Skip to content

Commit 0c2c0e4

Browse files
LeeHoward1LeeHoward1
authored
Merge pull request #479 from LeeHoward1/release_to_master
Merge release branch to master
2 parents f25dc89 + 87b1b4a commit 0c2c0e4

5 files changed

Lines changed: 60 additions & 6 deletions

File tree

SafeguardDevOpsService/ConfigDb/LiteDbConfigurationRepository.cs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
using OneIdentity.DevOps.Data;
1313
using OneIdentity.DevOps.Data.Spp;
1414
using OneIdentity.DevOps.Exceptions;
15+
using OneIdentity.DevOps.Extensions;
1516
using OneIdentity.DevOps.Logic;
1617
using CredentialType = CredentialManagement.CredentialType;
1718

@@ -653,7 +654,7 @@ public X509Certificate2 UserCertificate
653654
try
654655
{
655656
var bytes = Convert.FromBase64String(UserCertificateBase64Data);
656-
var cert = X509CertificateLoader.LoadPkcs12(bytes, UserCertificatePassphrase);
657+
var cert = CertificateExtensions.LoadFromBytes(bytes,UserCertificatePassphrase);
657658
return cert;
658659
}
659660
catch (Exception)
@@ -699,7 +700,7 @@ public X509Certificate2 WebSslCertificate
699700
try
700701
{
701702
var bytes = Convert.FromBase64String(WebSslCertificateBase64Data);
702-
var cert = X509CertificateLoader.LoadPkcs12(bytes, WebSslCertificatePassphrase);
703+
var cert = CertificateExtensions.LoadFromBytes(bytes, WebSslCertificatePassphrase);
703704
return cert;
704705
}
705706
catch (Exception)

SafeguardDevOpsService/Extensions/CertificateExtensions.cs

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
using System.Security.Cryptography;
2+
using System.Security.Cryptography.X509Certificates;
3+
using System.Text;
4+
5+
namespace OneIdentity.DevOps.Extensions
6+
{
7+
public static class CertificateExtensions
8+
{
9+
public static X509Certificate2 LoadFromBytes(byte[] rawData, string? password = null, X509KeyStorageFlags? keyStorageFlags = null)
10+
{
11+
// 1. Detect if the byte array is PKCS12 or PEM
12+
X509ContentType contentType = X509Certificate2.GetCertContentType(rawData);
13+
14+
if (contentType == X509ContentType.Pkcs12)
15+
{
16+
if (keyStorageFlags.HasValue)
17+
{
18+
// Use the new .NET 9 Loader for binary PKCS12/PFX
19+
return X509CertificateLoader.LoadPkcs12(rawData, password, keyStorageFlags.Value);
20+
}
21+
else
22+
{
23+
// Use the new .NET 9 Loader for binary PKCS12/PFX
24+
return X509CertificateLoader.LoadPkcs12(rawData, password);
25+
}
26+
27+
}
28+
else
29+
{
30+
// It's likely PEM (text-based).
31+
// We convert the bytes to a string to use the PEM parser.
32+
string pemString = Encoding.UTF8.GetString(rawData);
33+
34+
// 1. Load the public certificate
35+
var cert = X509CertificateLoader.LoadCertificate(rawData);
36+
37+
// 2. Load the private key if it exists in the string
38+
if (pemString.Contains("PRIVATE KEY"))
39+
{
40+
using var rsa = RSA.Create();
41+
// ImportFromPem automatically handles both 'Universal 2' and 'Universal 16'
42+
rsa.ImportFromPem(pemString);
43+
44+
// 3. Link them together
45+
return cert.CopyWithPrivateKey(rsa);
46+
}
47+
48+
return cert;
49+
}
50+
}
51+
}
52+
}

SafeguardDevOpsService/Logic/CertificateData.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
using System.Security.Cryptography.X509Certificates;
55
using System.Text;
66
using OneIdentity.DevOps.Exceptions;
7+
using OneIdentity.DevOps.Extensions;
78

89
namespace OneIdentity.DevOps.Logic
910
{
@@ -16,7 +17,7 @@ internal class CertificateData : ICertificateData, IDisposable
1617
public CertificateData(string certB64, string password)
1718
{
1819
Password = password;
19-
cert = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(certB64), password, X509KeyStorageFlags.EphemeralKeySet | X509KeyStorageFlags.Exportable);
20+
cert = CertificateExtensions.LoadFromBytes(Convert.FromBase64String(certB64), password, X509KeyStorageFlags.EphemeralKeySet | X509KeyStorageFlags.Exportable);
2021
}
2122

2223
public string Base64Certificate => Convert.ToBase64String(cert.Export(X509ContentType.Cert));

SafeguardDevOpsService/Logic/SafeguardLogic.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1640,7 +1640,7 @@ public void InstallCertificate(CertificateInfo certificate, CertificateType cert
16401640
X509Certificate2 cert;
16411641
try
16421642
{
1643-
cert = X509CertificateLoader.LoadPkcs12(certificateBytes, certificate.Passphrase);
1643+
cert = CertificateExtensions.LoadFromBytes(certificateBytes, certificate.Passphrase);
16441644
_logger.Debug(
16451645
$"Parsed certificate for installation: subject={cert.SubjectName.Name}, thumbprint={cert.Thumbprint}");
16461646
}
@@ -2304,7 +2304,7 @@ private CertificateInfo AddTrustedCertificate(string base64CertificateData, stri
23042304
try
23052305
{
23062306
var certificateBytes = CertificateHelper.ConvertPemToData(base64CertificateData);
2307-
var cert = X509CertificateLoader.LoadPkcs12(certificateBytes, passPhrase);
2307+
var cert = CertificateExtensions.LoadFromBytes(certificateBytes, passPhrase);
23082308
_logger.Debug(
23092309
$"Parsed new trusted certificate: subject={cert.SubjectName}, thumbprint={cert.Thumbprint}.");
23102310

pipeline-templates/global-variables.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
# azure pipeline Reached heap limit Allocation failed - JavaScript heap out of memory The command "npm install" exited with code 134
1313
variables:
1414
- name: semanticVersion
15-
value: "8.2.1"
15+
value: "8.2.2"
1616
- name: isPrerelease
1717
value: ${{ true }}
1818
- name: isReleaseBranch

0 commit comments

Comments
 (0)