internal IssuanceLicense( DateTime validFrom, DateTime validUntil, string referralInfoName, Uri referralInfoUri, ContentUser owner, string issuanceLicense, SafeRightsManagementHandle boundLicenseHandle, Guid contentId, ICollection<ContentGrant> grantCollection, IDictionary<int, LocalizedNameDescriptionPair> localizedNameDescriptionDictionary, IDictionary<string, string> applicationSpecificDataDictionary, int rightValidityIntervalDays, RevocationPoint revocationPoint) { Initialize( validFrom, validUntil, referralInfoName, referralInfoUri, owner, issuanceLicense, boundLicenseHandle, contentId, grantCollection, localizedNameDescriptionDictionary, applicationSpecificDataDictionary, rightValidityIntervalDays, revocationPoint); }
/// <summary> /// This static Method builds a new instance of a SecureEnvironment for a given user that is already /// activated. If this method called with a user that isn't activated, and exception will be thrown. /// The user that is passed into the function must have a well defined authentication type /// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication /// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed. /// </summary> public static SecureEnvironment Create(string applicationManifest, ContentUser user) { SecurityHelper.DemandRightsManagementPermission(); return CriticalCreate(applicationManifest, user); }
/// <summary> /// This static Method builds a new instance of a SecureEnvironment for a given user that is already /// activated. If this method called with a user that isn't activated, and exception will be thrown. /// The user that is passed into the function must have a well defined authentication type /// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication /// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed. /// </summary> public static SecureEnvironment Create(string applicationManifest, ContentUser user) { SecurityHelper.DemandRightsManagementPermission(); return(CriticalCreate(applicationManifest, user)); }
/// <summary> /// Private Constructor for the SecureEnvironment. /// </summary> private SecureEnvironment(string applicationManifest, ContentUser user, ClientSession clientSession) { Invariant.Assert(applicationManifest != null); Invariant.Assert(user != null); Invariant.Assert(clientSession != null); _user = user; _applicationManifest = applicationManifest; _clientSession = clientSession; }
/// <summary> /// Generic test for equality. This method allows any types based on ContentUser /// to be comparable. /// </summary> internal bool GenericEquals(ContentUser userObj) { // this checks for null argument if (userObj == null) { return(false); } else { return((String.CompareOrdinal(_name.ToUpperInvariant(), userObj._name.ToUpperInvariant()) == 0) && _authenticationType.Equals(userObj._authenticationType)); } }
/// <summary> /// Test for equality. /// </summary> public override bool Equals(object obj) { if (obj == null) { return(false); // Standard behavior. } if (GetType() != obj.GetType()) { return(false); // Different type. } ContentUser userObj = (ContentUser)obj; return((String.CompareOrdinal(_name.ToUpperInvariant(), userObj._name.ToUpperInvariant()) == 0) && _authenticationType.Equals(userObj._authenticationType)); }
/// <summary> /// This function returns a read only collection of the activated users. /// </summary> static public ReadOnlyCollection <ContentUser> GetActivatedUsers() { SecurityHelper.DemandRightsManagementPermission(); //build user with the default authentication type and a default name // neither name not authentication type is important in this case //ContentUser tempUser = new ContentUser(_defaultUserName, AuthenticationType.Windows); // Generic client session to enumerate user certificates using (ClientSession genericClientSession = ClientSession.DefaultUserClientSession(AuthenticationType.Windows)) { List <ContentUser> userList = new List <ContentUser>(); // if machine activation is not present we can return empty list right away if (genericClientSession.IsMachineActivated()) { int index = 0; while (true) { // we get a string which can be parsed to get the ID and type string userCertificate = genericClientSession.EnumerateLicense(EnumerateLicenseFlags.GroupIdentity, index); if (userCertificate == null) { break; } // we need to parse the information out of the string ContentUser user = ClientSession.ExtractUserFromCertificateChain(userCertificate); // User specific client session to check it's status using (ClientSession userClientSession = new ClientSession(user)) { if (userClientSession.IsUserActivated()) { userList.Add(user); } } index++; } } return(new ReadOnlyCollection <ContentUser>(userList)); } }
/// <summary> /// This property verifies whether the current machine was prepared for consuming and producing RM protected content. /// If property returns true it could be used as an indication that Init function call will not result in a network transaction. /// </summary> public static bool IsUserActivated(ContentUser user) { if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identified users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user", SR.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed); } using (ClientSession userClientSession = new ClientSession(user)) { // if machine activation is not present we can return false right away return(userClientSession.IsMachineActivated() && userClientSession.IsUserActivated()); } }
//------------------------------------------------------ // // Internal Constructor // //------------------------------------------------------ /// <summary> /// Constructor. /// </summary> internal CryptoProvider(List <SafeRightsManagementHandle> boundLicenseHandleList, List <RightNameExpirationInfoPair> rightsInfoList, ContentUser owner) { Invariant.Assert(boundLicenseHandleList != null); Invariant.Assert(boundLicenseHandleList.Count > 0); Invariant.Assert(rightsInfoList != null); Invariant.Assert(rightsInfoList.Count > 0); // we expect a match between lists of the Right Information and the bound license handles // we will be mapping those lists based on indexes Invariant.Assert(rightsInfoList.Count == boundLicenseHandleList.Count); Invariant.Assert(owner != null); _boundLicenseHandleList = boundLicenseHandleList; _boundRightsInfoList = rightsInfoList; _owner = owner; }
/// <summary> /// Removes activation for a given user. User must have Windows or Passport authnetication /// </summary> public static void RemoveActivatedUser(ContentUser user) { SecurityHelper.DemandRightsManagementPermission(); if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identifyed users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed)); } // Generic client session to enumerate user certificates using (ClientSession userClientSession = new ClientSession(user)) { // Remove Licensor certificastes first List <string> userClientLicensorCertificateIds = userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.ClientLicensor); // and now we can remove certificates that have been enumerated foreach (string licenseId in userClientLicensorCertificateIds) { userClientSession.DeleteLicense(licenseId); } // Remove User's identity certificastes second List <string> userGroupIdentityCertificateIds = userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.GroupIdentity); // and now we can remove certificates that have been enumerated foreach (string licenseId in userGroupIdentityCertificateIds) { userClientSession.DeleteLicense(licenseId); } } }
/// <summary> /// This static Method builds a new instance of a secure environment for a given user that is assumed to be already activated. /// client Application can use GetActivatedUsers property to enumerate Activated users. /// </summary> private static SecureEnvironment CriticalCreate(string applicationManifest, ContentUser user) { if (applicationManifest == null) { throw new ArgumentNullException("applicationManifest"); } if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identifyed users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user"); } if (!IsUserActivated(user)) { throw new RightsManagementException(RightsManagementFailureCode.NeedsGroupIdentityActivation); } ClientSession clientSession = new ClientSession(user); try { clientSession.BuildSecureEnvironment(applicationManifest); return(new SecureEnvironment(applicationManifest, user, clientSession)); } catch { clientSession.Dispose(); throw; } }
/// <summary> /// Constructor for the read only ContentGrant class. It takes values for /// user, right, validFrom, and validUntil as parameters. /// </summary> public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil) { SecurityHelper.DemandRightsManagementPermission(); // Add validation here if (user == null) { throw new ArgumentNullException("user"); } if ((right != ContentRight.View) && (right != ContentRight.Edit) && (right != ContentRight.Print) && (right != ContentRight.Extract) && (right != ContentRight.ObjectModel) && (right != ContentRight.Owner) && (right != ContentRight.ViewRightsData) && (right != ContentRight.Forward) && (right != ContentRight.Reply) && (right != ContentRight.ReplyAll) && (right != ContentRight.Sign) && (right != ContentRight.DocumentEdit) && (right != ContentRight.Export)) { throw new ArgumentOutOfRangeException("right"); } if (validFrom > validUntil) { throw new ArgumentOutOfRangeException("validFrom"); } _user = user; _right = right; _validFrom = validFrom; _validUntil = validUntil; }
/// <summary> /// Constructor for the read only ContentGrant class. It takes values for /// user, right, validFrom, and validUntil as parameters. /// </summary> public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil) { SecurityHelper.DemandRightsManagementPermission(); // Add validation here if (user == null) { throw new ArgumentNullException("user"); } if ((right != ContentRight.View) && (right != ContentRight.Edit) && (right != ContentRight.Print) && (right != ContentRight.Extract) && (right != ContentRight.ObjectModel) && (right != ContentRight.Owner) && (right != ContentRight.ViewRightsData) && (right != ContentRight.Forward) && (right != ContentRight.Reply) && (right != ContentRight.ReplyAll) && (right != ContentRight.Sign) && (right != ContentRight.DocumentEdit) && (right != ContentRight.Export)) { throw new ArgumentOutOfRangeException("right"); } if (validFrom > validUntil) { throw new ArgumentOutOfRangeException("validFrom"); } _user = user; _right = right; _validFrom = validFrom; _validUntil = validUntil; }
internal ClientSession( ContentUser user, UserActivationMode userActivationMode) { Invariant.Assert(user != null); Invariant.Assert((userActivationMode == UserActivationMode.Permanent) || (userActivationMode == UserActivationMode.Temporary)); _user = user; _userActivationMode = userActivationMode; // prepare callback handler _callbackHandler = new CallbackHandler(); int hr = SafeNativeMethods.DRMCreateClientSession( _callbackHandler.CallbackDelegate, NativeConstants.DrmCallbackVersion, _user.AuthenticationProviderType, _user.Name, out _hSession); Errors.ThrowOnErrorCode(hr); Invariant.Assert((_hSession != null) && (!_hSession.IsInvalid)); }
/// <summary> /// Load a use license for the specified user from the RM transform's instance data /// storage in the compound file. /// </summary> /// <param name="userKey"> /// The user whose use license is desired. /// </param> /// <returns> /// The use license for the specified user, or null if the compound file does not /// contain a use license for the specified user. /// </returns> /// <exception cref="ArgumentNullException"> /// If <paramref name="userKey"/> is null. /// </exception> /// <exception cref="FileFormatException"> /// If the RM information in this file cannot be read by the current version of /// this class. /// </exception> public UseLicense LoadUseLicense(ContentUser userKey) { return _rmet.LoadUseLicense(userKey); }
/// <summary> /// Constructor for the read only ContentGrant class. It takes values for user and right as parameters. /// </summary> public ContentGrant(ContentUser user, ContentRight right) : this(user, right, DateTime.MinValue, DateTime.MaxValue) { }
private SafeRightsManagementPubHandle GetHandleFromUser(ContentUser user) { SafeRightsManagementPubHandle userHandle = null; int hr; // We need to create Internal Authnetication type Users differently if (user.GenericEquals(ContentUser.AnyoneUser) || user.GenericEquals(ContentUser.OwnerUser)) { // Anyone user hr = SafeNativeMethods.DRMCreateUser( user.Name, // This is an optional UI Name (some applications use this and do not work well when it is missing) user.Name, // that would be string Anyone or Owner ConvertAuthenticationTypeToString(user), // this would be internal out userHandle); } else { // Windws Passport or WindowsPassport authentication type user hr = SafeNativeMethods.DRMCreateUser( user.Name, null, ConvertAuthenticationTypeToString(user), out userHandle); } Errors.ThrowOnErrorCode(hr); Debug.Assert((userHandle != null) && (!userHandle.IsInvalid)); _pubHandlesList.Add(userHandle); return userHandle; }
public static void RemoveActivatedUser(ContentUser user) { throw new NotImplementedException(); }
/// <summary> /// This static Method builds a new instance of a secure environment for a given user that is assumed to be already activated. /// client Application can use GetActivatedUsers property to enumerate Activated users. /// </summary> private static SecureEnvironment CriticalCreate(string applicationManifest, ContentUser user) { if (applicationManifest == null) { throw new ArgumentNullException("applicationManifest"); } if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identifyed users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user"); } if (!IsUserActivated(user)) { throw new RightsManagementException(RightsManagementFailureCode.NeedsGroupIdentityActivation); } ClientSession clientSession = new ClientSession(user); try { clientSession.BuildSecureEnvironment(applicationManifest); return new SecureEnvironment(applicationManifest, user, clientSession); } catch { clientSession.Dispose(); throw; } }
/// <summary> /// This static Method builds a new instance of a SecureEnvironment for a given user that is already /// activated. If this method called with a user that isn't activated, and exception will be thrown. /// The user that is passed into the function must have a well defined authentication type /// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication /// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed. /// </summary> public static SecureEnvironment Create(string applicationManifest, ContentUser user) { return(CriticalCreate(applicationManifest, user)); }
// We currently don’t use these two methods, but they may be useful in the future. // So we keep them in the debug build only, and changed them from internal methods // to private methods to remove them from asmmeta files. #if DEBUG private static List<ContentGrant> GetGrantsFromBoundUseLicense( SafeRightsManagementHandle boundUseLicenseHandle, ContentUser user) { Invariant.Assert(!boundUseLicenseHandle.IsInvalid); List<ContentGrant> resultList = new List<ContentGrant>(10); // Go through each ContentRight within group item for (uint rightIndex = 0; ; rightIndex++) { // extract object information from each Work Item SafeRightsManagementHandle rightQueryHandle = null; int hr = SafeNativeMethods.DRMGetBoundLicenseObject( boundUseLicenseHandle, NativeConstants.QUERY_RIGHT, rightIndex, out rightQueryHandle); if ((hr == (int)RightsManagementFailureCode.NoMoreData) || (hr == (int)RightsManagementFailureCode.QueryReportsNoResults)) { // we got to the end of the RIGHT's list break; } Errors.ThrowOnErrorCode(hr); Debug.Assert((rightQueryHandle != null) && (!rightQueryHandle.IsInvalid)); using (rightQueryHandle) { // We got to the "right" object, now we can ask for the name string rightName = GetBoundLicenseStringAttribute(rightQueryHandle, NativeConstants.QUERY_NAME, 0); // if it is one of the erights that we "understand" we can proceed to query the time interval Nullable<ContentRight> right = GetRightFromString(rightName); if (right != null) { DateTime timeFrom = DateTime.MinValue; DateTime timeUntil = DateTime.MaxValue; SafeRightsManagementHandle rangeTimeQueryHandle = null; hr = SafeNativeMethods.DRMGetBoundLicenseObject( rightQueryHandle, NativeConstants.QUERY_RANGETIMECONDITION, 0, out rangeTimeQueryHandle); if ((hr != (int)RightsManagementFailureCode.NoMoreData) && (hr != (int)RightsManagementFailureCode.QueryReportsNoResults)) { Errors.ThrowOnErrorCode(hr); Debug.Assert((rangeTimeQueryHandle != null) && (!rangeTimeQueryHandle.IsInvalid)); using (rangeTimeQueryHandle) { timeFrom = GetBoundLicenseDateTimeAttribute( rangeTimeQueryHandle, NativeConstants.QUERY_FROMTIME, 0, DateTime.MinValue); timeUntil = GetBoundLicenseDateTimeAttribute( rangeTimeQueryHandle, NativeConstants.QUERY_UNTILTIME, 0, DateTime.MaxValue); } } resultList.Add(new ContentGrant(user, right.Value, timeFrom, timeUntil)); } } } return resultList; }
public ContentGrant(ContentUser user, ContentRight right) { throw new NotImplementedException(); }
/// <summary> /// This property verifies whether the current machine was prepared for consuming and producing RM protected content. /// If property returns true it could be used as an indication that Init function call will not result in a network transaction. /// </summary> public static bool IsUserActivated(ContentUser user) { SecurityHelper.DemandRightsManagementPermission(); if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identified users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed)); } using (ClientSession userClientSession = new ClientSession(user)) { // if machine activation is not present we can return false right away return (userClientSession.IsMachineActivated() && userClientSession.IsUserActivated()); } }
/// <summary> /// Constructor for the read only ContentGrant class. It takes values for user and right as parameters. /// </summary> public ContentGrant(ContentUser user, ContentRight right) : this(user, right, DateTime.MinValue, DateTime.MaxValue) { }
private void GetIssuanceLicenseInfo( out DateTime timeFrom, out DateTime timeUntil, DistributionPointInfo distributionPointInfo, out string distributionPointName, out string distributionPointUri, out ContentUser owner, out bool officialFlag) { uint distributionPointNameLength = 0; uint distributionPointUriLength = 0; bool officialFlagTemp = false; SafeRightsManagementPubHandle ownerHandleTemp = null; int hr = SafeNativeMethods.DRMGetIssuanceLicenseInfo( _issuanceLicenseHandle, null, null, (uint)distributionPointInfo, ref distributionPointNameLength, null, ref distributionPointUriLength, null, out ownerHandleTemp, out officialFlagTemp); Errors.ThrowOnErrorCode(hr); if (ownerHandleTemp != null) { // As a result of calling DRMGetIssuanceLicenseInfo twice, // we are getting 2 handles. We are going to dispose the first one // and preserve the second one. ownerHandleTemp.Dispose(); ownerHandleTemp = null; } StringBuilder distributionPointNameTemp = null; // allocate memory as necessary, it seems that Unmanaged libraries really do not like // getting a non null buffer of size 0 if (distributionPointNameLength > 0) { distributionPointNameTemp = new StringBuilder(checked((int)distributionPointNameLength)); } StringBuilder distributionPointUriTemp = null; // allocate memory as necessary, it seems that Unmanaged libraries really do not like // getting a non null buffer of size 0 if (distributionPointUriLength > 0) { distributionPointUriTemp = new StringBuilder(checked((int)distributionPointUriLength)); } SystemTime timeFromTemp = new SystemTime(DateTime.Now); SystemTime timeUntilTemp = new SystemTime(DateTime.Now); hr = SafeNativeMethods.DRMGetIssuanceLicenseInfo( _issuanceLicenseHandle, timeFromTemp, timeUntilTemp, (uint)distributionPointInfo, ref distributionPointNameLength, distributionPointNameTemp, ref distributionPointUriLength, distributionPointUriTemp, out ownerHandleTemp, out officialFlagTemp); Errors.ThrowOnErrorCode(hr); timeFrom = timeFromTemp.GetDateTime(DateTime.MinValue); timeUntil = timeUntilTemp.GetDateTime(DateTime.MaxValue); // only if we got some data back we shall try to process it if (distributionPointNameTemp != null) { distributionPointName = distributionPointNameTemp.ToString(); } else { distributionPointName = null; } // only if we got some data back we shall try to process it if (distributionPointUriTemp != null) { distributionPointUri = distributionPointUriTemp.ToString(); } else { distributionPointUri = null; } // if we have owner let's convert it to a user and preserve // handler for further destruction owner = null; if (ownerHandleTemp != null) { _pubHandlesList.Add(ownerHandleTemp); if (!ownerHandleTemp.IsInvalid) { owner = GetUserFromHandle(ownerHandleTemp); } } officialFlag = officialFlagTemp; }
/// <summary> /// constructor that buils an issuance license from scratch /// </summary> private void Initialize( DateTime validFrom, DateTime validUntil, string referralInfoName, Uri referralInfoUri, ContentUser owner, string issuanceLicense, SafeRightsManagementHandle boundLicenseHandle, Guid contentId, ICollection<ContentGrant> grantCollection, IDictionary<int, LocalizedNameDescriptionPair> localizedNameDescriptionDictionary, IDictionary<string, string> applicationSpecificDataDictionary, int rightValidityIntervalDays, RevocationPoint revocationPoint) { // according to the unmanaged RM SDK spec only the following scenarios are supported: // 1. This can be called to create an issuance license from a template. // issuanceLicense An unsigned issuance license from // a file or by passing an issuance license // handle into DRMGetIssuanceLicenseTemplate // boundLicenseHandle NULL // // 2. This allows you to reuse rights information (the list follows this table). // issuance license A signed issuance license // boundLicenseHandle Handle to license bound by OWNER or VIEWRIGHTSDATA right // // 3. This creates an issuance license from scratch. It includes no users, rights, metadata, or policies. // issuance license NULL // boundLicenseHandle NULL Debug.Assert(!boundLicenseHandle.IsClosed); // it must be either present or not // closed handle is an indication of some internal error Invariant.Assert((boundLicenseHandle.IsInvalid) || (issuanceLicense != null)); SystemTime validFromSysTime = null; SystemTime validUntilSysTime = null; if ((validFrom != DateTime.MinValue) || (validUntil != DateTime.MaxValue)) { // we need to use non null values if at least one of the time boundaries isn't default // DRM SDK will not enforce date time unless both timeFrom and timeUnti are set validFromSysTime = new SystemTime((DateTime)validFrom); validUntilSysTime = new SystemTime((DateTime)validUntil); } string referralInfoUriStr = null; if (referralInfoUri != null) { referralInfoUriStr = referralInfoUri.ToString(); } // input parameter must be initialized to the invalid handle // attempt to pass in a null throws an exception from the Safe // Handle Marshalling code SafeRightsManagementPubHandle ownerHandle; if (owner != null) { ownerHandle = GetHandleFromUser(owner); } else { ownerHandle = SafeRightsManagementPubHandle.InvalidHandle; } int hr; _issuanceLicenseHandle = null; hr = SafeNativeMethods.DRMCreateIssuanceLicense( validFromSysTime, validUntilSysTime, referralInfoName, referralInfoUriStr, ownerHandle, issuanceLicense, boundLicenseHandle, out _issuanceLicenseHandle); Errors.ThrowOnErrorCode(hr); Invariant.Assert((_issuanceLicenseHandle != null) && (!_issuanceLicenseHandle.IsInvalid)); Debug.Assert(rightValidityIntervalDays >= 0); // our internal code makes the guarantee that is is not negative if (rightValidityIntervalDays > 0) { // If it is 0 we shouldn't override the value as it might be coming from a template SafeNativeMethods.DRMSetIntervalTime(_issuanceLicenseHandle, (uint)rightValidityIntervalDays); } if (grantCollection != null) { foreach (ContentGrant grant in grantCollection) { AddGrant(grant); } } // Set localized name description info if (localizedNameDescriptionDictionary != null) { foreach (KeyValuePair<int, LocalizedNameDescriptionPair> nameDescriptionEntry in localizedNameDescriptionDictionary) { AddNameDescription(nameDescriptionEntry.Key, nameDescriptionEntry.Value); } } // Set application specific data if (applicationSpecificDataDictionary != null) { foreach (KeyValuePair<string, string> applicationSpecificDataEntry in applicationSpecificDataDictionary) { AddApplicationSpecificData(applicationSpecificDataEntry.Key, applicationSpecificDataEntry.Value); } } // set metafata as required if (contentId != null) { hr = SafeNativeMethods.DRMSetMetaData( _issuanceLicenseHandle, contentId.ToString("B"), DefaultContentType, null, null, null, null); Errors.ThrowOnErrorCode(hr); } // set revocation point if required if (revocationPoint != null) { SetRevocationPoint(revocationPoint); } }
/// <summary> /// Save a use license for the specified user into the RM transform's instance data /// storage in the compound file. /// </summary> /// <param name="userKey"> /// The user to whom the use license was issued. /// </param> /// <param name="useLicense"> /// The use license issued to that user. /// </param> /// <remarks> /// Any existing use license for the specified user is removed from the compound /// file before the new use license is saved. /// </remarks> /// <exception cref="ArgumentNullException"> /// If <paramref name="userKey"/> or <paramref name="useLicense"/> is null. /// </exception> /// <exception cref="FileFormatException"> /// If the RM information in this file cannot be written by the current version of /// this class. /// </exception> public void SaveUseLicense(ContentUser userKey, UseLicense useLicense) { _rmet.SaveUseLicense(userKey, useLicense); }
/// <summary> /// Delete the use license for the specified user from the RM transform's instance /// data storage in the compound file. /// </summary> /// <param name="userKey"> /// The user whose use license is to be deleted. /// </param> /// <exception cref="ArgumentNullException"> /// If <paramref name="userKey"/> is null. /// </exception> /// <exception cref="FileFormatException"> /// If the RM information in this file cannot be updated by the current version of /// this class. /// </exception> public void DeleteUseLicense(ContentUser userKey) { _rmet.DeleteUseLicense(userKey); }
/// <summary> /// This function is used to build a List of certificates of a given type (Licensor or Identity) /// From all of the certificates based on the matching of the User Id /// </summary> internal List<string> EnumerateUsersCertificateIds( ContentUser user, EnumerateLicenseFlags certificateType) { CheckDisposed(); if ((certificateType != EnumerateLicenseFlags.Machine) && (certificateType != EnumerateLicenseFlags.GroupIdentity) && (certificateType != EnumerateLicenseFlags.GroupIdentityName) && (certificateType != EnumerateLicenseFlags.GroupIdentityLid) && (certificateType != EnumerateLicenseFlags.SpecifiedGroupIdentity) && (certificateType != EnumerateLicenseFlags.Eul) && (certificateType != EnumerateLicenseFlags.EulLid) && (certificateType != EnumerateLicenseFlags.ClientLicensor) && (certificateType != EnumerateLicenseFlags.ClientLicensorLid) && (certificateType != EnumerateLicenseFlags.SpecifiedClientLicensor) && (certificateType != EnumerateLicenseFlags.RevocationList) && (certificateType != EnumerateLicenseFlags.RevocationListLid) && (certificateType != EnumerateLicenseFlags.Expired)) { throw new ArgumentOutOfRangeException("certificateType"); } List<string> certificateIdList = new List<string>(); int index = 0; // first enumerate certificates and find the ones that match given user while (true) { // we get a string which can be parsed to get the ID and type string currentUserCertificate = EnumerateLicense(certificateType, index); if (currentUserCertificate == null) break; // we need to parse the information out of the string ContentUser currentUser = ExtractUserFromCertificateChain(currentUserCertificate); // let's see if we have a match on the User Id, if we do we need to add it to the list if (user.GenericEquals(currentUser)) { // we got a match let's preserve the certificate in the list certificateIdList.Add(ClientSession.ExtractCertificateIdFromCertificateChain(currentUserCertificate)); } index++; } return certificateIdList; }
/// <summary> /// Private Constructor for the SecureEnvironment. /// </summary> private SecureEnvironment(string applicationManifest, ContentUser user, ClientSession clientSession) { Invariant.Assert(applicationManifest != null); Invariant.Assert(user != null); Invariant.Assert(clientSession != null); _user = user; _applicationManifest = applicationManifest; _clientSession = clientSession; }
public static bool IsUserActivated(ContentUser user) { throw new NotImplementedException (); }
/// <summary> /// Removes activation for a given user. User must have Windows or Passport authnetication /// </summary> public static void RemoveActivatedUser(ContentUser user) { SecurityHelper.DemandRightsManagementPermission(); if (user == null) { throw new ArgumentNullException("user"); } // we only let specifically identifyed users to be used here if ((user.AuthenticationType != AuthenticationType.Windows) && (user.AuthenticationType != AuthenticationType.Passport)) { throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed)); } // Generic client session to enumerate user certificates using (ClientSession userClientSession = new ClientSession(user)) { // Remove Licensor certificastes first List<string> userClientLicensorCertificateIds = userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.ClientLicensor); // and now we can remove certificates that have been enumerated foreach(string licenseId in userClientLicensorCertificateIds) { userClientSession.DeleteLicense(licenseId); } // Remove User's identity certificastes second List<string> userGroupIdentityCertificateIds = userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.GroupIdentity); // and now we can remove certificates that have been enumerated foreach(string licenseId in userGroupIdentityCertificateIds) { userClientSession.DeleteLicense(licenseId); } } }
public static bool IsUserActivated(ContentUser user) { throw new NotImplementedException(); }
MakeTypePrefixedUserName( ContentUser user ) { // Use 9 since we don't do extra allocation for user.AuthenticationType.ToString() // to get the accurate length StringBuilder userName = new StringBuilder(9 /* for Windows: or Passport: */ + user.Name.Length); userName.Append(user.AuthenticationType.ToString()); userName.Append(':'); userName.Append(user.Name); return userName.ToString(); }
/// <summary> /// Converts Authentication type enumeration into a string that can be accepted by the unmanaged code /// </summary> private string ConvertAuthenticationTypeToString(ContentUser user) { if (user.AuthenticationType == AuthenticationType.WindowsPassport) { return UnspecifiedAuthenticationType; } else { return user.AuthenticationType.ToString(); } }
LoadUseLicense( ContentUser user ) { if (user == null) { throw new ArgumentNullException("user"); } LoadUseLicenseForUserParams param = new LoadUseLicenseForUserParams(user); EnumUseLicenseStreams( new UseLicenseStreamCallback(this.LoadUseLicenseForUser), param ); return param.UseLicense; }
SaveUseLicense( ContentUser user, UseLicense useLicense ) { if (user == null) { throw new ArgumentNullException("user"); } if (useLicense == null) { throw new ArgumentNullException("useLicense"); } if (user.AuthenticationType != AuthenticationType.Windows && user.AuthenticationType != AuthenticationType.Passport) { throw new ArgumentException( SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed), "user" ); } // // Delete any existing use license for this user. // EnumUseLicenseStreams( new UseLicenseStreamCallback(this.DeleteUseLicenseForUser), user ); // // Save the new use license for this user in a new stream. // SaveUseLicenseForUser(user, useLicense); }
public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil) { throw new NotImplementedException(); }
DeleteUseLicense( ContentUser user ) { if (user == null) { throw new ArgumentNullException("user"); } EnumUseLicenseStreams( new UseLicenseStreamCallback(this.DeleteUseLicenseForUser), user ); }
private static List<ContentGrant> GetGrantsFromBoundUseLicenseList( List<SafeRightsManagementHandle> boundUseLicenseHandleList, ContentUser user) { Invariant.Assert(boundUseLicenseHandleList != null); List<ContentGrant> resultList = new List<ContentGrant>(boundUseLicenseHandleList.Count); // Go through each ContentRight within group item foreach (SafeRightsManagementHandle boundUseLicenseHandle in boundUseLicenseHandleList) { Debug.Assert(!boundUseLicenseHandle.IsInvalid); List<ContentGrant> newList = GetGrantsFromBoundUseLicense(boundUseLicenseHandle, user); foreach (ContentGrant newGrant in newList) { resultList.Add(newGrant); } } return resultList; }
LoadUseLicenseAndUserFromStream( BinaryReader utf8Reader, out ContentUser user ) { utf8Reader.BaseStream.Seek(0, SeekOrigin.Begin); // // The stream begins with a header of the following format: // // Int32 headerLength // Int32 userNameLen // Byte userName[userNameLen] // // ... and then continues with: // // In32 useLicenseLen // Byte useLicense[useLicenseLen]; // Int32 headerLength = utf8Reader.ReadInt32(); if (headerLength < UseLicenseStreamLengthMin) { throw new FileFormatException(SR.Get(SRID.UseLicenseStreamCorrupt)); } // // The type-prefixed user name string (e.g., "windows:domain\alias") was // treated as a sequence of little-Endian UTF-16 characters. The octet // sequence representing those characters in that encoding were Base-64 // encoded. The resulting character string was then UTF-8 encoded. The // resulting byte-length-prefixed UTF-8 byte sequence is what was stored // in the use license stream. // string base64UserName = ReadLengthPrefixedString(utf8Reader, Encoding.UTF8, UserNameLengthMax); byte[] userNameBytes = Convert.FromBase64String(base64UserName); string typePrefixedUserName = new string( _unicodeEncoding.GetChars(userNameBytes) ); // // Create and return the user object specified by the type-prefixed name. // If the type-prefixed name is not in a valid format, a FileFormatException // will be thrown. // AuthenticationType authenticationType; string userName; ParseTypePrefixedUserName(typePrefixedUserName, out authenticationType, out userName); user = new ContentUser(userName, authenticationType); // // Read the use license as a length-prefixed string, and return it. If the stream // is shorter than the length prefix implies, an exception will be thrown. // return new UseLicense( ReadLengthPrefixedString(utf8Reader, Encoding.UTF8, UseLicenseLengthMax) ); }
internal ClientSession(ContentUser user) : this(user, UserActivationMode.Permanent) { }
SaveUseLicenseForUser( ContentUser user, UseLicense useLicense ) { // // Generate a unique name for the use license stream, and create the stream. // string useLicenseStreamName = MakeUseLicenseStreamName(); StreamInfo si = new StreamInfo(_useLicenseStorage, useLicenseStreamName); // This guarantees a call to Stream.Dispose, which is equivalent to Stream.Close. using (Stream licenseStream = si.Create()) { // Create a BinaryWriter on the stream. using (BinaryWriter utf8Writer = new BinaryWriter(licenseStream, Encoding.UTF8)) { // // Construct a type-prefixed user name of the form // "Passport:[....][email protected]" or "Windows:domain\username", // depending on the authentication type of the user. // string typePrefixedUserName = MakeTypePrefixedUserName(user); // // For compatibility with Office, Base64 encode the type-prefixed user name // for the sake of some minimal obfuscation. The parameters to the // UnicodeEncoding ctor mean: "UTF-16 little-endian, no byte order mark". // Then convert the Base64 characters to UTF-8 encoding. // byte [] userNameBytes = _unicodeEncoding.GetBytes(typePrefixedUserName); string base64UserName = Convert.ToBase64String(userNameBytes); byte [] utf8Bytes = Encoding.UTF8.GetBytes(base64UserName); Int32 utf8ByteLength = utf8Bytes.Length; // // Write out a header preceding the use license. The header is of the form: // Int32 headerLength // Int32 userNameLength (in bytes) // Byte userName[userNameLength] // Byte paddings Int32 headerLength = checked ( 2 * CU.Int32Size + utf8ByteLength + CU.CalculateDWordPadBytesLength(utf8ByteLength)); utf8Writer.Write(headerLength); utf8Writer.Write(utf8ByteLength); utf8Writer.Write(utf8Bytes, 0, utf8ByteLength); WriteDwordPadding(utf8ByteLength, utf8Writer); // // Write out the use license itself. // WriteByteLengthPrefixedDwordPaddedString(useLicense.ToString(), utf8Writer, Encoding.UTF8); } } }
public static SecureEnvironment Create(string applicationManifest, ContentUser user) { throw new NotImplementedException (); }
LoadUseLicenseForUserParams( ContentUser user ) { _user = user; _useLicense = null; }
public static void RemoveActivatedUser(ContentUser user) { throw new NotImplementedException (); }
public static SecureEnvironment Create(string applicationManifest, ContentUser user) { throw new NotImplementedException(); }