Skip to content

Add a test confirming that X509Certificate is trimmed #48295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
May 23, 2023
Merged

Add a test confirming that X509Certificate is trimmed #48295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
65d593d
Add a test confirming that X509Certificate is trimmed
amcasey May 18, 2023
5fc85a2
Disable IsReflectionEnabledByDefault to eliminate warning
amcasey May 18, 2023
7b3f2ce
Switch to trimming tests
amcasey May 18, 2023
279f596
Hack around the need for a certificate
amcasey May 18, 2023
338644e
Mitigate missing dev cert in a way that doesn't invalidate the test
amcasey May 18, 2023
7fd977c
Delay-build trimming test projects
amcasey May 18, 2023
9b1cf95
Add copyright headers
amcasey May 18, 2023
7d68cae
Use negative exit codes in error scenarios
amcasey May 18, 2023
20c245a
Simplify type lookup
amcasey May 19, 2023
707b683
Allow X509Certificate to be preserved if it has no members
amcasey May 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions eng/RequiresDelayedBuildProjects.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
<ItemGroup>
<RequiresDelayedBuild Include="$(RepoRoot)src\DataProtection\DataProtection\test\Microsoft.AspNetCore.DataProtection.TrimmingTests\Microsoft.AspNetCore.DataProtection.TrimmingTests.proj" />
<RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.NativeAotTests\Microsoft.AspNetCore.NativeAotTests.proj" />
<RequiresDelayedBuild Include="$(RepoRoot)src\DefaultBuilder\test\Microsoft.AspNetCore.TrimmingTests\Microsoft.AspNetCore.TrimmingTests.proj" />
<RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\perf\Microsoft.AspNetCore.Grpc.Microbenchmarks\Microsoft.AspNetCore.Grpc.Microbenchmarks.csproj" />
<RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.JsonTranscoding\Microsoft.AspNetCore.Grpc.JsonTranscoding.csproj" />
<RequiresDelayedBuild Include="$(RepoRoot)src\Grpc\JsonTranscoding\src\Microsoft.AspNetCore.Grpc.Swagger\Microsoft.AspNetCore.Grpc.Swagger.csproj" />
Expand Down
14 changes: 14 additions & 0 deletions ...ltBuilder/test/Microsoft.AspNetCore.TrimmingTests/Microsoft.AspNetCore.TrimmingTests.proj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<Project Sdk="Microsoft.NET.Sdk">

<ItemGroup>
<TestConsoleAppSourceFiles Include="SlimBuilderDoesNotDependOnX509Test.cs">
<DisabledFeatureSwitches>System.Text.Json.JsonSerializer.IsReflectionEnabledByDefault</DisabledFeatureSwitches>
<AdditionalSourceFiles>X509Utilities.cs</AdditionalSourceFiles>
</TestConsoleAppSourceFiles>
<TestConsoleAppSourceFiles Include="UseHttpsDoesDependOnX509Test.cs">
<DisabledFeatureSwitches>System.Text.Json.JsonSerializer.IsReflectionEnabledByDefault</DisabledFeatureSwitches>
<AdditionalSourceFiles>X509Utilities.cs</AdditionalSourceFiles>
</TestConsoleAppSourceFiles>
</ItemGroup>

</Project>
14 changes: 14 additions & 0 deletions ...aultBuilder/test/Microsoft.AspNetCore.TrimmingTests/SlimBuilderDoesNotDependOnX509Test.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using Microsoft.AspNetCore.Builder;

var builder = WebApplication.CreateSlimBuilder(args);
var app = builder.Build();

if (X509Utilities.HasCertificateType)
{
return -1;
}

return 100; // Success
33 changes: 33 additions & 0 deletions src/DefaultBuilder/test/Microsoft.AspNetCore.TrimmingTests/UseHttpsDoesDependOnX509Test.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System;
using System.Security.Cryptography.X509Certificates;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;

var builder = WebApplication.CreateSlimBuilder(args);

builder.WebHost.UseKestrel(serverOptions =>
{
serverOptions.ListenLocalhost(5000, listenOptions =>
{
listenOptions.UseHttps();
});
});

try
{
_ = builder.Build();
}
catch (InvalidOperationException)
{
// Expected if there's no dev cert installed
}

if (!X509Utilities.HasCertificateType)
{
return -1;
}

return 100; // Success
40 changes: 40 additions & 0 deletions src/DefaultBuilder/test/Microsoft.AspNetCore.TrimmingTests/X509Utilities.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System;
using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Reflection;
using Microsoft.AspNetCore.Builder;

#nullable enable

public static class X509Utilities
{
public static bool HasCertificateType
{
get
{
var certificateType = GetType("System.Security.Cryptography", "System.Security.Cryptography.X509Certificates.X509Certificate");

// We're checking for members, rather than just the presence of the type,
// because Debugger Display types may reference it without actually
// causing a meaningful binary size increase.
return certificateType is not null && GetMembers(certificateType).Any();
Comment on lines +20 to +23
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another approach we could take here is to disable the feature switch System.Diagnostics.Debugger.IsSupported (DisabledFeatureSwitches in the .proj file) and ensure this type is fully trimmed. This will get us closer to what AOT does, because that feature switch is disabled by default for PublishAot.

https://github.com/dotnet/runtime/blob/ce689d9189d549e249f4bb5e3d9aeef322464bfb/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.targets#L256-L257

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about that but worried it would hide problems. I could add a separate test for that flag, if you think it's worthwhile.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but worried it would hide problems

What kind of problems?

This mode would more closely align with the Native AOT behavior. So it seems the more preferrable to me. The fact that we are rooting types for Debugging published apps is less desirable to verify (IMO).

}
}

[UnconditionalSuppressMessage("ReflectionAnalysis", "IL2057:UnrecognizedReflectionPattern",
Justification = "Returning null when the type is unreferenced is desirable")]
private static Type? GetType(string assemblyName, string typeName)
{
return Type.GetType($"{typeName}, {assemblyName}");
}

[UnconditionalSuppressMessage("ReflectionAnalysis", "IL2070:UnrecognizedReflectionPattern",
Justification = "Returning null when the type is unreferenced is desirable")]
private static MemberInfo[] GetMembers(Type type)
{
return type.GetMembers(BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static | BindingFlags.Instance | BindingFlags.DeclaredOnly);
}
}