* Fixes and improvements for dotnet-dev-certs:
* Revamps the HTTPS developer certificate tool implementation.
* It accumulated a lot of cruft during the past few years and that has made making changes harder.
* Separated the CertificateManager implementation into different classes per platform.
* This centralizes the decision point of choosing a platform in a single place.
* Makes clear what the flow is for a given platform.
* Isolates changes needed for a given platform in the future.
* Moved CertificateManager to a singleton
* No more statics!
* Updates logging to use EventSource
* We didn't have a good way of performing logging as the code is shared and must run in multiple contexts and the set of dependencies need to be kept to a minimum.
* Adding ETW allow us to log/monitor the the tool execution and capture the logs with `dotnet trace` without having to invent our own logging.
* We can decide to write an EventListener in `dotnet-dev-certs` to write the results to the console output.
* Updates the way we handle the dev-cert in Mac OS to use the security tool to import the certificate into the store instead of using the certificate store.
* WIP add interop tests
* Clean up
* Move test project into build infrastructure
* Clean up
* Remove hardcoded paths
* Clean up
* Fix build
* Add copyright notices
* Update azure template
* Fix build
* Fix build?
* Fix build?
* Add gRPC interop tests to CI
- Convert to using references managed by build infrastructure
- Use produced AspNetCore.App shared framework
- Save server logs
- Dynamically bind to ports
- Ensure InteropWebsite is built in the same configuration as the test project
* Cleanup
* Rebase fix
* Include tests assets in build directory for Helix
* Incorporate changes in ProcessEx
* Include Grpc test in regular build
* Fixup
* Test
* exe doesn't always exist
* Capture logs on helix
* Maybe this will work
* There are two application started messages
* Derp
* Cleanup
* Update directory
* Add interop tests to more pipelines
* mkdir
Co-authored-by: John Luo <johluo@microsoft.com>
* Consume the internalized System.Net.Quic sources (#19156)
* Consume the internalized System.Net.Quic sources
* More changes from rebase
* Remove Console.WriteLine
* Additional code sync
- Multi-target ObjectPool
- Move Embedded.Manifest.Task.Internal.Entry to the public namespace
- Remove ref assemblies from AspNetCore.Testing
- Skip TestPathUtilitiesTest since it's a pattern we want to migrate away from
- Fix FileProviders.Abstractions version in Embedded.*.nuspec
- Add workarounds for project references to FileProviders.Embedded
* Removed mutating of string-contents in BCryptHandle
* Revert "Removed mutating of string-contents in BCryptHandle"
This reverts commit 5ae80c2834471baf34d1e5a05a42e3cce1ff02d7.
This is a .NET STandard 2.0 project, so no span is available by default. I think it's not worth it to add a reference to System.Memory-package just for this change.
* Better perf for StringUtilities.TryGetAsciiString
* Removed mutating of created string from HttpUtilities
* Use static readonly span-actions as this gives a boost due to not having a null check for the compiler generated cached delegate
* Debug Asserts
* PR Feedback
* Added a new property, ValidateCertificateChain
This aligns the code with README.md, and enables chained certificate authentication to work in Azure App Service (which won't have the client certificate's root in its trust store)
* Updated reference assemblies
New ValidateCertificateChain property was missing from /ref - hadn't updated it, so automatic test was failing
* Replaced the broad property which disables certificate chain validation with a granular list of trusted issuers
Also updated documentation to remove the unused property and to indicate that it isn't possible to validate half of the chain from the OS' trust store, and half from the private root store
* Swapped property access for an AddRange call
* Updated reference assembly
* Added certificate tests
Three test cases:
- Untrusted client certificate should fail, as it does now.
- Client certificate which is part of a chain with an untrusted root but a trusted issuer should fail, since the chain as a whole isn't trusted.
- Client certificate which is part of a fully-trusted chain should pass.
Also noticed that there were a couple of issues in CreateServer, where the certificate revocation flags weren't being set properly.
Finally, the csproj was referring to a folder name ("test\Certificates") which didn't exist. It looks like the folder was renamed to "TestCertificates", so I've update the project to match.
* Update Microsoft.AspNetCore.Authentication.Certificate.netcoreapp.cs
* Reverting change of Tests csproj, which was blocking certificate tests
* Forgot to add certificates to the shared source root, so tests were failing
* Updating following code review
Replaced custom logic with a new ChainTrustValidationMode property. Updated reference assemblies
* Changed tests to account for new property
* Updated certificates for PR tests
* Updated certificates
Updating all new certificates to avoid using the alternate signature algorithm
* Dummy checkin
Compilation errors coming from CertificateTests.cs, performing this checkin to test whether or not they're limited to a specific build.
* Following up typo corrections
Commit 116799fa70 in upstream repo changed a variable name, causing compile errors on PR build. Fixing that
Co-authored-by: Hao Kung <HaoK@users.noreply.github.com>
Brennan
Javier Calvarro Nelson
Ben Adams
Günther Foidl
github-actions[bot]
John Luo
James Newton-King
Kevin Pilch
Roman Marusyk
Doug Bunting
Ryan Rowse
Kevin Pilch
msftbot[bot]
Justin Kotalik
Chris Ross
Hao Kung
Stephen Halter
Edward Neal
Pranav K