From 70cb9021575180babf12655cdffc50b99e5a2a33 Mon Sep 17 00:00:00 2001
From: wfurt <tweinfurt@yahoo.com>
Date: Mon, 21 Mar 2022 14:06:08 -0700
Subject: [PATCH 1/3] remove unused code

---
 .../Net/Http/TlsCertificateExtensions.cs      | 159 ------------------
 .../src/System.Net.Http.csproj                |   2 -
 .../src/System.Net.Security.csproj            |   2 -
 3 files changed, 163 deletions(-)
 delete mode 100644 src/libraries/Common/src/System/Net/Http/TlsCertificateExtensions.cs

diff --git a/src/libraries/Common/src/System/Net/Http/TlsCertificateExtensions.cs b/src/libraries/Common/src/System/Net/Http/TlsCertificateExtensions.cs
deleted file mode 100644
index 37099b0c0e412..0000000000000
--- a/src/libraries/Common/src/System/Net/Http/TlsCertificateExtensions.cs
+++ /dev/null
@@ -1,159 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-
-namespace System.Net.Http
-{
-    /// <summary>
-    /// Defines Extension methods which are meant to be re-used across WinHttp and UnixHttp Handlers
-    /// </summary>
-    internal static class TLSCertificateExtensions
-    {
-        private const string ClientCertificateOid = "1.3.6.1.5.5.7.3.2";
-        private static Oid s_clientCertOidInst = new Oid(ClientCertificateOid);
-
-        /// <summary>
-        ///   returns true if the X509 Certificate can be used  as SSL Client Certificate.
-        /// </summary>
-        private static bool IsClientCertificate(X509Certificate2 cert)
-        {
-            Debug.Assert(cert != null, "certificate cannot be null");
-
-            bool foundEku = false;
-            bool foundKeyUsages = false;
-            bool isClientAuth = true;
-            bool isDigitalSignature = true;
-            foreach (X509Extension extension in cert.Extensions)
-            {
-                // check if the extension is an enhanced usage ext.
-                // But do this only if needed. No point going over it, if we already have established that our cert has the
-                // required extension.
-                if (!foundEku)
-                {
-                    X509EnhancedKeyUsageExtension? enhancedUsageExt = extension as X509EnhancedKeyUsageExtension;
-                    if (enhancedUsageExt != null)
-                    {
-                        foundEku = true;
-                        isClientAuth = false;
-                        foreach (Oid oid in enhancedUsageExt.EnhancedKeyUsages)
-                        {
-                            if (string.Equals(ClientCertificateOid, oid.Value))
-                            {
-                                isClientAuth = true;
-                                break;
-                            }
-                        }
-                    }
-                }
-
-                // Check if the extension is a key usage extension.
-                // No point going over it if we have already established that our cert has digital signature
-                if (!foundKeyUsages)
-                {
-                    X509KeyUsageExtension? usageExt = extension as X509KeyUsageExtension;
-                    if (usageExt != null)
-                    {
-                        foundKeyUsages = true;
-                        isDigitalSignature = (usageExt.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0;
-                    }
-                }
-
-                if (foundKeyUsages && foundEku)
-                {
-                    break;
-                }
-            }
-
-            return isClientAuth && isDigitalSignature;
-        }
-
-        internal static X509Chain? BuildNewChain(X509Certificate2 certificate, bool includeClientApplicationPolicy)
-        {
-            var chain = new X509Chain();
-            chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;
-            chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
-            chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
-            if (includeClientApplicationPolicy)
-            {
-                chain.ChainPolicy.ApplicationPolicy.Add(s_clientCertOidInst);
-            }
-
-            if (chain.Build(certificate))
-            {
-                return chain;
-            }
-            else
-            {
-                chain.Dispose();
-                return null;
-            }
-        }
-
-        /// <summary>
-        ///   Returns a new collection containing valid client certificates from the given X509Certificate2Collection
-        /// </summary>
-        internal static bool TryFindClientCertificate(this X509Certificate2Collection certificates,
-                                                      ISet<string> allowedIssuers,
-                                                      out X509Certificate2? clientCertificate,
-                                                      out X509Chain? clientCertChain)
-        {
-            clientCertificate = null;
-            clientCertChain = null;
-            if (certificates == null)
-            {
-                return false;
-            }
-
-            DateTime now = DateTime.Now;
-            foreach (X509Certificate2 cert in certificates)
-            {
-                if (cert.HasPrivateKey && now >= cert.NotBefore && now <= cert.NotAfter)
-                {
-                    if (IsClientCertificate(cert))
-                    {
-                        if (allowedIssuers.Count == 0)
-                        {
-                            clientCertificate = cert;
-                            clientCertChain = null;
-                            return true;
-                        }
-
-                        X509Chain? chain = BuildNewChain(cert, includeClientApplicationPolicy: true);
-                        if (chain == null)
-                        {
-                            continue;
-                        }
-
-                        bool isComplete = true;
-                        foreach (X509ChainStatus chainStatus in chain.ChainStatus)
-                        {
-                            if ((chainStatus.Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)
-                            {
-                                isComplete = false;
-                                break;
-                            }
-                        }
-
-                        if (chain.ChainElements.Count > 0 && isComplete)
-                        {
-                            X509Certificate2 trustAnchor = chain.ChainElements[chain.ChainElements.Count - 1].Certificate!;
-                            if (allowedIssuers.Contains(trustAnchor.SubjectName.Name))
-                            {
-                                clientCertificate = cert;
-                                clientCertChain = chain;
-                                return true;
-                            }
-                        }
-                    }
-                }
-            }
-
-            return false;
-        }
-    }
-}
diff --git a/src/libraries/System.Net.Http/src/System.Net.Http.csproj b/src/libraries/System.Net.Http/src/System.Net.Http.csproj
index 41a0065fa038d..64ba4d2f202b7 100644
--- a/src/libraries/System.Net.Http/src/System.Net.Http.csproj
+++ b/src/libraries/System.Net.Http/src/System.Net.Http.csproj
@@ -558,8 +558,6 @@
              Link="Common\System\Net\HttpStatusDescription.cs" />
     <Compile Include="$(CommonPath)System\Net\Http\HttpHandlerDefaults.cs"
              Link="Common\System\Net\Http\HttpHandlerDefaults.cs" />
-    <Compile Include="$(CommonPath)System\Net\Http\TlsCertificateExtensions.cs"
-             Link="Common\System\Net\Http\TlsCertificateExtensions" />
     <Compile Include="$(CommonPath)System\Net\Security\CertificateHelper.cs"
              Link="Common\System\Net\Security\CertificateHelper.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\CertificateHelper.Unix.cs"
diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
index 2fd4b2928f4ab..b111e2c8be4fc 100644
--- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
@@ -245,8 +245,6 @@
              Link="Common\Interop\Unix\Interop.Libraries.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\Interop.Errors.cs"
              Link="Common\Interop\Unix\Interop.Errors.cs" />
-    <Compile Include="$(CommonPath)System\Net\Http\TlsCertificateExtensions.cs"
-             Link="Common\System\Net\Http\TlsCertificateExtensions.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs"
              Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.GssFlags.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs"

From 1814f3db2a20e1988ff590aea64903e514b20ff0 Mon Sep 17 00:00:00 2001
From: wfurt <tweinfurt@yahoo.com>
Date: Mon, 21 Mar 2022 14:39:32 -0700
Subject: [PATCH 2/3] fix osx build

---
 .../src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs
index a6985c8069f15..1b523ccb97a8d 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs
@@ -3,7 +3,6 @@
 
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Net.Http;
 using System.Net.Security;
 using System.Runtime.InteropServices;
 using System.Security.Authentication;

From d1236357c58d4efe65865aec3bce9e66bb620f6e Mon Sep 17 00:00:00 2001
From: wfurt <tweinfurt@yahoo.com>
Date: Mon, 21 Mar 2022 16:04:15 -0700
Subject: [PATCH 3/3] android

---
 .../src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
index 8ccd6277bc070..8f5346d1efe03 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/Pal.Android/SafeDeleteSslContext.cs
@@ -3,7 +3,6 @@
 
 using System.Collections.Generic;
 using System.Diagnostics;
-using System.Net.Http;
 using System.Net.Security;
 using System.Security.Authentication;
 using System.Security.Cryptography;