dotnet/runtime

X509Certificate2 Issue in MAUI Project on M1 Macbook

Open

#77,611 建立於 2022年10月28日

在 GitHub 查看
 (7 留言) (1 反應) (0 負責人)C# (5,445 fork)batch import
area-System.Securityhelp wantedos-maccatalyst

倉庫指標

Star
 (17,886 star)
PR 合併指標
 (平均合併 12天 11小時) (30 天內合併 661 個 PR)

描述

Description

I am using OPCFoundation/UA-.NETStandard library for one of my application. In this application I have to handle digital certificates. In Windows it's working well but in MacOS it's not.

When I start the app, app is creating the certificate automatically in the directory as below.

image

But the app gives Cannot access certificate private key error.

I opened an issue about this in library's repo. They said the problem might be in dotnet runtime on M1 MacOS.

Reproduction Steps

I wrote a method for receive server's certificate. You can find this method at below.

public async Task<(X509Certificate2, bool)> GetCertificate(string ipAddress)
        {
            if (_application != null) _application = null;
            if (_config != null) _config = null;

            string endpointUrl = $"opc.tcp://{ipAddress}:4840";

            _application = new ApplicationInstance
            {
                ApplicationName = "Pre-Dev OPC UA Client",
                ApplicationType = ApplicationType.Client,
                ConfigSectionName = Utils.IsRunningOnMono() ||
                DeviceInfo.Current.Platform == DevicePlatform.iOS ||
                DeviceInfo.Current.Platform == DevicePlatform.Android ? "Opc.Ua.MonoSampleClient" : "Opc.Ua.SampleClient"
            };

            try
            {
                using var stream = await FileSystem.OpenAppPackageFileAsync(_application.ConfigSectionName + ".Config.xml");
                _config = await _application.LoadApplicationConfiguration(stream, false);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }

            bool haveAppCertificate = await _application.CheckApplicationInstanceCertificate(false, 0);
            if (!haveAppCertificate)
            {
                throw new Exception("Application instance certificate invalid!");
            }

            if (haveAppCertificate)
            {
                
                _config.ApplicationUri = X509Utils.GetApplicationUriFromCertificate(_config.SecurityConfiguration.ApplicationCertificate.Certificate);
                if (_config.SecurityConfiguration.AutoAcceptUntrustedCertificates)
                {
                    _autoAccept = true;
                }
                _config.CertificateValidator.CertificateValidation += new CertificateValidationEventHandler(CertificateValidator_CertificateValidation);
            }
            else
            {
                Console.WriteLine("WARN: missing application certificate, using unsecure connection.");
            }

            var selectedEndpoint = CoreClientUtils.SelectEndpoint(endpointUrl, haveAppCertificate, 15000);

            var endpointConfiguration = EndpointConfiguration.Create(_config);
            var endpoint = new ConfiguredEndpoint(null, selectedEndpoint, endpointConfiguration);

            bool isNone = IsCertificateTypeNone(endpoint);

            if (isNone == false) return (new X509Certificate2(endpoint.Description.ServerCertificate), isNone);
            else return (null, isNone);
        }

When I build and start the app firstly on Mac(MacCatalyst) app gives the There is no cert with subject ... exception as below.

Screen Shot 2022-09-28 at 08 42 13

In the second run, app gives the Cannot access certificate private key exception.

Expected behavior

Application must get all certificates successfully.

Actual behavior

It gives Cannot access certificate private key exception.

Regression?

No response

Known Workarounds

No response

Configuration

  • .Net6.0.402 MAUI with Blazor project.
  • MacOS Monterey 12.6.1
  • M1 Macbook

Other information

No response

貢獻者指南