fix: validate certificate for private key presence in DebugWebsocketSink

Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
Neil Dorin 2026-05-11 09:55:27 -06:00
parent a9dd57fdaf
commit b318e7f365

View file

@ -262,7 +262,13 @@ namespace PepperDash.Core
using (var ms = new MemoryStream())
{
store.Save(ms, passwordChars, new SecureRandom());
return new X509Certificate2(ms.ToArray(), certPassword);
var cert = new X509Certificate2(ms.ToArray(), certPassword);
if (!cert.HasPrivateKey)
throw new InvalidOperationException(
string.Format("Certificate loaded from '{0}' does not contain a private key and cannot be used as a server certificate.", certPath));
return cert;
}
}
}