private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData)
{
if (hostContextInternal.NoPrompt)
{
return(PromptsAllowed.None);
}
PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName);
if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null)))
{
return(PromptsAllowed.All);
}
return(PromptsAllowed.BlockingOnly);
}
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext,
ParsedData parsedData,
String deploymentUrl,
HostContextInternal hostContextInternal,
ApplicationSecurityInfo info,
ApplicationTrustExtraInfo appTrustExtraInfo,
string zoneName)
{
DialogResult ret;
TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
try
{
TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
DefaultBrowserExePath,
parsedData.SupportUrl,
GetHostFromDeploymentUrl(deploymentUrl),
parsedData.AuthenticodedPublisher /*publisherName*/,
parsedData.Certificate,
options);
ret = highRiskDialog.ShowDialog();
}
catch (Exception ex)
{
Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message);
ret = DialogResult.No;
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/);
}
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal,
string zoneName,
ParsedData parsedData)
{
Debug.Assert(hostContextInternal != null);
Debug.Assert(zoneName != null);
Debug.Assert(parsedData != null);
if (hostContextInternal.NoPrompt)
{
return PromptsAllowed.None;
}
PromptingLevel promptingLevel = GetZonePromptingLevel(zoneName);
if (promptingLevel == PromptingLevel.Disabled ||
(promptingLevel == PromptingLevel.PromptOnlyForAuthenticode && parsedData.AuthenticodedPublisher == null))
{
return PromptsAllowed.BlockingOnly;
}
return PromptsAllowed.All;
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
// ISSUE - fix this....
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
ICMS cms = (ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(cms, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneName = GetZoneNameFromDeploymentUrl(deploymentUrl);
MemoryStream ms;
PromptsAllowed promptsAllowed;
if (!ExtractManifestContent(cms, out ms))
{
// Block prompt
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
bool distrustedPublisher, trustedPublisher, noCertificate;
AnalyzeCertificate(parsedData, ms, out distrustedPublisher, out trustedPublisher, out noCertificate);
/// Check whether application manifest allows to use deployment manifest certificate.
/// If not then we have to use application manifest certificate instead.
ICMS applicationCms = (ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData applicationParsedData = new ParsedData();
if (ParseManifest(applicationCms, applicationParsedData))
{
if (applicationParsedData.UseManifestForTrust)
{
MemoryStream applicationMs;
if (ExtractManifestContent(applicationCms, out applicationMs))
{
/// Use the old parsedData.
bool applicationDistrustedPublisher, applicationTrustedPublisher, applicationNoCertificate;
AnalyzeCertificate(parsedData, applicationMs, out applicationDistrustedPublisher, out applicationTrustedPublisher, out applicationNoCertificate);
distrustedPublisher = applicationDistrustedPublisher;
trustedPublisher = applicationTrustedPublisher;
noCertificate = applicationNoCertificate;
parsedData.AppName = applicationParsedData.AppName;
parsedData.AppPublisher = applicationParsedData.AppPublisher;
parsedData.SupportUrl = applicationParsedData.SupportUrl;
}
}
}
if (distrustedPublisher)
{
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
if (promptsAllowed == PromptsAllowed.None)
{
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
}
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
if (noCertificate)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if (!hostContextInternal.IgnorePersistedDecision)
{
// Check if there are previously trusted versions installed.
ArrayList matchingTrusts;
if (SearchPreviousTrustedVersion(activationContext, out matchingTrusts))
{
Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);
// Found a matching app, with normally a different version.
if (ExistingTrustApplicable(info, matchingTrusts))
{
// There is at least one old version that requires at the same or more permissions.
// ExistingTrustApplicable removed the non-applicable version from the matchingTrusts arrays.
Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);
// Check if the new app requires shell integration while none of the old ones did
if (appTrustExtraInfo.RequestsShellIntegration &&
!SomePreviousTrustedVersionRequiresShellIntegration(matchingTrusts) &&
!trustedPublisher)
{
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.None:
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
case PromptsAllowed.All:
// New app requires shell integration - bring up the Basic Install Prompt
return BasicInstallPrompt(activationContext,
parsedData,
deploymentUrl,
hostContextInternal,
info,
appTrustExtraInfo,
zoneName,
AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
}
}
// No prompt, return Trust & Persist.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
}
}
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || trustedPublisher)
{
if (!trustedPublisher)
{
Debug.Assert(!permissionElevationRequired);
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, permissionElevationRequired);
case PromptsAllowed.None:
// XBaps should also prompt in InternetZone
// Originally xbaps were silently trusted, along with other ClickOnce apps
case PromptsAllowed.All:
// App shell integrates and is not from a trusted deployer, bring up the Basic Install Prompt.
return BasicInstallPrompt(activationContext,
parsedData,
deploymentUrl,
hostContextInternal,
info,
appTrustExtraInfo,
zoneName,
false /*permissionElevationRequired*/);
}
}
else
{
// App does not shell integrate and does not run in "Internet" zone, or is from a trusted deployer, return Trust
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
}
}
promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
switch (promptsAllowed)
{
case PromptsAllowed.None:
// No prompt allowed, return Do Not Trust.
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, true /*permissionElevationRequired*/);
default: // PromptsAllowed.All:
// Bring up the HighRisk Install Prompt if the app shell integrates, or the HighRisk Run Prompt otherwise.
return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName);
}
}
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
{
DialogResult no;
TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
try
{
no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
}
catch (Exception)
{
no = DialogResult.No;
}
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK)));
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
MemoryStream stream;
bool flag;
bool flag2;
bool flag3;
MemoryStream stream2;
ArrayList list;
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(deploymentComponentManifest, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
if (!ExtractManifestContent(deploymentComponentManifest, out stream))
{
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
}
AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData data2 = new ParsedData();
if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
{
bool flag4;
bool flag5;
bool flag6;
AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
flag = flag4;
flag2 = flag5;
flag3 = flag6;
parsedData.AppName = data2.AppName;
parsedData.AppPublisher = data2.AppPublisher;
parsedData.SupportUrl = data2.SupportUrl;
}
if (flag)
{
if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
{
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
}
if (flag3)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
{
if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
{
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
case PromptsAllowed.None:
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
}
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || flag2)
{
if (flag2)
{
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
case PromptsAllowed.None:
return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false));
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired));
}
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.BlockingOnly:
return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true));
case PromptsAllowed.None:
return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
}
return(HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl));
}
private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
{
DialogResult no;
TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
try
{
no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
}
catch (Exception)
{
no = DialogResult.No;
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK));
}
private static PromptsAllowed GetPromptsAllowed(HostContextInternal hostContextInternal, string zoneName, ParsedData parsedData)
{
if (hostContextInternal.NoPrompt)
{
return PromptsAllowed.None;
}
PromptingLevel zonePromptingLevel = GetZonePromptingLevel(zoneName);
if ((zonePromptingLevel != PromptingLevel.Disabled) && ((zonePromptingLevel != PromptingLevel.PromptOnlyForAuthenticode) || (parsedData.AuthenticodedPublisher != null)))
{
return PromptsAllowed.All;
}
return PromptsAllowed.BlockingOnly;
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
{
MemoryStream stream;
bool flag;
bool flag2;
bool flag3;
MemoryStream stream2;
ArrayList list;
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
ParsedData parsedData = new ParsedData();
if (ParseManifest(deploymentComponentManifest, parsedData))
{
appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
}
string deploymentUrl = GetDeploymentUrl(info);
string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
if (!ExtractManifestContent(deploymentComponentManifest, out stream))
{
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
}
AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
ParsedData data2 = new ParsedData();
if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
{
bool flag4;
bool flag5;
bool flag6;
AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
flag = flag4;
flag2 = flag5;
flag3 = flag6;
parsedData.AppName = data2.AppName;
parsedData.AppPublisher = data2.AppPublisher;
parsedData.SupportUrl = data2.SupportUrl;
}
if (flag)
{
if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
{
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
}
if (flag3)
{
parsedData.AuthenticodedPublisher = null;
parsedData.Certificate = null;
}
if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
{
if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
{
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
case PromptsAllowed.None:
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
}
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
}
bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
if (!permissionElevationRequired || flag2)
{
if (flag2)
{
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.All:
case PromptsAllowed.None:
return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false);
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired);
}
}
switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
{
case PromptsAllowed.BlockingOnly:
return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true);
case PromptsAllowed.None:
return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
}
return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl);
}
