diff --git a/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs b/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs index 185416759e725b..320e90890318b3 100644 --- a/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs +++ b/src/libraries/Common/tests/System/Net/Configuration.Certificates.Dynamic.cs @@ -162,9 +162,8 @@ public void Dispose() } } - internal static PkiHolder GenerateCertificates(string targetName, [CallerMemberName] string? testName = null, bool longChain = false, bool serverCertificate = true, bool ephemeralKey = false) + internal static PkiHolder GenerateCertificates(string targetName, [CallerMemberName] string? testName = null, bool longChain = false, bool serverCertificate = true, bool ephemeralKey = false, bool forceRsaCertificate = false) { - const int keySize = 2048; if (PlatformDetection.IsWindows && testName != null) { CleanupCertificates(testName); @@ -182,7 +181,9 @@ internal static PkiHolder GenerateCertificates(string targetName, [CallerMemberN intermediateAuthorityCount: longChain ? 3 : 1, subjectName: targetName, testName: testName, - keyFactory: CertificateAuthority.KeyFactory.RSASize(keySize), + forTls: true, + // [ActiveIssue("https://github.com/dotnet/runtime/issues/119641")] + keyFactory: !forceRsaCertificate ? null : CertificateAuthority.KeyFactory.RSASize(2048), extensions: extensions); if (!ephemeralKey && PlatformDetection.IsWindows) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs index 360c4e36c41190..ceae2dcb1ae251 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs @@ -48,6 +48,7 @@ internal sealed class CertificateAuthority : IDisposable private static readonly Asn1Tag s_context1 = new Asn1Tag(TagClass.ContextSpecific, 1); private static readonly Asn1Tag s_context2 = new Asn1Tag(TagClass.ContextSpecific, 2); private static readonly KeyFactory[] s_variantKeyFactories = KeyFactory.BuildVariantFactories(); + private static readonly KeyFactory[] s_tlsVariantKeyFactories = KeyFactory.BuildTlsVariantFactories(); private static readonly X500DistinguishedName s_nonParticipatingName = new X500DistinguishedName("CN=The Ghost in the Machine"); @@ -804,6 +805,7 @@ internal static void BuildPrivatePki( bool pkiOptionsInSubject = false, string subjectName = null, KeyFactory keyFactory = null, + bool forTls = false, X509ExtensionCollection extensions = null) { bool rootDistributionViaHttp = !pkiOptions.HasFlag(PkiOptions.NoRootCertDistributionUri); @@ -842,9 +844,10 @@ internal static void BuildPrivatePki( int written = hasher.GetCurrentHash(hash); Debug.Assert(written == hash.Length); - // Using mod here will create an imbalance any time s_variantKeyFactories isn't a power of 2, + // Using mod here will create an imbalance any time the key factories array isn't a power of 2, // but that's OK. - keyFactory = s_variantKeyFactories[hash[0] % s_variantKeyFactories.Length]; + KeyFactory[] keyFactories = forTls ? s_tlsVariantKeyFactories : s_variantKeyFactories; + keyFactory = keyFactories[hash[0] % keyFactories.Length]; } } @@ -946,6 +949,7 @@ internal static void BuildPrivatePki( bool pkiOptionsInSubject = false, string subjectName = null, KeyFactory keyFactory = null, + bool forTls = false, X509ExtensionCollection extensions = null) { BuildPrivatePki( @@ -960,6 +964,7 @@ internal static void BuildPrivatePki( pkiOptionsInSubject: pkiOptionsInSubject, subjectName: subjectName, keyFactory: keyFactory, + forTls: forTls, extensions: extensions); intermediateAuthority = intermediateAuthorities.Single(); @@ -1052,6 +1057,29 @@ internal static KeyFactory[] BuildVariantFactories() return factories.ToArray(); } + + internal static KeyFactory[] BuildTlsVariantFactories() + { + List factories = [RSASize(2048), ECDsa]; + + if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + if (Cryptography.MLDsa.IsSupported) + { + factories.Add(MLDsa); + } + + // OpenSSL default provider does not advertise SLH-DSA in TLS-SIGALG capability, + // causing it to not recognize SLH-DSA certificates for use in TLS connections + // [ActiveIssue("https://github.com/dotnet/runtime/issues/119573")] + if (!PlatformDetection.IsOpenSslSupported && Cryptography.SlhDsa.IsSupported) + { + factories.Add(SlhDsa); + } + } + + return factories.ToArray(); + } } private sealed class KeyHolder : IDisposable diff --git a/src/libraries/System.Net.Quic/tests/FunctionalTests/MsQuicTests.cs b/src/libraries/System.Net.Quic/tests/FunctionalTests/MsQuicTests.cs index b5677746bab267..94c4ad2a1102b7 100644 --- a/src/libraries/System.Net.Quic/tests/FunctionalTests/MsQuicTests.cs +++ b/src/libraries/System.Net.Quic/tests/FunctionalTests/MsQuicTests.cs @@ -34,7 +34,9 @@ public class CertificateSetup : IDisposable public CertificateSetup() { - _pkiHolder = Configuration.Certificates.GenerateCertificates("localhost", nameof(MsQuicTests), longChain: true); + _pkiHolder = Configuration.Certificates.GenerateCertificates("localhost", nameof(MsQuicTests), longChain: true, + // [ActiveIssue("https://github.com/dotnet/runtime/issues/119641")] + forceRsaCertificate: !PlatformDetection.IsWindows); } public SslStreamCertificateContext CreateSslStreamCertificateContext() => _pkiHolder.CreateSslStreamCertificateContext(); @@ -572,7 +574,9 @@ public async Task ConnectWithCertificateForLoopbackIP_IndicatesExpectedError(str throw new SkipTestException("IPv6 is not available on this platform"); } - using Configuration.Certificates.PkiHolder pkiHolder = Configuration.Certificates.GenerateCertificates(expectsError ? "badhost" : "localhost"); + using Configuration.Certificates.PkiHolder pkiHolder = Configuration.Certificates.GenerateCertificates(expectsError ? "badhost" : "localhost", + // [ActiveIssue("https://github.com/dotnet/runtime/issues/119641")] + forceRsaCertificate: !PlatformDetection.IsWindows); X509Certificate2 certificate = pkiHolder.EndEntity; var listenerOptions = new QuicListenerOptions()