.NET 10 build fixes

csharp/msbuild/CodeAnalysis.Src.globalconfig

@@ -1,9 +1,6 @@
 global_level = 110
 is_global = true
 
-# CA1515: Because an application's API isn't typically referenced from outside the assembly, types can be made internal
-dotnet_diagnostic.CA1515.severity = none
-
 # CA1849: Call async methods when in an async method
 dotnet_diagnostic.CA1849.severity = none
 

csharp/msbuild/CodeAnalysis.Tests.globalconfig

@@ -32,3 +32,6 @@ dotnet_diagnostic.CA1016.severity = none
 
 # CA2008: Do not create tasks without passing a TaskScheduler
 dotnet_diagnostic.CA2008.severity = none
+
+# CA1515: Because an application's API isn't typically referenced from outside the assembly, types can be made internal
+dotnet_diagnostic.CA1515.severity = none

csharp/src/Ice/Ice.csproj

@@ -31,4 +31,9 @@
     <Content Include="@(SliceCompile)" Pack="true" PackagePath="/slice/Ice"/>
     <Content Include="ZeroC.Ice.props" Pack="true" PackagePath="buildTransitive/" />
   </ItemGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.*" />
+  </ItemGroup>
 </Project>

csharp/src/Ice/SSL/SSLEngine.cs

@@ -58,7 +58,7 @@ internal void initialize()
         // If IceSSL.CertFile is defined, load a certificate from a file and add it to the collection.
         _certs = [];
         string certFile = properties.getIceProperty("IceSSL.CertFile");
-        string passwordStr = properties.getIceProperty("IceSSL.Password");
+        string password = properties.getIceProperty("IceSSL.Password");
         string findCert = properties.getIceProperty("IceSSL.FindCert");
 
         if (certFile.Length > 0)
@@ -81,15 +81,10 @@ internal void initialize()
                     importFlags = X509KeyStorageFlags.UserKeySet;
                 }
 
-                if (passwordStr.Length > 0)
-                {
-                    using SecureString password = createSecureString(passwordStr);
-                    cert = new X509Certificate2(certFile, password, importFlags);
-                }
-                else
-                {
-                    cert = new X509Certificate2(certFile, (string)null, importFlags);
-                }
+                cert = X509CertificateLoader.LoadPkcs12FromFile(
+                    certFile,
+                    password.Length > 0 ? password : null,
+                    importFlags);
                 _certs.Add(cert);
             }
             catch (CryptographicException ex)
@@ -137,8 +132,8 @@ internal void initialize()
 
                 if (_caCerts.Count == 0)
                 {
-                    // Fallback to Import which handles DER/PFX.
-                    _caCerts.Import(certAuthFile);
+                    // Fallback to LoadCertificateFromFile loads a single certificate in either DER or PEM format.
+                    _caCerts.Add(X509CertificateLoader.LoadCertificateFromFile(certAuthFile));
                 }
             }
             catch (Exception ex)
@@ -175,9 +170,7 @@ internal void traceStream(SslStream stream, string connInfo)
         s.Append("\nencrypted = " + (stream.IsEncrypted ? "yes" : "no"));
         s.Append("\nsigned = " + (stream.IsSigned ? "yes" : "no"));
         s.Append("\nmutually authenticated = " + (stream.IsMutuallyAuthenticated ? "yes" : "no"));
-        s.Append("\nhash algorithm = " + stream.HashAlgorithm + "/" + stream.HashStrength);
-        s.Append("\ncipher algorithm = " + stream.CipherAlgorithm + "/" + stream.CipherStrength);
-        s.Append("\nkey exchange algorithm = " + stream.KeyExchangeAlgorithm + "/" + stream.KeyExchangeStrength);
+        s.Append("\ncipher = " + stream.NegotiatedCipherSuite);
         s.Append("\nprotocol = " + stream.SslProtocol);
         _logger.trace(_securityTraceCategory, s.ToString());
     }
@@ -337,7 +330,7 @@ private static X509Certificate2Collection findCertificates(
         {
             try
             {
-                store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), name, true), storeLocation);
+                store = new X509Store(Enum.Parse<StoreName>(name, true), storeLocation);
             }
             catch (ArgumentException)
             {

csharp/src/Ice/SSL/TransceiverI.cs

@@ -53,7 +53,7 @@ public int initialize(Ice.Internal.Buffer readBuffer, Ice.Internal.Buffer writeB
         Debug.Assert(_sslStream.IsAuthenticated);
         _authenticated = true;
 
-        _cipher = _sslStream.CipherAlgorithm.ToString();
+        _cipher = _sslStream.NegotiatedCipherSuite.ToString();
         _instance.verifyPeer((ConnectionInfo)getInfo(_incoming, _adapterName, connectionId: ""), ToString());
 
         if (_instance.securityTraceLevel() >= 1)
@@ -422,7 +422,7 @@ private void finishAuthenticate()
                 // If authentication fails the task throws AuthenticationException.
                 _writeResult.Wait();
                 _verified = true;
-                _cipher = _sslStream.CipherAlgorithm.ToString();
+                _cipher = _sslStream.NegotiatedCipherSuite.ToString();
             }
             catch (AggregateException ex)
             {

csharp/src/Ice/UtilInternal/StringUtil.cs

@@ -693,9 +693,7 @@ public static bool match(string s, string pat, bool emptyMatch)
         //
         // Make sure end of the strings match
         //
-        if (!s[endIndex..].Equals(
-               pat.Substring(beginIndex + 1, pat.Length - beginIndex - 1),
-               StringComparison.Ordinal))
+        if (!s[endIndex..].Equals(pat[(beginIndex + 1)..], StringComparison.Ordinal))
         {
             return false;
         }

csharp/src/iceboxnet/Server.cs

@@ -2,7 +2,7 @@
 
 namespace IceBox;
 
-public static class Server
+internal static class Server
 {
     private static void usage()
     {

csharp/test/IceSSL/configuration/AllTests.cs

@@ -100,8 +100,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
         //
         string caCert1File = defaultDir + "/ca1/ca1_cert.pem";
         string caCert2File = defaultDir + "/ca2/ca2_cert.pem";
-        using var caCert1 = new X509Certificate2(caCert1File);
-        using var caCert2 = new X509Certificate2(caCert2File);
+        using X509Certificate2 caCert1 = X509CertificateLoader.LoadCertificateFromFile(caCert1File);
+        using X509Certificate2 caCert2 = X509CertificateLoader.LoadCertificateFromFile(caCert2File);
 
         var store = new X509Store(StoreName.AuthRoot, StoreLocation.LocalMachine);
         bool isAdministrator = false;
@@ -268,11 +268,14 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                     ServerPrx server = fact.createServer(d);
                     try
                     {
-                        using var clientCert = new X509Certificate2(defaultDir + "/ca1/client.p12", "password");
+                        using X509Certificate2 clientCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/client.p12", "password");
                         server.checkCert(clientCert.Subject, clientCert.Issuer);
 
-                        using var serverCert = new X509Certificate2(defaultDir + "/ca1/server.p12", "password");
-                        using var caCert = new X509Certificate2(defaultDir + "/ca1/ca1_cert.pem");
+                        using X509Certificate2 serverCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/server.p12", "password");
+                        using X509Certificate2 caCert =
+                            X509CertificateLoader.LoadCertificateFromFile(defaultDir + "/ca1/ca1_cert.pem");
 
                         var info = (Ice.SSL.ConnectionInfo)server.ice_getConnection().getInfo();
                         test(info.certs.Length == 1);
@@ -295,7 +298,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                     server = fact.createServer(d);
                     try
                     {
-                        using var clientCert = new X509Certificate2(defaultDir + "/ca1/client.p12", "password");
+                        using X509Certificate2 clientCert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + "/ca1/client.p12", "password");
                         server.checkCert(clientCert.Subject, clientCert.Issuer);
                     }
                     catch (Exception ex)
@@ -1496,7 +1500,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                 {
                     foreach (string certPath in certificates)
                     {
-                        using var cert = new X509Certificate2(defaultDir + certPath, "password", storageFlags);
+                        using X509Certificate2 cert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + certPath, "password", storageFlags);
                         certStore.Add(cert);
                     }
 
@@ -1558,7 +1563,8 @@ public static Test.ServerFactoryPrx allTests(Test.TestHelper helper, string defa
                 {
                     foreach (string certPath in certificates)
                     {
-                        using var cert = new X509Certificate2(defaultDir + certPath, "password");
+                        using X509Certificate2 cert =
+                            X509CertificateLoader.LoadPkcs12FromFile(defaultDir + certPath, "password");
                         certStore.Remove(cert);
                     }
                     certStore.Close();

csharp/test/IceSSL/configuration/PlatformTests.cs

@@ -43,8 +43,8 @@ private static void clientValidatesServerUsingValidationCallback(TestHelper help
     {
         Console.Out.Write("client validates server certificate using validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate =
-            new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -85,8 +85,8 @@ private static void clientRejectServerUsingValidationCallback(TestHelper helper,
     {
         Console.Out.Write("client rejects server certificate using validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate =
-            new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -116,8 +116,8 @@ private static void clientRejectServerUsingDefaultValidationCallback(TestHelper
     {
         Console.Out.Write("client rejects server certificate using default validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate =
-            new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -143,10 +143,10 @@ private static void serverValidatesClientUsingValidationCallback(TestHelper help
     {
         Console.Out.Write("server validates client certificate using validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate =
-            new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
-        using var clientCertificate =
-            new X509Certificate2(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 clientCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -176,8 +176,10 @@ private static void serverRejectsClientUsingValidationCallback(TestHelper helper
     {
         Console.Out.Write("server rejects client certificate using validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate = new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
-        using var clientCertificate = new X509Certificate2(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 clientCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -213,8 +215,10 @@ private static void serverRejectsClientUsingDefaultValidationCallback(TestHelper
     {
         Console.Out.Write("server rejects client certificate using default validation callback... ");
         Console.Out.Flush();
-        using var serverCertificate = new X509Certificate2(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
-        using var clientCertificate = new X509Certificate2(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
+        using X509Certificate2 serverCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/server.p12"), "password");
+        using X509Certificate2 clientCertificate =
+            X509CertificateLoader.LoadPkcs12FromFile(Path.Combine(certificatesPath, "ca1/client.p12"), "password");
         var serverOptions = new SslServerAuthenticationOptions
         {
             ServerCertificate = serverCertificate,
@@ -250,14 +254,15 @@ private sealed class ServerState : IDisposable
     {
         public X509Certificate2 Certificate { get; private set; }
 
-        public ServerState(string certificatePath) => Certificate = new X509Certificate2(certificatePath, "password");
+        public ServerState(string certificatePath) =>
+            Certificate = X509CertificateLoader.LoadPkcs12FromFile(certificatePath, "password");
 
         public void Dispose() => Certificate?.Dispose();
 
         public void reloadCertificate(string certificatePath)
         {
             Certificate?.Dispose();
-            Certificate = new X509Certificate2(certificatePath, "password");
+            Certificate = X509CertificateLoader.LoadPkcs12FromFile(certificatePath, "password");
         }
     }
 
@@ -266,8 +271,10 @@ private static void serverHotCertificateReload(TestHelper helper, string certifi
         Console.Out.Write("server hot certificate reload... ");
         Console.Out.Flush();
 
-        using var trustedRootCertificatesCA1 = new X509Certificate2(Path.Combine(certificatesPath, "ca1/ca1_cert.pem"));
-        using var trustedRootCertificatesCA2 = new X509Certificate2(Path.Combine(certificatesPath, "ca2/ca2_cert.pem"));
+        using X509Certificate2 trustedRootCertificatesCA1 =
+            X509CertificateLoader.LoadCertificateFromFile(Path.Combine(certificatesPath, "ca1/ca1_cert.pem"));
+        using X509Certificate2 trustedRootCertificatesCA2 =
+            X509CertificateLoader.LoadCertificateFromFile(Path.Combine(certificatesPath, "ca2/ca2_cert.pem"));
 
         using var serverState = new ServerState(Path.Combine(certificatesPath, "ca1/server.p12"));
 

csharp/test/IceSSL/configuration/msbuild/client/client.csproj

@@ -26,4 +26,8 @@
   <ItemGroup>
     <ProjectReference Include="../../../../../src/Ice/Ice.csproj" />
   </ItemGroup>
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.*" />
+  </ItemGroup>
 </Project>