/// <summary>
        /// This function allows the Owner (or a person granted ViewRightsData right)
        /// to extract the original publishing information that was encrypted during publishing process.
        /// </summary>
        public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
        {
            if (cryptoProvider == null)
            {
                throw new ArgumentNullException("cryptoProvider");
            }

            return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense));
        }
Beispiel #2
0
        /// <summary>
        /// This function allows the Owner (or a person granted ViewRightsData right)
        /// to extract the original publishing information that was encrypted during publishing process.
        /// </summary>
        public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
        {
            SecurityHelper.DemandRightsManagementPermission();

            if (cryptoProvider == null)
            {
                throw new ArgumentNullException("cryptoProvider");
            }

            return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense));
        }
Beispiel #3
0
        EncryptedPackageEnvelope( 
            string envelopeFileName, 
            PublishLicense publishLicense,
            CryptoProvider cryptoProvider 
            )
        {
            if (envelopeFileName == null)
                throw new ArgumentNullException("envelopeFileName"); 

            ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider); 
 

            _root = StorageRoot.Open( 
                                    envelopeFileName,
                                    _defaultFileModeForCreate,
                                    _defaultFileAccess,
                                    _defaultFileShare 
                                    );
 
            InitializeRMForCreate(publishLicense, cryptoProvider); 
            EmbedPackage(null);
        } 
Beispiel #4
0
        // This function attempts to bind License to a given Identity 
        // It will try to bind all rights One-by-one in order to eliminate
        // grants that may have been expired, so it will only bind The ones that are still valid 
        private CryptoProvider BindUseLicense(string serializedUseLicense,
                                                                List<RightNameExpirationInfoPair> unboundRightsList,
                                                                BoundLicenseParams boundLicenseParams,
                                                                out int theFirstHrFailureCode)
        {
            Debug.Assert(serializedUseLicense != null);
            Debug.Assert(unboundRightsList != null);
            Debug.Assert(boundLicenseParams != null);


            List<SafeRightsManagementHandle> successfullyBoundLicenseHandleList =
                        new List<SafeRightsManagementHandle>(unboundRightsList.Count);

            List<RightNameExpirationInfoPair> successfullyBoundRightsList =
                        new List<RightNameExpirationInfoPair>(unboundRightsList.Count);
            try
            {
                uint errorLogHandle;

                // we neeed to return the first failure code, that is the one that will communicate to the user 
                int hr;
                theFirstHrFailureCode = 0;

                SafeRightsManagementHandle boundLicenseHandle;

                // first we are enumerating all rights one-by-one and preserving the ones that can be bound 
                // we are going through the list of "recognised rights"
                foreach (RightNameExpirationInfoPair rightInfo in unboundRightsList)
                {

                    boundLicenseParams.wszRightsRequested = rightInfo.RightName;
                    boundLicenseHandle = null;
                    errorLogHandle = 0;

                    hr = SafeNativeMethods.DRMCreateBoundLicense(
                                                _envHandle,
                                                boundLicenseParams,
                                                serializedUseLicense,
                                                out boundLicenseHandle,
                                                out errorLogHandle);

                    if (boundLicenseHandle != null && (hr == 0))
                    {
                        // we got a successful bound let's copy the whole grant 
                        // the only thing that we need to substitute in the grant is the User identity 
                        // along with the original right name (prior to binding), as unmanaged SDK 
                        // messes up right names and their expiration 
                        // in case of multiple expiration dates and additional rights granted to an owner
                        successfullyBoundLicenseHandleList.Add(boundLicenseHandle);
                        successfullyBoundRightsList.Add(rightInfo);
                    }

                    // preserve the first encountered error code 
                    if ((theFirstHrFailureCode == 0) && (hr != 0))
                    {
                        theFirstHrFailureCode = hr;
                    }
                }

                // At this point we have a list of potential "Right" -candidates 
                // if it is empty we can get out 
                if (successfullyBoundLicenseHandleList.Count > 0)
                {
                    ContentUser user = ExtractUserFromCertificateChain(boundLicenseParams.wszDefaultEnablingPrincipalCredentials);

                    CryptoProvider cryptoProvider = new CryptoProvider(successfullyBoundLicenseHandleList,
                                                                    successfullyBoundRightsList,
                                                                    user);
                    CryptoProviderList.Add(cryptoProvider);
                    return cryptoProvider;
                }
                else
                {
                    return null;
                }
            }
            catch
            {
                // In case of a failure we should clean up handle that have been accumulated
                // otherwise the list of handles is either empty or given to the CryptoProvider 
                // to be taken care of
                foreach (SafeRightsManagementHandle handle in successfullyBoundLicenseHandleList)
                {
                    handle.Dispose();
                }
                throw;
            }
        }
        //------------------------------------------------------
        //
        //  Internal Methods
        //
        //------------------------------------------------------
        internal RightsManagementEncryptedStream(
                                        Stream baseStream,
                                        CryptoProvider cryptoProvider)
        {
            Debug.Assert(baseStream != null);
            Debug.Assert(cryptoProvider != null);

            if (!cryptoProvider.CanDecrypt )
            {
                throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotDecrypt), "cryptoProvider");            
            }

            if (!cryptoProvider.CanMergeBlocks)
            {
                throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotMergeBlocks), "cryptoProvider");            
            }
            
            _baseStream = baseStream;
            _cryptoProvider = cryptoProvider;

            // Currently BitConverter is implemented as only supporting Little Endian byte order    
            // regardless of the machine type. We would like to make sure that this doesn't change 
            // as we need Little Endian byte order decoding capability on all machines in order to 
            // parse files that travel across different machine types.
            Debug.Assert(BitConverter.IsLittleEndian);

            // initialize stream length
            ParseStreamLength();
        }
 public static EncryptedPackageEnvelope CreateFromPackage(string envelopeFileName, Stream packageStream, PublishLicense publishLicense, CryptoProvider cryptoProvider)
 {
     throw new NotImplementedException ();
 }
 public static EncryptedPackageEnvelope Create(Stream envelopeStream, PublishLicense publishLicense, CryptoProvider cryptoProvider)
 {
     throw new NotImplementedException ();
 }
Beispiel #8
0
 public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
 {
     throw new NotImplementedException();
 }
        /// <summary>
        /// This function allows the Owner (or a person granted ViewRightsData right)
        /// to extract the original publishing information that was encrypted during publishing process.
        /// </summary>
        public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider )
        {
            SecurityHelper.DemandRightsManagementPermission();
            
            if (cryptoProvider == null)
            {
                throw new ArgumentNullException("cryptoProvider");
            }

            return cryptoProvider.DecryptPublishLicense(_serializedPublishLicense);
        }
Beispiel #10
0
        EncryptedPackageEnvelope(
            Stream envelopeStream, 
            PublishLicense publishLicense,
            CryptoProvider cryptoProvider
            )
        { 
            if (envelopeStream == null)
                throw new ArgumentNullException("envelopeStream"); 
 
            ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider);
 
            _root = StorageRoot.CreateOnStream(envelopeStream, _defaultFileModeForCreate);

            //
            // CreateOnStream opens the stream for read access if it's readable, and for 
            // read/write access if it's writable. We're going to need it to be writable,
            // so check that it is. 
            // 
            if (_root.OpenAccess != FileAccess.ReadWrite)
            { 
                throw new NotSupportedException(SR.Get(SRID.StreamNeedsReadWriteAccess));
            }

            InitializeRMForCreate(publishLicense, cryptoProvider); 
            EmbedPackage(null);
        } 
Beispiel #11
0
        InitializeRMForCreate(
            PublishLicense publishLicense, 
            CryptoProvider cryptoProvider
            )
        {
            // 
            // Define a data space consisting of a single transform, namely the
            // RightsManagementEncryptionTransform. 
            // 
            DataSpaceManager dsm = _root.GetDataSpaceManager();
 
            dsm.DefineTransform(
                    RightsManagementEncryptionTransform.ClassTransformIdentifier,
                    EncryptionTransformName
                    ); 

            string[] transformStack = new string[1]; 
            transformStack[0] = EncryptionTransformName; 
            _dataSpaceName = DataspaceLabelRMEncryptionNoCompression;
            dsm.DefineDataSpace(transformStack, _dataSpaceName); 

            //
            // The call to DefineTransform created a RightsManagementEncryptionTransform
            // object. Obtain this object from the DataSpaceManager, and wrap it in a 
            // RightsManagementInformation object. This makes the RM information in the
            // compound file available to the application (through the RightsManagementInformation 
            // property), without exposing to the application the implementation detail 
            // that there -is- such a thing as a "transform".
            // 
            RightsManagementEncryptionTransform rmet =
                dsm.GetTransformFromName(EncryptionTransformName) as RightsManagementEncryptionTransform;

            // 
            // We just defined this transform, so it must exist.
            // 
            Debug.Assert( 
                rmet != null,
                "RightsManagementEncryptionTransform not found" 
                );

            _rmi = new RightsManagementInformation(rmet);
 
            //
            // Prepare the transform object for use. 
            // 
            rmet.SavePublishLicense(publishLicense);
            rmet.CryptoProvider = cryptoProvider; 

            //
            // The transform object is now ready for use. When the data space manager
            // queries the transform's IsReady property, it will return true. So there 
            // is no need to sign up for the TransformInitializationEvent.
            // 
        } 
Beispiel #12
0
 CreateFromPackage(
     Stream envelopeStream, 
     Stream packageStream,
     PublishLicense publishLicense,
     CryptoProvider cryptoProvider
     ) 
 {
     return new EncryptedPackageEnvelope( 
                     envelopeStream, 
                     packageStream,
                     publishLicense, 
                     cryptoProvider
                     );
 }
Beispiel #13
0
 Create(
     string envelopeFileName, 
     PublishLicense publishLicense, 
     CryptoProvider cryptoProvider
     ) 
 {
     return new EncryptedPackageEnvelope(envelopeFileName, publishLicense, cryptoProvider);
 }
Beispiel #14
0
        private void ThrowIfRMEncryptionInfoInvalid( 
            PublishLicense publishLicense, 
            CryptoProvider cryptoProvider)
        { 
            if (publishLicense == null)
                throw new ArgumentNullException("publishLicense");

            if (cryptoProvider == null) 
                throw new ArgumentNullException("cryptoProvider");
 
        } 
 public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
 {
     throw new NotImplementedException ();
 }