Skip to content

Commit

Permalink
fix Application unregistration in SQL DB & fix private key storage in…
Browse files Browse the repository at this point in the history 
… Pull Model certificate creation in GDS Client
  • Loading branch information
@romanett
romanett committed Mar 16, 2024
1 parent 9c286cb commit 2852b26
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 28 deletions.
60 changes: 32 additions & 28 deletions Samples/GDS/Client/Controls/ApplicationCertificateControl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,7 @@ public async Task Initialize(
}
else if (!String.IsNullOrEmpty(application.CertificateStorePath))
{
CertificateIdentifier id = new CertificateIdentifier
{
CertificateIdentifier id = new CertificateIdentifier {
StorePath = application.CertificateStorePath
};
id.StoreType = CertificateStoreIdentifier.DetermineStoreType(id.StorePath);
Expand Down Expand Up @@ -125,8 +124,7 @@ public async Task Initialize(
{
Uri url = new Uri(disoveryUrl);

CertificateIdentifier id = new CertificateIdentifier()
{
CertificateIdentifier id = new CertificateIdentifier() {
StoreType = CertificateStoreType.X509Store,
StorePath = "CurrentUser\\UA_MachineDefault",
SubjectName = "CN=" + url.DnsSafeHost
Expand Down Expand Up @@ -216,8 +214,7 @@ private async Task RequestNewCertificatePullMode(object sender, EventArgs e)
NodeId requestId = null;
if (!string.IsNullOrEmpty(m_application.CertificateStorePath))
{
CertificateIdentifier id = new CertificateIdentifier
{
CertificateIdentifier id = new CertificateIdentifier {
StoreType = CertificateStoreIdentifier.DetermineStoreType(m_application.CertificateStorePath),
StorePath = m_application.CertificateStorePath,
SubjectName = m_application.CertificateSubjectName.Replace("localhost", Utils.GetHostName())
Expand Down Expand Up @@ -316,41 +313,48 @@ private async void CertificateRequestTimer_Tick(object sender, EventArgs e)

if (!String.IsNullOrEmpty(m_application.CertificateStorePath) && !String.IsNullOrEmpty(m_application.CertificateSubjectName))
{
CertificateIdentifier cid = new CertificateIdentifier()
{
CertificateIdentifier cid = new CertificateIdentifier() {
StorePath = m_application.CertificateStorePath,
StoreType = CertificateStoreIdentifier.DetermineStoreType(m_application.CertificateStorePath),
SubjectName = m_application.CertificateSubjectName.Replace("localhost", Utils.GetHostName())
};

// update store
using (var store = CertificateStoreIdentifier.OpenStore(m_application.CertificateStorePath))
ICertificateStore store;

if (CertificateStoreIdentifier.DetermineStoreType(m_application.CertificateStorePath) == CertificateStoreType.Directory)
{
store = new DirectoryCertificateStore();
store.Open(m_application.CertificateStorePath, false);
}
else
{
store = CertificateStoreIdentifier.OpenStore(m_application.CertificateStorePath);
}

// if we used a CSR, we already have a private key and therefore didn't request one from the GDS
// in this case, privateKey is null
if (privateKeyPFX == null)
{
// if we used a CSR, we already have a private key and therefore didn't request one from the GDS
// in this case, privateKey is null
if (privateKeyPFX == null)
X509Certificate2 oldCertificate = await cid.Find(true);
if (oldCertificate != null && oldCertificate.HasPrivateKey)
{
X509Certificate2 oldCertificate = await cid.Find(true);
if (oldCertificate != null && oldCertificate.HasPrivateKey)
{
oldCertificate = await cid.LoadPrivateKey(string.Empty);
newCert = CertificateFactory.CreateCertificateWithPrivateKey(newCert, oldCertificate);
await store.Delete(oldCertificate.Thumbprint);
}
else
{
throw new ServiceResultException("Failed to merge signed certificate with the private key.");
}
oldCertificate = await cid.LoadPrivateKey(string.Empty);
newCert = CertificateFactory.CreateCertificateWithPrivateKey(newCert, oldCertificate);
await store.Delete(oldCertificate.Thumbprint);
}
else
{
newCert = new X509Certificate2(privateKeyPFX, string.Empty, X509KeyStorageFlags.Exportable);
newCert = CertificateFactory.Load(newCert, true);
throw new ServiceResultException("Failed to merge signed certificate with the private key.");
}

// bugbug: private key is not saved to store
await store.Add(newCert);
}
else
{
newCert = new X509Certificate2(privateKeyPFX, string.Empty, X509KeyStorageFlags.Exportable);
newCert = CertificateFactory.Load(newCert, true);
}
await store.Add(newCert);
store.Dispose();
}
else
{
Expand Down
5 changes: 5 additions & 0 deletions Samples/GDS/Server/SqlApplicationsDatabase.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,11 @@ public override void UnregisterApplication(NodeId applicationId)
entities.CertificateRequests.Remove(entry);
}

foreach (var entry in new List<CertificateStore>(result.CertificateStores))
{
entities.CertificateStores.Remove(entry);
}

foreach (var entry in new List<ApplicationName>(result.ApplicationNames))
{
entities.ApplicationNames.Remove(entry);
Expand Down

0 comments on commit 2852b26

Please sign in to comment.