Inheritance: NativeObjectSecurity
Esempio n. 1
0
		public CspParameters (int providerType, string providerName, string keyContainerName, 
			CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle)
			: this (providerType, providerName, keyContainerName)
		{
			if (cryptoKeySecurity != null)
				CryptoKeySecurity = cryptoKeySecurity;
			_windowHandle = parentWindowHandle;
		}
 internal CspParameters(CspParameters parameters)
 {
     this.ProviderType = parameters.ProviderType;
     this.ProviderName = parameters.ProviderName;
     this.KeyContainerName = parameters.KeyContainerName;
     this.KeyNumber = parameters.KeyNumber;
     this.Flags = parameters.Flags;
     this.m_cryptoKeySecurity = parameters.m_cryptoKeySecurity;
     this.m_keyPassword = parameters.m_keyPassword;
     this.m_parentWindowHandle = parameters.m_parentWindowHandle;
 }
Esempio n. 3
0
 internal CspParameters(CspParameters parameters)
 {
     this.ProviderType         = parameters.ProviderType;
     this.ProviderName         = parameters.ProviderName;
     this.KeyContainerName     = parameters.KeyContainerName;
     this.KeyNumber            = parameters.KeyNumber;
     this.Flags                = parameters.Flags;
     this.m_cryptoKeySecurity  = parameters.m_cryptoKeySecurity;
     this.m_keyPassword        = parameters.m_keyPassword;
     this.m_parentWindowHandle = parameters.m_parentWindowHandle;
 }
Esempio n. 4
0
        private CryptoKeySecurity createAccessRules()
        {
            var defaultRules = true;
            var result = new CryptoKeySecurity();

            foreach(var identity in getIdentityList(_writeAccess))
            {
                result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.FullControl, AccessControlType.Allow));
                defaultRules = false;
            }

            foreach (var identity in getIdentityList(_readAccess))
            {
                result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.GenericRead, AccessControlType.Allow));
                defaultRules = false;
            }

            return defaultRules ? null : result;
        }
Esempio n. 5
0
		public CspParameters (int providerType, string providerName, string keyContainerName, 
			CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword)
			: this (providerType, providerName, keyContainerName)
		{
			if (cryptoKeySecurity != null)
				CryptoKeySecurity = cryptoKeySecurity;
			_password = keyPassword;
		}
        // copy constructor
        internal CspParameters (CspParameters parameters) {
            ProviderType = parameters.ProviderType;
            ProviderName = parameters.ProviderName;
            KeyContainerName = parameters.KeyContainerName;
            KeyNumber = parameters.KeyNumber;
            Flags = parameters.Flags;
#if FEATURE_MACL            
            m_cryptoKeySecurity = parameters.m_cryptoKeySecurity;
#endif // FEATURE_MACL
#if FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS
            m_keyPassword = parameters.m_keyPassword;
            m_parentWindowHandle = parameters.m_parentWindowHandle;
#endif // FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS
        }
Esempio n. 7
0
        [System.Security.SecurityCritical]  // auto-generated
        internal static void SetKeySetSecurityInfo (SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections) {
            SecurityInfos securityInfo = 0;
            Privilege privilege = null;

            if ((accessControlSections & AccessControlSections.Owner) != 0 && cryptoKeySecurity._securityDescriptor.Owner != null)
                securityInfo |= SecurityInfos.Owner;
            if ((accessControlSections & AccessControlSections.Group) != 0 && cryptoKeySecurity._securityDescriptor.Group != null)
                securityInfo |= SecurityInfos.Group;
            if ((accessControlSections & AccessControlSections.Audit) != 0)
                securityInfo |= SecurityInfos.SystemAcl;
            if ((accessControlSections & AccessControlSections.Access) != 0 && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent)
                securityInfo |= SecurityInfos.DiscretionaryAcl;

            if (securityInfo == 0) {
                // Nothing to persist
                return;
            }

            int error = 0;

            RuntimeHelpers.PrepareConstrainedRegions();
            try {
                if ((securityInfo & SecurityInfos.SystemAcl) != 0) {
                    privilege = new Privilege("SeSecurityPrivilege");
                    privilege.Enable();
                }

                byte[] sd = cryptoKeySecurity.GetSecurityDescriptorBinaryForm();
                if (sd != null && sd.Length > 0)
                    error = SetKeySetSecurityInfo (hProv, securityInfo, sd);
            }
            finally {
                if (privilege != null)
                    privilege.Revert();
            }

            if (error == Win32Native.ERROR_ACCESS_DENIED || error == Win32Native.ERROR_INVALID_OWNER || error == Win32Native.ERROR_INVALID_PRIMARY_GROUP)
                throw new UnauthorizedAccessException();
            else if (error == Win32Native.ERROR_PRIVILEGE_NOT_HELD)
                throw new PrivilegeNotHeldException("SeSecurityPrivilege");
            else if (error == Win32Native.ERROR_INVALID_HANDLE)
                throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
            else if (error != Win32Native.ERROR_SUCCESS)
                throw new CryptographicException(error);
        }
 public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this(providerType, providerName, keyContainerName)
 {
     this.m_cryptoKeySecurity = cryptoKeySecurity;
     this.m_keyPassword = keyPassword;
 }
 public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this(providerType, providerName, keyContainerName)
 {
     this.m_cryptoKeySecurity = cryptoKeySecurity;
     this.m_parentWindowHandle = parentWindowHandle;
 }
        // This method could throw any exception, because RSACryptoServiceProvider ctor could do so
        // We will escalate the exceptions to the callers who will be more sensible on how to deal with them
        void CommitCryptoKeySecurity(CspKeyContainerInfo info, CryptoKeySecurity keySec)
        {
            CspParameters cspParams = new CspParameters(
                info.ProviderType, info.ProviderName,
                info.KeyContainerName);
            cspParams.CryptoKeySecurity = keySec;
            // Important flag, or the security setting will silently fail
            cspParams.Flags = CspProviderFlags.UseMachineKeyStore;

            // The RSACryptoServiceProvider ctor will automatically apply DACLs set in CSP's securtiy info 
            new RSACryptoServiceProvider(cspParams);
        }
 //
 // Summary:
 //     Initializes a new instance of the System.Security.Cryptography.CspParameters
 //     class using a provider type, a provider name, a container name, access information,
 //     and a password associated with a smart card key.
 //
 // Parameters:
 //   providerType:
 //     The provider type code that specifies the kind of provider to create.
 //
 //   providerName:
 //     A provider name.
 //
 //   keyContainerName:
 //     A container name.
 //
 //   cryptoKeySecurity:
 //     A System.Security.AccessControl.CryptoKeySecurity object that represents
 //     access rights and audit rules for a container.
 //
 //   keyPassword:
 //     A password associated with a smart card key.
 public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword);
 //
 // Summary:
 //     Initializes a new instance of the System.Security.Cryptography.CspParameters
 //     class using a provider type, a provider name, a container name, access information,
 //     and a handle to an unmanaged smart card password dialog.
 //
 // Parameters:
 //   providerType:
 //     The provider type code that specifies the kind of provider to create.
 //
 //   providerName:
 //     A provider name.
 //
 //   keyContainerName:
 //     A container name.
 //
 //   cryptoKeySecurity:
 //     A System.Security.AccessControl.CryptoKeySecurity object that represents
 //     access rights and audit rules for the container.
 //
 //   parentWindowHandle:
 //     A handle to the parent window for a smart card password dialog.
 public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle);
        internal static void SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections)
        {
            SecurityInfos securityInfo = 0;
            Privilege privilege = null;
            if (((accessControlSections & AccessControlSections.Owner) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Owner != null))
            {
                securityInfo |= SecurityInfos.Owner;
            }
            if (((accessControlSections & AccessControlSections.Group) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Group != null))
            {
                securityInfo |= SecurityInfos.Group;
            }
            if ((accessControlSections & AccessControlSections.Audit) != AccessControlSections.None)
            {
                securityInfo |= SecurityInfos.SystemAcl;
            }
            if (((accessControlSections & AccessControlSections.Access) != AccessControlSections.None) && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent)
            {
                securityInfo |= SecurityInfos.DiscretionaryAcl;
            }
            if (securityInfo != 0)
            {
                int hr = 0;
                RuntimeHelpers.PrepareConstrainedRegions();
                try
                {
                    if ((securityInfo & SecurityInfos.SystemAcl) != 0)
                    {
                        privilege = new Privilege("SeSecurityPrivilege");
                        privilege.Enable();
                    }
                    byte[] securityDescriptorBinaryForm = cryptoKeySecurity.GetSecurityDescriptorBinaryForm();
                    if ((securityDescriptorBinaryForm != null) && (securityDescriptorBinaryForm.Length > 0))
                    {
                        hr = SetKeySetSecurityInfo(hProv, securityInfo, securityDescriptorBinaryForm);
                    }
                }
                finally
                {
                    if (privilege != null)
                    {
                        privilege.Revert();
                    }
                }
                switch (hr)
                {
                    case 5:
                    case 0x51b:
                    case 0x51c:
                        throw new UnauthorizedAccessException();

                    case 0x522:
                        throw new PrivilegeNotHeldException("SeSecurityPrivilege");

                    case 6:
                        throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle"));
                }
                if (hr != 0)
                {
                    throw new CryptographicException(hr);
                }
            }
        }
Esempio n. 14
0
 public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this(providerType, providerName, keyContainerName)
 {
     this.m_cryptoKeySecurity = cryptoKeySecurity;
     this.m_keyPassword       = keyPassword;
 }
Esempio n. 15
0
 public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this(providerType, providerName, keyContainerName)
 {
     this.m_cryptoKeySecurity  = cryptoKeySecurity;
     this.m_parentWindowHandle = parentWindowHandle;
 }