From f934bfaa7e4acf4894edf0d92e7e7be8c901da73 Mon Sep 17 00:00:00 2001
From: Javier Calvarro Nelson <jacalvar@microsoft.com>
Date: Fri, 12 Apr 2019 09:27:54 +0200
Subject: [PATCH] [Https][Tooling] Add digital signature to the KeyUsage of the
 HTTPS dev-cert (#9293)

* [Https][Tooling] Add digital signature to the KeyUsage of the HTTPS dev-cert
---
 src/Shared/CertificateGeneration/CertificateManager.cs        | 2 +-
 .../FirstRunCertGenerator/test/CertificateManagerTests.cs     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Shared/CertificateGeneration/CertificateManager.cs b/src/Shared/CertificateGeneration/CertificateManager.cs
index 17e0d52e4d..78ea93398c 100644
--- a/src/Shared/CertificateGeneration/CertificateManager.cs
+++ b/src/Shared/CertificateGeneration/CertificateManager.cs
@@ -156,7 +156,7 @@ namespace Microsoft.AspNetCore.Certificates.Generation
             var sanBuilder = new SubjectAlternativeNameBuilder();
             sanBuilder.AddDnsName(LocalhostHttpsDnsName);
 
-            var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true);
+            var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, critical: true);
             var enhancedKeyUsage = new X509EnhancedKeyUsageExtension(
                 new OidCollection() {
                     new Oid(
diff --git a/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs b/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs
index 5b770a4b04..e1849607d3 100644
--- a/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs
+++ b/src/Tools/FirstRunCertGenerator/test/CertificateManagerTests.cs
@@ -75,7 +75,7 @@ namespace Microsoft.AspNetCore.Certificates.Generation.Tests
                     httpsCertificate.Extensions.OfType<X509Extension>(),
                     e => e is X509KeyUsageExtension keyUsage &&
                         keyUsage.Critical == true &&
-                        keyUsage.KeyUsages == X509KeyUsageFlags.KeyEncipherment);
+                        keyUsage.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature));
 
                 Assert.Contains(
                     httpsCertificate.Extensions.OfType<X509Extension>(),
@@ -162,7 +162,7 @@ namespace Microsoft.AspNetCore.Certificates.Generation.Tests
                     httpsCertificate.Extensions.OfType<X509Extension>(),
                     e => e is X509KeyUsageExtension keyUsage &&
                         keyUsage.Critical == true &&
-                        keyUsage.KeyUsages == X509KeyUsageFlags.KeyEncipherment);
+                        keyUsage.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature));
 
                 Assert.Contains(
                     httpsCertificate.Extensions.OfType<X509Extension>(),