private static X509Store EnsureStoreOpened(ref X509Store storeField, StoreLocation storeLocation)
{
X509Store store = Volatile.Read(ref storeField);
if (store == null)
{
lock (s_lockObject)
{
store = Volatile.Read(ref storeField);
if (store == null)
{
try
{
store = new X509Store(StoreName.My, storeLocation);
store.Open(OpenFlags.ReadOnly);
Volatile.Write(ref storeField, store);
if (GlobalLog.IsEnabled)
{
GlobalLog.Print(
"CertModule::EnsureStoreOpened() storeLocation:" + storeLocation +
" returned store:" + store.GetHashCode().ToString("x"));
}
}
catch (CryptographicException e)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert(
"CertModule::EnsureStoreOpened()",
"Failed to open cert store, location:" + storeLocation + " exception:" + e);
}
Debug.Fail(
"CertModule::EnsureStoreOpened()",
"Failed to open cert store, location:" + storeLocation + " exception:" + e);
throw;
}
}
}
}
return(store);
}
//
// Security: We temporarily reset thread token to open the cert store under process account.
//
internal static X509Store EnsureStoreOpened(bool isMachineStore)
{
X509Store store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
// TODO #3862 Investigate if this can be switched to either the static or Lazy<T> patterns.
if (Volatile.Read(ref store) == null)
{
lock (s_syncObject)
{
store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
if (Volatile.Read(ref store) == null)
{
// NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again.
StoreLocation storeLocation = isMachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
store = new X509Store(StoreName.My, storeLocation);
try
{
// For app-compat We want to ensure the store is opened under the **process** account.
try
{
WindowsIdentity.RunImpersonated(SafeAccessTokenHandle.InvalidHandle, () =>
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
if (GlobalLog.IsEnabled)
{
GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x"));
}
});
}
catch
{
throw;
}
if (isMachineStore)
{
s_myMachineCertStoreEx = store;
}
else
{
s_myCertStoreEx = store;
}
return(store);
}
catch (Exception exception)
{
if (exception is CryptographicException || exception is SecurityException)
{
if (GlobalLog.IsEnabled)
{
GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
}
Debug.Fail("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
return(null);
}
if (NetEventSource.Log.IsEnabled())
{
NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_open_store_failed, storeLocation, exception));
}
throw;
}
}
}
}
return(store);
}
//
// Security: We temporarily reset thread token to open the cert store under process account.
//
internal override X509Store EnsureStoreOpened(bool isMachineStore)
{
X509Store store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
if (store == null)
{
lock (s_syncObject)
{
store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
if (store == null)
{
// NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again.
StoreLocation storeLocation = isMachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
store = new X509Store(StoreName.My, storeLocation);
try
{
// For app-compat We want to ensure the store is opened under the **process** account.
try
{
WindowsIdentity.RunImpersonated(SafeAccessTokenHandle.InvalidHandle, () =>
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x"));
});
}
catch
{
throw;
}
if (isMachineStore)
{
s_myMachineCertStoreEx = store;
}
else
{
s_myCertStoreEx = store;
}
return(store);
}
catch (Exception exception)
{
if (exception is CryptographicException || exception is SecurityException)
{
GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception);
return(null);
}
if (Logging.On)
{
Logging.PrintError(Logging.Web, SR.Format(SR.net_log_open_store_failed, storeLocation, exception));
}
throw;
}
}
}
}
return(store);
}
