/// <summary>
/// This function allows the Owner (or a person granted ViewRightsData right)
/// to extract the original publishing information that was encrypted during publishing process.
/// </summary>
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
{
if (cryptoProvider == null)
{
throw new ArgumentNullException("cryptoProvider");
}
return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense));
}
/// <summary>
/// This function allows the Owner (or a person granted ViewRightsData right)
/// to extract the original publishing information that was encrypted during publishing process.
/// </summary>
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
{
SecurityHelper.DemandRightsManagementPermission();
if (cryptoProvider == null)
{
throw new ArgumentNullException("cryptoProvider");
}
return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense));
}
EncryptedPackageEnvelope(
string envelopeFileName,
PublishLicense publishLicense,
CryptoProvider cryptoProvider
)
{
if (envelopeFileName == null)
throw new ArgumentNullException("envelopeFileName");
ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider);
_root = StorageRoot.Open(
envelopeFileName,
_defaultFileModeForCreate,
_defaultFileAccess,
_defaultFileShare
);
InitializeRMForCreate(publishLicense, cryptoProvider);
EmbedPackage(null);
}
// This function attempts to bind License to a given Identity
// It will try to bind all rights One-by-one in order to eliminate
// grants that may have been expired, so it will only bind The ones that are still valid
private CryptoProvider BindUseLicense(string serializedUseLicense,
List<RightNameExpirationInfoPair> unboundRightsList,
BoundLicenseParams boundLicenseParams,
out int theFirstHrFailureCode)
{
Debug.Assert(serializedUseLicense != null);
Debug.Assert(unboundRightsList != null);
Debug.Assert(boundLicenseParams != null);
List<SafeRightsManagementHandle> successfullyBoundLicenseHandleList =
new List<SafeRightsManagementHandle>(unboundRightsList.Count);
List<RightNameExpirationInfoPair> successfullyBoundRightsList =
new List<RightNameExpirationInfoPair>(unboundRightsList.Count);
try
{
uint errorLogHandle;
// we neeed to return the first failure code, that is the one that will communicate to the user
int hr;
theFirstHrFailureCode = 0;
SafeRightsManagementHandle boundLicenseHandle;
// first we are enumerating all rights one-by-one and preserving the ones that can be bound
// we are going through the list of "recognised rights"
foreach (RightNameExpirationInfoPair rightInfo in unboundRightsList)
{
boundLicenseParams.wszRightsRequested = rightInfo.RightName;
boundLicenseHandle = null;
errorLogHandle = 0;
hr = SafeNativeMethods.DRMCreateBoundLicense(
_envHandle,
boundLicenseParams,
serializedUseLicense,
out boundLicenseHandle,
out errorLogHandle);
if (boundLicenseHandle != null && (hr == 0))
{
// we got a successful bound let's copy the whole grant
// the only thing that we need to substitute in the grant is the User identity
// along with the original right name (prior to binding), as unmanaged SDK
// messes up right names and their expiration
// in case of multiple expiration dates and additional rights granted to an owner
successfullyBoundLicenseHandleList.Add(boundLicenseHandle);
successfullyBoundRightsList.Add(rightInfo);
}
// preserve the first encountered error code
if ((theFirstHrFailureCode == 0) && (hr != 0))
{
theFirstHrFailureCode = hr;
}
}
// At this point we have a list of potential "Right" -candidates
// if it is empty we can get out
if (successfullyBoundLicenseHandleList.Count > 0)
{
ContentUser user = ExtractUserFromCertificateChain(boundLicenseParams.wszDefaultEnablingPrincipalCredentials);
CryptoProvider cryptoProvider = new CryptoProvider(successfullyBoundLicenseHandleList,
successfullyBoundRightsList,
user);
CryptoProviderList.Add(cryptoProvider);
return cryptoProvider;
}
else
{
return null;
}
}
catch
{
// In case of a failure we should clean up handle that have been accumulated
// otherwise the list of handles is either empty or given to the CryptoProvider
// to be taken care of
foreach (SafeRightsManagementHandle handle in successfullyBoundLicenseHandleList)
{
handle.Dispose();
}
throw;
}
}
//------------------------------------------------------
//
// Internal Methods
//
//------------------------------------------------------
internal RightsManagementEncryptedStream(
Stream baseStream,
CryptoProvider cryptoProvider)
{
Debug.Assert(baseStream != null);
Debug.Assert(cryptoProvider != null);
if (!cryptoProvider.CanDecrypt )
{
throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotDecrypt), "cryptoProvider");
}
if (!cryptoProvider.CanMergeBlocks)
{
throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotMergeBlocks), "cryptoProvider");
}
_baseStream = baseStream;
_cryptoProvider = cryptoProvider;
// Currently BitConverter is implemented as only supporting Little Endian byte order
// regardless of the machine type. We would like to make sure that this doesn't change
// as we need Little Endian byte order decoding capability on all machines in order to
// parse files that travel across different machine types.
Debug.Assert(BitConverter.IsLittleEndian);
// initialize stream length
ParseStreamLength();
}
public static EncryptedPackageEnvelope CreateFromPackage(string envelopeFileName, Stream packageStream, PublishLicense publishLicense, CryptoProvider cryptoProvider)
{
throw new NotImplementedException ();
}
public static EncryptedPackageEnvelope Create(Stream envelopeStream, PublishLicense publishLicense, CryptoProvider cryptoProvider)
{
throw new NotImplementedException ();
}
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
{
throw new NotImplementedException();
}
/// <summary>
/// This function allows the Owner (or a person granted ViewRightsData right)
/// to extract the original publishing information that was encrypted during publishing process.
/// </summary>
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider )
{
SecurityHelper.DemandRightsManagementPermission();
if (cryptoProvider == null)
{
throw new ArgumentNullException("cryptoProvider");
}
return cryptoProvider.DecryptPublishLicense(_serializedPublishLicense);
}
EncryptedPackageEnvelope(
Stream envelopeStream,
PublishLicense publishLicense,
CryptoProvider cryptoProvider
)
{
if (envelopeStream == null)
throw new ArgumentNullException("envelopeStream");
ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider);
_root = StorageRoot.CreateOnStream(envelopeStream, _defaultFileModeForCreate);
//
// CreateOnStream opens the stream for read access if it's readable, and for
// read/write access if it's writable. We're going to need it to be writable,
// so check that it is.
//
if (_root.OpenAccess != FileAccess.ReadWrite)
{
throw new NotSupportedException(SR.Get(SRID.StreamNeedsReadWriteAccess));
}
InitializeRMForCreate(publishLicense, cryptoProvider);
EmbedPackage(null);
}
InitializeRMForCreate(
PublishLicense publishLicense,
CryptoProvider cryptoProvider
)
{
//
// Define a data space consisting of a single transform, namely the
// RightsManagementEncryptionTransform.
//
DataSpaceManager dsm = _root.GetDataSpaceManager();
dsm.DefineTransform(
RightsManagementEncryptionTransform.ClassTransformIdentifier,
EncryptionTransformName
);
string[] transformStack = new string[1];
transformStack[0] = EncryptionTransformName;
_dataSpaceName = DataspaceLabelRMEncryptionNoCompression;
dsm.DefineDataSpace(transformStack, _dataSpaceName);
//
// The call to DefineTransform created a RightsManagementEncryptionTransform
// object. Obtain this object from the DataSpaceManager, and wrap it in a
// RightsManagementInformation object. This makes the RM information in the
// compound file available to the application (through the RightsManagementInformation
// property), without exposing to the application the implementation detail
// that there -is- such a thing as a "transform".
//
RightsManagementEncryptionTransform rmet =
dsm.GetTransformFromName(EncryptionTransformName) as RightsManagementEncryptionTransform;
//
// We just defined this transform, so it must exist.
//
Debug.Assert(
rmet != null,
"RightsManagementEncryptionTransform not found"
);
_rmi = new RightsManagementInformation(rmet);
//
// Prepare the transform object for use.
//
rmet.SavePublishLicense(publishLicense);
rmet.CryptoProvider = cryptoProvider;
//
// The transform object is now ready for use. When the data space manager
// queries the transform's IsReady property, it will return true. So there
// is no need to sign up for the TransformInitializationEvent.
//
}
CreateFromPackage(
Stream envelopeStream,
Stream packageStream,
PublishLicense publishLicense,
CryptoProvider cryptoProvider
)
{
return new EncryptedPackageEnvelope(
envelopeStream,
packageStream,
publishLicense,
cryptoProvider
);
}
Create(
string envelopeFileName,
PublishLicense publishLicense,
CryptoProvider cryptoProvider
)
{
return new EncryptedPackageEnvelope(envelopeFileName, publishLicense, cryptoProvider);
}
private void ThrowIfRMEncryptionInfoInvalid(
PublishLicense publishLicense,
CryptoProvider cryptoProvider)
{
if (publishLicense == null)
throw new ArgumentNullException("publishLicense");
if (cryptoProvider == null)
throw new ArgumentNullException("cryptoProvider");
}
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider)
{
throw new NotImplementedException ();
}
