Fix net462 build (#2949)

Author: mrsuciu

Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/CertificateBuilder.cs

@@ -155,6 +155,7 @@ public static byte[] CreatePfxWithRSAPrivateKey(
             }
         }
 
+#if NET472_OR_GREATER
         /// <summary>
         /// Create a Pfx with a private key by combining 
         /// an existing X509Certificate2 and a RSA private key.
@@ -175,6 +176,7 @@ public static byte[] CreatePfxWithECdsaPrivateKey(
                     new SecureRandom(cfrg));
             }
         }
+#endif
 
         /// <summary>
         /// Creates a certificate signing request from an

Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/PEMReader.cs

@@ -125,14 +125,16 @@ private static AsymmetricAlgorithm ImportPrivateKey(
                             key = rsa;
                             break;
                         }
+#if NET472_OR_GREATER
                         // Check for an EC private key
                         if (pemObject is ECPrivateKeyParameters ecParams)
                         {
                             var ecdsa = CreateECDsaFromECPrivateKey(ecParams);
                             key = ecdsa;
                             break;
                         }
-                       
+#endif
+
                         // read next object
                         pemObject = pemReader.ReadObject();
                     }
@@ -149,6 +151,7 @@ private static AsymmetricAlgorithm ImportPrivateKey(
             }
         }
 
+#if NET472_OR_GREATER
         private static ECDsa CreateECDsaFromECPrivateKey(ECPrivateKeyParameters eCPrivateKeyParameters)
         {
             var domainParams = eCPrivateKeyParameters.Parameters;
@@ -185,6 +188,7 @@ private static ECDsa CreateECDsaFromECPrivateKey(ECPrivateKeyParameters eCPrivat
 
             return ecdsa;
         }
+#endif
 
         /// <summary>
         /// Pads a byte array with leading zeros to reach the specifieed size
@@ -214,7 +218,7 @@ private static byte[] PadWithLeadingZeros(byte[] arrayToPad,  int desiredSize)
             return paddedArray;
 
         }
-        #endregion
+#endregion
 
         #region Internal class
         /// <summary>

Libraries/Opc.Ua.Security.Certificates/Org.BouncyCastle/X509Utils.cs

@@ -145,23 +145,6 @@ internal static RsaPrivateCrtKeyParameters GetRsaPrivateKeyParameter(X509Certifi
             return null;
         }
 
-        /// <summary>
-        /// Get ECDsa private key parameters from a X509Certificate2.
-        /// The private key must be exportable.
-        /// </summary>
-        internal static ECPrivateKeyParameters GetECDsaPrivateKeyParameter(X509Certificate2 certificate)
-        {
-            // try to get signing/private key from certificate passed in
-            using (ECDsa ecdsa = certificate.GetECDsaPrivateKey())
-            {
-                if (ecdsa != null)
-                {
-                    return GetECDsaPrivateKeyParameter(ecdsa);
-                }
-            }
-            return null;
-        }
-
         /// <summary>
         /// Get private key parameters from a RSA private key.
         /// The private key must be exportable.
@@ -180,6 +163,24 @@ internal static RsaPrivateCrtKeyParameters GetRsaPrivateKeyParameter(RSA rsa)
                 new BigInteger(1, rsaParams.InverseQ));
         }
 
+#if NET472_OR_GREATER
+        /// <summary>
+        /// Get ECDsa private key parameters from a X509Certificate2.
+        /// The private key must be exportable.
+        /// </summary>
+        internal static ECPrivateKeyParameters GetECDsaPrivateKeyParameter(X509Certificate2 certificate)
+        {
+            // try to get signing/private key from certificate passed in
+            using (ECDsa ecdsa = certificate.GetECDsaPrivateKey())
+            {
+                if (ecdsa != null)
+                {
+                    return GetECDsaPrivateKeyParameter(ecdsa);
+                }
+            }
+            return null;
+        }
+
         /// <summary>
         /// Get BouncyCastle format private key parameters from a System.Security.Cryptography.ECDsa.
         /// The private key must be exportable.
@@ -296,8 +297,6 @@ internal static X9ECParameters GetX9ECParameters(ECParameters ecParams)
             return null;
         }
 
-
-
         /// <summary>
         /// Get BouncyCastle format public key parameters from a System.Security.Cryptography.ECDsa
         /// </summary>
@@ -318,6 +317,7 @@ internal static ECPublicKeyParameters GetECPublicKeyParameters(ECDsa ec)
             return new ECPublicKeyParameters(q, domainParameters);
 
         }
+#endif
 
         /// <summary>
         /// Get the serial number from a certificate as BigInteger.
@@ -370,7 +370,7 @@ internal static RSA SetRSAPublicKey(byte[] publicKey)
             rsaPublicKey.ImportParameters(parameters);
             return rsaPublicKey;
         }
-        #endregion
+#endregion
     }
 }
 #endif

Libraries/Opc.Ua.Security.Certificates/X509Certificate/CertificateBuilderBase.cs

@@ -282,6 +282,7 @@ public virtual ICertificateBuilderIssuer SetIssuer(X509Certificate2 issuerCertif
         }
         #endregion
 
+#if ECC_SUPPORT
         #region Private methods
         /// <summary>
         /// Set the hash algorithm depending on the curve size
@@ -301,6 +302,7 @@ private void SetHashAlgorithmSize(ECCurve curve)
             }
         }
         #endregion
+#endif
 
         #region Protected Methods
         /// <summary>
@@ -386,7 +388,7 @@ protected virtual void NewSerialNumber()
         /// </summary>
         private protected ECCurve? m_curve;
 #endif
-        #endregion
+#endregion
 
         #region Private Fields
         private X509Certificate2 m_issuerCAKeyCert;

Stack/Opc.Ua.Core/Security/Certificates/CertificateFactory.cs

@@ -491,6 +491,7 @@ public static X509Certificate2 CreateCertificateWithPEMPrivateKey(
             byte[] pemDataBlob,
             string password = null)
         {
+#if ECC_SUPPORT
             if (X509Utils.IsECDsaSignature(certificate))
             {
                 using (ECDsa privateKey = PEMReader.ImportECDsaPrivateKeyFromPEM(pemDataBlob, password))
@@ -507,6 +508,7 @@ public static X509Certificate2 CreateCertificateWithPEMPrivateKey(
                 }
             }
             else
+#endif
             {
                 using (RSA privateKey = PEMReader.ImportRsaPrivateKeyFromPEM(pemDataBlob, password))
                 {
@@ -523,26 +525,26 @@ public static X509Certificate2 CreateCertificateWithPEMPrivateKey(
             }
         }
 #endif
-        #endregion
-
-        #region Internal Methods
-        /// <summary>
-        /// Creates a self-signed, signed or CA certificate.
-        /// </summary>
-        /// <param name="applicationUri">The application uri (created if not specified).</param>
-        /// <param name="applicationName">Name of the application (optional if subjectName is specified).</param>
-        /// <param name="subjectName">The subject used to create the certificate (optional if applicationName is specified).</param>
-        /// <param name="domainNames">The domain names that can be used to access the server machine (defaults to local computer name if not specified).</param>
-        /// <param name="keySize">Size of the key (1024, 2048 or 4096).</param>
-        /// <param name="startTime">The start time.</param>
-        /// <param name="lifetimeInMonths">The lifetime of the key in months.</param>
-        /// <param name="hashSizeInBits">The hash size in bits.</param>
-        /// <param name="isCA">if set to <c>true</c> then a CA certificate is created.</param>
-        /// <param name="issuerCAKeyCert">The CA cert with the CA private key.</param>
-        /// <param name="publicKey">The public key if no new keypair is created.</param>
-        /// <param name="pathLengthConstraint">The path length constraint for CA certs.</param>
-        /// <returns>The certificate with a private key.</returns>
-        [Obsolete("Use the new CreateCertificate methods with CertificateBuilder.")]
+#endregion
+
+            #region Internal Methods
+            /// <summary>
+            /// Creates a self-signed, signed or CA certificate.
+            /// </summary>
+            /// <param name="applicationUri">The application uri (created if not specified).</param>
+            /// <param name="applicationName">Name of the application (optional if subjectName is specified).</param>
+            /// <param name="subjectName">The subject used to create the certificate (optional if applicationName is specified).</param>
+            /// <param name="domainNames">The domain names that can be used to access the server machine (defaults to local computer name if not specified).</param>
+            /// <param name="keySize">Size of the key (1024, 2048 or 4096).</param>
+            /// <param name="startTime">The start time.</param>
+            /// <param name="lifetimeInMonths">The lifetime of the key in months.</param>
+            /// <param name="hashSizeInBits">The hash size in bits.</param>
+            /// <param name="isCA">if set to <c>true</c> then a CA certificate is created.</param>
+            /// <param name="issuerCAKeyCert">The CA cert with the CA private key.</param>
+            /// <param name="publicKey">The public key if no new keypair is created.</param>
+            /// <param name="pathLengthConstraint">The path length constraint for CA certs.</param>
+            /// <returns>The certificate with a private key.</returns>
+            [Obsolete("Use the new CreateCertificate methods with CertificateBuilder.")]
         internal static X509Certificate2 CreateCertificate(
         string applicationUri,
         string applicationName,

Tests/Opc.Ua.Core.Tests/Security/Certificates/CertificateValidatorTest.cs

@@ -57,8 +57,10 @@ namespace Opc.Ua.Core.Tests.Security.Certificates
     public class CertificateValidatorTest
     {
         #region DataPoints
+#if ECC_SUPPORT
         [DatapointSource]
         public static readonly ECCurveHashPair[] ECCurveHashPairs = CertificateTestsForECDsa.GetECCurveHashPairs();
+#endif
         #endregion
 
         #region Test Setup
@@ -1274,6 +1276,7 @@ public async Task TestMinimumKeyRejected(bool trusted)
             certValidator.CertificateValidation -= approver.OnCertificateValidation;
         }
 
+#if ECC_SUPPORT
         /// <summary>
         /// Test that Hash sizes lower than public key sizes of certificates are not valid
         /// </summary>
@@ -1303,6 +1306,7 @@ ECCurveHashPair ecCurveHashPair
                 Assert.Null(innerResult);
             }
         }
+#endif
 
         /// <summary>
         /// Test auto accept.
@@ -1707,7 +1711,7 @@ public async Task VerifyMissingCRLNoTrust(bool rejectUnknownRevocationStatus)
         }
         #endregion missing revocation list when revocation is enforced
 
-        #endregion Test Methods
+#endregion Test Methods
 
         #region Private Methods
         private void OnCertificateUpdate(object sender, CertificateUpdateEventArgs e)

Tests/Opc.Ua.Security.Certificates.Tests/CRLTests.cs

@@ -91,13 +91,15 @@ protected void OneTimeSetUp()
                     .SetCAConstraint()
                     .CreateForRSA();
             }
+#if ECC_SUPPORT
             else if (m_certifiateType == nameof(Opc.Ua.ObjectTypeIds.EccNistP256ApplicationCertificateType))
             {
                 m_issuerCert = CertificateBuilder.Create("CN=Root CA, O=OPC Foundation")
                     .SetCAConstraint()
                     .SetECCurve(ECCurve.NamedCurves.nistP256)
                     .CreateForECDsa();
             }
+#endif
             else
             {
                 throw new NotImplementedException();
@@ -111,7 +113,7 @@ protected void OneTimeSetUp()
         protected void OneTimeTearDown()
         {
         }
-        #endregion
+#endregion
 
         #region Test Methods
         /// <summary>
@@ -179,12 +181,14 @@ public void CrlBuilderTest(bool empty, bool noExtensions, KeyHashPair keyHashPai
                 crlBuilder.CrlExtensions.Add(X509Extensions.BuildAuthorityKeyIdentifier(m_issuerCert));
             }
             IX509CRL i509Crl;
+#if ECC_SUPPORT
             if (X509PfxUtils.IsECDsaSignature(m_issuerCert))
             {
 
                 i509Crl = crlBuilder.CreateForECDsa(m_issuerCert);
             }
             else
+#endif
             {
                 i509Crl = crlBuilder.CreateForRSA(m_issuerCert);
             }
@@ -245,6 +249,7 @@ public void CrlBuilderTestWithSignatureGenerator(KeyHashPair keyHashPair)
             crlBuilder.CrlExtensions.Add(X509Extensions.BuildAuthorityKeyIdentifier(m_issuerCert));
 
             IX509CRL ix509Crl;
+#if ECC_SUPPORT
             if (X509PfxUtils.IsECDsaSignature(m_issuerCert))
             {
                 using (ECDsa ecdsa = m_issuerCert.GetECDsaPrivateKey())
@@ -254,6 +259,7 @@ public void CrlBuilderTestWithSignatureGenerator(KeyHashPair keyHashPair)
                 }
             }
             else
+#endif
             {
                 using (RSA rsa = m_issuerCert.GetRSAPrivateKey())
                 {
@@ -322,7 +328,7 @@ public void CrlUtcAndGeneralizedTimeTest()
             Assert.NotNull(crlEncoded);
             ValidateCRL(serial, serstring, hash, crlBuilder, crlEncoded);
         }
-        #endregion
+#endregion
 
         #region Private Methods
         private string WriteCRL(X509CRL x509Crl)