/// <summary>Creates a permission that is the union of the current permission and the specified permission.</summary>
/// <returns>A new permission that represents the union of the current permission and the specified permission.</returns>
/// <param name="target">A permission to combine with the current permission. It must be of the same type as the current permission. </param>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="target" /> is not null and does not specify a permission of the same type as the current permission. </exception>
public override IPermission Union(IPermission target)
{
KeyContainerPermission keyContainerPermission = this.Cast(target);
if (keyContainerPermission == null)
{
return(this.Copy());
}
KeyContainerPermissionAccessEntryCollection keyContainerPermissionAccessEntryCollection = new KeyContainerPermissionAccessEntryCollection();
foreach (KeyContainerPermissionAccessEntry accessEntry in this._accessEntries)
{
keyContainerPermissionAccessEntryCollection.Add(accessEntry);
}
foreach (KeyContainerPermissionAccessEntry accessEntry2 in keyContainerPermission._accessEntries)
{
if (this._accessEntries.IndexOf(accessEntry2) == -1)
{
keyContainerPermissionAccessEntryCollection.Add(accessEntry2);
}
}
if (keyContainerPermissionAccessEntryCollection.Count == 0)
{
return(new KeyContainerPermission(this._flags | keyContainerPermission._flags));
}
KeyContainerPermissionAccessEntry[] array = new KeyContainerPermissionAccessEntry[keyContainerPermissionAccessEntryCollection.Count];
keyContainerPermissionAccessEntryCollection.CopyTo(array, 0);
return(new KeyContainerPermission(this._flags | keyContainerPermission._flags, array));
}
// Token: 0x060026CD RID: 9933 RVA: 0x0008CBA8 File Offset: 0x0008ADA8
private void AddAccessEntryAndUnion(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionAccessEntry keyContainerPermissionAccessEntry = new KeyContainerPermissionAccessEntry(accessEntry);
keyContainerPermissionAccessEntry.Flags |= KeyContainerPermission.GetApplicableFlags(accessEntry, target);
this.AccessEntries.Add(keyContainerPermissionAccessEntry);
}
private void AddAccessEntryAndIntersect(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionAccessEntry accessEntry1 = new KeyContainerPermissionAccessEntry(accessEntry);
accessEntry1.Flags &= KeyContainerPermission.GetApplicableFlags(accessEntry, target);
this.AccessEntries.Add(accessEntry1);
}
/// <summary>从 XML 编码重新构造具有指定状态的权限。</summary>
/// <param name="securityElement">
/// <see cref="T:System.Security.SecurityElement" />,包含用于重新构造权限的 XML 编码。</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="securityElement" /> 为 null。</exception>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="securityElement" /> 不是一个有效的权限元素。- 或 -不支持 <paramref name="securityElement" /> 的版本号。</exception>
public override void FromXml(SecurityElement securityElement)
{
CodeAccessPermission.ValidateElement(securityElement, (IPermission)this);
if (XMLUtil.IsUnrestricted(securityElement))
{
this.m_flags = KeyContainerPermissionFlags.AllFlags;
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
}
else
{
this.m_flags = KeyContainerPermissionFlags.NoFlags;
string str = securityElement.Attribute("Flags");
if (str != null)
{
KeyContainerPermissionFlags flags = (KeyContainerPermissionFlags)Enum.Parse(typeof(KeyContainerPermissionFlags), str);
KeyContainerPermission.VerifyFlags(flags);
this.m_flags = flags;
}
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
if (securityElement.InternalChildren == null || securityElement.InternalChildren.Count == 0)
{
return;
}
foreach (SecurityElement child in securityElement.Children)
{
if (child != null && string.Equals(child.Tag, "AccessList"))
{
this.AddAccessEntries(child);
}
}
}
}
//
// IPermission implementation
//
public override bool IsSubsetOf (IPermission target) {
if (target == null)
return IsEmpty();
if (!VerifyType(target))
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName));
KeyContainerPermission operand = (KeyContainerPermission) target;
// since there are containers that are neither in the access list of the source, nor in the
// access list of the target, the source flags must be a subset of the target flags.
if ((this.m_flags & operand.m_flags) != this.m_flags)
return false;
// Any entry in the source should have "applicable" flags in the destination that actually
// are less restrictive than the flags in the source.
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries) {
KeyContainerPermissionFlags targetFlags = GetApplicableFlags(accessEntry, operand);
if ((accessEntry.Flags & targetFlags) != accessEntry.Flags)
return false;
}
// Any entry in the target should have "applicable" flags in the source that actually
// are more restrictive than the flags in the target.
foreach (KeyContainerPermissionAccessEntry accessEntry in operand.AccessEntries) {
KeyContainerPermissionFlags sourceFlags = GetApplicableFlags(accessEntry, this);
if ((sourceFlags & accessEntry.Flags) != sourceFlags)
return false;
}
return true;
}
/// <summary>创建一个权限,该权限是当前权限与指定权限的并集。</summary>
/// <returns>一个新权限,它表示当前权限与指定权限的并集。</returns>
/// <param name="target">将与当前权限合并的权限。它必须与当前权限属于同一类型。</param>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="target" /> 不是 null,并且未指定与当前权限属于同一类型的权限。</exception>
public override IPermission Union(IPermission target)
{
if (target == null)
{
return(this.Copy());
}
if (!this.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", (object)this.GetType().FullName));
}
KeyContainerPermission target1 = (KeyContainerPermission)target;
if (this.IsUnrestricted() || target1.IsUnrestricted())
{
return((IPermission) new KeyContainerPermission(PermissionState.Unrestricted));
}
KeyContainerPermission containerPermission = new KeyContainerPermission(this.m_flags | target1.m_flags);
foreach (KeyContainerPermissionAccessEntry accessEntry in this.AccessEntries)
{
containerPermission.AddAccessEntryAndUnion(accessEntry, target1);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in target1.AccessEntries)
{
containerPermission.AddAccessEntryAndUnion(accessEntry, this);
}
if (!containerPermission.IsEmpty())
{
return((IPermission)containerPermission);
}
return((IPermission)null);
}
public override IPermission Intersect(IPermission target)
{
if (target != null)
{
if (!base.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", new object[] { base.GetType().FullName }));
}
KeyContainerPermission permission = (KeyContainerPermission)target;
if (this.IsEmpty() || permission.IsEmpty())
{
return(null);
}
KeyContainerPermissionFlags flags = permission.m_flags & this.m_flags;
KeyContainerPermission permission2 = new KeyContainerPermission(flags);
KeyContainerPermissionAccessEntryEnumerator enumerator = this.AccessEntries.GetEnumerator();
while (enumerator.MoveNext())
{
KeyContainerPermissionAccessEntry current = enumerator.Current;
permission2.AddAccessEntryAndIntersect(current, permission);
}
KeyContainerPermissionAccessEntryEnumerator enumerator2 = permission.AccessEntries.GetEnumerator();
while (enumerator2.MoveNext())
{
KeyContainerPermissionAccessEntry accessEntry = enumerator2.Current;
permission2.AddAccessEntryAndIntersect(accessEntry, this);
}
if (!permission2.IsEmpty())
{
return(permission2);
}
}
return(null);
}
public override IPermission Intersect(IPermission target)
{
if (target == null)
{
return(null);
}
if (!VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName));
}
KeyContainerPermission operand = (KeyContainerPermission)target;
if (this.IsEmpty() || operand.IsEmpty())
{
return(null);
}
KeyContainerPermissionFlags flags_intersect = operand.m_flags & this.m_flags;
KeyContainerPermission cp = new KeyContainerPermission(flags_intersect);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries)
{
cp.AddAccessEntryAndIntersect(accessEntry, operand);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in operand.AccessEntries)
{
cp.AddAccessEntryAndIntersect(accessEntry, this);
}
return(cp.IsEmpty() ? null : cp);
}
/// <summary>Reconstructs a permission with a specified state from an XML encoding.</summary>
/// <param name="securityElement">A <see cref="T:System.Security.SecurityElement" /> that contains the XML encoding used to reconstruct the permission. </param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="securityElement" /> is <see langword="null" />. </exception>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="securityElement" /> is not a valid permission element.-or- The version number of <paramref name="securityElement" /> is not supported. </exception>
// Token: 0x060026CA RID: 9930 RVA: 0x0008C94C File Offset: 0x0008AB4C
public override void FromXml(SecurityElement securityElement)
{
CodeAccessPermission.ValidateElement(securityElement, this);
if (XMLUtil.IsUnrestricted(securityElement))
{
this.m_flags = KeyContainerPermissionFlags.AllFlags;
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
return;
}
this.m_flags = KeyContainerPermissionFlags.NoFlags;
string text = securityElement.Attribute("Flags");
if (text != null)
{
KeyContainerPermissionFlags flags = (KeyContainerPermissionFlags)Enum.Parse(typeof(KeyContainerPermissionFlags), text);
KeyContainerPermission.VerifyFlags(flags);
this.m_flags = flags;
}
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
if (securityElement.InternalChildren != null && securityElement.InternalChildren.Count != 0)
{
foreach (object obj in securityElement.Children)
{
SecurityElement securityElement2 = (SecurityElement)obj;
if (securityElement2 != null && string.Equals(securityElement2.Tag, "AccessList"))
{
this.AddAccessEntries(securityElement2);
}
}
}
}
/// <summary>确定当前权限是否为指定权限的子集。</summary>
/// <returns>如果当前权限是指定权限的子集,则为 true;否则为 false。</returns>
/// <param name="target">要测试子集关系的权限。此权限必须与当前权限属于同一类型。</param>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="target" /> 不是 null,并且未指定与当前权限属于同一类型的权限。</exception>
public override bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(this.IsEmpty());
}
if (!this.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", (object)this.GetType().FullName));
}
KeyContainerPermission target1 = (KeyContainerPermission)target;
if ((this.m_flags & target1.m_flags) != this.m_flags)
{
return(false);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in this.AccessEntries)
{
KeyContainerPermissionFlags applicableFlags = KeyContainerPermission.GetApplicableFlags(accessEntry, target1);
if ((accessEntry.Flags & applicableFlags) != accessEntry.Flags)
{
return(false);
}
}
foreach (KeyContainerPermissionAccessEntry accessEntry in target1.AccessEntries)
{
KeyContainerPermissionFlags applicableFlags = KeyContainerPermission.GetApplicableFlags(accessEntry, this);
if ((applicableFlags & accessEntry.Flags) != applicableFlags)
{
return(false);
}
}
return(true);
}
public override IPermission Union(IPermission target)
{
if (target == null)
{
return(this.Copy());
}
if (!VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName));
}
KeyContainerPermission operand = (KeyContainerPermission)target;
if (this.IsUnrestricted() || operand.IsUnrestricted())
{
return(new KeyContainerPermission(PermissionState.Unrestricted));
}
KeyContainerPermissionFlags flags_union = (KeyContainerPermissionFlags)(m_flags | operand.m_flags);
KeyContainerPermission cp = new KeyContainerPermission(flags_union);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries)
{
cp.AddAccessEntryAndUnion(accessEntry, operand);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in operand.AccessEntries)
{
cp.AddAccessEntryAndUnion(accessEntry, this);
}
return(cp.IsEmpty() ? null : cp);
}
public override IPermission Union(IPermission target)
{
KeyContainerPermission kcp = Cast(target);
if (kcp == null)
{
return(Copy());
}
KeyContainerPermissionAccessEntryCollection kcpaec = new KeyContainerPermissionAccessEntryCollection();
// copy first group
foreach (KeyContainerPermissionAccessEntry kcpae in _accessEntries)
{
kcpaec.Add(kcpae);
}
// copy second group...
foreach (KeyContainerPermissionAccessEntry kcpae in kcp._accessEntries)
{
// ... but only if not present in first group
if (_accessEntries.IndexOf(kcpae) == -1)
{
kcpaec.Add(kcpae);
}
}
if (kcpaec.Count == 0)
{
return(new KeyContainerPermission((_flags | kcp._flags)));
}
KeyContainerPermissionAccessEntry[] list = new KeyContainerPermissionAccessEntry [kcpaec.Count];
kcpaec.CopyTo(list, 0);
return(new KeyContainerPermission((_flags | kcp._flags), list));
}
public static CngKey Create(CngAlgorithm algorithm, string keyName, CngKeyCreationParameters creationParameters)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
if (creationParameters == null)
{
creationParameters = new CngKeyCreationParameters();
}
if (!NCryptNative.NCryptSupported)
{
throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported"));
}
if (keyName != null)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Create) {
ProviderName = creationParameters.Provider.Provider
};
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
SafeNCryptProviderHandle provider = NCryptNative.OpenStorageProvider(creationParameters.Provider.Provider);
SafeNCryptKeyHandle keyHandle = NCryptNative.CreatePersistedKey(provider, algorithm.Algorithm, keyName, creationParameters.KeyCreationOptions);
SetKeyProperties(keyHandle, creationParameters);
NCryptNative.FinalizeKey(keyHandle);
CngKey key = new CngKey(provider, keyHandle);
if (keyName == null)
{
key.IsEphemeral = true;
}
return key;
}
internal KeyContainerPermission BuildKeyContainerPermission(KeyContainerPermissionFlags flags)
{
KeyContainerPermission permission = null;
if (this.IsEphemeral)
{
return permission;
}
string keyContainerName = null;
string str2 = null;
try
{
keyContainerName = this.KeyName;
str2 = NCryptNative.GetPropertyAsString(this.m_kspHandle, "Name", CngPropertyOptions.None);
}
catch (CryptographicException)
{
}
if (keyContainerName != null)
{
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(keyContainerName, flags) {
ProviderName = str2
};
permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
permission.AccessEntries.Add(accessEntry);
return permission;
}
return new KeyContainerPermission(flags);
}
public override IPermission Copy () {
if (this.IsEmpty())
return null;
KeyContainerPermission cp = new KeyContainerPermission((KeyContainerPermissionFlags)m_flags);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries) {
cp.AccessEntries.Add(accessEntry);
}
return cp;
}
/// <summary>创建并返回当前权限的相同副本。</summary>
/// <returns>当前权限的副本。</returns>
public override IPermission Copy()
{
if (this.IsEmpty())
{
return((IPermission)null);
}
KeyContainerPermission containerPermission = new KeyContainerPermission(this.m_flags);
foreach (KeyContainerPermissionAccessEntry accessEntry in this.AccessEntries)
{
containerPermission.AccessEntries.Add(accessEntry);
}
return((IPermission)containerPermission);
}
/// <summary>用指定的全局访问和特定的密钥容器访问权限来初始化 <see cref="T:System.Security.Permissions.KeyContainerPermission" /> 类的新实例。</summary>
/// <param name="flags">
/// <see cref="T:System.Security.Permissions.KeyContainerPermissionFlags" /> 值的按位组合。</param>
/// <param name="accessList">
/// <see cref="T:System.Security.Permissions.KeyContainerPermissionAccessEntry" /> 对象数组,标识特定的密钥容器访问权限。</param>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="flags" /> 不是 <see cref="T:System.Security.Permissions.KeyContainerPermissionFlags" /> 值的有效组合。</exception>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="accessList" /> 为 null。</exception>
public KeyContainerPermission(KeyContainerPermissionFlags flags, KeyContainerPermissionAccessEntry[] accessList)
{
if (accessList == null)
{
throw new ArgumentNullException("accessList");
}
KeyContainerPermission.VerifyFlags(flags);
this.m_flags = flags;
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
for (int index = 0; index < accessList.Length; ++index)
{
this.m_accessEntries.Add(accessList[index]);
}
}
private KeyContainerPermission Cast(IPermission target)
{
if (target == null)
{
return(null);
}
KeyContainerPermission keyContainerPermission = target as KeyContainerPermission;
if (keyContainerPermission == null)
{
CodeAccessPermission.ThrowInvalidPermission(target, typeof(KeyContainerPermission));
}
return(keyContainerPermission);
}
public override IPermission CreatePermission()
{
if (base.m_unrestricted)
{
return new KeyContainerPermission(PermissionState.Unrestricted);
}
if (KeyContainerPermissionAccessEntry.IsUnrestrictedEntry(this.m_keyStore, this.m_providerName, this.m_providerType, this.m_keyContainerName, this.m_keySpec))
{
return new KeyContainerPermission(this.m_flags);
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this.m_keyStore, this.m_providerName, this.m_providerType, this.m_keyContainerName, this.m_keySpec, this.m_flags);
permission.AccessEntries.Add(accessEntry);
return permission;
}
[System.Security.SecurityCritical] // auto-generated
internal CspKeyContainerInfo (CspParameters parameters, bool randomKeyContainer) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
kp.AccessEntries.Add(entry);
kp.Demand();
m_parameters = new CspParameters(parameters);
if (m_parameters.KeyNumber == -1) {
if (m_parameters.ProviderType == Constants.PROV_RSA_FULL || m_parameters.ProviderType == Constants.PROV_RSA_AES)
m_parameters.KeyNumber = Constants.AT_KEYEXCHANGE;
else if (m_parameters.ProviderType == Constants.PROV_DSS_DH)
m_parameters.KeyNumber = Constants.AT_SIGNATURE;
}
m_randomKeyContainer = randomKeyContainer;
}
public override IPermission Copy()
{
if (this.IsEmpty())
{
return(null);
}
KeyContainerPermission permission = new KeyContainerPermission(this.m_flags);
KeyContainerPermissionAccessEntryEnumerator enumerator = this.AccessEntries.GetEnumerator();
while (enumerator.MoveNext())
{
KeyContainerPermissionAccessEntry current = enumerator.Current;
permission.AccessEntries.Add(current);
}
return(permission);
}
private KeyContainerPermission Cast(IPermission target)
{
if (target == null)
{
return(null);
}
KeyContainerPermission kcp = (target as KeyContainerPermission);
if (kcp == null)
{
ThrowInvalidPermission(target, typeof(KeyContainerPermission));
}
return(kcp);
}
/// <summary>创建并返回一个新的 <see cref="T:System.Security.Permissions.KeyContainerPermission" />。</summary>
/// <returns>与此特性对应的 <see cref="T:System.Security.Permissions.KeyContainerPermission" />。</returns>
public override IPermission CreatePermission()
{
if (this.m_unrestricted)
{
return((IPermission) new KeyContainerPermission(PermissionState.Unrestricted));
}
if (KeyContainerPermissionAccessEntry.IsUnrestrictedEntry(this.m_keyStore, this.m_providerName, this.m_providerType, this.m_keyContainerName, this.m_keySpec))
{
return((IPermission) new KeyContainerPermission(this.m_flags));
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this.m_keyStore, this.m_providerName, this.m_providerType, this.m_keyContainerName, this.m_keySpec, this.m_flags);
containerPermission.AccessEntries.Add(accessEntry);
return((IPermission)containerPermission);
}
internal CspKeyContainerInfo(CspParameters parameters, bool randomKeyContainer)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
this.m_parameters = new CspParameters(parameters);
if (this.m_parameters.KeyNumber == -1)
{
if ((this.m_parameters.ProviderType == 1) || (this.m_parameters.ProviderType == 0x18))
{
this.m_parameters.KeyNumber = 1;
}
else if (this.m_parameters.ProviderType == 13)
{
this.m_parameters.KeyNumber = 2;
}
}
this.m_randomKeyContainer = randomKeyContainer;
}
public override IPermission CreatePermission()
{
if (m_unrestricted)
{
return(new KeyContainerPermission(PermissionState.Unrestricted));
}
else
{
if (KeyContainerPermissionAccessEntry.IsUnrestrictedEntry(m_keyStore, m_providerName, m_providerType, m_keyContainerName, m_keySpec))
{
return(new KeyContainerPermission(m_flags));
}
// create a KeyContainerPermission with a single access entry.
KeyContainerPermission cp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(m_keyStore, m_providerName, m_providerType, m_keyContainerName, m_keySpec, m_flags);
cp.AccessEntries.Add(accessEntry);
return(cp);
}
}
public override bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(this.IsEmpty());
}
if (!base.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", new object[] { base.GetType().FullName }));
}
KeyContainerPermission permission = (KeyContainerPermission)target;
if ((this.m_flags & permission.m_flags) != this.m_flags)
{
return(false);
}
KeyContainerPermissionAccessEntryEnumerator enumerator = this.AccessEntries.GetEnumerator();
while (enumerator.MoveNext())
{
KeyContainerPermissionAccessEntry current = enumerator.Current;
KeyContainerPermissionFlags applicableFlags = GetApplicableFlags(current, permission);
if ((current.Flags & applicableFlags) != current.Flags)
{
return(false);
}
}
KeyContainerPermissionAccessEntryEnumerator enumerator2 = permission.AccessEntries.GetEnumerator();
while (enumerator2.MoveNext())
{
KeyContainerPermissionAccessEntry accessEntry = enumerator2.Current;
KeyContainerPermissionFlags flags2 = GetApplicableFlags(accessEntry, this);
if ((flags2 & accessEntry.Flags) != flags2)
{
return(false);
}
}
return(true);
}
public byte[] Decrypt(byte[] rgb, bool fOAEP)
{
if (rgb == null)
{
throw new ArgumentNullException("rgb");
}
this.GetKeyPair();
if (rgb.Length > (this.KeySize / 8))
{
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", new object[] { this.KeySize / 8 }));
}
if (!this.CspKeyContainerInfo.RandomlyGenerated)
{
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(this._parameters, KeyContainerPermissionFlags.Decrypt);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
}
byte[] o = null;
DecryptKey(this._safeKeyHandle, rgb, rgb.Length, fOAEP, JitHelpers.GetObjectHandleOnStack<byte[]>(ref o));
return o;
}
/// <summary>Determines whether the current permission is a subset of the specified permission.</summary>
/// <param name="target">A permission to test for the subset relationship. This permission must be the same type as the current permission. </param>
/// <returns>
/// <see langword="true" /> if the current permission is a subset of the specified permission; otherwise, <see langword="false" />.</returns>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="target" /> is not <see langword="null" /> and does not specify a permission of the same type as the current permission. </exception>
// Token: 0x060026C5 RID: 9925 RVA: 0x0008C544 File Offset: 0x0008A744
public override bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(this.IsEmpty());
}
if (!base.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", new object[]
{
base.GetType().FullName
}));
}
KeyContainerPermission keyContainerPermission = (KeyContainerPermission)target;
if ((this.m_flags & keyContainerPermission.m_flags) != this.m_flags)
{
return(false);
}
foreach (KeyContainerPermissionAccessEntry keyContainerPermissionAccessEntry in this.AccessEntries)
{
KeyContainerPermissionFlags applicableFlags = KeyContainerPermission.GetApplicableFlags(keyContainerPermissionAccessEntry, keyContainerPermission);
if ((keyContainerPermissionAccessEntry.Flags & applicableFlags) != keyContainerPermissionAccessEntry.Flags)
{
return(false);
}
}
foreach (KeyContainerPermissionAccessEntry keyContainerPermissionAccessEntry2 in keyContainerPermission.AccessEntries)
{
KeyContainerPermissionFlags applicableFlags2 = KeyContainerPermission.GetApplicableFlags(keyContainerPermissionAccessEntry2, this);
if ((applicableFlags2 & keyContainerPermissionAccessEntry2.Flags) != applicableFlags2)
{
return(false);
}
}
return(true);
}
/// <summary>Creates a permission that is the union of the current permission and the specified permission.</summary>
/// <param name="target">A permission to combine with the current permission. It must be of the same type as the current permission. </param>
/// <returns>A new permission that represents the union of the current permission and the specified permission.</returns>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="target" /> is not <see langword="null" /> and does not specify a permission of the same type as the current permission. </exception>
// Token: 0x060026C7 RID: 9927 RVA: 0x0008C6E8 File Offset: 0x0008A8E8
public override IPermission Union(IPermission target)
{
if (target == null)
{
return(this.Copy());
}
if (!base.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", new object[]
{
base.GetType().FullName
}));
}
KeyContainerPermission keyContainerPermission = (KeyContainerPermission)target;
if (this.IsUnrestricted() || keyContainerPermission.IsUnrestricted())
{
return(new KeyContainerPermission(PermissionState.Unrestricted));
}
KeyContainerPermissionFlags flags = this.m_flags | keyContainerPermission.m_flags;
KeyContainerPermission keyContainerPermission2 = new KeyContainerPermission(flags);
foreach (KeyContainerPermissionAccessEntry accessEntry in this.AccessEntries)
{
keyContainerPermission2.AddAccessEntryAndUnion(accessEntry, keyContainerPermission);
}
foreach (KeyContainerPermissionAccessEntry accessEntry2 in keyContainerPermission.AccessEntries)
{
keyContainerPermission2.AddAccessEntryAndUnion(accessEntry2, this);
}
if (!keyContainerPermission2.IsEmpty())
{
return(keyContainerPermission2);
}
return(null);
}
public void ComputeSignature(CmsSigner signer, bool silent)
{
if (signer == null)
throw new ArgumentNullException("signer");
if (this.ContentInfo.Content.Length == 0)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
{
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
this.Sign(signer, silent);
}
else
{
if (signer.Certificate == null)
{
if (silent)
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
throw new CryptographicException(-2146893811);
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
throw new CryptographicException(SignedCms.SafeGetLastWin32Error());
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
this.Sign(signer, silent);
else
this.CoSign(signer, silent);
}
}
private static KeyContainerPermissionFlags GetApplicableFlags(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionFlags flags = KeyContainerPermissionFlags.NoFlags;
bool applyDefaultFlags = true;
// If the entry exists in the target, return the flag of the target entry.
int index = target.AccessEntries.IndexOf(accessEntry);
if (index != -1)
{
flags = ((KeyContainerPermissionAccessEntry)target.AccessEntries[index]).Flags;
return(flags);
}
// Intersect the flags in all the target entries that apply to the current access entry,
foreach (KeyContainerPermissionAccessEntry targetAccessEntry in target.AccessEntries)
{
if (accessEntry.IsSubsetOf(targetAccessEntry))
{
if (applyDefaultFlags == false)
{
flags &= targetAccessEntry.Flags;
}
else
{
flags = targetAccessEntry.Flags;
applyDefaultFlags = false;
}
}
}
// If no target entry applies to the current entry, the default global flag applies.
if (applyDefaultFlags)
{
flags = target.Flags;
}
return(flags);
}
bool PFXExportCertStore(
[In] SafeCertStoreHandle hCertStore,
[In,Out] IntPtr pPFX,
[In] string szPassword,
[In] uint dwFlags) {
if (hCertStore == null)
throw new ArgumentNullException("hCertStore");
if (hCertStore.IsInvalid)
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidHandle), "hCertStore");
#if !FEATURE_CORESYSTEM
//
// Right now, we always demand KeyContainerPermission regardless of whether the PFX contains a private key or not.
// We could avoid that by looping through the certs in the store and find out whether there are actually private keys.
//
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Export);
kp.Demand();
}
#endif
return CAPIMethods.PFXExportCertStore(hCertStore,
pPFX,
szPassword,
dwFlags);
}
private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
uint dwIndex = (uint) PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr(structure, handle.DangerousGetHandle(), false);
if (!System.Security.Cryptography.CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1, handle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle.Dispose();
structure.Dispose();
}
PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private void AddAccessEntryAndIntersect (KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target) {
KeyContainerPermissionAccessEntry newAccessEntry = new KeyContainerPermissionAccessEntry(accessEntry);
newAccessEntry.Flags &= GetApplicableFlags(accessEntry, target);
AccessEntries.Add(newAccessEntry);
}
bool CryptAcquireContext(
[In,Out] ref SafeCryptProvHandle hCryptProv,
[In] [MarshalAs(UnmanagedType.LPStr)] string pwszContainer,
[In] [MarshalAs(UnmanagedType.LPStr)] string pwszProvider,
[In] uint dwProvType,
[In] uint dwFlags) {
CspParameters parameters = new CspParameters();
parameters.ProviderName = pwszProvider;
parameters.KeyContainerName = pwszContainer;
parameters.ProviderType = (int) dwProvType;
parameters.KeyNumber = -1;
parameters.Flags = (CspProviderFlags) ((dwFlags & CAPI.CRYPT_MACHINE_KEYSET) == CAPI.CRYPT_MACHINE_KEYSET ? CspProviderFlags.UseMachineKeyStore : 0);
#if !FEATURE_CORESYSTEM
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
kp.AccessEntries.Add(entry);
kp.Demand();
}
#endif
bool rc = CAPIMethods.CryptAcquireContext(ref hCryptProv,
pwszContainer,
pwszProvider,
dwProvType,
dwFlags);
if (!rc && Marshal.GetLastWin32Error() == CAPI.NTE_BAD_KEYSET) {
rc = CAPIMethods.CryptAcquireContext(ref hCryptProv,
pwszContainer,
pwszProvider,
dwProvType,
dwFlags | CAPI.CRYPT_NEWKEYSET);
}
return rc;
}
[System.Security.SecuritySafeCritical] // auto-generated
public override void ImportParameters(RSAParameters parameters) {
// Free the current key handle
if (_safeKeyHandle != null && !_safeKeyHandle.IsClosed) {
_safeKeyHandle.Dispose();
_safeKeyHandle = null;
}
RSACspObject rsaCspObject = RSAStructToObject(parameters);
_safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (IsPublic(parameters)) {
// Use our CRYPT_VERIFYCONTEXT handle, CRYPT_EXPORTABLE is not applicable to public only keys, so pass false
Utils._ImportKey(Utils.StaticProvHandle, Constants.CALG_RSA_KEYX, (CspProviderFlags) 0, rsaCspObject, ref _safeKeyHandle);
} else {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Import);
kp.AccessEntries.Add(entry);
kp.Demand();
}
if (_safeProvHandle == null)
_safeProvHandle = Utils.CreateProvHandle(_parameters, _randomKeyContainer);
// Now, import the key into the CSP; _ImportKey will check for failures.
Utils._ImportKey(_safeProvHandle, Constants.CALG_RSA_KEYX, _parameters.Flags, rsaCspObject, ref _safeKeyHandle);
}
}
public override IPermission Union (IPermission target) {
if (target == null)
return this.Copy();
if (!VerifyType(target))
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName));
KeyContainerPermission operand = (KeyContainerPermission) target;
if (this.IsUnrestricted() || operand.IsUnrestricted())
return new KeyContainerPermission(PermissionState.Unrestricted);
KeyContainerPermissionFlags flags_union = (KeyContainerPermissionFlags) (m_flags | operand.m_flags);
KeyContainerPermission cp = new KeyContainerPermission(flags_union);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries) {
cp.AddAccessEntryAndUnion(accessEntry, operand);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in operand.AccessEntries) {
cp.AddAccessEntryAndUnion(accessEntry, this);
}
return cp.IsEmpty() ? null : cp;
}
internal static void GetKeyPairHelper (CspAlgorithmType keyType, CspParameters parameters, bool randomKeyContainer, int dwKeySize, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle) {
SafeProvHandle TempFetchedProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
#if FEATURE_MACL
// If the user wanted to set the security descriptor on the provider context, apply it now.
if (parameters.CryptoKeySecurity != null) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.ChangeAcl);
kp.AccessEntries.Add(entry);
kp.Demand();
SetKeySetSecurityInfo(TempFetchedProvHandle, parameters.CryptoKeySecurity, parameters.CryptoKeySecurity.ChangedAccessControlSections);
}
#endif //FEATURE_MACL
#if FEATURE_X509_SECURESTRINGS
// If the user wanted to specify a PIN or HWND for a smart card CSP, apply those settings now.
if (parameters.ParentWindowHandle != IntPtr.Zero)
SetProviderParameter(TempFetchedProvHandle, parameters.KeyNumber, Constants.CLR_PP_CLIENT_HWND, parameters.ParentWindowHandle);
else if (parameters.KeyPassword != null) {
IntPtr szPassword = Marshal.SecureStringToCoTaskMemAnsi(parameters.KeyPassword);
try {
SetProviderParameter(TempFetchedProvHandle, parameters.KeyNumber, Constants.CLR_PP_PIN, szPassword);
}
finally {
if (szPassword != IntPtr.Zero)
Marshal.ZeroFreeCoTaskMemAnsi(szPassword);
}
}
#endif //FEATURE_X509_SECURESTRINGS
safeProvHandle = TempFetchedProvHandle;
// If the key already exists, use it, else generate a new one
SafeKeyHandle TempFetchedKeyHandle = SafeKeyHandle.InvalidHandle;
int hr = Utils._GetUserKey(safeProvHandle, parameters.KeyNumber, ref TempFetchedKeyHandle);
if (hr != Constants.S_OK) {
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != 0 || hr != Constants.NTE_NO_KEY)
throw new CryptographicException(hr);
// _GenerateKey will check for failures and throw an exception
Utils._GenerateKey(safeProvHandle, parameters.KeyNumber, parameters.Flags, dwKeySize, ref TempFetchedKeyHandle);
}
// check that this is indeed an RSA/DSS key.
byte[] algid = (byte[]) Utils._GetKeyParameter(TempFetchedKeyHandle, Constants.CLR_ALGID);
int dwAlgId = (algid[0] | (algid[1] << 8) | (algid[2] << 16) | (algid[3] << 24));
if ((keyType == CspAlgorithmType.Rsa && dwAlgId != Constants.CALG_RSA_KEYX && dwAlgId != Constants.CALG_RSA_SIGN) ||
(keyType == CspAlgorithmType.Dss && dwAlgId != Constants.CALG_DSS_SIGN)) {
TempFetchedKeyHandle.Dispose();
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_WrongKeySpec"));
}
safeKeyHandle = TempFetchedKeyHandle;
}
[System.Security.SecuritySafeCritical] // auto-generated
public override RSAParameters ExportParameters (bool includePrivateParameters) {
GetKeyPair();
if (includePrivateParameters) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Export);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
RSACspObject rsaCspObject = new RSACspObject();
int blobType = includePrivateParameters ? Constants.PRIVATEKEYBLOB : Constants.PUBLICKEYBLOB;
// _ExportKey will check for failures and throw an exception
Utils._ExportKey(_safeKeyHandle, blobType, rsaCspObject);
return RSAObjectToStruct(rsaCspObject);
}
[System.Security.SecurityCritical] // auto-generated
internal static void ImportCspBlobHelper (CspAlgorithmType keyType, byte[] keyBlob, bool publicOnly, ref CspParameters parameters, bool randomKeyContainer, ref SafeProvHandle safeProvHandle, ref SafeKeyHandle safeKeyHandle) {
// Free the current key handle
if (safeKeyHandle != null && !safeKeyHandle.IsClosed)
safeKeyHandle.Dispose();
safeKeyHandle = SafeKeyHandle.InvalidHandle;
if (publicOnly) {
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, keyType == CspAlgorithmType.Dss ? Utils.StaticDssProvHandle : Utils.StaticProvHandle, (CspProviderFlags) 0, ref safeKeyHandle);
} else {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Import);
kp.AccessEntries.Add(entry);
kp.Demand();
}
if (safeProvHandle == null)
safeProvHandle = Utils.CreateProvHandle(parameters, randomKeyContainer);
parameters.KeyNumber = Utils._ImportCspBlob(keyBlob, safeProvHandle, parameters.Flags, ref safeKeyHandle);
}
}
/// <summary>用指定的访问权限初始化 <see cref="T:System.Security.Permissions.KeyContainerPermission" /> 类的新实例。</summary>
/// <param name="flags">
/// <see cref="T:System.Security.Permissions.KeyContainerPermissionFlags" /> 值的按位组合。</param>
/// <exception cref="T:System.ArgumentException">
/// <paramref name="flags" /> 不是 <see cref="T:System.Security.Permissions.KeyContainerPermissionFlags" /> 值的有效组合。</exception>
public KeyContainerPermission(KeyContainerPermissionFlags flags)
{
KeyContainerPermission.VerifyFlags(flags);
this.m_flags = flags;
this.m_accessEntries = new KeyContainerPermissionAccessEntryCollection(this.m_flags);
}
private static KeyContainerPermissionFlags GetApplicableFlags(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionFlags containerPermissionFlags = KeyContainerPermissionFlags.NoFlags;
bool flag = true;
int index = target.AccessEntries.IndexOf(accessEntry);
if (index != -1)
{
return(target.AccessEntries[index].Flags);
}
foreach (KeyContainerPermissionAccessEntry accessEntry1 in target.AccessEntries)
{
if (accessEntry.IsSubsetOf(accessEntry1))
{
if (!flag)
{
containerPermissionFlags &= accessEntry1.Flags;
}
else
{
containerPermissionFlags = accessEntry1.Flags;
flag = false;
}
}
}
if (flag)
{
containerPermissionFlags = target.Flags;
}
return(containerPermissionFlags);
}
public override IPermission CreatePermission() {
if (m_unrestricted) {
return new KeyContainerPermission(PermissionState.Unrestricted);
} else {
if (KeyContainerPermissionAccessEntry.IsUnrestrictedEntry(m_keyStore, m_providerName, m_providerType, m_keyContainerName, m_keySpec))
return new KeyContainerPermission(m_flags);
// create a KeyContainerPermission with a single access entry.
KeyContainerPermission cp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(m_keyStore, m_providerName, m_providerType, m_keyContainerName, m_keySpec, m_flags);
cp.AccessEntries.Add(accessEntry);
return cp;
}
}
internal byte[] SignHash(byte[] rgbHash, int calgHash) {
Contract.Requires(rgbHash != null);
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
return Utils.SignValue(_safeKeyHandle, _parameters.KeyNumber, Constants.CALG_RSA_SIGN, calgHash, rgbHash);
}
public override IPermission Intersect (IPermission target) {
if (target == null)
return null;
if (!VerifyType(target))
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName));
KeyContainerPermission operand = (KeyContainerPermission) target;
if (this.IsEmpty() || operand.IsEmpty())
return null;
KeyContainerPermissionFlags flags_intersect = operand.m_flags & this.m_flags;
KeyContainerPermission cp = new KeyContainerPermission(flags_intersect);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries) {
cp.AddAccessEntryAndIntersect(accessEntry, operand);
}
foreach (KeyContainerPermissionAccessEntry accessEntry in operand.AccessEntries) {
cp.AddAccessEntryAndIntersect(accessEntry, this);
}
return cp.IsEmpty() ? null : cp;
}
[System.Security.SecurityCritical] // auto-generated
internal static byte[] ExportCspBlobHelper (bool includePrivateParameters, CspParameters parameters, SafeKeyHandle safeKeyHandle) {
if (includePrivateParameters) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Export);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
byte[] blob = null;
Utils.ExportCspBlob(safeKeyHandle, includePrivateParameters ? Constants.PRIVATEKEYBLOB : Constants.PUBLICKEYBLOB, JitHelpers.GetObjectHandleOnStack(ref blob));
return blob;
}
public override IPermission Copy () {
if (this.IsEmpty())
return null;
KeyContainerPermission cp = new KeyContainerPermission((KeyContainerPermissionFlags)m_flags);
foreach (KeyContainerPermissionAccessEntry accessEntry in AccessEntries) {
cp.AccessEntries.Add(accessEntry);
}
return cp;
}
[System.Security.SecuritySafeCritical] // auto-generated
private void LoadCertificateFromBlob (byte[] rawData, object password, X509KeyStorageFlags keyStorageFlags) {
if (rawData == null || rawData.Length == 0)
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyOrNullArray"), "rawData");
Contract.EndContractBlock();
X509ContentType contentType = X509Utils.MapContentType(X509Utils._QueryCertBlobType(rawData));
#if !FEATURE_CORECLR && !FEATURE_PAL
if (contentType == X509ContentType.Pkcs12 &&
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Create);
kp.Demand();
}
#endif // !FEATURE_CORECLR && !FEATURE_PAL
uint dwFlags = X509Utils.MapKeyStorageFlags(keyStorageFlags);
IntPtr szPassword = IntPtr.Zero;
RuntimeHelpers.PrepareConstrainedRegions();
try {
szPassword = X509Utils.PasswordToHGlobalUni(password);
X509Utils._LoadCertFromBlob(rawData,
szPassword,
dwFlags,
#if FEATURE_CORECLR
false,
#else // FEATURE_CORECLR
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == 0 ? false : true,
#endif // FEATURE_CORECLR else
ref m_safeCertContext);
}
finally {
if (szPassword != IntPtr.Zero)
Marshal.ZeroFreeGlobalAllocUnicode(szPassword);
}
}
private static KeyContainerPermissionFlags GetApplicableFlags (KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target) {
KeyContainerPermissionFlags flags = KeyContainerPermissionFlags.NoFlags;
bool applyDefaultFlags = true;
// If the entry exists in the target, return the flag of the target entry.
int index = target.AccessEntries.IndexOf(accessEntry);
if (index != -1) {
flags = ((KeyContainerPermissionAccessEntry)target.AccessEntries[index]).Flags;
return flags;
}
// Intersect the flags in all the target entries that apply to the current access entry,
foreach (KeyContainerPermissionAccessEntry targetAccessEntry in target.AccessEntries) {
if (accessEntry.IsSubsetOf(targetAccessEntry)) {
if (applyDefaultFlags == false) {
flags &= targetAccessEntry.Flags;
} else {
flags = targetAccessEntry.Flags;
applyDefaultFlags = false;
}
}
}
// If no target entry applies to the current entry, the default global flag applies.
if (applyDefaultFlags)
flags = target.Flags;
return flags;
}
[System.Security.SecuritySafeCritical] // auto-generated
public byte[] SignHash(byte[] rgbHash, string str) {
if (rgbHash == null)
throw new ArgumentNullException("rgbHash");
Contract.EndContractBlock();
if (PublicOnly)
throw new CryptographicException(Environment.GetResourceString("Cryptography_CSP_NoPrivateKey"));
int calgHash = X509Utils.NameOrOidToAlgId(str, OidGroup.HashAlgorithm);
if (rgbHash.Length != _sha1.HashSize / 8)
throw new CryptographicException(Environment.GetResourceString("Cryptography_InvalidHashSize", "SHA1", _sha1.HashSize / 8));
GetKeyPair();
if (!CspKeyContainerInfo.RandomlyGenerated) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
}
return Utils.SignValue(_safeKeyHandle, _parameters.KeyNumber, Constants.CALG_DSS_SIGN, calgHash, rgbHash);
}
SafeCertStoreHandle PFXImportCertStore(
[In] uint dwObjectType,
[In] object pvObject,
[In] string szPassword,
[In] uint dwFlags,
[In] bool persistKeyContainers) {
if (pvObject == null)
throw new ArgumentNullException("pvObject");
byte[] pbData = null;
if (dwObjectType == CERT_QUERY_OBJECT_FILE) {
pbData = File.ReadAllBytes((string)pvObject);
} else {
pbData = (byte[]) pvObject;
}
#if !FEATURE_CORESYSTEM
if (persistKeyContainers) {
//
// Right now, we always demand KeyContainerPermission regardless of whether the PFX contains a private key or not.
// We could avoid that by looping through the certs in the store and find out whether there are actually private keys.
//
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Create);
kp.Demand();
}
}
#endif
SafeCertStoreHandle safeCertStoreHandle = SafeCertStoreHandle.InvalidHandle;
GCHandle handle = GCHandle.Alloc(pbData, GCHandleType.Pinned);
IntPtr ptr = handle.AddrOfPinnedObject();
try {
CRYPTOAPI_BLOB certBlob;
certBlob.cbData = (uint) pbData.Length;
certBlob.pbData = ptr;
safeCertStoreHandle = CAPIMethods.PFXImportCertStore(new IntPtr(&certBlob),
szPassword,
dwFlags);
}
finally {
if (handle.IsAllocated)
handle.Free();
}
if (!safeCertStoreHandle.IsInvalid) {
//
// If the user did not want us to persist private keys, then we should loop through all
// the certificates in the collection and set our custom CERT_DELETE_KEYSET_PROP_ID property
// so the key container will be deleted when the cert contexts will go away.
//
if (persistKeyContainers == false) {
IntPtr pEnumContext = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, IntPtr.Zero);
while (pEnumContext != IntPtr.Zero) {
CAPI.CRYPTOAPI_BLOB blob = new CAPI.CRYPTOAPI_BLOB();
if (!CAPI.CertSetCertificateContextProperty(pEnumContext,
CERT_DELETE_KEYSET_PROP_ID,
CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG, // we don't want this property to be persisted.
new IntPtr(&blob)))
throw new CryptographicException(Marshal.GetLastWin32Error());
pEnumContext = CAPI.CertEnumCertificatesInStore(safeCertStoreHandle, pEnumContext);
}
}
}
return safeCertStoreHandle;
}
/// <internalonly/>
int IBuiltInPermission.GetTokenIndex()
{
return(KeyContainerPermission.GetTokenIndex());
}
internal static SafeProvHandle CreateProvHandle (CspParameters parameters, bool randomKeyContainer) {
SafeProvHandle safeProvHandle = SafeProvHandle.InvalidHandle;
int hr = Utils._OpenCSP(parameters, 0, ref safeProvHandle);
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
if (hr != Constants.S_OK) {
// If UseExistingKey flag is used and the key container does not exist
// throw an exception without attempting to create the container.
if ((parameters.Flags & CspProviderFlags.UseExistingKey) != 0 || (hr != Constants.NTE_KEYSET_NOT_DEF && hr != Constants.NTE_BAD_KEYSET && hr != Constants.NTE_FILENOTFOUND))
throw new CryptographicException(hr);
if (!randomKeyContainer) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Create);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
Utils._CreateCSP(parameters, randomKeyContainer, ref safeProvHandle);
} else {
if (!randomKeyContainer) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
}
return safeProvHandle;
}
private void AddAccessEntryAndIntersect(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionAccessEntry newAccessEntry = new KeyContainerPermissionAccessEntry(accessEntry);
newAccessEntry.Flags &= GetApplicableFlags(accessEntry, target);
AccessEntries.Add(newAccessEntry);
}
[System.Security.SecuritySafeCritical] // auto-generated
public byte [] Decrypt(byte[] rgb, bool fOAEP) {
if (rgb == null)
throw new ArgumentNullException("rgb");
Contract.EndContractBlock();
GetKeyPair();
// size check -- must be at most the modulus size
if (rgb.Length > (KeySize / 8))
throw new CryptographicException(Environment.GetResourceString("Cryptography_Padding_DecDataTooBig", KeySize / 8));
if (!CspKeyContainerInfo.RandomlyGenerated) {
if (!CompatibilitySwitches.IsAppEarlierThanWindowsPhone8) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Decrypt);
kp.AccessEntries.Add(entry);
kp.Demand();
}
}
byte[] decryptedKey = null;
DecryptKey(_safeKeyHandle, rgb, rgb.Length, fOAEP, JitHelpers.GetObjectHandleOnStack(ref decryptedKey));
return decryptedKey;
}
private static KeyContainerPermissionFlags GetApplicableFlags(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionFlags noFlags = KeyContainerPermissionFlags.NoFlags;
bool flag = true;
int index = target.AccessEntries.IndexOf(accessEntry);
if (index != -1)
{
return(target.AccessEntries[index].Flags);
}
KeyContainerPermissionAccessEntryEnumerator enumerator = target.AccessEntries.GetEnumerator();
while (enumerator.MoveNext())
{
KeyContainerPermissionAccessEntry current = enumerator.Current;
if (accessEntry.IsSubsetOf(current))
{
if (!flag)
{
noFlags &= current.Flags;
}
else
{
noFlags = current.Flags;
flag = false;
}
}
}
if (flag)
{
noFlags = target.Flags;
}
return(noFlags);
}
[System.Security.SecurityCritical] // auto-generated
private byte[] ExportHelper (X509ContentType contentType, object password) {
switch(contentType) {
case X509ContentType.Cert:
break;
#if FEATURE_CORECLR
case (X509ContentType)0x02 /* X509ContentType.SerializedCert */:
case (X509ContentType)0x03 /* X509ContentType.Pkcs12 */:
throw new CryptographicException(Environment.GetResourceString("Cryptography_X509_InvalidContentType"),
new NotSupportedException());
#else // FEATURE_CORECLR
case X509ContentType.SerializedCert:
break;
#if !FEATURE_PAL
case X509ContentType.Pkcs12:
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Export);
kp.Demand();
break;
#endif // !FEATURE_PAL
#endif // FEATURE_CORECLR else
default:
throw new CryptographicException(Environment.GetResourceString("Cryptography_X509_InvalidContentType"));
}
#if !FEATURE_CORECLR
IntPtr szPassword = IntPtr.Zero;
byte[] encodedRawData = null;
SafeCertStoreHandle safeCertStoreHandle = X509Utils.ExportCertToMemoryStore(this);
RuntimeHelpers.PrepareConstrainedRegions();
try {
szPassword = X509Utils.PasswordToHGlobalUni(password);
encodedRawData = X509Utils._ExportCertificatesToBlob(safeCertStoreHandle, contentType, szPassword);
}
finally {
if (szPassword != IntPtr.Zero)
Marshal.ZeroFreeGlobalAllocUnicode(szPassword);
safeCertStoreHandle.Dispose();
}
if (encodedRawData == null)
throw new CryptographicException(Environment.GetResourceString("Cryptography_X509_ExportFailed"));
return encodedRawData;
#else // !FEATURE_CORECLR
return RawData;
#endif // !FEATURE_CORECLR
}
private void AddAccessEntryAndUnion(KeyContainerPermissionAccessEntry accessEntry, KeyContainerPermission target)
{
KeyContainerPermissionAccessEntry entry;
entry = new KeyContainerPermissionAccessEntry(accessEntry)
{
Flags = entry.Flags | GetApplicableFlags(accessEntry, target)
};
this.AccessEntries.Add(entry);
}
private void LoadCertificateFromFile (string fileName, object password, X509KeyStorageFlags keyStorageFlags) {
if (fileName == null)
throw new ArgumentNullException("fileName");
Contract.EndContractBlock();
string fullPath = Path.GetFullPathInternal(fileName);
new FileIOPermission (FileIOPermissionAccess.Read, fullPath).Demand();
X509ContentType contentType = X509Utils.MapContentType(X509Utils._QueryCertFileType(fileName));
#if !FEATURE_CORECLR && !FEATURE_PAL
if (contentType == X509ContentType.Pkcs12 &&
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == X509KeyStorageFlags.PersistKeySet) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.Create);
kp.Demand();
}
#endif // !FEATURE_CORECLR && !FEATURE_PAL
uint dwFlags = X509Utils.MapKeyStorageFlags(keyStorageFlags);
IntPtr szPassword = IntPtr.Zero;
RuntimeHelpers.PrepareConstrainedRegions();
try {
szPassword = X509Utils.PasswordToHGlobalUni(password);
X509Utils._LoadCertFromFile(fileName,
szPassword,
dwFlags,
#if FEATURE_CORECLR
false,
#else // FEATURE_CORECLR
(keyStorageFlags & X509KeyStorageFlags.PersistKeySet) == 0 ? false : true,
#endif // FEATURE_CORECLR else
ref m_safeCertContext);
}
finally {
if (szPassword != IntPtr.Zero)
Marshal.ZeroFreeGlobalAllocUnicode(szPassword);
}
}
[System.Security.SecuritySafeCritical] // auto-generated
public override DSAParameters ExportParameters (bool includePrivateParameters) {
GetKeyPair();
if (includePrivateParameters) {
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(_parameters, KeyContainerPermissionFlags.Export);
kp.AccessEntries.Add(entry);
kp.Demand();
}
DSACspObject dsaCspObject = new DSACspObject();
int blobType = includePrivateParameters ? Constants.PRIVATEKEYBLOB : Constants.PUBLICKEYBLOB;
// _ExportKey will check for failures and throw an exception
Utils._ExportKey(_safeKeyHandle, blobType, dsaCspObject);
return DSAObjectToStruct(dsaCspObject);
}
