/// <summary> /// This function allows the Owner (or a person granted ViewRightsData right) /// to extract the original publishing information that was encrypted during publishing process. /// </summary> public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider) { if (cryptoProvider == null) { throw new ArgumentNullException("cryptoProvider"); } return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense)); }
/// <summary> /// This function allows the Owner (or a person granted ViewRightsData right) /// to extract the original publishing information that was encrypted during publishing process. /// </summary> public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider) { SecurityHelper.DemandRightsManagementPermission(); if (cryptoProvider == null) { throw new ArgumentNullException("cryptoProvider"); } return(cryptoProvider.DecryptPublishLicense(_serializedPublishLicense)); }
EncryptedPackageEnvelope( string envelopeFileName, PublishLicense publishLicense, CryptoProvider cryptoProvider ) { if (envelopeFileName == null) throw new ArgumentNullException("envelopeFileName"); ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider); _root = StorageRoot.Open( envelopeFileName, _defaultFileModeForCreate, _defaultFileAccess, _defaultFileShare ); InitializeRMForCreate(publishLicense, cryptoProvider); EmbedPackage(null); }
// This function attempts to bind License to a given Identity // It will try to bind all rights One-by-one in order to eliminate // grants that may have been expired, so it will only bind The ones that are still valid private CryptoProvider BindUseLicense(string serializedUseLicense, List<RightNameExpirationInfoPair> unboundRightsList, BoundLicenseParams boundLicenseParams, out int theFirstHrFailureCode) { Debug.Assert(serializedUseLicense != null); Debug.Assert(unboundRightsList != null); Debug.Assert(boundLicenseParams != null); List<SafeRightsManagementHandle> successfullyBoundLicenseHandleList = new List<SafeRightsManagementHandle>(unboundRightsList.Count); List<RightNameExpirationInfoPair> successfullyBoundRightsList = new List<RightNameExpirationInfoPair>(unboundRightsList.Count); try { uint errorLogHandle; // we neeed to return the first failure code, that is the one that will communicate to the user int hr; theFirstHrFailureCode = 0; SafeRightsManagementHandle boundLicenseHandle; // first we are enumerating all rights one-by-one and preserving the ones that can be bound // we are going through the list of "recognised rights" foreach (RightNameExpirationInfoPair rightInfo in unboundRightsList) { boundLicenseParams.wszRightsRequested = rightInfo.RightName; boundLicenseHandle = null; errorLogHandle = 0; hr = SafeNativeMethods.DRMCreateBoundLicense( _envHandle, boundLicenseParams, serializedUseLicense, out boundLicenseHandle, out errorLogHandle); if (boundLicenseHandle != null && (hr == 0)) { // we got a successful bound let's copy the whole grant // the only thing that we need to substitute in the grant is the User identity // along with the original right name (prior to binding), as unmanaged SDK // messes up right names and their expiration // in case of multiple expiration dates and additional rights granted to an owner successfullyBoundLicenseHandleList.Add(boundLicenseHandle); successfullyBoundRightsList.Add(rightInfo); } // preserve the first encountered error code if ((theFirstHrFailureCode == 0) && (hr != 0)) { theFirstHrFailureCode = hr; } } // At this point we have a list of potential "Right" -candidates // if it is empty we can get out if (successfullyBoundLicenseHandleList.Count > 0) { ContentUser user = ExtractUserFromCertificateChain(boundLicenseParams.wszDefaultEnablingPrincipalCredentials); CryptoProvider cryptoProvider = new CryptoProvider(successfullyBoundLicenseHandleList, successfullyBoundRightsList, user); CryptoProviderList.Add(cryptoProvider); return cryptoProvider; } else { return null; } } catch { // In case of a failure we should clean up handle that have been accumulated // otherwise the list of handles is either empty or given to the CryptoProvider // to be taken care of foreach (SafeRightsManagementHandle handle in successfullyBoundLicenseHandleList) { handle.Dispose(); } throw; } }
//------------------------------------------------------ // // Internal Methods // //------------------------------------------------------ internal RightsManagementEncryptedStream( Stream baseStream, CryptoProvider cryptoProvider) { Debug.Assert(baseStream != null); Debug.Assert(cryptoProvider != null); if (!cryptoProvider.CanDecrypt ) { throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotDecrypt), "cryptoProvider"); } if (!cryptoProvider.CanMergeBlocks) { throw new ArgumentException(SR.Get(SRID.CryptoProviderCanNotMergeBlocks), "cryptoProvider"); } _baseStream = baseStream; _cryptoProvider = cryptoProvider; // Currently BitConverter is implemented as only supporting Little Endian byte order // regardless of the machine type. We would like to make sure that this doesn't change // as we need Little Endian byte order decoding capability on all machines in order to // parse files that travel across different machine types. Debug.Assert(BitConverter.IsLittleEndian); // initialize stream length ParseStreamLength(); }
public static EncryptedPackageEnvelope CreateFromPackage(string envelopeFileName, Stream packageStream, PublishLicense publishLicense, CryptoProvider cryptoProvider) { throw new NotImplementedException (); }
public static EncryptedPackageEnvelope Create(Stream envelopeStream, PublishLicense publishLicense, CryptoProvider cryptoProvider) { throw new NotImplementedException (); }
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider) { throw new NotImplementedException(); }
/// <summary> /// This function allows the Owner (or a person granted ViewRightsData right) /// to extract the original publishing information that was encrypted during publishing process. /// </summary> public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider ) { SecurityHelper.DemandRightsManagementPermission(); if (cryptoProvider == null) { throw new ArgumentNullException("cryptoProvider"); } return cryptoProvider.DecryptPublishLicense(_serializedPublishLicense); }
EncryptedPackageEnvelope( Stream envelopeStream, PublishLicense publishLicense, CryptoProvider cryptoProvider ) { if (envelopeStream == null) throw new ArgumentNullException("envelopeStream"); ThrowIfRMEncryptionInfoInvalid(publishLicense, cryptoProvider); _root = StorageRoot.CreateOnStream(envelopeStream, _defaultFileModeForCreate); // // CreateOnStream opens the stream for read access if it's readable, and for // read/write access if it's writable. We're going to need it to be writable, // so check that it is. // if (_root.OpenAccess != FileAccess.ReadWrite) { throw new NotSupportedException(SR.Get(SRID.StreamNeedsReadWriteAccess)); } InitializeRMForCreate(publishLicense, cryptoProvider); EmbedPackage(null); }
InitializeRMForCreate( PublishLicense publishLicense, CryptoProvider cryptoProvider ) { // // Define a data space consisting of a single transform, namely the // RightsManagementEncryptionTransform. // DataSpaceManager dsm = _root.GetDataSpaceManager(); dsm.DefineTransform( RightsManagementEncryptionTransform.ClassTransformIdentifier, EncryptionTransformName ); string[] transformStack = new string[1]; transformStack[0] = EncryptionTransformName; _dataSpaceName = DataspaceLabelRMEncryptionNoCompression; dsm.DefineDataSpace(transformStack, _dataSpaceName); // // The call to DefineTransform created a RightsManagementEncryptionTransform // object. Obtain this object from the DataSpaceManager, and wrap it in a // RightsManagementInformation object. This makes the RM information in the // compound file available to the application (through the RightsManagementInformation // property), without exposing to the application the implementation detail // that there -is- such a thing as a "transform". // RightsManagementEncryptionTransform rmet = dsm.GetTransformFromName(EncryptionTransformName) as RightsManagementEncryptionTransform; // // We just defined this transform, so it must exist. // Debug.Assert( rmet != null, "RightsManagementEncryptionTransform not found" ); _rmi = new RightsManagementInformation(rmet); // // Prepare the transform object for use. // rmet.SavePublishLicense(publishLicense); rmet.CryptoProvider = cryptoProvider; // // The transform object is now ready for use. When the data space manager // queries the transform's IsReady property, it will return true. So there // is no need to sign up for the TransformInitializationEvent. // }
CreateFromPackage( Stream envelopeStream, Stream packageStream, PublishLicense publishLicense, CryptoProvider cryptoProvider ) { return new EncryptedPackageEnvelope( envelopeStream, packageStream, publishLicense, cryptoProvider ); }
Create( string envelopeFileName, PublishLicense publishLicense, CryptoProvider cryptoProvider ) { return new EncryptedPackageEnvelope(envelopeFileName, publishLicense, cryptoProvider); }
private void ThrowIfRMEncryptionInfoInvalid( PublishLicense publishLicense, CryptoProvider cryptoProvider) { if (publishLicense == null) throw new ArgumentNullException("publishLicense"); if (cryptoProvider == null) throw new ArgumentNullException("cryptoProvider"); }
public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider) { throw new NotImplementedException (); }