Skip to content

Commit

Permalink
only use CSR when Private Key is exportable
Browse files Browse the repository at this point in the history
  • Loading branch information
romanett committed May 12, 2024
1 parent a3e0489 commit 33cd390
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions Samples/GDS/Client/Controls/ApplicationCertificateControl.cs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
* http://opcfoundation.org/License/MIT/1.00/
* ======================================================================*/

using Opc.Ua.Gds;
using Opc.Ua.Security.Certificates;
using System;
using System.Drawing;
Expand Down Expand Up @@ -220,10 +219,22 @@ private async Task RequestNewCertificatePullMode(object sender, EventArgs e)
SubjectName = Utils.ReplaceDCLocalhost(m_application.CertificateSubjectName)
};
m_certificate = await id.Find(true);
//only use CSR when the private key is available & exportable
if (m_certificate != null &&
m_certificate.HasPrivateKey)
{
m_certificate = await id.LoadPrivateKey(m_certificatePassword);
try
{
//this line fails with a CryptographicException if export of private key is not allowed
_ = m_certificate.GetRSAPrivateKey().ExportParameters(true);
//proceed with a CSR using the exportable private key
m_certificate = await id.LoadPrivateKey(m_certificatePassword);
}
catch
{
//use KeyPair Request instead
m_certificate = null;
}
}
}

Expand Down

0 comments on commit 33cd390

Please sign in to comment.