Add missing members to EncryptedXml. #23417
Conversation
| [Fact] | ||
| public void GetStandardSandbox_WhenEvidenceIsNull_ThrowsArgumentNullException() | ||
| { | ||
| Assert.Throws<ArgumentNullException>(() => SecurityManager.GetStandardSandbox(null)); |
There was a problem hiding this comment.
use AssertExtensions to also check for the name of the argument thrown (nameof(evidence))
| Assert.Throws<ArgumentNullException>(decrypt); | ||
| else | ||
| Assert.Throws<CryptographicException>(decrypt); | ||
| Assert.Throws<ArgumentNullException>(() => exml.DecryptData(ed, aes)); |
There was a problem hiding this comment.
same here. Check for name argument too.
| @@ -47,28 +45,47 @@ public override void GenerateKey() | |||
| } | |||
| } | |||
|
|
|||
| private readonly Encoding _defaultEncoding = Encoding.UTF8; | |||
| private const CipherMode DefaultCipherMode = CipherMode.CBC; | ||
| private const PaddingMode DefaultPaddingMode = PaddingMode.ISO10126; | ||
| private const string DefaultRecipient = ""; | ||
| private readonly XmlResolver _defaultXmlResolver = null; |
|
I hope you are aware that Evidence is stubbed out in .NET Core: https://github.com/dotnet/corefx/blob/986ffdb1053d334b862f96b53c67ca3bae222219/src/System.Security.Permissions/src/System/Security/Policy/Evidence.cs I guess you aren't using our sources where Evidence is defined (System.Security.Permissions)? |
| { | ||
| // maybe a network stream, make sure we allow just what is needed!! | ||
| PermissionSet ps = SecurityManager.GetStandardSandbox(_evidence); | ||
| ps.PermitOnly(); |
There was a problem hiding this comment.
this will throw in .NET Core:
There was a problem hiding this comment.
@danmosemsft what's the strategy for code that checks if permission is granted? I guess it's intentional that PermitOnly wasn't stubbed out silently instead of throwing?
If this code path is reached, which means the user passed an Evidence in the constructor and therefore _evidence is not null an exception is still throw in Core.
| @@ -26,6 +26,7 @@ | |||
| <Compile Include="SecurityElementTests.cs" /> | |||
| <Compile Include="HostSecurityManagerTests.cs" /> | |||
| <Compile Include="HostProtectionTests.cs" /> | |||
| <Compile Include="SecurityManagerTests.cs" /> | |||
There was a problem hiding this comment.
I know this isn't related to your change but please sort the files as we were supposed to do before we got lazy ;)
|
|
||
| namespace System.Security.Permissions.Tests | ||
| { | ||
| public class SecurityManagerTests |
There was a problem hiding this comment.
Also include a positive test?
|
I reverted all changes related to Speaking of Mono, currently it's not able to download cipher values from URIs as well, so not having an implementation for this case doesn't really change anything. |
|
It looks like we originally had these but removed them in ac17228#diff-8f0821d6d517dbaeb3868dab123e4238 as a part of #14662 because And @bartonjs 's response: On the one hand, I think the type exists (System.Security.Permissions). On the other hand, it's dead code in this implementation... so... I'm content. We can add it back later if we decide that we need 100% API compatibility. So the question then would be if it's worth adding these back even though they're empty variables and whether it would help or hinder in the long run since we're not using them anywhere. |
|
@vladimir-kazakov Is your goal here to make Mono no longer have a distinct implementation and just use the package from Core? |
|
System.Diagnostics.TraceSource.Tests is AV'ing. |
|
@bartonjs, the goal is to directly use According to comments in issues and PRs from this repository related to
@ianhays, empty right now, but perhaps someone in the future will decide to implement missing functionality. Someone who was using it in .NET Framework and who needs it in either .NET Core or Mono. But this is the future. Currently, only missing APIs are needed (without implementation) in order to make it possible to reuse code from .NET Core in Mono. Right now, the implementation is not important, because both .NET Core and Mono don't have the implementation of missing functionality (the ability to download cipher values from URIs). In the future, though, I'd expect this functionality to be implemented, in order to be fully compatible with .NET Framework. |
|
@dotnet-bot test this please (no log left) |
|
Seems fine to me. I'm happy with getting code reuse out of the effort. @ericstj System.Security.Cryptography.Xml is a standalone package that has a netfx facade... is there anything tricky we need to do here when changing the ref to include members that netfx has that we didn't provide in the last stable package version? |
So long as they are all present in the supported version of desktop then, you can update the ref and keep it building for all targeted frameworks (make sure you don't redist anything). Note that desktop isn't the only thing to think about when you expose more API from one of these. Also consider Mono/Xamarin to understand if they have the API as well. If you are exposing new types it's good to let folks like @marek-safar know so that they can ensure that they update the facades. Contrast that to adding members that didn't exist in desktop: you'd have to make those additions exclusive to NETCoreApp. |
|
@dotnet-bot test Windows x64 Debug Build |
|
@dotnet-bot Test Windows x64 Debug Build please |
|
This PR added a line that broke our builds. https://github.com/dotnet/corefx/pull/23417/files#diff-e86e9429bdfda04e0301ba8bd13932ebR13 Ref projects should have P2P references as opposed to just Reference items, since we can't really ensure that all dependencies have been built yet. |
|
I created #23946 to fix it. |
…d-xml-missing-apis Add missing members to EncryptedXml. Commit migrated from dotnet/corefx@46579e4
While importing
EncryptedXmlinto Mono (mono/mono#5273), it was noticed that its following members are missing:(XmlDocument, Evidence)constructor.DocumentEvidenceproperty.This PR adds them. The implementation is taken from .NET Framework.
The behavior of the
EncryptedXmlTest.DecryptData_CipherReference_InvalidUritest was changed. As far as I understand, both .NET Core and .NET Framework must behave the same way. According to the documentation, theSecurityManager.GetStandardSandboxmust throw if the evidence is null. Previously, .NET Core wasn't throwing in this case, so this was changed as well.