Annotate System.Security.Cryptography.Xml as RequiresDynamicCode

src/libraries/System.Security.Cryptography.Xml/ref/System.Security.Cryptography.Xml.cs

@@ -16,6 +16,7 @@ public CipherData(System.Security.Cryptography.Xml.CipherReference cipherReferen
         [System.Diagnostics.CodeAnalysis.DisallowNullAttribute]
         public byte[]? CipherValue { get { throw null; } set { } }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class CipherReference : System.Security.Cryptography.Xml.EncryptedReference
@@ -24,6 +25,7 @@ public CipherReference() { }
         public CipherReference(string uri) { }
         public CipherReference(string uri, System.Security.Cryptography.Xml.TransformChain transformChain) { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public partial class DataObject
@@ -57,6 +59,7 @@ public sealed partial class EncryptedData : System.Security.Cryptography.Xml.Enc
     {
         public EncryptedData() { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class EncryptedKey : System.Security.Cryptography.Xml.EncryptedType
@@ -69,6 +72,7 @@ public EncryptedKey() { }
         public void AddReference(System.Security.Cryptography.Xml.DataReference dataReference) { }
         public void AddReference(System.Security.Cryptography.Xml.KeyReference keyReference) { }
         public override System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public override void LoadXml(System.Xml.XmlElement value) { }
     }
     public abstract partial class EncryptedReference
@@ -82,6 +86,7 @@ protected EncryptedReference(string uri, System.Security.Cryptography.Xml.Transf
         public string Uri { get { throw null; } set { } }
         public void AddTransform(System.Security.Cryptography.Xml.Transform transform) { }
         public virtual System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public virtual void LoadXml(System.Xml.XmlElement value) { }
     }
     public abstract partial class EncryptedType
@@ -98,6 +103,7 @@ protected EncryptedType() { }
         public virtual string? Type { get { throw null; } set { } }
         public void AddProperty(System.Security.Cryptography.Xml.EncryptionProperty ep) { }
         public abstract System.Xml.XmlElement GetXml();
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public abstract void LoadXml(System.Xml.XmlElement value);
     }
     public partial class EncryptedXml
@@ -119,8 +125,11 @@ public partial class EncryptedXml
         public const string XmlEncSHA512Url = "http://www.w3.org/2001/04/xmlenc#sha512";
         public const string XmlEncTripleDESKeyWrapUrl = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
         public const string XmlEncTripleDESUrl = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public EncryptedXml() { }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public EncryptedXml(System.Xml.XmlDocument document) { }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public EncryptedXml(System.Xml.XmlDocument document, System.Security.Policy.Evidence? evidence) { }
         public System.Security.Policy.Evidence? DocumentEvidence { get { throw null; } set { } }
         public System.Text.Encoding Encoding { get { throw null; } set { } }
@@ -218,6 +227,7 @@ protected KeyInfoClause() { }
         public abstract System.Xml.XmlElement GetXml();
         public abstract void LoadXml(System.Xml.XmlElement element);
     }
+    [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
     public partial class KeyInfoEncryptedKey : System.Security.Cryptography.Xml.KeyInfoClause
     {
         public KeyInfoEncryptedKey() { }
@@ -290,6 +300,7 @@ public Reference(string? uri) { }
         public string? Uri { get { throw null; } set { } }
         public void AddTransform(System.Security.Cryptography.Xml.Transform transform) { }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
     public sealed partial class ReferenceList : System.Collections.ICollection, System.Collections.IEnumerable, System.Collections.IList
@@ -332,8 +343,10 @@ public Signature() { }
         public System.Security.Cryptography.Xml.SignedInfo? SignedInfo { get { throw null; } set { } }
         public void AddObject(System.Security.Cryptography.Xml.DataObject dataObject) { }
         public System.Xml.XmlElement GetXml() { throw null; }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public void LoadXml(System.Xml.XmlElement value) { }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
     public partial class SignedInfo : System.Collections.ICollection, System.Collections.IEnumerable
     {
         public SignedInfo() { }
@@ -382,8 +395,11 @@ public partial class SignedXml
         public const string XmlDsigXPathTransformUrl = "http://www.w3.org/TR/1999/REC-xpath-19991116";
         public const string XmlDsigXsltTransformUrl = "http://www.w3.org/TR/1999/REC-xslt-19991116";
         public const string XmlLicenseTransformUrl = "urn:mpeg:mpeg21:2003:01-REL-R-NS:licenseTransform";
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public SignedXml() { }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public SignedXml(System.Xml.XmlDocument document) { }
+        [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
         public SignedXml(System.Xml.XmlElement elem) { }
         [System.Diagnostics.CodeAnalysis.AllowNullAttribute]
         public System.Security.Cryptography.Xml.EncryptedXml EncryptedXml { get { throw null; } set { } }
@@ -437,6 +453,7 @@ public TransformChain() { }
         public void Add(System.Security.Cryptography.Xml.Transform transform) { }
         public System.Collections.IEnumerator GetEnumerator() { throw null; }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
     public partial class XmlDecryptionTransform : System.Security.Cryptography.Xml.Transform
     {
         public XmlDecryptionTransform() { }
@@ -536,6 +553,7 @@ public XmlDsigXsltTransform(bool includeComments) { }
         public override void LoadInnerXml(System.Xml.XmlNodeList nodeList) { }
         public override void LoadInput(object obj) { }
     }
+    [System.Diagnostics.CodeAnalysis.RequiresDynamicCodeAttribute("XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.")]
     public partial class XmlLicenseTransform : System.Security.Cryptography.Xml.Transform
     {
         public XmlLicenseTransform() { }

src/libraries/System.Security.Cryptography.Xml/src/System.Security.Cryptography.Xml.csproj

@@ -135,6 +135,10 @@ System.Security.Cryptography.Xml.XmlLicenseTransform</PackageDescription>
              Link="Common\System\HexConverter.cs" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'">
+    <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\UnconditionalSuppressMessageAttribute.cs" />
+  </ItemGroup>
+
   <ItemGroup Condition="!$([MSBuild]::IsTargetFrameworkCompatible('$(TargetFramework)', 'net7.0'))">
     <Compile Include="$(CoreLibSharedDir)System\Diagnostics\CodeAnalysis\RequiresDynamicCodeAttribute.cs" />
   </ItemGroup>

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherData.cs

@@ -94,6 +94,7 @@ internal XmlElement GetXml(XmlDocument document)
             return cipherDataElement;
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CipherReference.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
@@ -65,6 +66,7 @@ public override XmlElement GetXml()
             return referenceElement;
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/CryptoHelpers.cs

@@ -1,15 +1,20 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Runtime.CompilerServices;
 
 namespace System.Security.Cryptography.Xml
 {
     internal static class CryptoHelpers
     {
+        internal const string XsltRequiresDynamicCodeMessage = "XmlDsigXsltTransform uses XslCompiledTransform which requires dynamic code.";
+
         private static readonly char[] _invalidChars = new char[] { ',', '`', '[', '*', '&' };
 
-        public static object? CreateFromKnownName(string name) =>
+        [RequiresDynamicCode(XsltRequiresDynamicCodeMessage)]
+        private static object? CreateFromKnownName(string name) =>
             name switch
             {
                 "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" => new XmlDsigC14NTransform(),
@@ -40,7 +45,7 @@ internal static class CryptoHelpers
                 _ => null,
             };
 
-#pragma warning disable IL3050 // Calling members annotated with 'RequiresDynamicCodeAttribute' may break functionality when AOT compiling - workaround https://github.com/dotnet/linker/issues/2715
+        [RequiresDynamicCode(XsltRequiresDynamicCodeMessage)]
         private static XmlDsigXsltTransform CreateXmlDsigXsltTransform()
         {
 #if NETCOREAPP
@@ -53,9 +58,8 @@ private static XmlDsigXsltTransform CreateXmlDsigXsltTransform()
 
             return new XmlDsigXsltTransform();
         }
-#pragma warning restore IL3050
-
 
+        [RequiresDynamicCode(XsltRequiresDynamicCodeMessage)]
         public static T? CreateFromName<T>(string? name) where T : class
         {
             if (name == null || name.IndexOfAny(_invalidChars) >= 0)
@@ -71,5 +75,14 @@ private static XmlDsigXsltTransform CreateXmlDsigXsltTransform()
                 return null;
             }
         }
+
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCodeAttribute",
+            Justification = "Only XmlDsigXsltTransform requires dynamic code. This method asserts that T is not a Transform.")]
+        public static T? CreateNonTransformFromName<T>(string? name) where T : class
+        {
+            Debug.Assert(!typeof(Transform).IsAssignableFrom(typeof(T)));
+
+            return CreateFromName<T>(name);
+        }
     }
 }

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedData.cs

@@ -1,12 +1,14 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
 {
     public sealed class EncryptedData : EncryptedType
     {
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedKey.cs

@@ -47,6 +47,7 @@ public void AddReference(KeyReference keyReference)
             ReferenceList.Add(keyReference);
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public override void LoadXml(XmlElement value)
         {
             if (value is null)

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedReference.cs

@@ -102,6 +102,7 @@ internal XmlElement GetXml(XmlDocument document)
             return referenceElement;
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public virtual void LoadXml(XmlElement value)
         {
             if (value is null)

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedType.cs

@@ -104,6 +104,7 @@ public virtual CipherData CipherData
             }
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public abstract void LoadXml(XmlElement value);
         public abstract XmlElement GetXml();
     }

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/EncryptedXml.cs

@@ -76,10 +76,13 @@ public class EncryptedXml
         //
         // public constructors
         //
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public EncryptedXml() : this(new XmlDocument()) { }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public EncryptedXml(XmlDocument document) : this(document, null) { }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public EncryptedXml(XmlDocument document, Evidence? evidence)
         {
             _document = document;
@@ -299,6 +302,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
 
         // default behaviour is to look for keys defined by an EncryptedKey clause
         // either directly or through a KeyInfoRetrievalMethod, and key names in the key mapping
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode", Justification = "ctors are marked as RDC")]
         public virtual SymmetricAlgorithm? GetDecryptionKey(EncryptedData encryptedData, string? symmetricAlgorithmUri)
         {
             if (encryptedData is null)
@@ -374,7 +378,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
                 if (key == null)
                     throw new CryptographicException(SR.Cryptography_Xml_MissingDecryptionKey);
 
-                SymmetricAlgorithm? symAlg = CryptoHelpers.CreateFromName<SymmetricAlgorithm>(symmetricAlgorithmUri);
+                SymmetricAlgorithm? symAlg = CryptoHelpers.CreateNonTransformFromName<SymmetricAlgorithm>(symmetricAlgorithmUri);
                 if (symAlg == null)
                 {
                     throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm);
@@ -386,6 +390,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
         }
 
         // Try to decrypt the EncryptedKey given the key mapping
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode", Justification = "ctors are marked as RDC")]
         public virtual byte[]? DecryptEncryptedKey(EncryptedKey encryptedKey)
         {
             if (encryptedKey is null)
@@ -484,7 +489,7 @@ public virtual byte[] GetDecryptionIV(EncryptedData encryptedData, string? symme
                     if (encryptionKey != null)
                     {
                         // this is a symmetric algorithm for sure
-                        SymmetricAlgorithm? symAlg = CryptoHelpers.CreateFromName<SymmetricAlgorithm>(encryptedKey.EncryptionMethod!.KeyAlgorithm);
+                        SymmetricAlgorithm? symAlg = CryptoHelpers.CreateNonTransformFromName<SymmetricAlgorithm>(encryptedKey.EncryptionMethod!.KeyAlgorithm);
                         if (symAlg == null)
                         {
                             throw new CryptographicException(SR.Cryptography_Xml_MissingAlgorithm);
@@ -531,6 +536,7 @@ public void ClearKeyNameMappings()
 
         // Encrypts the given element with the certificate specified. The certificate is added as
         // an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly.
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode", Justification = "ctors are marked as RDC")]
         public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
         {
             if (inputElement is null)
@@ -575,6 +581,7 @@ public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certifica
         // Encrypts the given element with the key name specified. A corresponding key name mapping
         // has to be defined before calling this method. The key name is added as
         // a KeyNameInfo KeyInfo to an EncryptedKey (AES session key) generated randomly.
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode", Justification = "ctors are marked as RDC")]
         public EncryptedData Encrypt(XmlElement inputElement, string keyName)
         {
             if (inputElement is null)
@@ -657,6 +664,7 @@ public EncryptedData Encrypt(XmlElement inputElement, string keyName)
         // decrypts the document using the defined key mapping in GetDecryptionKey
         // The behaviour of this method can be extended because GetDecryptionKey is virtual
         // the document is decrypted in place
+        [UnconditionalSuppressMessage("AOT", "IL3050:RequiresDynamicCode", Justification = "ctors are marked as RDC")]
         public void DecryptDocument()
         {
             // Look for all EncryptedData elements and decrypt them

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs

@@ -97,7 +97,7 @@ public void LoadXml(XmlElement value)
                         }
                     }
 
-                    KeyInfoClause? keyInfoClause = CryptoHelpers.CreateFromName<KeyInfoClause>(kicString);
+                    KeyInfoClause? keyInfoClause = CryptoHelpers.CreateNonTransformFromName<KeyInfoClause>(kicString);
                     // if we don't know what kind of KeyInfoClause we're looking at, use a generic KeyInfoNode:
                     keyInfoClause ??= new KeyInfoNode();
 

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoEncryptedKey.cs

@@ -1,10 +1,12 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Xml;
 
 namespace System.Security.Cryptography.Xml
 {
+    [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
     public class KeyInfoEncryptedKey : KeyInfoClause
     {
         private EncryptedKey? _encryptedKey;

src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Reference.cs

@@ -202,6 +202,7 @@ internal XmlElement GetXml(XmlDocument document)
             return referenceElement;
         }
 
+        [RequiresDynamicCode(CryptoHelpers.XsltRequiresDynamicCodeMessage)]
         public void LoadXml(XmlElement value)
         {
             if (value is null)
@@ -343,7 +344,7 @@ internal void UpdateHashValue(XmlDocument document, CanonicalXmlNodeList refList
         {
             // refList is a list of elements that might be targets of references
             // Now's the time to create our hashing algorithm
-            _hashAlgorithm = CryptoHelpers.CreateFromName<HashAlgorithm>(_digestMethod);
+            _hashAlgorithm = CryptoHelpers.CreateNonTransformFromName<HashAlgorithm>(_digestMethod);
             if (_hashAlgorithm == null)
                 throw new CryptographicException(SR.Cryptography_Xml_CreateHashAlgorithmFailed);