diff options
Diffstat (limited to 'src/Shared/CertificateGeneration/MacOSCertificateManager.cs')
-rw-r--r-- | src/Shared/CertificateGeneration/MacOSCertificateManager.cs | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/Shared/CertificateGeneration/MacOSCertificateManager.cs b/src/Shared/CertificateGeneration/MacOSCertificateManager.cs index 343a93f00b..30237e445f 100644 --- a/src/Shared/CertificateGeneration/MacOSCertificateManager.cs +++ b/src/Shared/CertificateGeneration/MacOSCertificateManager.cs @@ -373,14 +373,14 @@ internal sealed class MacOSCertificateManager : CertificateManager return ListCertificates(StoreName.My, StoreLocation.CurrentUser, isValid: false); } - protected override void PopulateCertificatesFromStore(X509Store store, List<X509Certificate2> certificates) + protected override void PopulateCertificatesFromStore(X509Store store, List<X509Certificate2> certificates, bool requireExportable) { if (store.Name! == StoreName.My.ToString() && store.Location == StoreLocation.CurrentUser && Directory.Exists(MacOSUserHttpsCertificateLocation)) { var certsFromDisk = GetCertsFromDisk(); var certsFromStore = new List<X509Certificate2>(); - base.PopulateCertificatesFromStore(store, certsFromStore); + base.PopulateCertificatesFromStore(store, certsFromStore, requireExportable); // Certs created by pre-.NET 7. var onlyOnKeychain = certsFromStore.Except(certsFromDisk, ThumbprintComparer.Instance); @@ -388,10 +388,13 @@ internal sealed class MacOSCertificateManager : CertificateManager // Certs created (or "upgraded") by .NET 7+. // .NET 7+ installs the certificate on disk as well as on the user keychain (for backwards // compatibility with pre-.NET 7). - // Note that the actual certs we populate need to be the ones from the store location, and - // not the version from disk, since we may do other operations with these certs later (such - // as exporting) which would fail with crypto errors otherwise. - var onDiskAndKeychain = certsFromStore.Intersect(certsFromDisk, ThumbprintComparer.Instance); + // Note that if we require exportable certs, the actual certs we populate need to be the ones + // from the store location, and not the version from disk. If we don't require exportability, + // we favor the version of the cert that's on disk (avoiding unnecessary keychain access + // prompts). Intersect compares with the specified comparer and returns the matching elements + // from the first set. + var onDiskAndKeychain = requireExportable ? certsFromStore.Intersect(certsFromDisk, ThumbprintComparer.Instance) + : certsFromDisk.Intersect(certsFromStore, ThumbprintComparer.Instance); // The only times we can find a certificate on the keychain and a certificate on keychain+disk // are when the certificate on disk and keychain has expired and a pre-.NET 7 SDK has been @@ -403,7 +406,7 @@ internal sealed class MacOSCertificateManager : CertificateManager } else { - base.PopulateCertificatesFromStore(store, certificates); + base.PopulateCertificatesFromStore(store, certificates, requireExportable); } } |