diff --git a/Gigya.Microdot.SharedLogic/Security/WindowsStoreCertificateLocator.cs b/Gigya.Microdot.SharedLogic/Security/WindowsStoreCertificateLocator.cs index a3fad7de..94f245d1 100644 --- a/Gigya.Microdot.SharedLogic/Security/WindowsStoreCertificateLocator.cs +++ b/Gigya.Microdot.SharedLogic/Security/WindowsStoreCertificateLocator.cs @@ -26,6 +26,7 @@ using System.Linq; using System.Security.Cryptography.X509Certificates; using Gigya.Microdot.Interfaces.Configuration; +using Gigya.Microdot.Interfaces.Logging; using Gigya.Microdot.SharedLogic.Exceptions; using Gigya.Microdot.SharedLogic.HttpService; using Gigya.Microdot.SharedLogic.Utils; @@ -48,11 +49,13 @@ public class HttpsConfiguration : IConfigObject public class WindowsStoreCertificateLocator : ICertificateLocator { private Func HttpsConfigurationFactory { get; } + private ILog Log { get; } - public WindowsStoreCertificateLocator(Func httpsConfigurationFactory) + public WindowsStoreCertificateLocator(Func httpsConfigurationFactory, ILog log) { - HttpsConfigurationFactory = httpsConfigurationFactory; + HttpsConfigurationFactory = httpsConfigurationFactory; + Log = log; } @@ -78,15 +81,36 @@ public X509Certificate2 GetCertificate(string certName) var store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly); - var certs = store.Certificates.Find(X509FindType.FindBySubjectName, parts[2], false); - - var foundCert = certs.Cast().FirstOrDefault(cer => cer.GetNameInfo(X509NameType.SimpleName, false) == parts[2]); + var subjectName = parts[2]; + var certs = store.Certificates.Find(X509FindType.FindBySubjectName, subjectName, false); + var recentCert = GetRecentCertificate(certs, subjectName); errorPrefix += " and process runs under user '" + CurrentApplicationInfo.OsUser + "'"; - GAssert.IsTrue(foundCert != null, errorPrefix + ", but certificate was not found."); - GAssert.IsTrue(foundCert.HasPrivateKey, errorPrefix + ", but certificate does not contain a private key."); - return foundCert; + GAssert.IsTrue(recentCert != null, errorPrefix + ", but certificate was not found."); + GAssert.IsTrue(recentCert.HasPrivateKey, errorPrefix + ", but certificate does not contain a private key."); + + var validFrom = recentCert.GetEffectiveDateString(); + Log.Info(x => x("Certificate located", unencryptedTags: new { subjectName, validFrom })); + + return recentCert; } - } + private X509Certificate2 GetRecentCertificate(X509Certificate2Collection certificates, string certName) + { + X509Certificate2 recentCert = null; + + foreach (var cert in certificates) + { + if (cert.GetNameInfo(X509NameType.SimpleName, false) != certName) + continue; + + if (recentCert == null || DateTime.Parse(cert.GetEffectiveDateString()) > DateTime.Parse(recentCert.GetEffectiveDateString())) + recentCert = cert; + } + + return recentCert; + } + + + } } \ No newline at end of file diff --git a/SolutionVersion.cs b/SolutionVersion.cs index 609fbb38..321d6ad8 100644 --- a/SolutionVersion.cs +++ b/SolutionVersion.cs @@ -1,4 +1,4 @@ -#region Copyright +#region Copyright // Copyright 2017 Gigya Inc. All rights reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,9 +28,9 @@ [assembly: AssemblyCopyright("© 2018 Gigya Inc.")] [assembly: AssemblyDescription("Microdot Framework")] -[assembly: AssemblyVersion("1.12.0.0")] -[assembly: AssemblyFileVersion("1.12.0.0")] -[assembly: AssemblyInformationalVersion("1.12.0.0")] +[assembly: AssemblyVersion("1.12.1.0")] +[assembly: AssemblyFileVersion("1.12.1.0")] +[assembly: AssemblyInformationalVersion("1.12.1.0")] // Setting ComVisible to false makes the types in this assembly not visible