Don't create a directory specified by the user

Author: amcasey

src/ProjectTemplates/Shared/DevelopmentCertificate.cs

@@ -35,7 +35,7 @@ private static string EnsureDevelopmentCertificates(string certificatePath, stri
         var manager = CertificateManager.Instance;
         var certificate = manager.CreateAspNetCoreHttpsDevelopmentCertificate(now, now.AddYears(1));
         var certificateThumbprint = certificate.Thumbprint;
-        CertificateManager.ExportCertificate(certificate, path: certificatePath, includePrivateKey: true, certificatePassword, CertificateKeyExportFormat.Pfx);
+        manager.ExportCertificate(certificate, path: certificatePath, includePrivateKey: true, certificatePassword, CertificateKeyExportFormat.Pfx);
 
         return certificateThumbprint;
     }

src/Shared/CertificateGeneration/CertificateManager.cs

@@ -323,6 +323,14 @@ public EnsureCertificateResult EnsureAspNetCoreHttpsDevelopmentCertificate(
         {
             try
             {
+                // If the user specified a non-existent directory, we don't want to be responsible
+                // for setting the permissions appropriately, so we'll bail.
+                var exportDir = Path.GetDirectoryName(path);
+                if (!string.IsNullOrEmpty(exportDir) && !Directory.Exists(exportDir))
+                {
+                    throw new InvalidOperationException($"The directory '{exportDir}' does not exist.");
+                }
+
                 ExportCertificate(certificate, path, includePrivateKey, password, keyExportFormat);
             }
             catch (Exception e)
@@ -486,6 +494,10 @@ public void CleanupHttpsCertificates()
 
     protected abstract void CreateDirectoryWithPermissions(string directoryPath);
 
+    /// <remarks>
+    /// Will create directories to make it possible to write to <paramref name="path"/>.
+    /// If you don't want that, check for existence before calling this method.
+    /// </remarks>
     internal void ExportCertificate(X509Certificate2 certificate, string path, bool includePrivateKey, string? password, CertificateKeyExportFormat format)
     {
         if (Log.IsEnabled())
@@ -1232,6 +1244,9 @@ public sealed class CertificateManagerEventSource : EventSource
         [Event(111, Level = EventLevel.LogAlways, Message = "For OpenSSL trust to take effect, '{0}' must be listed in the {2} environment variable. " +
             "See https://aka.ms/dev-certs-trust for more information.")]
         internal void UnixSuggestSettingEnvironmentVariableWithoutExample(string certDir, string envVarName) => WriteEvent(111, certDir, envVarName);
+
+        [Event(112, Level = EventLevel.Warning, Message = "Directory '{0}' may be readable by other users.")]
+        internal void DirectoryPermissionsNotSecure(string directoryPath) => WriteEvent(112, directoryPath);
     }
 
     internal sealed class UserCancelledTrustException : Exception

src/Shared/CertificateGeneration/MacOSCertificateManager.cs

@@ -485,7 +485,7 @@ protected override void CreateDirectoryWithPermissions(string directoryPath)
         {
             if ((dirInfo.UnixFileMode & ~DirectoryPermissions) != 0)
             {
-                // TODO (acasey): Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
+                Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
             }
         }
         else

src/Shared/CertificateGeneration/UnixCertificateManager.cs

@@ -459,7 +459,7 @@ protected override void CreateDirectoryWithPermissions(string directoryPath)
         {
             if ((dirInfo.UnixFileMode & ~DirectoryPermissions) != 0)
             {
-                // TODO (acasey): Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
+                Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
             }
         }
         else

src/Shared/CertificateGeneration/WindowsCertificateManager.cs

@@ -3,8 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics;
-using System.IO;
 using System.Linq;
 using System.Runtime.Versioning;
 using System.Security.AccessControl;
@@ -162,7 +160,7 @@ protected override void CreateDirectoryWithPermissions(string directoryPath)
                 // is to allow access to anyone other than the current user, system, or administrators
                 // is very complicated.  We're not going to do anything but log, so an approximation
                 // is fine.
-                // TODO (acasey): Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
+                Log.DirectoryPermissionsNotSecure(dirInfo.FullName);
                 break;
             }
         }