2
,
p
.
Blob
,
p
.
IterationCount
,
p
.
UsesRC2
};
}
}
}
...
...
@@ -190,14 +210,16 @@ public class PfxInfo
internal
long
IterationCount
{
get
;
set
;
}
internal
bool
UsesPbes2
{
get
;
set
;
}
internal
byte
[]
Blob
{
get
;
set
;
}
internal
bool
UsesRC2
{
get
;
set
;
}
internal
PfxInfo
(
string
name
,
string
?
password
,
long
iterationCount
,
bool
usesPbes2
,
byte
[]
blob
)
internal
PfxInfo
(
string
name
,
string
password
,
long
iterationCount
,
bool
usesPbes2
,
byte
[]
blob
,
bool
usesRC2
=
false
)
{
Name
=
name
;
Password
=
password
;
IterationCount
=
iterationCount
;
UsesPbes2
=
usesPbes2
;
Blob
=
blob
;
UsesRC2
=
usesRC2
;
}
}
}
src/libraries/System.Security.Cryptography.X509Certificates/tests/PfxTests.cs
浏览文件 @
21209de7
...
...
@@ -465,7 +465,7 @@ public static void CollectionPerphemeralImport_HasKeyName()
[
ConditionalTheory
]
[
MemberData
(
memberName
:
nameof
(
PfxIterationCountTests
.
GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData
),
MemberType
=
typeof
(
PfxIterationCountTests
))]
public
static
void
TestIterationCounter
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
int
iterationCount
)
public
static
void
TestIterationCounter
(
string
name
,
bool
usesPbes2
,
byte
[]
blob
,
int
iterationCount
,
bool
usesRC2
)
{
_
=
iterationCount
;
...
...
@@ -477,6 +477,11 @@ public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob
throw
new
SkipTestException
(
name
+
" uses PBES2 which is not supported on this version."
);
}
if
(
usesRC2
&&
!
PlatformSupport
.
IsRC2Supported
)
{
throw
new
SkipTestException
(
name
+
" uses RC2, which is not supported on this platform."
);
}
try
{
long
count
=
(
long
)
target
(
blob
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录