AzureAD · brentschmaltz · Oct 11, 2023 · Oct 10, 2023
@@ -29,10 +29,6 @@
     <NoWarn>$(NoWarn);SYSLIB0051</NoWarn>
   </PropertyGroup>
 
-  <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.1' OR '$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net8.0'">
-    <PackageReference Include="Microsoft.DotNet.XUnitExtensions" Version="$(MicrosoftDotNetXUnitExtensionsVersion)" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="$(MicrosoftNETTestSdkVersion)" />
     <PackageReference Include="Newtonsoft.Json" Version="$(NewtonsoftVersion)" />

@@ -2,7 +2,6 @@
   <PropertyGroup>
     <DotNetCoreAppRuntimeVersion>2.1.30</DotNetCoreAppRuntimeVersion>
     <MicrosoftAzureKeyVaultCryptographyVersion>2.0.5</MicrosoftAzureKeyVaultCryptographyVersion>
-    <MicrosoftDotNetXUnitExtensionsVersion>2.4.0-prerelease-63213-02</MicrosoftDotNetXUnitExtensionsVersion>
     <MicrosoftNETTestSdkVersion>16.10.0</MicrosoftNETTestSdkVersion>
     <NetStandardVersion>2.0.3</NetStandardVersion>
     <NewtonsoftVersion>13.0.3</NewtonsoftVersion>

@@ -8,6 +8,7 @@
 using System.IdentityModel.Tokens.Jwt.Tests;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
@@ -402,35 +403,39 @@ public static TheoryData<CreateTokenTheoryData> CreateTokenWithEmptyPayloadUsing
             };
         }
 
-#if NET_CORE
-        [PlatformSpecific(TestPlatforms.Windows)]
-#endif
         /// <summary>
         /// Verify the results from ValidateToken() and ValidateTokenAsync() should match.
         /// </summary>
         /// <param name="theoryData">The test data.</param>
         [Theory, MemberData(nameof(CreateJWEWithAesGcmTheoryData))]
         public void TokenValidationResultsShouldMatch(CreateTokenTheoryData theoryData)
         {
-            var context = TestUtilities.WriteHeader($"{this}.TokenValidationResultCompare", theoryData);
-            try
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
-                string jweFromJwtHandler = theoryData.JwtSecurityTokenHandler.CreateEncodedJwt(theoryData.TokenDescriptor);
-
-                theoryData.ValidationParameters.ValidateLifetime = false;
-                var claimsPrincipal = theoryData.JwtSecurityTokenHandler.ValidateToken(jweFromJwtHandler, theoryData.ValidationParameters, out SecurityToken validatedTokenFromJwtHandler);
-                var validationResult = theoryData.JwtSecurityTokenHandler.ValidateTokenAsync(jweFromJwtHandler, theoryData.ValidationParameters).Result;
-
-                // verify the results from asynchronous and synchronous are the same
-                IdentityComparer.AreClaimsIdentitiesEqual(claimsPrincipal.Identity as ClaimsIdentity, validationResult.ClaimsIdentity, context);
-                theoryData.ExpectedException.ProcessNoException(context);
+                Assert.Throws<PlatformNotSupportedException>(() => new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, theoryData.EncryptingCredentials.Enc));
             }
-            catch (Exception ex)
+            else
             {
-                theoryData.ExpectedException.ProcessException(ex, context);
-            }
+                var context = TestUtilities.WriteHeader($"{this}.TokenValidationResultCompare", theoryData);
+                try
+                {
+                    string jweFromJwtHandler = theoryData.JwtSecurityTokenHandler.CreateEncodedJwt(theoryData.TokenDescriptor);
 
-            TestUtilities.AssertFailIfErrors(context);
+                    theoryData.ValidationParameters.ValidateLifetime = false;
+                    var claimsPrincipal = theoryData.JwtSecurityTokenHandler.ValidateToken(jweFromJwtHandler, theoryData.ValidationParameters, out SecurityToken validatedTokenFromJwtHandler);
+                    var validationResult = theoryData.JwtSecurityTokenHandler.ValidateTokenAsync(jweFromJwtHandler, theoryData.ValidationParameters).Result;
+
+                    // verify the results from asynchronous and synchronous are the same
+                    IdentityComparer.AreClaimsIdentitiesEqual(claimsPrincipal.Identity as ClaimsIdentity, validationResult.ClaimsIdentity, context);
+                    theoryData.ExpectedException.ProcessNoException(context);
+                }
+                catch (Exception ex)
+                {
+                    theoryData.ExpectedException.ProcessException(ex, context);
+                }
+
+                TestUtilities.AssertFailIfErrors(context);
+            }
         }
 
         [Theory, MemberData(nameof(CreateJWEWithAesGcmTheoryData))]

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Runtime.InteropServices;
 using Microsoft.IdentityModel.TestUtils;
 using Xunit;
 #pragma warning disable CS3016 // Arrays as attribute arguments is not CLS-compliant
@@ -63,38 +64,35 @@ public override string ToString()
     /// </summary>
     public class AuthenticatedEncryptionProviderTests
     {
-#if NET_CORE
-        [PlatformSpecific(TestPlatforms.Linux | TestPlatforms.OSX)]
-        [Fact(Skip = "Adjustment needed")]
-        public void AesGcmEncryptionOnLinuxAndMac()
-        {
-            Assert.Throws<PlatformNotSupportedException>(() => new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm));
-        }
-#endif
-
-#if NET_CORE
-        [PlatformSpecific(TestPlatforms.Windows)]
-#endif
         [Fact]
         public void AesGcmEncryptionOnWindows()
         {
-            var context = new CompareContext();
-            try
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
             {
-                var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm);
+                Assert.Throws<PlatformNotSupportedException>(() => new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm));
             }
-            catch (Exception ex)
-            {
-                context.AddDiff($"AuthenticatedEncryptionProvider is not supposed to throw an exception, Exception:{ ex.ToString()}");
+            else
+            { 
+                var context = new CompareContext();
+                try
+                {
+                    var provider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm);
+                }
+                catch (Exception ex)
+                {
+                    context.AddDiff($"AuthenticatedEncryptionProvider is not supposed to throw an exception, Exception:{ex.ToString()}");
+                }
+                TestUtilities.AssertFailIfErrors(context);
             }
-            TestUtilities.AssertFailIfErrors(context);
         }
 
 #if NET_CORE
-        [PlatformSpecific(TestPlatforms.Windows)]
         [Fact]
         public void AesGcm_Dispose()
         {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                Assert.Throws<PlatformNotSupportedException>(() => new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm));
+
             AuthenticatedEncryptionProvider encryptionProvider = new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm);
             encryptionProvider.Dispose();
             var expectedException = ExpectedException.ObjectDisposedException;

@@ -3,6 +3,7 @@
 
 using System;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.IdentityModel.JsonWebTokens;
@@ -54,20 +55,24 @@ public void ECDH_ESReferenceTest()
         }
 #endif
 
-#if NET_CORE
-        [PlatformSpecific(TestPlatforms.Windows)]
-#endif
         [Fact]
         public void AesGcmReferenceTest()
         {
-            var context = new CompareContext();
-            var providerForDecryption = CryptoProviderFactory.Default.CreateAuthenticatedEncryptionProvider(new SymmetricSecurityKey(RSAES_OAEP_KeyWrap.CEK), AES_256_GCM.Algorithm);
-            var plaintext = providerForDecryption.Decrypt(AES_256_GCM.E, AES_256_GCM.A, AES_256_GCM.IV, AES_256_GCM.T);
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                Assert.Throws<PlatformNotSupportedException>(() => new AuthenticatedEncryptionProvider(Default.SymmetricEncryptionKey256, SecurityAlgorithms.Aes256Gcm));
+            }
+            else
+            {
+                var context = new CompareContext();
+                var providerForDecryption = CryptoProviderFactory.Default.CreateAuthenticatedEncryptionProvider(new SymmetricSecurityKey(RSAES_OAEP_KeyWrap.CEK), AES_256_GCM.Algorithm);
+                var plaintext = providerForDecryption.Decrypt(AES_256_GCM.E, AES_256_GCM.A, AES_256_GCM.IV, AES_256_GCM.T);
 
-            if (!Utility.AreEqual(plaintext, AES_256_GCM.P))
-                context.AddDiff($"!Utility.AreEqual(plaintext, testParams.Plaintext)");
+                if (!Utility.AreEqual(plaintext, AES_256_GCM.P))
+                    context.AddDiff($"!Utility.AreEqual(plaintext, testParams.Plaintext)");
 
-            TestUtilities.AssertFailIfErrors(context);
+                TestUtilities.AssertFailIfErrors(context);
+            }
         }
 
         [Theory, MemberData(nameof(AuthenticatedEncryptionTheoryData))]

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.Reflection;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading.Tasks;
@@ -939,42 +940,39 @@ public static TheoryData<string, SecurityKey, string, EE> KeyDisposeData()
 
             return theoryData;
         }
-#if NET_CORE
-        // Excluding OSX as SignatureTampering test is slow on OSX (~6 minutes)
-        // especially tests with IDs RS256 and ES256
-        [PlatformSpecific(TestPlatforms.Windows | TestPlatforms.Linux)]
-#endif
+
         [Theory, MemberData(nameof(SignatureTheoryData))]
         public void SignatureTampering(SignatureProviderTheoryData theoryData)
         {
-            TestUtilities.WriteHeader($"{this}.SignatureTampering", theoryData);
-            var copiedSignature = theoryData.Signature.CloneByteArray();
-            for (int i = 0; i < theoryData.Signature.Length; i++)
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
             {
-                var originalB = theoryData.Signature[i];
-                for (byte b = 0; b < byte.MaxValue; b++)
+                Console.WriteLine("OSX is excluded as the SignatureTampering test is slow (~6 minutes).") ;
+            }
+            else
+            { 
+                TestUtilities.WriteHeader($"{this}.SignatureTampering", theoryData);
+                var copiedSignature = theoryData.Signature.CloneByteArray();
+                for (int i = 0; i < theoryData.Signature.Length; i++)
                 {
-                    // skip here as this will succeed
-                    if (b == theoryData.Signature[i])
-                        continue;
+                    var originalB = theoryData.Signature[i];
+                    for (byte b = 0; b < byte.MaxValue; b++)
+                    {
+                        // skip here as this will succeed
+                        if (b == theoryData.Signature[i])
+                            continue;
 
-                    copiedSignature[i] = b;
-                    Assert.False(theoryData.VerifySignatureProvider.Verify(theoryData.RawBytes, copiedSignature), $"signature should not have verified: {theoryData.TestId} : {i} : {b} : {copiedSignature[i]}");
+                        copiedSignature[i] = b;
+                        Assert.False(theoryData.VerifySignatureProvider.Verify(theoryData.RawBytes, copiedSignature), $"signature should not have verified: {theoryData.TestId} : {i} : {b} : {copiedSignature[i]}");
 
-                    // reset so we move to next byte
-                    copiedSignature[i] = originalB;
+                        // reset so we move to next byte
+                        copiedSignature[i] = originalB;
+                    }
                 }
-            }
 
-            Assert.True(theoryData.VerifySignatureProvider.Verify(theoryData.RawBytes, copiedSignature), "Final check should have verified");
+                Assert.True(theoryData.VerifySignatureProvider.Verify(theoryData.RawBytes, copiedSignature), "Final check should have verified");
+            }
         }
 
-#if NET_CORE
-        // Excluding OSX as SignatureTruncation test throws an exception only on OSX
-        // This behavior should be fixed with netcore3.0
-        // Exceptions is thrown somewhere in System/Security/Cryptography/DerEncoder.cs class which is removed in netcore3.0
-        [PlatformSpecific(TestPlatforms.Windows | TestPlatforms.Linux)]
-#endif
         [Theory, MemberData(nameof(SignatureTheoryData))]
         public void SignatureTruncation(SignatureProviderTheoryData theoryData)
         {