diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.CustomAppContextDataLimit.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.CustomAppContextDataLimit.cs index 88d5f3409aad6..bed126455a039 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.CustomAppContextDataLimit.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.CustomAppContextDataLimit.cs @@ -5,6 +5,7 @@ using Microsoft.DotNet.XUnitExtensions; using System.Collections.Generic; using System.Linq; +using Test.Cryptography; using Xunit; namespace System.Security.Cryptography.X509Certificates.Tests @@ -20,7 +21,7 @@ private static readonly Dictionary s_certificatesDictionary [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationCountNotExceedingDefaultLimit(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = iterationCount; _ = blob; @@ -30,6 +31,11 @@ public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationC throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppContext.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2); @@ -43,7 +49,7 @@ public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationC [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = iterationCount; @@ -54,6 +60,11 @@ public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationC throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppContext.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -2); @@ -67,7 +78,7 @@ public void Import_AppContextDataWithValueMinusTwo_ActsAsDefaultLimit_IterationC [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppContextDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppContextDataWithValueZero_IterationCountNotExceedingDefaultLimit_Throws(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = iterationCount; _ = blob; @@ -77,6 +88,11 @@ public void Import_AppContextDataWithValueZero_IterationCountNotExceedingDefault throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppContext.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", 0); @@ -90,7 +106,7 @@ public void Import_AppContextDataWithValueZero_IterationCountNotExceedingDefault [ConditionalTheory(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountExceedingDefaultLimit_MemberData), MemberType = typeof(PfxIterationCountTests))] - public void Import_AppContextDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_AppContextDataWithValueMinusOne_IterationCountExceedingDefaultLimit(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = blob; @@ -101,6 +117,11 @@ public void Import_AppContextDataWithValueMinusOne_IterationCountExceedingDefaul throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + RemoteExecutor.Invoke((certName) => { AppContext.SetData("System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit", -1); diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs index 59339ab75b409..3d3cc1295d3d9 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxIterationCountTests.cs @@ -24,13 +24,18 @@ public abstract partial class PfxIterationCountTests [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData))] - public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported) { throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations)) { X509Certificate cert = Import(blob); @@ -40,7 +45,7 @@ public void Import_IterationCounLimitNotExceeded_Succeeds(string name, bool uses [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))] - public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_IterationCountLimitExceeded_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = password; _ = iterationCount; @@ -50,13 +55,18 @@ public void Import_IterationCountLimitExceeded_Throws(string name, string passwo throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + CryptographicException ce = Assert.Throws(() => Import(blob)); Assert.Contains(FwlinkId, ce.Message); } [ConditionalTheory] [MemberData(nameof(GetCertsWith_IterationCountExceedingDefaultLimit_MemberData))] - public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { _ = iterationCount; @@ -65,6 +75,11 @@ public void ImportWithPasswordOrFileName_IterationCountLimitExceeded(string name throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + using (TempFileHolder tempFile = new TempFileHolder(blob)) { string fileName = tempFile.FilePath; @@ -100,13 +115,18 @@ internal static void VerifyThrowsCryptoExButDoesNotThrowPfxWithoutPassword(Actio [ConditionalTheory] [MemberData(nameof(GetCertsWith_NonNullOrEmptyPassword_MemberData))] - public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount) + public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string password, bool usesPbes2, byte[] blob, long iterationCount, bool usesRC2) { if (usesPbes2 && !PfxTests.Pkcs12PBES2Supported) { throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + CryptographicException ce = Assert.ThrowsAny(() => Import(blob)); if (PfxTests.IsPkcs12IterationCountAllowed(iterationCount, PfxTests.DefaultIterations)) @@ -123,7 +143,7 @@ public void Import_NonNullOrEmptyPasswordExpected_Throws(string name, string pas } } - [Fact] + [ConditionalFact(typeof(PlatformSupport), nameof(PlatformSupport.IsRC2Supported))] public void ExportedPfxWithNullPassword_DecryptReturnsValidPaddingWithEmptyPassword() { Assert.NotNull(Import(TestData.MsCertificateExportedToPfx_NullPassword)); @@ -160,7 +180,7 @@ private static List GetCertificates() certificates.Add(new PfxInfo( nameof(TestData.Pkcs12WindowsDotnetExportEmptyPassword), "", 6000, false, TestData.Pkcs12WindowsDotnetExportEmptyPassword)); certificates.Add(new PfxInfo( - nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated)); + nameof(TestData.Pkcs12MacosKeychainCreated), null, 4097, false, TestData.Pkcs12MacosKeychainCreated, usesRC2: true)); certificates.Add(new PfxInfo( nameof(TestData.Pkcs12BuilderSaltWithMacNullPassword), null, 120000, true, TestData.Pkcs12BuilderSaltWithMacNullPassword)); certificates.Add(new PfxInfo( @@ -183,7 +203,7 @@ public static IEnumerable GetCertsWith_IterationCountNotExceedingDefau { if (p.IterationCount <= DefaultIterationLimit && string.IsNullOrEmpty(p.Password)) { - yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } } @@ -194,7 +214,7 @@ public static IEnumerable GetCertsWith_IterationCountExceedingDefaultL { if (p.IterationCount > DefaultIterationLimit) { - yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } } @@ -205,7 +225,7 @@ public static IEnumerable GetCertsWith_NonNullOrEmptyPassword_MemberDa { if (!string.IsNullOrEmpty(p.Password)) { - yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount }; + yield return new object[] { p.Name, p.Password, p.UsesPbes2, p.Blob, p.IterationCount, p.UsesRC2 }; } } } @@ -218,14 +238,16 @@ public class PfxInfo internal long IterationCount { get; set; } internal bool UsesPbes2 { get; set; } internal byte[] Blob { get; set; } + internal bool UsesRC2 { get; set; } - internal PfxInfo(string name, string password, long iterationCount, bool usesPbes2, byte[] blob) + internal PfxInfo(string name, string password, long iterationCount, bool usesPbes2, byte[] blob, bool usesRC2 = false) { Name = name; Password = password; IterationCount = iterationCount; UsesPbes2 = usesPbes2; Blob = blob; + UsesRC2 = usesRC2; } } } diff --git a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs index c456eaf4e662e..a8454f1cf3c3e 100644 --- a/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs +++ b/src/libraries/System.Security.Cryptography/tests/X509Certificates/PfxTests.cs @@ -470,7 +470,7 @@ public static void CollectionPerphemeralImport_HasKeyName() [ConditionalTheory] [MemberData(memberName: nameof(PfxIterationCountTests.GetCertsWith_IterationCountNotExceedingDefaultLimit_AndNullOrEmptyPassword_MemberData), MemberType = typeof(PfxIterationCountTests))] - public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount) + public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob, int iterationCount, bool usesRC2) { _ = iterationCount; @@ -482,6 +482,11 @@ public static void TestIterationCounter(string name, bool usesPbes2, byte[] blob throw new SkipTestException(name + " uses PBES2, which is not supported on this version."); } + if (usesRC2 && !PlatformSupport.IsRC2Supported) + { + throw new SkipTestException(name + " uses RC2, which is not supported on this platform."); + } + try { long count = (long)target(blob, out int bytesConsumed);