Skip to content

Prepare cert tests for new signing algorithms #114416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 10, 2025
Merged

Prepare cert tests for new signing algorithms #114416

merged 3 commits into from
Apr 10, 2025

Conversation

bartonjs
Copy link
Member

@bartonjs bartonjs commented Apr 8, 2025

This is the test infrastructure half of #114357.

  • CertificateAuthority gains algorithm agility, varying across RSA and EC-DSA deterministically.
  • CertificateRequestChainTests stops using AsymmetricAlgorithm in advance of the new, non-AA types.
  • CertificateRequestLoadTests ensures that Load+Create yields the same as new+Create for all supported signature generator types.
  • PrivateKeyAssociationTests ensures the relationship of CopyWithPrivateKey, Get{Alg}PublicKey, Get{Alg}PrivateKey for all existing asymmetric algorithm types (even ECDH!)

@bartonjs bartonjs added area-System.Security test-enhancement Improvements of test source code labels Apr 8, 2025
@bartonjs bartonjs added this to the 10.0.0 milestone Apr 8, 2025
@bartonjs bartonjs self-assigned this Apr 8, 2025
@Copilot Copilot AI review requested due to automatic review settings April 8, 2025 23:22
Copilot
Copilot AI reviewed Apr 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Comments suppressed due to low confidence (1)

src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs:320

  • Verify that the delegated CloneWithPrivateKey method robustly supports all key types (RSA, ECDsa, and DSA) and correctly converts from the generalized key type to the expected concrete instance.
return Common.CertificateAuthority.CloneWithPrivateKey(cert, key);

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

This was referenced Apr 9, 2025
Open
Closed
Open
@bartonjs bartonjs merged commit 00b0050 into dotnet:main Apr 10, 2025
84 of 86 checks passed
@bartonjs bartonjs deleted the certreq_prereqs branch April 10, 2025 01:54
@matouskozak matouskozak mentioned this pull request Apr 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@vcsjones vcsjones vcsjones approved these changes

Assignees

@bartonjs bartonjs

Labels
area-System.Security test-enhancement Improvements of test source code
Projects
None yet
Milestone
10.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@bartonjs @vcsjones