search

mono / mono

Mono open source ECMA CLI, C# and .NET implementation.
https://www.mono-project.com
Other
11.16k stars 3.83k forks source link

X509Store Add sometimes silently fails #20407

Open borrrden opened 4 years ago

borrrden commented 4 years ago

Steps to Reproduce

Apologies for these steps, there are no consistent reproduction steps

  1. Rapidly open and close X509Store instances pointing to the same location (for my purposes, My) and do some adding, removing, and fetching
  2. Observe the bad behavior after a short while

Current Behavior

Once in a while, store.Add and store.AddRange simply do nothing silently. I can examine the filesystem and see that the certificates are in fact not persisted. Catching this error condition and calling the Add function again results in the same behavior thereafter for the certificate in question.

Expected Behavior

The certificate should be added successfully. The workaround I am doing right now is catching this error condition, and using the copy and pasted source code from mono perform the same set of operations to save the certificate to the expected location, but this is flimsy because getting the path of the store is not possible.

On which platforms did you notice this

[ X] Xamarin iOS

Version Used:

165f4b0 (via xamarin-ios/d16-6/29c4ea731)

steveisok commented 4 years ago

@borrrden Can you provide any kind of exception details you may be getting?

borrrden commented 4 years ago

As far as I can tell there are none. I set up an exception breakpoint to log every exception thrown and I don't see any that I didn't already know about. The test I have involves manages both keys and certificates, but stripping it down to just the cert part that is failing the way I noticed this is that my code does the following when it wants to add a new "identity" as well call it:

  1. Creates a label for retrieval later
  2. Since I can't find a way to add a certificate by label to the store, I map it via thumbprint into a separate persisted JSON file that says "this label owns these one or more thumbprints"
  3. Save the cert(s) into the store (in this case just one)
  4. Try to get it later, the label is found in the map and the thumbprint is searched for but the store says (rightfully) that it does not exist.

It's also not a simple matter of running one test, it has to be the entire suite of 30 tests and about half the time it will fail like this on one of them. Most of these tests are generating certificates dynamically for tests use, so the likelihood that one test is accidentally deleting another test's certificate is low. Furthermore, I decided to monitor the certificate directory before and immediately after the call to store.Add and I noticed no change, despite the code in X509Store indicating that it should be writing to that directory immediately. Is there any kind of debug tracing I can enable to see what is going on a bit better?