// Tries to ensure that the client certificate is installed into // the certificate store. It obtains the client certificate from the service // utility endpoint and either installs it or verifies that a matching // one is already installed. A 'true' return indicates there is a client // certificate in the store and available via 'ClientCertificate'. public static bool TryEnsureLocalClientCertificateInstalled() { lock (s_certLock) { if (!s_clientCertAvailabilityChecked) { X509Certificate2 clientCertificate = null; string thumbprint = null; // To be valid, the client certificate also requires the root certificate // to be installed. But even if the root certificate installation fails, // it is still possible to verify or install the client certificate for // scenarios that don't require chain validation. TryEnsureRootCertificateInstalled(); try { // Once only, we interrogate the service utility endpoint // for the client certificate and install it locally if it // is not already in the store. clientCertificate = InstallClientCertificateFromServer(); } catch (Exception ex) { // Failure currently only shows as a diagnostic and does not propagate the exception System.Console.WriteLine(String.Format("Attempt to install client certificate failed:{0}{1}", Environment.NewLine, ex.ToString())); } // If we had a certificate from the service endpoint, verify it was installed // by retrieving it from the store by thumbprint. if (clientCertificate != null) { thumbprint = clientCertificate.Thumbprint; clientCertificate = CertificateManager.ClientCertificateFromThumprint(thumbprint); } if (clientCertificate != null) { System.Console.WriteLine(String.Format("Using client certificate:{0}{1}", Environment.NewLine, clientCertificate)); } else { System.Console.WriteLine( String.Format("Failed to find a client certificate matching thumbprint '{0}'", thumbprint)); } ClientCertificate = clientCertificate; s_clientCertAvailabilityChecked = true; } } return(ClientCertificate != null); }
// Tries to ensure that the client certificate is installed into // the local store. It obtains the client certificate from the service // utility endpoint and either installs it or verifies that a matching // one is already installed. InvalidOperationException will be thrown // if an error occurred attempting to install the certificate. This // method may be called multiple times but will attempt the installation // once only. public static void EnsureClientCertificateInstalled() { if (!s_clientCertAvailabilityChecked) { lock (s_certLock) { if (!s_clientCertAvailabilityChecked) { X509Certificate2 clientCertificate = null; string thumbprint = null; // To be valid, the client certificate also requires the root certificate // to be installed. But even if the root certificate installation fails, // it is still possible to verify or install the client certificate for // scenarios that don't require chain validation. try { EnsureRootCertificateInstalled(); } catch { // Exceptions installing the root certificate are captured and // will be reported if it is requested. But allow the attempt // to install the client certificate to succeed or fail independently. } try { // Once only, we interrogate the service utility endpoint // for the client certificate and install it locally if it // is not already in the store. clientCertificate = InstallClientCertificateFromServer(); // If we had a certificate from the service endpoint, verify it was installed // by retrieving it from the store by thumbprint. if (clientCertificate != null) { thumbprint = clientCertificate.Thumbprint; clientCertificate = CertificateManager.ClientCertificateFromThumprint(thumbprint, validOnly: false); if (clientCertificate != null) { System.Console.WriteLine(String.Format("Using client certificate:{0}{1}", Environment.NewLine, clientCertificate)); } else { s_clientCertInstallErrorMessage = String.Format("Failed to find a client certificate matching thumbprint '{0}'", thumbprint); } } } catch (Exception ex) { s_clientCertInstallErrorMessage = ex.ToString(); } s_clientCertificate = clientCertificate; s_clientCertAvailabilityChecked = true; } } } // If the installation failed, throw an exception everytime // this method is called. ThrowIfClientCertificateInstallationError(); }