Test: replace Portable.BouncyCastle with System.Formats.Asn1 (#5937)

Resolve NuGet/Client.Engineering#969.

Directory.Packages.props

@@ -81,11 +81,11 @@
     <PackageVersion Include="NuGet.Client.EndToEnd.TestData" Version="1.0.0" />
     <PackageVersion Include="NuGet.Core" Version="2.14.0-rtm-832" />
     <PackageVersion Include="NuGetValidator" version="2.1.1" />
-    <PackageVersion Include="Portable.BouncyCastle" Version="1.9.0" />
     <PackageVersion Include="SharpZipLib" Version="1.4.2" />
     <PackageVersion Include="System.Collections" Version="$(SystemPackagesVersion)" />
     <PackageVersion Include="System.CommandLine" Version="$(SystemCommandLineVersion)" />
     <PackageVersion Include="System.ComponentModel.Composition" Version="$(SystemComponentModelCompositionPackageVersion)" />
+    <PackageVersion Include="System.Formats.Asn1" Version="8.0.1" />
     <PackageVersion Include="System.IO.FileSystem.Primitives" Version="$(SystemPackagesVersion)" />
     <PackageVersion Include="System.Memory" Version="4.5.5" />
     <PackageVersion Include="System.Resources.ResourceManager" Version="$(SystemPackagesVersion)" />
@@ -176,6 +176,7 @@
       <_allowBuildFromSourcePackage Include="Newtonsoft.Json" />
       <_allowBuildFromSourcePackage Include="System.CommandLine" />
       <_allowBuildFromSourcePackage Include="System.ComponentModel.Composition" />
+      <_allowBuildFromSourcePackage Include="System.Formats.Asn1" />
       <_allowBuildFromSourcePackage Include="System.Security.Cryptography.Cng" />
       <_allowBuildFromSourcePackage Include="System.Security.Cryptography.Pkcs" />
       <_allowBuildFromSourcePackage Include="System.Security.Cryptography.ProtectedData" />

test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/InstallCommandTests.cs

@@ -9,8 +9,6 @@
 using System.Threading.Tasks;
 using FluentAssertions;
 using NuGet.Test.Utility;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Security;
 using Test.Utility.Signing;
 using Xunit;
 using Xunit.Abstractions;
@@ -24,14 +22,14 @@ namespace NuGet.CommandLine.FuncTest.Commands
     [Collection(SignCommandTestCollection.Name)]
     public class InstallCommandTests
     {
-        private static readonly string _NU3008Message = "The package integrity check failed. The package has changed since it was signed. Try clearing the local http-cache and run nuget operation again.";
-        private static readonly string _NU3008 = "NU3008: {0}";
-        private static readonly string _NU3027Message = "The signature should be timestamped to enable long-term signature validity after the certificate has expired.";
-        private static readonly string _NU3027 = "NU3027: {0}";
-        private static readonly string _NU3012Message = "The author primary signature found a chain building issue: Revoked: The certificate is revoked.";
-        private static readonly string _NU3012 = "NU3012: {0}";
-        private static readonly string _NU3018Message = "The author primary signature's signing certificate is not trusted by the trust provider.";
-        private static readonly string _NU3018 = "NU3018: {0}";
+        private static readonly string NU3008Message = "The package integrity check failed. The package has changed since it was signed. Try clearing the local http-cache and run nuget operation again.";
+        private static readonly string NU3008 = "NU3008: {0}";
+        private static readonly string NU3027Message = "The signature should be timestamped to enable long-term signature validity after the certificate has expired.";
+        private static readonly string NU3027 = "NU3027: {0}";
+        private static readonly string NU3012Message = "The author primary signature found a chain building issue: Revoked: The certificate is revoked.";
+        private static readonly string NU3012 = "NU3012: {0}";
+        private static readonly string NU3018Message = "The author primary signature's signing certificate is not trusted by the trust provider.";
+        private static readonly string NU3018 = "NU3018: {0}";
 
         private SignCommandTestFixture _testFixture;
         private readonly ITestOutputHelper _testOutputHelper;
@@ -75,7 +73,7 @@ public async Task Install_AuthorSignedPackage_SucceedsAsync()
 
                 // Assert
                 result.ExitCode.Should().Be(0);
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3027, SigningTestUtility.AddSignatureLogPrefix(NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
             }
         }
 
@@ -108,7 +106,7 @@ public async Task Install_RepoSignedPackage_SucceedsAsync()
 
                 // Assert
                 result.ExitCode.Should().Be(0);
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3027, SigningTestUtility.AddSignatureLogPrefix(NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
             }
         }
 
@@ -141,8 +139,8 @@ public async Task Install_UntrustedCertSignedPackage_WarnsAsync()
 
                 // Assert
                 result.ExitCode.Should().Be(0);
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3018, SigningTestUtility.AddSignatureLogPrefix(_NU3018Message, nupkg.Identity, context.WorkingDirectory))}");
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3018, SigningTestUtility.AddSignatureLogPrefix(NU3018Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3027, SigningTestUtility.AddSignatureLogPrefix(NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
             }
         }
 
@@ -176,8 +174,8 @@ public async Task Install_TamperedPackage_FailsAsync()
 
                 // Assert
                 result.ExitCode.Should().Be(1);
-                result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory)));
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.Errors.Should().Contain(string.Format(NU3008, SigningTestUtility.AddSignatureLogPrefix(NU3008Message, nupkg.Identity, context.WorkingDirectory)));
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3027, SigningTestUtility.AddSignatureLogPrefix(NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
             }
         }
 
@@ -189,20 +187,17 @@ public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsy
             var testServer = await _testFixture.GetSigningTestServerAsync();
             var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
             var issueOptions = IssueCertificateOptions.CreateDefaultForEndCertificate();
-            var bcCertificate = certificateAuthority.IssueCertificate(issueOptions);
 
             using (var context = new SimpleTestPathContext())
-            using (var testCertificate = new X509Certificate2(bcCertificate.GetEncoded()))
+            using (X509Certificate2 testCertificate = certificateAuthority.IssueCertificate(issueOptions))
             {
-                testCertificate.PrivateKey = DotNetUtilities.ToRSA(issueOptions.KeyPair.Private as RsaPrivateCrtKeyParameters);
-
                 var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(testCertificate, nupkg, context.WorkingDirectory);
                 SignedArchiveTestUtility.TamperWithPackage(signedPackagePath);
 
-                await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(bcCertificate);
+                await certificateAuthority.OcspResponder.WaitForResponseExpirationAsync(testCertificate);
                 certificateAuthority.Revoke(
-                    bcCertificate,
-                    RevocationReason.KeyCompromise,
+                    testCertificate,
+                    X509RevocationReason.KeyCompromise,
                     DateTimeOffset.UtcNow.AddSeconds(-1));
 
                 var args = new string[]
@@ -223,9 +218,9 @@ public async Task Install_TamperedAndRevokedCertificateSignaturePackage_FailsAsy
 
                 // Assert
                 result.ExitCode.Should().Be(1);
-                result.Errors.Should().Contain(string.Format(_NU3008, SigningTestUtility.AddSignatureLogPrefix(_NU3008Message, nupkg.Identity, context.WorkingDirectory)));
-                result.Errors.Should().Contain(string.Format(_NU3012, SigningTestUtility.AddSignatureLogPrefix(_NU3012Message, nupkg.Identity, context.WorkingDirectory)));
-                result.AllOutput.Should().Contain($"WARNING: {string.Format(_NU3027, SigningTestUtility.AddSignatureLogPrefix(_NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
+                result.Errors.Should().Contain(string.Format(NU3008, SigningTestUtility.AddSignatureLogPrefix(NU3008Message, nupkg.Identity, context.WorkingDirectory)));
+                result.Errors.Should().Contain(string.Format(NU3012, SigningTestUtility.AddSignatureLogPrefix(NU3012Message, nupkg.Identity, context.WorkingDirectory)));
+                result.AllOutput.Should().Contain($"WARNING: {string.Format(NU3027, SigningTestUtility.AddSignatureLogPrefix(NU3027Message, nupkg.Identity, context.WorkingDirectory))}");
             }
         }
 

test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/SignCommandTestFixture.cs

@@ -23,8 +23,8 @@ namespace NuGet.CommandLine.FuncTest.Commands
     /// </summary>
     public class SignCommandTestFixture : IDisposable
     {
-        private const int _validCertChainLength = 3;
-        private const int _invalidCertChainLength = 2;
+        private const int ValidCertChainLength = 3;
+        private const int InvalidCertChainLength = 2;
 
         private TrustedTestCert<TestCertificate> _trustedTestCert;
         private TrustedTestCert<TestCertificate> _trustedTestCertWithInvalidEku;
@@ -128,7 +128,7 @@ public TrustedTestCertificateChain TrustedTestCertificateChain
             {
                 if (_trustedTestCertChain == null)
                 {
-                    var certChain = SigningTestUtility.GenerateCertificateChain(_validCertChainLength, CrlServer.Uri, TestDirectory.Path);
+                    var certChain = SigningTestUtility.GenerateCertificateChain(ValidCertChainLength, CrlServer.Uri, TestDirectory.Path);
 
                     _trustedTestCertChain = new TrustedTestCertificateChain()
                     {
@@ -148,7 +148,7 @@ public TrustedTestCert<TestCertificate> RevokedTestCertificateWithChain
             {
                 if (_revokedTestCertChain == null)
                 {
-                    var certChain = SigningTestUtility.GenerateCertificateChain(_invalidCertChainLength, CrlServer.Uri, TestDirectory.Path);
+                    var certChain = SigningTestUtility.GenerateCertificateChain(InvalidCertChainLength, CrlServer.Uri, TestDirectory.Path);
 
                     _revokedTestCertChain = new TrustedTestCertificateChain()
                     {
@@ -171,7 +171,7 @@ public TrustedTestCert<TestCertificate> RevocationUnknownTestCertificateWithChai
             {
                 if (_revocationUnknownTestCertChain == null)
                 {
-                    var certChain = SigningTestUtility.GenerateCertificateChain(_invalidCertChainLength, CrlServer.Uri, TestDirectory.Path, configureLeafCrl: false);
+                    var certChain = SigningTestUtility.GenerateCertificateChain(InvalidCertChainLength, CrlServer.Uri, TestDirectory.Path, configureLeafCrl: false);
 
                     _revocationUnknownTestCertChain = new TrustedTestCertificateChain()
                     {
@@ -371,7 +371,7 @@ private async Task<CertificateAuthority> CreateDefaultTrustedCertificateAuthorit
             var testServer = await _testServer.Value;
             var rootCa = CertificateAuthority.Create(testServer.Url);
             var intermediateCa = rootCa.CreateIntermediateCertificateAuthority();
-            var rootCertificate = new X509Certificate2(rootCa.Certificate.GetEncoded());
+            var rootCertificate = new X509Certificate2(rootCa.Certificate);
 
             _trustedTimestampRoot = TrustedTestCert.Create(
                 rootCertificate,

test/NuGet.Clients.FuncTests/NuGet.MSSigning.Extensions.FuncTest/MSSignCommandTestFixture.cs

@@ -6,7 +6,6 @@
 using System.IO;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
-using NuGet.Packaging.Signing;
 using Test.Utility.Signing;
 
 namespace NuGet.MSSigning.Extensions.FuncTest.Commands
@@ -97,7 +96,7 @@ private async Task<CertificateAuthority> CreateDefaultTrustedTimestampingRootCer
             var testServer = await _testServer.Value;
             var rootCa = CertificateAuthority.Create(testServer.Url);
             var intermediateCa = rootCa.CreateIntermediateCertificateAuthority();
-            var rootCertificate = new X509Certificate2(rootCa.Certificate.GetEncoded());
+            var rootCertificate = new X509Certificate2(rootCa.Certificate);
             StoreLocation storeLocation = CertificateStoreUtilities.GetTrustedCertificateStoreLocation();
 
             _trustedTimestampRoot = TrustedTestCert.Create(

test/NuGet.Core.FuncTests/Dotnet.Integration.Test/SignCommandTestFixture.cs

@@ -402,7 +402,7 @@ private async Task<CertificateAuthority> CreateDefaultTrustedTimestampingRootCer
             var testServer = await _testServer.Value;
             var rootCa = CertificateAuthority.Create(testServer.Url);
             var intermediateCa = rootCa.CreateIntermediateCertificateAuthority();
-            var rootCertificate = new X509Certificate2(rootCa.Certificate.GetEncoded());
+            var rootCertificate = new X509Certificate2(rootCa.Certificate);
             StoreLocation storeLocation = CertificateStoreUtilities.GetTrustedCertificateStoreLocation();
 
             _trustedTimestampRoot = new X509StoreCertificate(