public void ToString_()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
string s = "Publisher - 3082010A0282010100AA99BD39A81827F42B3D0B4C3F7C772EA7CBB5D18C0DC23A74D793B5E0A04B3F595ECE454F9A7929F149CC1A47EE55C2083E1220F855F2EE5FD3E0CA96BC30DEFE58C82732D08554E8F09110BBF32BBE19E5039B0B861DF3B0398CB8FD0B1D3C7326AC572BCA29A215908215E277A34052038B9DC270BA1FE934F6F335924E5583F8DA30B620DE5706B55A4206DE59CBF2DFA6BD154771192523D2CB6F9B1979DF6A5BF176057929FCC356CA8F440885558ACBC80F464B55CB8C96774A87E8A94106C7FF0DE968576372C36957B443CF323A30DC1BE9D543262A79FE95DB226724C92FD034E3E6FB514986B83CD0255FD6EC9E036187A96840C7F8E203E6CF050203010001";
Assert.AreEqual(s, pmc.ToString(), "ToString");
}
public void InvalidConstructor()
{
byte[] n = null;
// having an empty certificate always break down things
X509Certificate x509 = new X509Certificate(n);
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
}
public void FromXml_InvalidClass()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
se.Attributes ["class"] = "Hello world";
pmc.FromXml(se);
}
public void FromXml_WrongTagCase()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
se.Tag = "IMEMBERSHIPCONDITION"; // instehash of IMembershipCondition
pmc.FromXml(se);
}
public void FromXml_InvalidTag()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
se.Tag = "IMonoship";
pmc.FromXml(se);
}
public void ToXml_Null()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
// no ArgumentNullException here
SecurityElement se = pmc.ToXml(null);
Assert.IsNotNull(se, "ToXml(null)");
}
public void GetHashCode_()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
PublisherMembershipCondition copy = (PublisherMembershipCondition)pmc.Copy();
Assert.AreEqual(pmc.GetHashCode(), copy.GetHashCode(), "GetHashCode");
Assert.AreEqual(x509.GetHashCode(), pmc.GetHashCode(), "GetHashCode-X509Certificate");
}
public void Copy()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
PublisherMembershipCondition pmcCopy = (PublisherMembershipCondition)pmc.Copy();
Assert.IsNotNull(pmcCopy.Certificate, "Copy-Cert");
Assert.IsTrue(pmc.Equals(pmcCopy), "Copy-Equals");
Assert.AreEqual(pmc.GetHashCode(), pmcCopy.GetHashCode(), "Copy-GetHashCode");
Assert.AreEqual(pmc.ToString(), pmcCopy.ToString(), "Copy-ToString");
}
public void FromXml_NoVersion()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
pmc.FromXml(w);
}
public void FromXml_NoClass()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("version", se.Attribute("version"));
pmc.FromXml(w);
// doesn't even care of the class attribute presence
}
public void Equals()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
Assert.IsFalse(pmc.Equals(null), "Equals(null)");
Assert.IsFalse(pmc.Equals(new object()), "Equals (object)");
PublisherMembershipCondition p2 = new PublisherMembershipCondition(x509);
Assert.IsTrue(pmc.Equals(p2), "Equals(p2)");
Assert.IsTrue(p2.Equals(pmc), "Equals(hash)");
}
public void FromXml_InvalidVersion()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
w.AddAttribute("version", "2");
pmc.FromXml(w);
// doesn't seems to care about the version number!
}
[Category("NotMobile")] // mobile profile throws a NotSupportedException
public void ToXmlPolicyLevel()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
string s = pmc.ToXml().ToString();
// are they all the same ?
IEnumerator e = SecurityManager.PolicyHierarchy();
while (e.MoveNext())
{
PolicyLevel pl = e.Current as PolicyLevel;
Assert.AreEqual(s, pmc.ToXml(pl).ToString(), "ToXml(PolicyLevel='" + pl.Label + "')");
}
// yes!
}
[Category("NotMobile")] // mobile profile throws a NotSupportedException
public void FromXml_PolicyLevel()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
// is it accepted for all policy levels ?
IEnumerator e = SecurityManager.PolicyHierarchy();
while (e.MoveNext())
{
PolicyLevel pl = e.Current as PolicyLevel;
pmc.FromXml(se, pl);
Assert.IsTrue(x509.Equals(pmc.Certificate), "FromXml(PolicyLevel='" + pl.Label + "')");
}
// yes!
}
public static void PublisherMembershipConditionCallMethods()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(new System.Security.Cryptography.X509Certificates.X509Certificate());
bool check = pmc.Check(new Evidence());
IMembershipCondition obj = pmc.Copy();
check = pmc.Equals(new object());
int hash = pmc.GetHashCode();
string str = pmc.ToString();
SecurityElement se = new SecurityElement("");
PolicyLevel pl = (PolicyLevel)FormatterServices.GetUninitializedObject(typeof(PolicyLevel));
pmc.FromXml(se);
pmc.FromXml(se, pl);
se = pmc.ToXml();
se = pmc.ToXml(pl);
}
public void Check()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
Publisher p = new Publisher(x509);
Evidence e = null;
Assert.IsFalse(pmc.Check(e), "Check (null)");
e = new Evidence();
Assert.IsFalse(pmc.Check(e), "Check (empty)");
e.AddHost(new Zone(SecurityZone.MyComputer));
Assert.IsFalse(pmc.Check(e), "Check (zone)");
e.AddAssembly(p);
Assert.IsFalse(pmc.Check(e), "Check (x509-assembly)");
e = new Evidence();
e.AddHost(p);
Assert.IsTrue(pmc.Check(e), "Check (x509-host)");
}
public void ToFromXmlRoundTrip()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
SecurityElement se = pmc.ToXml();
string expectedXmlFragment = "X509Certificate=\"3082050F308203F7A003020102020A61071143000000000034300D06092A864886F70D01010505003081A6310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E312B3029060355040B1322436F7079726967687420";
expectedXmlFragment += "2863292032303030204D6963726F736F667420436F72702E312330210603550403131A4D6963726F736F667420436F6465205369676E696E6720504341301E170D3032303532353030353534385A170D3033313132353031303534385A3081A1310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E312B3029060355040B1322436F70797269676874202863292032303032204D6963726F736F667420436F72702E311E301C060355040313154D6963726F736F667420436F72706F726174696F6E30820122300D06092A864886F70D010101";
expectedXmlFragment += "05000382010F003082010A0282010100AA99BD39A81827F42B3D0B4C3F7C772EA7CBB5D18C0DC23A74D793B5E0A04B3F595ECE454F9A7929F149CC1A47EE55C2083E1220F855F2EE5FD3E0CA96BC30DEFE58C82732D08554E8F09110BBF32BBE19E5039B0B861DF3B0398CB8FD0B1D3C7326AC572BCA29A215908215E277A34052038B9DC270BA1FE934F6F335924E5583F8DA30B620DE5706B55A4206DE59CBF2DFA6BD154771192523D2CB6F9B1979DF6A5BF176057929FCC356CA8F440885558ACBC80F464B55CB8C96774A87E8A94106C7FF0DE968576372C36957B443CF323A30DC1BE9D543262A79FE95DB226724C92FD034E3E6FB514986B83CD0255FD6EC9E036187A96840C7F8E203E6CF050203";
expectedXmlFragment += "010001A38201403082013C300E0603551D0F0101FF0404030206C030130603551D25040C300A06082B06010505070303301D0603551D0E041604146BC8C65120F0B42FD3A0B6AE7F5E26B2B88752293081A90603551D230481A130819E8014295CB91BB6CD33EEBB9E597DF7E5CA2EC40D3428A174A4723070312B3029060355040B1322436F70797269676874202863292031393937204D6963726F736F667420436F72702E311E301C060355040B13154D6963726F736F667420436F72706F726174696F6E3121301F060355040313184D6963726F736F667420526F6F7420417574686F7269747982106A0B994FC000DEAA11D4D8409AA8BEE6304A0603551D1F04433041303FA03DA03B863968747470";
expectedXmlFragment += "3A2F2F63726C2E6D6963726F736F66742E636F6D2F706B692F63726C2F70726F64756374732F436F64655369676E5043412E63726C300D06092A864886F70D010105050003820101003523FD1354FCE9DCF0DD0C147AFAA7B3CEFDA73AC8BAE5E7F603FB53DBA799A9A09B369C03EB82471C21BD14CBE7674009C716910255CE4342B4CD1B5DB0F332043D12E51DA707A78FA37E4555761B96959169F0DD38F34889EF7040B7DBB55580C003C42EB628DC0A820EC743E37A485DB8068992406C6EC5DCF89AEF0BBE210A8C2F3AB5EDA7CE71876823E1B3E4187DB84701A52BC458CBB2896C5FFDD32CC46FB823B20DFF3CF2114574F209069918DD6FC0860118121D2B16AF56EF6533A1EA674EF44B82ABE9";
expectedXmlFragment += "0FDC01FADF607F66475DCB2C70CC7B4ED906B86E8C0CFE621E42F9937CA2AB0A9ED02310AE4D7B27916F26BE68FAA63F9F23EBC89DBB87\"/>{0}";
expectedXmlFragment = String.Format(expectedXmlFragment, Environment.NewLine);
Assert.AreEqual("IMembershipCondition", se.Tag, "ToXml().Tag");
Assert.IsTrue(se.ToString().EndsWith(expectedXmlFragment), "ToXml().ToString()");
pmc.FromXml(se);
Assert.AreEqual(x509.GetHashCode(), pmc.Certificate.GetHashCode(), "XmlCertificate");
}
public void NullCertificate()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
pmc.Certificate = null;
}
public void NullConstructor()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(null);
}
public void FromXml_Null()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
pmc.FromXml(null);
}
public void Constructor()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
Assert.IsTrue(pmc.Certificate.Equals(x509), "Certificate");
}
public void FromXml_SecurityElementNull()
{
PublisherMembershipCondition pmc = new PublisherMembershipCondition(x509);
pmc.FromXml(null, PolicyLevel.CreateAppDomainLevel());
}
}// TryToCreateFullTrust
private CodeGroup CreateCodegroup(PermissionSet pSet, bool fHighjackExisting)
{
// Now create our codegroup
// Figure out what membership condition to use
IMembershipCondition mc = null;
// If the assembly didn't have a publisher certificate or a strong name,
// then we must trust it by hash
int nTrustBy = m_fHasCertOrSName?Page3.HowToTrust:TrustBy.HASH;
if ((nTrustBy & TrustBy.SNAME) > 0)
{
// Let's get the strong name stuff together
StrongName sn = GetStrongName();
StrongNamePublicKeyBlob snpkb = sn.PublicKey;
Version v = null;
String sName = null;
if ((nTrustBy & TrustBy.SNAMEVER) > 0)
{
v = sn.Version;
}
if ((nTrustBy & TrustBy.SNAMENAME) > 0)
{
sName = sn.Name;
}
mc = new StrongNameMembershipCondition(snpkb, sName, v);
}
else if ((nTrustBy & TrustBy.PUBCERT) > 0)
{
// We're using the publisher certificate stuff
mc = new PublisherMembershipCondition(GetCertificate());
}
else // We'll trust by hash
{
Hash h = GetHash();
mc = new HashMembershipCondition(SHA1.Create(), h.SHA1);
}
// Figure out the policy level that we should put this in....
String sPolicyLevel = Page1.isForHomeUser?"Machine":"User";
PolicyLevel pl = Security.GetPolicyLevelFromLabel(sPolicyLevel);
// See if a codegroup for this already exists... and if it does, we'll just
// modify that.
CSingleCodeGroup scg = null;
CodeGroup cg = null;
if (fHighjackExisting)
{
scg = FindExistingCodegroup(pl, mc);
if (scg != null)
{
cg = scg.MyCodeGroup;
// Cool. We were able to find a codegroup to use. We'll
// need to strip off all the File and Net child codegroups
IEnumerator enumChildCodeGroups = cg.Children.GetEnumerator();
while (enumChildCodeGroups.MoveNext())
{
CodeGroup cgChild = (CodeGroup)enumChildCodeGroups.Current;
if (cgChild is NetCodeGroup || cgChild is FileCodeGroup)
{
// Ok to use CodeGroup.RemoveChild here we want to toast all
// File and Net codegroups... we don't care if the security system
// gets confused about which are which (if they don't have names)
cg.RemoveChild(cgChild);
}
}
}
}
// Create the codegroup... we're going to make this a level final
// codegroup, so if policy gets changes such that a lower-level policy
// level tries to deny permissions to this codegroup it will be unsuccessful.
PolicyStatement policystatement = new PolicyStatement(pSet, PolicyStatementAttribute.LevelFinal);
if (cg == null)
{
cg = new UnionCodeGroup(mc, policystatement);
String sCGName = Security.FindAGoodCodeGroupName(pl, "Wizard_");
cg.Name = sCGName;
cg.Description = CResourceStore.GetString("GeneratedCodegroup");
}
else
{
cg.PolicyStatement = policystatement;
}
// If this is a internet or intranet permission set, we also need to add some codegroups
if (pSet is NamedPermissionSet)
{
NamedPermissionSet nps = (NamedPermissionSet)pSet;
if (nps.Name.Equals("LocalIntranet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
cgChild = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery);
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "FileCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
else if (nps.Name.Equals("Internet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
}
// Add this codegroup to the root codegroup of the policy
// If there was already an existing one, just replace that...
if (scg != null)
{
Security.UpdateCodegroup(pl, scg);
}
else
{
pl.RootCodeGroup.AddChild(cg);
}
return(cg);
}// CreateCodegroup
