public CspParameters (int providerType, string providerName, string keyContainerName,
CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle)
: this (providerType, providerName, keyContainerName)
{
if (cryptoKeySecurity != null)
CryptoKeySecurity = cryptoKeySecurity;
_windowHandle = parentWindowHandle;
}
internal CspParameters(CspParameters parameters)
{
this.ProviderType = parameters.ProviderType;
this.ProviderName = parameters.ProviderName;
this.KeyContainerName = parameters.KeyContainerName;
this.KeyNumber = parameters.KeyNumber;
this.Flags = parameters.Flags;
this.m_cryptoKeySecurity = parameters.m_cryptoKeySecurity;
this.m_keyPassword = parameters.m_keyPassword;
this.m_parentWindowHandle = parameters.m_parentWindowHandle;
}
internal CspParameters(CspParameters parameters)
{
this.ProviderType = parameters.ProviderType;
this.ProviderName = parameters.ProviderName;
this.KeyContainerName = parameters.KeyContainerName;
this.KeyNumber = parameters.KeyNumber;
this.Flags = parameters.Flags;
this.m_cryptoKeySecurity = parameters.m_cryptoKeySecurity;
this.m_keyPassword = parameters.m_keyPassword;
this.m_parentWindowHandle = parameters.m_parentWindowHandle;
}
private CryptoKeySecurity createAccessRules()
{
var defaultRules = true;
var result = new CryptoKeySecurity();
foreach(var identity in getIdentityList(_writeAccess))
{
result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.FullControl, AccessControlType.Allow));
defaultRules = false;
}
foreach (var identity in getIdentityList(_readAccess))
{
result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.GenericRead, AccessControlType.Allow));
defaultRules = false;
}
return defaultRules ? null : result;
}
public CspParameters (int providerType, string providerName, string keyContainerName,
CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword)
: this (providerType, providerName, keyContainerName)
{
if (cryptoKeySecurity != null)
CryptoKeySecurity = cryptoKeySecurity;
_password = keyPassword;
}
// copy constructor
internal CspParameters (CspParameters parameters) {
ProviderType = parameters.ProviderType;
ProviderName = parameters.ProviderName;
KeyContainerName = parameters.KeyContainerName;
KeyNumber = parameters.KeyNumber;
Flags = parameters.Flags;
#if FEATURE_MACL
m_cryptoKeySecurity = parameters.m_cryptoKeySecurity;
#endif // FEATURE_MACL
#if FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS
m_keyPassword = parameters.m_keyPassword;
m_parentWindowHandle = parameters.m_parentWindowHandle;
#endif // FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS
}
[System.Security.SecurityCritical] // auto-generated
internal static void SetKeySetSecurityInfo (SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections) {
SecurityInfos securityInfo = 0;
Privilege privilege = null;
if ((accessControlSections & AccessControlSections.Owner) != 0 && cryptoKeySecurity._securityDescriptor.Owner != null)
securityInfo |= SecurityInfos.Owner;
if ((accessControlSections & AccessControlSections.Group) != 0 && cryptoKeySecurity._securityDescriptor.Group != null)
securityInfo |= SecurityInfos.Group;
if ((accessControlSections & AccessControlSections.Audit) != 0)
securityInfo |= SecurityInfos.SystemAcl;
if ((accessControlSections & AccessControlSections.Access) != 0 && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent)
securityInfo |= SecurityInfos.DiscretionaryAcl;
if (securityInfo == 0) {
// Nothing to persist
return;
}
int error = 0;
RuntimeHelpers.PrepareConstrainedRegions();
try {
if ((securityInfo & SecurityInfos.SystemAcl) != 0) {
privilege = new Privilege("SeSecurityPrivilege");
privilege.Enable();
}
byte[] sd = cryptoKeySecurity.GetSecurityDescriptorBinaryForm();
if (sd != null && sd.Length > 0)
error = SetKeySetSecurityInfo (hProv, securityInfo, sd);
}
finally {
if (privilege != null)
privilege.Revert();
}
if (error == Win32Native.ERROR_ACCESS_DENIED || error == Win32Native.ERROR_INVALID_OWNER || error == Win32Native.ERROR_INVALID_PRIMARY_GROUP)
throw new UnauthorizedAccessException();
else if (error == Win32Native.ERROR_PRIVILEGE_NOT_HELD)
throw new PrivilegeNotHeldException("SeSecurityPrivilege");
else if (error == Win32Native.ERROR_INVALID_HANDLE)
throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
else if (error != Win32Native.ERROR_SUCCESS)
throw new CryptographicException(error);
}
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this(providerType, providerName, keyContainerName)
{
this.m_cryptoKeySecurity = cryptoKeySecurity;
this.m_keyPassword = keyPassword;
}
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this(providerType, providerName, keyContainerName)
{
this.m_cryptoKeySecurity = cryptoKeySecurity;
this.m_parentWindowHandle = parentWindowHandle;
}
// This method could throw any exception, because RSACryptoServiceProvider ctor could do so
// We will escalate the exceptions to the callers who will be more sensible on how to deal with them
void CommitCryptoKeySecurity(CspKeyContainerInfo info, CryptoKeySecurity keySec)
{
CspParameters cspParams = new CspParameters(
info.ProviderType, info.ProviderName,
info.KeyContainerName);
cspParams.CryptoKeySecurity = keySec;
// Important flag, or the security setting will silently fail
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
// The RSACryptoServiceProvider ctor will automatically apply DACLs set in CSP's securtiy info
new RSACryptoServiceProvider(cspParams);
}
// // Summary: // Initializes a new instance of the System.Security.Cryptography.CspParameters // class using a provider type, a provider name, a container name, access information, // and a password associated with a smart card key. // // Parameters: // providerType: // The provider type code that specifies the kind of provider to create. // // providerName: // A provider name. // // keyContainerName: // A container name. // // cryptoKeySecurity: // A System.Security.AccessControl.CryptoKeySecurity object that represents // access rights and audit rules for a container. // // keyPassword: // A password associated with a smart card key. public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword);
// // Summary: // Initializes a new instance of the System.Security.Cryptography.CspParameters // class using a provider type, a provider name, a container name, access information, // and a handle to an unmanaged smart card password dialog. // // Parameters: // providerType: // The provider type code that specifies the kind of provider to create. // // providerName: // A provider name. // // keyContainerName: // A container name. // // cryptoKeySecurity: // A System.Security.AccessControl.CryptoKeySecurity object that represents // access rights and audit rules for the container. // // parentWindowHandle: // A handle to the parent window for a smart card password dialog. public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle);
internal static void SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections)
{
SecurityInfos securityInfo = 0;
Privilege privilege = null;
if (((accessControlSections & AccessControlSections.Owner) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Owner != null))
{
securityInfo |= SecurityInfos.Owner;
}
if (((accessControlSections & AccessControlSections.Group) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Group != null))
{
securityInfo |= SecurityInfos.Group;
}
if ((accessControlSections & AccessControlSections.Audit) != AccessControlSections.None)
{
securityInfo |= SecurityInfos.SystemAcl;
}
if (((accessControlSections & AccessControlSections.Access) != AccessControlSections.None) && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent)
{
securityInfo |= SecurityInfos.DiscretionaryAcl;
}
if (securityInfo != 0)
{
int hr = 0;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
if ((securityInfo & SecurityInfos.SystemAcl) != 0)
{
privilege = new Privilege("SeSecurityPrivilege");
privilege.Enable();
}
byte[] securityDescriptorBinaryForm = cryptoKeySecurity.GetSecurityDescriptorBinaryForm();
if ((securityDescriptorBinaryForm != null) && (securityDescriptorBinaryForm.Length > 0))
{
hr = SetKeySetSecurityInfo(hProv, securityInfo, securityDescriptorBinaryForm);
}
}
finally
{
if (privilege != null)
{
privilege.Revert();
}
}
switch (hr)
{
case 5:
case 0x51b:
case 0x51c:
throw new UnauthorizedAccessException();
case 0x522:
throw new PrivilegeNotHeldException("SeSecurityPrivilege");
case 6:
throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
}
if (hr != 0)
{
throw new CryptographicException(hr);
}
}
}
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this(providerType, providerName, keyContainerName)
{
this.m_cryptoKeySecurity = cryptoKeySecurity;
this.m_keyPassword = keyPassword;
}
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this(providerType, providerName, keyContainerName)
{
this.m_cryptoKeySecurity = cryptoKeySecurity;
this.m_parentWindowHandle = parentWindowHandle;
}
