internal static X509Store EnsureStoreOpened(bool isMachineStore) { X509Store store = isMachineStore? s_MyMachineCertStoreEx: s_MyCertStoreEx; if (store == null) { lock (s_SyncObject) { store = isMachineStore? s_MyMachineCertStoreEx: s_MyCertStoreEx; if (store==null) { // NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again StoreLocation storeLocation = isMachineStore? StoreLocation.LocalMachine: StoreLocation.CurrentUser; store = new X509Store(StoreName.My, storeLocation); try { // // For v 1.1 compat We want to ensure the store is opened under the **process** acount. // try { #if FEATURE_MONO_CAS using (WindowsIdentity.Impersonate(IntPtr.Zero)) #endif { store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x")); } } catch { throw; } if (isMachineStore) s_MyMachineCertStoreEx = store; else s_MyCertStoreEx = store; return store; } catch (Exception exception) { if (exception is CryptographicException || exception is SecurityException) { GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception); return null; } if (Logging.On) Logging.PrintError(Logging.Web, SR.GetString(SR.net_log_open_store_failed, storeLocation, exception)); throw; } } } } return store; }
// // Security: We temporarily reset thread token to open the cert store under process account. // internal static X509Store EnsureStoreOpened(bool isMachineStore) { X509Store store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx; // TODO #3862 Investigate if this can be switched to either the static or Lazy<T> patterns. if (store == null) { lock (s_syncObject) { store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx; if (store == null) { // NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again. StoreLocation storeLocation = isMachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser; store = new X509Store(StoreName.My, storeLocation); try { // For app-compat We want to ensure the store is opened under the **process** account. try { WindowsIdentity.RunImpersonated(SafeAccessTokenHandle.InvalidHandle, () => { store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); if (GlobalLog.IsEnabled) { GlobalLog.Print("SecureChannel::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x")); } }); } catch { throw; } if (isMachineStore) { s_myMachineCertStoreEx = store; } else { s_myCertStoreEx = store; } return store; } catch (Exception exception) { if (exception is CryptographicException || exception is SecurityException) { if (GlobalLog.IsEnabled) { GlobalLog.Assert("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception); } Debug.Fail("SecureChannel::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + exception); return null; } if (NetEventSource.Log.IsEnabled()) { NetEventSource.PrintError(NetEventSource.ComponentType.Security, SR.Format(SR.net_log_open_store_failed, storeLocation, exception)); } throw; } } } } return store; }
private static X509Store EnsureStoreOpened(ref X509Store storeField, StoreLocation storeLocation) { X509Store store = Volatile.Read(ref storeField); if (store == null) { lock (s_lockObject) { store = Volatile.Read(ref storeField); if (store == null) { try { store = new X509Store(StoreName.My, storeLocation); store.Open(OpenFlags.ReadOnly); Volatile.Write(ref storeField, store); if (GlobalLog.IsEnabled) { GlobalLog.Print( "CertModule::EnsureStoreOpened() storeLocation:" + storeLocation + " returned store:" + store.GetHashCode().ToString("x")); } } catch (CryptographicException e) { if (GlobalLog.IsEnabled) { GlobalLog.Assert( "CertModule::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + e); } Debug.Fail( "CertModule::EnsureStoreOpened()", "Failed to open cert store, location:" + storeLocation + " exception:" + e); throw; } } } } return store; }