ab#63856

Keyfactor · Oct 10, 2024 · 8fd105a · 8fd105a
1 parent 19d39ff
commit 8fd105a
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 13 deletions.
diff --git a/CitrixAdcOrchestratorJobExtension/CitrixAdcStore.cs b/CitrixAdcOrchestratorJobExtension/CitrixAdcStore.cs
@@ -428,11 +428,24 @@ public void LinkToIssuer(string cert, string privateKeyPassword, string keyPairN
             Logger.MethodEntry(LogLevel.Debug);
 
             sslcertificatechain chain = sslcertificatechain.get(_nss, keyPairName);
-            //if (chain.chaincomplete == 1)
-            //{
-            //    Logger.LogDebug($"Certificate {keyPairName} already linked to {chain.chainlinked}");
-            //    return;
-            //}
+            sslcertkey certKey = sslcertkey.get(_nss, keyPairName);
+
+            X509Certificate2Collection x509CertCollection = new X509Certificate2Collection();
+            x509CertCollection.Import(Convert.FromBase64String(cert), privateKeyPassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);
+
+            X509Certificate2 issuingCert = x509CertCollection.First(r => r.Subject == (x509CertCollection.First(p => p.HasPrivateKey).Issuer));
+
+            if (chain.chaincomplete == 1)
+            {
+                foreach (string chainCertAlias in chain.chainlinked)
+                {
+                    X509Certificate2 x509ChainCert = GetX509Certificate(GetKeyPairByName(chainCertAlias));
+                    if (x509ChainCert.Thumbprint == issuingCert.Thumbprint)
+                    {
+                        return;
+                    }
+                }
+            }
 
             if (chain.chainpossiblelinks == null || chain.chainpossiblelinks.Length == 0)
             {
@@ -441,15 +454,8 @@ public void LinkToIssuer(string cert, string privateKeyPassword, string keyPairN
                 throw new LinkException(msg);
             }
 
-            sslcertkey certKey = sslcertkey.get(_nss, keyPairName);
             string chainCertName = string.Empty;
-
-            X509Certificate2Collection x509CertCollection = new X509Certificate2Collection();
-            x509CertCollection.Import(Convert.FromBase64String(cert), privateKeyPassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);
-
-            X509Certificate2 issuingCert = x509CertCollection.First(r => r.Subject == (x509CertCollection.First(p => p.HasPrivateKey).Issuer));
-
-            foreach(string chainCertAlias in chain.chainpossiblelinks)
+            foreach (string chainCertAlias in chain.chainpossiblelinks)
             {
                 X509Certificate2 x509ChainCert = GetX509Certificate(GetKeyPairByName(chainCertAlias));
                 if (x509ChainCert.Thumbprint == issuingCert.Thumbprint)

diff --git a/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.dll b/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.dll
diff --git a/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.exe b/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.exe
diff --git a/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.pdb b/CitrixAdcTestConsole/bin/Debug/net6.0/CitrixAdcTestConsole.pdb
diff --git a/CitrixAdcTestConsole/bin/Debug/net6.0/Keyfactor.Extensions.Orchestrator.CitricAdc.dll b/CitrixAdcTestConsole/bin/Debug/net6.0/Keyfactor.Extensions.Orchestrator.CitricAdc.dll
diff --git a/CitrixAdcTestConsole/bin/Debug/net6.0/Keyfactor.Extensions.Orchestrator.CitricAdc.pdb b/CitrixAdcTestConsole/bin/Debug/net6.0/Keyfactor.Extensions.Orchestrator.CitricAdc.pdb