internal static X509Store EnsureStoreOpened(bool isMachineStore)
{
X509Store store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
// TODO #3862 Investigate if this can be switched to either the static or Lazy<T> patterns.
if (store == null)
{
lock (s_syncObject)
{
store = isMachineStore ? s_myMachineCertStoreEx : s_myCertStoreEx;
if (store == null)
{
// NOTE: that if this call fails we won't keep track and the next time we enter we will try to open the store again.
StoreLocation storeLocation = isMachineStore ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
store = new X509Store(StoreName.My, storeLocation);
try
{
// For app-compat We want to ensure the store is opened under the **process** account.
try
{
WindowsIdentity.RunImpersonated(SafeAccessTokenHandle.InvalidHandle, () =>
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
if (NetEventSource.IsEnabled) NetEventSource.Info(null, $"storeLocation {storeLocation} returned store: {store}");
});
}
catch
{
throw;
}
if (isMachineStore)
{
s_myMachineCertStoreEx = store;
}
else
{
s_myCertStoreEx = store;
}
return store;
}
catch (Exception exception)
{
if (exception is CryptographicException || exception is SecurityException)
{
NetEventSource.Fail(null, $"Failed to open cert store, location: {storeLocation} exception: {exception}");
return null;
}
if (NetEventSource.IsEnabled) NetEventSource.Error(null, SR.Format(SR.net_log_open_store_failed, storeLocation, exception));
throw;
}
}
}
}
return store;
}