Fix 1574 and enable tests

hongdai · hongdai · commit 8d9bfd8295f1 · 2017-05-10T13:21:32.000-07:00
* Use X509Certificate2 copy constructor as it becomes available in 2.0.
* Enable those TCP tests require service certificate. They pass by using
the X509Certificate2 copy constructor.
diff --git a/src/System.Private.ServiceModel/src/Extensions/X509Certificate2Extensions.cs b/src/System.Private.ServiceModel/src/Extensions/X509Certificate2Extensions.cs
diff --git a/src/System.Private.ServiceModel/src/System/IdentityModel/Claims/X509CertificateClaimSet.cs b/src/System.Private.ServiceModel/src/System/IdentityModel/Claims/X509CertificateClaimSet.cs
@@ -33,11 +33,7 @@ internal X509CertificateClaimSet(X509Certificate2 certificate, bool clone)
             if (certificate == null)
                 throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("certificate");
             
-            // dotnet/wcf#1574
-            // ORIGINAL CODE: 
-            // _certificate = clone ? new X509Certificate2(certificate.Handle) : certificate;
-
-            _certificate = clone ? certificate.CloneCertificateInternal() : certificate;
+             _certificate = clone ? new X509Certificate2(certificate) : certificate;
         }
 
         private X509CertificateClaimSet(X509CertificateClaimSet from)
@@ -515,11 +511,7 @@ public X509Identity(X500DistinguishedName x500DistinguishedName)
         internal X509Identity(X509Certificate2 certificate, bool clone, bool disposable)
             : base(X509, X509)
         {
-            // dotnet/wcf#1574
-            // ORIGINAL CODE: 
-            // _certificate = clone ? new X509Certificate2(certificate.Handle) : certificate;
-
-            _certificate = clone ? certificate.CloneCertificateInternal() : certificate;
+             _certificate = clone ? new X509Certificate2(certificate) : certificate;
 
             _disposable = clone || disposable;
         }
diff --git a/src/System.Private.ServiceModel/src/System/IdentityModel/Selectors/X509SecurityTokenProvider.cs b/src/System.Private.ServiceModel/src/System/IdentityModel/Selectors/X509SecurityTokenProvider.cs
@@ -28,11 +28,7 @@ internal X509SecurityTokenProvider(X509Certificate2 certificate, bool clone)
             _clone = clone;
             if (_clone)
             {
-                // dotnet/wcf#1574
-                // ORIGINAL CODE: 
-                // _certificate = new X509Certificate2(certificate.Handle);
-
-                _certificate = certificate.CloneCertificateInternal();
+                _certificate = new X509Certificate2(certificate);
             }
             else
             {
diff --git a/src/System.Private.ServiceModel/src/System/IdentityModel/Tokens/X509SecurityToken.cs b/src/System.Private.ServiceModel/src/System/IdentityModel/Tokens/X509SecurityToken.cs
@@ -54,10 +54,7 @@ internal X509SecurityToken(X509Certificate2 certificate, string id, bool clone,
 
             _id = id;
 
-            // dotnet/wcf#1574
-            // ORIGINAL CODE: 
-            // _certificate = clone ? new X509Certificate2(certificate.Handle) : certificate;
-            _certificate = clone ? certificate.CloneCertificateInternal() : certificate;
+            _certificate = clone ? new X509Certificate2(certificate) : certificate;
 
             // if the cert needs to be cloned then the token owns the clone and should dispose it
             _disposable = clone || disposable;
diff --git a/src/System.Private.ServiceModel/src/System/ServiceModel/Channels/SslStreamSecurityUpgradeProvider.cs b/src/System.Private.ServiceModel/src/System/ServiceModel/Channels/SslStreamSecurityUpgradeProvider.cs
@@ -252,10 +252,7 @@ private void SetupServerCertificate(SecurityToken token)
                     SR.InvalidTokenProvided, _serverTokenProvider.GetType(), typeof(X509SecurityToken))));
             }
 
-            // dotnet/wcf#1574
-            // ORIGINAL CODE: 
-            // _serverCertificate = new X509Certificate2(x509Token.Certificate.Handle);
-            _serverCertificate = x509Token.Certificate.CloneCertificateInternal(); 
+            _serverCertificate = new X509Certificate2(x509Token.Certificate);
         }
 
         private void CleanupServerCertificate()
@@ -713,10 +710,7 @@ private bool ValidateRemoteCertificate(object sender, X509Certificate certificat
         {
             // Note: add ref to handle since the caller will reset the cert after the callback return.
 
-            // dotnet/wcf#1574
-            // ORIGINAL CODE: 
-            // X509Certificate2 certificate2 = new X509Certificate2(certificate.Handle);
-            X509Certificate2 certificate2 = certificate.CloneCertificateInternal(); 
+            X509Certificate2 certificate2 = new X509Certificate2(certificate);
 
             SecurityToken token = new X509SecurityToken(certificate2, false);
             ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = _serverCertificateAuthenticator.ValidateToken(token);
diff --git a/src/System.Private.ServiceModel/src/System/ServiceModel/Security/SecurityUtils.cs b/src/System.Private.ServiceModel/src/System/ServiceModel/Security/SecurityUtils.cs
@@ -882,10 +882,7 @@ private static X509Certificate2 GetCertificateFromStoreCore(StoreName storeName,
                 certs = store.Certificates.Find(findType, findValue, false);
                 if (certs.Count == 1)
                 {
-                    // dotnet/wcf#1574
-                    // ORIGINAL CODE: 
-                    // return new X509Certificate2(certs[0].Handle);
-                    return certs[0].CloneCertificateInternal();
+                    return new X509Certificate2(certs[0]);
                 }
                 if (throwIfMultipleOrNoMatch)
                 {
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Binding/Custom/CustomBindingTests.4.1.0.cs b/src/System.Private.ServiceModel/tests/Scenarios/Binding/Custom/CustomBindingTests.4.1.0.cs
@@ -13,7 +13,6 @@ public partial class CustomBindingTests : ConditionalWcfTest
 {
     // Tcp: Client and Server bindings setup exactly the same using default settings.
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]
     [OuterLoop]
     public static void DefaultSettings_Tcp_Binary_Echo_RoundTrips_String()
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Client/ExpectedExceptions/ExpectedExceptionTests.4.1.0.cs b/src/System.Private.ServiceModel/tests/Scenarios/Client/ExpectedExceptions/ExpectedExceptionTests.4.1.0.cs
@@ -329,7 +329,6 @@ public static void DuplexCallback_Throws_FaultException_ReturnsFaultedTask()
     }
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [OuterLoop]
     // Verify product throws MessageSecurityException when the Dns identity from the server does not match the expectation
     public static void TCP_ServiceCertExpired_Throw_MessageSecurityException()
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Client/ExpectedExceptions/ExpectedExceptionTests.4.1.1.cs b/src/System.Private.ServiceModel/tests/Scenarios/Client/ExpectedExceptions/ExpectedExceptionTests.4.1.1.cs
@@ -12,7 +12,6 @@
 public partial class ExpectedExceptionTests : ConditionalWcfTest
 {
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]
     [OuterLoop]
     // Confirm that the Validate method of the custom X509CertificateValidator is called and that an exception thrown there is handled correctly.
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeCertificateCanonicalNameTests.4.1.0.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeCertificateCanonicalNameTests.4.1.0.cs
@@ -25,7 +25,6 @@ public class Tcp_ClientCredentialTypeCertificateCanonicalNameTests : Conditional
     // to pass a variation or fail a variation. 
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed))]
     [OuterLoop]
     public static void Certificate_With_CanonicalName_Localhost_Address_EchoString()
@@ -97,7 +96,6 @@ public static void Certificate_With_CanonicalName_Localhost_Address_EchoString()
     }
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed))]
     [OuterLoop]
     public static void Certificate_With_CanonicalName_DomainName_Address_EchoString()
@@ -174,7 +172,6 @@ public static void Certificate_With_CanonicalName_DomainName_Address_EchoString(
     }
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed))]
     [OuterLoop]
     public static void Certificate_With_CanonicalName_Fqdn_Address_EchoString()
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeTests.4.1.0.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeTests.4.1.0.cs
@@ -115,10 +115,9 @@ public static void TcpClientCredentialType_Certificate_CustomValidator_EchoStrin
     }
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
-    [Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]
+    [Condition(nameof(Root_Certificate_Installed))]
     [OuterLoop]
-    public static void TcpClientCredentialType_Certificate_With_ServerAltName_EchoString()
+    public static void TcpClientCredentialType_None_With_ServerAltName_EchoString()
     {
         EndpointAddress endpointAddress = null;
         string testString = "Hello";
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeTests.4.1.1.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/ClientCredentialTypeTests.4.1.1.cs
@@ -169,7 +169,6 @@ public static void NetTcp_SecModeTrans_CertValMode_PeerOrChainTrust_Succeeds_Cha
     }
 
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed),
                nameof(Client_Certificate_Installed),
                nameof(SSL_Available))]
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.4.1.0.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.4.1.0.cs
@@ -13,7 +13,6 @@
 public partial class IdentityTests : ConditionalWcfTest
 {
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]
     [OuterLoop]
     // The product code will check the Dns identity from the server and throw if it does not match what is specified in DnsEndpointIdentity
diff --git a/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.4.1.1.cs b/src/System.Private.ServiceModel/tests/Scenarios/Security/TransportSecurity/Tcp/IdentityTests.4.1.1.cs
@@ -13,7 +13,6 @@
 public partial class IdentityTests : ConditionalWcfTest
 {
     [WcfFact]
-    [Issue(1886, OS = OSID.AnyOSX)]
     [Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]
     [OuterLoop]
     // Verify product throws MessageSecurityException when the Dns identity from the server does not match the expectation

Original file line number	Diff line number	Diff line change
`@@ -28,11 +28,7 @@ internal X509SecurityTokenProvider(X509Certificate2 certificate, bool clone)`
`28`	`28`	`_clone = clone;`
`29`	`29`	`if (_clone)`
`30`	`30`	`{`
`31`		`- // dotnet/wcf#1574`
`32`		`- // ORIGINAL CODE:`
`33`		`- // _certificate = new X509Certificate2(certificate.Handle);`
`34`		`-`
`35`		`- _certificate = certificate.CloneCertificateInternal();`
	`31`	`+ _certificate = new X509Certificate2(certificate);`
`36`	`32`	`}`
`37`	`33`	`else`
`38`	`34`	`{`
Original file line number	Diff line number	Diff line change
`@@ -252,10 +252,7 @@ private void SetupServerCertificate(SecurityToken token)`
`252`	`252`	`SR.InvalidTokenProvided, _serverTokenProvider.GetType(), typeof(X509SecurityToken))));`
`253`	`253`	`}`
`254`	`254`
`255`		`- // dotnet/wcf#1574`
`256`		`- // ORIGINAL CODE:`
`257`		`- // _serverCertificate = new X509Certificate2(x509Token.Certificate.Handle);`
`258`		`- _serverCertificate = x509Token.Certificate.CloneCertificateInternal();`
	`255`	`+ _serverCertificate = new X509Certificate2(x509Token.Certificate);`
`259`	`256`	`}`
`260`	`257`
`261`	`258`	`private void CleanupServerCertificate()`
`@@ -713,10 +710,7 @@ private bool ValidateRemoteCertificate(object sender, X509Certificate certificat`
`713`	`710`	`{`
`714`	`711`	`// Note: add ref to handle since the caller will reset the cert after the callback return.`
`715`	`712`
`716`		`- // dotnet/wcf#1574`
`717`		`- // ORIGINAL CODE:`
`718`		`- // X509Certificate2 certificate2 = new X509Certificate2(certificate.Handle);`
`719`		`- X509Certificate2 certificate2 = certificate.CloneCertificateInternal();`
	`713`	`+ X509Certificate2 certificate2 = new X509Certificate2(certificate);`
`720`	`714`
`721`	`715`	`SecurityToken token = new X509SecurityToken(certificate2, false);`
`722`	`716`	`ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies = _serverCertificateAuthenticator.ValidateToken(token);`
Original file line number	Diff line number	Diff line change
`@@ -882,10 +882,7 @@ private static X509Certificate2 GetCertificateFromStoreCore(StoreName storeName,`
`882`	`882`	`certs = store.Certificates.Find(findType, findValue, false);`
`883`	`883`	`if (certs.Count == 1)`
`884`	`884`	`{`
`885`		`- // dotnet/wcf#1574`
`886`		`- // ORIGINAL CODE:`
`887`		`- // return new X509Certificate2(certs[0].Handle);`
`888`		`- return certs[0].CloneCertificateInternal();`
	`885`	`+ return new X509Certificate2(certs[0]);`
`889`	`886`	`}`
`890`	`887`	`if (throwIfMultipleOrNoMatch)`
`891`	`888`	`{`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,6 @@ public partial class CustomBindingTests : ConditionalWcfTest`
`13`	`13`	`{`
`14`	`14`	`// Tcp: Client and Server bindings setup exactly the same using default settings.`
`15`	`15`	`[WcfFact]`
`16`		`- [Issue(1886, OS = OSID.AnyOSX)]`
`17`	`16`	`[Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]`
`18`	`17`	`[OuterLoop]`
`19`	`18`	`public static void DefaultSettings_Tcp_Binary_Echo_RoundTrips_String()`
Original file line number	Diff line number	Diff line change
`@@ -329,7 +329,6 @@ public static void DuplexCallback_Throws_FaultException_ReturnsFaultedTask()`
`329`	`329`	`}`
`330`	`330`
`331`	`331`	`[WcfFact]`
`332`		`- [Issue(1886, OS = OSID.AnyOSX)]`
`333`	`332`	`[OuterLoop]`
`334`	`333`	`// Verify product throws MessageSecurityException when the Dns identity from the server does not match the expectation`
`335`	`334`	`public static void TCP_ServiceCertExpired_Throw_MessageSecurityException()`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,6 @@`
`12`	`12`	`public partial class ExpectedExceptionTests : ConditionalWcfTest`
`13`	`13`	`{`
`14`	`14`	`[WcfFact]`
`15`		`- [Issue(1886, OS = OSID.AnyOSX)]`
`16`	`15`	`[Condition(nameof(Root_Certificate_Installed), nameof(Client_Certificate_Installed))]`
`17`	`16`	`[OuterLoop]`
`18`	`17`	`// Confirm that the Validate method of the custom X509CertificateValidator is called and that an exception thrown there is handled correctly.`