Obsolete some System.Security.Cryptography.Pkcs APIs

docs/project/list-of-diagnostics.md

@@ -88,6 +88,8 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
 |  __`SYSLIB0031`__ | EncodeOID is obsolete. Use the ASN.1 functionality provided in System.Formats.Asn1. |
 |  __`SYSLIB0032`__ | Recovery from corrupted process state exceptions is not supported; HandleProcessCorruptedStateExceptionsAttribute is ignored. |
 |  __`SYSLIB0033`__ | Rfc2898DeriveBytes.CryptDeriveKey is obsolete and is not supported. Use PasswordDeriveBytes.CryptDeriveKey instead. |
+|  __`SYSLIB0034`__ | CmsSigner(CspParameters) is obsolete and is not supported. Use an alternative constructor instead. |
+|  __`SYSLIB0035`__ | ComputeCounterSignature without specifying a CmsSigner is obsolete and is not supported. Use the overload that accepts a CmsSigner. |
 
 ## Analyzer Warnings
 

src/libraries/Common/src/System/Obsoletions.cs

@@ -110,5 +110,11 @@ internal static class Obsoletions
 
         internal const string Rfc2898CryptDeriveKeyMessage = "Rfc2898DeriveBytes.CryptDeriveKey is obsolete and is not supported. Use PasswordDeriveBytes.CryptDeriveKey instead.";
         internal const string Rfc2898CryptDeriveKeyDiagId = "SYSLIB0033";
+
+        internal const string CmsSignerCspParamsCtorMessage = "CmsSigner(CspParameters) is obsolete and is not supported. Use an alternative constructor instead.";
+        internal const string CmsSignerCspParamsCtorDiagId = "SYSLIB0034";
+
+        internal const string SignerInfoCounterSigMessage = "ComputeCounterSignature without specifying a CmsSigner is obsolete and is not supported. Use the overload that accepts a CmsSigner.";
+        internal const string SignerInfoCounterSigDiagId = "SYSLIB0035";
     }
 }

src/libraries/System.Security.Cryptography.Pkcs/ref/System.Security.Cryptography.Pkcs.cs

@@ -83,6 +83,9 @@ public void Reset() { }
     public sealed partial class CmsSigner
     {
         public CmsSigner() { }
+#if NET6_0_OR_GREATER
+        [System.ObsoleteAttribute("CmsSigner(CspParameters) is obsolete and is not supported. Use an alternative constructor instead.", DiagnosticId = "SYSLIB0034", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public CmsSigner(System.Security.Cryptography.CspParameters parameters) { }
         public CmsSigner(System.Security.Cryptography.Pkcs.SubjectIdentifierType signerIdentifierType) { }
@@ -267,6 +270,9 @@ internal SignerInfo() { }
         public void CheckHash() { }
         public void CheckSignature(bool verifySignatureOnly) { }
         public void CheckSignature(System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraStore, bool verifySignatureOnly) { }
+#if NET6_0_OR_GREATER
+        [System.ObsoleteAttribute("ComputeCounterSignature without specifying a CmsSigner is obsolete and is not supported. Use the overload that accepts a CmsSigner.", DiagnosticId = "SYSLIB0035", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public void ComputeCounterSignature() { }
         public void ComputeCounterSignature(System.Security.Cryptography.Pkcs.CmsSigner signer) { }

src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj

@@ -317,6 +317,8 @@ System.Security.Cryptography.Pkcs.EnvelopedCms</PackageDescription>
     <Compile Include="Internal\Cryptography\Pal\AnyOS\PkcsPal.AnyOS.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(IsPartialFacadeAssembly)' != 'true'">
+    <Compile Include="$(CommonPath)System\Obsoletions.cs"
+             Link="Common\System\Obsoletions.cs" />
     <Compile Include="$(CommonPath)System\Memory\PointerMemoryManager.cs"
              Link="Common\System\Memory\PointerMemoryManager.cs" />
     <Compile Include="$(CommonPath)System\Security\Cryptography\CryptoPool.cs"

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Formats.Asn1;
@@ -51,15 +52,9 @@ public CmsSigner(X509Certificate2? certificate)
         {
         }
 
-        // This can be implemented with NETCOREAPP2_0 with the cert creation API.
-        // * Open the parameters as RSACSP (RSA PKCS#1 signature was hard-coded in netfx)
-        //   * Which will fail on non-Windows
-        // * Create a certificate with subject CN=CMS Signer Dummy Certificate
-        //   * Need to check against .NET Framework to find out what the NotBefore/NotAfter values are
-        //   * No extensions
-        //
-        // Since it would only work on Windows, it could also be just done as P/Invokes to
-        // CertCreateSelfSignedCertificate on a split Windows/netstandard implementation.
+#if NET6_0_OR_GREATER
+        [Obsolete(Obsoletions.CmsSignerCspParamsCtorMessage, DiagnosticId = Obsoletions.CmsSignerCspParamsCtorDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+ #endif
         public CmsSigner(CspParameters parameters) => throw new PlatformNotSupportedException();
 
         public CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2? certificate) : this(signerIdentifierType, certificate, null)

src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignerInfo.cs

@@ -291,6 +291,9 @@ private SignerInfoCollection GetCounterSigners(AttributeAsn[] unsignedAttrs)
             return new SignerInfoCollection(signerInfos.ToArray());
         }
 
+#if NET6_0_OR_GREATER
+        [Obsolete(Obsoletions.SignerInfoCounterSigMessage, DiagnosticId = Obsoletions.SignerInfoCounterSigDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+ #endif
         public void ComputeCounterSignature()
         {
             throw new PlatformNotSupportedException(SR.Cryptography_Cms_NoSignerCert);