GDS: add ArgumentException to Method CreateCACertificateAsync (#2336)

Introduces an exception, to notify the user when supplying an invalid argument to the method CreateCACertificateAsync This exception was introduced, as in the current implementation the same subject name has to be used as in the configuration or else the certificate is not copied to the trusted store.
OPCFoundation · Nov 17, 2023 · adafd2c · adafd2c
1 parent eeea34f
commit adafd2c
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs b/Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs
@@ -286,6 +286,16 @@ public virtual async Task<X509Certificate2> CreateCACertificateAsync(
             string subjectName
             )
         {
+            // validate new subjectName matches the previous subject
+            // TODO: An issuer may modify the subject of the CA certificate,
+            // but then the configuration must be updated too!
+            // NOTE: not a strict requirement here for ASN.1 byte compare
+            if (!X509Utils.CompareDistinguishedName(subjectName, SubjectName))
+            {
+                throw new ArgumentException("SubjectName provided does not match the SubjectName property of the CertificateGroup \n" +
+                    "CA Certificate is not created until the subjectName " + SubjectName + " is provided", subjectName);
+            }
+
             DateTime yesterday = DateTime.Today.AddDays(-1);
             X509Certificate2 newCertificate = CertificateFactory.CreateCertificate(subjectName)
                 .SetNotBefore(yesterday)