dotnet · aik-jahoda · Dec 17, 2020 · May 22, 2020 · May 22, 2020 · May 22, 2020
diff --git a/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs b/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs
@@ -319,51 +319,6 @@ public static unsafe int AcquireCredentialsHandle(
 
     }
 
-    //
-    // This is a class holding a Credential handle reference, used for static handles cache
-    //
-#if DEBUG
-    internal sealed class SafeCredentialReference : DebugCriticalHandleMinusOneIsInvalid
-    {
-#else
-    internal sealed class SafeCredentialReference : CriticalHandleMinusOneIsInvalid
-    {
-#endif
-
-        //
-        // Static cache will return the target handle if found the reference in the table.
-        //
-        internal SafeFreeCredentials Target;
-
-        internal static SafeCredentialReference? CreateReference(SafeFreeCredentials target)
-        {
-            SafeCredentialReference result = new SafeCredentialReference(target);
-            if (result.IsInvalid)
-            {
-                return null;
-            }
-
-            return result;
-        }
-        private SafeCredentialReference(SafeFreeCredentials target) : base()
-        {
-            // Bumps up the refcount on Target to signify that target handle is statically cached so
-            // its dispose should be postponed
-            bool ignore = false;
-            target.DangerousAddRef(ref ignore);
-            Target = target;
-            SetHandle(new IntPtr(0));   // make this handle valid
-        }
-
-        protected override bool ReleaseHandle()
-        {
-            SafeFreeCredentials target = Target;
-            target?.DangerousRelease();
-            Target = null!;
-            return true;
-        }
-    }
-
     internal sealed class SafeFreeCredential_SECURITY : SafeFreeCredentials
     {
         public SafeFreeCredential_SECURITY() : base() { }

diff --git a/src/libraries/Common/src/System/Net/Security/SSPIHandleCache.cs b/src/libraries/Common/src/System/Net/Security/SSPIHandleCache.cs
@@ -13,7 +13,7 @@ namespace System.Net.Security
     internal static class SSPIHandleCache
     {
         private const int c_MaxCacheSize = 0x1F;  // must a (power of 2) - 1
-        private static readonly SafeCredentialReference[] s_cacheSlots = new SafeCredentialReference[c_MaxCacheSize + 1];
+        private static readonly SafeCredentialReference?[] s_cacheSlots = new SafeCredentialReference[c_MaxCacheSize + 1];
         private static int s_current = -1;
 
         internal static void CacheCredential(SafeFreeCredentials newHandle)
@@ -27,7 +27,9 @@ internal static void CacheCredential(SafeFreeCredentials newHandle)
                 }
 
                 int index = Interlocked.Increment(ref s_current) & c_MaxCacheSize;
+#pragma warning disable CS8601 // Possible null reference assignment.
                 newRef = Interlocked.Exchange<SafeCredentialReference>(ref s_cacheSlots[index], newRef);
+#pragma warning restore CS8601 // Possible null reference assignment.
 
                 newRef?.Dispose();
             }

diff --git a/src/libraries/Common/src/System/Net/Security/SafeCredentialReference.cs b/src/libraries/Common/src/System/Net/Security/SafeCredentialReference.cs
@@ -0,0 +1,58 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#nullable enable
+
+using System.Runtime.ConstrainedExecution;
+
+namespace System.Net.Security
+{
+    //
+    // This is a class holding a Credential handle reference, used for static handles cache
+    //
+    internal sealed class SafeCredentialReference : CriticalFinalizerObject, IDisposable
+    {
+        //
+        // Static cache will return the target handle if found the reference in the table.
+        //
+        internal SafeFreeCredentials? Target { get; private set; }
+
+        internal static SafeCredentialReference? CreateReference(SafeFreeCredentials target)
+        {
+            if (target.IsInvalid || target.IsClosed)
+            {
+                return null;
+            }
+
+            return new SafeCredentialReference(target);
+        }
+
+        private SafeCredentialReference(SafeFreeCredentials target)
+        {
+            // Bumps up the refcount on Target to signify that target handle is statically cached so
+            // its dispose should be postponed
+            bool ignore = false;
+            target.DangerousAddRef(ref ignore);
+            Target = target;
+        }
+
+        public void Dispose()
+        {
+            Dispose(true);
+            GC.SuppressFinalize(this);
+        }
+
+        private void Dispose(bool disposing)
+        {
+            SafeFreeCredentials? target = Target;
+            target?.DangerousRelease();
+            Target = null;
+        }
+
+        ~SafeCredentialReference()
+        {
+            Dispose(false);
+        }
+    }
+
+}
diff --git a/src/libraries/Common/src/System/Net/Security/Unix/SafeFreeCredentials.cs b/src/libraries/Common/src/System/Net/Security/Unix/SafeFreeCredentials.cs
@@ -3,8 +3,9 @@
 
 #nullable enable
 using System.Diagnostics;
+using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
-using  Microsoft.Win32.SafeHandles;
+using Microsoft.Win32.SafeHandles;
 
 namespace System.Net.Security
 {
@@ -23,52 +24,4 @@ protected SafeFreeCredentials(IntPtr handle, bool ownsHandle) : base(handle, own
         }
     }
 
-    //
-    // This is a class holding a Credential handle reference, used for static handles cache
-    //
-#if DEBUG
-    internal sealed class SafeCredentialReference : DebugCriticalHandleMinusOneIsInvalid
-    {
-#else
-    internal sealed class SafeCredentialReference : CriticalHandleMinusOneIsInvalid
-    {
-#endif
-
-        //
-        // Static cache will return the target handle if found the reference in the table.
-        //
-        internal SafeFreeCredentials Target;
-
-        internal static SafeCredentialReference? CreateReference(SafeFreeCredentials target)
-        {
-            SafeCredentialReference result = new SafeCredentialReference(target);
-            if (result.IsInvalid)
-            {
-                return null;
-            }
-
-            return result;
-        }
-        private SafeCredentialReference(SafeFreeCredentials target) : base()
-        {
-            // Bumps up the refcount on Target to signify that target handle is statically cached so
-            // its dispose should be postponed
-            bool ignore = false;
-            target.DangerousAddRef(ref ignore);
-            Target = target;
-            SetHandle(new IntPtr(0));   // make this handle valid
-        }
-
-        protected override bool ReleaseHandle()
-        {
-            SafeFreeCredentials target = Target;
-            if (target != null)
-            {
-                target.DangerousRelease();
-            }
-
-            Target = null!;
-            return true;
-        }
-    }
 }
diff --git a/src/libraries/System.Net.Http/src/System.Net.Http.csproj b/src/libraries/System.Net.Http/src/System.Net.Http.csproj
@@ -180,6 +180,8 @@
              Link="Common\System\Net\ContextFlagsPal.cs" />
     <Compile Include="$(CommonPath)System\Net\SecurityStatusPal.cs"
              Link="Common\System\Net\SecurityStatusPal.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SafeCredentialReference.cs"
+             Link="Common\System\Net\Security\SafeCredentialReference.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
              Link="Common\System\Net\Security\SSPIHandleCache.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SslClientAuthenticationOptionsExtensions.cs"

diff --git a/src/libraries/System.Net.HttpListener/src/System.Net.HttpListener.csproj b/src/libraries/System.Net.HttpListener/src/System.Net.HttpListener.csproj
@@ -178,6 +178,8 @@
              Link="Common\System\Net\Security\SecurityBuffer.Windows.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SecurityBufferType.Windows.cs"
              Link="Common\System\Net\Security\SecurityBufferType.Windows.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SafeCredentialReference.cs"
+             Link="Common\System\Net\Security\SafeCredentialReference.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
              Link="Common\System\Net\Security\SSPIHandleCache.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\NetEventSource.Security.cs"

diff --git a/src/libraries/System.Net.Mail/src/System.Net.Mail.csproj b/src/libraries/System.Net.Mail/src/System.Net.Mail.csproj
@@ -102,8 +102,6 @@
              Link="Common\System\Net\ContextAwareResult.cs" />
     <Compile Include="$(CommonPath)System\Net\NTAuthentication.Common.cs"
              Link="Common\System\Net\NTAuthentication.Common.cs" />
-    <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
-             Link="Common\System\Net\Security\SSPIHandleCache.cs" />
     <Compile Include="$(CommonPath)System\Net\DebugCriticalHandleMinusOneIsInvalid.cs"
              Link="Common\System\Net\DebugCriticalHandleMinusOneIsInvalid.cs" />
     <Compile Include="$(CommonPath)System\Net\DebugCriticalHandleZeroOrMinusOneIsInvalid.cs"
@@ -126,6 +124,10 @@
              Link="Common\System\Net\NegotiationInfoClass.cs" />
     <Compile Include="$(CommonPath)System\Net\SecurityStatusPal.cs"
              Link="Common\System\Net\SecurityStatusPal.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SafeCredentialReference.cs"
+             Link="Common\System\Net\Security\SafeCredentialReference.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
+             Link="Common\System\Net\Security\SSPIHandleCache.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\NetEventSource.Security.cs"
              Link="Common\System\Net\Security\NetEventSource.Security.cs" />
     <Compile Include="$(CommonPath)System\Net\SecurityProtocol.cs"

diff --git a/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj b/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj
@@ -269,6 +269,8 @@
              Link="Common\System\Net\NTAuthentication.Common.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
              Link="Common\System\Net\Security\SSPIHandleCache.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SafeCredentialReference.cs"
+             Link="Common\System\Net\Security\SafeCredentialReference.cs" />
     <Compile Include="$(CommonPath)System\Net\ContextAwareResult.cs"
              Link="Common\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\src\System\Net\Mail\SmtpConnection.Auth.cs"

diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
@@ -75,6 +75,8 @@
              Link="Common\System\NotImplemented.cs" />
     <Compile Include="$(CommonPath)System\Threading\Tasks\TaskToApm.cs"
              Link="Common\System\Threading\Tasks\TaskToApm.cs" />
+    <Compile Include="$(CommonPath)System\Net\Security\SafeCredentialReference.cs"
+             Link="Common\System\Net\Security\SafeCredentialReference.cs" />
     <Compile Include="$(CommonPath)System\Net\Security\SSPIHandleCache.cs"
              Link="Common\System\Net\Security\SSPIHandleCache.cs" />
     <Compile Include="$(CommonPath)System\Net\ContextFlagsPal.cs"