RestrictedTransactionalPackage.cs source code in C# .NET

                        
Code:
                         / DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / TrustUi / MS / Internal / documents / Application / RestrictedTransactionalPackage.cs / 1 / RestrictedTransactionalPackage.cs
                        

                        
                            //------------------------------------------------------------------------------ 
// 
//    Copyright (C) Microsoft Corporation.  All rights reserved. 
//
//  
//  This class wraps TransactionalPackage, ensuring that only parts with
//  approved content types can be written. 
//  
//
// History: 
//  04/12/2006: [....]: Created as a wrapper for TransactionalPackage to
//                        limit which content types of parts can be written.
//-----------------------------------------------------------------------------
 
using System;
using System.IO; 
using System.IO.Packaging; 
using System.Security;
using System.Security.Permissions; 
using System.Windows.TrustUI;

using MS.Internal;
 
namespace MS.Internal.Documents.Application
{ 
/// 
 
/// This class wraps TransactionalPackage, ensuring that only approved
/// part content types can be written. 
/// 
internal sealed class RestrictedTransactionalPackage : TransactionalPackage
{
    #region Constructors 
    //-------------------------------------------------------------------------
    // Constructors 
    //------------------------------------------------------------------------- 

    /// 
 
    /// Requires an existing open Package; and returns a package which will
    /// capture changes with out applying them to the original.
    /// See the class description for details.
    /// 
 
    /// 
    ///  
    /// Package package = new RestrictedTransactionalPackage( 
    ///     Package.Open(source, FileMode.Open, FileAccess.Read));
    ///  
    /// An open package.
    /// 
    /// Critical:
    ///  - Calls TransactionalPackage(Stream) which is critical. 
    /// NotSafe:
    ///  - only our caller knows where the stream came from, it must be from 
    ///    the user specified location 
    /// 
    [SecurityCritical] 
    internal RestrictedTransactionalPackage(Stream original)
        : base(original)
    { }
    #endregion Constructors 

    ///  
    ///  
    /// 
    /// Critical: 
    ///  1) Accesses the value of the TempPackage, which is SecurityCriticalDataForSet.
    ///  2) Calls TransactionalPackage.MergeChanges which is SecurityCritical.
    /// NotSafe:
    ///  - only the caller participating in constructing the stream can validate 
    ///    that this is an XpsDocument stream
    ///  
    [SecurityCritical] 
    internal override void MergeChanges(Stream target)
    { 
        if (target == null)
        {
            throw new ArgumentNullException("target");
        } 

        if (TempPackage.Value != null) 
        { 
            foreach (PackagePart part in TempPackage.Value.GetParts())
            { 
                // Ensure that all parts being modified are permitted.
                if ((part != null) && (!IsValidContentType(part.ContentType)))
                {
                    throw new NotSupportedException(SR.Get(SRID.PackagePartTypeNotWritable)); 
                }
            } 
 
            base.MergeChanges(target);
        } 
    }

    /// 

    /// Creates a new PackagePart. 
    /// 
    ///  
    /// When creating a new PackagePart we must: 
    ///    a) ensure the part does not exist in package
    ///    b) ensure there is a writable package 
    ///    c) create a temp part
    ///    d) update active part reference to the temp part
    ///
    /// What if a PackagePart with the same Uri already exists? 
    ///   Package.CreatePart checks for this.
    /// 
    /// Do we need to worry about updating relationships and other parts? 
    ///   Relationships are a part and are thus intrinsically handled.
    ///  
    /// Uri for the part to create.
    /// Content type string.
    /// Compression options.
    /// A new PackagePart. 
    protected override PackagePart CreatePartCore(
        Uri partUri, string contentType, CompressionOption compressionOption) 
    { 
        // Ensure that modifying this contentType is permitted.
        if (!IsValidContentType(contentType)) 
        {
            throw new ArgumentException(SR.Get(SRID.PackagePartTypeNotWritable), "contentType");
        }
        return base.CreatePartCore(partUri, contentType, compressionOption); 
    }
 
    /// 
 
    /// Verifies that parts of the the given contentType are allowed to be modified.
    /// 
 
    /// The content type of the part being modified.
    /// True if modification is allowed, false otherwise.
    /// Critical:
    ///  1) This code makes the actual security decision as to whether a specific 
    ///     content type can be written.
    /// TreatAsSafe: 
    ///  1) The list of content types is a hardcoded constant list of strings that 
    ///     is only maintained here.  The only data being used is the string content
    ///     type to check. 
    [SecurityCritical, SecurityTreatAsSafe]
    private bool IsValidContentType(string contentType)
    {
        // Check that the contentType is a valid string, and of one of the approved 
        // contentTypes.
        // 
        // The approved content types come from the Package-wide content types list 
        // in the XPS Specification and Reference Guide.
        // Internally available at [....]/ 
        // Externally available at http://www.microsoft.com/xps/
        return ((!string.IsNullOrEmpty(contentType)) &&
                ((contentType.Equals(
                    @"application/xml", 
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Core Properties Part 
                 (contentType.Equals( 
                    @"application/vnd.openxmlformats-package.core-properties+xml",
                    StringComparison.OrdinalIgnoreCase)) || 
                 // Digital Signature Certificate Part
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.digital-signature-certificate",
                    StringComparison.OrdinalIgnoreCase)) || 
                 // Digital Signature Origin Part
                 (contentType.Equals( 
                    @"application/vnd.openxmlformats-package.digital-signature-origin", 
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Digital Signature XML Signature Part 
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml",
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Relationships Part 
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.relationships+xml", 
                    StringComparison.OrdinalIgnoreCase)) 
                ));
    } 
}
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• FrameworkTemplate.cs
• CryptoApi.cs
• DataBinder.cs
• SqlWebEventProvider.cs
• LogEntryDeserializer.cs
• FormatException.cs
• FacetEnabledSchemaElement.cs
• AssemblyCollection.cs
• HuffmanTree.cs
• ProtocolsConfiguration.cs
• BuilderPropertyEntry.cs
• DbParameterHelper.cs
• XmlSchemaValidator.cs
• ComponentDispatcherThread.cs
• XmlSchemaValidator.cs
• WindowsListViewScroll.cs
• DbMetaDataCollectionNames.cs
• PageClientProxyGenerator.cs
• ButtonBaseDesigner.cs
• MessageEnumerator.cs
• NullableFloatSumAggregationOperator.cs
• InkPresenterAutomationPeer.cs
• ClientBuildManagerCallback.cs
• DebuggerAttributes.cs
• UnmanagedMemoryStream.cs
• NextPreviousPagerField.cs
• DataGridViewControlCollection.cs
• Sentence.cs
• Visual3D.cs
• QilDataSource.cs
• TreeView.cs
• MessagePropertyDescription.cs
• ImageFormatConverter.cs
• Icon.cs
• WebPartZoneCollection.cs
• ReferencedType.cs
• URL.cs
• FilterRepeater.cs
• FileUtil.cs
• EventMemberCodeDomSerializer.cs
• DirectoryInfo.cs
• UpdateCompiler.cs
• CodeChecksumPragma.cs
• ListBase.cs
• DateTimePicker.cs
• BamlRecordReader.cs
• RowsCopiedEventArgs.cs
• BackStopAuthenticationModule.cs
• EncoderReplacementFallback.cs
• ViewLoader.cs
• UnsafeNativeMethods.cs
• EventWaitHandle.cs
• SerialPinChanges.cs
• TypeEnumerableViewSchema.cs
• RawAppCommandInputReport.cs
• CompositionAdorner.cs
• TraversalRequest.cs
• ComponentRenameEvent.cs
• FastEncoderStatics.cs
• EntityDataSource.cs
• EntityProviderFactory.cs
• WebMessageEncodingElement.cs
• AutomationEventArgs.cs
• SystemMulticastIPAddressInformation.cs
• LinqDataSourceDeleteEventArgs.cs
• ProcessModule.cs
• WorkflowServiceAttributes.cs
• SecurityKeyIdentifierClause.cs
• TreeNodeCollection.cs
• BufferBuilder.cs
• ListControl.cs
• WebPartEventArgs.cs
• RegisteredDisposeScript.cs
• TextTreeObjectNode.cs
• InvalidOleVariantTypeException.cs
• HttpCachePolicy.cs
• Model3DGroup.cs
• ConnectionProviderAttribute.cs
• HttpFileCollectionBase.cs
• AnnotationService.cs
• EastAsianLunisolarCalendar.cs
• ForwardPositionQuery.cs
• WebPartsSection.cs
• Transaction.cs
• DateTimeValueSerializer.cs
• PolyBezierSegment.cs
• PerformanceCounter.cs
• StyleCollectionEditor.cs
• ReachDocumentPageSerializerAsync.cs
• HttpServerVarsCollection.cs
• SimpleLine.cs
• Decorator.cs
• ServiceModelEnumValidator.cs
• LineMetrics.cs
• MetaChildrenColumn.cs
• DateTimeFormatInfoScanner.cs
• TextEffectCollection.cs
• TagPrefixAttribute.cs
• TreeViewTemplateSelector.cs
• CardSpacePolicyElement.cs