public virtual ApplicationTrust DetermineApplicationTrust (Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
throw new ArgumentNullException ("applicationEvidence");
ActivationArguments aa = null;
foreach (object o in applicationEvidence) {
aa = (o as ActivationArguments);
if (aa != null)
break;
}
if (aa == null) {
string msg = Locale.GetText ("No {0} found in {1}.");
throw new ArgumentException (string.Format (msg, "ActivationArguments", "Evidence"), "applicationEvidence");
}
if (aa.ActivationContext == null) {
string msg = Locale.GetText ("No {0} found in {1}.");
throw new ArgumentException (string.Format (msg, "ActivationContext", "ActivationArguments"), "applicationEvidence");
}
// FIXME: this part is still untested (requires manifest support)
if (ApplicationSecurityManager.DetermineApplicationTrust (aa.ActivationContext, context)) {
if (aa.ApplicationIdentity == null)
return new ApplicationTrust ();
else
return new ApplicationTrust (aa.ApplicationIdentity);
}
return null;
}
protected static ObjectHandle CreateInstanceHelper (AppDomainSetup adSetup)
{
if (adSetup == null)
throw new ArgumentNullException ("adSetup");
if (adSetup.ActivationArguments == null) {
string msg = Locale.GetText ("{0} is missing it's {1} property");
throw new ArgumentException (String.Format (msg, "AppDomainSetup", "ActivationArguments"), "adSetup");
}
HostSecurityManager hsm = null;
if (AppDomain.CurrentDomain.DomainManager != null)
hsm = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
else
hsm = new HostSecurityManager (); // default
Evidence applicationEvidence = new Evidence ();
applicationEvidence.AddHost (adSetup.ActivationArguments);
TrustManagerContext context = new TrustManagerContext ();
ApplicationTrust trust = hsm.DetermineApplicationTrust (applicationEvidence, null, context);
if (!trust.IsApplicationTrustedToRun) {
string msg = Locale.GetText ("Current policy doesn't allow execution of addin.");
throw new PolicyException (msg);
}
// FIXME: we're missing the information from the manifest
AppDomain ad = AppDomain.CreateDomain ("friendlyName", null, adSetup);
return ad.CreateInstance ("assemblyName", "typeName", null);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationTrust trust = null;
AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
if (domainManager != null)
{
HostSecurityManager hostSecurityManager = domainManager.HostSecurityManager;
if ((hostSecurityManager != null) && ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust))
{
trust = hostSecurityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
if (trust == null)
{
return false;
}
return trust.IsApplicationTrustedToRun;
}
}
trust = DetermineApplicationTrustInternal(activationContext, context);
if (trust == null)
{
return false;
}
return trust.IsApplicationTrustedToRun;
}
public static System.Security.Policy.ApplicationTrust RequestTrust(SubscriptionState subState, bool isShellVisible, bool isUpdate, ActivationContext actCtx)
{
TrustManagerContext tmc = new TrustManagerContext {
IgnorePersistedDecision = false,
NoPrompt = false,
Persist = true
};
return RequestTrust(subState, isShellVisible, isUpdate, actCtx, tmc);
}
public static bool DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context)
{
// FIXME: a null activationContext throw a NullReferenceException but calling directly the ApplicationTrustManager.DetermineApplicationTrust doesn't
if (activationContext == null)
throw new NullReferenceException ("activationContext");
// throw new ArgumentNullException ("activationContext");
ApplicationTrust at = ApplicationTrustManager.DetermineApplicationTrust (activationContext, context);
return at.IsApplicationTrustedToRun;
}
public HostContextInternal(TrustManagerContext trustManagerContext)
{
if (trustManagerContext == null)
{
this.persist = true;
}
else
{
this.ignorePersistedDecision = trustManagerContext.IgnorePersistedDecision;
this.noPrompt = trustManagerContext.NoPrompt;
this.persist = trustManagerContext.Persist;
this.previousAppId = trustManagerContext.PreviousApplicationIdentity;
}
}
public static System.Security.Policy.ApplicationTrust RequestTrust(SubscriptionState subState, bool isShellVisible, bool isUpdate, ActivationContext actCtx, TrustManagerContext tmc)
{
Logger.AddMethodCall("ApplicationTrust.RequestTrust(isShellVisible=" + isShellVisible.ToString() + ", isUpdate=" + isUpdate.ToString() + ", subState.IsInstalled=" + subState.IsInstalled.ToString() + ") called.");
if (!subState.IsInstalled || (subState.IsShellVisible != isShellVisible))
{
tmc.IgnorePersistedDecision = true;
}
if (isUpdate)
{
tmc.PreviousApplicationIdentity = subState.CurrentBind.ToApplicationIdentity();
}
bool flag = false;
try
{
Logger.AddInternalState("Calling ApplicationSecurityManager.DetermineApplicationTrust().");
Logger.AddInternalState("Trust Manager Context=" + Logger.Serialize(tmc));
flag = ApplicationSecurityManager.DetermineApplicationTrust(actCtx, tmc);
}
catch (TypeLoadException exception)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidTrustInfo"), exception);
}
if (!flag)
{
throw new TrustNotGrantedException(Resources.GetString("Ex_NoTrust"));
}
Logger.AddInternalState("Trust granted.");
System.Security.Policy.ApplicationTrust trust = null;
for (int i = 0; i < 5; i++)
{
trust = ApplicationSecurityManager.UserApplicationTrusts[actCtx.Identity.FullName];
if (trust != null)
{
break;
}
Thread.Sleep(10);
}
if (trust == null)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidMatchTrust"));
}
return trust;
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence<ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return applicationTrust;
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
MemoryStream stream;
bool flag;
bool flag2;
bool flag3;
MemoryStream stream2;
ArrayList list;
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(deploymentComponentManifest, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
if (!ExtractManifestContent(deploymentComponentManifest, out stream))
{
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
}
AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData data2 = new ParsedData();
if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
{
bool flag4;
bool flag5;
bool flag6;
AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
flag = flag4;
flag2 = flag5;
flag3 = flag6;
parsedData.AppName = data2.AppName;
parsedData.AppPublisher = data2.AppPublisher;
parsedData.SupportUrl = data2.SupportUrl;
}
if (flag)
{
if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
{
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
}
if (flag3)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
{
if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
{
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
case PromptsAllowed.None:
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
}
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || flag2)
{
if (flag2)
{
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
case PromptsAllowed.None:
return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false));
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired));
}
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true));
case PromptsAllowed.None:
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
return(HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl));
}
//
// Internal
//
internal static ApplicationTrust DetermineApplicationTrustInternal(ActivationContext activationContext, TrustManagerContext context)
{
ApplicationTrust trust = null;
ApplicationTrustCollection userTrusts = new ApplicationTrustCollection(true);
// See if there is a persisted trust decision for this application.
if ((context == null || !context.IgnorePersistedDecision))
{
trust = userTrusts[activationContext.Identity.FullName];
if (trust != null)
{
return(trust);
}
}
// There is no cached trust decision so invoke the trust manager.
trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
if (trust == null)
{
trust = new ApplicationTrust(activationContext.Identity);
}
// make sure the application identity is correctly set.
trust.ApplicationIdentity = activationContext.Identity;
if (trust.Persist)
{
userTrusts.Add(trust);
}
return(trust);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationTrust appTrust = null;
AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
if (domainManager != null)
{
HostSecurityManager securityManager = domainManager.HostSecurityManager;
if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust))
{
appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
}
appTrust = DetermineApplicationTrustInternal(activationContext, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
internal static ApplicationTrust DetermineApplicationTrustInternal(ActivationContext activationContext, TrustManagerContext context)
{
ApplicationTrust trust = null;
ApplicationTrustCollection trusts = new ApplicationTrustCollection(true);
if ((context == null) || !context.IgnorePersistedDecision)
{
trust = trusts[activationContext.Identity.FullName];
if (trust != null)
{
return(trust);
}
}
trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
if (trust == null)
{
trust = new ApplicationTrust(activationContext.Identity);
}
trust.ApplicationIdentity = activationContext.Identity;
if (trust.Persist)
{
trusts.Add(trust);
}
return(trust);
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
MemoryStream stream;
bool flag;
bool flag2;
bool flag3;
MemoryStream stream2;
ArrayList list;
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(deploymentComponentManifest, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
if (!ExtractManifestContent(deploymentComponentManifest, out stream))
{
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
}
AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData data2 = new ParsedData();
if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
{
bool flag4;
bool flag5;
bool flag6;
AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
flag = flag4;
flag2 = flag5;
flag3 = flag6;
parsedData.AppName = data2.AppName;
parsedData.AppPublisher = data2.AppPublisher;
parsedData.SupportUrl = data2.SupportUrl;
}
if (flag)
{
if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
{
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
}
if (flag3)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
{
if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
{
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
case PromptsAllowed.None:
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || flag2)
{
if (flag2)
{
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
case PromptsAllowed.None:
return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired);
}
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true);
case PromptsAllowed.None:
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl);
}
//
// Internal
//
internal static ApplicationTrust DetermineApplicationTrustInternal (ActivationContext activationContext, TrustManagerContext context) {
ApplicationTrust trust = null;
ApplicationTrustCollection userTrusts = new ApplicationTrustCollection(true);
// See if there is a persisted trust decision for this application.
if ((context == null || !context.IgnorePersistedDecision)) {
trust = userTrusts[activationContext.Identity.FullName];
if (trust != null)
return trust;
}
// There is no cached trust decision so invoke the trust manager.
trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
if (trust == null)
trust = new ApplicationTrust(activationContext.Identity);
// make sure the application identity is correctly set.
trust.ApplicationIdentity = activationContext.Identity;
if (trust.Persist)
userTrusts.Add(trust);
return trust;
}
public HostContextInternal(TrustManagerContext trustManagerContext)
{
if (trustManagerContext == null)
{
// Used in case DetermineApplicationTrust is not given a TrustManagerContext object.
this.persist = true;
}
else
{
// ISSUE - fix this...
// Note that exclusiveGrant is never set. It is read in CreateApplicationTrust however.
this.ignorePersistedDecision = trustManagerContext.IgnorePersistedDecision;
this.noPrompt = trustManagerContext.NoPrompt;
this.persist = trustManagerContext.Persist;
this.previousAppId = trustManagerContext.PreviousApplicationIdentity;
}
}
internal static string Serialize(TrustManagerContext tmc)
{
if (tmc == null)
{
return "";
}
StringBuilder builder = new StringBuilder();
builder.Append("IgnorePersistedDecision=" + tmc.IgnorePersistedDecision);
builder.Append(", NoPrompt=" + tmc.NoPrompt);
builder.Append(", Persist=" + tmc.Persist);
builder.Append(", PreviousApplicationIdentity = " + tmc.PreviousApplicationIdentity);
return builder.ToString();
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
return default(ApplicationTrust);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
return(default(bool));
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
throw new NotImplementedException();
}
public static void TrustManagerContextCallMethods()
{
TrustManagerContext tmc = new TrustManagerContext();
tmc = new TrustManagerContext(new TrustManagerUIContext());
}
internal static ApplicationTrust DetermineApplicationTrustInternal(ActivationContext activationContext, TrustManagerContext context)
{
ApplicationTrust trust = null;
ApplicationTrustCollection trusts = new ApplicationTrustCollection(true);
if ((context == null) || !context.IgnorePersistedDecision)
{
trust = trusts[activationContext.Identity.FullName];
if (trust != null)
{
return trust;
}
}
trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
if (trust == null)
{
trust = new ApplicationTrust(activationContext.Identity);
}
trust.ApplicationIdentity = activationContext.Identity;
if (trust.Persist)
{
trusts.Add(trust);
}
return trust;
}
public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustStart);
ApplicationTrust trust;
Uri activationUri = GetUriFromActivationData(0);
bool isDebug = PresentationAppDomainManager.IsDebug ? true : GetBoolFromActivationData(1);
BrowserInteropHelper.SetBrowserHosted(true);
if (isDebug)
{
context.IgnorePersistedDecision = true;
context.Persist = false;
context.KeepAlive = false;
context.NoPrompt = true;
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
else
{
// Elevation prompt for permissions beyond the default for the security zone is allowed only
// in the Intranet and Trusted Sites zones (v4).
Zone hostEvidence = applicationEvidence.GetHostEvidence<Zone>();
context.NoPrompt = !(hostEvidence.SecurityZone == SecurityZone.Intranet || hostEvidence.SecurityZone == SecurityZone.Trusted);
/*
Now we need to convince the ClickOnce elevation prompt to use the browser's top-level window as
the owner in order to block the browser's UI (and our Cancel button) and ensure the prompt
stays on top. This is not easy.
* The prompt dialog is created without an explicit owner, on its own thread.
* There are layers of ClickOnce and pure security code before the UI is invoked (that's
TrustManagerPromptUIThread in System.Windows.Forms.dll). So, passing the owner window handle
would require some awkward plumbing.
Since the dialog is shown on a separate thread, intercepting its creation or display is
complicated. An EVENT_OBJECT_CREATE hook can do it. But there is a cascade of thread
synchonization/access and window state issues if trying to set the owner on the fly.
The cleanest solution ended up resorting to Detours. When not given an owner window,
SWF.Form.ShowDialog() uses the active window as owner. Since the call to GetActiveWindow()
occurs on a new thread, where there are no other windows, we couldn't just pre-set the owner
as the active window. So, we intercept the GetActiveWindow() call and return the browser's
top-level window. From that point on, everything in the [....] dialog works as if the owner
was explicitly given. (And owner from a different thread or process is fully supported.)
This condition is an optimization.
DetermineApplicationTrust() is called up to 3 times: twice in the default AppDomain and once
in the new one. Empirically, the elevation prompt is shown during the first call.
*/
bool forceOwner = !context.NoPrompt && ElevationPromptOwnerWindow != IntPtr.Zero;
if(forceOwner)
{
// The native code passes the DocObject top window, not the browser's top-level window,
// but we need exactly the top-level one.
IntPtr ownerWindow = UnsafeNativeMethods.GetAncestor(
new HandleRef(null, ElevationPromptOwnerWindow), NativeMethods.GA_ROOT);
SetFakeActiveWindow(ownerWindow);
ElevationPromptOwnerWindow = IntPtr.Zero; // to prevent further prompting
}
try
{
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
finally
{
if (forceOwner)
{
SetFakeActiveWindow(new IntPtr());
}
}
}
// Modify the permission grant set if necessary.
if (trust != null)
{
PermissionSet permissions = trust.DefaultGrantSet.PermissionSet;
if (isDebug)
{
Uri debugSecurityZoneURL = GetUriFromActivationData(2);
if (debugSecurityZoneURL != null)
{
permissions = AddPermissionForUri(permissions, debugSecurityZoneURL);
}
}
// CLR v4 breaking change: In some activation scenarios we get a ReadOnlyPermissionSet.
// This is a problem because:
// - Code may expect AppDomain.PermissionSet (or the old AppDomain.ApplicationTrust.
// DefaultGrantSet.PermissionSet) to return a mutable PermissionSet.
// - The ReadOnlyPermissionSet may have v2 and v3 assembly references--they are not 'unified'
// to the current framework version. This might confuse code doing more involved permission
// set comparisons or calculations.
// See bug Dev10.697110 for the longer story. Workaround is to copy the ROPS to a regular one.
if (permissions is ReadOnlyPermissionSet)
{
permissions = new PermissionSet(permissions);
}
trust.DefaultGrantSet.PermissionSet = permissions;
}
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustEnd);
return trust;
}
public ApplicationTrust DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
throw new ArgumentNullException ("activationContext");
return null;
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
// ISSUE - fix this....
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
ICMS cms = (ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(cms, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneName = GetZoneNameFromDeploymentUrl(deploymentUrl);
MemoryStream ms;
PromptsAllowed promptsAllowed;
if (!ExtractManifestContent(cms, out ms))
{
// Block prompt
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
bool distrustedPublisher, trustedPublisher, noCertificate;
AnalyzeCertificate(parsedData, ms, out distrustedPublisher, out trustedPublisher, out noCertificate);
/// Check whether application manifest allows to use deployment manifest certificate.
/// If not then we have to use application manifest certificate instead.
ICMS applicationCms = (ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData applicationParsedData = new ParsedData();
if (ParseManifest(applicationCms, applicationParsedData))
{
if (applicationParsedData.UseManifestForTrust)
{
MemoryStream applicationMs;
if (ExtractManifestContent(applicationCms, out applicationMs))
{
/// Use the old parsedData.
bool applicationDistrustedPublisher, applicationTrustedPublisher, applicationNoCertificate;
AnalyzeCertificate(parsedData, applicationMs, out applicationDistrustedPublisher, out applicationTrustedPublisher, out applicationNoCertificate);
distrustedPublisher = applicationDistrustedPublisher;
trustedPublisher = applicationTrustedPublisher;
noCertificate = applicationNoCertificate;
parsedData.AppName = applicationParsedData.AppName;
parsedData.AppPublisher = applicationParsedData.AppPublisher;
parsedData.SupportUrl = applicationParsedData.SupportUrl;
}
}
}
if (distrustedPublisher)
{
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
if (promptsAllowed == PromptsAllowed.None)
{
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
}
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
if (noCertificate)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if (!hostContextInternal.IgnorePersistedDecision)
{
// Check if there are previously trusted versions installed.
ArrayList matchingTrusts;
if (SearchPreviousTrustedVersion(activationContext, out matchingTrusts))
{
Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);
// Found a matching app, with normally a different version.
if (ExistingTrustApplicable(info, matchingTrusts))
{
// There is at least one old version that requires at the same or more permissions.
// ExistingTrustApplicable removed the non-applicable version from the matchingTrusts arrays.
Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);
// Check if the new app requires shell integration while none of the old ones did
if (appTrustExtraInfo.RequestsShellIntegration &&
!SomePreviousTrustedVersionRequiresShellIntegration(matchingTrusts) &&
!trustedPublisher)
{
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.None:
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
case PromptsAllowed.All:
// New app requires shell integration - bring up the Basic Install Prompt
return BasicInstallPrompt(activationContext,
parsedData,
deploymentUrl,
hostContextInternal,
info,
appTrustExtraInfo,
zoneName,
AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
}
// No prompt, return Trust & Persist.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
}
}
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || trustedPublisher)
{
if (!trustedPublisher)
{
Debug.Assert(!permissionElevationRequired);
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, permissionElevationRequired);
case PromptsAllowed.None:
// XBaps should also prompt in InternetZone
// Originally xbaps were silently trusted, along with other ClickOnce apps
case PromptsAllowed.All:
// App shell integrates and is not from a trusted deployer, bring up the Basic Install Prompt.
return BasicInstallPrompt(activationContext,
parsedData,
deploymentUrl,
hostContextInternal,
info,
appTrustExtraInfo,
zoneName,
false /*permissionElevationRequired*/);
}
}
else
{
// App does not shell integrate and does not run in "Internet" zone, or is from a trusted deployer, return Trust
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
}
}
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.None:
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, true /*permissionElevationRequired*/);
default: // PromptsAllowed.All:
// Bring up the HighRisk Install Prompt if the app shell integrates, or the HighRisk Run Prompt otherwise.
return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName);
}
}
internal static ApplicationTrust DetermineApplicationTrustInternal(ActivationContext activationContext, TrustManagerContext context)
{
ApplicationTrustCollection applicationTrustCollection = new ApplicationTrustCollection(true);
if (context == null || !context.IgnorePersistedDecision)
{
ApplicationTrust applicationTrust = applicationTrustCollection[activationContext.Identity.FullName];
if (applicationTrust != null)
{
return(applicationTrust);
}
}
ApplicationTrust trust = ApplicationSecurityManager.ApplicationTrustManager.DetermineApplicationTrust(activationContext, context) ?? new ApplicationTrust(activationContext.Identity);
trust.ApplicationIdentity = activationContext.Identity;
if (trust.Persist)
{
applicationTrustCollection.Add(trust);
}
return(trust);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
return default(bool);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new NullReferenceException("activationContext");
}
ApplicationTrust applicationTrust = ApplicationSecurityManager.ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
return(applicationTrust.IsApplicationTrustedToRun);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
throw new ArgumentNullException("applicationEvidence");
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence<ActivationArguments>();
if (activationArgs == null)
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return appTrust;
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
// FIXME: a null activationContext throw a NullReferenceException but calling directly the ApplicationTrustManager.DetermineApplicationTrust doesn't
if (activationContext == null)
{
throw new NullReferenceException("activationContext");
}
// throw new ArgumentNullException ("activationContext");
ApplicationTrust at = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
return(at.IsApplicationTrustedToRun);
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
return(null);
}
private bool DetermineTrustCore(bool blocking, TrustParams tp)
{
try
{
Logger.AddMethodCall(this._log, "DeploymentManager.DetermineTrustCore() called.");
SubscriptionState subscriptionState = this._subStore.GetSubscriptionState(this._actDesc.DeployManifest);
TrustManagerContext tmc = new TrustManagerContext {
IgnorePersistedDecision = false,
NoPrompt = false,
Persist = true
};
if (tp != null)
{
tmc.NoPrompt = tp.NoPrompt;
}
if (!blocking && this._cancellationPending)
{
return true;
}
if (subscriptionState.IsInstalled && !string.Equals(subscriptionState.EffectiveCertificatePublicKeyToken, this._actDesc.EffectiveCertificatePublicKeyToken, StringComparison.Ordinal))
{
Logger.AddInternalState(this._log, "Application family is installed but effective certificate public key token has changed between versions: subState.EffectiveCertificatePublicKeyToken=" + subscriptionState.EffectiveCertificatePublicKeyToken + ",_actDesc.EffectiveCertificatePublicKeyToken=" + this._actDesc.EffectiveCertificatePublicKeyToken);
Logger.AddInternalState(this._log, "Removing cached trust for the CurrentBind.");
System.Deployment.Application.ApplicationTrust.RemoveCachedTrust(subscriptionState.CurrentBind);
}
bool isUpdate = false;
if (this._actDesc.IsUpdate)
{
isUpdate = true;
}
if (this._actDesc.IsUpdateInPKTGroup)
{
isUpdate = false;
ApplicationSecurityInfo info = new ApplicationSecurityInfo(this._actCtx);
this._actDesc.IsFullTrustRequested = info.DefaultRequestSet.IsUnrestricted();
}
this._actDesc.Trust = System.Deployment.Application.ApplicationTrust.RequestTrust(subscriptionState, this._actDesc.DeployManifest.Deployment.Install, isUpdate, this._actCtx, tmc);
}
catch (Exception exception)
{
this.LogError(Resources.GetString("Ex_DetermineTrustFailed"), exception);
Logger.AddInternalState(this._log, "Exception thrown in DetermineTrustCore(): " + exception.GetType().ToString() + " : " + exception.Message + "\r\n" + exception.StackTrace);
throw;
}
return false;
}
