Add logic to log warning attempting to remove a non-Trust cert

efiocca · spbsoluble · commit 8ca5f19c0bca · 2025-07-31T09:48:54.000-07:00
diff --git a/AxisIPCamera/Client/AxisHttpClient.cs b/AxisIPCamera/Client/AxisHttpClient.cs
@@ -543,7 +543,7 @@ public void AddCACertificate(string alias, string pemCert)
         /// Removes a CA certificate from the device.
         /// </summary>
         /// <param name="alias">Unique identifier of the CA certificate to be removed</param>
-        public void RemoveCertificate(string alias)
+        public void RemoveCACertificate(string alias)
         {
             try
             {
diff --git a/AxisIPCamera/Management.cs b/AxisIPCamera/Management.cs
@@ -158,17 +158,34 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                         // Retrieve management config from Command
                         _logger.LogDebug($"Management Config {JsonConvert.SerializeObject(config)}");
                         _logger.LogDebug($"Client Machine: {config.CertificateStoreDetails.ClientMachine}");
+                        
+                        // Get needed information from config
+                        string alias = config.JobCertificate.Alias;
+                        string certBase64Der = config.JobCertificate.Contents;
 
+                        // Prevent removal of client certs; Client certs may be removed as part of a future update
+                        if (IsCACertificate(certBase64Der))
+                        {
+                            _logger.LogInformation("Certificate is a CA trust cert. Proceeding with Remove operation...");
+                        }
+                        else
+                        {
+                            _logger.LogWarning("Certificate is an end-entity cert. Unable to remove this certificate type from a device.");
+                            return new JobResult()
+                            {
+                                Result = OrchestratorJobStatusJobResult.Warning, 
+                                JobHistoryId = config.JobHistoryId,
+                                FailureMessage = $"UNSUPPORTED OPERATION --- This certificate is an end-entity cert. Unable to remove end-entity certificates from a device."
+                            };
+                        }
+                        
                         // Create client to connect to device
                         _logger.LogTrace("Creating Api Rest Client...");
                         var client = new AxisHttpClient(config, config.CertificateStoreDetails);
                         _logger.LogTrace("Api Rest Client Created...");
 
-                        // Get needed information from config
-                        string alias = config.JobCertificate.Alias;
-
                         // Remove certificate with alias from the device
-                        client.RemoveCertificate(alias);
+                        client.RemoveCACertificate(alias);
 
                         break;
                     }

Original file line number	Diff line number	Diff line change
`@@ -543,7 +543,7 @@ public void AddCACertificate(string alias, string pemCert)`
`543`	`543`	`/// Removes a CA certificate from the device.`
`544`	`544`	`/// </summary>`
`545`	`545`	`/// <param name="alias">Unique identifier of the CA certificate to be removed</param>`
`546`		`- public void RemoveCertificate(string alias)`
	`546`	`+ public void RemoveCACertificate(string alias)`
`547`	`547`	`{`
`548`	`548`	`try`
`549`	`549`	`{`