Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / fx / src / WinForms / Managed / System / WinForms / TrustManager.cs / 1305376 / TrustManager.cs
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
/*
*/
using System;
using System.Security;
using System.Security.Policy;
using System.Windows.Forms;
using System.Globalization;
using System.Text;
using System.IO;
using System.Collections;
using System.Reflection;
using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using System.Security.Permissions;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Deployment.Internal;
using System.Deployment.Internal.Isolation;
using System.Deployment.Internal.Isolation.Manifest;
using System.Deployment.Internal.CodeSigning;
using Microsoft.Win32;
using System.Runtime.InteropServices;
namespace System.Security.Policy
{
/// ();
if (deploymentUrl != null)
{
return deploymentUrl.Value;
}
// Couldn't find deployment Url
return null;
}
private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
{
Debug.Assert(info != null);
PermissionSet pset = info.DefaultRequestSet;
PermissionSet permSetRequested = null;
if (pset != null)
{
permSetRequested = pset.Copy();
}
return permSetRequested;
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static string GetHostFromDeploymentUrl(string deploymentUrl)
{
if (deploymentUrl == null)
{
return string.Empty;
}
string host = null;
try
{
System.Uri uri = new System.Uri(deploymentUrl);
if (uri.Scheme == System.Uri.UriSchemeHttp || uri.Scheme == System.Uri.UriSchemeHttps)
{
host = uri.Host;
}
if (string.IsNullOrEmpty(host))
{
host = uri.AbsolutePath;
int separatorIndex = -1;
if (string.IsNullOrEmpty(uri.Host) && host.StartsWith("/"))
{
host = host.TrimStart('/');
separatorIndex = host.IndexOf('/');
}
else if (uri.LocalPath.Length > 2 && (uri.LocalPath[1] == ':' || uri.LocalPath.StartsWith("\\\\")))
{
host = uri.LocalPath;
separatorIndex = host.LastIndexOf('\\');
}
if (separatorIndex != -1)
{
host = host.Remove(separatorIndex);
}
}
}
catch (Exception ex)
{
Debug.Fail("Exception occurred in GetHostFromDeploymentUrl: " + ex.Message);
return string.Empty;
}
return host;
}
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal,
string zoneName,
ParsedData parsedData)
{
Debug.Assert(hostContextInternal != null);
Debug.Assert(zoneName != null);
Debug.Assert(parsedData != null);
if (hostContextInternal.NoPrompt)
{
return PromptsAllowed.None;
}
PromptingLevel promptingLevel = GetZonePromptingLevel(zoneName);
if (promptingLevel == PromptingLevel.Disabled ||
(promptingLevel == PromptingLevel.PromptOnlyForAuthenticode && parsedData.AuthenticodedPublisher == null))
{
return PromptsAllowed.BlockingOnly;
}
return PromptsAllowed.All;
}
private static string GetZoneNameFromDeploymentUrl(String deploymentUrl)
{
Zone zone = Zone.CreateFromUrl(deploymentUrl);
if (zone == null || zone.SecurityZone == SecurityZone.NoZone)
{
return "UntrustedSites";
}
switch (zone.SecurityZone)
{
case SecurityZone.Internet:
return "Internet";
case SecurityZone.Intranet:
return "LocalIntranet";
case SecurityZone.MyComputer:
return "MyComputer";
case SecurityZone.Trusted:
return "TrustedSites";
case SecurityZone.Untrusted:
return "UntrustedSites";
default:
Debug.Fail("Unexpected SecurityZone in GetZoneNameFromDeploymentUrl");
return "UntrustedSites";
}
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static PromptingLevel GetZonePromptingLevel(string zoneName)
{
try
{
string promptingLevelStr = null;
new RegistryPermission(PermissionState.Unrestricted).Assert();
try
{
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(PromptingLevelKeyName))
{
if (key != null)
{
promptingLevelStr = (string)key.GetValue(zoneName);
}
}
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
if (string.IsNullOrEmpty(promptingLevelStr))
{
return GetDefaultPromptingLevel(zoneName);
}
else if (string.Compare(promptingLevelStr, "Enabled", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.Prompt;
}
else if (string.Compare(promptingLevelStr, "Disabled", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.Disabled;
}
else if (string.Compare(promptingLevelStr, "AuthenticodeRequired", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.PromptOnlyForAuthenticode;
}
else
{
return GetDefaultPromptingLevel(zoneName);
}
}
catch (Exception ex)
{
Debug.Fail("Exception occurred in GetZonePromptingLevel: " + ex.Message);
return GetDefaultPromptingLevel(zoneName);
}
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext,
ParsedData parsedData,
String deploymentUrl,
HostContextInternal hostContextInternal,
ApplicationSecurityInfo info,
ApplicationTrustExtraInfo appTrustExtraInfo,
string zoneName)
{
DialogResult ret;
TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
try
{
TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
DefaultBrowserExePath,
parsedData.SupportUrl,
GetHostFromDeploymentUrl(deploymentUrl),
parsedData.AuthenticodedPublisher /*publisherName*/,
parsedData.Certificate,
options);
ret = highRiskDialog.ShowDialog();
}
catch (Exception ex)
{
Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message);
ret = DialogResult.No;
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/);
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static ApplicationTrust BlockingPrompt(ActivationContext activationContext,
ParsedData parsedData,
String deploymentUrl,
ApplicationSecurityInfo info,
ApplicationTrustExtraInfo appTrustExtraInfo,
string zoneName,
bool permissionElevationRequired)
{
TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.StopApp | TrustManagerPromptOptions.RequiresPermissions) : TrustManagerPromptOptions.StopApp,
appTrustExtraInfo, zoneName, info);
try
{
TrustManagerPromptUIThread errorDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
DefaultBrowserExePath,
parsedData.SupportUrl,
GetHostFromDeploymentUrl(deploymentUrl),
parsedData.AuthenticodedPublisher /*publisherName*/,
parsedData.Certificate,
options);
errorDialog.ShowDialog();
}
catch (Exception ex)
{
Debug.Fail("Error occurred while showing error dialog: " + ex.Message);
}
// Trust Manager should prompt, but is not allowed to. Return Don't Trust and Don't Persist.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static bool ParseManifest(ICMS cms, ParsedData parsedData)
{
// parsedData is safely initialized to requestsShellIntegration:false/supportUrl:null/authenticodedPublisher:null //deploymentProviderCodebase:null
try
{
if (cms != null)
{
// Extract SupportUrl and Shell Visibility
if (cms.MetadataSectionEntry != null)
{
IMetadataSectionEntry metaDataSectionEntry = cms.MetadataSectionEntry as IMetadataSectionEntry;
if (metaDataSectionEntry != null)
{
IDescriptionMetadataEntry description = metaDataSectionEntry.DescriptionData;
if (description != null)
{
parsedData.SupportUrl = description.SupportUrl;
parsedData.AppName = description.Product;
parsedData.AppPublisher = description.Publisher;
// [....]: description.Publisher is accessible here. Ask JamieC if we should grab it.
}
IDeploymentMetadataEntry deployment = metaDataSectionEntry.DeploymentData;
if (deployment != null)
{
parsedData.RequestsShellIntegration = ((deployment.DeploymentFlags &
(uint)(CMS_ASSEMBLY_DEPLOYMENT_FLAG.CMS_ASSEMBLY_DEPLOYMENT_FLAG_INSTALL)) != 0);
// parsedData.DeploymentProviderCodebase = deployment.DeploymentProviderCodebase;
}
if ((metaDataSectionEntry.ManifestFlags & (uint)CMS_MANIFEST_FLAG.CMS_MANIFEST_FLAG_USEMANIFESTFORTRUST) != 0)
{
parsedData.UseManifestForTrust = true;
}
else
{
parsedData.UseManifestForTrust = false;
}
}
}
}
}
catch (Exception e)
{
Debug.Fail("Error parsing manifest: " + e.Message);
return false;
}
return true;
}
private static bool SomePreviousTrustedVersionRequiresShellIntegration(ArrayList /*ApplicationTrust[]*/ matchingTrusts)
{
Debug.Assert(matchingTrusts != null);
foreach (ApplicationTrust matchingTrust in matchingTrusts)
{
ApplicationTrustExtraInfo matchingAppTrustExtraInfo = matchingTrust.ExtraInfo as ApplicationTrustExtraInfo;
if (matchingAppTrustExtraInfo != null && matchingAppTrustExtraInfo.RequestsShellIntegration)
{
return true;
}
if (null == matchingAppTrustExtraInfo && matchingTrust.DefaultGrantSet.PermissionSet.IsUnrestricted())
{ // Full trust trumps RequestsShellIntegration, so return true in this case.
return true;
}
}
// No previous trusted version requires shell integration
return false;
}
private static bool SearchPreviousTrustedVersion(ActivationContext activationContext,
ApplicationIdentity previousAppId,
out ArrayList matchingTrusts)
{
// No match found by default
matchingTrusts = null;
ApplicationTrustCollection appTrusts = ApplicationSecurityManager.UserApplicationTrusts;
foreach (ApplicationTrust appTrust in appTrusts) {
IDefinitionAppId appTrustAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, appTrust.ApplicationIdentity.FullName);
IDefinitionAppId actCtxAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, activationContext.Identity.FullName);
if (IsolationInterop.AppIdAuthority.AreDefinitionsEqual((uint) IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAGS.IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAG_IGNORE_VERSION, appTrustAppId, actCtxAppId))
{
// Found an older matching app (or same version app which should never occur in theory)
if (matchingTrusts == null)
{
matchingTrusts = new ArrayList();
}
matchingTrusts.Add(appTrust);
}
}
if (previousAppId != null)
{
foreach (ApplicationTrust appTrust in appTrusts) {
IDefinitionAppId appTrustDefAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, appTrust.ApplicationIdentity.FullName);
IDefinitionAppId previousDefAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, previousAppId.FullName);
if (IsolationInterop.AppIdAuthority.AreDefinitionsEqual((uint) IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAGS.IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAG_IGNORE_VERSION, appTrustDefAppId, previousDefAppId))
{
// Found an older matching app (or same version app which should never occur in theory)
if (matchingTrusts == null)
{
matchingTrusts = new ArrayList();
}
matchingTrusts.Add(appTrust);
}
}
}
// (matchingTrusts != null) <==> Found a prior version that was allowed to run.
return (matchingTrusts != null);
}
private enum PromptingLevel
{
///
///
/// In the cases the Trust Manager needs to prompt, it needs to show the blocking prompt
///
///
Disabled = 0,
///
///
/// Prompting is allowed for strong named and authenticode signed application deployments
///
///
Prompt = 1,
///
///
/// Prompting is allowed for authenticode signed application deployments only
///
///
PromptOnlyForAuthenticode = 2
}
private enum PromptsAllowed
{
///
///
/// The Trust Manager is allowed to show any prompt
///
///
All = 0,
///
///
/// The Trust Manager is only allowed to show the blocking prompt
///
///
BlockingOnly = 1,
///
///
/// The Trust Manager is not allowed to prompt at all
///
///
None = 2
}
}
[Serializable]
internal class ApplicationTrustExtraInfo
{
private bool requestsShellIntegration = true; // If manifest parsing fails, we assume shell integration is required.
public ApplicationTrustExtraInfo()
{
}
public bool RequestsShellIntegration
{
get
{
return this.requestsShellIntegration;
}
set
{
this.requestsShellIntegration = value;
}
}
}
internal class TrustManagerPromptUIThread {
private string m_appName, m_defaultBrowserExePath, m_supportUrl, m_deploymentUrl, m_publisherName;
private X509Certificate2 m_certificate;
private TrustManagerPromptOptions m_options;
private DialogResult m_ret = DialogResult.No;
public TrustManagerPromptUIThread(string appName, string defaultBrowserExePath, string supportUrl, string deploymentUrl,
string publisherName, X509Certificate2 certificate, TrustManagerPromptOptions options) {
this.m_appName = appName;
this.m_defaultBrowserExePath = defaultBrowserExePath;
this.m_supportUrl = supportUrl;
this.m_deploymentUrl = deploymentUrl;
this.m_publisherName = publisherName;
this.m_certificate = certificate;
this.m_options = options;
}
public DialogResult ShowDialog() {
System.Threading.Thread thread = new System.Threading.Thread(new System.Threading.ThreadStart(ShowDialogWork));
thread.SetApartmentState(System.Threading.ApartmentState.STA);
thread.Start();
thread.Join();
return m_ret;
}
[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")]
private void ShowDialogWork()
{
try {
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
using (TrustManagerPromptUI trustManagerDialog = new TrustManagerPromptUI(this.m_appName, this.m_defaultBrowserExePath,
this.m_supportUrl, this.m_deploymentUrl,
this.m_publisherName, this.m_certificate, this.m_options)) {
m_ret = trustManagerDialog.ShowDialog();
}
}
catch {
}
}
}
internal class ParsedData
{
private bool requestsShellIntegration; /* == false by default. shellVisible attribute is optional */
private string appName;
private string appPublisher;
private string supportUrl;
private string authenticodedPublisher;
private bool disallowTrustOverride;
private X509Certificate2 certificate;
// private string deploymentProviderCodebase;
public ParsedData()
{
}
public bool RequestsShellIntegration
{
get
{
return this.requestsShellIntegration;
}
set
{
this.requestsShellIntegration = value;
}
}
public X509Certificate2 Certificate
{
get
{
return this.certificate;
}
set
{
this.certificate = value;
}
}
public string AppName
{
get
{
return this.appName;
}
set
{
this.appName = value;
}
}
public string AppPublisher
{
get
{
return this.appPublisher;
}
set
{
this.appPublisher = value;
}
}
public string AuthenticodedPublisher
{
get
{
return this.authenticodedPublisher;
}
set
{
this.authenticodedPublisher = value;
}
}
public bool UseManifestForTrust
{
get
{
return disallowTrustOverride;
}
set
{
disallowTrustOverride = value;
}
}
// public string DeploymentProviderCodebase
// {
// get
// {
// return this.deploymentProviderCodebase;
// }
// set
// {
// this.deploymentProviderCodebase = value;
// }
// }
public string SupportUrl
{
get
{
return this.supportUrl;
}
set
{
this.supportUrl = value;
}
}
}
internal class HostContextInternal
{
private bool ignorePersistedDecision;
private bool noPrompt;
private bool persist;
private ApplicationIdentity previousAppId;
public HostContextInternal(TrustManagerContext trustManagerContext)
{
if (trustManagerContext == null)
{
// Used in case DetermineApplicationTrust is not given a TrustManagerContext object.
this.persist = true;
}
else
{
// ISSUE - fix this...
// Note that exclusiveGrant is never set. It is read in CreateApplicationTrust however.
this.ignorePersistedDecision = trustManagerContext.IgnorePersistedDecision;
this.noPrompt = trustManagerContext.NoPrompt;
this.persist = trustManagerContext.Persist;
this.previousAppId = trustManagerContext.PreviousApplicationIdentity;
}
}
public bool IgnorePersistedDecision
{
get
{
return this.ignorePersistedDecision;
}
}
public bool NoPrompt
{
get
{
return this.noPrompt;
}
}
public bool Persist
{
get
{
return this.persist;
}
}
public ApplicationIdentity PreviousAppId
{
get
{
return this.previousAppId;
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//-----------------------------------------------------------------------------
/*
*/
using System;
using System.Security;
using System.Security.Policy;
using System.Windows.Forms;
using System.Globalization;
using System.Text;
using System.IO;
using System.Collections;
using System.Reflection;
using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using System.Security.Permissions;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Deployment.Internal;
using System.Deployment.Internal.Isolation;
using System.Deployment.Internal.Isolation.Manifest;
using System.Deployment.Internal.CodeSigning;
using Microsoft.Win32;
using System.Runtime.InteropServices;
namespace System.Security.Policy
{
/// ();
if (deploymentUrl != null)
{
return deploymentUrl.Value;
}
// Couldn't find deployment Url
return null;
}
private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
{
Debug.Assert(info != null);
PermissionSet pset = info.DefaultRequestSet;
PermissionSet permSetRequested = null;
if (pset != null)
{
permSetRequested = pset.Copy();
}
return permSetRequested;
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static string GetHostFromDeploymentUrl(string deploymentUrl)
{
if (deploymentUrl == null)
{
return string.Empty;
}
string host = null;
try
{
System.Uri uri = new System.Uri(deploymentUrl);
if (uri.Scheme == System.Uri.UriSchemeHttp || uri.Scheme == System.Uri.UriSchemeHttps)
{
host = uri.Host;
}
if (string.IsNullOrEmpty(host))
{
host = uri.AbsolutePath;
int separatorIndex = -1;
if (string.IsNullOrEmpty(uri.Host) && host.StartsWith("/"))
{
host = host.TrimStart('/');
separatorIndex = host.IndexOf('/');
}
else if (uri.LocalPath.Length > 2 && (uri.LocalPath[1] == ':' || uri.LocalPath.StartsWith("\\\\")))
{
host = uri.LocalPath;
separatorIndex = host.LastIndexOf('\\');
}
if (separatorIndex != -1)
{
host = host.Remove(separatorIndex);
}
}
}
catch (Exception ex)
{
Debug.Fail("Exception occurred in GetHostFromDeploymentUrl: " + ex.Message);
return string.Empty;
}
return host;
}
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal,
string zoneName,
ParsedData parsedData)
{
Debug.Assert(hostContextInternal != null);
Debug.Assert(zoneName != null);
Debug.Assert(parsedData != null);
if (hostContextInternal.NoPrompt)
{
return PromptsAllowed.None;
}
PromptingLevel promptingLevel = GetZonePromptingLevel(zoneName);
if (promptingLevel == PromptingLevel.Disabled ||
(promptingLevel == PromptingLevel.PromptOnlyForAuthenticode && parsedData.AuthenticodedPublisher == null))
{
return PromptsAllowed.BlockingOnly;
}
return PromptsAllowed.All;
}
private static string GetZoneNameFromDeploymentUrl(String deploymentUrl)
{
Zone zone = Zone.CreateFromUrl(deploymentUrl);
if (zone == null || zone.SecurityZone == SecurityZone.NoZone)
{
return "UntrustedSites";
}
switch (zone.SecurityZone)
{
case SecurityZone.Internet:
return "Internet";
case SecurityZone.Intranet:
return "LocalIntranet";
case SecurityZone.MyComputer:
return "MyComputer";
case SecurityZone.Trusted:
return "TrustedSites";
case SecurityZone.Untrusted:
return "UntrustedSites";
default:
Debug.Fail("Unexpected SecurityZone in GetZoneNameFromDeploymentUrl");
return "UntrustedSites";
}
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static PromptingLevel GetZonePromptingLevel(string zoneName)
{
try
{
string promptingLevelStr = null;
new RegistryPermission(PermissionState.Unrestricted).Assert();
try
{
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(PromptingLevelKeyName))
{
if (key != null)
{
promptingLevelStr = (string)key.GetValue(zoneName);
}
}
}
finally
{
System.Security.CodeAccessPermission.RevertAssert();
}
if (string.IsNullOrEmpty(promptingLevelStr))
{
return GetDefaultPromptingLevel(zoneName);
}
else if (string.Compare(promptingLevelStr, "Enabled", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.Prompt;
}
else if (string.Compare(promptingLevelStr, "Disabled", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.Disabled;
}
else if (string.Compare(promptingLevelStr, "AuthenticodeRequired", true, CultureInfo.InvariantCulture) == 0)
{
return PromptingLevel.PromptOnlyForAuthenticode;
}
else
{
return GetDefaultPromptingLevel(zoneName);
}
}
catch (Exception ex)
{
Debug.Fail("Exception occurred in GetZonePromptingLevel: " + ex.Message);
return GetDefaultPromptingLevel(zoneName);
}
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext,
ParsedData parsedData,
String deploymentUrl,
HostContextInternal hostContextInternal,
ApplicationSecurityInfo info,
ApplicationTrustExtraInfo appTrustExtraInfo,
string zoneName)
{
DialogResult ret;
TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
try
{
TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
DefaultBrowserExePath,
parsedData.SupportUrl,
GetHostFromDeploymentUrl(deploymentUrl),
parsedData.AuthenticodedPublisher /*publisherName*/,
parsedData.Certificate,
options);
ret = highRiskDialog.ShowDialog();
}
catch (Exception ex)
{
Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message);
ret = DialogResult.No;
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/);
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static ApplicationTrust BlockingPrompt(ActivationContext activationContext,
ParsedData parsedData,
String deploymentUrl,
ApplicationSecurityInfo info,
ApplicationTrustExtraInfo appTrustExtraInfo,
string zoneName,
bool permissionElevationRequired)
{
TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.StopApp | TrustManagerPromptOptions.RequiresPermissions) : TrustManagerPromptOptions.StopApp,
appTrustExtraInfo, zoneName, info);
try
{
TrustManagerPromptUIThread errorDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
DefaultBrowserExePath,
parsedData.SupportUrl,
GetHostFromDeploymentUrl(deploymentUrl),
parsedData.AuthenticodedPublisher /*publisherName*/,
parsedData.Certificate,
options);
errorDialog.ShowDialog();
}
catch (Exception ex)
{
Debug.Fail("Error occurred while showing error dialog: " + ex.Message);
}
// Trust Manager should prompt, but is not allowed to. Return Don't Trust and Don't Persist.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
}
[
SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")
]
private static bool ParseManifest(ICMS cms, ParsedData parsedData)
{
// parsedData is safely initialized to requestsShellIntegration:false/supportUrl:null/authenticodedPublisher:null //deploymentProviderCodebase:null
try
{
if (cms != null)
{
// Extract SupportUrl and Shell Visibility
if (cms.MetadataSectionEntry != null)
{
IMetadataSectionEntry metaDataSectionEntry = cms.MetadataSectionEntry as IMetadataSectionEntry;
if (metaDataSectionEntry != null)
{
IDescriptionMetadataEntry description = metaDataSectionEntry.DescriptionData;
if (description != null)
{
parsedData.SupportUrl = description.SupportUrl;
parsedData.AppName = description.Product;
parsedData.AppPublisher = description.Publisher;
// [....]: description.Publisher is accessible here. Ask JamieC if we should grab it.
}
IDeploymentMetadataEntry deployment = metaDataSectionEntry.DeploymentData;
if (deployment != null)
{
parsedData.RequestsShellIntegration = ((deployment.DeploymentFlags &
(uint)(CMS_ASSEMBLY_DEPLOYMENT_FLAG.CMS_ASSEMBLY_DEPLOYMENT_FLAG_INSTALL)) != 0);
// parsedData.DeploymentProviderCodebase = deployment.DeploymentProviderCodebase;
}
if ((metaDataSectionEntry.ManifestFlags & (uint)CMS_MANIFEST_FLAG.CMS_MANIFEST_FLAG_USEMANIFESTFORTRUST) != 0)
{
parsedData.UseManifestForTrust = true;
}
else
{
parsedData.UseManifestForTrust = false;
}
}
}
}
}
catch (Exception e)
{
Debug.Fail("Error parsing manifest: " + e.Message);
return false;
}
return true;
}
private static bool SomePreviousTrustedVersionRequiresShellIntegration(ArrayList /*ApplicationTrust[]*/ matchingTrusts)
{
Debug.Assert(matchingTrusts != null);
foreach (ApplicationTrust matchingTrust in matchingTrusts)
{
ApplicationTrustExtraInfo matchingAppTrustExtraInfo = matchingTrust.ExtraInfo as ApplicationTrustExtraInfo;
if (matchingAppTrustExtraInfo != null && matchingAppTrustExtraInfo.RequestsShellIntegration)
{
return true;
}
if (null == matchingAppTrustExtraInfo && matchingTrust.DefaultGrantSet.PermissionSet.IsUnrestricted())
{ // Full trust trumps RequestsShellIntegration, so return true in this case.
return true;
}
}
// No previous trusted version requires shell integration
return false;
}
private static bool SearchPreviousTrustedVersion(ActivationContext activationContext,
ApplicationIdentity previousAppId,
out ArrayList matchingTrusts)
{
// No match found by default
matchingTrusts = null;
ApplicationTrustCollection appTrusts = ApplicationSecurityManager.UserApplicationTrusts;
foreach (ApplicationTrust appTrust in appTrusts) {
IDefinitionAppId appTrustAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, appTrust.ApplicationIdentity.FullName);
IDefinitionAppId actCtxAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, activationContext.Identity.FullName);
if (IsolationInterop.AppIdAuthority.AreDefinitionsEqual((uint) IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAGS.IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAG_IGNORE_VERSION, appTrustAppId, actCtxAppId))
{
// Found an older matching app (or same version app which should never occur in theory)
if (matchingTrusts == null)
{
matchingTrusts = new ArrayList();
}
matchingTrusts.Add(appTrust);
}
}
if (previousAppId != null)
{
foreach (ApplicationTrust appTrust in appTrusts) {
IDefinitionAppId appTrustDefAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, appTrust.ApplicationIdentity.FullName);
IDefinitionAppId previousDefAppId = IsolationInterop.AppIdAuthority.TextToDefinition(0, previousAppId.FullName);
if (IsolationInterop.AppIdAuthority.AreDefinitionsEqual((uint) IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAGS.IAPPIDAUTHORITY_ARE_DEFINITIONS_EQUAL_FLAG_IGNORE_VERSION, appTrustDefAppId, previousDefAppId))
{
// Found an older matching app (or same version app which should never occur in theory)
if (matchingTrusts == null)
{
matchingTrusts = new ArrayList();
}
matchingTrusts.Add(appTrust);
}
}
}
// (matchingTrusts != null) <==> Found a prior version that was allowed to run.
return (matchingTrusts != null);
}
private enum PromptingLevel
{
///
///
/// In the cases the Trust Manager needs to prompt, it needs to show the blocking prompt
///
///
Disabled = 0,
///
///
/// Prompting is allowed for strong named and authenticode signed application deployments
///
///
Prompt = 1,
///
///
/// Prompting is allowed for authenticode signed application deployments only
///
///
PromptOnlyForAuthenticode = 2
}
private enum PromptsAllowed
{
///
///
/// The Trust Manager is allowed to show any prompt
///
///
All = 0,
///
///
/// The Trust Manager is only allowed to show the blocking prompt
///
///
BlockingOnly = 1,
///
///
/// The Trust Manager is not allowed to prompt at all
///
///
None = 2
}
}
[Serializable]
internal class ApplicationTrustExtraInfo
{
private bool requestsShellIntegration = true; // If manifest parsing fails, we assume shell integration is required.
public ApplicationTrustExtraInfo()
{
}
public bool RequestsShellIntegration
{
get
{
return this.requestsShellIntegration;
}
set
{
this.requestsShellIntegration = value;
}
}
}
internal class TrustManagerPromptUIThread {
private string m_appName, m_defaultBrowserExePath, m_supportUrl, m_deploymentUrl, m_publisherName;
private X509Certificate2 m_certificate;
private TrustManagerPromptOptions m_options;
private DialogResult m_ret = DialogResult.No;
public TrustManagerPromptUIThread(string appName, string defaultBrowserExePath, string supportUrl, string deploymentUrl,
string publisherName, X509Certificate2 certificate, TrustManagerPromptOptions options) {
this.m_appName = appName;
this.m_defaultBrowserExePath = defaultBrowserExePath;
this.m_supportUrl = supportUrl;
this.m_deploymentUrl = deploymentUrl;
this.m_publisherName = publisherName;
this.m_certificate = certificate;
this.m_options = options;
}
public DialogResult ShowDialog() {
System.Threading.Thread thread = new System.Threading.Thread(new System.Threading.ThreadStart(ShowDialogWork));
thread.SetApartmentState(System.Threading.ApartmentState.STA);
thread.Start();
thread.Join();
return m_ret;
}
[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes")]
private void ShowDialogWork()
{
try {
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
using (TrustManagerPromptUI trustManagerDialog = new TrustManagerPromptUI(this.m_appName, this.m_defaultBrowserExePath,
this.m_supportUrl, this.m_deploymentUrl,
this.m_publisherName, this.m_certificate, this.m_options)) {
m_ret = trustManagerDialog.ShowDialog();
}
}
catch {
}
}
}
internal class ParsedData
{
private bool requestsShellIntegration; /* == false by default. shellVisible attribute is optional */
private string appName;
private string appPublisher;
private string supportUrl;
private string authenticodedPublisher;
private bool disallowTrustOverride;
private X509Certificate2 certificate;
// private string deploymentProviderCodebase;
public ParsedData()
{
}
public bool RequestsShellIntegration
{
get
{
return this.requestsShellIntegration;
}
set
{
this.requestsShellIntegration = value;
}
}
public X509Certificate2 Certificate
{
get
{
return this.certificate;
}
set
{
this.certificate = value;
}
}
public string AppName
{
get
{
return this.appName;
}
set
{
this.appName = value;
}
}
public string AppPublisher
{
get
{
return this.appPublisher;
}
set
{
this.appPublisher = value;
}
}
public string AuthenticodedPublisher
{
get
{
return this.authenticodedPublisher;
}
set
{
this.authenticodedPublisher = value;
}
}
public bool UseManifestForTrust
{
get
{
return disallowTrustOverride;
}
set
{
disallowTrustOverride = value;
}
}
// public string DeploymentProviderCodebase
// {
// get
// {
// return this.deploymentProviderCodebase;
// }
// set
// {
// this.deploymentProviderCodebase = value;
// }
// }
public string SupportUrl
{
get
{
return this.supportUrl;
}
set
{
this.supportUrl = value;
}
}
}
internal class HostContextInternal
{
private bool ignorePersistedDecision;
private bool noPrompt;
private bool persist;
private ApplicationIdentity previousAppId;
public HostContextInternal(TrustManagerContext trustManagerContext)
{
if (trustManagerContext == null)
{
// Used in case DetermineApplicationTrust is not given a TrustManagerContext object.
this.persist = true;
}
else
{
// ISSUE - fix this...
// Note that exclusiveGrant is never set. It is read in CreateApplicationTrust however.
this.ignorePersistedDecision = trustManagerContext.IgnorePersistedDecision;
this.noPrompt = trustManagerContext.NoPrompt;
this.persist = trustManagerContext.Persist;
this.previousAppId = trustManagerContext.PreviousApplicationIdentity;
}
}
public bool IgnorePersistedDecision
{
get
{
return this.ignorePersistedDecision;
}
}
public bool NoPrompt
{
get
{
return this.noPrompt;
}
}
public bool Persist
{
get
{
return this.persist;
}
}
public ApplicationIdentity PreviousAppId
{
get
{
return this.previousAppId;
}
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- UIntPtr.cs
- SettingsPropertyNotFoundException.cs
- DataGridColumnDropSeparator.cs
- GridSplitterAutomationPeer.cs
- EFTableProvider.cs
- SqlDependencyListener.cs
- ValueUtilsSmi.cs
- ZipIOLocalFileHeader.cs
- WeakEventTable.cs
- TableItemProviderWrapper.cs
- TablePatternIdentifiers.cs
- ResourceManagerWrapper.cs
- ToolStripItemRenderEventArgs.cs
- ObjectComplexPropertyMapping.cs
- ParsedAttributeCollection.cs
- FixedStringLookup.cs
- BinaryFormatter.cs
- XamlInterfaces.cs
- DataBoundControl.cs
- _NestedMultipleAsyncResult.cs
- HttpPostedFile.cs
- ProgressBarHighlightConverter.cs
- XPathArrayIterator.cs
- XPathMessageFilterElementComparer.cs
- ConnectionPointCookie.cs
- ImageClickEventArgs.cs
- AuthStoreRoleProvider.cs
- CompositionAdorner.cs
- Helpers.cs
- StringSorter.cs
- AnnotationDocumentPaginator.cs
- StreamGeometry.cs
- SerializationIncompleteException.cs
- StylusPointPropertyInfoDefaults.cs
- BufferManager.cs
- FtpWebRequest.cs
- ReadOnlyDataSource.cs
- QilParameter.cs
- Errors.cs
- TableRow.cs
- TableItemPattern.cs
- DelegatedStream.cs
- XmlBufferReader.cs
- TypedOperationInfo.cs
- AccessControlList.cs
- QueryCacheKey.cs
- Win32KeyboardDevice.cs
- UserMapPath.cs
- DependencyPropertyValueSerializer.cs
- WebPartEditorApplyVerb.cs
- ConsumerConnectionPointCollection.cs
- TextBoxBase.cs
- XmlCharCheckingWriter.cs
- XmlILIndex.cs
- DataServiceException.cs
- MailAddressCollection.cs
- ServicesExceptionNotHandledEventArgs.cs
- DataFormats.cs
- IndentTextWriter.cs
- RuleSettingsCollection.cs
- DocumentGrid.cs
- OleDbParameterCollection.cs
- CodeAttachEventStatement.cs
- ApplicationProxyInternal.cs
- GroupQuery.cs
- ProcessRequestArgs.cs
- ScriptComponentDescriptor.cs
- TrustManagerPromptUI.cs
- HierarchicalDataBoundControlAdapter.cs
- XmlElementList.cs
- PageBuildProvider.cs
- GridView.cs
- SqlUdtInfo.cs
- ToolboxItemAttribute.cs
- UInt16Storage.cs
- AjaxFrameworkAssemblyAttribute.cs
- ZoneLinkButton.cs
- MouseActionValueSerializer.cs
- DrawingVisualDrawingContext.cs
- VisualBasicSettingsHandler.cs
- XpsManager.cs
- EntityContainer.cs
- IssuanceTokenProviderBase.cs
- SettingsPropertyValue.cs
- PartialArray.cs
- QilLoop.cs
- TraceProvider.cs
- ReadOnlyHierarchicalDataSource.cs
- PointAnimationBase.cs
- RenamedEventArgs.cs
- AttachedAnnotationChangedEventArgs.cs
- WrapPanel.cs
- ImageBrush.cs
- CombinedGeometry.cs
- PersonalizationProviderHelper.cs
- StatusBar.cs
- AutomationPatternInfo.cs
- WindowsTitleBar.cs
- QuaternionIndependentAnimationStorage.cs
- MembershipUser.cs