Address feedback, add DSA certificate tests

javiercn · javiercn · commit 2e68fd34c59f · 2020-07-02T13:34:37.000-07:00
diff --git a/src/Servers/Kestrel/Core/src/KestrelConfigurationLoader.cs b/src/Servers/Kestrel/Core/src/KestrelConfigurationLoader.cs
@@ -441,15 +441,12 @@ private X509Certificate2 LoadCertificate(CertificateConfig certInfo, string endp
                 if (certInfo.KeyPath != null)
                 {
                     var certificateKeyPath = Path.Combine(environment.ContentRootPath, certInfo.KeyPath);
-                    X509Certificate2 certificate = GetCertificate(certInfo, certificatePath, certificateKeyPath);
+                    var certificate = GetCertificate(certInfo, certificatePath, certificateKeyPath);
 
-                    if (!certificate.HasPrivateKey)
+                    if (certificate != null)
                     {
                         certificate = LoadCertificateKey(certificate, certificateKeyPath, certInfo.Password);
-                    }
 
-                    if (certificate != null)
-                    {
                         if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
                         {
                             return PersistKey(certificate);
@@ -487,14 +484,12 @@ static X509Certificate2 LoadCertificateKey(X509Certificate2 certificate, string
 
             static X509Certificate2 GetCertificate(CertificateConfig certInfo, string certificatePath, string certificateKeyPath)
             {
-                if (X509Certificate2.GetCertContentType(certificatePath) != X509ContentType.Unknown)
+                if (X509Certificate2.GetCertContentType(certificatePath) == X509ContentType.Cert)
                 {
                     return new X509Certificate2(certificatePath);
                 }
 
-                return certInfo.Password != null ?
-                    X509Certificate2.CreateFromEncryptedPemFile(certificatePath, certInfo.Password, certificateKeyPath) :
-                    X509Certificate2.CreateFromPemFile(certificatePath, certificateKeyPath);
+                return null;
             }
         }
 
diff --git a/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs b/src/Servers/Kestrel/Kestrel/test/KestrelConfigurationLoaderTests.cs
@@ -289,10 +289,10 @@ public void ConfigureEndpoint_ThrowsWhen_TheKeyCannotBeRead()
         [InlineData("https-ecdsa.pem", "https-ecdsa-protected.key", "aspnetcore")]
         [InlineData("https-ecdsa.crt", "https-ecdsa.key", null)]
         [InlineData("https-ecdsa.crt", "https-ecdsa-protected.key", "aspnetcore")]
-        //[InlineData("https-dsa.pem", "https-dsa.key", null)]
-        //[InlineData("https-dsa.pem", "https-dsa-protected.key", "aspnetcore")]
-        //[InlineData("https-dsa.crt", "https-dsa.key", null)]
-        //[InlineData("https-dsa.crt", "https-dsa-protected.key", "aspnetcore")]
+        [InlineData("https-dsa.pem", "https-dsa.key", null)]
+        [InlineData("https-dsa.pem", "https-dsa-protected.key", "test")]
+        [InlineData("https-dsa.crt", "https-dsa.key", null)]
+        [InlineData("https-dsa.crt", "https-dsa-protected.key", "test")]
         public void ConfigureEndpoint_CanLoadPemCertificates(string certificateFile, string certificateKey, string password)
         {
             var serverOptions = CreateServerOptions();
diff --git a/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa-protected.key b/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa-protected.key
@@ -1,18 +1,11 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICzTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIgeRX7Sed0OsCAggA
-MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBC7vpWM+TQ9caiqYAn+h95YBIIC
-cM8+gZPkVJZF1ICFi6lHHNjV9FSdH+qwvUOzBEVP1oZtmdMBhEVqqm+3H+Gcm6dn
-C4JjMGCu3KqQ096JoWeFE/ksuTcL7MBtvyY35NIbbVxEW7YxvTiICADfjwL0mDYH
-SlUr0LLrMhoYfN01HE2kkkJLZLt58zjzxyUdc//SlIC6rJyd6NZdNrmRQ9JZzd7G
-SZtkXRMvrzyJoxwOc+5ERmYtOtOWmyF2pAFwoEnb8VOQgoM3gy/3lO5aVpPj76Rr
-MmJwdruU39nUPTe6VI6ukF5T27pu0XmX5YWqy5+PZ5cFhmOxGSxwvw6dbJSM1+Sg
-ZcKohhQQtNFYFgFpp8cz84o1lHWprjGxHRVKEeKAwgX8v8glDTKzwS0DKsTzdn0s
-2RCwjr+GxH7wpjwzllny2xU/h5ZR2j8gldfCNFVPtFrGleuEduPA4U04Mkije0l9
-AdPHDK8drvUuIZLb2HCQu0wYmUDmtY/SWuMl1xRonrF+cPPcmAdQDP8IH2MGL8SO
-9h/CCextHsqzXl7PJzHcjLmn8qmlocmSJRALCrWpgoE/d7Wjle8LmtQVWSw0UgTo
-GEoWpFcz6JJBUrcasGQHokLtuyAjjSRgSt1DFK2iW+O7MARK9wJNCGUfDNWavO4p
-hA7MR1muv/xwwr0oi2OJ5rc3N+6M/Fb1fRlU5+EsaE2xee7nV3JdVmdYKpOM8ksX
-F5XV/b4BbaPbTRppr0aZk6RDqy5jlYVsNy1Npwqw/2pJqS7wTWZgaWQgePsRGsb5
-3SZC64XpHlzBgYOgpnOC9x9KJuWt2z4OS0l70Nvv7+VLzem0fVMb+Dh/5VFjYfp2
-4w==
+MIIBoTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQI+PhdT1Kk/SkCAggA
+MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECGV1ZmaiQtz2BIIBUA/6pNqTkXpkOLlI
+22Lh0cm5+/foDRh3qTrAOSHHHV0Dz1xYvYMa9MFzONatLf55Rpb2ZPji3hXwUQfn
+gOJeTBRTaMNz5LaKJiOIWj0qDckhgKt9cmgiBzVTvXO4pERp1uz5zcvaUOKj2TSv
+ljxishj76MYQftIGMMkJQKf4OsHubCopuKUbzTPgJt0FuF4eT37+tiEMgbYrmA6p
+REPE0vT1aY+LYdJLV/Dax/l4lMvYmQYOWs9TCLPlI5RZQxxte6zbcA13ESg/qLE3
+4Mx8xgXrPvCxp3h8KBKNMaJR1xzpr7UQOpkI9qja++3cJAl6O/0mdeqZct0V9Z8P
+a3+wyUWo58z5sOPNdJHIMV6qw6m3w+IQoCJC7EbV0+Pyo5eSU5zbgm7YWZ9Yx6l8
+g1mCP4Q6Tqe6LjKfBsZAmYWSfKqoTKRjC3ocJMt53tIDpB5jFw==
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.crt b/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.crt
diff --git a/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.key b/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.key
@@ -1,15 +1,9 @@
------BEGIN PRIVATE KEY-----
-MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQDJCLNPr0jF6+UOqnftcW7OC+Pj
-rSOLhk277kKiWlQvOGNyqFbL3UvOfVAbKFcMOumZhftsSvHUf9Q47xS5XKBbhIpz
-UhyxLVQ435mqQWYOpnqLm5glxUwUn8DKfFiOTznimdypgnGQt5mTdVJ7IG574fAn
-5IdC6oE1KReDxdXqN0M4i2e6x/O+uc7r8ePsuQ/Eoo3w4iM/VxHKVLNoOBWZwgPh
-EpxumDFslRGal2j7IlUit1tEC9k9D32G+VL7gqu0m6LO5JXJNFIcU6RH36YDfLd3
-eTKbwZjQW57uj1JkR/flm0xR7IUVKmcVs0QaW5fyeudt+U78fCGfd8CSa2cDAiEA
-vDbQX231dqIHsQePToTsintUmbtI+/MqrR27x0fHysMCggEAHCTRNw9ZVDUcUtD0
-LKL1ophDNXZFjegz6DwHEsGwMcW+fT9QwfVmcZy5xLqqloapOdE7ejWJ6rKHPmQz
-m+73u7fuDDSJMl7MaxVDSMLmlCnJO84tNtCLyRsYxsneSFs9rw0tEIJGAgJHnAgz
-usj/hNEhTZT5oLjVPT/DjEqqOvVTlBaVZnd1fkeuI03M/J86R2mIm0VkFLpufnW/
-McebsHwpz9Y2jxr2Wvz0+xv5ooLwZeVFRVl95SsHypjkCGtWKcqxA+lZdYkqLbwt
-WvIfo+gJJS6iLsxs9I6OBqh85+bp4xlYsXnmr3JrsuV7OyfCppfgIABbHops57Vg
-rbRwswQjAiEAksfTXws/dqMjlRmytRcU4qDef3La1STF5WSsoMdYYqs=
------END PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIBSwIBADCCASsGByqGSM44BAEwggEeAoGBAJyiyioeXx1O98gRCMEjlPKMpr79
+KrcDkoroghtuXO1U6Cx34pBRjOQmQLDPqSOriEo5VuG6SJc/ppfZx9TrSrzqB26h
+KTUmiaOKmwpfIfzpi72wgsZeMOtU7JQ+FThfGyS8VxGh6G0h7xw26B/9ALxRw25z
+O1cy9ZJs0EY3hsHzAhUA/4dpclsck8K+SkWBTcPfU+x7wTUCgYB4LP6UvrvIiiFP
+xhk7AEGMMr0MhcJ3hhsgKWukUqIYsJKBM5MpKCnej5BHvnLXdKodIxygcKR4dJX7
+BRv69L+2RJk+UrYL1qBco5HpUslumA0e3gNdwRLoOoGD14dn1LD1LdESsyMgwfHH
+J0RRkYwacgCVXsvHv/eAkA8qq136dwQXAhUA216Tqp4OvdUBNv8QLv8Z5QPopGQ=
+-----END PRIVATE KEY-----
diff --git a/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.pem b/src/Servers/Kestrel/shared/test/TestCertificates/https-dsa.pem
@@ -1,27 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIEnTCCBEMCFCHt1Ah6u8RKy69wV2i5BMfgAVQKMAsGCWCGSAFlAwQDAjBZMQsw
-CQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjAwNzAy
-MTcwMTQxWhcNMjEwNzAyMTcwMTQxWjBZMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
-U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRIw
-EAYDVQQDDAlsb2NhbGhvc3QwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAMkIs0+v
-SMXr5Q6qd+1xbs4L4+OtI4uGTbvuQqJaVC84Y3KoVsvdS859UBsoVww66ZmF+2xK
-8dR/1DjvFLlcoFuEinNSHLEtVDjfmapBZg6meoubmCXFTBSfwMp8WI5POeKZ3KmC
-cZC3mZN1Unsgbnvh8Cfkh0LqgTUpF4PF1eo3QziLZ7rH8765zuvx4+y5D8SijfDi
-Iz9XEcpUs2g4FZnCA+ESnG6YMWyVEZqXaPsiVSK3W0QL2T0PfYb5UvuCq7Sbos7k
-lck0UhxTpEffpgN8t3d5MpvBmNBbnu6PUmRH9+WbTFHshRUqZxWzRBpbl/J65235
-Tvx8IZ93wJJrZwMCIQC8NtBfbfV2ogexB49OhOyKe1SZu0j78yqtHbvHR8fKwwKC
-AQAcJNE3D1lUNRxS0PQsovWimEM1dkWN6DPoPAcSwbAxxb59P1DB9WZxnLnEuqqW
-hqk50Tt6NYnqsoc+ZDOb7ve7t+4MNIkyXsxrFUNIwuaUKck7zi020IvJGxjGyd5I
-Wz2vDS0QgkYCAkecCDO6yP+E0SFNlPmguNU9P8OMSqo69VOUFpVmd3V+R64jTcz8
-nzpHaYibRWQUum5+db8xx5uwfCnP1jaPGvZa/PT7G/migvBl5UVFWX3lKwfKmOQI
-a1YpyrED6Vl1iSotvC1a8h+j6AklLqIuzGz0jo4GqHzn5unjGVixeeavcmuy5Xs7
-J8Kml+AgAFseimzntWCttHCzA4IBBQACggEALilLLZ1g1CjR1DwUbEWUO+Ak11N5
-AfM8H9gwdszcZgl9J9+tqZ0/YcyTnXcxX/SG7NwjP8eEEekMzR6AKm1gW0OYnshI
-3OiD2htmr9uHULsvqTDOKJfY2kcoKqIoTn6apszMf9RBs7EBmvJXxSk8139FLqzL
-FBW8/jHxlb54mrGsEeUy/zoCxq/GrKzB5xWtNp/59w3tPO9FilfBjMjdLY7Ly1eh
-vuTtZm1LX1wY47dP1p4WWDl5ZUGC5kSzlSLH4vSH1Xe/GTTiXcT6pt4yRFL+WMbi
-dnhFKObWUMlz7ck6WPaiI0AMiGFAGn467a7r04sjnMBajaGUEGjm/dWqSDALBglg
-hkgBZQMEAwIDRwAwRAIgKq7kQZ4JPNTvcGrt+6yEhjEcIvtZ9NJj3Cm2Q+FuryQC
-ID69/GKE4WN5BUWMSi0Fwka80OywHW76nwtsrXRa4c/W
+MIIDWTCCAxWgAwIBAgIUFRQGA90GHC74cNK/hNzQDi7XJFYwCwYJYIZIAWUDBAMC
+MF0xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTETMBEGA1UEBwwKQWxl
+eGFuZHJpYTEQMA4GA1UECgwHQ29udG9zbzEUMBIGA1UECwwLRGV2ZWxvcG1lbnQw
+HhcNMjAwNjE5MTkyODIwWhcNMjAwNzE5MTkyODIwWjBdMQswCQYDVQQGEwJVUzER
+MA8GA1UECAwIVmlyZ2luaWExEzARBgNVBAcMCkFsZXhhbmRyaWExEDAOBgNVBAoM
+B0NvbnRvc28xFDASBgNVBAsMC0RldmVsb3BtZW50MIIBtjCCASsGByqGSM44BAEw
+ggEeAoGBAJyiyioeXx1O98gRCMEjlPKMpr79KrcDkoroghtuXO1U6Cx34pBRjOQm
+QLDPqSOriEo5VuG6SJc/ppfZx9TrSrzqB26hKTUmiaOKmwpfIfzpi72wgsZeMOtU
+7JQ+FThfGyS8VxGh6G0h7xw26B/9ALxRw25zO1cy9ZJs0EY3hsHzAhUA/4dpclsc
+k8K+SkWBTcPfU+x7wTUCgYB4LP6UvrvIiiFPxhk7AEGMMr0MhcJ3hhsgKWukUqIY
+sJKBM5MpKCnej5BHvnLXdKodIxygcKR4dJX7BRv69L+2RJk+UrYL1qBco5HpUslu
+mA0e3gNdwRLoOoGD14dn1LD1LdESsyMgwfHHJ0RRkYwacgCVXsvHv/eAkA8qq136
+dwOBhAACgYAHltgzkK3zD8yGdcGY0YgvN5l3lna1voLmcK+XtmehjMVy7OSSFICN
+KybLBOvO8paydhCb1J0klkLPAoAjgP2cEd+KueeRyJpx+jD1MsjIEXIn5jtjXdUH
+d0JJmHWAyHdNzmhXrXC7JLnj4ri7xMAV3GZGDpAnYvvL0LiXzFyomqNTMFEwHQYD
+VR0OBBYEFF1l4ZrF3ND05CjGd//ev0dJLCB7MB8GA1UdIwQYMBaAFF1l4ZrF3ND0
+5CjGd//ev0dJLCB7MA8GA1UdEwEB/wQFMAMBAf8wCwYJYIZIAWUDBAMCAzEAMC4C
+FQD6plYf60MDCvMjf1yQ8SBaFX3YYwIVAKqRQklh2b0Qhv+US222hb8xySJV
 -----END CERTIFICATE-----

Original file line number	Diff line number	Diff line change
`@@ -441,15 +441,12 @@ private X509Certificate2 LoadCertificate(CertificateConfig certInfo, string endp`
`441`	`441`	`if (certInfo.KeyPath != null)`
`442`	`442`	`{`
`443`	`443`	`var certificateKeyPath = Path.Combine(environment.ContentRootPath, certInfo.KeyPath);`
`444`		`- X509Certificate2 certificate = GetCertificate(certInfo, certificatePath, certificateKeyPath);`
	`444`	`+ var certificate = GetCertificate(certInfo, certificatePath, certificateKeyPath);`
`445`	`445`
`446`		`- if (!certificate.HasPrivateKey)`
	`446`	`+ if (certificate != null)`
`447`	`447`	`{`
`448`	`448`	`certificate = LoadCertificateKey(certificate, certificateKeyPath, certInfo.Password);`
`449`		`- }`
`450`	`449`
`451`		`- if (certificate != null)`
`452`		`- {`
`453`	`450`	`if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))`
`454`	`451`	`{`
`455`	`452`	`return PersistKey(certificate);`
`@@ -487,14 +484,12 @@ static X509Certificate2 LoadCertificateKey(X509Certificate2 certificate, string`
`487`	`484`
`488`	`485`	`static X509Certificate2 GetCertificate(CertificateConfig certInfo, string certificatePath, string certificateKeyPath)`
`489`	`486`	`{`
`490`		`- if (X509Certificate2.GetCertContentType(certificatePath) != X509ContentType.Unknown)`
	`487`	`+ if (X509Certificate2.GetCertContentType(certificatePath) == X509ContentType.Cert)`
`491`	`488`	`{`
`492`	`489`	`return new X509Certificate2(certificatePath);`
`493`	`490`	`}`
`494`	`491`
`495`		`- return certInfo.Password != null ?`
`496`		`- X509Certificate2.CreateFromEncryptedPemFile(certificatePath, certInfo.Password, certificateKeyPath) :`
`497`		`- X509Certificate2.CreateFromPemFile(certificatePath, certificateKeyPath);`
	`492`	`+ return null;`
`498`	`493`	`}`
`499`	`494`	`}`
`500`	`495`