RestrictedTransactionalPackage.cs source code in C# .NET

                        
Code:
                         / DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / TrustUi / MS / Internal / documents / Application / RestrictedTransactionalPackage.cs / 1 / RestrictedTransactionalPackage.cs
                        

                        
                            //------------------------------------------------------------------------------ 
// 
//    Copyright (C) Microsoft Corporation.  All rights reserved. 
//
//  
//  This class wraps TransactionalPackage, ensuring that only parts with
//  approved content types can be written. 
//  
//
// History: 
//  04/12/2006: [....]: Created as a wrapper for TransactionalPackage to
//                        limit which content types of parts can be written.
//-----------------------------------------------------------------------------
 
using System;
using System.IO; 
using System.IO.Packaging; 
using System.Security;
using System.Security.Permissions; 
using System.Windows.TrustUI;

using MS.Internal;
 
namespace MS.Internal.Documents.Application
{ 
/// 
 
/// This class wraps TransactionalPackage, ensuring that only approved
/// part content types can be written. 
/// 
internal sealed class RestrictedTransactionalPackage : TransactionalPackage
{
    #region Constructors 
    //-------------------------------------------------------------------------
    // Constructors 
    //------------------------------------------------------------------------- 

    /// 
 
    /// Requires an existing open Package; and returns a package which will
    /// capture changes with out applying them to the original.
    /// See the class description for details.
    /// 
 
    /// 
    ///  
    /// Package package = new RestrictedTransactionalPackage( 
    ///     Package.Open(source, FileMode.Open, FileAccess.Read));
    ///  
    /// An open package.
    /// 
    /// Critical:
    ///  - Calls TransactionalPackage(Stream) which is critical. 
    /// NotSafe:
    ///  - only our caller knows where the stream came from, it must be from 
    ///    the user specified location 
    /// 
    [SecurityCritical] 
    internal RestrictedTransactionalPackage(Stream original)
        : base(original)
    { }
    #endregion Constructors 

    ///  
    ///  
    /// 
    /// Critical: 
    ///  1) Accesses the value of the TempPackage, which is SecurityCriticalDataForSet.
    ///  2) Calls TransactionalPackage.MergeChanges which is SecurityCritical.
    /// NotSafe:
    ///  - only the caller participating in constructing the stream can validate 
    ///    that this is an XpsDocument stream
    ///  
    [SecurityCritical] 
    internal override void MergeChanges(Stream target)
    { 
        if (target == null)
        {
            throw new ArgumentNullException("target");
        } 

        if (TempPackage.Value != null) 
        { 
            foreach (PackagePart part in TempPackage.Value.GetParts())
            { 
                // Ensure that all parts being modified are permitted.
                if ((part != null) && (!IsValidContentType(part.ContentType)))
                {
                    throw new NotSupportedException(SR.Get(SRID.PackagePartTypeNotWritable)); 
                }
            } 
 
            base.MergeChanges(target);
        } 
    }

    /// 

    /// Creates a new PackagePart. 
    /// 
    ///  
    /// When creating a new PackagePart we must: 
    ///    a) ensure the part does not exist in package
    ///    b) ensure there is a writable package 
    ///    c) create a temp part
    ///    d) update active part reference to the temp part
    ///
    /// What if a PackagePart with the same Uri already exists? 
    ///   Package.CreatePart checks for this.
    /// 
    /// Do we need to worry about updating relationships and other parts? 
    ///   Relationships are a part and are thus intrinsically handled.
    ///  
    /// Uri for the part to create.
    /// Content type string.
    /// Compression options.
    /// A new PackagePart. 
    protected override PackagePart CreatePartCore(
        Uri partUri, string contentType, CompressionOption compressionOption) 
    { 
        // Ensure that modifying this contentType is permitted.
        if (!IsValidContentType(contentType)) 
        {
            throw new ArgumentException(SR.Get(SRID.PackagePartTypeNotWritable), "contentType");
        }
        return base.CreatePartCore(partUri, contentType, compressionOption); 
    }
 
    /// 
 
    /// Verifies that parts of the the given contentType are allowed to be modified.
    /// 
 
    /// The content type of the part being modified.
    /// True if modification is allowed, false otherwise.
    /// Critical:
    ///  1) This code makes the actual security decision as to whether a specific 
    ///     content type can be written.
    /// TreatAsSafe: 
    ///  1) The list of content types is a hardcoded constant list of strings that 
    ///     is only maintained here.  The only data being used is the string content
    ///     type to check. 
    [SecurityCritical, SecurityTreatAsSafe]
    private bool IsValidContentType(string contentType)
    {
        // Check that the contentType is a valid string, and of one of the approved 
        // contentTypes.
        // 
        // The approved content types come from the Package-wide content types list 
        // in the XPS Specification and Reference Guide.
        // Internally available at [....]/ 
        // Externally available at http://www.microsoft.com/xps/
        return ((!string.IsNullOrEmpty(contentType)) &&
                ((contentType.Equals(
                    @"application/xml", 
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Core Properties Part 
                 (contentType.Equals( 
                    @"application/vnd.openxmlformats-package.core-properties+xml",
                    StringComparison.OrdinalIgnoreCase)) || 
                 // Digital Signature Certificate Part
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.digital-signature-certificate",
                    StringComparison.OrdinalIgnoreCase)) || 
                 // Digital Signature Origin Part
                 (contentType.Equals( 
                    @"application/vnd.openxmlformats-package.digital-signature-origin", 
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Digital Signature XML Signature Part 
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.digital-signature-xmlsignature+xml",
                    StringComparison.OrdinalIgnoreCase)) ||
                 // Relationships Part 
                 (contentType.Equals(
                    @"application/vnd.openxmlformats-package.relationships+xml", 
                    StringComparison.OrdinalIgnoreCase)) 
                ));
    } 
}
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• DependencyPropertyChangedEventArgs.cs
• ColumnMapVisitor.cs
• AffineTransform3D.cs
• OpacityConverter.cs
• IconBitmapDecoder.cs
• TextTreeObjectNode.cs
• ReservationNotFoundException.cs
• FormsAuthenticationCredentials.cs
• ThreadStartException.cs
• Update.cs
• OwnerDrawPropertyBag.cs
• ComponentCache.cs
• SerializationEventsCache.cs
• CodePrimitiveExpression.cs
• ImportCatalogPart.cs
• ChtmlSelectionListAdapter.cs
• CurrentTimeZone.cs
• RadialGradientBrush.cs
• StatusBarItemAutomationPeer.cs
• IPHostEntry.cs
• Attributes.cs
• NativeCompoundFileAPIs.cs
• UrlEncodedParameterWriter.cs
• RuntimeResourceSet.cs
• DateTimeOffset.cs
• PeerName.cs
• ObjectHandle.cs
• FormView.cs
• XmlBufferReader.cs
• TypedDataSetSchemaImporterExtension.cs
• JournalEntryListConverter.cs
• XmlTextAttribute.cs
• FrameworkContentElement.cs
• HTMLTagNameToTypeMapper.cs
• EventlogProvider.cs
• HostingMessageProperty.cs
• LinkAreaEditor.cs
• IBuiltInEvidence.cs
• HttpFormatExtensions.cs
• ObjectDataSourceDesigner.cs
• SQLDateTime.cs
• TableRow.cs
• GeneralTransform3D.cs
• WindowsStartMenu.cs
• EventItfInfo.cs
• Line.cs
• XmlDataSourceView.cs
• ComEventsSink.cs
• RSAOAEPKeyExchangeDeformatter.cs
• NegationPusher.cs
• EventProxy.cs
• ImportContext.cs
• EntityDesignerDataSourceView.cs
• ProxyAttribute.cs
• Subtree.cs
• FormViewUpdateEventArgs.cs
• XmlSchemaValidator.cs
• Stopwatch.cs
• ZoomPercentageConverter.cs
• SystemIPv4InterfaceProperties.cs
• MergeFilterQuery.cs
• PropertySourceInfo.cs
• Hex.cs
• ResourceAssociationSet.cs
• SafeEventLogWriteHandle.cs
• RuntimeIdentifierPropertyAttribute.cs
• AVElementHelper.cs
• SystemIPGlobalStatistics.cs
• QueryOutputWriter.cs
• ExtenderProvidedPropertyAttribute.cs
• SequentialUshortCollection.cs
• BufferedResponseStream.cs
• ParseNumbers.cs
• ChainOfDependencies.cs
• CoTaskMemSafeHandle.cs
• LinqDataSourceDisposeEventArgs.cs
• TrackBarRenderer.cs
• DynamicPropertyReader.cs
• UnsafeNativeMethods.cs
• RowToParametersTransformer.cs
• ColumnWidthChangedEvent.cs
• CachedPathData.cs
• NetCodeGroup.cs
• DesignTimeData.cs
• ListViewHitTestInfo.cs
• SqlDataSource.cs
• Figure.cs
• PropertyNames.cs
• MSG.cs
• DetailsViewPageEventArgs.cs
• CombinedHttpChannel.cs
• PropertyValueUIItem.cs
• ScriptReferenceEventArgs.cs
• SQLDecimalStorage.cs
• ReversePositionQuery.cs
• InfocardExtendedInformationEntry.cs
• SchemaEntity.cs
• ParenthesizePropertyNameAttribute.cs
• CompiledAction.cs
• DataGridViewSortCompareEventArgs.cs