dotnet/runtime

X509Certificate2 Issue in MAUI Project on M1 Macbook

Open

#77.611 aperta il 28 ott 2022

Vedi su GitHub
 (7 commenti) (1 reazione) (0 assegnatari)C# (5445 fork)batch import
area-System.Securityhelp wantedos-maccatalyst

Metriche repository

Star
 (17.886 star)
Metriche merge PR
 (Merge medio 12g 11h) (661 PR mergiate in 30 g)

Descrizione

Description

I am using OPCFoundation/UA-.NETStandard library for one of my application. In this application I have to handle digital certificates. In Windows it's working well but in MacOS it's not.

When I start the app, app is creating the certificate automatically in the directory as below.

image

But the app gives Cannot access certificate private key error.

I opened an issue about this in library's repo. They said the problem might be in dotnet runtime on M1 MacOS.

Reproduction Steps

I wrote a method for receive server's certificate. You can find this method at below.

public async Task<(X509Certificate2, bool)> GetCertificate(string ipAddress)
        {
            if (_application != null) _application = null;
            if (_config != null) _config = null;

            string endpointUrl = $"opc.tcp://{ipAddress}:4840";

            _application = new ApplicationInstance
            {
                ApplicationName = "Pre-Dev OPC UA Client",
                ApplicationType = ApplicationType.Client,
                ConfigSectionName = Utils.IsRunningOnMono() ||
                DeviceInfo.Current.Platform == DevicePlatform.iOS ||
                DeviceInfo.Current.Platform == DevicePlatform.Android ? "Opc.Ua.MonoSampleClient" : "Opc.Ua.SampleClient"
            };

            try
            {
                using var stream = await FileSystem.OpenAppPackageFileAsync(_application.ConfigSectionName + ".Config.xml");
                _config = await _application.LoadApplicationConfiguration(stream, false);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

            bool haveAppCertificate = await _application.CheckApplicationInstanceCertificate(false, 0);
            if (!haveAppCertificate)
            {
                throw new Exception("Application instance certificate invalid!");
            }

            if (haveAppCertificate)
            {
                
                _config.ApplicationUri = X509Utils.GetApplicationUriFromCertificate(_config.SecurityConfiguration.ApplicationCertificate.Certificate);
                if (_config.SecurityConfiguration.AutoAcceptUntrustedCertificates)
                {
                    _autoAccept = true;
                }
                _config.CertificateValidator.CertificateValidation += new CertificateValidationEventHandler(CertificateValidator_CertificateValidation);
            }
            else
            {
                Console.WriteLine("WARN: missing application certificate, using unsecure connection.");
            }

            var selectedEndpoint = CoreClientUtils.SelectEndpoint(endpointUrl, haveAppCertificate, 15000);

            var endpointConfiguration = EndpointConfiguration.Create(_config);
            var endpoint = new ConfiguredEndpoint(null, selectedEndpoint, endpointConfiguration);

            bool isNone = IsCertificateTypeNone(endpoint);

            if (isNone == false) return (new X509Certificate2(endpoint.Description.ServerCertificate), isNone);
            else return (null, isNone);
        }

When I build and start the app firstly on Mac(MacCatalyst) app gives the There is no cert with subject ... exception as below.

Screen Shot 2022-09-28 at 08 42 13

In the second run, app gives the Cannot access certificate private key exception.

Expected behavior

Application must get all certificates successfully.

Actual behavior

It gives Cannot access certificate private key exception.

Regression?

No response

Known Workarounds

No response

Configuration

  • .Net6.0.402 MAUI with Blazor project.
  • MacOS Monterey 12.6.1
  • M1 Macbook

Other information

No response

Guida contributor