fix some issues

OPCFoundation · Jan 15, 2025 · 29eb65a · 29eb65a
1 parent 65ee40c
commit 29eb65a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 2 deletions.
diff --git a/Libraries/Opc.Ua.Gds.Server.Common/ApplicationsNodeManager.cs b/Libraries/Opc.Ua.Gds.Server.Common/ApplicationsNodeManager.cs
@@ -1123,7 +1123,7 @@ private ServiceResult OnStartSigningRequest(
             byte[] certificateRequest,
             ref NodeId requestId)
         {
-            AuthorizationHelper.HasAuthorization(context, AuthorizationHelper.CertificateAuthorityAdminOrSelfAdmin, applicationId); ;
+            AuthorizationHelper.HasAuthorization(context, AuthorizationHelper.CertificateAuthorityAdminOrSelfAdmin, applicationId);
 
             var application = m_database.GetApplication(applicationId);
 
@@ -1230,7 +1230,7 @@ private ServiceResult OnFinishRequest(
             }
 
             ICertificateGroup certificateGroup = null;
-            if (!String.IsNullOrWhiteSpace(certificateGroupId))
+            if (!string.IsNullOrWhiteSpace(certificateGroupId))
             {
                 foreach (var group in m_certificateGroups)
                 {

diff --git a/Libraries/Opc.Ua.Security.Certificates/X509Crl/X509Signature.cs b/Libraries/Opc.Ua.Security.Certificates/X509Crl/X509Signature.cs
@@ -190,6 +190,10 @@ private bool VerifyForRSA(X509Certificate2 certificate, RSASignaturePadding padd
         {
             using (RSA rsa = certificate.GetRSAPublicKey())
             {
+                if (rsa == null)
+                {
+                    return false;
+                }
                 return rsa.VerifyData(Tbs, Signature, Name, padding);
             }
         }
@@ -201,6 +205,10 @@ private bool VerifyForECDsa(X509Certificate2 certificate)
         {
             using (ECDsa key = certificate.GetECDsaPublicKey())
             {
+                if (key == null)
+                {
+                    return false;
+                }
                 byte[] decodedSignature = DecodeECDsa(Signature, key.KeySize);
                 return key.VerifyData(Tbs, decodedSignature, Name);
             }

diff --git a/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs b/Libraries/Opc.Ua.Server/Configuration/ConfigurationNodeManager.cs
@@ -424,6 +424,12 @@ private ServiceResult UpdateCertificate(
                     throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Certificate data is invalid.");
                 }
 
+                // validate certificate type of new certificate
+                if (!CertificateIdentifier.ValidateCertificateType(newCert, certificateTypeId))
+                {
+                    throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Certificate type of new certificate doesn't match the provided certificate type.");
+                }
+
                 // identify the existing certificate to be updated
                 // it should be of the same type and same subject name as the new certificate
                 CertificateIdentifier existingCertIdentifier = certificateGroup.ApplicationCertificates.FirstOrDefault(cert =>

diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateTypesProvider.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateTypesProvider.cs
@@ -199,6 +199,7 @@ public X509Certificate2Collection LoadCertificateChain(X509Certificate2 certific
         public void Update(SecurityConfiguration securityConfiguration)
         {
             m_securityConfiguration = securityConfiguration;
+            m_certificateChain.Clear();
             //ToDo intialize internal CertificateValidator after Certificate Update to clear cache of old application certificates
         }