public CspParameters (int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this (providerType, providerName, keyContainerName) { if (cryptoKeySecurity != null) CryptoKeySecurity = cryptoKeySecurity; _windowHandle = parentWindowHandle; }
internal CspParameters(CspParameters parameters) { this.ProviderType = parameters.ProviderType; this.ProviderName = parameters.ProviderName; this.KeyContainerName = parameters.KeyContainerName; this.KeyNumber = parameters.KeyNumber; this.Flags = parameters.Flags; this.m_cryptoKeySecurity = parameters.m_cryptoKeySecurity; this.m_keyPassword = parameters.m_keyPassword; this.m_parentWindowHandle = parameters.m_parentWindowHandle; }
private CryptoKeySecurity createAccessRules() { var defaultRules = true; var result = new CryptoKeySecurity(); foreach(var identity in getIdentityList(_writeAccess)) { result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.FullControl, AccessControlType.Allow)); defaultRules = false; } foreach (var identity in getIdentityList(_readAccess)) { result.AddAccessRule(new CryptoKeyAccessRule(new NTAccount(identity), CryptoKeyRights.GenericRead, AccessControlType.Allow)); defaultRules = false; } return defaultRules ? null : result; }
public CspParameters (int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this (providerType, providerName, keyContainerName) { if (cryptoKeySecurity != null) CryptoKeySecurity = cryptoKeySecurity; _password = keyPassword; }
// copy constructor internal CspParameters (CspParameters parameters) { ProviderType = parameters.ProviderType; ProviderName = parameters.ProviderName; KeyContainerName = parameters.KeyContainerName; KeyNumber = parameters.KeyNumber; Flags = parameters.Flags; #if FEATURE_MACL m_cryptoKeySecurity = parameters.m_cryptoKeySecurity; #endif // FEATURE_MACL #if FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS m_keyPassword = parameters.m_keyPassword; m_parentWindowHandle = parameters.m_parentWindowHandle; #endif // FEATURE_CRYPTO && FEATURE_X509_SECURESTRINGS }
[System.Security.SecurityCritical] // auto-generated internal static void SetKeySetSecurityInfo (SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections) { SecurityInfos securityInfo = 0; Privilege privilege = null; if ((accessControlSections & AccessControlSections.Owner) != 0 && cryptoKeySecurity._securityDescriptor.Owner != null) securityInfo |= SecurityInfos.Owner; if ((accessControlSections & AccessControlSections.Group) != 0 && cryptoKeySecurity._securityDescriptor.Group != null) securityInfo |= SecurityInfos.Group; if ((accessControlSections & AccessControlSections.Audit) != 0) securityInfo |= SecurityInfos.SystemAcl; if ((accessControlSections & AccessControlSections.Access) != 0 && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent) securityInfo |= SecurityInfos.DiscretionaryAcl; if (securityInfo == 0) { // Nothing to persist return; } int error = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { if ((securityInfo & SecurityInfos.SystemAcl) != 0) { privilege = new Privilege("SeSecurityPrivilege"); privilege.Enable(); } byte[] sd = cryptoKeySecurity.GetSecurityDescriptorBinaryForm(); if (sd != null && sd.Length > 0) error = SetKeySetSecurityInfo (hProv, securityInfo, sd); } finally { if (privilege != null) privilege.Revert(); } if (error == Win32Native.ERROR_ACCESS_DENIED || error == Win32Native.ERROR_INVALID_OWNER || error == Win32Native.ERROR_INVALID_PRIMARY_GROUP) throw new UnauthorizedAccessException(); else if (error == Win32Native.ERROR_PRIVILEGE_NOT_HELD) throw new PrivilegeNotHeldException("SeSecurityPrivilege"); else if (error == Win32Native.ERROR_INVALID_HANDLE) throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle")); else if (error != Win32Native.ERROR_SUCCESS) throw new CryptographicException(error); }
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword) : this(providerType, providerName, keyContainerName) { this.m_cryptoKeySecurity = cryptoKeySecurity; this.m_keyPassword = keyPassword; }
public CspParameters(int providerType, string providerName, string keyContainerName, System.Security.AccessControl.CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle) : this(providerType, providerName, keyContainerName) { this.m_cryptoKeySecurity = cryptoKeySecurity; this.m_parentWindowHandle = parentWindowHandle; }
// This method could throw any exception, because RSACryptoServiceProvider ctor could do so // We will escalate the exceptions to the callers who will be more sensible on how to deal with them void CommitCryptoKeySecurity(CspKeyContainerInfo info, CryptoKeySecurity keySec) { CspParameters cspParams = new CspParameters( info.ProviderType, info.ProviderName, info.KeyContainerName); cspParams.CryptoKeySecurity = keySec; // Important flag, or the security setting will silently fail cspParams.Flags = CspProviderFlags.UseMachineKeyStore; // The RSACryptoServiceProvider ctor will automatically apply DACLs set in CSP's securtiy info new RSACryptoServiceProvider(cspParams); }
// // Summary: // Initializes a new instance of the System.Security.Cryptography.CspParameters // class using a provider type, a provider name, a container name, access information, // and a password associated with a smart card key. // // Parameters: // providerType: // The provider type code that specifies the kind of provider to create. // // providerName: // A provider name. // // keyContainerName: // A container name. // // cryptoKeySecurity: // A System.Security.AccessControl.CryptoKeySecurity object that represents // access rights and audit rules for a container. // // keyPassword: // A password associated with a smart card key. public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, SecureString keyPassword);
// // Summary: // Initializes a new instance of the System.Security.Cryptography.CspParameters // class using a provider type, a provider name, a container name, access information, // and a handle to an unmanaged smart card password dialog. // // Parameters: // providerType: // The provider type code that specifies the kind of provider to create. // // providerName: // A provider name. // // keyContainerName: // A container name. // // cryptoKeySecurity: // A System.Security.AccessControl.CryptoKeySecurity object that represents // access rights and audit rules for the container. // // parentWindowHandle: // A handle to the parent window for a smart card password dialog. public CspParameters(int providerType, string providerName, string keyContainerName, CryptoKeySecurity cryptoKeySecurity, IntPtr parentWindowHandle);
internal static void SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections) { SecurityInfos securityInfo = 0; Privilege privilege = null; if (((accessControlSections & AccessControlSections.Owner) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Owner != null)) { securityInfo |= SecurityInfos.Owner; } if (((accessControlSections & AccessControlSections.Group) != AccessControlSections.None) && (cryptoKeySecurity._securityDescriptor.Group != null)) { securityInfo |= SecurityInfos.Group; } if ((accessControlSections & AccessControlSections.Audit) != AccessControlSections.None) { securityInfo |= SecurityInfos.SystemAcl; } if (((accessControlSections & AccessControlSections.Access) != AccessControlSections.None) && cryptoKeySecurity._securityDescriptor.IsDiscretionaryAclPresent) { securityInfo |= SecurityInfos.DiscretionaryAcl; } if (securityInfo != 0) { int hr = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { if ((securityInfo & SecurityInfos.SystemAcl) != 0) { privilege = new Privilege("SeSecurityPrivilege"); privilege.Enable(); } byte[] securityDescriptorBinaryForm = cryptoKeySecurity.GetSecurityDescriptorBinaryForm(); if ((securityDescriptorBinaryForm != null) && (securityDescriptorBinaryForm.Length > 0)) { hr = SetKeySetSecurityInfo(hProv, securityInfo, securityDescriptorBinaryForm); } } finally { if (privilege != null) { privilege.Revert(); } } switch (hr) { case 5: case 0x51b: case 0x51c: throw new UnauthorizedAccessException(); case 0x522: throw new PrivilegeNotHeldException("SeSecurityPrivilege"); case 6: throw new NotSupportedException(Environment.GetResourceString("AccessControl_InvalidHandle")); } if (hr != 0) { throw new CryptographicException(hr); } } }