private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData) { if (hostContextInternal.NoPrompt) { return(PromptsAllowed.None); } PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName); if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null))) { return(PromptsAllowed.All); } return(PromptsAllowed.BlockingOnly); }
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, String deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName) { DialogResult ret; TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info); try { TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher /*publisherName*/, parsedData.Certificate, options); ret = highRiskDialog.ShowDialog(); } catch (Exception ex) { Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message); ret = DialogResult.No; } return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/); }
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData) { Debug.Assert(hostContextInternal != null); Debug.Assert(zoneName != null); Debug.Assert(parsedData != null); if (hostContextInternal.NoPrompt) { return PromptsAllowed.None; } PromptingLevel promptingLevel = GetZonePromptingLevel(zoneName); if (promptingLevel == PromptingLevel.Disabled || (promptingLevel == PromptingLevel.PromptOnlyForAuthenticode && parsedData.AuthenticodedPublisher == null)) { return PromptsAllowed.BlockingOnly; } return PromptsAllowed.All; }
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext) { if (activationContext == null) { throw new ArgumentNullException("activationContext"); } ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext); ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo(); // ISSUE - fix this.... HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext); ICMS cms = (ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext); ParsedData parsedData = new ParsedData(); if (ParseManifest(cms, parsedData)) { appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration; } string deploymentUrl = GetDeploymentUrl(info); string zoneName = GetZoneNameFromDeploymentUrl(deploymentUrl); MemoryStream ms; PromptsAllowed promptsAllowed; if (!ExtractManifestContent(cms, out ms)) { // Block prompt return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/); } bool distrustedPublisher, trustedPublisher, noCertificate; AnalyzeCertificate(parsedData, ms, out distrustedPublisher, out trustedPublisher, out noCertificate); /// Check whether application manifest allows to use deployment manifest certificate. /// If not then we have to use application manifest certificate instead. ICMS applicationCms = (ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext); ParsedData applicationParsedData = new ParsedData(); if (ParseManifest(applicationCms, applicationParsedData)) { if (applicationParsedData.UseManifestForTrust) { MemoryStream applicationMs; if (ExtractManifestContent(applicationCms, out applicationMs)) { /// Use the old parsedData. bool applicationDistrustedPublisher, applicationTrustedPublisher, applicationNoCertificate; AnalyzeCertificate(parsedData, applicationMs, out applicationDistrustedPublisher, out applicationTrustedPublisher, out applicationNoCertificate); distrustedPublisher = applicationDistrustedPublisher; trustedPublisher = applicationTrustedPublisher; noCertificate = applicationNoCertificate; parsedData.AppName = applicationParsedData.AppName; parsedData.AppPublisher = applicationParsedData.AppPublisher; parsedData.SupportUrl = applicationParsedData.SupportUrl; } } } if (distrustedPublisher) { promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData); if (promptsAllowed == PromptsAllowed.None) { // No prompt allowed, return Do Not Trust. return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/); } return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/); } if (noCertificate) { parsedData.AuthenticodedPublisher = null; parsedData.Certificate = null; } if (!hostContextInternal.IgnorePersistedDecision) { // Check if there are previously trusted versions installed. ArrayList matchingTrusts; if (SearchPreviousTrustedVersion(activationContext, out matchingTrusts)) { Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0); // Found a matching app, with normally a different version. if (ExistingTrustApplicable(info, matchingTrusts)) { // There is at least one old version that requires at the same or more permissions. // ExistingTrustApplicable removed the non-applicable version from the matchingTrusts arrays. Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0); // Check if the new app requires shell integration while none of the old ones did if (appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(matchingTrusts) && !trustedPublisher) { promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData); switch (promptsAllowed) { case PromptsAllowed.None: // No prompt allowed, return Do Not Trust. return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/); case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/); case PromptsAllowed.All: // New app requires shell integration - bring up the Basic Install Prompt return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/); } } // No prompt, return Trust & Persist. return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/); } } } bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info); if (!permissionElevationRequired || trustedPublisher) { if (!trustedPublisher) { Debug.Assert(!permissionElevationRequired); promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData); switch (promptsAllowed) { case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, permissionElevationRequired); case PromptsAllowed.None: // XBaps should also prompt in InternetZone // Originally xbaps were silently trusted, along with other ClickOnce apps case PromptsAllowed.All: // App shell integrates and is not from a trusted deployer, bring up the Basic Install Prompt. return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName, false /*permissionElevationRequired*/); } } else { // App does not shell integrate and does not run in "Internet" zone, or is from a trusted deployer, return Trust return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/); } } promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData); switch (promptsAllowed) { case PromptsAllowed.None: // No prompt allowed, return Do Not Trust. return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/); case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, true /*permissionElevationRequired*/); default: // PromptsAllowed.All: // Bring up the HighRisk Install Prompt if the app shell integrates, or the HighRisk Run Prompt otherwise. return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName); } }
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName) { DialogResult no; TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info); try { no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog(); } catch (Exception) { no = DialogResult.No; } return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK))); }
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext) { MemoryStream stream; bool flag; bool flag2; bool flag3; MemoryStream stream2; ArrayList list; if (activationContext == null) { throw new ArgumentNullException("activationContext"); } ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext); ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo(); HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext); System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext); ParsedData parsedData = new ParsedData(); if (ParseManifest(deploymentComponentManifest, parsedData)) { appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration; } string deploymentUrl = GetDeploymentUrl(info); string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl); if (!ExtractManifestContent(deploymentComponentManifest, out stream)) { return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info))); } AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3); System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext); ParsedData data2 = new ParsedData(); if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2)) { bool flag4; bool flag5; bool flag6; AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6); flag = flag4; flag2 = flag5; flag3 = flag6; parsedData.AppName = data2.AppName; parsedData.AppPublisher = data2.AppPublisher; parsedData.SupportUrl = data2.SupportUrl; } if (flag) { if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None) { return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false)); } return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info))); } if (flag3) { parsedData.AuthenticodedPublisher = null; parsedData.Certificate = null; } if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list)) { if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2) { switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.All: return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info))); case PromptsAllowed.BlockingOnly: return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info))); case PromptsAllowed.None: return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false)); } } return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist)); } bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info); if (!permissionElevationRequired || flag2) { if (flag2) { return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist)); } switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.All: case PromptsAllowed.None: return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false)); case PromptsAllowed.BlockingOnly: return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired)); } } switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.BlockingOnly: return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true)); case PromptsAllowed.None: return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false)); } return(HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl)); }
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName) { DialogResult no; TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info); try { no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog(); } catch (Exception) { no = DialogResult.No; } return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK)); }
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData) { if (hostContextInternal.NoPrompt) { return PromptsAllowed.None; } PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName); if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null))) { return PromptsAllowed.All; } return PromptsAllowed.BlockingOnly; }
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext) { MemoryStream stream; bool flag; bool flag2; bool flag3; MemoryStream stream2; ArrayList list; if (activationContext == null) { throw new ArgumentNullException("activationContext"); } ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext); ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo(); HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext); System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext); ParsedData parsedData = new ParsedData(); if (ParseManifest(deploymentComponentManifest, parsedData)) { appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration; } string deploymentUrl = GetDeploymentUrl(info); string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl); if (!ExtractManifestContent(deploymentComponentManifest, out stream)) { return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)); } AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3); System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetApplicationComponentManifest(activationContext); ParsedData data2 = new ParsedData(); if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2)) { bool flag4; bool flag5; bool flag6; AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6); flag = flag4; flag2 = flag5; flag3 = flag6; parsedData.AppName = data2.AppName; parsedData.AppPublisher = data2.AppPublisher; parsedData.SupportUrl = data2.SupportUrl; } if (flag) { if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None) { return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false); } return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)); } if (flag3) { parsedData.AuthenticodedPublisher = null; parsedData.Certificate = null; } if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list)) { if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2) { switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.All: return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)); case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)); case PromptsAllowed.None: return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false); } } return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist); } bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info); if (!permissionElevationRequired || flag2) { if (flag2) { return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist); } switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.All: case PromptsAllowed.None: return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false); case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired); } } switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData)) { case PromptsAllowed.BlockingOnly: return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true); case PromptsAllowed.None: return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false); } return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl); }