public void Set(string name, ProtectedConfigurationProvider provider)
{
if (_map.ContainsKey(name))
_map[name] = provider;
else
_map.Add(name, provider);
}
public virtual string DecryptSection (string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedSection)
{
if (protectedSection == null)
throw new ArgumentNullException ("protectedSection");
return protectedSection.EncryptSection (encryptedXml, protectionProvider);
}
// method to cause a section to be protected using the specified provider
public void ProtectSection(string protectionProvider)
{
ProtectedConfigurationProvider protectedConfigurationProvider;
VerifyIsEditable();
// Do not encrypt sections that will be read by a native reader.
// These sections are be marked with allowLocation=false.
// Also, the configProtectedData section cannot be encrypted!
if (!AllowLocation || (ConfigKey == BaseConfigurationRecord.ReservedSectionProtectedConfiguration))
{
throw new InvalidOperationException(SR.Config_not_allowed_to_encrypt_this_section);
}
if (_configRecord != null)
{
if (string.IsNullOrEmpty(protectionProvider))
{
protectionProvider = _configRecord.DefaultProviderName;
}
protectedConfigurationProvider = _configRecord.GetProtectionProviderFromName(protectionProvider, true);
}
else
{
throw new InvalidOperationException(SR.Must_add_to_config_before_protecting_it);
}
ProtectionProviderName = protectionProvider;
_protectionProvider = protectedConfigurationProvider;
_flags[FlagProtectionProviderDetermined] = true;
_modifiedFlags[FlagProtectionProviderModified] = true;
}
public void UnprotectSection()
{
this.VerifyIsEditable();
this._protectionProvider = null;
this._protectionProviderName = null;
this._flags[0x800] = true;
this._modifiedFlags[0x80000] = true;
}
internal void SetRuntimeConfigurationInformation(BaseConfigurationRecord configRecord,
FactoryRecord factoryRecord, SectionRecord sectionRecord)
{
_flags[FlagAttached] = true;
// factory info
ConfigKey = factoryRecord.ConfigKey;
Name = factoryRecord.Name;
_typeName = factoryRecord.FactoryTypeName;
_allowDefinition = factoryRecord.AllowDefinition;
_allowExeDefinition = factoryRecord.AllowExeDefinition;
_flags[FlagAllowLocation] = factoryRecord.AllowLocation;
_flags[FlagRestartOnExternalChanges] = factoryRecord.RestartOnExternalChanges;
_flags[FlagRequirePermission] = factoryRecord.RequirePermission;
_overrideModeDefault = factoryRecord.OverrideModeDefault;
if (factoryRecord.IsUndeclared)
{
_flags[FlagIsUndeclared] = true;
_flags[FlagDeclared] = false;
_flags[FlagDeclarationRequired] = false;
}
else
{
_flags[FlagIsUndeclared] = false;
_flags[FlagDeclared] = configRecord.GetFactoryRecord(factoryRecord.ConfigKey, false) != null;
_flags[FlagDeclarationRequired] = configRecord.IsRootDeclaration(factoryRecord.ConfigKey, false);
}
// section info
_flags[FlagLocationLocked] = sectionRecord.Locked;
_flags[FlagChildrenLocked] = sectionRecord.LockChildren;
_flags[FlagChildrenLockWithoutFileInput] = sectionRecord.LockChildrenWithoutFileInput;
if (sectionRecord.HasFileInput)
{
SectionInput fileInput = sectionRecord.FileInput;
_flags[FlagProtectionProviderDetermined] = fileInput.IsProtectionProviderDetermined;
_protectionProvider = fileInput.ProtectionProvider;
SectionXmlInfo sectionXmlInfo = fileInput.SectionXmlInfo;
_configSource = sectionXmlInfo.ConfigSource;
ConfigSourceStreamName = sectionXmlInfo.ConfigSourceStreamName;
_overrideMode = sectionXmlInfo.OverrideModeSetting;
_flags[FlagInheritInChildApps] = !sectionXmlInfo.SkipInChildApps;
ProtectionProviderName = sectionXmlInfo.ProtectionProviderName;
}
else
{
_flags[FlagProtectionProviderDetermined] = false;
_protectionProvider = null;
}
// element context information
_configurationSection.AssociateContext(configRecord);
}
internal static string DecryptSection(string encryptedXml, ProtectedConfigurationProvider provider)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(encryptedXml);
XmlNode resultNode = provider.Decrypt(doc.DocumentElement);
return(resultNode.OuterXml);
}
internal static string EncryptSection(string clearXml, ProtectedConfigurationProvider provider)
{
XmlDocument document = new XmlDocument {
PreserveWhitespace = true
};
document.LoadXml(clearXml);
string name = document.DocumentElement.Name;
return provider.Encrypt(document.DocumentElement).OuterXml;
}
internal string EncryptSection (string clearXml, ProtectedConfigurationProvider protectionProvider)
{
XmlDocument doc = new ConfigurationXmlDocument ();
doc.LoadXml (clearXml);
XmlNode encryptedNode = protectionProvider.Encrypt (doc.DocumentElement);
return encryptedNode.OuterXml;
}
internal string DecryptSection (string encryptedXml, ProtectedConfigurationProvider protectionProvider)
{
XmlDocument doc = new ConfigurationXmlDocument ();
doc.InnerXml = encryptedXml;
XmlNode decryptedNode = protectionProvider.Decrypt (doc.DocumentElement);
return decryptedNode.OuterXml;
}
public void UnprotectSection()
{
VerifyIsEditable();
_protectionProvider = null;
ProtectionProviderName = null;
_flags[FlagProtectionProviderDetermined] = true;
_modifiedFlags[FlagProtectionProviderModified] = true;
}
internal string EncryptSection(string clearXml, ProtectedConfigurationProvider protectionProvider)
{
XmlDocument doc = new ConfigurationXmlDocument();
doc.LoadXml(clearXml);
XmlNode encryptedNode = protectionProvider.Encrypt(doc.DocumentElement);
return(encryptedNode.OuterXml);
}
internal string DecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider)
{
XmlDocument doc = new ConfigurationXmlDocument();
doc.InnerXml = encryptedXml;
XmlNode decryptedNode = protectionProvider.Decrypt(doc.DocumentElement);
return(decryptedNode.OuterXml);
}
private string CallEncryptOrDecrypt(bool doEncrypt, string xmlString, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection)
{
string str = null;
WindowsImpersonationContext context = null;
string assemblyQualifiedName = protectionProvider.GetType().AssemblyQualifiedName;
ProviderSettings settings = protectedConfigSection.Providers[protectionProvider.Name];
if (settings == null)
{
throw System.Web.Util.ExceptionUtil.ParameterInvalid("protectionProvider");
}
NameValueCollection parameters = settings.Parameters;
if (parameters == null)
{
parameters = new NameValueCollection();
}
string[] allKeys = parameters.AllKeys;
string[] parameterValues = new string[allKeys.Length];
for (int i = 0; i < allKeys.Length; i++)
{
parameterValues[i] = parameters[allKeys[i]];
}
if (this._Identity != null)
{
context = this._Identity.Impersonate();
}
try
{
try
{
IRemoteWebConfigurationHostServer o = CreateRemoteObject(this._Server, this._Username, this._Domain, this._Password);
try
{
str = o.DoEncryptOrDecrypt(doEncrypt, xmlString, protectionProvider.Name, assemblyQualifiedName, allKeys, parameterValues);
}
finally
{
while (Marshal.ReleaseComObject(o) > 0)
{
}
}
return str;
}
finally
{
if (context != null)
{
context.Undo();
}
}
}
catch
{
}
return str;
}
internal static string EncryptSection(string clearXml, ProtectedConfigurationProvider provider)
{
XmlDocument xmlDocument = new XmlDocument {
PreserveWhitespace = true
};
xmlDocument.LoadXml(clearXml);
XmlNode encNode = provider.Encrypt(xmlDocument.DocumentElement);
return(encNode.OuterXml);
}
internal static ProtectedConfigurationProvider GetProvider(string name, bool throwOnError)
{
ProtectedConfigurationProvider p = Providers[name];
if (p == null && throwOnError)
{
throw new Exception(String.Format("The protection provider '{0}' was not found.", name));
}
return(p);
}
internal static string EncryptSection(string clearXml, ProtectedConfigurationProvider provider)
{
XmlDocument document = new XmlDocument {
PreserveWhitespace = true
};
document.LoadXml(clearXml);
string name = document.DocumentElement.Name;
return(provider.Encrypt(document.DocumentElement).OuterXml);
}
void DoDeserializeSection(XmlReader reader)
{
reader.MoveToContent();
string protection_provider = null;
string config_source = null;
string localName;
while (reader.MoveToNextAttribute())
{
localName = reader.LocalName;
if (localName == "configProtectionProvider")
{
protection_provider = reader.Value;
}
else if (localName == "configSource")
{
config_source = reader.Value;
}
}
/* XXX this stuff shouldn't be here */
{
if (protection_provider != null)
{
ProtectedConfigurationProvider prov = ProtectedConfiguration.GetProvider(protection_provider, true);
XmlDocument doc = new ConfigurationXmlDocument();
reader.MoveToElement();
doc.Load(new StringReader(reader.ReadInnerXml()));
XmlNode n = prov.Decrypt(doc);
reader = new XmlNodeReader(n);
SectionInformation.ProtectSection(protection_provider);
reader.MoveToContent();
}
}
if (config_source != null)
{
SectionInformation.ConfigSource = config_source;
}
SectionInformation.SetRawXml(RawXml);
if (SectionHandler == null)
{
DeserializeElement(reader, false);
}
}
private ProtectedConfigurationProvider CreateAndInitializeProviderWithAssert(Type t, ProviderSettings pn)
{
ProtectedConfigurationProvider provider = (ProtectedConfigurationProvider)System.Configuration.TypeUtil.CreateInstanceWithReflectionPermission(t);
NameValueCollection parameters = pn.Parameters;
NameValueCollection config = new NameValueCollection(parameters.Count);
foreach (string str in parameters)
{
config[str] = parameters[str];
}
provider.Initialize(pn.Name, config);
return(provider);
}
public override XmlNode Encrypt(XmlNode node)
{
string text = node.OuterXml;
string encText = EncryptText(text);
string pre = @"<EncryptedData><CipherData><CipherValue>";
string post = @"</CipherValue></CipherData></EncryptedData>";
string xmlText = pre + encText + post;
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
ProtectedConfigurationProvider.LoadXml(xmlDocument, xmlText);
return(xmlDocument.DocumentElement);
}
public override XmlNode Decrypt(XmlNode encryptedNode)
{
XmlDocument xmlDocument = new XmlDocument();
EncryptedXml exml = null;
RSACryptoServiceProvider rsa = GetCryptoServiceProvider(false, true);
xmlDocument.PreserveWhitespace = true;
ProtectedConfigurationProvider.LoadXml(xmlDocument, encryptedNode.OuterXml);
exml = new FipsAwareEncryptedXml(xmlDocument);
exml.AddKeyNameMapping(_KeyName, rsa);
exml.DecryptDocument();
rsa.Clear();
return(xmlDocument.DocumentElement);
}
ProtectedConfigurationProvider InstantiateProvider(ProviderSettings ps)
{
Type t = Type.GetType(ps.Type, true);
ProtectedConfigurationProvider prov = Activator.CreateInstance(t) as ProtectedConfigurationProvider;
if (prov == null)
{
throw new Exception("The type specified does not extend ProtectedConfigurationProvider class.");
}
prov.Initialize(ps.Name, ps.Parameters);
return(prov);
}
private ProtectedConfigurationProvider CreateAndInitializeProviderWithAssert(Type t, ProviderSettings pn)
{
ProtectedConfigurationProvider provider =
(ProtectedConfigurationProvider)TypeUtil.CreateInstance(t);
NameValueCollection pars = pn.Parameters;
NameValueCollection cloneParams = new NameValueCollection(pars.Count);
foreach (string key in pars)
{
cloneParams[key] = pars[key];
}
provider.Initialize(pn.Name, cloneParams);
return(provider);
}
internal void SetRuntimeConfigurationInformation(BaseConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord)
{
this._flags[1] = true;
this._configKey = factoryRecord.ConfigKey;
this._group = factoryRecord.Group;
this._name = factoryRecord.Name;
this._typeName = factoryRecord.FactoryTypeName;
this._allowDefinition = factoryRecord.AllowDefinition;
this._allowExeDefinition = factoryRecord.AllowExeDefinition;
this._flags[8] = factoryRecord.AllowLocation;
this._flags[0x10] = factoryRecord.RestartOnExternalChanges;
this._flags[0x20] = factoryRecord.RequirePermission;
this._overrideModeDefault = factoryRecord.OverrideModeDefault;
if (factoryRecord.IsUndeclared)
{
this._flags[0x2000] = true;
this._flags[2] = false;
this._flags[4] = false;
}
else
{
this._flags[0x2000] = false;
this._flags[2] = configRecord.GetFactoryRecord(factoryRecord.ConfigKey, false) != null;
this._flags[4] = configRecord.IsRootDeclaration(factoryRecord.ConfigKey, false);
}
this._flags[0x40] = sectionRecord.Locked;
this._flags[0x80] = sectionRecord.LockChildren;
this._flags[0x4000] = sectionRecord.LockChildrenWithoutFileInput;
if (sectionRecord.HasFileInput)
{
SectionInput fileInput = sectionRecord.FileInput;
this._flags[0x800] = fileInput.IsProtectionProviderDetermined;
this._protectionProvider = fileInput.ProtectionProvider;
SectionXmlInfo sectionXmlInfo = fileInput.SectionXmlInfo;
this._configSource = sectionXmlInfo.ConfigSource;
this._configSourceStreamName = sectionXmlInfo.ConfigSourceStreamName;
this._overrideMode = sectionXmlInfo.OverrideModeSetting;
this._flags[0x100] = !sectionXmlInfo.SkipInChildApps;
this._protectionProviderName = sectionXmlInfo.ProtectionProviderName;
}
else
{
this._flags[0x800] = false;
this._protectionProvider = null;
}
this._configurationSection.AssociateContext(configRecord);
}
string LoadSection (string configFile, string configSection, string containerName, bool useMachineStore,
out XmlDocument doc, out XmlNode section, out ProtectedConfigurationProvider provider)
{
if (!IsValidSection (configFile, configSection))
throw new InvalidOperationException (String.Format ("Section '{0}' is not a valid section in file '{1}'", configSection, configFile));
// This should be done using Configuration, but currently the Mono
// System.Configuration saves configuration files without preserving
// non-significant whitespace which gives a very ugly result.
doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.Load (configFile);
XmlNamespaceManager nsmgr = null;
XmlElement root = doc.DocumentElement;
string ns = null;
if (root.HasAttributes) {
ns = root.GetAttribute ("xmlns");
if (!String.IsNullOrEmpty (ns)) {
nsmgr = new XmlNamespaceManager (doc.NameTable);
nsmgr.AddNamespace ("config", ns);
}
}
section = doc.DocumentElement.SelectSingleNode (BuildXPathExpression (configSection), nsmgr);
// This check is necessary even though IsValidSection returned true - it's
// because the section might have been found in files other than the one
// we're processing.
if (section == null)
throw new InvalidOperationException (String.Format ("Section '{0}' not found in config file '{1}'", configSection, configFile));
XmlAttribute attr = section.Attributes ["configProtectionProvider"];
string configProtectionProvider = attr == null ? null : attr.Value;
provider = GetProvider (configProtectionProvider, containerName, useMachineStore);
return ns;
}
public void ProtectSection(string protectionProvider)
{
ProtectedConfigurationProvider protectionProviderFromName = null;
this.VerifyIsEditable();
if (!this.AllowLocation || (this._configKey == "configProtectedData"))
{
throw new InvalidOperationException(System.Configuration.SR.GetString("Config_not_allowed_to_encrypt_this_section"));
}
if (this._configRecord == null)
{
throw new InvalidOperationException(System.Configuration.SR.GetString("Must_add_to_config_before_protecting_it"));
}
if (string.IsNullOrEmpty(protectionProvider))
{
protectionProvider = this._configRecord.DefaultProviderName;
}
protectionProviderFromName = this._configRecord.GetProtectionProviderFromName(protectionProvider, true);
this._protectionProviderName = protectionProvider;
this._protectionProvider = protectionProviderFromName;
this._flags[0x800] = true;
this._modifiedFlags[0x80000] = true;
}
public override XmlNode Decrypt(XmlNode encryptedNode)
{
if (encryptedNode.NodeType != XmlNodeType.Element ||
encryptedNode.Name != "EncryptedData")
{
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
}
XmlNode cipherNode = TraverseToChild(encryptedNode, "CipherData", false);
if (cipherNode == null)
{
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
}
XmlNode cipherValue = TraverseToChild(cipherNode, "CipherValue", true);
if (cipherValue == null)
{
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
}
string encText = cipherValue.InnerText;
if (encText == null)
{
throw new ConfigurationErrorsException(SR.GetString(SR.DPAPI_bad_data));
}
string decText = DecryptText(encText);
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
ProtectedConfigurationProvider.LoadXml(xmlDocument, decText);
return(xmlDocument.DocumentElement);
}
public void UnprotectSection ()
{
protection_provider = null;
}
public void ProtectSection (string provider)
{
protection_provider = ProtectedConfiguration.GetProvider (provider, true);
}
public virtual string EncryptSection(string clearTextXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection) {
return Host.EncryptSection(clearTextXml, protectionProvider, protectedConfigSection);
}
private ConfigXmlReader DecryptConfigSection(ConfigXmlReader reader, ProtectedConfigurationProvider protectionProvider) {
ConfigXmlReader clone = reader.Clone();
IConfigErrorInfo err = (IConfigErrorInfo)clone;
string encryptedXml = null;
string clearTextXml = null;
XmlNodeType nodeType;
clone.Read();
// Save the file and line at the top of the section
string filename = err.Filename;
int lineNumber = err.LineNumber;
int sectionLineNumber = lineNumber;
if (clone.IsEmptyElement) {
throw new ConfigurationErrorsException(SR.GetString(SR.EncryptedNode_not_found), filename, lineNumber);
}
//////////////////////////////////////////////////////////
// Find the <EncryptedData> node
for (;;) {
clone.Read(); // Keep reading till we find a relavant node
nodeType = clone.NodeType;
if (nodeType == XmlNodeType.Element && clone.Name == "EncryptedData") { // Found it!
break;
}
if (nodeType == XmlNodeType.EndElement) {
throw new ConfigurationErrorsException(SR.GetString(SR.EncryptedNode_not_found), filename, lineNumber);
}
else if (nodeType != XmlNodeType.Comment && nodeType != XmlNodeType.Whitespace) {
// some other unexpected content
throw new ConfigurationErrorsException(SR.GetString(SR.EncryptedNode_is_in_invalid_format), filename, lineNumber);
}
}
//////////////////////////////////////////////////////////
// Do the decryption
// Save the line at the top of the <EncryptedData> node
lineNumber = err.LineNumber;
encryptedXml = clone.ReadOuterXml();
try {
clearTextXml = CallHostDecryptSection(encryptedXml, protectionProvider, ProtectedConfig);
} catch (Exception e) {
throw new ConfigurationErrorsException(SR.GetString(SR.Decryption_failed, protectionProvider.Name, e.Message), e, filename, lineNumber);
}
catch {
throw new ConfigurationErrorsException(SR.GetString(SR.Decryption_failed, protectionProvider.Name, ExceptionUtil.NoExceptionInformation), filename, lineNumber);
}
// Detect if there is any XML left over after <EncryptedData>
do {
nodeType = clone.NodeType;
if (nodeType == XmlNodeType.EndElement) {
break;
}
else if (nodeType != XmlNodeType.Comment && nodeType != XmlNodeType.Whitespace) {
// Got other unexpected content
throw new ConfigurationErrorsException(SR.GetString(SR.EncryptedNode_is_in_invalid_format), filename, lineNumber);
}
} while (clone.Read());
// Create a new reader, using the position of the original reader
return new ConfigXmlReader(clearTextXml, filename, sectionLineNumber, true);
}
public override string EncryptSection(string clearTextXml, ProtectedConfigurationProvider protectionProvider,
ProtectedConfigurationSection protectedConfigSection)
{
return base.EncryptSection(clearTextXml, protectionProvider, protectedConfigSection);
}
internal static string DecryptSection(string encryptedXml, ProtectedConfigurationProvider provider)
{
XmlDocument document = new XmlDocument();
document.LoadXml(encryptedXml);
return provider.Decrypt(document.DocumentElement).OuterXml;
}
string IInternalConfigHost.EncryptSection(string clearXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedSection)
{
return(protectedSection.EncryptSection(clearXml, protectionProvider));
}
internal void SetRuntimeConfigurationInformation(BaseConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord) {
_flags[ Flag_Attached ] = true;
// factory info
_configKey = factoryRecord.ConfigKey;
_group = factoryRecord.Group;
_name = factoryRecord.Name;
_typeName = factoryRecord.FactoryTypeName;
_allowDefinition = factoryRecord.AllowDefinition;
_allowExeDefinition = factoryRecord.AllowExeDefinition;
_flags[ Flag_AllowLocation ] = factoryRecord.AllowLocation;
_flags[ Flag_RestartOnExternalChanges ] = factoryRecord.RestartOnExternalChanges;
_flags[ Flag_RequirePermission ] = factoryRecord.RequirePermission;
if (factoryRecord.IsUndeclared) {
_flags[ Flag_IsUndeclared ] = true;
_flags[ Flag_Declared ] = false;
_flags[ Flag_DeclarationRequired ] = false;
}
else {
_flags[ Flag_IsUndeclared ] = false;
_flags[ Flag_Declared ] = configRecord.GetFactoryRecord(factoryRecord.ConfigKey, false) != null;
_flags[ Flag_DeclarationRequired ] = configRecord.IsRootDeclaration(factoryRecord.ConfigKey, false);
}
// section info
_flags[ Flag_LocationLocked ] = sectionRecord.Locked;
if (sectionRecord.HasFileInput) {
SectionInput fileInput = sectionRecord.FileInput;
_flags[ Flag_ProtectionProviderDetermined ] = fileInput.IsProtectionProviderDetermined;
_protectionProvider = fileInput.ProtectionProvider;
SectionXmlInfo sectionXmlInfo = fileInput.SectionXmlInfo;
_configSource = sectionXmlInfo.ConfigSource;
_configSourceStreamName = sectionXmlInfo.ConfigSourceStreamName;
_flags[ Flag_AllowOverride ] = !sectionXmlInfo.LockChildren;
_flags[ Flag_InheritInChildApps ] = !sectionXmlInfo.SkipInChildApps;
_protectionProviderName = sectionXmlInfo.ProtectionProviderName;
}
else {
_flags[ Flag_ProtectionProviderDetermined ] = false;
_protectionProvider = null;
}
// element context information
_configurationSection.AssociateContext( configRecord );
}
public void UnprotectSection() {
VerifyIsEditable();
_protectionProvider = null;
_protectionProviderName = null;
_flags[ Flag_ProtectionProviderDetermined ] = true;
_modifiedFlags[ Flag_ProtectionProviderModified ] = true;
}
protected virtual string CallHostDecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfig) {
return Host.DecryptSection(encryptedXml, protectionProvider, protectedConfig);
}
internal void SetRuntimeConfigurationInformation(BaseConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord)
{
this._flags[1] = true;
this._configKey = factoryRecord.ConfigKey;
this._group = factoryRecord.Group;
this._name = factoryRecord.Name;
this._typeName = factoryRecord.FactoryTypeName;
this._allowDefinition = factoryRecord.AllowDefinition;
this._allowExeDefinition = factoryRecord.AllowExeDefinition;
this._flags[8] = factoryRecord.AllowLocation;
this._flags[0x10] = factoryRecord.RestartOnExternalChanges;
this._flags[0x20] = factoryRecord.RequirePermission;
this._overrideModeDefault = factoryRecord.OverrideModeDefault;
if (factoryRecord.IsUndeclared)
{
this._flags[0x2000] = true;
this._flags[2] = false;
this._flags[4] = false;
}
else
{
this._flags[0x2000] = false;
this._flags[2] = configRecord.GetFactoryRecord(factoryRecord.ConfigKey, false) != null;
this._flags[4] = configRecord.IsRootDeclaration(factoryRecord.ConfigKey, false);
}
this._flags[0x40] = sectionRecord.Locked;
this._flags[0x80] = sectionRecord.LockChildren;
this._flags[0x4000] = sectionRecord.LockChildrenWithoutFileInput;
if (sectionRecord.HasFileInput)
{
SectionInput fileInput = sectionRecord.FileInput;
this._flags[0x800] = fileInput.IsProtectionProviderDetermined;
this._protectionProvider = fileInput.ProtectionProvider;
SectionXmlInfo sectionXmlInfo = fileInput.SectionXmlInfo;
this._configSource = sectionXmlInfo.ConfigSource;
this._configSourceStreamName = sectionXmlInfo.ConfigSourceStreamName;
this._overrideMode = sectionXmlInfo.OverrideModeSetting;
this._flags[0x100] = !sectionXmlInfo.SkipInChildApps;
this._protectionProviderName = sectionXmlInfo.ProtectionProviderName;
}
else
{
this._flags[0x800] = false;
this._protectionProvider = null;
}
this._configurationSection.AssociateContext(configRecord);
}
internal static string EncryptSection(string clearXml, ProtectedConfigurationProvider provider) {
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.LoadXml(clearXml);
string sectionName = xmlDocument.DocumentElement.Name;
XmlNode encNode = provider.Encrypt(xmlDocument.DocumentElement);
return encNode.OuterXml;
}
public override XmlNode Encrypt(XmlNode node)
{
XmlDocument xmlDocument;
EncryptedXml exml;
byte[] rgbOutput;
EncryptedData ed;
KeyInfoName kin;
EncryptedKey ek;
KeyInfoEncryptedKey kek;
XmlElement inputElement;
RSACryptoServiceProvider rsa = GetCryptoServiceProvider(false, false);
// Encrypt the node with the new key
xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
ProtectedConfigurationProvider.LoadXml(xmlDocument, "<foo>" + node.OuterXml + "</foo>");
exml = new EncryptedXml(xmlDocument);
inputElement = xmlDocument.DocumentElement;
using (SymmetricAlgorithm symAlg = GetSymAlgorithmProvider()) {
rgbOutput = exml.EncryptData(inputElement, symAlg, true);
ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = GetSymEncryptionMethod();
ed.KeyInfo = new KeyInfo();
ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
ek.KeyInfo = new KeyInfo();
ek.CipherData = new CipherData();
ek.CipherData.CipherValue = EncryptedXml.EncryptKey(symAlg.Key, rsa, UseOAEP);
}
kin = new KeyInfoName();
kin.Value = _KeyName;
ek.KeyInfo.AddClause(kin);
kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData = new CipherData();
ed.CipherData.CipherValue = rgbOutput;
EncryptedXml.ReplaceElement(inputElement, ed, true);
rsa.Clear();
// Get node from the document
foreach (XmlNode node2 in xmlDocument.ChildNodes)
{
if (node2.NodeType == XmlNodeType.Element)
{
foreach (XmlNode node3 in node2.ChildNodes) // node2 is the "foo" node
{
if (node3.NodeType == XmlNodeType.Element)
{
return(node3); // node3 is the "EncryptedData" node
}
}
}
}
return(null);
}
protected override string CallHostDecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfig) {
// Decrypt should always succeed in runtime. (VSWhidbey 429996)
// Need to override in order to Assert before calling the base class method.
return base.CallHostDecryptSection(encryptedXml, protectionProvider, protectedConfig);
}
string IInternalConfigHost.DecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedSection)
{
return(protectedSection.DecryptSection(encryptedXml, protectionProvider));
}
protected override string CallHostDecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfig)
{
// Decrypt should always succeed in runtime. (VSWhidbey 429996)
// Need to override in order to Assert before calling the base class method.
return(base.CallHostDecryptSection(encryptedXml, protectionProvider, protectedConfig));
}
protected override string CallHostDecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfig)
{
return(base.CallHostDecryptSection(encryptedXml, protectionProvider, protectedConfig));
}
string IInternalConfigHost.EncryptSection (string clearXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedSection)
{
return protectedSection.EncryptSection (clearXml, protectionProvider);
}
public override string EncryptSection(string clearTextXmlString, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection)
{
return this.CallEncryptOrDecrypt(true, clearTextXmlString, protectionProvider, protectedConfigSection);
}
public override string DecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider,
ProtectedConfigurationSection protectedConfigSection)
{
return base.DecryptSection(encryptedXml, protectionProvider, protectedConfigSection);
}
public void ProtectSection(string provider)
{
protection_provider = ProtectedConfiguration.GetProvider(provider, true);
}
public void UnprotectSection()
{
protection_provider = null;
}
string IInternalConfigHost.DecryptSection (string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedSection)
{
return protectedSection.DecryptSection (encryptedXml, protectionProvider);
}
public virtual string DecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfigSection) {
return Host.DecryptSection(encryptedXml, protectionProvider, protectedConfigSection);
}
internal static string DecryptSection(string encryptedXml, ProtectedConfigurationProvider provider) {
XmlDocument doc = new XmlDocument();
doc.LoadXml(encryptedXml);
XmlNode resultNode = provider.Decrypt(doc.DocumentElement);
return resultNode.OuterXml;
}
protected override string CallHostDecryptSection(string encryptedXml, ProtectedConfigurationProvider protectionProvider, ProtectedConfigurationSection protectedConfig) {
return base.CallHostDecryptSection(encryptedXml, protectionProvider, protectedConfig);
}
public void ProtectSection(string protectionProvider)
{
ProtectedConfigurationProvider protectionProviderFromName = null;
this.VerifyIsEditable();
if (!this.AllowLocation || (this._configKey == "configProtectedData"))
{
throw new InvalidOperationException(System.Configuration.SR.GetString("Config_not_allowed_to_encrypt_this_section"));
}
if (this._configRecord == null)
{
throw new InvalidOperationException(System.Configuration.SR.GetString("Must_add_to_config_before_protecting_it"));
}
if (string.IsNullOrEmpty(protectionProvider))
{
protectionProvider = this._configRecord.DefaultProviderName;
}
protectionProviderFromName = this._configRecord.GetProtectionProviderFromName(protectionProvider, true);
this._protectionProviderName = protectionProvider;
this._protectionProvider = protectionProviderFromName;
this._flags[0x800] = true;
this._modifiedFlags[0x80000] = true;
}
// method to cause a section to be protected using the specified provider
public void ProtectSection(string protectionProvider) {
ProtectedConfigurationProvider protectedConfigurationProvider = null;
VerifyIsEditable();
// Do not encrypt sections that will be read by a native reader.
// These sections are be marked with allowLocation=false.
// Also, the configProtectedData section cannot be encrypted!
if (!AllowLocation || _configKey == BaseConfigurationRecord.RESERVED_SECTION_PROTECTED_CONFIGURATION) {
throw new InvalidOperationException(SR.GetString(SR.Config_not_allowed_to_encrypt_this_section));
}
if (_configRecord != null) {
if (String.IsNullOrEmpty(protectionProvider)) {
protectionProvider = _configRecord.DefaultProviderName;
}
protectedConfigurationProvider = _configRecord.GetProtectionProviderFromName(protectionProvider, true);
}
else {
throw new InvalidOperationException(SR.GetString(SR.Must_add_to_config_before_protecting_it));
}
_protectionProviderName = protectionProvider;
_protectionProvider = protectedConfigurationProvider;
_flags[ Flag_ProtectionProviderDetermined ] = true;
_modifiedFlags[ Flag_ProtectionProviderModified ] = true;
}
public void UnprotectSection()
{
this.VerifyIsEditable();
this._protectionProvider = null;
this._protectionProviderName = null;
this._flags[0x800] = true;
this._modifiedFlags[0x80000] = true;
}
public CloudConfigCryptoController(ProtectedConfigurationProvider provider)
{
_provider = provider;
}