public void RemoveFullTrustAssembly_NullStrongNameMembershipCondition()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
StrongNameMembershipCondition snmc = null;
pl.RemoveFullTrustAssembly(snmc);
}
public void RemoveFullTrustAssembly_UnknownStrongNameMembershipCondition()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(new StrongNamePublicKeyBlob(snPublicKey), "Second", new Version("0.1.2.3"));
pl.RemoveFullTrustAssembly(snmc);
}
public void CreateMembershipConditionTest()
{
StrongName[] strongNames = new StrongName[]
{
typeof(object).Assembly.GetStrongName(),
typeof(System.Security.Cryptography.AesManaged).Assembly.GetStrongName(),
typeof(System.Security.Cryptography.Xml.SignedXml).Assembly.GetStrongName()
};
for (int i = 0; i < strongNames.Length; ++i)
{
StrongNameMembershipCondition mc = strongNames[i].CreateMembershipCondition();
for (int j = 0; j < strongNames.Length; ++j)
{
Evidence evidence = new Evidence(new object[] { strongNames[j] }, new object[0]);
if (i == j)
{
Assert.IsTrue(mc.Check(evidence));
}
else
{
Assert.IsFalse(mc.Check(evidence));
}
}
}
}
}// CreatePermissionSetFromAllPolicy
internal static String BuildMCDisplayName(String sName)
{
String sOutString = sName;
byte[] ab = new byte[16];
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(
new StrongNamePublicKeyBlob(ab), null, null);
HashMembershipCondition hmc = new HashMembershipCondition(
System.Security.Cryptography.HashAlgorithm.Create(), ab);
String[] args = sName.Split(new char[] { ' ' });
String[] argsSN = snmc.ToString().Split(new char[] { ' ' });
String[] argsH = hmc.ToString().Split(new char[] { ' ' });
if (args[0].Equals(argsSN[0]) || args[0].Equals(argsH[0]))
{
sOutString = args[0];
}
else if (args.Length == 3 && args[1].Equals("-"))
{
sOutString = args[0] + ": " + args[2];
}
return(sOutString);
}// BuildMCDisplayName
private void Common(StrongNameMembershipCondition snmc)
{
Assert.IsFalse(snmc.Check(allEmpty), "Check(allEmpty)");
Assert.IsFalse(snmc.Check(hostOther), "Check(hostOther)");
Assert.IsFalse(snmc.Check(assemblyEcmaCorlibVersion), "Check(assemblyEcmaCorlibVersion)");
Assert.IsFalse(snmc.Check(assemblyEcmaVersion), "Check(assemblyEcmaVersion)");
Assert.IsFalse(snmc.Check(assemblyMsSystemSecurityVersion), "Check(assemblyMsSystemSecurityVersion)");
Assert.IsFalse(snmc.Check(assemblyMsVersion), "Check(assemblyMsVersion)");
Assert.IsFalse(snmc.Check(assemblyOther), "Check(assemblyOther)");
StrongNameMembershipCondition copy = (StrongNameMembershipCondition)snmc.Copy();
Assert.IsTrue(copy.Equals(snmc), "copy.Equals (snmc)");
Assert.IsTrue(snmc.Equals(copy), "snmc.Equals (copy)");
copy.Name = null;
copy.Version = null;
bool original = ((snmc.Name == null) && (snmc.Version == null));
Assert.AreEqual(original, copy.Equals(snmc), "bad.Equals (snmc)");
Assert.AreEqual(original, snmc.Equals(copy), "snmc.Equals (bad)");
SecurityElement se = snmc.ToXml();
copy.FromXml(se);
Assert.AreEqual(snmc.PublicKey, copy.PublicKey, "PublicKey");
Assert.AreEqual(snmc.Name, copy.Name, "Name");
Assert.AreEqual(snmc.Version, copy.Version, "Version");
Assert.AreEqual(snmc.GetHashCode(), copy.GetHashCode(), "GetHashCode ()");
Assert.AreEqual(snmc.ToString(), copy.ToString(), "ToString ()");
Assert.IsTrue(copy.Equals(snmc), "xml.Equals (snmc)");
Assert.IsTrue(snmc.Equals(copy), "snmc.Equals (xml)");
}
public void FromXml_InvalidTag()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
SecurityElement se = snmc.ToXml();
se.Tag = "IMonoship";
snmc.FromXml(se);
}
public void FromXml_InvalidClass()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
SecurityElement se = snmc.ToXml();
se.Attributes ["class"] = "Hello world";
snmc.FromXml(se);
}
public void ToXml_Null()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
// no ArgumentNullException here
SecurityElement se = snmc.ToXml(null);
Assert.IsNotNull(se, "ToXml(null)");
}
public void FromXml_NoVersion()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
SecurityElement se = snmc.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
snmc.FromXml(w);
}
public void FromXml_NoClass()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
SecurityElement se = snmc.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("version", se.Attribute("version"));
snmc.FromXml(w);
// doesn't even care of the class attribute presence
}
public void AddFullTrustAssembly()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
int n = pl.FullTrustAssemblies.Count;
StrongName sn = new StrongName(new StrongNamePublicKeyBlob(snPublicKey), "First", new Version(1, 2, 3, 4));
pl.AddFullTrustAssembly(sn);
Assert.AreEqual(n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1");
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(new StrongNamePublicKeyBlob(snPublicKey), "Second", new Version("0.1.2.3"));
pl.AddFullTrustAssembly(snmc);
Assert.AreEqual(n + 2, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+2");
}
public void StrongNameMembershipCondition_MsKey()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(ms, null, null);
Assert.AreEqual(ms, snmc.PublicKey, "PublicKey");
Assert.IsNull(snmc.Name, "Name");
Assert.IsNull(snmc.Version, "Version");
Assert.AreEqual(ms.GetHashCode(), snmc.GetHashCode(), "GetHashCode ()");
Assert.IsFalse(snmc.Check(hostEcmaCorlibVersion), "Check(hostEcmaCorlibVersion)");
Assert.IsFalse(snmc.Check(hostEcmaVersion), "Check(hostEcmaVersion)");
Assert.IsTrue(snmc.Check(hostMsSystemSecurityVersion), "Check(hostMsSystemSecurityVersion)");
Assert.IsTrue(snmc.Check(hostMsVersion), "Check(hostMsVersion)");
Common(snmc);
}
public void StrongNameMembershipCondition_Mscorlib()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
Assert.AreEqual(blob, snmc.PublicKey, "PublicKey");
Assert.AreEqual("mscorlib", snmc.Name, "Name");
Assert.AreEqual(version, snmc.Version, "Version");
Assert.AreEqual(blob.GetHashCode(), snmc.GetHashCode(), "GetHashCode ()");
Assert.IsTrue(snmc.ToString().StartsWith("StrongName - 00000000000000000400000000000000 name = mscorlib version = "), "ToString ()");
Assert.IsTrue(snmc.Check(hostEcmaCorlibVersion), "Check(hostEcmaCorlibVersion)");
Assert.IsFalse(snmc.Check(hostEcmaVersion), "Check(hostEcmaVersion)");
Assert.IsFalse(snmc.Check(hostMsSystemSecurityVersion), "Check(hostMsSystemSecurityVersion)");
Assert.IsFalse(snmc.Check(hostMsVersion), "Check(hostMsVersion)");
Common(snmc);
}
[Category("NotMobile")] // mobile profile throws a NotSupportedException
public void FromXml_PolicyLevel()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
SecurityElement se = snmc.ToXml();
// is it accepted for all policy levels ?
IEnumerator e = SecurityManager.PolicyHierarchy();
while (e.MoveNext())
{
PolicyLevel pl = e.Current as PolicyLevel;
StrongNameMembershipCondition spl = new StrongNameMembershipCondition(blob, name, version);
spl.FromXml(se, pl);
Assert.IsTrue(spl.Equals(snmc), "FromXml(PolicyLevel='" + pl.Label + "')");
}
// yes!
}
public void StrongNameMembershipCondition_NullNameVersion()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, null, null);
Assert.AreEqual(blob, snmc.PublicKey, "PublicKey");
Assert.IsNull(snmc.Name, "Name");
Assert.IsNull(snmc.Version, "Version");
Assert.AreEqual(blob.GetHashCode(), snmc.GetHashCode(), "GetHashCode ()");
Assert.AreEqual("StrongName - 00000000000000000400000000000000", snmc.ToString(), "ToString ()");
Assert.IsTrue(snmc.Check(hostEcmaCorlibVersion), "Check(hostEcmaCorlibVersion)");
Assert.IsTrue(snmc.Check(hostEcmaVersion), "Check(hostEcmaVersion)");
Assert.IsFalse(snmc.Check(hostMsSystemSecurityVersion), "Check(hostMsSystemSecurityVersion)");
Assert.IsFalse(snmc.Check(hostMsVersion), "Check(hostMsVersion)");
Common(snmc);
}
public static void StrongNameMembershipConditionCallMethods()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(new StrongNamePublicKeyBlob(new byte[1]), "test", new Version(0, 1));
bool check = snmc.Check(new Evidence());
IMembershipCondition obj = snmc.Copy();
check = snmc.Equals(new object());
int hash = snmc.GetHashCode();
string str = snmc.ToString();
SecurityElement se = new SecurityElement("");
PolicyLevel pl = (PolicyLevel)FormatterServices.GetUninitializedObject(typeof(PolicyLevel));
snmc.FromXml(se);
snmc.FromXml(se, pl);
se = snmc.ToXml();
se = snmc.ToXml(pl);
}
}// onRestoreView
internal override int onDelete(Object o)
{
int nResultItem = (int)o - 1;
int hr = MessageBox(String.Format(CResourceStore.GetString("CTrustedAssemblies:VerifyRemove"), ((StrongNameMembershipCondition)m_ol[nResultItem]).Name),
CResourceStore.GetString("CTrustedAssemblies:VerifyRemoveTitle"),
MB.ICONQUESTION | MB.YESNO);
if (hr == MB.IDYES)
{
StrongNameMembershipCondition snmc = (StrongNameMembershipCondition)m_ol[nResultItem];
m_pl.RemoveFullTrustAssembly(snmc);
SecurityPolicyChanged();
RefreshData();
RefreshResultView();
}
return(HRESULT.S_OK);
}// onDelete
/// <summary>
/// Adds full trust assemblies to a policy level
/// </summary>
/// <param name="policyLevel">The policy level to add full trust assemblies</param>
/// <param name="fullTrustAssembliesPath">The file containing the public key blob</param>
private void AddFullTrustAssemblies(PolicyLevel policyLevel, string fullTrustAssembliesPath)
{
// create the query to get the membership conditions
XmlQuery membershipConditions = new XmlQuery();
membershipConditions.Load(fullTrustAssembliesPath);
membershipConditions.Select("/FullTrustAssemblies/PublicKeyBlob");
// for each mc found...
while (membershipConditions.Iterator.MoveNext())
{
// create a mc object
StrongNameMembershipCondition fullTrustedMC = StrongNameMembershipConditionBuilder.StrongNameMembershipConditionFromPublicKeyBlob(membershipConditions.Iterator.Current.ToString());
// add the full trust mc
//error CS0618: 'System.Security.Policy.PolicyLevel.AddFullTrustAssembly(System.Security.Policy.StrongNameMembershipCondition)' is obsolete: 'Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.'
//policyLevel.AddFullTrustAssembly(fullTrustedMC);
}
}
public static PermissionSet GetPermissionSet(this Assembly assembly)
{
// GAC assemblies are always fully trusted
if (assembly.GlobalAssemblyCache)
{
return(new PermissionSet(PermissionState.Unrestricted));
}
// If there is a HostSecurityManager it gets to determine the grant set of the assembly before
// considering any AppDomain state
else if (AppDomain.CurrentDomain.DomainManager != null &&
AppDomain.CurrentDomain.DomainManager.HostSecurityManager != null &&
(AppDomain.CurrentDomain.DomainManager.HostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
return(AppDomain.CurrentDomain.DomainManager.HostSecurityManager.ResolvePolicy(assembly.Evidence).Copy());
}
// If we're in a homogenous domain then this assembly is either granted the sandbox grant set or
// full trust if it is on the trusted assemblies list.
else if (AppDomain.CurrentDomain.IsHomogenous())
{
Evidence assemblyEvidence = assembly.Evidence;
// Check to see if the assembly matches an entry on the strong name list
foreach (StrongName fullTrustAssembly in AppDomain.CurrentDomain.ApplicationTrust.GetFullTrustAssemblies())
{
StrongNameMembershipCondition mc = fullTrustAssembly.CreateMembershipCondition();
if (mc.Check(assemblyEvidence))
{
return(new PermissionSet(PermissionState.Unrestricted));
}
}
// If there was no match on the strong name list, then the assembly is granted the sandbox
// permission set.
return(AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet.Copy());
}
// Otherwise the grant set is simply obtained by resoilving policy on the assembly
else
{
return(SecurityManager.ResolvePolicy(assembly.Evidence));
}
}
}// Paste
internal void AddAssembly(AssemInfo asinfo)
{
try
{
// Let's create a strong name....
byte[] baPublicKey;
if (asinfo.PublicKey == null || asinfo.PublicKey.Length == 0)
{
// The codebase is of the form file:///c:\somefile\sdfsf
// We need to translate it to a simple path
Uri uCodebase = new Uri(asinfo.Codebase);
// We need to load the assembly to get this info
AssemblyLoader al = new AssemblyLoader();
AssemblyRef ar = al.LoadAssemblyInOtherAppDomainFrom(uCodebase.AbsolutePath);
AssemblyName an = ar.GetName();
baPublicKey = an.GetPublicKey();
al.Finished();
}
else
{
baPublicKey = StringToByteArray(asinfo.PublicKey);
}
StrongNamePublicKeyBlob snpkb = new StrongNamePublicKeyBlob(baPublicKey);
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(snpkb, asinfo.Name, null);
m_pl.AddFullTrustAssembly(snmc);
SecurityPolicyChanged();
RefreshData();
RefreshResultView();
}
catch (Exception)
{
MessageBox(CResourceStore.GetString("CTrustedAssemblies:TrustAssemFail"),
CResourceStore.GetString("CTrustedAssemblies:TrustAssemFailTitle"),
MB.ICONEXCLAMATION);
}
}// AddAssembly
internal static StrongNameMembershipCondition StrongNameMembershipConditionFromPublicKeyBlob(string publicKeyBlob)
{
// create a security IMembershipCondition element. goal is to construct an xml like this:
// <IMembershipCondition class="StrongNameMembershipCondition"
// version="1"
// PublicKeyBlob="012456789" />
SecurityElement se = new SecurityElement("IMembershipCondition");
se.AddAttribute("class", "StrongNameMembershipCondition");
se.AddAttribute("version", "1");
se.AddAttribute("PublicKeyBlob", publicKeyBlob);
// create a StrongNamePublicKeyBlob. it doesn't matter the key
StrongNamePublicKeyBlob keyBlob = new StrongNamePublicKeyBlob(new byte[] { 0x00 });
// create the StrongNameMembershipCondition to return
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(keyBlob, null, null);
// fill the StrongNameMembershipCondition from the built xml
snmc.FromXml(se);
// return the StrongNameMembershipCondition
return(snmc);
}
public void StrongNameMembershipCondition_NullBlob()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(null, name, version);
}
}// TryToCreateFullTrust
private CodeGroup CreateCodegroup(PermissionSet pSet, bool fHighjackExisting)
{
// Now create our codegroup
// Figure out what membership condition to use
IMembershipCondition mc = null;
// If the assembly didn't have a publisher certificate or a strong name,
// then we must trust it by hash
int nTrustBy = m_fHasCertOrSName?Page3.HowToTrust:TrustBy.HASH;
if ((nTrustBy & TrustBy.SNAME) > 0)
{
// Let's get the strong name stuff together
StrongName sn = GetStrongName();
StrongNamePublicKeyBlob snpkb = sn.PublicKey;
Version v = null;
String sName = null;
if ((nTrustBy & TrustBy.SNAMEVER) > 0)
{
v = sn.Version;
}
if ((nTrustBy & TrustBy.SNAMENAME) > 0)
{
sName = sn.Name;
}
mc = new StrongNameMembershipCondition(snpkb, sName, v);
}
else if ((nTrustBy & TrustBy.PUBCERT) > 0)
{
// We're using the publisher certificate stuff
mc = new PublisherMembershipCondition(GetCertificate());
}
else // We'll trust by hash
{
Hash h = GetHash();
mc = new HashMembershipCondition(SHA1.Create(), h.SHA1);
}
// Figure out the policy level that we should put this in....
String sPolicyLevel = Page1.isForHomeUser?"Machine":"User";
PolicyLevel pl = Security.GetPolicyLevelFromLabel(sPolicyLevel);
// See if a codegroup for this already exists... and if it does, we'll just
// modify that.
CSingleCodeGroup scg = null;
CodeGroup cg = null;
if (fHighjackExisting)
{
scg = FindExistingCodegroup(pl, mc);
if (scg != null)
{
cg = scg.MyCodeGroup;
// Cool. We were able to find a codegroup to use. We'll
// need to strip off all the File and Net child codegroups
IEnumerator enumChildCodeGroups = cg.Children.GetEnumerator();
while (enumChildCodeGroups.MoveNext())
{
CodeGroup cgChild = (CodeGroup)enumChildCodeGroups.Current;
if (cgChild is NetCodeGroup || cgChild is FileCodeGroup)
{
// Ok to use CodeGroup.RemoveChild here we want to toast all
// File and Net codegroups... we don't care if the security system
// gets confused about which are which (if they don't have names)
cg.RemoveChild(cgChild);
}
}
}
}
// Create the codegroup... we're going to make this a level final
// codegroup, so if policy gets changes such that a lower-level policy
// level tries to deny permissions to this codegroup it will be unsuccessful.
PolicyStatement policystatement = new PolicyStatement(pSet, PolicyStatementAttribute.LevelFinal);
if (cg == null)
{
cg = new UnionCodeGroup(mc, policystatement);
String sCGName = Security.FindAGoodCodeGroupName(pl, "Wizard_");
cg.Name = sCGName;
cg.Description = CResourceStore.GetString("GeneratedCodegroup");
}
else
{
cg.PolicyStatement = policystatement;
}
// If this is a internet or intranet permission set, we also need to add some codegroups
if (pSet is NamedPermissionSet)
{
NamedPermissionSet nps = (NamedPermissionSet)pSet;
if (nps.Name.Equals("LocalIntranet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
cgChild = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery);
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "FileCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
else if (nps.Name.Equals("Internet"))
{
CodeGroup cgChild = new NetCodeGroup(new AllMembershipCondition());
cgChild.Name = Security.FindAGoodCodeGroupName(pl, "NetCodeGroup_");
cgChild.Description = CResourceStore.GetString("GeneratedCodegroup");
cg.AddChild(cgChild);
}
}
// Add this codegroup to the root codegroup of the policy
// If there was already an existing one, just replace that...
if (scg != null)
{
Security.UpdateCodegroup(pl, scg);
}
else
{
pl.RootCodeGroup.AddChild(cg);
}
return(cg);
}// CreateCodegroup
public void RemoveFullTrustAssembly(StrongNameMembershipCondition snMC) {}
public void RemoveFullTrustAssembly(StrongNameMembershipCondition snMC)
{
}
public void FromXml_Null()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
snmc.FromXml(null);
}
public void Version_Null()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
snmc.Version = null;
}
public void PublicKey_Null()
{
StrongNameMembershipCondition snmc = new StrongNameMembershipCondition(blob, name, version);
snmc.PublicKey = null;
}
