}// CreatePermissionSetFromAllPolicy
internal static String BuildMCDisplayName(String sName)
{
String sOutString = sName;
byte[] ab = new byte[16];
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(
new StrongNamePublicKeyBlob(ab), null, null);
HashMembershipCondition hmc = new HashMembershipCondition(
System.Security.Cryptography.HashAlgorithm.Create(), ab);
String[] args = sName.Split(new char[] { ' ' });
String[] argsSN = snmc.ToString().Split(new char[] { ' ' });
String[] argsH = hmc.ToString().Split(new char[] { ' ' });
if (args[0].Equals(argsSN[0]) || args[0].Equals(argsH[0]))
{
sOutString = args[0];
}
else if (args.Length == 3 && args[1].Equals("-"))
{
sOutString = args[0] + ": " + args[2];
}
return(sOutString);
}// BuildMCDisplayName
public void FromXml_PolicyLevelNull()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
hash.FromXml(se, null);
}
public void GetHashCode_()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
HashMembershipCondition copy = (HashMembershipCondition)hash.Copy();
Assert.AreEqual(hash.GetHashCode(), copy.GetHashCode());
}
public void Constructor_MD5()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
Assert.IsNotNull(hash);
Assert.AreEqual(md5, hash.HashAlgorithm, "HashAlgorithm");
Assert.AreEqual(BitConverter.ToString(digestMd5), BitConverter.ToString(hash.HashValue), "HashValue");
}
public void Copy()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
HashMembershipCondition copy = (HashMembershipCondition)hash.Copy();
Assert.AreEqual(hash, copy, "Equals");
Assert.IsFalse(Object.ReferenceEquals(hash, copy), "ReferenceEquals");
}
public void Constructor_SHA1()
{
HashMembershipCondition hash = new HashMembershipCondition(sha1, digestSha1);
Assert.IsNotNull(hash);
Assert.AreEqual(sha1, hash.HashAlgorithm, "HashAlgorithm");
Assert.AreEqual(BitConverter.ToString(digestSha1), BitConverter.ToString(hash.HashValue), "HashValue");
}
public void FromXml_InvalidTag()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
se.Tag = "IMonoship";
hash.FromXml(se);
}
public void FromXml_WrongTagCase()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
se.Tag = "IMEMBERSHIPCONDITION"; // instehash of IMembershipCondition
hash.FromXml(se);
}
public void FromXml_InvalidClass()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
se.Attributes ["class"] = "Hello world";
hash.FromXml(se);
}
public void ToString_()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
Assert.IsTrue(hash.ToString().StartsWith("Hash - System.Security.Cryptography.MD5"), "MD5");
hash = new HashMembershipCondition(sha1, digestSha1);
Assert.IsTrue(hash.ToString().StartsWith("Hash - System.Security.Cryptography.SHA1"), "SHA1");
}
public void FromXml_NoVersion()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
hash.FromXml(w);
}
public void ToXml()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
Assert.AreEqual("IMembershipCondition", se.Tag, "Tag");
Assert.IsTrue(se.Attribute("class").StartsWith("System.Security.Policy.HashMembershipCondition"), "class");
Assert.AreEqual("1", se.Attribute("version"), "version");
Assert.AreEqual(se.ToString(), hash.ToXml(null).ToString(), "ToXml(null)");
Assert.AreEqual(se.ToString(), hash.ToXml(PolicyLevel.CreateAppDomainLevel()).ToString(), "ToXml(PolicyLevel)");
}
public void FromXml_NoClass()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("version", se.Attribute("version"));
hash.FromXml(w);
// doesn't even care of the class attribute presence
}
public void FromXml_InvalidVersion()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
w.AddAttribute("version", "2");
hash.FromXml(w);
// doesn't seems to care about the version number!
}
public void FromXml_Empty_ToString()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
SecurityElement se = hash.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
w.AddAttribute("version", "1");
hash.FromXml(w);
// this is accepted - but doesn't include a hash algorithm or value
// both would throw ArgumentNullException from the constructor
string s = hash.ToString();
}
public static void HashMembershipConditionCallMethods()
{
HashMembershipCondition hmc = new HashMembershipCondition(Cryptography.SHA1.Create(), new byte[1]);
bool check = hmc.Check(new Evidence());
IMembershipCondition obj = hmc.Copy();
check = hmc.Equals(new object());
int hash = hmc.GetHashCode();
string str = hmc.ToString();
SecurityElement se = new SecurityElement("");
PolicyLevel pl = (PolicyLevel)FormatterServices.GetUninitializedObject(typeof(PolicyLevel));
hmc.FromXml(se);
hmc.FromXml(se, pl);
se = hmc.ToXml();
se = hmc.ToXml(pl);
}
public void Equals()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
Assert.IsFalse(hash.Equals(null), "Equals(null)");
Assert.IsFalse(hash.Equals(new object()), "Equals (object)");
HashMembershipCondition h2 = new HashMembershipCondition(md5, digestMd5);
Assert.IsTrue(hash.Equals(h2), "Equals(h2)");
Assert.IsTrue(h2.Equals(hash), "Equals(hash)");
// same assembly but different algorithm / value
hash = new HashMembershipCondition(sha1, digestSha1);
Assert.IsFalse(hash.Equals(h2), "Equals(h2)");
Assert.IsFalse(h2.Equals(hash), "Equals(hash)");
}
public void HashValue()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
// we can't change the instance data by getting a reference inside it
byte[] value = hash.HashValue;
value [0] ^= 0xFF;
Assert.IsFalse(value [0] == hash.HashValue [0], "reference");
Assert.AreEqual(BitConverter.ToString(digestMd5), BitConverter.ToString(hash.HashValue), "HashValue");
// and we can't change the instance data by keeping a reference to what we supply
hash.HashValue = value;
byte old_value = value [0];
value [0] += 42;
Assert.IsFalse(value [0] == hash.HashValue [0], "reference-2");
Assert.AreEqual(old_value, hash.HashValue [0], "HashValue[0]");
}
public void Check()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
Evidence e = null;
Assert.IsFalse(hash.Check(e), "Check (null)");
e = new Evidence();
Assert.IsFalse(hash.Check(e), "Check (empty)");
e.AddHost(new Zone(SecurityZone.MyComputer));
Assert.IsFalse(hash.Check(e), "Check (zone)");
e.AddAssembly(hashEvidence);
Assert.IsFalse(hash.Check(e), "Check (hash-assembly)");
e = new Evidence();
e.AddHost(hashEvidence);
Assert.IsTrue(hash.Check(e), "Check (MD5-host)");
hash = new HashMembershipCondition(sha1, digestSha1);
Assert.IsTrue(hash.Check(e), "Check (SHA1-host)");
}
}// TryToCreateFullTrust
private CodeGroup CreateCodegroup(PermissionSet pSet, bool fHighjackExisting)
{
// Now create our codegroup
// Figure out what membership condition to use
IMembershipCondition mc = null;
// If the assembly didn't have a publisher certificate or a strong name,
// then we must trust it by hash
int nTrustBy = m_fHasCertOrSName?Page3.HowToTrust:TrustBy.HASH;
if ((nTrustBy & TrustBy.SNAME) > 0)
{
// Let's get the strong name stuff together
StrongName sn = GetStrongName();
StrongNamePublicKeyBlob snpkb = sn.PublicKey;
Version v = null;
String sName = null;
if ((nTrustBy & TrustBy.SNAMEVER) > 0)
{
v = sn.Version;
}
if ((nTrustBy & TrustBy.SNAMENAME) > 0)
{
sName = sn.Name;
}
mc = new StrongNameMembershipCondition(snpkb, sName, v);
}
else if ((nTrustBy & TrustBy.PUBCERT) > 0)
{
// We're using the publisher certificate stuff
mc = new PublisherMembershipCondition(GetCertificate());
}
else // We'll trust by hash
{
Hash h = GetHash();
mc = new HashMembershipCondition(SHA1.Create(), h.SHA1);
}
// Figure out the policy level that we should put this in....
String sPolicyLevel = Page1.isForHomeUser?"Machine":"User";
PolicyLevel pl = Security.GetPolicyLevelFromLabel(sPolicyLevel);
// See if a codegroup for this already exists... and if it does, we'll just
// modify that.
CSingleCodeGroup scg = null;
CodeGroup cg = null;
if (fHighjackExisting)
{
scg = FindExistingCodegroup(pl, mc);
if (scg != null)
{
cg = scg.MyCodeGroup;
// Cool. We were able to find a codegroup to use. We'll
// need to strip off all the File and Net child codegroups
IEnumerator enumChildCodeGroups = cg.Children.GetEnumerator();
while (enumChildCodeGroups.MoveNext())
{
CodeGroup cgChild = (CodeGroup)enumChildCodeGroups.Current;
if (cgChild is NetCodeGroup || cgChild is FileCodeGroup)
{
// Ok to use CodeGroup.RemoveChild here we want to toast all
// File and Net codegroups... we don't care if the security system
// gets confused about which are which (if they don't have names)
cg.RemoveChild(cgChild);
}
}
}
}
// Create the codegroup... we're going to make this a level final
// codegroup, so if policy gets changes such that a lower-level policy
// level tries to deny permissions to this codegroup it will be unsuccessful.
PolicyStatement policystatement = new PolicyStatement(pSet, PolicyStatementAttribute.LevelFinal);
if (cg == null)
{
cg = new UnionCodeGroup(mc, policystatement);
String sCGName = Security.FindAGoodCodeGroupName(pl, "Wizard_");
cg.Name = sCGName;
cg.Description = CResourceStore.GetString("GeneratedCodegroup");
}
else
{
cg.PolicyStatement = policystatement;
}
// If this is a internet or intranet permission set, we also need to add some codegroups
if (pSet is NamedPermissionSet)
{
NamedPermissionSet nps = (NamedPermissionSet)pSet;
if (nps.Name.Equals("LocalIntranet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
cgChild = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery);
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "FileCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
else if (nps.Name.Equals("Internet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
}
// Add this codegroup to the root codegroup of the policy
// If there was already an existing one, just replace that...
if (scg != null)
{
Security.UpdateCodegroup(pl, scg);
}
else
{
pl.RootCodeGroup.AddChild(cg);
}
return(cg);
}// CreateCodegroup
public void FromXml_Null()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
hash.FromXml(null);
}
public void FromXml_SecurityElementNull()
{
HashMembershipCondition hash = new HashMembershipCondition(md5, digestMd5);
hash.FromXml(null, PolicyLevel.CreateAppDomainLevel());
}
