internal IssuanceLicense(
DateTime validFrom,
DateTime validUntil,
string referralInfoName,
Uri referralInfoUri,
ContentUser owner,
string issuanceLicense,
SafeRightsManagementHandle boundLicenseHandle,
Guid contentId,
ICollection<ContentGrant> grantCollection,
IDictionary<int, LocalizedNameDescriptionPair> localizedNameDescriptionDictionary,
IDictionary<string, string> applicationSpecificDataDictionary,
int rightValidityIntervalDays,
RevocationPoint revocationPoint)
{
Initialize(
validFrom,
validUntil,
referralInfoName,
referralInfoUri,
owner,
issuanceLicense,
boundLicenseHandle,
contentId,
grantCollection,
localizedNameDescriptionDictionary,
applicationSpecificDataDictionary,
rightValidityIntervalDays,
revocationPoint);
}
/// <summary>
/// This static Method builds a new instance of a SecureEnvironment for a given user that is already
/// activated. If this method called with a user that isn't activated, and exception will be thrown.
/// The user that is passed into the function must have a well defined authentication type
/// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication
/// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed.
/// </summary>
public static SecureEnvironment Create(string applicationManifest,
ContentUser user)
{
SecurityHelper.DemandRightsManagementPermission();
return CriticalCreate(applicationManifest, user);
}
/// <summary>
/// This static Method builds a new instance of a SecureEnvironment for a given user that is already
/// activated. If this method called with a user that isn't activated, and exception will be thrown.
/// The user that is passed into the function must have a well defined authentication type
/// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication
/// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed.
/// </summary>
public static SecureEnvironment Create(string applicationManifest,
ContentUser user)
{
SecurityHelper.DemandRightsManagementPermission();
return(CriticalCreate(applicationManifest, user));
}
/// <summary>
/// Private Constructor for the SecureEnvironment.
/// </summary>
private SecureEnvironment(string applicationManifest,
ContentUser user,
ClientSession clientSession)
{
Invariant.Assert(applicationManifest != null);
Invariant.Assert(user != null);
Invariant.Assert(clientSession != null);
_user = user;
_applicationManifest = applicationManifest;
_clientSession = clientSession;
}
/// <summary>
/// Generic test for equality. This method allows any types based on ContentUser
/// to be comparable.
/// </summary>
internal bool GenericEquals(ContentUser userObj)
{
// this checks for null argument
if (userObj == null)
{
return(false);
}
else
{
return((String.CompareOrdinal(_name.ToUpperInvariant(), userObj._name.ToUpperInvariant()) == 0)
&&
_authenticationType.Equals(userObj._authenticationType));
}
}
/// <summary>
/// Test for equality.
/// </summary>
public override bool Equals(object obj)
{
if (obj == null)
{
return(false); // Standard behavior.
}
if (GetType() != obj.GetType())
{
return(false); // Different type.
}
ContentUser userObj = (ContentUser)obj;
return((String.CompareOrdinal(_name.ToUpperInvariant(), userObj._name.ToUpperInvariant()) == 0)
&&
_authenticationType.Equals(userObj._authenticationType));
}
/// <summary>
/// This function returns a read only collection of the activated users.
/// </summary>
static public ReadOnlyCollection <ContentUser> GetActivatedUsers()
{
SecurityHelper.DemandRightsManagementPermission();
//build user with the default authentication type and a default name
// neither name not authentication type is important in this case
//ContentUser tempUser = new ContentUser(_defaultUserName, AuthenticationType.Windows);
// Generic client session to enumerate user certificates
using (ClientSession genericClientSession =
ClientSession.DefaultUserClientSession(AuthenticationType.Windows))
{
List <ContentUser> userList = new List <ContentUser>();
// if machine activation is not present we can return empty list right away
if (genericClientSession.IsMachineActivated())
{
int index = 0;
while (true)
{
// we get a string which can be parsed to get the ID and type
string userCertificate = genericClientSession.EnumerateLicense(EnumerateLicenseFlags.GroupIdentity, index);
if (userCertificate == null)
{
break;
}
// we need to parse the information out of the string
ContentUser user = ClientSession.ExtractUserFromCertificateChain(userCertificate);
// User specific client session to check it's status
using (ClientSession userClientSession = new ClientSession(user))
{
if (userClientSession.IsUserActivated())
{
userList.Add(user);
}
}
index++;
}
}
return(new ReadOnlyCollection <ContentUser>(userList));
}
}
/// <summary>
/// This property verifies whether the current machine was prepared for consuming and producing RM protected content.
/// If property returns true it could be used as an indication that Init function call will not result in a network transaction.
/// </summary>
public static bool IsUserActivated(ContentUser user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identified users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user", SR.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed);
}
using (ClientSession userClientSession = new ClientSession(user))
{
// if machine activation is not present we can return false right away
return(userClientSession.IsMachineActivated() && userClientSession.IsUserActivated());
}
}
//------------------------------------------------------
//
// Internal Constructor
//
//------------------------------------------------------
/// <summary>
/// Constructor.
/// </summary>
internal CryptoProvider(List <SafeRightsManagementHandle> boundLicenseHandleList,
List <RightNameExpirationInfoPair> rightsInfoList,
ContentUser owner)
{
Invariant.Assert(boundLicenseHandleList != null);
Invariant.Assert(boundLicenseHandleList.Count > 0);
Invariant.Assert(rightsInfoList != null);
Invariant.Assert(rightsInfoList.Count > 0);
// we expect a match between lists of the Right Information and the bound license handles
// we will be mapping those lists based on indexes
Invariant.Assert(rightsInfoList.Count == boundLicenseHandleList.Count);
Invariant.Assert(owner != null);
_boundLicenseHandleList = boundLicenseHandleList;
_boundRightsInfoList = rightsInfoList;
_owner = owner;
}
/// <summary>
/// Removes activation for a given user. User must have Windows or Passport authnetication
/// </summary>
public static void RemoveActivatedUser(ContentUser user)
{
SecurityHelper.DemandRightsManagementPermission();
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identifyed users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed));
}
// Generic client session to enumerate user certificates
using (ClientSession userClientSession = new ClientSession(user))
{
// Remove Licensor certificastes first
List <string> userClientLicensorCertificateIds =
userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.ClientLicensor);
// and now we can remove certificates that have been enumerated
foreach (string licenseId in userClientLicensorCertificateIds)
{
userClientSession.DeleteLicense(licenseId);
}
// Remove User's identity certificastes second
List <string> userGroupIdentityCertificateIds =
userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.GroupIdentity);
// and now we can remove certificates that have been enumerated
foreach (string licenseId in userGroupIdentityCertificateIds)
{
userClientSession.DeleteLicense(licenseId);
}
}
}
/// <summary>
/// This static Method builds a new instance of a secure environment for a given user that is assumed to be already activated.
/// client Application can use GetActivatedUsers property to enumerate Activated users.
/// </summary>
private static SecureEnvironment CriticalCreate(string applicationManifest, ContentUser user)
{
if (applicationManifest == null)
{
throw new ArgumentNullException("applicationManifest");
}
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identifyed users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user");
}
if (!IsUserActivated(user))
{
throw new RightsManagementException(RightsManagementFailureCode.NeedsGroupIdentityActivation);
}
ClientSession clientSession = new ClientSession(user);
try
{
clientSession.BuildSecureEnvironment(applicationManifest);
return(new SecureEnvironment(applicationManifest, user, clientSession));
}
catch
{
clientSession.Dispose();
throw;
}
}
/// <summary>
/// Constructor for the read only ContentGrant class. It takes values for
/// user, right, validFrom, and validUntil as parameters.
/// </summary>
public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil)
{
SecurityHelper.DemandRightsManagementPermission();
// Add validation here
if (user == null)
{
throw new ArgumentNullException("user");
}
if ((right != ContentRight.View) &&
(right != ContentRight.Edit) &&
(right != ContentRight.Print) &&
(right != ContentRight.Extract) &&
(right != ContentRight.ObjectModel) &&
(right != ContentRight.Owner) &&
(right != ContentRight.ViewRightsData) &&
(right != ContentRight.Forward) &&
(right != ContentRight.Reply) &&
(right != ContentRight.ReplyAll) &&
(right != ContentRight.Sign) &&
(right != ContentRight.DocumentEdit) &&
(right != ContentRight.Export))
{
throw new ArgumentOutOfRangeException("right");
}
if (validFrom > validUntil)
{
throw new ArgumentOutOfRangeException("validFrom");
}
_user = user;
_right = right;
_validFrom = validFrom;
_validUntil = validUntil;
}
/// <summary>
/// Constructor for the read only ContentGrant class. It takes values for
/// user, right, validFrom, and validUntil as parameters.
/// </summary>
public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil)
{
SecurityHelper.DemandRightsManagementPermission();
// Add validation here
if (user == null)
{
throw new ArgumentNullException("user");
}
if ((right != ContentRight.View) &&
(right != ContentRight.Edit) &&
(right != ContentRight.Print) &&
(right != ContentRight.Extract) &&
(right != ContentRight.ObjectModel) &&
(right != ContentRight.Owner) &&
(right != ContentRight.ViewRightsData) &&
(right != ContentRight.Forward) &&
(right != ContentRight.Reply) &&
(right != ContentRight.ReplyAll) &&
(right != ContentRight.Sign) &&
(right != ContentRight.DocumentEdit) &&
(right != ContentRight.Export))
{
throw new ArgumentOutOfRangeException("right");
}
if (validFrom > validUntil)
{
throw new ArgumentOutOfRangeException("validFrom");
}
_user = user;
_right = right;
_validFrom = validFrom;
_validUntil = validUntil;
}
internal ClientSession(
ContentUser user,
UserActivationMode userActivationMode)
{
Invariant.Assert(user != null);
Invariant.Assert((userActivationMode == UserActivationMode.Permanent) ||
(userActivationMode == UserActivationMode.Temporary));
_user = user;
_userActivationMode = userActivationMode;
// prepare callback handler
_callbackHandler = new CallbackHandler();
int hr = SafeNativeMethods.DRMCreateClientSession(
_callbackHandler.CallbackDelegate,
NativeConstants.DrmCallbackVersion,
_user.AuthenticationProviderType,
_user.Name,
out _hSession);
Errors.ThrowOnErrorCode(hr);
Invariant.Assert((_hSession != null) && (!_hSession.IsInvalid));
}
/// <summary>
/// Load a use license for the specified user from the RM transform's instance data
/// storage in the compound file.
/// </summary>
/// <param name="userKey">
/// The user whose use license is desired.
/// </param>
/// <returns>
/// The use license for the specified user, or null if the compound file does not
/// contain a use license for the specified user.
/// </returns>
/// <exception cref="ArgumentNullException">
/// If <paramref name="userKey"/> is null.
/// </exception>
/// <exception cref="FileFormatException">
/// If the RM information in this file cannot be read by the current version of
/// this class.
/// </exception>
public UseLicense LoadUseLicense(ContentUser userKey)
{
return _rmet.LoadUseLicense(userKey);
}
/// <summary>
/// Constructor for the read only ContentGrant class. It takes values for user and right as parameters.
/// </summary>
public ContentGrant(ContentUser user, ContentRight right)
: this(user, right, DateTime.MinValue, DateTime.MaxValue)
{
}
private SafeRightsManagementPubHandle GetHandleFromUser(ContentUser user)
{
SafeRightsManagementPubHandle userHandle = null;
int hr;
// We need to create Internal Authnetication type Users differently
if (user.GenericEquals(ContentUser.AnyoneUser) || user.GenericEquals(ContentUser.OwnerUser))
{
// Anyone user
hr = SafeNativeMethods.DRMCreateUser(
user.Name, // This is an optional UI Name (some applications use this and do not work well when it is missing)
user.Name, // that would be string Anyone or Owner
ConvertAuthenticationTypeToString(user), // this would be internal
out userHandle);
}
else
{
// Windws Passport or WindowsPassport authentication type user
hr = SafeNativeMethods.DRMCreateUser(
user.Name,
null,
ConvertAuthenticationTypeToString(user),
out userHandle);
}
Errors.ThrowOnErrorCode(hr);
Debug.Assert((userHandle != null) && (!userHandle.IsInvalid));
_pubHandlesList.Add(userHandle);
return userHandle;
}
public static void RemoveActivatedUser(ContentUser user)
{
throw new NotImplementedException();
}
/// <summary>
/// This static Method builds a new instance of a secure environment for a given user that is assumed to be already activated.
/// client Application can use GetActivatedUsers property to enumerate Activated users.
/// </summary>
private static SecureEnvironment CriticalCreate(string applicationManifest, ContentUser user)
{
if (applicationManifest == null)
{
throw new ArgumentNullException("applicationManifest");
}
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identifyed users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user");
}
if (!IsUserActivated(user))
{
throw new RightsManagementException(RightsManagementFailureCode.NeedsGroupIdentityActivation);
}
ClientSession clientSession = new ClientSession(user);
try
{
clientSession.BuildSecureEnvironment(applicationManifest);
return new SecureEnvironment(applicationManifest, user, clientSession);
}
catch
{
clientSession.Dispose();
throw;
}
}
/// <summary>
/// This static Method builds a new instance of a SecureEnvironment for a given user that is already
/// activated. If this method called with a user that isn't activated, and exception will be thrown.
/// The user that is passed into the function must have a well defined authentication type
/// AuthenticationType.Windows or AuthenticationType.Passport, all other Authentication
/// types(AuthenticationType.WindowsPassport or AuthenticationType.Internal) are not allowed.
/// </summary>
public static SecureEnvironment Create(string applicationManifest,
ContentUser user)
{
return(CriticalCreate(applicationManifest, user));
}
// We currently don’t use these two methods, but they may be useful in the future.
// So we keep them in the debug build only, and changed them from internal methods
// to private methods to remove them from asmmeta files.
#if DEBUG
private static List<ContentGrant> GetGrantsFromBoundUseLicense(
SafeRightsManagementHandle boundUseLicenseHandle, ContentUser user)
{
Invariant.Assert(!boundUseLicenseHandle.IsInvalid);
List<ContentGrant> resultList = new List<ContentGrant>(10);
// Go through each ContentRight within group item
for (uint rightIndex = 0; ; rightIndex++)
{
// extract object information from each Work Item
SafeRightsManagementHandle rightQueryHandle = null;
int hr = SafeNativeMethods.DRMGetBoundLicenseObject(
boundUseLicenseHandle,
NativeConstants.QUERY_RIGHT,
rightIndex,
out rightQueryHandle);
if ((hr == (int)RightsManagementFailureCode.NoMoreData) ||
(hr == (int)RightsManagementFailureCode.QueryReportsNoResults))
{
// we got to the end of the RIGHT's list
break;
}
Errors.ThrowOnErrorCode(hr);
Debug.Assert((rightQueryHandle != null) && (!rightQueryHandle.IsInvalid));
using (rightQueryHandle)
{
// We got to the "right" object, now we can ask for the name
string rightName = GetBoundLicenseStringAttribute(rightQueryHandle, NativeConstants.QUERY_NAME, 0);
// if it is one of the erights that we "understand" we can proceed to query the time interval
Nullable<ContentRight> right = GetRightFromString(rightName);
if (right != null)
{
DateTime timeFrom = DateTime.MinValue;
DateTime timeUntil = DateTime.MaxValue;
SafeRightsManagementHandle rangeTimeQueryHandle = null;
hr = SafeNativeMethods.DRMGetBoundLicenseObject(
rightQueryHandle,
NativeConstants.QUERY_RANGETIMECONDITION,
0,
out rangeTimeQueryHandle);
if ((hr != (int)RightsManagementFailureCode.NoMoreData) &&
(hr != (int)RightsManagementFailureCode.QueryReportsNoResults))
{
Errors.ThrowOnErrorCode(hr);
Debug.Assert((rangeTimeQueryHandle != null) && (!rangeTimeQueryHandle.IsInvalid));
using (rangeTimeQueryHandle)
{
timeFrom = GetBoundLicenseDateTimeAttribute(
rangeTimeQueryHandle,
NativeConstants.QUERY_FROMTIME,
0,
DateTime.MinValue);
timeUntil = GetBoundLicenseDateTimeAttribute(
rangeTimeQueryHandle,
NativeConstants.QUERY_UNTILTIME,
0,
DateTime.MaxValue);
}
}
resultList.Add(new ContentGrant(user, right.Value, timeFrom, timeUntil));
}
}
}
return resultList;
}
public ContentGrant(ContentUser user, ContentRight right)
{
throw new NotImplementedException();
}
/// <summary>
/// This property verifies whether the current machine was prepared for consuming and producing RM protected content.
/// If property returns true it could be used as an indication that Init function call will not result in a network transaction.
/// </summary>
public static bool IsUserActivated(ContentUser user)
{
SecurityHelper.DemandRightsManagementPermission();
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identified users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed));
}
using (ClientSession userClientSession = new ClientSession(user))
{
// if machine activation is not present we can return false right away
return (userClientSession.IsMachineActivated() && userClientSession.IsUserActivated());
}
}
/// <summary>
/// Constructor for the read only ContentGrant class. It takes values for user and right as parameters.
/// </summary>
public ContentGrant(ContentUser user, ContentRight right)
: this(user, right, DateTime.MinValue, DateTime.MaxValue)
{
}
private void GetIssuanceLicenseInfo(
out DateTime timeFrom,
out DateTime timeUntil,
DistributionPointInfo distributionPointInfo,
out string distributionPointName,
out string distributionPointUri,
out ContentUser owner,
out bool officialFlag)
{
uint distributionPointNameLength = 0;
uint distributionPointUriLength = 0;
bool officialFlagTemp = false;
SafeRightsManagementPubHandle ownerHandleTemp = null;
int hr = SafeNativeMethods.DRMGetIssuanceLicenseInfo(
_issuanceLicenseHandle,
null,
null,
(uint)distributionPointInfo,
ref distributionPointNameLength,
null,
ref distributionPointUriLength,
null,
out ownerHandleTemp,
out officialFlagTemp);
Errors.ThrowOnErrorCode(hr);
if (ownerHandleTemp != null)
{
// As a result of calling DRMGetIssuanceLicenseInfo twice,
// we are getting 2 handles. We are going to dispose the first one
// and preserve the second one.
ownerHandleTemp.Dispose();
ownerHandleTemp = null;
}
StringBuilder distributionPointNameTemp = null;
// allocate memory as necessary, it seems that Unmanaged libraries really do not like
// getting a non null buffer of size 0
if (distributionPointNameLength > 0)
{
distributionPointNameTemp = new StringBuilder(checked((int)distributionPointNameLength));
}
StringBuilder distributionPointUriTemp = null;
// allocate memory as necessary, it seems that Unmanaged libraries really do not like
// getting a non null buffer of size 0
if (distributionPointUriLength > 0)
{
distributionPointUriTemp = new StringBuilder(checked((int)distributionPointUriLength));
}
SystemTime timeFromTemp = new SystemTime(DateTime.Now);
SystemTime timeUntilTemp = new SystemTime(DateTime.Now);
hr = SafeNativeMethods.DRMGetIssuanceLicenseInfo(
_issuanceLicenseHandle,
timeFromTemp,
timeUntilTemp,
(uint)distributionPointInfo,
ref distributionPointNameLength,
distributionPointNameTemp,
ref distributionPointUriLength,
distributionPointUriTemp,
out ownerHandleTemp,
out officialFlagTemp);
Errors.ThrowOnErrorCode(hr);
timeFrom = timeFromTemp.GetDateTime(DateTime.MinValue);
timeUntil = timeUntilTemp.GetDateTime(DateTime.MaxValue);
// only if we got some data back we shall try to process it
if (distributionPointNameTemp != null)
{
distributionPointName = distributionPointNameTemp.ToString();
}
else
{
distributionPointName = null;
}
// only if we got some data back we shall try to process it
if (distributionPointUriTemp != null)
{
distributionPointUri = distributionPointUriTemp.ToString();
}
else
{
distributionPointUri = null;
}
// if we have owner let's convert it to a user and preserve
// handler for further destruction
owner = null;
if (ownerHandleTemp != null)
{
_pubHandlesList.Add(ownerHandleTemp);
if (!ownerHandleTemp.IsInvalid)
{
owner = GetUserFromHandle(ownerHandleTemp);
}
}
officialFlag = officialFlagTemp;
}
/// <summary>
/// constructor that buils an issuance license from scratch
/// </summary>
private void Initialize(
DateTime validFrom,
DateTime validUntil,
string referralInfoName,
Uri referralInfoUri,
ContentUser owner,
string issuanceLicense,
SafeRightsManagementHandle boundLicenseHandle,
Guid contentId,
ICollection<ContentGrant> grantCollection,
IDictionary<int, LocalizedNameDescriptionPair> localizedNameDescriptionDictionary,
IDictionary<string, string> applicationSpecificDataDictionary,
int rightValidityIntervalDays,
RevocationPoint revocationPoint)
{
// according to the unmanaged RM SDK spec only the following scenarios are supported:
// 1. This can be called to create an issuance license from a template.
// issuanceLicense An unsigned issuance license from
// a file or by passing an issuance license
// handle into DRMGetIssuanceLicenseTemplate
// boundLicenseHandle NULL
//
// 2. This allows you to reuse rights information (the list follows this table).
// issuance license A signed issuance license
// boundLicenseHandle Handle to license bound by OWNER or VIEWRIGHTSDATA right
//
// 3. This creates an issuance license from scratch. It includes no users, rights, metadata, or policies.
// issuance license NULL
// boundLicenseHandle NULL
Debug.Assert(!boundLicenseHandle.IsClosed); // it must be either present or not
// closed handle is an indication of some internal error
Invariant.Assert((boundLicenseHandle.IsInvalid) || (issuanceLicense != null));
SystemTime validFromSysTime = null;
SystemTime validUntilSysTime = null;
if ((validFrom != DateTime.MinValue) || (validUntil != DateTime.MaxValue))
{
// we need to use non null values if at least one of the time boundaries isn't default
// DRM SDK will not enforce date time unless both timeFrom and timeUnti are set
validFromSysTime = new SystemTime((DateTime)validFrom);
validUntilSysTime = new SystemTime((DateTime)validUntil);
}
string referralInfoUriStr = null;
if (referralInfoUri != null)
{
referralInfoUriStr = referralInfoUri.ToString();
}
// input parameter must be initialized to the invalid handle
// attempt to pass in a null throws an exception from the Safe
// Handle Marshalling code
SafeRightsManagementPubHandle ownerHandle;
if (owner != null)
{
ownerHandle = GetHandleFromUser(owner);
}
else
{
ownerHandle = SafeRightsManagementPubHandle.InvalidHandle;
}
int hr;
_issuanceLicenseHandle = null;
hr = SafeNativeMethods.DRMCreateIssuanceLicense(
validFromSysTime,
validUntilSysTime,
referralInfoName,
referralInfoUriStr,
ownerHandle,
issuanceLicense,
boundLicenseHandle,
out _issuanceLicenseHandle);
Errors.ThrowOnErrorCode(hr);
Invariant.Assert((_issuanceLicenseHandle != null) &&
(!_issuanceLicenseHandle.IsInvalid));
Debug.Assert(rightValidityIntervalDays >= 0); // our internal code makes the guarantee that is is not negative
if (rightValidityIntervalDays > 0)
{
// If it is 0 we shouldn't override the value as it might be coming from a template
SafeNativeMethods.DRMSetIntervalTime(_issuanceLicenseHandle, (uint)rightValidityIntervalDays);
}
if (grantCollection != null)
{
foreach (ContentGrant grant in grantCollection)
{
AddGrant(grant);
}
}
// Set localized name description info
if (localizedNameDescriptionDictionary != null)
{
foreach (KeyValuePair<int, LocalizedNameDescriptionPair> nameDescriptionEntry in localizedNameDescriptionDictionary)
{
AddNameDescription(nameDescriptionEntry.Key, nameDescriptionEntry.Value);
}
}
// Set application specific data
if (applicationSpecificDataDictionary != null)
{
foreach (KeyValuePair<string, string> applicationSpecificDataEntry in applicationSpecificDataDictionary)
{
AddApplicationSpecificData(applicationSpecificDataEntry.Key, applicationSpecificDataEntry.Value);
}
}
// set metafata as required
if (contentId != null)
{
hr = SafeNativeMethods.DRMSetMetaData(
_issuanceLicenseHandle,
contentId.ToString("B"),
DefaultContentType,
null,
null,
null,
null);
Errors.ThrowOnErrorCode(hr);
}
// set revocation point if required
if (revocationPoint != null)
{
SetRevocationPoint(revocationPoint);
}
}
/// <summary>
/// Save a use license for the specified user into the RM transform's instance data
/// storage in the compound file.
/// </summary>
/// <param name="userKey">
/// The user to whom the use license was issued.
/// </param>
/// <param name="useLicense">
/// The use license issued to that user.
/// </param>
/// <remarks>
/// Any existing use license for the specified user is removed from the compound
/// file before the new use license is saved.
/// </remarks>
/// <exception cref="ArgumentNullException">
/// If <paramref name="userKey"/> or <paramref name="useLicense"/> is null.
/// </exception>
/// <exception cref="FileFormatException">
/// If the RM information in this file cannot be written by the current version of
/// this class.
/// </exception>
public void SaveUseLicense(ContentUser userKey, UseLicense useLicense)
{
_rmet.SaveUseLicense(userKey, useLicense);
}
/// <summary>
/// Delete the use license for the specified user from the RM transform's instance
/// data storage in the compound file.
/// </summary>
/// <param name="userKey">
/// The user whose use license is to be deleted.
/// </param>
/// <exception cref="ArgumentNullException">
/// If <paramref name="userKey"/> is null.
/// </exception>
/// <exception cref="FileFormatException">
/// If the RM information in this file cannot be updated by the current version of
/// this class.
/// </exception>
public void DeleteUseLicense(ContentUser userKey)
{
_rmet.DeleteUseLicense(userKey);
}
/// <summary>
/// This function is used to build a List of certificates of a given type (Licensor or Identity)
/// From all of the certificates based on the matching of the User Id
/// </summary>
internal List<string> EnumerateUsersCertificateIds(
ContentUser user,
EnumerateLicenseFlags certificateType)
{
CheckDisposed();
if ((certificateType != EnumerateLicenseFlags.Machine) &&
(certificateType != EnumerateLicenseFlags.GroupIdentity) &&
(certificateType != EnumerateLicenseFlags.GroupIdentityName) &&
(certificateType != EnumerateLicenseFlags.GroupIdentityLid) &&
(certificateType != EnumerateLicenseFlags.SpecifiedGroupIdentity) &&
(certificateType != EnumerateLicenseFlags.Eul) &&
(certificateType != EnumerateLicenseFlags.EulLid) &&
(certificateType != EnumerateLicenseFlags.ClientLicensor) &&
(certificateType != EnumerateLicenseFlags.ClientLicensorLid) &&
(certificateType != EnumerateLicenseFlags.SpecifiedClientLicensor) &&
(certificateType != EnumerateLicenseFlags.RevocationList) &&
(certificateType != EnumerateLicenseFlags.RevocationListLid) &&
(certificateType != EnumerateLicenseFlags.Expired))
{
throw new ArgumentOutOfRangeException("certificateType");
}
List<string> certificateIdList = new List<string>();
int index = 0;
// first enumerate certificates and find the ones that match given user
while (true)
{
// we get a string which can be parsed to get the ID and type
string currentUserCertificate = EnumerateLicense(certificateType, index);
if (currentUserCertificate == null)
break;
// we need to parse the information out of the string
ContentUser currentUser = ExtractUserFromCertificateChain(currentUserCertificate);
// let's see if we have a match on the User Id, if we do we need to add it to the list
if (user.GenericEquals(currentUser))
{
// we got a match let's preserve the certificate in the list
certificateIdList.Add(ClientSession.ExtractCertificateIdFromCertificateChain(currentUserCertificate));
}
index++;
}
return certificateIdList;
}
/// <summary>
/// Private Constructor for the SecureEnvironment.
/// </summary>
private SecureEnvironment(string applicationManifest,
ContentUser user,
ClientSession clientSession)
{
Invariant.Assert(applicationManifest != null);
Invariant.Assert(user != null);
Invariant.Assert(clientSession != null);
_user = user;
_applicationManifest = applicationManifest;
_clientSession = clientSession;
}
public static bool IsUserActivated(ContentUser user)
{
throw new NotImplementedException ();
}
/// <summary>
/// Removes activation for a given user. User must have Windows or Passport authnetication
/// </summary>
public static void RemoveActivatedUser(ContentUser user)
{
SecurityHelper.DemandRightsManagementPermission();
if (user == null)
{
throw new ArgumentNullException("user");
}
// we only let specifically identifyed users to be used here
if ((user.AuthenticationType != AuthenticationType.Windows) &&
(user.AuthenticationType != AuthenticationType.Passport))
{
throw new ArgumentOutOfRangeException("user", SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed));
}
// Generic client session to enumerate user certificates
using (ClientSession userClientSession = new ClientSession(user))
{
// Remove Licensor certificastes first
List<string> userClientLicensorCertificateIds =
userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.ClientLicensor);
// and now we can remove certificates that have been enumerated
foreach(string licenseId in userClientLicensorCertificateIds)
{
userClientSession.DeleteLicense(licenseId);
}
// Remove User's identity certificastes second
List<string> userGroupIdentityCertificateIds =
userClientSession.EnumerateUsersCertificateIds(user, EnumerateLicenseFlags.GroupIdentity);
// and now we can remove certificates that have been enumerated
foreach(string licenseId in userGroupIdentityCertificateIds)
{
userClientSession.DeleteLicense(licenseId);
}
}
}
public static bool IsUserActivated(ContentUser user)
{
throw new NotImplementedException();
}
MakeTypePrefixedUserName(
ContentUser user
)
{
// Use 9 since we don't do extra allocation for user.AuthenticationType.ToString()
// to get the accurate length
StringBuilder userName = new StringBuilder(9 /* for Windows: or Passport: */ + user.Name.Length);
userName.Append(user.AuthenticationType.ToString());
userName.Append(':');
userName.Append(user.Name);
return userName.ToString();
}
/// <summary>
/// Converts Authentication type enumeration into a string that can be accepted by the unmanaged code
/// </summary>
private string ConvertAuthenticationTypeToString(ContentUser user)
{
if (user.AuthenticationType == AuthenticationType.WindowsPassport)
{
return UnspecifiedAuthenticationType;
}
else
{
return user.AuthenticationType.ToString();
}
}
LoadUseLicense(
ContentUser user
)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
LoadUseLicenseForUserParams param = new LoadUseLicenseForUserParams(user);
EnumUseLicenseStreams(
new UseLicenseStreamCallback(this.LoadUseLicenseForUser),
param
);
return param.UseLicense;
}
SaveUseLicense(
ContentUser user,
UseLicense useLicense
)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (useLicense == null)
{
throw new ArgumentNullException("useLicense");
}
if (user.AuthenticationType != AuthenticationType.Windows &&
user.AuthenticationType != AuthenticationType.Passport)
{
throw new ArgumentException(
SR.Get(SRID.OnlyPassportOrWindowsAuthenticatedUsersAreAllowed),
"user"
);
}
//
// Delete any existing use license for this user.
//
EnumUseLicenseStreams(
new UseLicenseStreamCallback(this.DeleteUseLicenseForUser),
user
);
//
// Save the new use license for this user in a new stream.
//
SaveUseLicenseForUser(user, useLicense);
}
public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil)
{
throw new NotImplementedException();
}
DeleteUseLicense(
ContentUser user
)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
EnumUseLicenseStreams(
new UseLicenseStreamCallback(this.DeleteUseLicenseForUser),
user
);
}
private static List<ContentGrant> GetGrantsFromBoundUseLicenseList(
List<SafeRightsManagementHandle> boundUseLicenseHandleList, ContentUser user)
{
Invariant.Assert(boundUseLicenseHandleList != null);
List<ContentGrant> resultList = new List<ContentGrant>(boundUseLicenseHandleList.Count);
// Go through each ContentRight within group item
foreach (SafeRightsManagementHandle boundUseLicenseHandle in boundUseLicenseHandleList)
{
Debug.Assert(!boundUseLicenseHandle.IsInvalid);
List<ContentGrant> newList = GetGrantsFromBoundUseLicense(boundUseLicenseHandle, user);
foreach (ContentGrant newGrant in newList)
{
resultList.Add(newGrant);
}
}
return resultList;
}
LoadUseLicenseAndUserFromStream(
BinaryReader utf8Reader,
out ContentUser user
)
{
utf8Reader.BaseStream.Seek(0, SeekOrigin.Begin);
//
// The stream begins with a header of the following format:
//
// Int32 headerLength
// Int32 userNameLen
// Byte userName[userNameLen]
//
// ... and then continues with:
//
// In32 useLicenseLen
// Byte useLicense[useLicenseLen];
//
Int32 headerLength = utf8Reader.ReadInt32();
if (headerLength < UseLicenseStreamLengthMin)
{
throw new FileFormatException(SR.Get(SRID.UseLicenseStreamCorrupt));
}
//
// The type-prefixed user name string (e.g., "windows:domain\alias") was
// treated as a sequence of little-Endian UTF-16 characters. The octet
// sequence representing those characters in that encoding were Base-64
// encoded. The resulting character string was then UTF-8 encoded. The
// resulting byte-length-prefixed UTF-8 byte sequence is what was stored
// in the use license stream.
//
string base64UserName = ReadLengthPrefixedString(utf8Reader, Encoding.UTF8, UserNameLengthMax);
byte[] userNameBytes = Convert.FromBase64String(base64UserName);
string typePrefixedUserName =
new string(
_unicodeEncoding.GetChars(userNameBytes)
);
//
// Create and return the user object specified by the type-prefixed name.
// If the type-prefixed name is not in a valid format, a FileFormatException
// will be thrown.
//
AuthenticationType authenticationType;
string userName;
ParseTypePrefixedUserName(typePrefixedUserName, out authenticationType, out userName);
user = new ContentUser(userName, authenticationType);
//
// Read the use license as a length-prefixed string, and return it. If the stream
// is shorter than the length prefix implies, an exception will be thrown.
//
return new UseLicense(
ReadLengthPrefixedString(utf8Reader, Encoding.UTF8, UseLicenseLengthMax)
);
}
internal ClientSession(ContentUser user)
:
this(user, UserActivationMode.Permanent)
{
}
SaveUseLicenseForUser(
ContentUser user,
UseLicense useLicense
)
{
//
// Generate a unique name for the use license stream, and create the stream.
//
string useLicenseStreamName = MakeUseLicenseStreamName();
StreamInfo si = new StreamInfo(_useLicenseStorage, useLicenseStreamName);
// This guarantees a call to Stream.Dispose, which is equivalent to Stream.Close.
using (Stream licenseStream = si.Create())
{
// Create a BinaryWriter on the stream.
using (BinaryWriter utf8Writer = new BinaryWriter(licenseStream, Encoding.UTF8))
{
//
// Construct a type-prefixed user name of the form
// "Passport:[....][email protected]" or "Windows:domain\username",
// depending on the authentication type of the user.
//
string typePrefixedUserName = MakeTypePrefixedUserName(user);
//
// For compatibility with Office, Base64 encode the type-prefixed user name
// for the sake of some minimal obfuscation. The parameters to the
// UnicodeEncoding ctor mean: "UTF-16 little-endian, no byte order mark".
// Then convert the Base64 characters to UTF-8 encoding.
//
byte [] userNameBytes = _unicodeEncoding.GetBytes(typePrefixedUserName);
string base64UserName = Convert.ToBase64String(userNameBytes);
byte [] utf8Bytes = Encoding.UTF8.GetBytes(base64UserName);
Int32 utf8ByteLength = utf8Bytes.Length;
//
// Write out a header preceding the use license. The header is of the form:
// Int32 headerLength
// Int32 userNameLength (in bytes)
// Byte userName[userNameLength]
// Byte paddings
Int32 headerLength =
checked (
2 * CU.Int32Size +
utf8ByteLength +
CU.CalculateDWordPadBytesLength(utf8ByteLength));
utf8Writer.Write(headerLength);
utf8Writer.Write(utf8ByteLength);
utf8Writer.Write(utf8Bytes, 0, utf8ByteLength);
WriteDwordPadding(utf8ByteLength, utf8Writer);
//
// Write out the use license itself.
//
WriteByteLengthPrefixedDwordPaddedString(useLicense.ToString(), utf8Writer, Encoding.UTF8);
}
}
}
public static SecureEnvironment Create(string applicationManifest, ContentUser user)
{
throw new NotImplementedException ();
}
LoadUseLicenseForUserParams(
ContentUser user
)
{
_user = user;
_useLicense = null;
}
public static void RemoveActivatedUser(ContentUser user)
{
throw new NotImplementedException ();
}
public static SecureEnvironment Create(string applicationManifest, ContentUser user)
{
throw new NotImplementedException();
}
