private void AddSameSiteAttribute(XmlElement permissionSetElement)
{
XmlAttribute sameSiteAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.sameSiteAttribute));
if (sameSiteAttribute == null)
{
sameSiteAttribute = permissionSetElement.OwnerDocument.CreateAttribute(XmlUtil.TrimPrefix(XPaths.sameSiteAttribute));
permissionSetElement.Attributes.Append(sameSiteAttribute);
}
sameSiteAttribute.Value = _sameSiteSetting;
}
private void FixupPermissionSetElement(XmlElement permissionSetElement)
{
XmlDocument document = permissionSetElement.OwnerDocument;
XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable);
if (PreserveFullTrustPermissionSet)
{
var unrestrictedAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
if (_isFullTrust)
{
if (unrestrictedAttribute == null)
{
unrestrictedAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
permissionSetElement.Attributes.Append(unrestrictedAttribute);
}
unrestrictedAttribute.Value = "true";
}
else
{
if (unrestrictedAttribute != null)
{
permissionSetElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
}
}
}
else
{
if (_isFullTrust)
{
var unrestrictedAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
if (unrestrictedAttribute == null)
{
unrestrictedAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
permissionSetElement.Attributes.Append(unrestrictedAttribute);
}
unrestrictedAttribute.Value = "true";
while (permissionSetElement.FirstChild != null)
{
permissionSetElement.RemoveChild(permissionSetElement.FirstChild);
}
}
}
// Add ID="Custom" attribute if there's not one already
var idAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.idAttribute));
if (idAttribute == null)
{
idAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.idAttribute));
permissionSetElement.Attributes.Append(idAttribute);
}
if (String.IsNullOrEmpty(idAttribute.Value))
{
idAttribute.Value = "Custom";
}
AddSameSiteAttribute(permissionSetElement);
if (permissionSetElement.ParentNode == null ||
permissionSetElement.ParentNode.NodeType == XmlNodeType.Document)
{
return;
}
XmlAttribute idrefAttribute = null;
XmlElement defaultAssemblyRequestElement = (XmlElement)permissionSetElement.ParentNode.SelectSingleNode(XPaths.defaultAssemblyRequestElement, nsmgr);
if (defaultAssemblyRequestElement == null)
{
defaultAssemblyRequestElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.defaultAssemblyRequestElement), XmlNamespaces.asmv2);
permissionSetElement.ParentNode.AppendChild(defaultAssemblyRequestElement);
}
idrefAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.permissionSetReferenceAttribute));
if (idrefAttribute == null)
{
idrefAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.permissionSetReferenceAttribute));
defaultAssemblyRequestElement.Attributes.Append(idrefAttribute);
}
if (!String.Equals(idAttribute.Value, idrefAttribute.Value, StringComparison.Ordinal))
{
idrefAttribute.Value = idAttribute.Value;
}
}
private PermissionSet GetInputPermissionSet()
{
if (_inputPermissionSet == null)
{
XmlElement psElement = GetInputPermissionSetElement();
if (PreserveFullTrustPermissionSet)
{
XmlAttribute unrestrictedAttribute = (XmlAttribute)psElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
_isFullTrust = unrestrictedAttribute != null && Boolean.Parse(unrestrictedAttribute.Value);
if (_isFullTrust)
{
XmlDocument document = new XmlDocument();
document.AppendChild(document.ImportNode(psElement, true));
document.DocumentElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute));
psElement = document.DocumentElement;
}
_inputPermissionSet = SecurityUtilities.XmlToPermissionSet(psElement);
}
else
{
_inputPermissionSet = SecurityUtilities.XmlToPermissionSet(psElement);
_isFullTrust = _inputPermissionSet.IsUnrestricted();
}
}
return(_inputPermissionSet);
}
private static XmlElement GetRequestedPrivilegeElement(XmlElement inputRequestedPrivilegeElement, XmlDocument document)
{
// <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
// <!--
// UAC Manifest Options
// If you want to change the Windows User Account Control level replace the
// requestedExecutionLevel node with one of the following .
// <requestedExecutionLevel level="asInvoker" />
// <requestedExecutionLevel level="requireAdministrator" />
// <requestedExecutionLevel level="highestAvailable" />
// If you want to utilize File and Registry Virtualization for backward compatibility
// delete the requestedExecutionLevel node.
// -->
// <requestedExecutionLevel level="asInvoker" />
// </requestedPrivileges>
// we always create a requestedPrivilege node to put into the generated TrustInfo document
//
XmlElement requestedPrivilegeElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.requestedPrivilegeElement), XmlNamespaces.asmv3);
document.AppendChild(requestedPrivilegeElement);
// our three cases we need to handle are:
// (a) no requestedPrivilege node (and therefore no requestedExecutionLevel node as well) - use default values
// (b) requestedPrivilege node and no requestedExecutionLevel node - omit the requestedExecutionLevel node
// (c) requestedPrivilege node and requestedExecutionLevel node - use the incoming requestedExecutionLevel node values
//
// using null for both values is case (b) above -- do not output values
//
string executionLevelString = null;
string executionUIAccessString = null;
string commentString = null;
// case (a) above -- load default values
//
if (inputRequestedPrivilegeElement == null)
{
// If UAC requestedPrivilege node is missing (possibly due to upgraded project) then automatically
// add a default UAC requestedPrivilege node with a default requestedExecutionLevel node set to
// the expected ClickOnce level (asInvoker) with uiAccess as false
//
executionLevelString = Constants.UACAsInvoker;
executionUIAccessString = Constants.UACUIAccess;
// load up a default comment string that we put in front of the requestedExecutionLevel node
// here so we can allow the passed-in node to override it if there is a comment present
//
System.Resources.ResourceManager resources = new System.Resources.ResourceManager("Microsoft.Build.Tasks.Core.Strings.ManifestUtilities", typeof(SecurityUtilities).Module.Assembly);
commentString = resources.GetString("TrustInfo.RequestedExecutionLevelComment");
}
else
{
// we need to see if the requestedExecutionLevel node is present to decide whether or not to create one.
//
XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable);
XmlElement inputRequestedExecutionLevel = (XmlElement)inputRequestedPrivilegeElement.SelectSingleNode(XPaths.requestedExecutionLevelElement, nsmgr);
// case (c) above -- use incoming values [note that we should do nothing for case (b) above
// because the default values will make us not emit the requestedExecutionLevel and comment]
//
if (inputRequestedExecutionLevel != null)
{
XmlNode previousNode = inputRequestedExecutionLevel.PreviousSibling;
// fetch the current comment node if there is one (if there is not one, simply
// keep the default null value which means we will not create one in the
// output document)
//
if (previousNode?.NodeType == XmlNodeType.Comment)
{
commentString = ((XmlComment)previousNode).Data;
}
// fetch the current requestedExecutionLevel node's level attribute if there is one
//
if (inputRequestedExecutionLevel.HasAttribute("level"))
{
executionLevelString = inputRequestedExecutionLevel.GetAttribute("level");
}
// fetch the current requestedExecutionLevel node's uiAccess attribute if there is one
//
if (inputRequestedExecutionLevel.HasAttribute("uiAccess"))
{
executionUIAccessString = inputRequestedExecutionLevel.GetAttribute("uiAccess");
}
}
}
if (commentString != null)
{
XmlComment requestedPrivilegeComment = document.CreateComment(commentString);
requestedPrivilegeElement.AppendChild(requestedPrivilegeComment);
}
if (executionLevelString != null)
{
XmlElement requestedExecutionLevelElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.requestedExecutionLevelElement), XmlNamespaces.asmv3);
requestedPrivilegeElement.AppendChild(requestedExecutionLevelElement);
XmlAttribute levelAttribute = document.CreateAttribute("level");
levelAttribute.Value = executionLevelString;
requestedExecutionLevelElement.Attributes.Append(levelAttribute);
if (executionUIAccessString != null)
{
XmlAttribute uiAccessAttribute = document.CreateAttribute("uiAccess");
uiAccessAttribute.Value = executionUIAccessString;
requestedExecutionLevelElement.Attributes.Append(uiAccessAttribute);
}
}
return(requestedPrivilegeElement);
}
/// <summary>
///
/// </summary>
/// <param name="manifest"></param>
/// <param name="output"></param>
/// <param name="targetframeWorkVersion">it will always use sha256 as signature algorithm if TFV is null</param>
private static void WriteManifest(Manifest manifest, Stream output, string targetframeWorkVersion)
{
int t1 = Environment.TickCount;
Stream s1 = Serialize(manifest);
string n = manifest.AssemblyIdentity.GetFullName(AssemblyIdentity.FullNameFlags.All);
if (String.IsNullOrEmpty(n))
{
n = manifest.GetType().Name;
}
Util.WriteLogFile(n + ".write.0-serialized.xml", s1);
string resource = null;
if (targetframeWorkVersion == null || targetframeWorkVersion.Length == 0 || Util.CompareFrameworkVersions(targetframeWorkVersion, Constants.TargetFrameworkVersion40) <= 0)
{
resource = "write2.xsl";
}
else
{
resource = "write3.xsl";
}
Stream s2 = null;
if (manifest.GetType() == typeof(ApplicationManifest))
{
ApplicationManifest am = (ApplicationManifest)manifest;
if (am.TrustInfo == null)
{
s2 = XmlUtil.XslTransform(resource, s1);
}
else
{
// May throw IO-related exceptions
string temp = FileUtilities.GetTemporaryFile();
am.TrustInfo.Write(temp);
if (Util.logging)
{
try
{
File.Copy(temp, Path.Combine(Util.logPath, n + ".trust-file.xml"), true);
}
catch (IOException)
{
}
catch (ArgumentException)
{
}
catch (UnauthorizedAccessException)
{
}
catch (NotSupportedException)
{
}
}
DictionaryEntry arg = new DictionaryEntry("trust-file", temp);
try
{
s2 = XmlUtil.XslTransform(resource, s1, arg);
}
finally
{
File.Delete(temp);
}
}
}
else
{
s2 = XmlUtil.XslTransform(resource, s1);
}
Util.WriteLogFile(n + ".write.1-transformed.xml", s2);
Stream s3 = null;
if (manifest.InputStream == null)
{
s3 = s2;
}
else
{
string temp = Util.WriteTempFile(manifest.InputStream);
DictionaryEntry arg = new DictionaryEntry("base-file", temp);
try
{
s3 = XmlUtil.XslTransform("merge.xsl", s2, arg);
}
finally
{
File.Delete(temp);
}
Util.WriteLogFile(n + ".write.2-merged.xml", s3);
}
Stream s4 = ManifestFormatter.Format(s3);
Util.WriteLogFile(n + ".write.3-formatted.xml", s4);
Util.CopyStream(s4, output);
Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "ManifestWriter.WriteManifest t={0}", Environment.TickCount - t1));
}
internal static void UpdateEntryPoint(string inputPath, string outputPath, string updatedApplicationPath, string applicationManifestPath, string targetFrameworkVersion)
{
XmlDocument document = new XmlDocument();
XmlReaderSettings xrSettings = new XmlReaderSettings();
xrSettings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader xr = XmlReader.Create(inputPath, xrSettings))
{
document.Load(xr);
}
XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable);
AssemblyIdentity appManifest = AssemblyIdentity.FromManifest(applicationManifestPath);
// update path to application manifest
XmlNode codeBaseNode = null;
foreach (string xpath in XPaths.codebasePaths)
{
codeBaseNode = document.SelectSingleNode(xpath, nsmgr);
if (codeBaseNode != null)
{
break;
}
}
if (codeBaseNode == null)
{
throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.codebasePaths[0]));
}
codeBaseNode.Value = updatedApplicationPath;
// update Public key token of application manifest
XmlNode publicKeyTokenNode = ((XmlAttribute)codeBaseNode).OwnerElement.SelectSingleNode(XPaths.dependencyPublicKeyTokenAttribute, nsmgr);
if (publicKeyTokenNode == null)
{
throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.dependencyPublicKeyTokenAttribute));
}
publicKeyTokenNode.Value = appManifest.PublicKeyToken;
// update hash of application manifest
string hash;
long size;
Util.GetFileInfo(applicationManifestPath, targetFrameworkVersion, out hash, out size);
// Hash node may not be present with optional signing
XmlNode hashNode = ((XmlAttribute)codeBaseNode).OwnerElement.SelectSingleNode(XPaths.hashElement, nsmgr);
if (hashNode != null)
{
((XmlElement)hashNode).InnerText = hash;
}
// update file size of application manifest
XmlAttribute sizeAttribute = ((XmlAttribute)codeBaseNode).OwnerElement.Attributes[XmlUtil.TrimPrefix(XPaths.fileSizeAttribute)];
if (sizeAttribute == null)
{
throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.fileSizeAttribute));
}
sizeAttribute.Value = size.ToString(System.Globalization.CultureInfo.InvariantCulture);
document.Save(outputPath);
}
private void FixupPermissionSetElement(XmlElement permissionSetElement)
{
XmlDocument ownerDocument = permissionSetElement.OwnerDocument;
XmlNamespaceManager namespaceManager = XmlNamespaces.GetNamespaceManager(ownerDocument.NameTable);
if (this._preserveFullTrustPermissionSet)
{
XmlAttribute node = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
if (this._isFullTrust)
{
if (node == null)
{
node = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
permissionSetElement.Attributes.Append(node);
}
node.Value = "true";
}
else if (node != null)
{
permissionSetElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
}
}
else if (this._isFullTrust)
{
XmlAttribute attribute2 = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
if (attribute2 == null)
{
attribute2 = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
permissionSetElement.Attributes.Append(attribute2);
}
attribute2.Value = "true";
while (permissionSetElement.FirstChild != null)
{
permissionSetElement.RemoveChild(permissionSetElement.FirstChild);
}
}
XmlAttribute namedItem = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:ID"));
if (namedItem == null)
{
namedItem = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:ID"));
permissionSetElement.Attributes.Append(namedItem);
}
if (string.IsNullOrEmpty(namedItem.Value))
{
namedItem.Value = "Custom";
}
this.AddSameSiteAttribute(permissionSetElement);
if ((permissionSetElement.ParentNode != null) && (permissionSetElement.ParentNode.NodeType != XmlNodeType.Document))
{
XmlAttribute attribute4 = null;
XmlElement newChild = (XmlElement)permissionSetElement.ParentNode.SelectSingleNode("asmv2:defaultAssemblyRequest", namespaceManager);
if (newChild == null)
{
newChild = ownerDocument.CreateElement(XmlUtil.TrimPrefix("asmv2:defaultAssemblyRequest"), "urn:schemas-microsoft-com:asm.v2");
permissionSetElement.ParentNode.AppendChild(newChild);
}
attribute4 = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:permissionSetReference"));
if (attribute4 == null)
{
attribute4 = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:permissionSetReference"));
newChild.Attributes.Append(attribute4);
}
if (string.Compare(namedItem.Value, attribute4.Value, StringComparison.Ordinal) != 0)
{
attribute4.Value = namedItem.Value;
}
}
}
public void Write(Stream output)
{
XmlDocument document = new XmlDocument();
XmlElement newChild = XmlUtil.CloneElementToDocument(this.GetInputPermissionSetElement(), document, "urn:schemas-microsoft-com:asm.v2");
document.AppendChild(newChild);
string str = null;
XmlDocument document2 = new XmlDocument();
XmlElement inputRequestedPrivilegeElement = this.GetInputRequestedPrivilegeElement();
XmlElement requestedPrivilegeElement = null;
requestedPrivilegeElement = this.GetRequestedPrivilegeElement(inputRequestedPrivilegeElement, document2);
if (requestedPrivilegeElement != null)
{
document2.AppendChild(requestedPrivilegeElement);
MemoryStream outStream = new MemoryStream();
document2.Save(outStream);
outStream.Position = 0L;
str = Util.WriteTempFile(outStream);
}
try
{
string resource = "trustinfo2.xsl";
MemoryStream stream2 = new MemoryStream();
if ((this._outputPermissionSet == null) && !this.sameSiteChanged)
{
XmlElement documentElement = document.DocumentElement;
this.FixupPermissionSetElement(documentElement);
document.Save(stream2);
stream2.Position = 0L;
}
else
{
XmlDocument outputPermissionSetDocument = this.GetOutputPermissionSetDocument();
XmlElement permissionSetElement = outputPermissionSetDocument.DocumentElement;
this.FixupPermissionSetElement(permissionSetElement);
if (document.DocumentElement == null)
{
outputPermissionSetDocument.Save(stream2);
stream2.Position = 0L;
}
else
{
XmlElement oldChild = document.DocumentElement;
XmlElement element8 = (XmlElement)document.ImportNode(permissionSetElement, true);
oldChild.ParentNode.ReplaceChild(element8, oldChild);
document.Save(stream2);
stream2.Position = 0L;
}
}
Stream input = null;
if (str != null)
{
DictionaryEntry[] entries = new DictionaryEntry[] { new DictionaryEntry("defaultRequestedPrivileges", str) };
input = XmlUtil.XslTransform(resource, stream2, entries);
}
else
{
input = XmlUtil.XslTransform(resource, stream2, new DictionaryEntry[0]);
}
Util.CopyStream(input, output);
}
finally
{
if (str != null)
{
File.Delete(str);
}
}
}
private void ReadTrustInfo(string xml)
{
this._inputTrustInfoDocument = new XmlDocument();
this._inputTrustInfoDocument.LoadXml(xml);
XmlElement inputPermissionSetElement = this.GetInputPermissionSetElement();
XmlAttribute namedItem = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
this._isFullTrust = (namedItem != null) && bool.Parse(namedItem.Value);
XmlAttribute attribute2 = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:SameSite"));
if (attribute2 != null)
{
this.sameSiteSetting = attribute2.Value;
}
}
private void AddSameSiteAttribute(XmlElement permissionSetElement)
{
XmlAttribute namedItem = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:SameSite"));
if (namedItem == null)
{
namedItem = permissionSetElement.OwnerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:SameSite"));
permissionSetElement.Attributes.Append(namedItem);
}
namedItem.Value = this.sameSiteSetting;
}
private System.Security.PermissionSet GetInputPermissionSet()
{
if (this._inputPermissionSet == null)
{
XmlElement inputPermissionSetElement = this.GetInputPermissionSetElement();
if (this._preserveFullTrustPermissionSet)
{
XmlAttribute namedItem = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
this._isFullTrust = (namedItem != null) && bool.Parse(namedItem.Value);
if (this._isFullTrust)
{
XmlDocument document = new XmlDocument();
document.AppendChild(document.ImportNode(inputPermissionSetElement, true));
document.DocumentElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted"));
inputPermissionSetElement = document.DocumentElement;
}
this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement);
}
else
{
this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement);
this._isFullTrust = this._inputPermissionSet.IsUnrestricted();
}
}
return(this._inputPermissionSet);
}
