From ba4995e2903f62f58a1fdff112483ddc21db78f6 Mon Sep 17 00:00:00 2001 From: buyaa-n Date: Fri, 21 Feb 2020 14:32:30 -0800 Subject: [PATCH] Fix nullability annotations in Pkcs (#32616) Fixing nullability annotations --- .../Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs | 7 ++++--- .../src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs | 13 ++++++++----- .../src/System.Security.Cryptography.Pkcs.csproj | 2 +- .../System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs | 6 +++--- .../System/Security/Cryptography/Pkcs/CmsSignature.ECDsa.cs | 6 +++--- .../System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs | 6 +++--- .../src/System/Security/Cryptography/Pkcs/CmsSigner.cs | 4 ++-- .../src/System/Security/Cryptography/Pkcs/SignerInfo.cs | 2 +- 8 files changed, 25 insertions(+), 21 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs index ee2f549..e7684f7 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs @@ -96,7 +96,8 @@ namespace Internal.Cryptography.Pal.AnyOS } else { - using (RSA rsa = cert.GetRSAPrivateKey()) + Debug.Assert(cert != null); + using (RSA? rsa = cert.GetRSAPrivateKey()) { return DecryptKey(rsa, encryptionPadding, encryptedKey, out exception); } @@ -168,7 +169,7 @@ namespace Internal.Cryptography.Pal.AnyOS throw new CryptographicException(SR.Cryptography_Cms_UnknownAlgorithm); } - using (RSA rsa = recipient.Certificate.GetRSAPublicKey()) + using (RSA rsa = recipient.Certificate.GetRSAPublicKey()!) { ktri.EncryptedKey = rsa.Encrypt(cek, padding); } @@ -178,7 +179,7 @@ namespace Internal.Cryptography.Pal.AnyOS } private static byte[]? DecryptKey( - RSA privateKey, + RSA? privateKey, RSAEncryptionPadding encryptionPadding, ReadOnlySpan encryptedKey, out Exception? exception) diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs index 2d64217..3386f88 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.cs @@ -4,6 +4,7 @@ using System; using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; using System.Security.Cryptography; using System.Security.Cryptography.Asn1; using System.Security.Cryptography.Pkcs; @@ -32,7 +33,7 @@ namespace Internal.Cryptography.Pal.AnyOS { Debug.Assert(certificate != null); - X509Extension extension = certificate.Extensions[Oids.SubjectKeyIdentifier]; + X509Extension? extension = certificate.Extensions[Oids.SubjectKeyIdentifier]; if (extension == null) { @@ -59,25 +60,27 @@ namespace Internal.Cryptography.Pal.AnyOS throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); } + [return: MaybeNull] public override T GetPrivateKeyForSigning(X509Certificate2 certificate, bool silent) { return GetPrivateKey(certificate); } + [return: MaybeNull] public override T GetPrivateKeyForDecryption(X509Certificate2 certificate, bool silent) { return GetPrivateKey(certificate); } - private T GetPrivateKey(X509Certificate2 certificate) where T : AsymmetricAlgorithm + private T? GetPrivateKey(X509Certificate2 certificate) where T : AsymmetricAlgorithm { if (typeof(T) == typeof(RSA)) - return (T)(object)certificate.GetRSAPrivateKey(); + return (T?)(object?)certificate.GetRSAPrivateKey(); if (typeof(T) == typeof(ECDsa)) - return (T)(object)certificate.GetECDsaPrivateKey(); + return (T?)(object?)certificate.GetECDsaPrivateKey(); #if NETCOREAPP || NETSTANDARD2_1 if (typeof(T) == typeof(DSA)) - return (T)(object)certificate.GetDSAPrivateKey(); + return (T?)(object?)certificate.GetDSAPrivateKey(); #endif Debug.Fail($"Unknown key type requested: {typeof(T).FullName}"); diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj index c397d7f..8f3d580 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj @@ -6,7 +6,7 @@ true true $(NoWarn);CS1574;CS3016;CA5379;CA5384 - annotations + enable $(NetCoreAppCurrent)-Windows_NT;$(NetCoreAppCurrent);netstandard2.0;netstandard2.0-Windows_NT;netstandard2.1;netstandard2.1-Windows_NT;netcoreapp3.0-Windows_NT;netcoreapp3.0;net461-Windows_NT;$(NetFrameworkCurrent)-Windows_NT true true diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs index 8ecb47c..866664d 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.DSA.cs @@ -59,7 +59,7 @@ namespace System.Security.Cryptography.Pkcs _signatureAlgorithm)); } - DSA dsa = certificate.GetDSAPublicKey(); + DSA? dsa = certificate.GetDSAPublicKey(); if (dsa == null) { @@ -107,7 +107,7 @@ namespace System.Security.Cryptography.Pkcs [NotNullWhen(true)] out byte[]? signatureValue) { // If there's no private key, fall back to the public key for a "no private key" exception. - DSA dsa = key as DSA ?? + DSA? dsa = key as DSA ?? PkcsPal.Instance.GetPrivateKeyForSigning(certificate, silent) ?? certificate.GetDSAPublicKey(); @@ -145,7 +145,7 @@ namespace System.Security.Cryptography.Pkcs { var signature = new ReadOnlySpan(rented, 0, bytesWritten); - if (key != null && !certificate.GetDSAPublicKey().VerifySignature(dataHash, signature)) + if (key != null && !certificate.GetDSAPublicKey()!.VerifySignature(dataHash, signature)) { // key did not match certificate signatureValue = null; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.ECDsa.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.ECDsa.cs index f1c9707..9e7089b 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.ECDsa.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.ECDsa.cs @@ -59,7 +59,7 @@ namespace System.Security.Cryptography.Pkcs _signatureAlgorithm)); } - ECDsa key = certificate.GetECDsaPublicKey(); + ECDsa? key = certificate.GetECDsaPublicKey(); if (key == null) { @@ -112,7 +112,7 @@ namespace System.Security.Cryptography.Pkcs [NotNullWhen(true)] out byte[]? signatureValue) { // If there's no private key, fall back to the public key for a "no private key" exception. - ECDsa key = certKey as ECDsa ?? + ECDsa? key = certKey as ECDsa ?? PkcsPal.Instance.GetPrivateKeyForSigning(certificate, silent) ?? certificate.GetECDsaPublicKey(); @@ -157,7 +157,7 @@ namespace System.Security.Cryptography.Pkcs { var signedHash = new ReadOnlySpan(rented, 0, bytesWritten); - if (key != null && !certificate.GetECDsaPublicKey().VerifyHash(dataHash, signedHash)) + if (key != null && !certificate.GetECDsaPublicKey()!.VerifyHash(dataHash, signedHash)) { // key did not match certificate signatureValue = null; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs index cd65a88..247ed26 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.RSA.cs @@ -68,7 +68,7 @@ namespace System.Security.Cryptography.Pkcs digestAlgorithmName, valueHash.Length); - RSA publicKey = certificate.GetRSAPublicKey(); + RSA? publicKey = certificate.GetRSAPublicKey(); if (publicKey == null) { @@ -136,10 +136,10 @@ namespace System.Security.Cryptography.Pkcs [NotNullWhen(true)] out Oid? signatureAlgorithm, [NotNullWhen(true)] out byte[]? signatureValue) { - RSA certPublicKey = certificate.GetRSAPublicKey(); + RSA certPublicKey = certificate.GetRSAPublicKey()!; // If there's no private key, fall back to the public key for a "no private key" exception. - RSA privateKey = key as RSA ?? + RSA? privateKey = key as RSA ?? PkcsPal.Instance.GetPrivateKeyForSigning(certificate, silent) ?? certPublicKey; diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs index d515b1d..0070cc4 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs @@ -255,7 +255,7 @@ namespace System.Security.Cryptography.Pkcs { if (IncludeOption == X509IncludeOption.EndCertOnly) { - certs.Add(Certificate); + certs.Add(Certificate!); } else if (IncludeOption != X509IncludeOption.None) { @@ -263,7 +263,7 @@ namespace System.Security.Cryptography.Pkcs chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; - if (!chain.Build(Certificate)) + if (!chain.Build(Certificate!)) { foreach (X509ChainStatus status in chain.ChainStatus) { diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs index 546eea1..9247ae5 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs @@ -548,7 +548,7 @@ namespace System.Security.Cryptography.Pkcs } case SubjectIdentifierType.SubjectKeyIdentifier: { - filtered = extraStore.Find(X509FindType.FindBySubjectKeyIdentifier, signerIdentifier.Value, false); + filtered = extraStore.Find(X509FindType.FindBySubjectKeyIdentifier, signerIdentifier.Value!, false); if (filtered.Count > 0) { -- 2.7.4