Skip to content

Fix issue with cert being finalized in data protection test #29097

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
6 commits merged into from
Jan 8, 2021
+42 −39
Merged

Fix issue with cert being finalized in data protection test #29097

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0be9e40
Debug x509 store
HaoK Jan 6, 2021
6f8e219
Update helix-matrix.yml
HaoK Jan 6, 2021
7be65c0
Un skip test to see if they work now
HaoK Jan 6, 2021
0cbf40c
Add using for cert
HaoK Jan 7, 2021
2c5ab4e
Clean up comment
HaoK Jan 7, 2021
caaad47
Update helix-matrix.yml
HaoK Jan 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 42 additions & 39 deletions src/DataProtection/Extensions/test/DataProtectionProviderTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,52 +115,55 @@ public void System_UsesProvidedDirectory_WithConfigurationCallback()

[ConditionalFact]
[X509StoreIsAvailable(StoreName.My, StoreLocation.CurrentUser)]
[SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720 and https://github.com/dotnet/aspnetcore/issues/26871", Queues = "All.OSX;Windows.10.Arm64;Windows.10.Arm64.Open;Windows.10.Arm64v8;Windows.10.Arm64v8.Open")]
[SkipOnHelix("https://github.com/dotnet/aspnetcore/issues/6720", Queues = "All.OSX")]
public void System_UsesProvidedDirectoryAndCertificate()
{
var filePath = Path.Combine(GetTestFilesPath(), "TestCert.pfx");
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable));
store.Close();
}

WithUniqueTempDirectory(directory =>
using (var imported = new X509Certificate2(filePath, "password", X509KeyStorageFlags.Exportable))
Copy link
Member

@captainsafia captainsafia Jan 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔑

{
var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificateStore.Open(OpenFlags.ReadWrite);
var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0];
Assert.True(certificate.HasPrivateKey, "Cert should have a private key");
try
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
// Step 1: directory should be completely empty
directory.Create();
Assert.Empty(directory.GetFiles());

// Step 2: instantiate the system and round-trip a payload
var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose");
var data = protector.Protect("payload");

// add a cert without the private key to ensure the decryption will still fallback to the cert store
var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password");
var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose");
Assert.Equal("payload", unprotector.Unprotect(data));

// Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate
var allFiles = directory.GetFiles();
Assert.Single(allFiles);
Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase);
string fileText = File.ReadAllText(allFiles[0].FullName);
Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal);
Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal);
store.Open(OpenFlags.ReadWrite);
store.Add(imported);
store.Close();
}
finally

WithUniqueTempDirectory(directory =>
{
certificateStore.Remove(certificate);
certificateStore.Close();
}
});
var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certificateStore.Open(OpenFlags.ReadWrite);
var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "TestCert", false)[0];
Assert.True(certificate.HasPrivateKey, "Cert should have a private key");
try
{
// Step 1: directory should be completely empty
directory.Create();
Assert.Empty(directory.GetFiles());

// Step 2: instantiate the system and round-trip a payload
var protector = DataProtectionProvider.Create(directory, certificate).CreateProtector("purpose");
var data = protector.Protect("payload");

// add a cert without the private key to ensure the decryption will still fallback to the cert store
var certWithoutKey = new X509Certificate2(Path.Combine(GetTestFilesPath(), "TestCertWithoutPrivateKey.pfx"), "password");
var unprotector = DataProtectionProvider.Create(directory, o => o.UnprotectKeysWithAnyCertificate(certWithoutKey)).CreateProtector("purpose");
Assert.Equal("payload", unprotector.Unprotect(data));

// Step 3: validate that there's now a single key in the directory and that it's is protected using the certificate
var allFiles = directory.GetFiles();
Assert.Single(allFiles);
Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase);
string fileText = File.ReadAllText(allFiles[0].FullName);
Assert.DoesNotContain("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal);
Assert.Contains("X509Certificate", fileText, StringComparison.Ordinal);
}
finally
{
certificateStore.Remove(certificate);
certificateStore.Close();
}
});
}
}

[ConditionalFact]
Expand Down