diff --git a/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs b/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs index 751b9b5d6206..e2431a2fa8bf 100644 --- a/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs +++ b/src/DataProtection/Extensions/test/DataProtectionProviderTests.cs @@ -115,52 +115,55 @@ public void System_UsesProvidedDirectory_WithConfigurationCallback() [ConditionalFact] [X509StoreIsAvailable(StoreName.My, StoreLocation.CurrentUser)] - [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720 and https://github.com/dotnet/aspnetcore/issues/26871", Queues = "All.OSX;Windows.10.Arm64;Windows.10.Arm64.Open;Windows.10.Arm64v8;Windows.10.Arm64v8.Open")] + [SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720", Queues = "All.OSX")] public void System_UsesProvidedDirectoryAndCertificate() { var filePath = Path.Combine(GetTestFilesPath(), "TestCert.pfx"); - using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) - { - store.Open(OpenFlags.ReadWrite); - store.Add(new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable)); - store.Close(); - } - - WithUniqueTempDirectory(directory => + using (var imported = new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable)) { - var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); - certificateStore.Open(OpenFlags.ReadWrite); - var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0]; - Assert.True(certificate.HasPrivateKey, "Cert should have a private key"); - try + using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { - // Step 1: directory should be completely empty - directory.Create(); - Assert.Empty(directory.GetFiles()); - - // Step 2: instantiate the system and round-trip a payload - var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose"); - var data = protector.Protect("payload"); - - // add a cert without the private key to ensure the decryption will still fallback to the cert store - var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password"); - var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose"); - Assert.Equal("payload", unprotector.Unprotect(data)); - - // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate - var allFiles = directory.GetFiles(); - Assert.Single(allFiles); - Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase); - string fileText = File.ReadAllText(allFiles[0].FullName); - Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal); - Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal); + store.Open(OpenFlags.ReadWrite); + store.Add(imported); + store.Close(); } - finally + + WithUniqueTempDirectory(directory => { - certificateStore.Remove(certificate); - certificateStore.Close(); - } - }); + var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); + certificateStore.Open(OpenFlags.ReadWrite); + var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0]; + Assert.True(certificate.HasPrivateKey, "Cert should have a private key"); + try + { + // Step 1: directory should be completely empty + directory.Create(); + Assert.Empty(directory.GetFiles()); + + // Step 2: instantiate the system and round-trip a payload + var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose"); + var data = protector.Protect("payload"); + + // add a cert without the private key to ensure the decryption will still fallback to the cert store + var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password"); + var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose"); + Assert.Equal("payload", unprotector.Unprotect(data)); + + // Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate + var allFiles = directory.GetFiles(); + Assert.Single(allFiles); + Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase); + string fileText = File.ReadAllText(allFiles[0].FullName); + Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal); + Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal); + } + finally + { + certificateStore.Remove(certificate); + certificateStore.Close(); + } + }); + } } [ConditionalFact]