Select latest cert by "Valid from"

Gigya.Microdot.SharedLogic/Security/WindowsStoreCertificateLocator.cs

@@ -26,6 +26,7 @@
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 using Gigya.Microdot.Interfaces.Configuration;
+using Gigya.Microdot.Interfaces.Logging;
 using Gigya.Microdot.SharedLogic.Exceptions;
 using Gigya.Microdot.SharedLogic.HttpService;
 using Gigya.Microdot.SharedLogic.Utils;
@@ -48,11 +49,13 @@ public class HttpsConfiguration : IConfigObject
 	public class WindowsStoreCertificateLocator : ICertificateLocator
 	{
 	    private Func<HttpsConfiguration> HttpsConfigurationFactory { get; }
+        private ILog Log { get;  }
 
 
-	    public WindowsStoreCertificateLocator(Func<HttpsConfiguration> httpsConfigurationFactory)
+	    public WindowsStoreCertificateLocator(Func<HttpsConfiguration> httpsConfigurationFactory, ILog log)
 		{
-		    HttpsConfigurationFactory = httpsConfigurationFactory;		   
+		    HttpsConfigurationFactory = httpsConfigurationFactory;
+		    Log = log;
 		}
 
 
@@ -78,15 +81,36 @@ public X509Certificate2 GetCertificate(string certName)
 
 			var store = new X509Store(storeName, storeLocation);
 			store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
-			var certs = store.Certificates.Find(X509FindType.FindBySubjectName, parts[2], false);
-
-            var foundCert = certs.Cast<X509Certificate2>().FirstOrDefault(cer => cer.GetNameInfo(X509NameType.SimpleName, false) == parts[2]);
+		    var subjectName = parts[2];
+			var certs = store.Certificates.Find(X509FindType.FindBySubjectName, subjectName, false);
+		    var recentCert = GetRecentCertificate(certs, subjectName);            
 
 			errorPrefix += " and process runs under user '" + CurrentApplicationInfo.OsUser + "'";
-			GAssert.IsTrue(foundCert != null, errorPrefix + ", but certificate was not found.");
-			GAssert.IsTrue(foundCert.HasPrivateKey, errorPrefix + ", but certificate does not contain a private key.");
-			return foundCert;
+			GAssert.IsTrue(recentCert != null, errorPrefix + ", but certificate was not found.");
+			GAssert.IsTrue(recentCert.HasPrivateKey, errorPrefix + ", but certificate does not contain a private key.");
+
+		    var validFrom = recentCert.GetEffectiveDateString();
+            Log.Info(x => x("Certificate located", unencryptedTags: new { subjectName, validFrom }));
+
+            return recentCert;
 		}
 
-	}
+	    private X509Certificate2 GetRecentCertificate(X509Certificate2Collection certificates, string certName)
+	    {
+	        X509Certificate2 recentCert = null;
+
+            foreach (var cert in certificates)
+	        {
+	            if (cert.GetNameInfo(X509NameType.SimpleName, false) != certName)
+	                continue;
+
+	            if (recentCert == null || DateTime.Parse(cert.GetEffectiveDateString()) > DateTime.Parse(recentCert.GetEffectiveDateString()))
+	                recentCert = cert;
+	        }
+
+	        return recentCert;
+	    }
+
+
+    }
 }

SolutionVersion.cs

@@ -1,4 +1,4 @@
-#region Copyright 
+#region Copyright 
 // Copyright 2017 Gigya Inc.  All rights reserved.
 // 
 // Licensed under the Apache License, Version 2.0 (the "License"); 
@@ -28,9 +28,9 @@
 [assembly: AssemblyCopyright("© 2018 Gigya Inc.")]
 [assembly: AssemblyDescription("Microdot Framework")]
 
-[assembly: AssemblyVersion("1.12.0.0")]
-[assembly: AssemblyFileVersion("1.12.0.0")] 
-[assembly: AssemblyInformationalVersion("1.12.0.0")]
+[assembly: AssemblyVersion("1.12.1.0")]
+[assembly: AssemblyFileVersion("1.12.1.0")] 
+[assembly: AssemblyInformationalVersion("1.12.1.0")]
 
 
 // Setting ComVisible to false makes the types in this assembly not visible