dotnet · bartonjs · Nov 19, 2020 · Oct 19, 2020 · vcsjones · Oct 19, 2020
diff --git a/...braries/Common/tests/System/Security/Cryptography/X509Certificates/RevocationResponder.cs b/...braries/Common/tests/System/Security/Cryptography/X509Certificates/RevocationResponder.cs
@@ -90,7 +90,10 @@ internal void HandleRequest()
 
             if (context != null)
             {
-                HandleRequest(context);
+                ThreadPool.QueueUserWorkItem(
+                    state => HandleRequest(state),
+                    context,
+                    true);
             }
         }
 
@@ -108,7 +111,10 @@ internal async Task HandleRequestAsync()
 
             if (context != null)
             {
-                HandleRequest(context);
+                ThreadPool.QueueUserWorkItem(
+                    state => HandleRequest(state),
+                    context,
+                    true);
             }
         }
 
@@ -375,14 +381,14 @@ private static void Trace(string trace)
                 Console.WriteLine(trace);
             }
         }
+    }
 
-        internal enum DelayedActionsFlag : byte
-        {
-            None = 0,
-            Ocsp = 0b1,
-            Crl = 0b10,
-            Aia = 0b100,
-            All = 0b11111111
-        }
+    public enum DelayedActionsFlag : byte
+    {
+        None = 0,
+        Ocsp = 0b1,
+        Crl = 0b10,
+        Aia = 0b100,
+        All = 0b11111111
     }
 }
diff --git a/...aries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/TimeoutTests.cs b/...aries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/TimeoutTests.cs
@@ -38,7 +38,7 @@ public static void RevocationCheckingDelayed(PkiOptions pkiOptions)
 
                     X509Chain chain = holder.Chain;
                     responder.ResponseDelay = delay;
-                    responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                    responder.DelayedActions = DelayedActionsFlag.All;
 
                     // This needs to be greater than delay, but less than 2x delay to ensure
                     // that the time is a timeout for individual fetches, not a running total.
@@ -90,7 +90,7 @@ public static void RevocationCheckingTimeout(PkiOptions pkiOptions)
 
                 X509Chain chain = holder.Chain;
                 responder.ResponseDelay = delay;
-                responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                responder.DelayedActions = DelayedActionsFlag.All;
 
                 chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(1);
                 chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
@@ -148,7 +148,7 @@ public static void RevocationCheckingMaximum(PkiOptions pkiOptions)
 
                 X509Chain chain = holder.Chain;
                 responder.ResponseDelay = delay;
-                responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                responder.DelayedActions = DelayedActionsFlag.All;
 
                 chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromMinutes(2);
                 chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
@@ -200,7 +200,7 @@ public static void RevocationCheckingNegativeTimeout(PkiOptions pkiOptions)
 
                     X509Chain chain = holder.Chain;
                     responder.ResponseDelay = delay;
-                    responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                    responder.DelayedActions = DelayedActionsFlag.All;
 
                     chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromMinutes(-1);
                     chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
@@ -216,6 +216,47 @@ public static void RevocationCheckingNegativeTimeout(PkiOptions pkiOptions)
             });
         }
 
+        [Theory]
+        [InlineData(DelayedActionsFlag.Ocsp)]
+        [InlineData(DelayedActionsFlag.Crl)]
+        [PlatformSpecific(TestPlatforms.Windows | TestPlatforms.Linux)]
+        public static void RevocationCheckingTimeoutFallbackToOther(DelayedActionsFlag delayFlags)
+        {
+            RetryHelper.Execute(() => {
+                CertificateAuthority.BuildPrivatePki(
+                    PkiOptions.AllRevocation,
+                    out RevocationResponder responder,
+                    out CertificateAuthority rootAuthority,
+                    out CertificateAuthority intermediateAuthority,
+                    out X509Certificate2 endEntityCert,
+                    nameof(RevocationCheckingTimeoutFallbackToOther));
+
+                using (responder)
+                using (rootAuthority)
+                using (intermediateAuthority)
+                using (endEntityCert)
+                using (ChainHolder holder = new ChainHolder())
+                using (X509Certificate2 rootCert = rootAuthority.CloneIssuerCert())
+                using (X509Certificate2 intermediateCert = intermediateAuthority.CloneIssuerCert())
+                {
+                    X509Chain chain = holder.Chain;
+                    responder.ResponseDelay = TimeSpan.FromSeconds(8);
+                    responder.DelayedActions = delayFlags;
+
+                    chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(4);
+                    chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
+                    chain.ChainPolicy.CustomTrustStore.Add(rootCert);
+                    chain.ChainPolicy.ExtraStore.Add(intermediateCert);
+                    chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
+                    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
+
+                    chain.ChainPolicy.DisableCertificateDownloads = true;
+
+                    Assert.True(chain.Build(endEntityCert), $"chain.Build; Chain status: {chain.AllStatusFlags()}");
+                }
+            });
+        }
+
         [Fact]
         [PlatformSpecific(TestPlatforms.Linux)]
         public static void AiaFetchDelayed()
@@ -241,7 +282,7 @@ public static void AiaFetchDelayed()
 
                     X509Chain chain = holder.Chain;
                     responder.ResponseDelay = delay;
-                    responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                    responder.DelayedActions = DelayedActionsFlag.All;
 
                     chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(15);
                     chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
@@ -281,7 +322,7 @@ public static void AiaFetchTimeout()
 
                 X509Chain chain = holder.Chain;
                 responder.ResponseDelay = delay;
-                responder.DelayedActions = RevocationResponder.DelayedActionsFlag.All;
+                responder.DelayedActions = DelayedActionsFlag.All;
 
                 chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(2);
                 chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;