// Tries to ensure that the client certificate is installed into
// the certificate store. It obtains the client certificate from the service
// utility endpoint and either installs it or verifies that a matching
// one is already installed. A 'true' return indicates there is a client
// certificate in the store and available via 'ClientCertificate'.
public static bool TryEnsureLocalClientCertificateInstalled()
{
lock (s_certLock)
{
if (!s_clientCertAvailabilityChecked)
{
X509Certificate2 clientCertificate = null;
string thumbprint = null;
// To be valid, the client certificate also requires the root certificate
// to be installed. But even if the root certificate installation fails,
// it is still possible to verify or install the client certificate for
// scenarios that don't require chain validation.
TryEnsureRootCertificateInstalled();
try
{
// Once only, we interrogate the service utility endpoint
// for the client certificate and install it locally if it
// is not already in the store.
clientCertificate = InstallClientCertificateFromServer();
}
catch (Exception ex)
{
// Failure currently only shows as a diagnostic and does not propagate the exception
System.Console.WriteLine(String.Format("Attempt to install client certificate failed:{0}{1}",
Environment.NewLine, ex.ToString()));
}
// If we had a certificate from the service endpoint, verify it was installed
// by retrieving it from the store by thumbprint.
if (clientCertificate != null)
{
thumbprint = clientCertificate.Thumbprint;
clientCertificate = CertificateManager.ClientCertificateFromThumprint(thumbprint);
}
if (clientCertificate != null)
{
System.Console.WriteLine(String.Format("Using client certificate:{0}{1}",
Environment.NewLine, clientCertificate));
}
else
{
System.Console.WriteLine(
String.Format("Failed to find a client certificate matching thumbprint '{0}'", thumbprint));
}
ClientCertificate = clientCertificate;
s_clientCertAvailabilityChecked = true;
}
}
return(ClientCertificate != null);
}
// Tries to ensure that the client certificate is installed into
// the local store. It obtains the client certificate from the service
// utility endpoint and either installs it or verifies that a matching
// one is already installed. InvalidOperationException will be thrown
// if an error occurred attempting to install the certificate. This
// method may be called multiple times but will attempt the installation
// once only.
public static void EnsureClientCertificateInstalled()
{
if (!s_clientCertAvailabilityChecked)
{
lock (s_certLock)
{
if (!s_clientCertAvailabilityChecked)
{
X509Certificate2 clientCertificate = null;
string thumbprint = null;
// To be valid, the client certificate also requires the root certificate
// to be installed. But even if the root certificate installation fails,
// it is still possible to verify or install the client certificate for
// scenarios that don't require chain validation.
try
{
EnsureRootCertificateInstalled();
}
catch
{
// Exceptions installing the root certificate are captured and
// will be reported if it is requested. But allow the attempt
// to install the client certificate to succeed or fail independently.
}
try
{
// Once only, we interrogate the service utility endpoint
// for the client certificate and install it locally if it
// is not already in the store.
clientCertificate = InstallClientCertificateFromServer();
// If we had a certificate from the service endpoint, verify it was installed
// by retrieving it from the store by thumbprint.
if (clientCertificate != null)
{
thumbprint = clientCertificate.Thumbprint;
clientCertificate = CertificateManager.ClientCertificateFromThumprint(thumbprint, validOnly: false);
if (clientCertificate != null)
{
System.Console.WriteLine(String.Format("Using client certificate:{0}{1}",
Environment.NewLine, clientCertificate));
}
else
{
s_clientCertInstallErrorMessage =
String.Format("Failed to find a client certificate matching thumbprint '{0}'", thumbprint);
}
}
}
catch (Exception ex)
{
s_clientCertInstallErrorMessage = ex.ToString();
}
s_clientCertificate = clientCertificate;
s_clientCertAvailabilityChecked = true;
}
}
}
// If the installation failed, throw an exception everytime
// this method is called.
ThrowIfClientCertificateInstallationError();
}
