public virtual ObjectHandle CreateInstance(ActivationContext activationContext, string[] activationCustomData)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
Contract.EndContractBlock();
if (CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ActivationContext, activationContext))
{
ManifestRunner runner = new ManifestRunner(AppDomain.CurrentDomain, activationContext);
return(new ObjectHandle(runner.ExecuteAsAssembly()));
}
AppDomainSetup adSetup = new AppDomainSetup(new ActivationArguments(activationContext, activationCustomData));
// inherit the calling domain's AppDomain Manager
AppDomainSetup currentDomainSetup = AppDomain.CurrentDomain.SetupInformation;
adSetup.AppDomainManagerType = currentDomainSetup.AppDomainManagerType;
adSetup.AppDomainManagerAssembly = currentDomainSetup.AppDomainManagerAssembly;
// we inherit the evidence from the calling domain
return(CreateInstanceHelper(adSetup));
}
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
adSetup.ActivationArguments.ActivateInstance = true;
Evidence evidence = AppDomain.CurrentDomain.Evidence;
Evidence applicationEvidence = CmsUtils.MergeApplicationEvidence((Evidence)null, adSetup.ActivationArguments.ApplicationIdentity, adSetup.ActivationArguments.ActivationContext, adSetup.ActivationArguments.ActivationData);
ApplicationTrust applicationTrust = AppDomain.CurrentDomain.HostSecurityManager.DetermineApplicationTrust(applicationEvidence, evidence, new TrustManagerContext());
if (applicationTrust == null || !applicationTrust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320, (Exception)null);
}
string fullName = adSetup.ActivationArguments.ApplicationIdentity.FullName;
AppDomainSetup setup = adSetup;
Evidence providedSecurityInfo = applicationEvidence;
Evidence creatorsSecurityInfo = providedSecurityInfo == null ? AppDomain.CurrentDomain.InternalEvidence : (Evidence)null;
IntPtr securityDescriptor = AppDomain.CurrentDomain.GetSecurityDescriptor();
ObjRef instance = AppDomain.nCreateInstance(fullName, setup, providedSecurityInfo, creatorsSecurityInfo, securityDescriptor);
if (instance == null)
{
return((ObjectHandle)null);
}
return(RemotingServices.Unmarshal(instance) as ObjectHandle);
}
internal ManifestRunner(AppDomain domain, ActivationContext activationContext)
{
this.m_domain = domain;
string text;
string text2;
CmsUtils.GetEntryPoint(activationContext, out text, out text2);
if (string.IsNullOrEmpty(text))
{
throw new ArgumentException(Environment.GetResourceString("Argument_NoMain"));
}
if (string.IsNullOrEmpty(text2))
{
this.m_args = new string[0];
}
else
{
this.m_args = text2.Split(new char[]
{
' '
});
}
this.m_apt = ApartmentState.Unknown;
string applicationDirectory = activationContext.ApplicationDirectory;
this.m_path = Path.Combine(applicationDirectory, text);
}
internal ManifestRunner(AppDomain domain, ActivationContext activationContext)
{
m_domain = domain;
string file, parameters;
CmsUtils.GetEntryPoint(activationContext, out file, out parameters);
if (String.IsNullOrEmpty(file))
{
throw new ArgumentException(Environment.GetResourceString("Argument_NoMain"));
}
if (String.IsNullOrEmpty(parameters))
{
m_args = new string[0];
}
else
{
m_args = parameters.Split(' ');
}
m_apt = ApartmentState.Unknown;
// get the 'merged' application directory path.
string directoryName = activationContext.ApplicationDirectory;
m_path = Path.Combine(directoryName, file);
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationTrust appTrust = null;
AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
if (domainManager != null)
{
HostSecurityManager securityManager = domainManager.HostSecurityManager;
if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust))
{
appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
}
appTrust = DetermineApplicationTrustInternal(activationContext, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
public ApplicationTrustCollection Find(ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch)
{
ApplicationTrustCollection applicationTrustCollection = new ApplicationTrustCollection(false);
foreach (ApplicationTrust applicationTrust in this)
{
if (CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, applicationIdentity, versionMatch))
{
applicationTrustCollection.Add(applicationTrust);
}
}
return applicationTrustCollection;
}
public ApplicationTrustCollection Find(ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch)
{
ApplicationTrustCollection trusts = new ApplicationTrustCollection(false);
ApplicationTrustEnumerator enumerator = this.GetEnumerator();
while (enumerator.MoveNext())
{
ApplicationTrust current = enumerator.Current;
if (CmsUtils.CompareIdentities(current.ApplicationIdentity, applicationIdentity, versionMatch))
{
trusts.Add(current);
}
}
return(trusts);
}
public virtual ObjectHandle CreateInstance(ActivationContext activationContext, string[] activationCustomData)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
if (CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ActivationContext, activationContext))
{
ManifestRunner runner = new ManifestRunner(AppDomain.CurrentDomain, activationContext);
return(new ObjectHandle(runner.ExecuteAsAssembly()));
}
AppDomainSetup adSetup = new AppDomainSetup(new ActivationArguments(activationContext, activationCustomData));
return(CreateInstanceHelper(adSetup));
}
/// <summary>
/// Encrypts and outputs the message.
/// </summary>
protected override void EndProcessing()
{
byte[] contentBytes = null;
if (_inputObjects.Count > 0)
{
StringBuilder outputString = new StringBuilder();
Collection <PSObject> output = System.Management.Automation.PowerShell.Create()
.AddCommand("Microsoft.PowerShell.Utility\\Out-String")
.AddParameter("Stream")
.Invoke(_inputObjects);
foreach (PSObject outputObject in output)
{
if (outputString.Length > 0)
{
outputString.AppendLine();
}
outputString.Append(outputObject);
}
contentBytes = System.Text.Encoding.UTF8.GetBytes(outputString.ToString());
}
else
{
contentBytes = System.IO.File.ReadAllBytes(_resolvedPath);
}
ErrorRecord terminatingError = null;
string encodedContent = CmsUtils.Encrypt(contentBytes, To, this.SessionState, out terminatingError);
if (terminatingError != null)
{
ThrowTerminatingError(terminatingError);
}
if (string.IsNullOrEmpty(_resolvedOutFile))
{
WriteObject(encodedContent);
}
else
{
System.IO.File.WriteAllText(_resolvedOutFile, encodedContent);
}
}
/// <summary>
/// Gets the CMS Message object.
/// </summary>
protected override void EndProcessing()
{
string actualContent = null;
// Read in the content
if (string.Equals("ByContent", this.ParameterSetName, StringComparison.OrdinalIgnoreCase))
{
actualContent = _contentBuffer.ToString();
}
else
{
actualContent = System.IO.File.ReadAllText(_resolvedPath);
}
// Extract out the bytes and Base64 decode them
int startIndex, endIndex;
byte[] contentBytes = CmsUtils.RemoveAsciiArmor(actualContent, CmsUtils.BEGIN_CMS_SIGIL, CmsUtils.END_CMS_SIGIL, out startIndex, out endIndex);
if (contentBytes == null)
{
ErrorRecord error = new ErrorRecord(
new ArgumentException(CmsCommands.InputContainedNoEncryptedContent),
"InputContainedNoEncryptedContent", ErrorCategory.ObjectNotFound, null);
ThrowTerminatingError(error);
}
EnvelopedCms cms = new EnvelopedCms();
cms.Decode(contentBytes);
PSObject result = new PSObject(cms);
List <object> recipients = new List <object>();
foreach (RecipientInfo recipient in cms.RecipientInfos)
{
recipients.Add(recipient.RecipientIdentifier.Value);
}
result.Properties.Add(
new PSNoteProperty("Recipients", recipients));
result.Properties.Add(
new PSNoteProperty("Content", actualContent));
WriteObject(result);
}
public virtual ObjectHandle CreateInstance(ActivationContext activationContext, string[] activationCustomData)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
if (CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ActivationContext, activationContext))
{
ManifestRunner manifestRunner = new ManifestRunner(AppDomain.CurrentDomain, activationContext);
return(new ObjectHandle(manifestRunner.ExecuteAsAssembly()));
}
AppDomainSetup appDomainSetup = new AppDomainSetup(new ActivationArguments(activationContext, activationCustomData));
AppDomainSetup setupInformation = AppDomain.CurrentDomain.SetupInformation;
appDomainSetup.AppDomainManagerType = setupInformation.AppDomainManagerType;
appDomainSetup.AppDomainManagerAssembly = setupInformation.AppDomainManagerAssembly;
return(ApplicationActivator.CreateInstanceHelper(appDomainSetup));
}
public AppDomainSetup(System.Runtime.Hosting.ActivationArguments activationArguments)
{
if (activationArguments == null)
{
throw new ArgumentNullException("activationArguments");
}
this._LoaderOptimization = System.LoaderOptimization.NotSpecified;
this.ActivationArguments = activationArguments;
string entryPointFullPath = CmsUtils.GetEntryPointFullPath(activationArguments);
if (!string.IsNullOrEmpty(entryPointFullPath))
{
this.SetupDefaultApplicationBase(entryPointFullPath);
}
else
{
this.ApplicationBase = activationArguments.ActivationContext.ApplicationDirectory;
}
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(applicationTrust);
}
[System.Security.SecuritySafeCritical] // auto-generated
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
Contract.EndContractBlock();
adSetup.ActivationArguments.ActivateInstance = true;
// inherit the caller's domain evidence for the activation.
Evidence activatorEvidence = AppDomain.CurrentDomain.Evidence;
// add the application identity as an evidence.
Evidence appEvidence = CmsUtils.MergeApplicationEvidence(null,
adSetup.ActivationArguments.ApplicationIdentity,
adSetup.ActivationArguments.ActivationContext,
adSetup.ActivationArguments.ActivationData);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
ApplicationTrust appTrust = securityManager.DetermineApplicationTrust(appEvidence, activatorEvidence, new TrustManagerContext());
if (appTrust == null || !appTrust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
System.__HResults.CORSEC_E_NO_EXEC_PERM,
null);
}
ObjRef or = AppDomain.nCreateInstance(adSetup.ActivationArguments.ApplicationIdentity.FullName,
adSetup,
appEvidence,
appEvidence == null ? AppDomain.CurrentDomain.InternalEvidence : null,
AppDomain.CurrentDomain.GetSecurityDescriptor());
if (or == null)
{
return(null);
}
return(RemotingServices.Unmarshal(or) as ObjectHandle);
}
internal ManifestRunner(AppDomain domain, ActivationContext activationContext)
{
m_domain = domain;
string file, parameters;
CmsUtils.GetEntryPoint(activationContext, out file, out parameters);
if (parameters == null || parameters.Length == 0)
{
m_args = new string[0];
}
else
{
m_args = parameters.Split(' ');
}
m_apt = ApartmentState.Unknown;
// get the 'merged' application directory path.
string directoryName = activationContext.ApplicationDirectory;
m_path = Path.Combine(directoryName, file);
}
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
adSetup.ActivationArguments.ActivateInstance = true;
Evidence activatorEvidence = AppDomain.CurrentDomain.Evidence;
Evidence applicationEvidence = CmsUtils.MergeApplicationEvidence(null, adSetup.ActivationArguments.ApplicationIdentity, adSetup.ActivationArguments.ActivationContext, adSetup.ActivationArguments.ActivationData);
ApplicationTrust trust = AppDomain.CurrentDomain.HostSecurityManager.DetermineApplicationTrust(applicationEvidence, activatorEvidence, new TrustManagerContext());
if ((trust == null) || !trust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320, null);
}
ObjRef objectRef = AppDomain.nCreateInstance(adSetup.ActivationArguments.ApplicationIdentity.FullName, adSetup, applicationEvidence, (applicationEvidence == null) ? AppDomain.CurrentDomain.InternalEvidence : null, AppDomain.CurrentDomain.GetSecurityDescriptor());
if (objectRef == null)
{
return(null);
}
return(RemotingServices.Unmarshal(objectRef) as ObjectHandle);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (activationArgs == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(appTrust);
}
private string Decrypt(string actualContent)
{
// Extract out the bytes and Base64 decode them
int startIndex, endIndex;
byte[] messageBytes = CmsUtils.RemoveAsciiArmor(actualContent, CmsUtils.BEGIN_CMS_SIGIL, CmsUtils.END_CMS_SIGIL, out startIndex, out endIndex);
if ((messageBytes == null) && (!IncludeContext))
{
ErrorRecord error = new ErrorRecord(
new ArgumentException(
string.Format(CultureInfo.InvariantCulture,
CmsCommands.InputContainedNoEncryptedContentIncludeContext, "-IncludeContext")),
"InputContainedNoEncryptedContentIncludeContext", ErrorCategory.ObjectNotFound, null);
ThrowTerminatingError(error);
}
// Capture the pre and post context, if there was any
string preContext = null;
string postContext = null;
if (IncludeContext)
{
if (startIndex > -1)
{
preContext = actualContent.Substring(0, startIndex);
}
if (endIndex > -1)
{
postContext = actualContent.Substring(endIndex);
}
}
EnvelopedCms cms = new EnvelopedCms();
X509Certificate2Collection certificates = new X509Certificate2Collection();
if ((To != null) && (To.Length > 0))
{
ErrorRecord error = null;
foreach (CmsMessageRecipient recipient in To)
{
recipient.Resolve(this.SessionState, ResolutionPurpose.Decryption, out error);
if (error != null)
{
ThrowTerminatingError(error);
return(null);
}
foreach (X509Certificate2 certificate in recipient.Certificates)
{
certificates.Add(certificate);
}
}
}
string resultString = actualContent;
if (messageBytes != null)
{
cms.Decode(messageBytes);
cms.Decrypt(certificates);
resultString = System.Text.Encoding.UTF8.GetString(cms.ContentInfo.Content);
}
if (IncludeContext)
{
if (preContext != null)
{
resultString = preContext + resultString;
}
if (postContext != null)
{
resultString = resultString + postContext;
}
}
return(resultString);
}
