Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
dotNET Platform
runtime
提交
eb82f7f9
R
runtime
项目概览
dotNET Platform
/
runtime
11 个月 前同步成功
通知
1
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
runtime
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
eb82f7f9
编写于
8月 16, 2022
作者:
T
Tom Deseyn
提交者:
GitHub
8月 15, 2022
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
X509Certificates.Tests: make tests pass when sha1 cert signatures are not supported
Co-authored-by:
N
Jeremy Barton
<
jbarton@microsoft.com
>
上级
86f1fb55
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
33 addition
and
6 deletion
+33
-6
src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
...ecurity.Cryptography.X509Certificates/tests/ChainTests.cs
+8
-3
src/libraries/System.Security.Cryptography.X509Certificates/tests/PublicKeyTests.cs
...ity.Cryptography.X509Certificates/tests/PublicKeyTests.cs
+1
-1
src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs
...tificates/tests/RevocationTests/DynamicRevocationTests.cs
+2
-2
src/libraries/System.Security.Cryptography.X509Certificates/tests/SignatureSupport.cs
...y.Cryptography.X509Certificates/tests/SignatureSupport.cs
+19
-0
src/libraries/System.Security.Cryptography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
...ystem.Security.Cryptography.X509Certificates.Tests.csproj
+3
-0
未找到文件。
src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
浏览文件 @
eb82f7f9
...
...
@@ -168,7 +168,7 @@ public static void TestDispose()
Assert
.
Equal
(
IntPtr
.
Zero
,
chain
.
ChainContext
);
}
[
Fact
]
[
ConditionalFact
(
typeof
(
SignatureSupport
),
nameof
(
SignatureSupport
.
SupportsX509Sha1Signatures
))
]
public
static
void
TestResetMethod
()
{
using
(
var
sampleCert
=
new
X509Certificate2
(
TestData
.
DssCer
))
...
...
@@ -312,7 +312,12 @@ public static IEnumerable<object[]> BuildChainCustomTrustStoreData()
if
(!
PlatformDetection
.
IsAndroid
)
{
// Android doesn't support an empty custom root
yield
return
new
object
[]
{
false
,
X509ChainStatusFlags
.
UntrustedRoot
,
BuildChainCustomTrustStoreTestArguments
.
TrustedIntermediateUntrustedRoot
};
X509ChainStatusFlags
flags
=
X509ChainStatusFlags
.
UntrustedRoot
;
if
(!
SignatureSupport
.
SupportsX509Sha1Signatures
)
{
flags
|=
X509ChainStatusFlags
.
NotSignatureValid
;
}
yield
return
new
object
[]
{
false
,
flags
,
BuildChainCustomTrustStoreTestArguments
.
TrustedIntermediateUntrustedRoot
};
}
yield
return
new
object
[]
{
true
,
X509ChainStatusFlags
.
NoError
,
BuildChainCustomTrustStoreTestArguments
.
UntrustedIntermediateTrustedRoot
};
...
...
@@ -557,7 +562,7 @@ public static void BuildChain_WithApplicationPolicy_NoMatch()
}
}
[
Fact
]
[
ConditionalFact
(
typeof
(
SignatureSupport
),
nameof
(
SignatureSupport
.
SupportsX509Sha1Signatures
))
]
public
static
void
BuildChain_WithCertificatePolicy_Match
()
{
using
(
var
cert
=
new
X509Certificate2
(
TestData
.
CertWithPolicies
))
...
...
src/libraries/System.Security.Cryptography.X509Certificates/tests/PublicKeyTests.cs
浏览文件 @
eb82f7f9
...
...
@@ -334,7 +334,7 @@ private static void VerifyKey_RSA(X509Certificate2 cert, RSA rsa)
Assert
.
Equal
(
expectedExponent
,
originalExponent
);
}
[
Fact
]
[
ConditionalFact
(
typeof
(
SignatureSupport
),
nameof
(
SignatureSupport
.
SupportsX509Sha1Signatures
))
]
public
static
void
TestKey_RSA384_ValidatesSignature
()
{
byte
[]
signature
=
...
...
src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs
浏览文件 @
eb82f7f9
...
...
@@ -364,7 +364,7 @@ public static void RevokeEverything(PkiOptions pkiOptions)
});
}
[
Theory
]
[
ConditionalTheory
(
typeof
(
SignatureSupport
),
nameof
(
SignatureSupport
.
SupportsX509Sha1Signatures
))
]
[
InlineData
(
PkiOptions
.
OcspEverywhere
)]
[
InlineData
(
PkiOptions
.
AllIssuerRevocation
|
PkiOptions
.
EndEntityRevocationViaOcsp
)]
[
InlineData
(
PkiOptions
.
IssuerRevocationViaCrl
|
PkiOptions
.
EndEntityRevocationViaOcsp
)]
...
...
@@ -449,7 +449,7 @@ public static void RevokeEndEntity_IssuerUnrelatedOcsp(PkiOptions pkiOptions)
});
}
[
Theory
]
[
ConditionalTheory
(
typeof
(
SignatureSupport
),
nameof
(
SignatureSupport
.
SupportsX509Sha1Signatures
))
]
[
InlineData
(
PkiOptions
.
OcspEverywhere
)]
[
InlineData
(
PkiOptions
.
IssuerRevocationViaOcsp
|
PkiOptions
.
AllEndEntityRevocation
)]
[
ActiveIssue
(
"https://github.com/dotnet/runtime/issues/31249"
,
PlatformSupport
.
AppleCrypto
)]
...
...
src/libraries/System.Security.Cryptography.X509Certificates/tests/SignatureSupport.cs
0 → 100644
浏览文件 @
eb82f7f9
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
namespace
System.Security.Cryptography.X509Certificates.Tests
{
public
class
SignatureSupport
{
// The RHEL9/CentOS9/Fedora39 change to disable SHA-1 signature support only affects OpenSSL's
// equivalent of RSA.SignHash/VerifyHash, but affects all asymmetric algorithms' versions of
// SignData/VerifyData. The OpenSSL library uses the VerifyData-esque path as an implementation
// detail when checking certificate signatures, and that means that in the context of X509Chain
// it's all SHA-1-based signatures.
//
// If there's ever a platform that blocks RSASSA+SHA-1 but doesn't block ECDSA or DSA with SHA-1,
// the logic here will need to get more complicated.
public
static
bool
SupportsX509Sha1Signatures
{
get
;
}
=
System
.
Security
.
Cryptography
.
Tests
.
SignatureSupport
.
CanProduceSha1Signature
(
RSA
.
Create
());
}
}
src/libraries/System.Security.Cryptography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
浏览文件 @
eb82f7f9
...
...
@@ -64,6 +64,8 @@
Link="CommonTest\System\Security\Cryptography\ByteUtils.cs" />
<Compile Include="$(CommonTestPath)System\Security\Cryptography\PlatformSupport.cs"
Link="CommonTest\System\Security\Cryptography\PlatformSupport.cs" />
<Compile Include="$(CommonTestPath)System\Security\Cryptography\SignatureSupport.cs"
Link="CommonTest\System\Security\Cryptography\SignatureSupport.cs" />
<Compile Include="ImportTests.cs" />
<Compile Include="CertificateCreation\CertificateRequestApiTests.cs" />
<Compile Include="CertificateCreation\CertificateRequestChainTests.cs" />
...
...
@@ -89,6 +91,7 @@
<Compile Include="DynamicChainTests.cs" />
<Compile Include="ECDsaOther.cs" />
<Compile Include="RSAOther.cs" />
<Compile Include="SignatureSupport.cs" />
<Compile Include="TestDataGenerator.cs" />
<Compile Include="$(CommonPath)DisableRuntimeMarshalling.cs"
Link="Common\DisableRuntimeMarshalling.cs" />
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录