Work around the RSACryptoServiceProviderProxy crash on mono (#1287)

main-- · web-flow · commit 66c26046a96c · 2020-02-14T12:36:13.000-08:00
Mono identifies as sha1 provider but is capable of all operations (i.e. does not require a workaround).
The workaround must be skipped on mono because it crashes there.
diff --git a/src/Microsoft.IdentityModel.Tokens/RsaCryptoServiceProviderProxy.cs b/src/Microsoft.IdentityModel.Tokens/RsaCryptoServiceProviderProxy.cs
@@ -83,7 +83,10 @@ public RSACryptoServiceProviderProxy(RSACryptoServiceProvider rsa)
             // Level up the provider type only if:
             // 1. it is PROV_RSA_FULL or PROV_RSA_SCHANNEL which denote CSPs that only understand Sha1 algorithms
             // 2. it is not associated with a hardware key
-            if ((rsa.CspKeyContainerInfo.ProviderType == PROV_RSA_FULL || rsa.CspKeyContainerInfo.ProviderType == PROV_RSA_SCHANNEL) && !rsa.CspKeyContainerInfo.HardwareDevice)
+            // 3. we are not running on mono (which reports PROV_RSA_FULL but doesn't need a workaround)
+            var isSha1Provider = rsa.CspKeyContainerInfo.ProviderType == PROV_RSA_FULL || rsa.CspKeyContainerInfo.ProviderType == PROV_RSA_SCHANNEL;
+            var isMono = Type.GetType("Mono.Runtime") != null;
+            if (isSha1Provider && !rsa.CspKeyContainerInfo.HardwareDevice)
             {
                 var csp = new CspParameters();
                 csp.ProviderType = PROV_RSA_AES;
@@ -96,10 +99,18 @@ public RSACryptoServiceProviderProxy(RSACryptoServiceProvider rsa)
                 // With this flag, a CryptographicException is thrown instead.
                 csp.Flags |= CspProviderFlags.UseExistingKey;
 
-                _rsa = new RSACryptoServiceProvider(csp);
-
-                // since we created a new RsaCryptoServiceProvider we need to dispose it
-                _disposeRsa = true;
+                try
+                {
+                    _rsa = new RSACryptoServiceProvider(csp);
+                    // since we created a new RsaCryptoServiceProvider we need to dispose it
+                    _disposeRsa = true;
+                }
+                catch (CryptographicException) when (isMono)
+                {
+                    // On mono, this exception is expected behavior.
+                    // The solution is to simply not level up the provider as this workaround is not needed on mono.
+                    _rsa = rsa;
+                }
             }
             else
             {
