Make SKI.SubjectKeyIdentifierBytes nullable

bartonjs · Jun 10, 2022 · b7d9803 · b7d9803
1 parent 5ccef31
commit b7d9803
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 6 deletions.
diff --git a/...Security.Cryptography.X509Certificates/tests/ExtensionsTests/SubjectKeyIdentifierTests.cs b/...Security.Cryptography.X509Certificates/tests/ExtensionsTests/SubjectKeyIdentifierTests.cs
@@ -20,6 +20,8 @@ public static void DefaultConstructor()
 
             string skid = e.SubjectKeyIdentifier;
             Assert.Null(skid);
+
+            Assert.False(e.SubjectKeyIdentifierBytes.HasValue, "SubjectKeyIdentifierBytes.HasValue");
         }
 
         [Theory]
@@ -55,6 +57,10 @@ public static void EncodeFromBytes(bool fromSpan)
 
             string skid = e.SubjectKeyIdentifier;
             Assert.Equal("01020304", skid);
+
+            AssertExtensions.SequenceEqual(
+                new byte[] { 1, 2, 3, 4 },
+                e.SubjectKeyIdentifierBytes.GetValueOrDefault().Span);
         }
 
         [Fact]
@@ -69,6 +75,10 @@ public static void EncodeFromString()
             e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
             string skid = e.SubjectKeyIdentifier;
             Assert.Equal("01ABCD", skid);
+
+            AssertExtensions.SequenceEqual(
+                new byte[] { 0x01, 0xAB, 0xCD },
+                e.SubjectKeyIdentifierBytes.GetValueOrDefault().Span);
         }
 
         [Fact]
@@ -89,6 +99,11 @@ public static void EncodeFromPublicKey()
             e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
             string skid = e.SubjectKeyIdentifier;
             Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid);
+
+            Assert.Equal(
+                "5971A65A334DDA980780FF841EBE87F9723241F2",
+                e.SubjectKeyIdentifierBytes.GetValueOrDefault().ByteArrayToHex());
+
         }
 
         [Fact]
@@ -134,8 +149,12 @@ public static void DecodeFromBER()
             ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
             string skid = ext.SubjectKeyIdentifier;
             Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid);
+
+            Assert.Equal(
+                "5971A65A334DDA980780FF841EBE87F9723241F2",
+                ext.SubjectKeyIdentifierBytes.GetValueOrDefault().ByteArrayToHex());
         }
-        
+
         private static void EncodeDecode(
             byte[] certBytes,
             X509SubjectKeyIdentifierHashAlgorithm algorithm,
@@ -158,6 +177,10 @@ private static void EncodeDecode(
 
             ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), critical);
             Assert.Equal(expectedIdentifier, ext.SubjectKeyIdentifier);
+
+            Assert.Equal(
+                expectedIdentifier,
+                ext.SubjectKeyIdentifierBytes.GetValueOrDefault().ByteArrayToHex());
         }
     }
 }
diff --git a/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs b/src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs
@@ -3202,7 +3202,7 @@ public X509SubjectKeyIdentifierExtension(System.Security.Cryptography.X509Certif
         public X509SubjectKeyIdentifierExtension(System.Security.Cryptography.X509Certificates.PublicKey key, System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) { }
         public X509SubjectKeyIdentifierExtension(string subjectKeyIdentifier, bool critical) { }
         public string? SubjectKeyIdentifier { get { throw null; } }
-        public System.ReadOnlyMemory<byte> SubjectKeyIdentifierBytes { get { throw null; } }
+        public System.ReadOnlyMemory<byte>? SubjectKeyIdentifierBytes { get { throw null; } }
         public override void CopyFrom(System.Security.Cryptography.AsnEncodedData asnEncodedData) { }
     }
     public enum X509SubjectKeyIdentifierHashAlgorithm

diff --git a/.../src/System/Security/Cryptography/X509Certificates/X509AuthorityKeyIdentifierExtension.cs b/.../src/System/Security/Cryptography/X509Certificates/X509AuthorityKeyIdentifierExtension.cs
@@ -138,7 +138,13 @@ public static X509AuthorityKeyIdentifierExtension CreateFromSubjectKeyIdentifier
         {
             ArgumentNullException.ThrowIfNull(subjectKeyIdentifier);
 
-            return CreateFromSubjectKeyIdentifier(subjectKeyIdentifier.SubjectKeyIdentifierBytes.Span);
+            if (!subjectKeyIdentifier.SubjectKeyIdentifierBytes.HasValue)
+            {
+                throw new ArgumentException("Something about the extension has not had a value provided to it");
+            }
+
+            return CreateFromSubjectKeyIdentifier(
+                subjectKeyIdentifier.SubjectKeyIdentifierBytes.GetValueOrDefault().Span);
         }
 
         public static X509AuthorityKeyIdentifierExtension CreateFromSubjectKeyIdentifier(
@@ -265,15 +271,19 @@ public static X509AuthorityKeyIdentifierExtension CreateFromCertificate(
                     throw new CryptographicException("Provided certificate does not have a subject key identifier");
                 }
 
+                // Only the default constructor for the X509SubjectKeyIdentifierExtension produces null
+                Debug.Assert(skid.SubjectKeyIdentifierBytes.HasValue);
+                ReadOnlySpan<byte> skidBytes = skid.SubjectKeyIdentifierBytes.GetValueOrDefault().Span;
+
                 if (includeIssuerAndSerial)
                 {
                     return Create(
-                        skid.SubjectKeyIdentifierBytes.Span,
+                        skidBytes,
                         certificate.IssuerName,
                         certificate.SerialNumberBytes.Span);
                 }
 
-                return CreateFromSubjectKeyIdentifier(skid.SubjectKeyIdentifierBytes.Span);
+                return CreateFromSubjectKeyIdentifier(skidBytes);
             }
             else if (includeIssuerAndSerial)
             {

diff --git a/...hy/src/System/Security/Cryptography/X509Certificates/X509SubjectKeyIdentifierExtension.cs b/...hy/src/System/Security/Cryptography/X509Certificates/X509SubjectKeyIdentifierExtension.cs
@@ -61,7 +61,7 @@ public string? SubjectKeyIdentifier
             }
         }
 
-        public ReadOnlyMemory<byte> SubjectKeyIdentifierBytes
+        public ReadOnlyMemory<byte>? SubjectKeyIdentifierBytes
         {
             get
             {
@@ -70,6 +70,11 @@ public ReadOnlyMemory<byte> SubjectKeyIdentifierBytes
                     Decode(RawData);
                 }
 
+                if (_subjectKeyIdentifier is null)
+                {
+                    return default;
+                }
+
                 return _subjectKeyIdentifier;
             }
         }