Skip to content

Fixup release 4.0.1 #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
indrora merged 3 commits into from
Mar 25, 2026
Merged

Fixup release 4.0.1 #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5b12125
release: 4.0
leefine02 Feb 25, 2026
b43aaca
release: 4.0.1
leefine02 Mar 25, 2026
911e5de
Merge branch 'main' into release-4.0
indrora Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
v4.0.1
- Bug Fix: Error running ODKG jobs found in v4.0.0

v4.0.0
- Added ability to run post job commands for Management-Add and ODKG jobs.
- Added "+" as an allowed character for store paths and file names
Expand Down
2 changes: 1 addition & 1 deletion RemoteFile/ReenrollmentBase.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ public JobResult ProcessJob(ReenrollmentJobConfiguration config, SubmitReenrollm
}

// save certificate
certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx)), config.Overwrite, null, RemoveRootCertificate);
certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx, "password")), config.Overwrite, "password", RemoveRootCertificate);
Copy link

Copilot AI Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoding the PFX password to the literal string "password" is a security issue and can also break reenrollment if the store/entry password is expected to match configuration. Instead, use the appropriate configured password (e.g., the store password or a job-provided private key password), or update RemoteCertificateStore.AddCertificate to correctly handle passwordless PFX (so you don't need to force a non-empty password).

Suggested change
certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx, "password")), config.Overwrite, "password", RemoveRootCertificate);
certificateStore.AddCertificate(config.Alias ?? cert.Thumbprint, Convert.ToBase64String(cert.Export(X509ContentType.Pfx, StorePassword)), config.Overwrite, StorePassword, RemoveRootCertificate);

Copilot uses AI. Check for mistakes.
certificateStore.SaveCertificateStore(certificateStoreSerializer.SerializeRemoteCertificateStore(certificateStore.GetCertificateStore(), storePathFile.Path, storePathFile.File, StorePassword, certificateStore.RemoteHandler));

try
Expand Down
Binary file modified docsource/images/RFJKS-basic-store-type-dialog.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading