Fix issue with cert being finalized in data protection test (#29097)

HaoK · web-flow · commit f4d10f6ce4a4 · 2021-01-08T18:33:01.000Z
* Debug x509 store

* Update helix-matrix.yml

* Un skip test to see if they work now

* Add using for cert

* Clean up comment

* Update helix-matrix.yml
diff --git a/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs b/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs
@@ -115,52 +115,55 @@ public void System_UsesProvidedDirectory_WithConfigurationCallback()
 
         [ConditionalFact]
         [X509StoreIsAvailable(StoreName.My, StoreLocation.CurrentUser)]
-        [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720 and https://github.com/dotnet/aspnetcore/issues/26871", Queues = "All.OSX;Windows.10.Arm64;Windows.10.Arm64.Open;Windows.10.Arm64v8;Windows.10.Arm64v8.Open")]
+        [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720", Queues = "All.OSX")]
         public void System_UsesProvidedDirectoryAndCertificate()
         {
             var filePath = Path.Combine(GetTestFilesPath(), "TestCert.pfx");
-            using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
-            {
-                store.Open(OpenFlags.ReadWrite);
-                store.Add(new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable));
-                store.Close();
-            }
-
-            WithUniqueTempDirectory(directory =>
+            using (var imported = new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable))
             {
-                var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
-                certificateStore.Open(OpenFlags.ReadWrite);
-                var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0];
-                Assert.True(certificate.HasPrivateKey, "Cert should have a private key");
-                try
+                using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
                 {
-                    // Step 1: directory should be completely empty
-                    directory.Create();
-                    Assert.Empty(directory.GetFiles());
-
-                    // Step 2: instantiate the system and round-trip a payload
-                    var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose");
-                    var data = protector.Protect("payload");
-
-                    // add a cert without the private key to ensure the decryption will still fallback to the cert store
-                    var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password");
-                    var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose");
-                    Assert.Equal("payload", unprotector.Unprotect(data));
-
-                    // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate
-                    var allFiles = directory.GetFiles();
-                    Assert.Single(allFiles);
-                    Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase);
-                    string fileText = File.ReadAllText(allFiles[0].FullName);
-                    Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal);
-                    Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal);
+                    store.Open(OpenFlags.ReadWrite);
+                    store.Add(imported);
+                    store.Close();
                 }
-                finally
+
+                WithUniqueTempDirectory(directory =>
                 {
-                    certificateStore.Remove(certificate);
-                    certificateStore.Close();
-                }
-            });
+                    var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
+                    certificateStore.Open(OpenFlags.ReadWrite);
+                    var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0];
+                    Assert.True(certificate.HasPrivateKey, "Cert should have a private key");
+                    try
+                    {
+                        // Step 1: directory should be completely empty
+                        directory.Create();
+                        Assert.Empty(directory.GetFiles());
+
+                        // Step 2: instantiate the system and round-trip a payload
+                        var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose");
+                        var data = protector.Protect("payload");
+
+                        // add a cert without the private key to ensure the decryption will still fallback to the cert store
+                        var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password");
+                        var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose");
+                        Assert.Equal("payload", unprotector.Unprotect(data));
+
+                        // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate
+                        var allFiles = directory.GetFiles();
+                        Assert.Single(allFiles);
+                        Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase);
+                        string fileText = File.ReadAllText(allFiles[0].FullName);
+                        Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal);
+                        Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal);
+                    }
+                    finally
+                    {
+                        certificateStore.Remove(certificate);
+                        certificateStore.Close();
+                    }
+                });
+            }
         }
 
         [ConditionalFact]
