private static bool AnalyzeCertificate(ParsedData parsedData, MemoryStream ms, out bool distrustedPublisher, out bool trustedPublisher, out bool noCertificate)
 {
     distrustedPublisher = false;
     trustedPublisher = false;
     noCertificate = false;
     System.Deployment.Internal.CodeSigning.SignedCmiManifest manifest = null;
     try
     {
         XmlDocument manifestDom = new XmlDocument {
             PreserveWhitespace = true
         };
         manifestDom.Load(ms);
         manifest = new System.Deployment.Internal.CodeSigning.SignedCmiManifest(manifestDom);
         manifest.Verify(System.Deployment.Internal.CodeSigning.CmiManifestVerifyFlags.None);
     }
     catch (Exception exception)
     {
         if (!(exception is CryptographicException) || (manifest.AuthenticodeSignerInfo == null))
         {
             return false;
         }
         int errorCode = manifest.AuthenticodeSignerInfo.ErrorCode;
         switch (errorCode)
         {
             case -2146762479:
             case -2146885616:
                 distrustedPublisher = true;
                 return true;
         }
         if (errorCode != -2146762748)
         {
             noCertificate = true;
         }
         return true;
     }
     finally
     {
         if (((manifest != null) && (manifest.AuthenticodeSignerInfo != null)) && (manifest.AuthenticodeSignerInfo.SignerChain != null))
         {
             parsedData.Certificate = manifest.AuthenticodeSignerInfo.SignerChain.ChainElements[0].Certificate;
             parsedData.AuthenticodedPublisher = parsedData.Certificate.GetNameInfo(X509NameType.SimpleName, false);
         }
     }
     if ((manifest == null) || (manifest.AuthenticodeSignerInfo == null))
     {
         noCertificate = true;
     }
     else
     {
         trustedPublisher = true;
     }
     return true;
 }
 private static bool AnalyzeCertificate(ParsedData parsedData, MemoryStream ms, out bool distrustedPublisher, out bool trustedPublisher, out bool noCertificate)
 {
     distrustedPublisher = false;
     trustedPublisher    = false;
     noCertificate       = false;
     System.Deployment.Internal.CodeSigning.SignedCmiManifest manifest = null;
     try
     {
         XmlDocument manifestDom = new XmlDocument {
             PreserveWhitespace = true
         };
         manifestDom.Load(ms);
         manifest = new System.Deployment.Internal.CodeSigning.SignedCmiManifest(manifestDom);
         manifest.Verify(System.Deployment.Internal.CodeSigning.CmiManifestVerifyFlags.None);
     }
     catch (Exception exception)
     {
         if (!(exception is CryptographicException) || (manifest.AuthenticodeSignerInfo == null))
         {
             return(false);
         }
         int errorCode = manifest.AuthenticodeSignerInfo.ErrorCode;
         switch (errorCode)
         {
         case -2146762479:
         case -2146885616:
             distrustedPublisher = true;
             return(true);
         }
         if (errorCode != -2146762748)
         {
             noCertificate = true;
         }
         return(true);
     }
     finally
     {
         if (((manifest != null) && (manifest.AuthenticodeSignerInfo != null)) && (manifest.AuthenticodeSignerInfo.SignerChain != null))
         {
             parsedData.Certificate            = manifest.AuthenticodeSignerInfo.SignerChain.ChainElements[0].Certificate;
             parsedData.AuthenticodedPublisher = parsedData.Certificate.GetNameInfo(X509NameType.SimpleName, false);
         }
     }
     if ((manifest == null) || (manifest.AuthenticodeSignerInfo == null))
     {
         noCertificate = true;
     }
     else
     {
         trustedPublisher = true;
     }
     return(true);
 }
Exemple #3
0
        private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext,
                                                       ParsedData parsedData,
                                                       String deploymentUrl,
                                                       HostContextInternal hostContextInternal, 
                                                       ApplicationSecurityInfo info, 
                                                       ApplicationTrustExtraInfo appTrustExtraInfo,
                                                       string zoneName)
        {
            DialogResult ret;
            TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
            try
            {
                TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
                                                                               DefaultBrowserExePath,
                                                                               parsedData.SupportUrl, 
                                                                               GetHostFromDeploymentUrl(deploymentUrl),
                                                                               parsedData.AuthenticodedPublisher /*publisherName*/, 
                                                                               parsedData.Certificate,
                                                                               options);
                ret = highRiskDialog.ShowDialog();
            }
            catch (Exception ex)
            {
                Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message);
                ret = DialogResult.No;
            }

            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/);
        }
Exemple #4
0
        private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, 
                                                        string zoneName, 
                                                        ParsedData parsedData)
        {
            Debug.Assert(hostContextInternal != null);
            Debug.Assert(zoneName != null);
            Debug.Assert(parsedData != null);

            if (hostContextInternal.NoPrompt)
            {
                return PromptsAllowed.None;
            }

            PromptingLevel promptingLevel = GetZonePromptingLevel(zoneName);
            if (promptingLevel == PromptingLevel.Disabled || 
                (promptingLevel == PromptingLevel.PromptOnlyForAuthenticode && parsedData.AuthenticodedPublisher == null))
            {
                return PromptsAllowed.BlockingOnly;
            }

            return PromptsAllowed.All;
        }
Exemple #5
0
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {            
            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }

            ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
            // ISSUE - fix this....
            HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);

            ICMS cms = (ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);            

            ParsedData parsedData = new ParsedData();
            if (ParseManifest(cms, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration; 
            }

            string deploymentUrl = GetDeploymentUrl(info);
            string zoneName = GetZoneNameFromDeploymentUrl(deploymentUrl);
            MemoryStream ms;
            PromptsAllowed promptsAllowed;

            if (!ExtractManifestContent(cms, out ms))
            {
                // Block prompt
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
            }
            
            bool distrustedPublisher, trustedPublisher, noCertificate;
            AnalyzeCertificate(parsedData, ms, out distrustedPublisher, out trustedPublisher, out noCertificate);

            /// Check whether application manifest allows to use deployment manifest certificate.
            /// If not then we have to use application manifest certificate instead.
            ICMS applicationCms = (ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData applicationParsedData = new ParsedData();
            if (ParseManifest(applicationCms, applicationParsedData))
            {
                if (applicationParsedData.UseManifestForTrust)
                {
                    MemoryStream applicationMs;
                    if (ExtractManifestContent(applicationCms, out applicationMs))
                    {
                        /// Use the old parsedData.
                        bool applicationDistrustedPublisher, applicationTrustedPublisher, applicationNoCertificate;
                        AnalyzeCertificate(parsedData, applicationMs, out applicationDistrustedPublisher, out applicationTrustedPublisher, out applicationNoCertificate);
                        distrustedPublisher = applicationDistrustedPublisher;
                        trustedPublisher = applicationTrustedPublisher;
                        noCertificate = applicationNoCertificate;
                        parsedData.AppName = applicationParsedData.AppName;
                        parsedData.AppPublisher = applicationParsedData.AppPublisher;
                        parsedData.SupportUrl = applicationParsedData.SupportUrl;
                    }
                }
            }

            if (distrustedPublisher)
            {             
                promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                if (promptsAllowed == PromptsAllowed.None)
                {
                    // No prompt allowed, return Do Not Trust.
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                }
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
            }            

            if (noCertificate)
            {            
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate = null;
            }

            if (!hostContextInternal.IgnorePersistedDecision)
            {
                // Check if there are previously trusted versions installed.
                ArrayList matchingTrusts;
                if (SearchPreviousTrustedVersion(activationContext, out matchingTrusts))
                {
                    Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);

                    // Found a matching app, with normally a different version.
                    if (ExistingTrustApplicable(info, matchingTrusts))
                    {
                        // There is at least one old version that requires at the same or more permissions.
                        // ExistingTrustApplicable removed the non-applicable version from the matchingTrusts arrays.
                        Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);

                        // Check if the new app requires shell integration while none of the old ones did
                        if (appTrustExtraInfo.RequestsShellIntegration &&
                            !SomePreviousTrustedVersionRequiresShellIntegration(matchingTrusts) &&
                            !trustedPublisher)
                        {
                            promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                            switch (promptsAllowed)
                            {
                                case PromptsAllowed.None:
                                    // No prompt allowed, return Do Not Trust.
                                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                                case PromptsAllowed.BlockingOnly:
                                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
                                case PromptsAllowed.All:
                                    // New app requires shell integration - bring up the Basic Install Prompt
                                    return BasicInstallPrompt(activationContext,
                                                              parsedData, 
                                                              deploymentUrl, 
                                                              hostContextInternal, 
                                                              info, 
                                                              appTrustExtraInfo,
                                                              zoneName, 
                                                              AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
                            }
                        }

                        // No prompt, return Trust & Persist.
                        return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
                    }
                }
            }            

            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
            if (!permissionElevationRequired || trustedPublisher)
            {             
                if (!trustedPublisher)
                {
                    Debug.Assert(!permissionElevationRequired);
                    promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                    switch (promptsAllowed)
                    {
                        case PromptsAllowed.BlockingOnly:
                            return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, permissionElevationRequired);
                        case PromptsAllowed.None:
                            // XBaps should also prompt in InternetZone
                            // Originally xbaps were silently trusted, along with other ClickOnce apps
                        case PromptsAllowed.All:
                            // App shell integrates and is not from a trusted deployer, bring up the Basic Install Prompt.
                            return BasicInstallPrompt(activationContext,
                                                      parsedData, 
                                                      deploymentUrl, 
                                                      hostContextInternal, 
                                                      info,
                                                      appTrustExtraInfo,
                                                      zoneName,
                                                      false /*permissionElevationRequired*/);
                    }
                }
                else
                {
                    // App does not shell integrate and does not run in "Internet" zone, or is from a trusted deployer, return Trust
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
                }
            }            

            promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
            switch (promptsAllowed)
            {
                case PromptsAllowed.None:
                    // No prompt allowed, return Do Not Trust.
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                case PromptsAllowed.BlockingOnly:
                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, true /*permissionElevationRequired*/);
                default: // PromptsAllowed.All:
                    // Bring up the HighRisk Install Prompt if the app shell integrates, or the HighRisk Run Prompt otherwise.
                    return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName);
            }
        }
Exemple #6
0
        private static bool AnalyzeCertificate(ParsedData parsedData, MemoryStream ms, out bool distrustedPublisher, out bool trustedPublisher, out bool noCertificate)
        {
            Debug.Assert(parsedData != null);
            Debug.Assert(ms != null);

            distrustedPublisher = false;
            trustedPublisher = false;
            noCertificate = false;
            SignedCmiManifest2 signedManifest = null;
            XmlDocument deploymentManifestXmlDom = null;
            try
            {
                deploymentManifestXmlDom = new XmlDocument();
                deploymentManifestXmlDom.PreserveWhitespace = true;
                deploymentManifestXmlDom.Load(ms);

                signedManifest = new SignedCmiManifest2(deploymentManifestXmlDom, true);

                signedManifest.Verify(CmiManifestVerifyFlags.None);                
            }
            catch (Exception e)
            {
                if (!(e is CryptographicException))
                {
                    return false;
                }
                if (signedManifest.StrongNameSignerInfo != null && signedManifest.StrongNameSignerInfo.ErrorCode != Win32.TRUST_E_BAD_DIGEST) {
                    if (signedManifest.AuthenticodeSignerInfo == null) 
                    {
                        return false;
                    }
                    ProcessSignerInfo(signedManifest, out distrustedPublisher, out noCertificate);
                    return true;
                }
                // try SHA1 
                try
                {
                    signedManifest = new SignedCmiManifest2(deploymentManifestXmlDom, false);
                    signedManifest.Verify(CmiManifestVerifyFlags.None);
                }
                catch (Exception ex)
                {
                    if (!(ex is CryptographicException)) 
                    {
                        return false;
                    }

                    if (signedManifest.AuthenticodeSignerInfo != null) 
                    {
                        ProcessSignerInfo(signedManifest, out distrustedPublisher, out noCertificate);
                        return true;
                    }
                    return false;
                }
                
            }
            finally
            {                
                if (signedManifest != null && 
                    signedManifest.AuthenticodeSignerInfo != null && 
                    signedManifest.AuthenticodeSignerInfo.SignerChain != null)
                {             
                    parsedData.Certificate = signedManifest.AuthenticodeSignerInfo.SignerChain.ChainElements[0].Certificate;
                    parsedData.AuthenticodedPublisher = parsedData.Certificate.GetNameInfo(X509NameType.SimpleName, false);
                }
            }

            if (signedManifest == null || signedManifest.AuthenticodeSignerInfo == null)
            {
                noCertificate = true;
            }
            else
            {
                trustedPublisher = true;
            }

            return true;
        }
 private static bool ParseManifest(System.Deployment.Internal.Isolation.Manifest.ICMS cms, ParsedData parsedData)
 {
     try
     {
         if ((cms != null) && (cms.MetadataSectionEntry != null))
         {
             System.Deployment.Internal.Isolation.Manifest.IMetadataSectionEntry metadataSectionEntry = cms.MetadataSectionEntry as System.Deployment.Internal.Isolation.Manifest.IMetadataSectionEntry;
             if (metadataSectionEntry != null)
             {
                 System.Deployment.Internal.Isolation.Manifest.IDescriptionMetadataEntry descriptionData = metadataSectionEntry.DescriptionData;
                 if (descriptionData != null)
                 {
                     parsedData.SupportUrl   = descriptionData.SupportUrl;
                     parsedData.AppName      = descriptionData.Product;
                     parsedData.AppPublisher = descriptionData.Publisher;
                 }
                 System.Deployment.Internal.Isolation.Manifest.IDeploymentMetadataEntry deploymentData = metadataSectionEntry.DeploymentData;
                 if (deploymentData != null)
                 {
                     parsedData.RequestsShellIntegration = (deploymentData.DeploymentFlags & 0x20) != 0;
                 }
                 if ((metadataSectionEntry.ManifestFlags & 8) != 0)
                 {
                     parsedData.UseManifestForTrust = true;
                 }
                 else
                 {
                     parsedData.UseManifestForTrust = false;
                 }
             }
         }
     }
     catch (Exception)
     {
         return(false);
     }
     return(true);
 }
        private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
        {
            DialogResult no;
            TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);

            try
            {
                no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
            }
            catch (Exception)
            {
                no = DialogResult.No;
            }
            return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK)));
        }
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {
            MemoryStream stream;
            bool flag;
            bool flag2;
            bool flag3;
            MemoryStream stream2;
            ArrayList list;
            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }
            ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
            HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
            System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
            ParsedData parsedData = new ParsedData();
            if (ParseManifest(deploymentComponentManifest, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
            }
            string deploymentUrl = GetDeploymentUrl(info);
            string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
            if (!ExtractManifestContent(deploymentComponentManifest, out stream))
            {
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
            }
            AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
            System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData data2 = new ParsedData();
            if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
            {
                bool flag4;
                bool flag5;
                bool flag6;
                AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
                flag = flag4;
                flag2 = flag5;
                flag3 = flag6;
                parsedData.AppName = data2.AppName;
                parsedData.AppPublisher = data2.AppPublisher;
                parsedData.SupportUrl = data2.SupportUrl;
            }
            if (flag)
            {
                if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
                {
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
                }
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
            }
            if (flag3)
            {
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate = null;
            }
            if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
            {
                if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
                {
                    switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                    {
                        case PromptsAllowed.All:
                            return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));

                        case PromptsAllowed.BlockingOnly:
                            return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));

                        case PromptsAllowed.None:
                            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
                    }
                }
                return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
            }
            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
            if (!permissionElevationRequired || flag2)
            {
                if (flag2)
                {
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
                }
                switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                {
                    case PromptsAllowed.All:
                    case PromptsAllowed.None:
                        return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false);

                    case PromptsAllowed.BlockingOnly:
                        return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired);
                }
            }
            switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
            {
                case PromptsAllowed.BlockingOnly:
                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true);

                case PromptsAllowed.None:
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
            }
            return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl);
        }
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {
            MemoryStream stream;
            bool         flag;
            bool         flag2;
            bool         flag3;
            MemoryStream stream2;
            ArrayList    list;

            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }
            ApplicationSecurityInfo   info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo   = new ApplicationTrustExtraInfo();
            HostContextInternal       hostContextInternal = new HostContextInternal(trustManagerContext);

            System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
            ParsedData parsedData = new ParsedData();

            if (ParseManifest(deploymentComponentManifest, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
            }
            string deploymentUrl             = GetDeploymentUrl(info);
            string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);

            if (!ExtractManifestContent(deploymentComponentManifest, out stream))
            {
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
            }
            AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
            System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData data2 = new ParsedData();

            if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
            {
                bool flag4;
                bool flag5;
                bool flag6;
                AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
                flag  = flag4;
                flag2 = flag5;
                flag3 = flag6;
                parsedData.AppName      = data2.AppName;
                parsedData.AppPublisher = data2.AppPublisher;
                parsedData.SupportUrl   = data2.SupportUrl;
            }
            if (flag)
            {
                if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
                {
                    return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
                }
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
            }
            if (flag3)
            {
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate            = null;
            }
            if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
            {
                if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
                {
                    switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                    {
                    case PromptsAllowed.All:
                        return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));

                    case PromptsAllowed.BlockingOnly:
                        return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));

                    case PromptsAllowed.None:
                        return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
                    }
                }
                return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
            }
            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);

            if (!permissionElevationRequired || flag2)
            {
                if (flag2)
                {
                    return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
                }
                switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                {
                case PromptsAllowed.All:
                case PromptsAllowed.None:
                    return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false));

                case PromptsAllowed.BlockingOnly:
                    return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired));
                }
            }
            switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
            {
            case PromptsAllowed.BlockingOnly:
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true));

            case PromptsAllowed.None:
                return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
            }
            return(HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl));
        }
        private static ApplicationTrust BlockingPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName, bool permissionElevationRequired)
        {
            TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.RequiresPermissions | TrustManagerPromptOptions.StopApp) : TrustManagerPromptOptions.StopApp, appTrustExtraInfo, zoneName, info);

            try
            {
                new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
            }
            catch (Exception)
            {
            }
            return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
        }
 private static bool ParseManifest(System.Deployment.Internal.Isolation.Manifest.ICMS cms, ParsedData parsedData)
 {
     try
     {
         if ((cms != null) && (cms.MetadataSectionEntry != null))
         {
             System.Deployment.Internal.Isolation.Manifest.IMetadataSectionEntry metadataSectionEntry = cms.MetadataSectionEntry as System.Deployment.Internal.Isolation.Manifest.IMetadataSectionEntry;
             if (metadataSectionEntry != null)
             {
                 System.Deployment.Internal.Isolation.Manifest.IDescriptionMetadataEntry descriptionData = metadataSectionEntry.DescriptionData;
                 if (descriptionData != null)
                 {
                     parsedData.SupportUrl = descriptionData.SupportUrl;
                     parsedData.AppName = descriptionData.Product;
                     parsedData.AppPublisher = descriptionData.Publisher;
                 }
                 System.Deployment.Internal.Isolation.Manifest.IDeploymentMetadataEntry deploymentData = metadataSectionEntry.DeploymentData;
                 if (deploymentData != null)
                 {
                     parsedData.RequestsShellIntegration = (deploymentData.DeploymentFlags & 0x20) != 0;
                 }
                 if ((metadataSectionEntry.ManifestFlags & 8) != 0)
                 {
                     parsedData.UseManifestForTrust = true;
                 }
                 else
                 {
                     parsedData.UseManifestForTrust = false;
                 }
             }
         }
     }
     catch (Exception)
     {
         return false;
     }
     return true;
 }
 private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
 {
     DialogResult no;
     TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
     try
     {
         no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
     }
     catch (Exception)
     {
         no = DialogResult.No;
     }
     return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK));
 }
 private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData)
 {
     if (hostContextInternal.NoPrompt)
     {
         return PromptsAllowed.None;
     }
     PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName);
     if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null)))
     {
         return PromptsAllowed.All;
     }
     return PromptsAllowed.BlockingOnly;
 }
Exemple #15
0
        private static ApplicationTrust BlockingPrompt(ActivationContext activationContext,
                                                       ParsedData parsedData,
                                                       String deploymentUrl,
                                                       ApplicationSecurityInfo info,
                                                       ApplicationTrustExtraInfo appTrustExtraInfo,
                                                       string zoneName,
                                                       bool permissionElevationRequired)
        {
            TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.StopApp | TrustManagerPromptOptions.RequiresPermissions) : TrustManagerPromptOptions.StopApp,
                                                                      appTrustExtraInfo, zoneName, info);
            try
            {
                TrustManagerPromptUIThread errorDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
                                                                            DefaultBrowserExePath,
                                                                            parsedData.SupportUrl,
                                                                            GetHostFromDeploymentUrl(deploymentUrl),
                                                                            parsedData.AuthenticodedPublisher /*publisherName*/,
                                                                            parsedData.Certificate,
                                                                            options);
                errorDialog.ShowDialog();
            }
            catch (Exception ex)
            {
                Debug.Fail("Error occurred while showing error dialog: " + ex.Message);
            }

            // Trust Manager should prompt, but is not allowed to. Return Don't Trust and Don't Persist.
            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
        }
        private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData)
        {
            if (hostContextInternal.NoPrompt)
            {
                return(PromptsAllowed.None);
            }
            PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName);

            if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null)))
            {
                return(PromptsAllowed.All);
            }
            return(PromptsAllowed.BlockingOnly);
        }
Exemple #17
0
        private static bool ParseManifest(ICMS cms, ParsedData parsedData)
        {
            // parsedData is safely initialized to requestsShellIntegration:false/supportUrl:null/authenticodedPublisher:null  //deploymentProviderCodebase:null
            try
            {
                if (cms != null)
                {
                    // Extract SupportUrl and Shell Visibility
                    if (cms.MetadataSectionEntry != null)
                    {
                        IMetadataSectionEntry metaDataSectionEntry = cms.MetadataSectionEntry as IMetadataSectionEntry;
                        if (metaDataSectionEntry != null)
                        {
                            IDescriptionMetadataEntry description = metaDataSectionEntry.DescriptionData;
                            if (description != null)
                            {
                                parsedData.SupportUrl = description.SupportUrl;
                                parsedData.AppName = description.Product;
                                parsedData.AppPublisher = description.Publisher;
                            }

                            IDeploymentMetadataEntry deployment = metaDataSectionEntry.DeploymentData;
                            if (deployment != null)
                            {
                                parsedData.RequestsShellIntegration = ((deployment.DeploymentFlags & 
                                    (uint)(CMS_ASSEMBLY_DEPLOYMENT_FLAG.CMS_ASSEMBLY_DEPLOYMENT_FLAG_INSTALL)) != 0);
                                // parsedData.DeploymentProviderCodebase = deployment.DeploymentProviderCodebase;
                            }

                            if ((metaDataSectionEntry.ManifestFlags & (uint)CMS_MANIFEST_FLAG.CMS_MANIFEST_FLAG_USEMANIFESTFORTRUST) != 0)
                            {                                
                                parsedData.UseManifestForTrust = true;
                            }
                            else
                            {                             
                                parsedData.UseManifestForTrust = false;
                            }
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Debug.Fail("Error parsing manifest: " + e.Message);
                return false;
            }
            return true;
        }
 private static ApplicationTrust BlockingPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName, bool permissionElevationRequired)
 {
     TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.RequiresPermissions | TrustManagerPromptOptions.StopApp) : TrustManagerPromptOptions.StopApp, appTrustExtraInfo, zoneName, info);
     try
     {
         new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
     }
     catch (Exception)
     {
     }
     return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
 }