public void StringOverloadIsNotSID ()
{
CryptoKeyAccessRule rule;
rule = new CryptoKeyAccessRule (@"S-1-5-32-545", CryptoKeyRights.FullControl, AccessControlType.Allow);
Assert.AreNotEqual (new SecurityIdentifier ("S-1-5-32-545"), rule.IdentityReference);
Assert.AreEqual (new NTAccount (@"S-1-5-32-545"), rule.IdentityReference);
}
public sealed override AccessRule AccessRuleFactory(IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
{
return(new CryptoKeyAccessRule(
identityReference,
CryptoKeyAccessRule.RightsFromAccessMask(accessMask),
type));
}
public bool RemoveAccessRule(CryptoKeyAccessRule rule)
{
return(RemoveAccessRule((AccessRule)rule));
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.CryptoKeyAccessRule" /> class using the specified values. </summary>
/// <param name="identity">The identity to which the access rule applies. This parameter must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" />.</param>
/// <param name="cryptoKeyRights">The cryptographic key operation to which this access rule controls access.</param>
/// <param name="type">The valid access control type.</param>
// Token: 0x06001EF9 RID: 7929 RVA: 0x0006D095 File Offset: 0x0006B295
public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(identity, CryptoKeyAccessRule.AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
/// <summary>Removes all access rules in the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> object and then adds the specified access rule.</summary>
/// <param name="rule">The access rule to reset.</param>
// Token: 0x06001F0B RID: 7947 RVA: 0x0006D1D7 File Offset: 0x0006B3D7
public void ResetAccessRule(CryptoKeyAccessRule rule)
{
base.ResetAccessRule(rule);
}
/// <summary>Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> object.</summary>
/// <param name="rule">The access rule to remove.</param>
// Token: 0x06001F0D RID: 7949 RVA: 0x0006D1E9 File Offset: 0x0006B3E9
public void RemoveAccessRuleAll(CryptoKeyAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
public void RemoveAccessRuleSpecific(CryptoKeyAccessRule rule)
{
throw new NotImplementedException();
}
/// <summary>Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> object.</summary>
/// <param name="rule">The access rule to add.</param>
// Token: 0x06001F09 RID: 7945 RVA: 0x0006D1C5 File Offset: 0x0006B3C5
public void AddAccessRule(CryptoKeyAccessRule rule)
{
base.AddAccessRule(rule);
}
public void RemoveAccessRuleAll (CryptoKeyAccessRule rule) {
base.RemoveAccessRuleAll(rule);
}
// // Summary: // Removes all access rules that exactly match the specified access rule from // the Discretionary Access Control List (DACL) associated with this System.Security.AccessControl.CryptoKeySecurity // object. // // Parameters: // rule: // The access rule to remove. extern public void RemoveAccessRuleSpecific(CryptoKeyAccessRule rule);
void RemoveCertificatePrivateKeyAccess(X509Certificate2 cert)
{
if (cert != null && cert.HasPrivateKey)
{
try
{
AsymmetricAlgorithm key = cert.PrivateKey;
// Only RSA provider is supported here
if (key is RSACryptoServiceProvider)
{
RSACryptoServiceProvider prov = key as RSACryptoServiceProvider;
CspKeyContainerInfo info = prov.CspKeyContainerInfo;
CryptoKeySecurity keySec = info.CryptoKeySecurity;
SecurityIdentifier ns = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
AuthorizationRuleCollection rules = keySec.GetAccessRules(true, false, typeof(SecurityIdentifier));
foreach (AuthorizationRule rule in rules)
{
CryptoKeyAccessRule keyAccessRule = (CryptoKeyAccessRule)rule;
if (keyAccessRule.AccessControlType == AccessControlType.Allow &&
(int)(keyAccessRule.CryptoKeyRights & CryptoKeyRights.GenericRead) != 0)
{
SecurityIdentifier sid = keyAccessRule.IdentityReference as SecurityIdentifier;
if (ns.Equals(sid))
{
CryptoKeyAccessRule nsReadRule = new CryptoKeyAccessRule(ns,
CryptoKeyRights.GenericRead,
AccessControlType.Allow);
keySec.RemoveAccessRule(nsReadRule);
CommitCryptoKeySecurity(info, keySec);
break;
}
}
}
}
}
#pragma warning suppress 56500
catch (Exception e)
{
// CommitCryptoKeySecurity can actually throw any exception,
// so the safest way here is to catch a generic exception while throw on critical ones
if (Utilities.IsCriticalException(e))
{
throw;
}
throw new WsatAdminException(WsatAdminErrorCode.CANNOT_UPDATE_PRIVATE_KEY_PERM,
SR.GetString(SR.ErrorUpdateCertPrivateKeyPerm), e);
}
}
}
void AddCertificatePrivateKeyAccess(X509Certificate2 cert)
{
if (cert != null && cert.HasPrivateKey)
{
try
{
AsymmetricAlgorithm key = cert.PrivateKey;
// Only RSA provider is supported here
if (key is RSACryptoServiceProvider)
{
RSACryptoServiceProvider prov = key as RSACryptoServiceProvider;
CspKeyContainerInfo info = prov.CspKeyContainerInfo;
CryptoKeySecurity keySec = info.CryptoKeySecurity;
SecurityIdentifier ns = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
// Just add a rule, exisitng settings will be merged
CryptoKeyAccessRule rule = new CryptoKeyAccessRule(ns,
CryptoKeyRights.GenericRead,
AccessControlType.Allow);
keySec.AddAccessRule(rule);
CommitCryptoKeySecurity(info, keySec);
}
}
#pragma warning suppress 56500
catch (Exception e)
{
// CommitCryptoKeySecurity can actually throw any exception,
// so the safest way here is to catch a generic exception while throw on critical ones
if (Utilities.IsCriticalException(e))
{
throw;
}
throw new WsatAdminException(WsatAdminErrorCode.CANNOT_UPDATE_PRIVATE_KEY_PERM,
SR.GetString(SR.ErrorUpdateCertPrivateKeyPerm), e);
}
}
}
public bool RemoveAccessRule(CryptoKeyAccessRule rule)
{
return default(bool);
}
public void AddAccessRule(CryptoKeyAccessRule rule)
{
}
public void SetAccessRule(CryptoKeyAccessRule rule)
{
}
public void AddAccessRule (CryptoKeyAccessRule rule) {
base.AddAccessRule(rule);
}
public void RemoveAccessRuleAll(CryptoKeyAccessRule rule)
{
}
public void ResetAccessRule (CryptoKeyAccessRule rule) {
base.ResetAccessRule(rule);
}
// // Summary: // Removes all access rules that have the same security identifier as the specified // access rule from the Discretionary Access Control List (DACL) associated // with this System.Security.AccessControl.CryptoKeySecurity object. // // Parameters: // rule: // The access rule to remove. extern public void RemoveAccessRuleAll(CryptoKeyAccessRule rule);
public void AddAccessRule(CryptoKeyAccessRule rule)
{
}
/// <summary>从与此 <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> 对象关联的自由访问控制列表 (DACL) 中移除所有访问规则,然后添加指定的访问规则。</summary>
/// <param name="rule">要重置的访问规则。</param>
public void ResetAccessRule(CryptoKeyAccessRule rule)
{
this.ResetAccessRule((AccessRule)rule);
}
public void ResetAccessRule(CryptoKeyAccessRule rule)
{
}
/// <summary>从与此 <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> 对象关联的自由访问控制列表 (DACL) 中移除与指定的访问规则具有相同安全性标识符的所有访问规则。</summary>
/// <param name="rule">要移除的访问规则。</param>
public void RemoveAccessRuleAll(CryptoKeyAccessRule rule)
{
this.RemoveAccessRuleAll((AccessRule)rule);
}
// // Summary: // Removes access rules that contain the same security identifier and access // mask as the specified access rule from the Discretionary Access Control List // (DACL) associated with this System.Security.AccessControl.CryptoKeySecurity // object. // // Parameters: // rule: // The access rule to remove. // // Returns: // true if the access rule was successfully removed; otherwise, false. extern public bool RemoveAccessRule(CryptoKeyAccessRule rule);
/// <summary>从与此 <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> 对象关联的自由访问控制列表 (DACL) 中移除与指定的访问规则完全匹配的所有访问规则。</summary>
/// <param name="rule">要移除的访问规则。</param>
public void RemoveAccessRuleSpecific(CryptoKeyAccessRule rule)
{
this.RemoveAccessRuleSpecific((AccessRule)rule);
}
/// <summary>Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> object and then adds the specified access rule.</summary>
/// <param name="rule">The access rule to set.</param>
// Token: 0x06001F0A RID: 7946 RVA: 0x0006D1CE File Offset: 0x0006B3CE
public void SetAccessRule(CryptoKeyAccessRule rule)
{
base.SetAccessRule(rule);
}
// // Summary: // Removes all access rules that contain the same security identifier and qualifier // as the specified access rule in the Discretionary Access Control List (DACL) // associated with this System.Security.AccessControl.CryptoKeySecurity object // and then adds the specified access rule. // // Parameters: // rule: // The access rule to set. extern public void SetAccessRule(CryptoKeyAccessRule rule);
/// <summary>Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CryptoKeySecurity" /> object.</summary>
/// <param name="rule">The access rule to remove.</param>
/// <returns>
/// <see langword="true" /> if the access rule was successfully removed; otherwise, <see langword="false" />.</returns>
// Token: 0x06001F0C RID: 7948 RVA: 0x0006D1E0 File Offset: 0x0006B3E0
public bool RemoveAccessRule(CryptoKeyAccessRule rule)
{
return(base.RemoveAccessRule(rule));
}
// // Summary: // Removes access rules that contain the same security identifier and access // mask as the specified access rule from the Discretionary Access Control List // (DACL) associated with this System.Security.AccessControl.CryptoKeySecurity // object. // // Parameters: // rule: // The access rule to remove. // // Returns: // true if the access rule was successfully removed; otherwise, false. extern public bool RemoveAccessRule(CryptoKeyAccessRule rule);
public void AddAccessRule(CryptoKeyAccessRule rule)
{
AddAccessRule((AccessRule)rule);
}
public bool RemoveAccessRule (CryptoKeyAccessRule rule)
{
throw new NotImplementedException ();
}
public void SetAccessRule(CryptoKeyAccessRule rule)
{
SetAccessRule((AccessRule)rule);
}
public void RemoveAccessRuleSpecific (CryptoKeyAccessRule rule)
{
throw new NotImplementedException ();
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.CryptoKeyAccessRule" /> class using the specified values.</summary>
/// <param name="identity">The identity to which the access rule applies.</param>
/// <param name="cryptoKeyRights">The cryptographic key operation to which this access rule controls access.</param>
/// <param name="type">The valid access control type.</param>
// Token: 0x06001EFA RID: 7930 RVA: 0x0006D0A9 File Offset: 0x0006B2A9
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(new NTAccount(identity), CryptoKeyAccessRule.AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type)
{
}
public void ResetAccessRule (CryptoKeyAccessRule rule)
{
throw new NotImplementedException ();
}
public void SetAccessRule (CryptoKeyAccessRule rule) {
base.SetAccessRule(rule);
}
public void AddAccessRule (CryptoKeyAccessRule rule)
{
AddAccessRule ((AccessRule)rule);
}
public bool RemoveAccessRule (CryptoKeyAccessRule rule) {
return base.RemoveAccessRule(rule);
}
public bool RemoveAccessRule (CryptoKeyAccessRule rule)
{
return RemoveAccessRule ((AccessRule)rule);
}
public void RemoveAccessRuleSpecific (CryptoKeyAccessRule rule) {
base.RemoveAccessRuleSpecific(rule);
}
public void RemoveAccessRuleAll (CryptoKeyAccessRule rule)
{
RemoveAccessRuleAll ((AccessRule)rule);
}
public bool RemoveAccessRule(CryptoKeyAccessRule rule)
{
return(default(bool));
}
public void RemoveAccessRuleSpecific (CryptoKeyAccessRule rule)
{
RemoveAccessRuleSpecific ((AccessRule)rule);
}
public void RemoveAccessRuleSpecific(CryptoKeyAccessRule rule)
{
}
public void ResetAccessRule (CryptoKeyAccessRule rule)
{
ResetAccessRule ((AccessRule)rule);
}
public bool RemoveAccessRule(CryptoKeyAccessRule rule)
{
throw new NotImplementedException();
}
public void SetAccessRule (CryptoKeyAccessRule rule)
{
SetAccessRule ((AccessRule)rule);
}
public void SetAccessRule(CryptoKeyAccessRule rule)
{
throw new NotImplementedException();
}
// // Summary: // Removes all access rules in the Discretionary Access Control List (DACL) // associated with this System.Security.AccessControl.CryptoKeySecurity object // and then adds the specified access rule. // // Parameters: // rule: // The access rule to reset. extern public void ResetAccessRule(CryptoKeyAccessRule rule);
