From 83a4d3cc02fb04fce17b24fc09b3cdf77a12ba51 Mon Sep 17 00:00:00 2001
From: Jeremy Barton <jbarton@microsoft.com>
Date: Sat, 10 Jul 2021 21:04:54 -0700
Subject: [PATCH] Relax SystemTrustCertificateWithCustomRootTrust test

---
 .../tests/ChainTests.cs                       | 23 +++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
index 8e9db6ed69585..135eed056df9d 100644
--- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
@@ -245,6 +245,7 @@ public static void BuildChainExtraStoreUntrustedRoot()
         public static void SystemTrustCertificateWithCustomRootTrust(bool addCertificateToCustomRootTrust)
         {
             using (var microsoftDotCom = new X509Certificate2(TestData.MicrosoftDotComSslCertBytes))
+            using (var microsoftDotComIssuer = new X509Certificate2(TestData.MicrosoftDotComIssuerBytes))
             using (var testCert = new X509Certificate2(TestFiles.ChainPfxFile, TestData.ChainPfxPassword))
             using (var chainHolder = new ChainHolder())
             {
@@ -252,6 +253,7 @@ public static void SystemTrustCertificateWithCustomRootTrust(bool addCertificate
                 chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
                 chain.ChainPolicy.VerificationTime = microsoftDotCom.NotBefore.AddSeconds(1);
                 chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
+                chain.ChainPolicy.ExtraStore.Add(microsoftDotComIssuer);
 
                 if (addCertificateToCustomRootTrust)
                 {
@@ -269,16 +271,29 @@ public static void SystemTrustCertificateWithCustomRootTrust(bool addCertificate
                 {
                     Assert.False(chain.Build(microsoftDotCom));
 
-                    // Linux and Windows do not search the default system root stores when CustomRootTrust is enabled
+                    // Historically, Windows has not searched system stores when CustomRootTrust is enabled.
+                    // That seems to have recently (as of 2021-07-09) changed.
+
+                    Assert.InRange(chain.ChainElements.Count, 2, 3);
+
+                    if (chain.ChainElements.Count < 3)
+                    {
+                        Assert.Equal(X509ChainStatusFlags.PartialChain, chain.AllStatusFlags());
+                    }
+                    else
+                    {
+                        Assert.Equal(X509ChainStatusFlags.UntrustedRoot, chain.AllStatusFlags());
+                    }
+
+                    // Check some known conditions.
+
                     if (PlatformDetection.UsesAppleCrypto)
                     {
                         Assert.Equal(3, chain.ChainElements.Count);
-                        Assert.Equal(X509ChainStatusFlags.UntrustedRoot, chain.AllStatusFlags());
                     }
-                    else
+                    else if (OperatingSystem.IsLinux())
                     {
                         Assert.Equal(2, chain.ChainElements.Count);
-                        Assert.Equal(X509ChainStatusFlags.PartialChain, chain.AllStatusFlags());
                     }
                 }
             }