Account for MacOS KeyStorageFlags quirk

edwardneal · edwardneal · commit de4bc323e548 · 2025-06-22T00:10:54.000+01:00
MacOS will throw an exception when adding a certificate to the user store if the PersistKeySet key storage flag is set. Instead, use the UserKeySet flag.
diff --git a/src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.TestUtilities/Fixtures/CertificateFixtureBase.cs b/src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.TestUtilities/Fixtures/CertificateFixtureBase.cs
@@ -88,11 +88,15 @@ protected X509Certificate2 CreateCertificate(string subjectName, IEnumerable<str
             // This is to ensure that it's imported into the certificate stores with its private key.
             using (X509Certificate2 ephemeral = request.CreateSelfSigned(notBefore, notAfter))
             {
+                X509KeyStorageFlags keyStorageFlags = OperatingSystem.IsMacOS() 
+                    ? X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.Exportable 
+                    : X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable;
+
                 #if NET9_0_OR_GREATER
                 return X509CertificateLoader.LoadPkcs12(
                     ephemeral.Export(X509ContentType.Pkcs12, password),
                     password,
-                    X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable,
+                    keyStorageFlags,
                     new Pkcs12LoaderLimits(Pkcs12LoaderLimits.Defaults) 
                     {
                         PreserveStorageProvider = true,
@@ -102,7 +106,7 @@ protected X509Certificate2 CreateCertificate(string subjectName, IEnumerable<str
                 return new X509Certificate2(
                     ephemeral.Export(X509ContentType.Pkcs12, password),
                     password,
-                    X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
+                    keyStorageFlags);
                 #endif
             }
 #else
