< Summary

Information

Class:	System.Net.Security.CertificateHelper
Assembly:	System.Net.Http
File(s):	File 1: D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.cs File 2: D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.Windows.cs

Line coverage

Covered lines:	0
Uncovered lines:	75
Coverable lines:	75
Total lines:	131
Line coverage:	0%

Branch coverage

Covered branches:	0
Total branches:	38
Branch coverage:	0%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Metrics

Method	Branch coverage	Cyclomatic complexity	NPath complexity	Sequence coverage
File 1: GetEligibleClientCertificate(...)	0%	4	4	0%
File 1: GetEligibleClientCertificate(...)	0%	16	16	0%
File 1: IsValidClientCertificate(...)	0%	14	14	0%
File 1: IsValidForClientAuthenticationEKU(...)	0%	4	4	0%
File 1: IsValidForDigitalSignatureUsage(...)	100%	1	1	0%
File 2: GetEligibleClientCertificate()	100%	1	1	0%

File(s)

D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.cs

#	Line	Line coverage
	`1`	`// Licensed to the .NET Foundation under one or more agreements.`
	`2`	`// The .NET Foundation licenses this file to you under the MIT license.`
	`3`
	`4`	`using System.Diagnostics;`
	`5`	`using System.Globalization;`
	`6`	`using System.Security.Cryptography;`
	`7`	`using System.Security.Cryptography.X509Certificates;`
	`8`	`using Microsoft.Win32.SafeHandles;`
	`9`
	`10`	`namespace System.Net.Security`
	`11`	`{`
	`12`	`internal static partial class CertificateHelper`
	`13`	`{`
	`14`	`private const string ClientAuthenticationOID = "1.3.6.1.5.5.7.3.2";`
	`15`
	`16`	`internal static X509Certificate2? GetEligibleClientCertificate(X509CertificateCollection? candidateCerts)`
0	`17`	`{`
0	`18`	`if (candidateCerts == null \|\| candidateCerts.Count == 0)`
0	`19`	`{`
0	`20`	`return null;`
	`21`	`}`
	`22`
0	`23`	`var certs = new X509Certificate2Collection();`
0	`24`	`certs.AddRange(candidateCerts);`
	`25`
0	`26`	`return GetEligibleClientCertificate(certs);`
0	`27`	`}`
	`28`
	`29`	`internal static X509Certificate2? GetEligibleClientCertificate(X509Certificate2Collection? candidateCerts)`
0	`30`	`{`
0	`31`	`if (candidateCerts == null \|\| candidateCerts.Count == 0)`
0	`32`	`{`
0	`33`	`return null;`
	`34`	`}`
	`35`
0	`36`	`foreach (X509Certificate2 cert in candidateCerts)`
0	`37`	`{`
0	`38`	`if (!cert.HasPrivateKey)`
0	`39`	`{`
0	`40`	`if (NetEventSource.Log.IsEnabled())`
0	`41`	`{`
0	`42`	`NetEventSource.Info(candidateCerts, $"Skipping current X509Certificate2 {cert.GetHashCode()} sin`
0	`43`	`}`
0	`44`	`continue;`
	`45`	`}`
	`46`
0	`47`	`if (IsValidClientCertificate(cert))`
0	`48`	`{`
0	`49`	`if (NetEventSource.Log.IsEnabled())`
0	`50`	`{`
0	`51`	`NetEventSource.Info(candidateCerts, $"Choosing X509Certificate2 {cert.GetHashCode()} as the Clie`
0	`52`	`}`
0	`53`	`return cert;`
	`54`	`}`
0	`55`	`}`
	`56`
0	`57`	`if (NetEventSource.Log.IsEnabled())`
0	`58`	`{`
0	`59`	`NetEventSource.Info(candidateCerts, "No eligible client certificate found.");`
0	`60`	`}`
0	`61`	`return null;`
0	`62`	`}`
	`63`
	`64`	`private static bool IsValidClientCertificate(X509Certificate2 cert)`
0	`65`	`{`
0	`66`	`foreach (X509Extension extension in cert.Extensions)`
0	`67`	`{`
0	`68`	`if ((extension is X509EnhancedKeyUsageExtension eku) && !IsValidForClientAuthenticationEKU(eku))`
0	`69`	`{`
0	`70`	`if (NetEventSource.Log.IsEnabled())`
0	`71`	`{`
0	`72`	`NetEventSource.Info(cert, $"For Certificate {cert.GetHashCode()} - current X509EnhancedKeyUsageE`
0	`73`	`}`
0	`74`	`return false;`
	`75`	`}`
0	`76`	`else if ((extension is X509KeyUsageExtension ku) && !IsValidForDigitalSignatureUsage(ku))`
0	`77`	`{`
0	`78`	`if (NetEventSource.Log.IsEnabled())`
0	`79`	`{`
0	`80`	`NetEventSource.Info(cert, $"For Certificate {cert.GetHashCode()} - current X509KeyUsageExtension`
0	`81`	`}`
0	`82`	`return false;`
	`83`	`}`
0	`84`	`}`
	`85`
0	`86`	`return true;`
0	`87`	`}`
	`88`
	`89`	`private static bool IsValidForClientAuthenticationEKU(X509EnhancedKeyUsageExtension eku)`
0	`90`	`{`
0	`91`	`foreach (Oid oid in eku.EnhancedKeyUsages)`
0	`92`	`{`
0	`93`	`if (oid.Value == ClientAuthenticationOID)`
0	`94`	`{`
0	`95`	`return true;`
	`96`	`}`
0	`97`	`}`
	`98`
0	`99`	`return false;`
0	`100`	`}`
	`101`
	`102`	`private static bool IsValidForDigitalSignatureUsage(X509KeyUsageExtension ku)`
0	`103`	`{`
	`104`	`const X509KeyUsageFlags RequiredUsages = X509KeyUsageFlags.DigitalSignature;`
0	`105`	`return (ku.KeyUsages & RequiredUsages) == RequiredUsages;`
0	`106`	`}`
	`107`	`}`
	`108`	`}`

D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.Windows.cs

#	Line	Line coverage
	`1`	`// Licensed to the .NET Foundation under one or more agreements.`
	`2`	`// The .NET Foundation licenses this file to you under the MIT license.`
	`3`
	`4`	`using System.Security.Cryptography.X509Certificates;`
	`5`
	`6`	`namespace System.Net.Security`
	`7`	`{`
	`8`	`internal static partial class CertificateHelper`
	`9`	`{`
	`10`	`internal static X509Certificate2? GetEligibleClientCertificate()`
0	`11`	`{`
	`12`	`// Get initial list of client certificates from the MY store.`
	`13`	`X509Certificate2Collection candidateCerts;`
0	`14`	`using (var myStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))`
0	`15`	`{`
0	`16`	`myStore.Open(OpenFlags.OpenExistingOnly \| OpenFlags.ReadOnly);`
0	`17`	`candidateCerts = myStore.Certificates;`
0	`18`	`}`
	`19`
0	`20`	`return GetEligibleClientCertificate(candidateCerts);`
0	`21`	`}`
	`22`	`}`
	`23`	`}`

< Summary

Metrics

File(s)

D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.cs

D:\runner\runtime\src\libraries\Common\src\System\Net\Security\CertificateHelper.Windows.cs

Methods/Properties