Skip to content

Obsolete mutable X509 certificate APIs #53891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bartonjs merged 4 commits into from
Jun 21, 2021
Merged

Obsolete mutable X509 certificate APIs #53891

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fe646a7
Obsolete mutable X509 certificate APIs.
vcsjones Jun 8, 2021
f2b557e
Permit constructor use where required
vcsjones Jun 8, 2021
ac6d470
Supress obsolete on ref project and Any OS generated.
vcsjones Jun 8, 2021
4022eec
Fix unit test compilation.
vcsjones Jun 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/project/list-of-diagnostics.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
| __`SYSLIB0023`__ | RNGCryptoServiceProvider is obsolete. To generate a random number, use one of the RandomNumberGenerator static methods instead. |
| __`SYSLIB0024`__ | Creating and unloading AppDomains is not supported and throws an exception. |
| __`SYSLIB0025`__ | SuppressIldasmAttribute has no effect in .NET 6.0+. |
| __`SYSLIB0026`__ | X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate. |

## Analyzer Warnings

Expand Down
3 changes: 3 additions & 0 deletions src/libraries/Common/src/System/Obsoletions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,5 +86,8 @@ internal static class Obsoletions

internal const string SuppressIldasmAttributeMessage = "SuppressIldasmAttribute has no effect in .NET 6.0+.";
internal const string SuppressIldasmAttributeDiagId = "SYSLIB0025";

internal const string X509CertificateImmutableMessage = "X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.";
internal const string X509CertificateImmutableDiagId = "SYSLIB0026";
}
}
4 changes: 2 additions & 2 deletions src/libraries/System.Net.Security/tests/UnitTests/SslAuthenticationOptionsTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public void LocalCertificateSelectionCallback_Get_Set_Succeeds()
{
Assert.Null(_clientOptions.LocalCertificateSelectionCallback);

LocalCertificateSelectionCallback callback = (sender, host, localCertificates, remoteCertificate, issuers) => { return new X509Certificate(); };
LocalCertificateSelectionCallback callback = (sender, host, localCertificates, remoteCertificate, issuers) => default;
_clientOptions.LocalCertificateSelectionCallback = callback;

Assert.Equal(callback, _clientOptions.LocalCertificateSelectionCallback);
Expand Down Expand Up @@ -109,7 +109,7 @@ public void ServerCertificate_Get_Set_Succeeds()
_serverOptions.ServerCertificate = null;

Assert.Null(_serverOptions.ServerCertificate);
X509Certificate cert = new X509Certificate();
X509Certificate cert = new X509Certificate2(stackalloc byte[0]);
_serverOptions.ServerCertificate = cert;

Assert.Equal(cert, _serverOptions.ServerCertificate);
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/System.Security.Cryptography.Pkcs/tests/Pkcs12/Pkcs12SafeContentsTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public static void AddCertificateDisallowsNull(bool forReadOnly)
public static void AddCertificateDisallowedInReadOnly()
{
Pkcs12SafeContents contents = MakeReadonly(new Pkcs12SafeContents());
X509Certificate2 cert = new X509Certificate2();
X509Certificate2 cert = new X509Certificate2(stackalloc byte[0]);

Assert.Throws<InvalidOperationException>(() => contents.AddCertificate(cert));
}
Expand Down
14 changes: 14 additions & 0 deletions ...curity.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ public override void CopyFrom(System.Security.Cryptography.AsnEncodedData asnEnc
}
public partial class X509Certificate : System.IDisposable, System.Runtime.Serialization.IDeserializationCallback, System.Runtime.Serialization.ISerializable
{
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public X509Certificate() { }
public X509Certificate(byte[] data) { }
[System.CLSCompliantAttribute(false)]
Expand Down Expand Up @@ -200,13 +201,19 @@ protected virtual void Dispose(bool disposing) { }
public virtual string GetRawCertDataString() { throw null; }
public virtual byte[] GetSerialNumber() { throw null; }
public virtual string GetSerialNumberString() { throw null; }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(byte[] rawData) { }
[System.CLSCompliantAttribute(false)]
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(byte[] rawData, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(byte[] rawData, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(string fileName) { }
[System.CLSCompliantAttribute(false)]
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(string fileName, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public virtual void Import(string fileName, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
public virtual void Reset() { }
void System.Runtime.Serialization.IDeserializationCallback.OnDeserialization(object? sender) { }
Expand All @@ -217,6 +224,7 @@ void System.Runtime.Serialization.ISerializable.GetObjectData(System.Runtime.Ser
}
public partial class X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate
{
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public X509Certificate2() { }
public X509Certificate2(byte[] rawData) { }
[System.CLSCompliantAttribute(false)]
Expand Down Expand Up @@ -265,13 +273,19 @@ public X509Certificate2(string fileName, string? password, System.Security.Crypt
public System.Security.Cryptography.ECDiffieHellman? GetECDiffieHellmanPrivateKey() { throw null; }
public System.Security.Cryptography.ECDiffieHellman? GetECDiffieHellmanPublicKey() { throw null; }
public string GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType nameType, bool forIssuer) { throw null; }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData) { }
[System.CLSCompliantAttribute(false)]
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName) { }
[System.CLSCompliantAttribute(false)]
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
[System.ObsoleteAttribute("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) { }
public override void Reset() { }
public override string ToString() { throw null; }
Expand Down
3 changes: 2 additions & 1 deletion ...ty.Cryptography.X509Certificates/ref/System.Security.Cryptography.X509Certificates.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
<PropertyGroup>
<TargetFrameworks>$(NetCoreAppCurrent)</TargetFrameworks>
<Nullable>enable</Nullable>
<NoWarn>$(NoWarn);SYSLIB0026</NoWarn>
</PropertyGroup>
<ItemGroup>
<Compile Include="System.Security.Cryptography.X509Certificates.cs" />
Expand All @@ -15,4 +16,4 @@
<ProjectReference Include="..\..\System.Security.Cryptography.Encoding\ref\System.Security.Cryptography.Encoding.csproj" />
<ProjectReference Include="..\..\System.Security.Cryptography.Primitives\ref\System.Security.Cryptography.Primitives.csproj" />
</ItemGroup>
</Project>
</Project>
4 changes: 3 additions & 1 deletion ...ty.Cryptography.X509Certificates/src/System.Security.Cryptography.X509Certificates.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<Nullable>enable</Nullable>
</PropertyGroup>
<PropertyGroup Condition="'$(TargetsAnyOS)' == 'true'">
<NoWarn>$(NoWarn);CS8769</NoWarn>
<NoWarn>$(NoWarn);CS8769;SYSLIB0026</NoWarn>
<GeneratePlatformNotSupportedAssemblyMessage>SR.SystemSecurityCryptographyX509Certificates_PlatformNotSupported</GeneratePlatformNotSupportedAssemblyMessage>
</PropertyGroup>
<PropertyGroup>
Expand All @@ -22,6 +22,8 @@
Link="Common\Microsoft\Win32\SafeHandles\SafeHandleCache.cs" />
<Compile Include="$(CommonPath)System\Memory\PointerMemoryManager.cs"
Link="Common\System\Memory\PointerMemoryManager.cs" />
<Compile Include="$(CommonPath)System\Obsoletions.cs"
Link="Common\System\Obsoletions.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\CryptoPool.cs"
Link="Common\System\Security\Cryptography\CryptoPool.cs" />
<Compile Include="$(CommonPath)System\Security\Cryptography\Oids.cs"
Expand Down
12 changes: 12 additions & 0 deletions ...phy.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using Internal.Cryptography;
using Internal.Cryptography.Pal;
using Microsoft.Win32.SafeHandles;
using System;
using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
Expand Down Expand Up @@ -44,6 +45,7 @@ public virtual void Reset()
}
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public X509Certificate()
{
}
Expand Down Expand Up @@ -171,7 +173,9 @@ private protected X509Certificate(string fileName, ReadOnlySpan<char> password,
}

[System.CLSCompliantAttribute(false)]
#pragma warning disable SYSLIB0026
public X509Certificate(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags) : this()
#pragma warning restore SYSLIB0026
{
if (fileName == null)
throw new ArgumentNullException(nameof(fileName));
Expand All @@ -195,7 +199,9 @@ public X509Certificate(X509Certificate cert)
}
}

#pragma warning disable SYSLIB0026
public X509Certificate(SerializationInfo info, StreamingContext context) : this()
#pragma warning restore SYSLIB0026
{
throw new PlatformNotSupportedException();
}
Expand Down Expand Up @@ -569,33 +575,39 @@ public virtual string ToString(bool fVerbose)
return sb.ToString();
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(byte[] rawData)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
}

[System.CLSCompliantAttribute(false)]
[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(string fileName)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
}

[System.CLSCompliantAttribute(false)]
[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public virtual void Import(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
{
throw new PlatformNotSupportedException(SR.NotSupported_ImmutableX509Certificate);
Expand Down
7 changes: 7 additions & 0 deletions ...hy.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ public override void Reset()
base.Reset();
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public X509Certificate2()
: base()
{
Expand Down Expand Up @@ -630,33 +631,39 @@ public override string ToString(bool verbose)
return sb.ToString();
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(byte[] rawData)
{
base.Import(rawData);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
{
base.Import(rawData, password, keyStorageFlags);
}

[System.CLSCompliantAttribute(false)]
[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
{
base.Import(rawData, password, keyStorageFlags);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(string fileName)
{
base.Import(fileName);
}

[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
{
base.Import(fileName, password, keyStorageFlags);
}

[System.CLSCompliantAttribute(false)]
[Obsolete(Obsoletions.X509CertificateImmutableMessage, DiagnosticId = Obsoletions.X509CertificateImmutableDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
public override void Import(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
{
base.Import(fileName, password, keyStorageFlags);
Expand Down
1 change: 1 addition & 0 deletions ...ography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
<DefineConstants>$(DefineConstants);HAVE_THUMBPRINT_OVERLOADS</DefineConstants>
<DefineConstants Condition="'$(TargetsUnix)' == 'true'">$(DefineConstants);Unix</DefineConstants>
<IncludeRemoteExecutor>true</IncludeRemoteExecutor>
<NoWarn>$(NoWarn);SYSLIB0026</NoWarn>
<TargetFrameworks>$(NetCoreAppCurrent)-windows;$(NetCoreAppCurrent)-Unix;$(NetCoreAppCurrent)-Android;$(NetCoreAppCurrent)-Browser;$(NetCoreAppCurrent)-OSX;$(NetCoreAppCurrent)-iOS;$(NetCoreAppCurrent)-tvOS</TargetFrameworks>
</PropertyGroup>
<PropertyGroup>
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/System.Security.Permissions/tests/MembershipConditionTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public static void HashMembershipConditionCallMethods()
[SkipOnPlatform(TestPlatforms.Browser, "System.Security.Cryptography.X509Certificates is not supported on this platform.")]
public static void PublisherMembershipConditionCallMethods()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(new System.Security.Cryptography.X509Certificates.X509Certificate());
PublisherMembershipCondition pmc = new PublisherMembershipCondition(new System.Security.Cryptography.X509Certificates.X509Certificate2(stackalloc byte[0]));
bool check = pmc.Check(new Evidence());
IMembershipCondition obj = pmc.Copy();
check = pmc.Equals(new object());
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/System.Security.Permissions/tests/PermissionTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ public static void PrincipalPermissionCallMethods()
[SkipOnPlatform(TestPlatforms.Browser, "System.Security.Cryptography.X509Certificates is not supported on this platform.")]
public static void PublisherIdentityPermissionCallMethods()
{
PublisherIdentityPermission pip = new PublisherIdentityPermission(new System.Security.Cryptography.X509Certificates.X509Certificate());
PublisherIdentityPermission pip = new PublisherIdentityPermission(new System.Security.Cryptography.X509Certificates.X509Certificate2(stackalloc byte[0]));
PublisherIdentityPermission pip2 = new PublisherIdentityPermission(new Permissions.PermissionState());
IPermission ip = pip.Copy();
IPermission ip2 = pip.Intersect(ip);
Expand Down