Example #1
0
        internal static X509Store EnsureStoreOpened(bool isMachineStore)
        {
            X509Store store = isMachineStore? s_MyMachineCertStoreEx: s_MyCertStoreEx;
            if (store == null) {
                lock (s_SyncObject) {
                    store = isMachineStore? s_MyMachineCertStoreEx: s_MyCertStoreEx;
                    if (store==null) {
                        // NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again
                        StoreLocation storeLocation = isMachineStore? StoreLocation.LocalMachine: StoreLocation.CurrentUser;
                        store = new X509Store(StoreName.My, storeLocation);
                        try {
                            //
                            // For v 1.1 compat We want to ensure the store is opened under the **process** acount.
                            //
                            try {
#if FEATURE_MONO_CAS
                                using (WindowsIdentity.Impersonate(IntPtr.Zero))
#endif
                                {
                                    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                                    GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x"));
                                }
                            } catch {
                                throw;
                            }

                            if (isMachineStore)
                                s_MyMachineCertStoreEx = store;
                            else
                                s_MyCertStoreEx = store;

                            return store;
                        }
                        catch (Exception exception) {
                            if (exception is CryptographicException || exception is SecurityException) {
                                GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
                                return null;
                            }
                            if (Logging.On) Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_open_store_failed, storeLocation, exception));
                            throw;
                        }
                    }
                }
            }
            return store;
        }
        //
        // Security: We temporarily reset thread token to open the cert store under process account.
        //
        internal static X509Store EnsureStoreOpened(bool isMachineStore)
        {
            X509Store store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;

            // TODO #3862 Investigate if this can be switched to either the static or Lazy<T> patterns.
            if (store == null)
            {
                lock (s_syncObject)
                {
                    store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
                    if (store == null)
                    {
                        // NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again.
                        StoreLocation storeLocation = isMachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
                        store = new X509Store(StoreName.My, storeLocation);
                        try
                        {
                            // For app-compat We want to ensure the store is opened under the **process** account.
                            try
                            {
                                WindowsIdentity.RunImpersonated(SafeAccessTokenHandle.InvalidHandle, () =>
                                {
                                    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                                    if (GlobalLog.IsEnabled)
                                    {
                                        GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x"));
                                    }
                                });
                            }
                            catch
                            {
                                throw;
                            }

                            if (isMachineStore)
                            {
                                s_myMachineCertStoreEx = store;
                            }
                            else
                            {
                                s_myCertStoreEx = store;
                            }

                            return store;
                        }
                        catch (Exception exception)
                        {
                            if (exception is CryptographicException || exception is SecurityException)
                            {
                                if (GlobalLog.IsEnabled)
                                {
                                    GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
                                }

                                Debug.Fail("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
                                return null;
                            }

                            if (NetEventSource.Log.IsEnabled())
                            {
                                NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_open_store_failed, storeLocation, exception));
                            }

                            throw;
                        }
                    }
                }
            }

            return store;
        }
        private static X509Store EnsureStoreOpened(ref X509Store storeField, StoreLocation storeLocation)
        {
            X509Store store = Volatile.Read(ref storeField);

            if (store == null)
            {
                lock (s_lockObject)
                {
                    store = Volatile.Read(ref storeField);

                    if (store == null)
                    {
                        try
                        {
                            store = new X509Store(StoreName.My, storeLocation);
                            store.Open(OpenFlags.ReadOnly);

                            Volatile.Write(ref storeField, store);

                            if (GlobalLog.IsEnabled)
                            {
                                GlobalLog.Print(
                                    "CertModule::EnsureStoreOpened() storeLocation:" + storeLocation +
                                        " returned store:" + store.GetHashCode().ToString("x"));
                            }
                        }
                        catch (CryptographicException e)
                        {
                            if (GlobalLog.IsEnabled)
                            {
                                GlobalLog.Assert(
                                    "CertModule::EnsureStoreOpened()",
                                    "Failed to open cert store, location:" + storeLocation + " exception:" + e);
                            }
                            Debug.Fail(
                                "CertModule::EnsureStoreOpened()",
                                "Failed to open cert store, location:" + storeLocation + " exception:" + e);
                            throw;
                        }
                    }
                }
            }

            return store;
        }