Fix behavior and test for X509Store.Add when store is readonly.

bartonjs · bartonjs · commit 91825719728d · 2015-08-16T21:58:23.000-07:00
Despite what was concluded from the earlier testing, Windows does actually report an access denied error when calling X509Store.Add on a store instance that was opened as read-only.  This fixes the test, and the Unix implementation.
diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/DirectoryBasedStoreProvider.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/DirectoryBasedStoreProvider.cs
@@ -190,6 +190,12 @@ private List<X509Certificate2> ReadDirectory()
 
         public void Add(ICertificatePal certPal)
         {
+            if (_readOnly)
+            {
+                // Windows compatibility: Remove only throws when it needs to do work, add throws always.
+                throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
+            }
+
             // Save the collection to a local so it's consistent for the whole method
             List<X509Certificate2> certificates = _certificates;
             OpenSslX509CertificateReader cert = (OpenSslX509CertificateReader)certPal;
@@ -267,13 +273,6 @@ public void Add(ICertificatePal certPal)
                     }
                 }
 
-                if (_readOnly)
-                {
-                    // Windows compatibility: Don't throw until it has been established that
-                    // the certificate is not present, and we need to modify the filesystem.
-                    throw new CryptographicException(SR.Cryptography_X509_StoreReadOnly);
-                }
-
                 string destinationFilename;
                 FileMode mode = FileMode.CreateNew;
 
diff --git a/src/System.Security.Cryptography.X509Certificates/tests/X509StoreTests.cs b/src/System.Security.Cryptography.X509Certificates/tests/X509StoreTests.cs
@@ -60,7 +60,7 @@ public static void AddReadOnlyThrows()
 
         [Fact]
         [ActiveIssue(2820, PlatformID.AnyUnix)]
-        public static void AddReadOnlyDoesntThrowWhenCertificateExists()
+        public static void AddReadOnlyThrowsWhenCertificateExists()
         {
             using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
             {
@@ -82,8 +82,7 @@ public static void AddReadOnlyDoesntThrowWhenCertificateExists()
 
                 if (toAdd != null)
                 {
-                    // This shouldn't throw, the cert is already present.
-                    store.Add(toAdd);
+                    Assert.Throws<CryptographicException>(() => store.Add(toAdd));
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ public static void AddReadOnlyThrows()`
`60`	`60`
`61`	`61`	`[Fact]`
`62`	`62`	`[ActiveIssue(2820, PlatformID.AnyUnix)]`
`63`		`- public static void AddReadOnlyDoesntThrowWhenCertificateExists()`
	`63`	`+ public static void AddReadOnlyThrowsWhenCertificateExists()`
`64`	`64`	`{`
`65`	`65`	`using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser))`
`66`	`66`	`{`
`@@ -82,8 +82,7 @@ public static void AddReadOnlyDoesntThrowWhenCertificateExists()`
`82`	`82`
`83`	`83`	`if (toAdd != null)`
`84`	`84`	`{`
`85`		`- // This shouldn't throw, the cert is already present.`
`86`		`- store.Add(toAdd);`
	`85`	`+ Assert.Throws<CryptographicException>(() => store.Add(toAdd));`
`87`	`86`	`}`
`88`	`87`	`}`
`89`	`88`	`}`